Package tlslite :: Package integration :: Module clienthelper
[hide private]
[frames] | no frames]

Source Code for Module tlslite.integration.clienthelper

  1  # Authors:  
  2  #   Trevor Perrin 
  3  #   Dimitris Moraitis - Anon ciphersuites 
  4  # 
  5  # See the LICENSE file for legal information regarding use of this file. 
  6   
  7  """ 
  8  A helper class for using TLS Lite with stdlib clients 
  9  (httplib, xmlrpclib, imaplib, poplib). 
 10  """ 
 11   
 12  from tlslite.checker import Checker 
13 14 -class ClientHelper(object):
15 """This is a helper class used to integrate TLS Lite with various 16 TLS clients (e.g. poplib, smtplib, httplib, etc.)""" 17
18 - def __init__(self, 19 username=None, password=None, 20 certChain=None, privateKey=None, 21 checker=None, 22 settings=None, 23 anon=False, 24 host=None):
25 """ 26 For client authentication, use one of these argument 27 combinations: 28 - username, password (SRP) 29 - certChain, privateKey (certificate) 30 31 For server authentication, you can either rely on the 32 implicit mutual authentication performed by SRP, 33 or you can do certificate-based server 34 authentication with one of these argument combinations: 35 - x509Fingerprint 36 37 Certificate-based server authentication is compatible with 38 SRP or certificate-based client authentication. 39 40 The constructor does not perform the TLS handshake itself, but 41 simply stores these arguments for later. The handshake is 42 performed only when this class needs to connect with the 43 server. Then you should be prepared to handle TLS-specific 44 exceptions. See the client handshake functions in 45 L{tlslite.TLSConnection.TLSConnection} for details on which 46 exceptions might be raised. 47 48 @type username: str 49 @param username: SRP username. Requires the 50 'password' argument. 51 52 @type password: str 53 @param password: SRP password for mutual authentication. 54 Requires the 'username' argument. 55 56 @type certChain: L{tlslite.x509certchain.X509CertChain} 57 @param certChain: Certificate chain for client authentication. 58 Requires the 'privateKey' argument. Excludes the SRP arguments. 59 60 @type privateKey: L{tlslite.utils.rsakey.RSAKey} 61 @param privateKey: Private key for client authentication. 62 Requires the 'certChain' argument. Excludes the SRP arguments. 63 64 @type checker: L{tlslite.checker.Checker} 65 @param checker: Callable object called after handshaking to 66 evaluate the connection and raise an Exception if necessary. 67 68 @type settings: L{tlslite.handshakesettings.HandshakeSettings} 69 @param settings: Various settings which can be used to control 70 the ciphersuites, certificate types, and SSL/TLS versions 71 offered by the client. 72 """ 73 74 self.username = None 75 self.password = None 76 self.certChain = None 77 self.privateKey = None 78 self.checker = None 79 self.anon = anon 80 81 #SRP Authentication 82 if username and password and not \ 83 (certChain or privateKey): 84 self.username = username 85 self.password = password 86 87 #Certificate Chain Authentication 88 elif certChain and privateKey and not \ 89 (username or password): 90 self.certChain = certChain 91 self.privateKey = privateKey 92 93 #No Authentication 94 elif not password and not username and not \ 95 certChain and not privateKey: 96 pass 97 98 else: 99 raise ValueError("Bad parameters") 100 101 self.checker = checker 102 self.settings = settings 103 104 self.tlsSession = None 105 106 if not self._isIP(host): 107 self.serverName = host 108 else: 109 self.serverName = None
110 111 @staticmethod
112 - def _isIP(address):
113 """Return True if the address is an IPv4 address""" 114 if not address: 115 return False 116 vals = address.split('.') 117 if len(vals) != 4: 118 return False 119 for i in vals: 120 if not i.isdigit(): 121 return False 122 j = int(i) 123 if not 0 <= j <= 255: 124 return False 125 return True
126
127 - def _handshake(self, tlsConnection):
128 if self.username and self.password: 129 tlsConnection.handshakeClientSRP(username=self.username, 130 password=self.password, 131 checker=self.checker, 132 settings=self.settings, 133 session=self.tlsSession, 134 serverName=self.serverName) 135 elif self.anon: 136 tlsConnection.handshakeClientAnonymous(session=self.tlsSession, 137 settings=self.settings, 138 checker=self.checker, 139 serverName=self.serverName) 140 else: 141 tlsConnection.handshakeClientCert(certChain=self.certChain, 142 privateKey=self.privateKey, 143 checker=self.checker, 144 settings=self.settings, 145 session=self.tlsSession, 146 serverName=self.serverName) 147 self.tlsSession = tlsConnection.session
148