1
2
3
4 """TLS Lite + httplib."""
5
6 import socket
7 import httplib
8 from tlslite.tlsconnection import TLSConnection
9 from tlslite.integration.clienthelper import ClientHelper
10
11
13 """This class extends L{httplib.HTTPConnection} to support TLS."""
14
15 - def __init__(self, host, port=None, strict=None,
16 timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
17 source_address=None,
18 username=None, password=None,
19 certChain=None, privateKey=None,
20 x509Fingerprint=None,
21 tackID=None,
22 hardTack=None,
23 settings = None):
24 """Create a new HTTPTLSConnection.
25
26 For client authentication, use one of these argument
27 combinations:
28 - username, password (SRP)
29 - certChain, privateKey (certificate)
30
31 For server authentication, you can either rely on the
32 implicit mutual authentication performed by SRP
33 or you can do certificate-based server
34 authentication with one of these argument combinations:
35 - x509Fingerprint
36
37 Certificate-based server authentication is compatible with
38 SRP or certificate-based client authentication.
39
40 The constructor does not perform the TLS handshake itself, but
41 simply stores these arguments for later. The handshake is
42 performed only when this class needs to connect with the
43 server. Thus you should be prepared to handle TLS-specific
44 exceptions when calling methods inherited from
45 L{httplib.HTTPConnection} such as request(), connect(), and
46 send(). See the client handshake functions in
47 L{tlslite.TLSConnection.TLSConnection} for details on which
48 exceptions might be raised.
49
50 @type host: str
51 @param host: Server to connect to.
52
53 @type port: int
54 @param port: Port to connect to.
55
56 @type username: str
57 @param username: SRP username. Requires the
58 'password' argument.
59
60 @type password: str
61 @param password: SRP password for mutual authentication.
62 Requires the 'username' argument.
63
64 @type certChain: L{tlslite.x509certchain.X509CertChain} or
65 @param certChain: Certificate chain for client authentication.
66 Requires the 'privateKey' argument. Excludes the SRP arguments.
67
68 @type privateKey: L{tlslite.utils.rsakey.RSAKey}
69 @param privateKey: Private key for client authentication.
70 Requires the 'certChain' argument. Excludes the SRP arguments.
71
72 @type x509Fingerprint: str
73 @param x509Fingerprint: Hex-encoded X.509 fingerprint for
74 server authentication.
75
76 @type tackID: str
77 @param tackID: TACK ID for server authentication.
78
79 @type hardTack: bool
80 @param hardTack: Whether to raise TackBreakSigError on TACK Break.
81
82 @type settings: L{tlslite.handshakesettings.HandshakeSettings}
83 @param settings: Various settings which can be used to control
84 the ciphersuites, certificate types, and SSL/TLS versions
85 offered by the client.
86 """
87 if source_address:
88 httplib.HTTPConnection.__init__(self, host, port, strict,
89 timeout, source_address)
90 if not source_address:
91 httplib.HTTPConnection.__init__(self, host, port, strict,
92 timeout)
93
94 ClientHelper.__init__(self,
95 username, password,
96 certChain, privateKey,
97 x509Fingerprint,
98 tackID,
99 hardTack,
100 settings)
101
106