The object containing the certificates to trust when making a secure client connection, and the certificate chain and private key to serve from a secure server.

The SecureSocket and SecureServer classes take a SecurityContext as an argument to their connect and bind methods.

Certificates and keys can be added to a SecurityContext from PEM files on the disk. A PEM file contains one or more base-64 encoded DER-serialized ASN1 objects, surrounded with delimiter strings like "-----BEGIN CERTIFICATE -----" and "-----END CERTIFICATE-----". Distinguished encoding rules (DER) is a canonical binary serialization of ASN1 objects into an octet string.

Static Properties

defaultContext SecurityContext
read-only

Constructors

SecurityContext()

Methods

setAlpnProtocols(List<String> protocols, bool isServer) → void

Sets the list of application-level protocols supported by a client connection or server connection. The ALPN (application level protocol negotiation) extension to TLS allows a client to send a list of protocols in the TLS client hello message, and the server to pick one and send the selected one back in its server hello message.

setClientAuthorities(String file) → void

Sets the list of authority names that a SecureServer will advertise as accepted, when requesting a client certificate from a connecting client. file is a PEM file containing the accepted signing authority certificates - the authority names are extracted from the certificates.

setTrustedCertificates({String file, String directory}) → void

Sets the set of trusted X509 certificates used by SecureSocket client connections, when connecting to a secure server.

useCertificateChain(String file) → void

Sets the chain of X509 certificates served by SecureServer when making secure connections, including the server certificate. file is an PEM file containing X509 certificates, starting with the root authority and intermediate authorities forming the signed chain to the server certificate, and ending with the server certificate. The private key for the server certificate is set by usePrivateKey.

usePrivateKey(String keyFile, {String password}) → void

Sets the private key for a server certificate or client certificate. A secure connection using this SecurityContext will use this key with the server or client certificate to sign and decrypt messages. keyFile is a PEM file containing an encrypted private key, encrypted with password. An unencrypted file can be used, but this is not usual.