Begin work on ios secure sockets

BUG= R=iposva@google.com Review URL: https://codereview.chromium.org/1839123003 .
2024-11-05 18:22:09 +00:00 · 2016-03-31 12:55:31 -07:00 · 2016-03-31 12:55:31 -07:00 · 08450dc432
commit 08450dc432
parent 498c77ef51
7 changed files with 1341 additions and 13 deletions
--- a/runtime/bin/BUILD.gn
+++ b/runtime/bin/BUILD.gn
@ -280,7 +280,13 @@ source_set("embedded_dart_io") {
  }
  set_sources_assignment_filter(custom_sources_filter)

-  defines = [ "DART_IO_SECURE_SOCKET_DISABLED" ]
+  if (is_mac || is_ios) {
+    libs = [
+      "Security.framework",
+    ]
+  } else {
+    defines = [ "DART_IO_SECURE_SOCKET_DISABLED" ]
+  }

  sources = io_impl_sources_gypi.sources + builtin_impl_sources_gypi.sources
  sources += [
--- a/runtime/bin/io_impl_sources.gypi
+++ b/runtime/bin/io_impl_sources.gypi
@ -51,6 +51,7 @@
    'secure_socket.h',
    'secure_socket_boringssl.cc',
    'secure_socket_boringssl.h',
+    'secure_socket_ios.cc',
    'secure_socket_macos.cc',
    'secure_socket_macos.h',
    'secure_socket_unsupported.cc',
--- a/runtime/bin/platform_macos.cc
+++ b/runtime/bin/platform_macos.cc
@ -76,14 +76,16 @@ bool Platform::LocalHostname(char *buffer, intptr_t buffer_length) {

 char** Platform::Environment(intptr_t* count) {
 #if TARGET_OS_IOS
-  // TODO(iposva): On Mac (desktop), _NSGetEnviron() is used to access the
-  // environ from shared libraries or bundles. This is present in crt_externs.h
-  // which is unavailable on iOS. On iOS, everything is statically linked for
-  // now. So arguably, accessing the environ directly with a "extern char
-  // **environ" will work. But this approach is brittle as the target with this
-  // CU could be a dynamic framework (introduced in iOS 8). A more elegant
-  // approach needs to be devised.
-  return NULL;
+  // TODO(zra,chinmaygarde): On iOS, environment variables are seldom used. Wire
+  // this up if someone needs it. In the meantime, we return an empty array.
+  char** result;
+  result = reinterpret_cast<char**>(Dart_ScopeAllocate(1 * sizeof(*result)));
+  if (result == NULL) {
+    return NULL;
+  }
+  result[0] = NULL;
+  *count = 0;
+  return result;
 #else
  // Using environ directly is only safe as long as we do not
  // provide access to modifying environment variables.
--- a/runtime/bin/secure_socket_ios.cc
+++ b/runtime/bin/secure_socket_ios.cc
--- a/runtime/bin/secure_socket_macos.cc
+++ b/runtime/bin/secure_socket_macos.cc
@ -5,7 +5,7 @@
 #if !defined(DART_IO_DISABLED) && !defined(DART_IO_SECURE_SOCKET_DISABLED)

 #include "platform/globals.h"
-#if defined(TARGET_OS_MACOS)
+#if defined(TARGET_OS_MACOS) && !TARGET_OS_IOS

 #include "bin/secure_socket.h"
 #include "bin/secure_socket_macos.h"
@ -2022,7 +2022,7 @@ OSStatus SSLFilter::ProcessWritePlaintextBuffer(intptr_t start,
 }  // namespace bin
 }  // namespace dart

-#endif  // defined(TARGET_OS_MACOS)
+#endif  // defined(TARGET_OS_MACOS) && !TARGET_OS_IOS

 #endif  // !defined(DART_IO_DISABLED) &&
        // !defined(DART_IO_SECURE_SOCKET_DISABLED)
--- a/runtime/platform/globals.h
+++ b/runtime/platform/globals.h
@ -102,6 +102,9 @@
 // the value defined in TargetConditionals.h
 #define TARGET_OS_MACOS 1
 #if TARGET_OS_IPHONE
+// Test for this #define by saying '#if TARGET_OS_IOS' rather than the usual
+// '#if defined(TARGET_OS_IOS)'. TARGET_OS_IOS is defined to be 0 in
+// XCode >= 7.0. See Issue #24453.
 #define TARGET_OS_IOS 1
 #endif

--- a/sdk/lib/io/security_context.dart
+++ b/sdk/lib/io/security_context.dart
@ -14,6 +14,10 @@ part of dart.io;
 *
 * Certificates and keys can be added to a SecurityContext from either PEM
 * or PKCS12 containers.
+ *
+ * iOS note: methods to add, remove, and inspect certificates are not yet
+ * implemented. That is, only the platform's built-in trusted certificates can
+ * be used, by way of [SecurityContext.defaultContext].
 */
 abstract class SecurityContext {
  external factory SecurityContext();
@ -24,8 +28,10 @@ abstract class SecurityContext {
   * This object can also be accessed, and modified, directly.
   * Each isolate has a different [defaultContext] object.
   * The [defaultContext] object uses a list of well-known trusted
-   * certificate authorities as its trusted roots.  This list is
-   * taken from Mozilla, who maintains it as part of Firefox.
+   * certificate authorities as its trusted roots. On Linux and Windows, this
+   * list is taken from Mozilla, who maintains it as part of Firefox. On,
+   * MacOS, iOS, and Android, this list comes from the trusted certificates
+   * stores built in to the platforms.
   */
  external static SecurityContext get defaultContext;