1
2
3
4 """TLS Lite + poplib."""
5
6 import socket
7 from poplib import POP3, POP3_SSL_PORT
8 from tlslite.tlsconnection import TLSConnection
9 from tlslite.integration.clienthelper import ClientHelper
10
12 """This class extends L{poplib.POP3} with TLS support."""
13
14 - def __init__(self, host, port = POP3_SSL_PORT,
15 timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
16 username=None, password=None,
17 certChain=None, privateKey=None,
18 x509Fingerprint=None,
19 tackID=None,
20 hardTack=None,
21 settings=None):
22 """Create a new POP3_TLS.
23
24 For client authentication, use one of these argument
25 combinations:
26 - username, password (SRP)
27 - certChain, privateKey (certificate)
28
29 For server authentication, you can either rely on the
30 implicit mutual authentication performed by SRP or
31 you can do certificate-based server
32 authentication with one of these argument combinations:
33 - x509Fingerprint
34
35 Certificate-based server authentication is compatible with
36 SRP or certificate-based client authentication.
37
38 The caller should be prepared to handle TLS-specific
39 exceptions. See the client handshake functions in
40 L{tlslite.TLSConnection.TLSConnection} for details on which
41 exceptions might be raised.
42
43 @type host: str
44 @param host: Server to connect to.
45
46 @type port: int
47 @param port: Port to connect to.
48
49 @type username: str
50 @param username: SRP username.
51
52 @type password: str
53 @param password: SRP password for mutual authentication.
54 Requires the 'username' argument.
55
56 @type certChain: L{tlslite.x509certchain.X509CertChain}
57 @param certChain: Certificate chain for client authentication.
58 Requires the 'privateKey' argument. Excludes the SRP argument.
59
60 @type privateKey: L{tlslite.utils.rsakey.RSAKey}
61 @param privateKey: Private key for client authentication.
62 Requires the 'certChain' argument. Excludes the SRP argument.
63
64 @type x509Fingerprint: str
65 @param x509Fingerprint: Hex-encoded X.509 fingerprint for
66 server authentication.
67
68 @type tackID: str
69 @param tackID: TACK ID for server authentication.
70
71 @type hardTack: bool
72 @param hardTack: Whether to raise TackBreakSigError on TACK Break.
73
74 @type settings: L{tlslite.handshakesettings.HandshakeSettings}
75 @param settings: Various settings which can be used to control
76 the ciphersuites, certificate types, and SSL/TLS versions
77 offered by the client.
78 """
79 self.host = host
80 self.port = port
81 sock = socket.create_connection((host, port), timeout)
82 ClientHelper.__init__(self,
83 username, password,
84 certChain, privateKey,
85 x509Fingerprint,
86 tackID, hardTack,
87 settings)
88 connection = TLSConnection(sock)
89 ClientHelper._handshake(self, connection)
90 self.sock = connection
91 self.file = self.sock.makefile('rb')
92 self._debugging = 0
93 self.welcome = self._getresp()
94