1
2
3
4 """TLS Lite + imaplib."""
5
6 import socket
7 from imaplib import IMAP4
8 from tlslite.tlsconnection import TLSConnection
9 from tlslite.integration.clienthelper import ClientHelper
10
11
12 IMAP4_TLS_PORT = 993
13
15 """This class extends L{imaplib.IMAP4} with TLS support."""
16
17 - def __init__(self, host = '', port = IMAP4_TLS_PORT,
18 username=None, password=None,
19 certChain=None, privateKey=None,
20 x509Fingerprint=None,
21 tackID=None,
22 hardTack=None,
23 settings=None):
24 """Create a new IMAP4_TLS.
25
26 For client authentication, use one of these argument
27 combinations:
28 - username, password (SRP)
29 - certChain, privateKey (certificate)
30
31 For server authentication, you can either rely on the
32 implicit mutual authentication performed by SRP
33 or you can do certificate-based server
34 authentication with one of these argument combinations:
35 - x509Fingerprint
36
37 Certificate-based server authentication is compatible with
38 SRP or certificate-based client authentication.
39
40 The caller should be prepared to handle TLS-specific
41 exceptions. See the client handshake functions in
42 L{tlslite.TLSConnection.TLSConnection} for details on which
43 exceptions might be raised.
44
45 @type host: str
46 @param host: Server to connect to.
47
48 @type port: int
49 @param port: Port to connect to.
50
51 @type username: str
52 @param username: SRP username. Requires the
53 'password' argument.
54
55 @type password: str
56 @param password: SRP password for mutual authentication.
57 Requires the 'username' argument.
58
59 @type certChain: L{tlslite.x509certchain.X509CertChain}
60 @param certChain: Certificate chain for client authentication.
61 Requires the 'privateKey' argument. Excludes the SRP arguments.
62
63 @type privateKey: L{tlslite.utils.rsakey.RSAKey}
64 @param privateKey: Private key for client authentication.
65 Requires the 'certChain' argument. Excludes the SRP arguments.
66
67 @type x509Fingerprint: str
68 @param x509Fingerprint: Hex-encoded X.509 fingerprint for
69 server authentication.
70
71 @type tackID: str
72 @param tackID: TACK ID for server authentication.
73
74 @type hardTack: bool
75 @param hardTack: Whether to raise TackBreakSigError on TACK Break.
76
77 @type settings: L{tlslite.handshakesettings.HandshakeSettings}
78 @param settings: Various settings which can be used to control
79 the ciphersuites, certificate types, and SSL/TLS versions
80 offered by the client.
81 """
82
83 ClientHelper.__init__(self,
84 username, password,
85 certChain, privateKey,
86 x509Fingerprint,
87 tackID,
88 hardTack,
89 settings)
90
91 IMAP4.__init__(self, host, port)
92
93
95 """Setup connection to remote server on "host:port".
96
97 This connection will be used by the routines:
98 read, readline, send, shutdown.
99 """
100 self.host = host
101 self.port = port
102 self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
103 self.sock.connect((host, port))
104 self.sock = TLSConnection(self.sock)
105 ClientHelper._handshake(self, self.sock)
106 self.file = self.sock.makefile('rb')
107