dart::bin::SSLCertContext Class Reference

#include <security_context.h>

Inheritance diagram for dart::bin::SSLCertContext:

Public Member Functions
	SSLCertContext (SSL_CTX *context)
	~SSLCertContext ()
void	SetTrustedCertificatesBytes (Dart_Handle cert_bytes, const char *password)
void	SetClientAuthoritiesBytes (Dart_Handle client_authorities_bytes, const char *password)
int	UseCertificateChainBytes (Dart_Handle cert_chain_bytes, const char *password)
void	TrustBuiltinRoots ()
SSL_CTX *	context () const
uint8_t *	alpn_protocol_string () const
void	set_alpn_protocol_string (uint8_t *protocol_string)
bool	trust_builtin () const
void	set_allow_tls_renegotiation (bool allow)
bool	allow_tls_renegotiation () const
void	set_trust_builtin (bool trust_builtin)
void	RegisterCallbacks (SSL *ssl)
TrustEvaluateHandlerFunc	GetTrustEvaluateHandler () const
Public Member Functions inherited from dart::bin::ReferenceCounted< SSLCertContext >
	ReferenceCounted ()
virtual	~ReferenceCounted ()
void	Retain ()
void	Release ()

Static Public Member Functions
static int	CertificateCallback (int preverify_ok, X509_STORE_CTX *store_ctx)
static void	KeyLogCallback (const SSL *ssl, const char *line)
static SSLCertContext *	GetSecurityContext (Dart_NativeArguments args)
static const char *	GetPasswordArgument (Dart_NativeArguments args, intptr_t index)
static void	SetAlpnProtocolList (Dart_Handle protocols_handle, SSL *ssl, SSLCertContext *context, bool is_server)
static const char *	root_certs_file ()
static void	set_root_certs_file (const char *root_certs_file)
static const char *	root_certs_cache ()
static void	set_root_certs_cache (const char *root_certs_cache)
static bool	long_ssl_cert_evaluation ()
static void	set_long_ssl_cert_evaluation (bool long_ssl_cert_evaluation)
static bool	bypass_trusting_system_roots ()
static void	set_bypass_trusting_system_roots (bool bypass_trusting_system_roots)

Static Public Attributes
static const intptr_t	kApproximateSize
static constexpr int	kSecurityContextNativeFieldIndex = 0
static constexpr int	kX509NativeFieldIndex = 0

Detailed Description

Definition at line 24 of file security_context.h.

Constructor & Destructor Documentation

SSLCertContext()

dart::bin::SSLCertContext::SSLCertContext ( SSL_CTX *  context )

inlineexplicit

Definition at line 30 of file security_context.h.

      : ReferenceCounted(),
        context_(context),
        alpn_protocol_string_(nullptr),
        trust_builtin_(false),
        allow_tls_renegotiation_(false) {}

~SSLCertContext()

dart::bin::SSLCertContext::~SSLCertContext ( )

inline

Definition at line 37 of file security_context.h.

                    {
    SSL_CTX_free(context_);
    free(alpn_protocol_string_);
  }

Member Function Documentation

allow_tls_renegotiation()

bool dart::bin::SSLCertContext::allow_tls_renegotiation ( ) const

inline

Definition at line 89 of file security_context.h.

{ return allow_tls_renegotiation_; }

alpn_protocol_string()

uint8_t * dart::bin::SSLCertContext::alpn_protocol_string ( ) const

inline

Definition at line 75 of file security_context.h.

{ return alpn_protocol_string_; }

bypass_trusting_system_roots()

static bool dart::bin::SSLCertContext::bypass_trusting_system_roots ( )

inlinestatic

Definition at line 101 of file security_context.h.

                                             {
    return bypass_trusting_system_roots_;
  }

CertificateCallback()

int dart::bin::SSLCertContext::CertificateCallback ( int  preverify_ok, X509_STORE_CTX *  store_ctx  )

static

Definition at line 40 of file security_context.cc.

                                                                   {
  if (preverify_ok == 1) {
    return 1;
  }
  Dart_Isolate isolate = Dart_CurrentIsolate();
  if (isolate == nullptr) {
    FATAL("CertificateCallback called with no current isolate\n");
  }
  X509* certificate = X509_STORE_CTX_get_current_cert(store_ctx);
  int ssl_index = SSL_get_ex_data_X509_STORE_CTX_idx();
  SSL* ssl =
      static_cast<SSL*>(X509_STORE_CTX_get_ex_data(store_ctx, ssl_index));
  SSLFilter* filter = static_cast<SSLFilter*>(
      SSL_get_ex_data(ssl, SSLFilter::filter_ssl_index));
  Dart_Handle callback = filter->bad_certificate_callback();
  if (Dart_IsNull(callback)) {
    return 0;
  }
 
  // Upref since the Dart X509 object may outlive the SecurityContext.
  if (certificate != nullptr) {
    X509_up_ref(certificate);
  }
  Dart_Handle args[1];
  args[0] = X509Helper::WrappedX509Certificate(certificate);
  if (Dart_IsError(args[0])) {
    filter->callback_error = args[0];
    return 0;
  }
  Dart_Handle result = Dart_InvokeClosure(callback, 1, args);
  if (!Dart_IsError(result) && !Dart_IsBoolean(result)) {
    result = Dart_NewUnhandledExceptionError(DartUtils::NewDartIOException(
        "HandshakeException",
        "BadCertificateCallback returned a value that was not a boolean",
        Dart_Null()));
  }
  // See SSLFilter::Handshake for the semantics of filter->callback_error.
  if (Dart_IsError(result) && filter->callback_error == nullptr) {
    filter->callback_error = result;
    return 0;
  }
  return static_cast<int>(DartUtils::GetBooleanValue(result));
}

context()

SSL_CTX * dart::bin::SSLCertContext::context ( ) const

inline

Definition at line 73 of file security_context.h.

{ return context_; }

GetPasswordArgument()

const char * dart::bin::SSLCertContext::GetPasswordArgument ( Dart_NativeArguments  args, intptr_t  index  )

static

Definition at line 431 of file security_context.cc.

                                                                {
  Dart_Handle password_object =
      ThrowIfError(Dart_GetNativeArgument(args, index));
  const char* password = nullptr;
  if (Dart_IsString(password_object)) {
    ThrowIfError(Dart_StringToCString(password_object, &password));
    if (strlen(password) > PEM_BUFSIZE - 1) {
      Dart_ThrowException(DartUtils::NewDartArgumentError(
          "Password length is greater than 1023 (PEM_BUFSIZE)"));
    }
  } else if (Dart_IsNull(password_object)) {
    password = "";
  } else {
    Dart_ThrowException(
        DartUtils::NewDartArgumentError("Password is not a String or null"));
  }
  return password;
}

GetSecurityContext()

SSLCertContext * dart::bin::SSLCertContext::GetSecurityContext ( Dart_NativeArguments  args )

static

Definition at line 95 of file security_context.cc.

                                                                            {
  SSLCertContext* context;
  Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0));
  ASSERT(Dart_IsInstance(dart_this));
  ThrowIfError(Dart_GetNativeInstanceField(
      dart_this, SSLCertContext::kSecurityContextNativeFieldIndex,
      reinterpret_cast<intptr_t*>(&context)));
  if (context == nullptr) {
    Dart_PropagateError(Dart_NewUnhandledExceptionError(
        DartUtils::NewInternalError("No native peer")));
  }
  return context;
}

GetTrustEvaluateHandler()

TrustEvaluateHandlerFunc dart::bin::SSLCertContext::GetTrustEvaluateHandler

(

)

const

KeyLogCallback()

void dart::bin::SSLCertContext::KeyLogCallback ( const SSL *  ssl, const char *  line  )

static

Definition at line 85 of file security_context.cc.

                                                                    {
  SSLFilter* filter = static_cast<SSLFilter*>(
      SSL_get_ex_data(ssl, SSLFilter::filter_ssl_index));
 
  Dart_Port port = filter->key_log_port();
  if (port != ILLEGAL_PORT) {
    DartUtils::PostString(port, line);
  }
}

long_ssl_cert_evaluation()

static bool dart::bin::SSLCertContext::long_ssl_cert_evaluation ( )

inlinestatic

Definition at line 96 of file security_context.h.

{ return long_ssl_cert_evaluation_; }

RegisterCallbacks()

void dart::bin::SSLCertContext::RegisterCallbacks

(

SSL *

ssl

)

root_certs_cache()

static const char * dart::bin::SSLCertContext::root_certs_cache ( )

inlinestatic

Definition at line 57 of file security_context.h.

{ return root_certs_cache_; }

root_certs_file()

static const char * dart::bin::SSLCertContext::root_certs_file ( )

inlinestatic

Definition at line 53 of file security_context.h.

{ return root_certs_file_; }

set_allow_tls_renegotiation()

void dart::bin::SSLCertContext::set_allow_tls_renegotiation ( bool  allow )

inline

Definition at line 86 of file security_context.h.

                                               {
    allow_tls_renegotiation_ = allow;
  }

set_alpn_protocol_string()

void dart::bin::SSLCertContext::set_alpn_protocol_string ( uint8_t *  protocol_string )

inline

Definition at line 77 of file security_context.h.

                                                          {
    if (alpn_protocol_string_ != nullptr) {
      free(alpn_protocol_string_);
    }
    alpn_protocol_string_ = protocol_string;
  }

set_bypass_trusting_system_roots()

static void dart::bin::SSLCertContext::set_bypass_trusting_system_roots ( bool  bypass_trusting_system_roots )

inlinestatic

Definition at line 104 of file security_context.h.

                                         {
    bypass_trusting_system_roots_ = bypass_trusting_system_roots;
  }

set_long_ssl_cert_evaluation()

static void dart::bin::SSLCertContext::set_long_ssl_cert_evaluation ( bool  long_ssl_cert_evaluation )

inlinestatic

Definition at line 97 of file security_context.h.

                                                                          {
    long_ssl_cert_evaluation_ = long_ssl_cert_evaluation;
  }

set_root_certs_cache()

static void dart::bin::SSLCertContext::set_root_certs_cache ( const char *  root_certs_cache )

inlinestatic

Definition at line 58 of file security_context.h.

                                                                 {
    root_certs_cache_ = root_certs_cache;
  }

set_root_certs_file()

static void dart::bin::SSLCertContext::set_root_certs_file ( const char *  root_certs_file )

inlinestatic

Definition at line 54 of file security_context.h.

                                                               {
    root_certs_file_ = root_certs_file;
  }

set_trust_builtin()

void dart::bin::SSLCertContext::set_trust_builtin ( bool  trust_builtin )

inline

Definition at line 91 of file security_context.h.

{ trust_builtin_ = trust_builtin; }

SetAlpnProtocolList()

void dart::bin::SSLCertContext::SetAlpnProtocolList ( Dart_Handle  protocols_handle, SSL *  ssl, SSLCertContext *  context, bool  is_server  )

static

Definition at line 481 of file security_context.cc.

                                                         {
  // Enable ALPN (application layer protocol negotiation) if the caller provides
  // a valid list of supported protocols.
  Dart_TypedData_Type protocols_type;
  uint8_t* protocol_string = nullptr;
  uint8_t* protocol_string_copy = nullptr;
  intptr_t protocol_string_len = 0;
  int status;
 
  Dart_Handle result = Dart_TypedDataAcquireData(
      protocols_handle, &protocols_type,
      reinterpret_cast<void**>(&protocol_string), &protocol_string_len);
  if (Dart_IsError(result)) {
    Dart_PropagateError(result);
  }
 
  if (protocols_type != Dart_TypedData_kUint8) {
    Dart_TypedDataReleaseData(protocols_handle);
    Dart_PropagateError(Dart_NewApiError(
        "Unexpected type for protocols (expected valid Uint8List)."));
  }
 
  if (protocol_string_len > 0) {
    if (is_server) {
      // ALPN on server connections must be set on an SSL_CTX object,
      // not on the SSL object of the individual connection.
      ASSERT(context != nullptr);
      ASSERT(ssl == nullptr);
      // Because it must be passed as a single void*, terminate
      // the list of (length, data) strings with a length 0 string.
      protocol_string_copy =
          static_cast<uint8_t*>(malloc(protocol_string_len + 1));
      memmove(protocol_string_copy, protocol_string, protocol_string_len);
      protocol_string_copy[protocol_string_len] = '\0';
      SSL_CTX_set_alpn_select_cb(context->context(), AlpnCallback,
                                 protocol_string_copy);
      context->set_alpn_protocol_string(protocol_string_copy);
    } else {
      // The function makes a local copy of protocol_string, which it owns.
      if (ssl != nullptr) {
        ASSERT(context == nullptr);
        status = SSL_set_alpn_protos(ssl, protocol_string, protocol_string_len);
      } else {
        ASSERT(context != nullptr);
        ASSERT(ssl == nullptr);
        status = SSL_CTX_set_alpn_protos(context->context(), protocol_string,
                                         protocol_string_len);
      }
      ASSERT(status == 0);  // The function returns a non-standard status.
    }
  }
  Dart_TypedDataReleaseData(protocols_handle);
}

SetClientAuthoritiesBytes()

void dart::bin::SSLCertContext::SetClientAuthoritiesBytes	(	Dart_Handle	client_authorities_bytes,
		const char *	password
	)

Definition at line 308 of file security_context.cc.

                          {
  int status;
  {
    ScopedMemBIO bio(client_authorities_bytes);
    status = SetClientAuthorities(context(), &bio, password);
  }
 
  SecureSocketUtils::CheckStatus(status, "TlsException",
                                 "Failure in setClientAuthoritiesBytes");
}

SetTrustedCertificatesBytes()

void dart::bin::SSLCertContext::SetTrustedCertificatesBytes	(	Dart_Handle	cert_bytes,
		const char *	password
	)

Definition at line 230 of file security_context.cc.

                                                                       {
  int status = 0;
  {
    ScopedMemBIO bio(cert_bytes);
    status = SetTrustedCertificatesBytesPEM(context(), bio.bio());
    if (status == 0) {
      if (SecureSocketUtils::NoPEMStartLine()) {
        ERR_clear_error();
        BIO_reset(bio.bio());
        status = SetTrustedCertificatesBytesPKCS12(context(), &bio, password);
      }
    } else {
      // The PEM file was successfully parsed.
      ERR_clear_error();
    }
  }
  SecureSocketUtils::CheckStatus(status, "TlsException",
                                 "Failure trusting builtin roots");
}

trust_builtin()

bool dart::bin::SSLCertContext::trust_builtin ( ) const

inline

Definition at line 84 of file security_context.h.

{ return trust_builtin_; }

TrustBuiltinRoots()

void dart::bin::SSLCertContext::TrustBuiltinRoots

(

)

UseCertificateChainBytes()

int dart::bin::SSLCertContext::UseCertificateChainBytes	(	Dart_Handle	cert_chain_bytes,
		const char *	password
	)

Definition at line 629 of file security_context.cc.

                                                                   {
  ScopedMemBIO bio(cert_chain_bytes);
  return UseChainBytes(context(), &bio, password);
}

Member Data Documentation

kApproximateSize

const intptr_t dart::bin::SSLCertContext::kApproximateSize

static

Definition at line 26 of file security_context.h.

kSecurityContextNativeFieldIndex

constexpr int dart::bin::SSLCertContext::kSecurityContextNativeFieldIndex = 0

staticconstexpr

Definition at line 27 of file security_context.h.

kX509NativeFieldIndex

constexpr int dart::bin::SSLCertContext::kX509NativeFieldIndex = 0

staticconstexpr

Definition at line 28 of file security_context.h.

---

The documentation for this class was generated from the following files:

• third_party/dart-lang/sdk/runtime/bin/security_context.h
• third_party/dart-lang/sdk/runtime/bin/security_context.cc