1
2
3
4
5
6
7 """
8 A helper class for using TLS Lite with stdlib clients
9 (httplib, xmlrpclib, imaplib, poplib).
10 """
11
12 from tlslite.checker import Checker
15 """This is a helper class used to integrate TLS Lite with various
16 TLS clients (e.g. poplib, smtplib, httplib, etc.)"""
17
18 - def __init__(self,
19 username=None, password=None,
20 certChain=None, privateKey=None,
21 checker=None,
22 settings=None,
23 anon=False,
24 host=None):
25 """
26 For client authentication, use one of these argument
27 combinations:
28 - username, password (SRP)
29 - certChain, privateKey (certificate)
30
31 For server authentication, you can either rely on the
32 implicit mutual authentication performed by SRP,
33 or you can do certificate-based server
34 authentication with one of these argument combinations:
35 - x509Fingerprint
36
37 Certificate-based server authentication is compatible with
38 SRP or certificate-based client authentication.
39
40 The constructor does not perform the TLS handshake itself, but
41 simply stores these arguments for later. The handshake is
42 performed only when this class needs to connect with the
43 server. Then you should be prepared to handle TLS-specific
44 exceptions. See the client handshake functions in
45 L{tlslite.TLSConnection.TLSConnection} for details on which
46 exceptions might be raised.
47
48 @type username: str
49 @param username: SRP username. Requires the
50 'password' argument.
51
52 @type password: str
53 @param password: SRP password for mutual authentication.
54 Requires the 'username' argument.
55
56 @type certChain: L{tlslite.x509certchain.X509CertChain}
57 @param certChain: Certificate chain for client authentication.
58 Requires the 'privateKey' argument. Excludes the SRP arguments.
59
60 @type privateKey: L{tlslite.utils.rsakey.RSAKey}
61 @param privateKey: Private key for client authentication.
62 Requires the 'certChain' argument. Excludes the SRP arguments.
63
64 @type checker: L{tlslite.checker.Checker}
65 @param checker: Callable object called after handshaking to
66 evaluate the connection and raise an Exception if necessary.
67
68 @type settings: L{tlslite.handshakesettings.HandshakeSettings}
69 @param settings: Various settings which can be used to control
70 the ciphersuites, certificate types, and SSL/TLS versions
71 offered by the client.
72 """
73
74 self.username = None
75 self.password = None
76 self.certChain = None
77 self.privateKey = None
78 self.checker = None
79 self.anon = anon
80
81
82 if username and password and not \
83 (certChain or privateKey):
84 self.username = username
85 self.password = password
86
87
88 elif certChain and privateKey and not \
89 (username or password):
90 self.certChain = certChain
91 self.privateKey = privateKey
92
93
94 elif not password and not username and not \
95 certChain and not privateKey:
96 pass
97
98 else:
99 raise ValueError("Bad parameters")
100
101 self.checker = checker
102 self.settings = settings
103
104 self.tlsSession = None
105
106 if not self._isIP(host):
107 self.serverName = host
108 else:
109 self.serverName = None
110
111 @staticmethod
113 """Return True if the address is an IPv4 address"""
114 if not address:
115 return False
116 vals = address.split('.')
117 if len(vals) != 4:
118 return False
119 for i in vals:
120 if not i.isdigit():
121 return False
122 j = int(i)
123 if not 0 <= j <= 255:
124 return False
125 return True
126
128 if self.username and self.password:
129 tlsConnection.handshakeClientSRP(username=self.username,
130 password=self.password,
131 checker=self.checker,
132 settings=self.settings,
133 session=self.tlsSession,
134 serverName=self.serverName)
135 elif self.anon:
136 tlsConnection.handshakeClientAnonymous(session=self.tlsSession,
137 settings=self.settings,
138 checker=self.checker,
139 serverName=self.serverName)
140 else:
141 tlsConnection.handshakeClientCert(certChain=self.certChain,
142 privateKey=self.privateKey,
143 checker=self.checker,
144 settings=self.settings,
145 session=self.tlsSession,
146 serverName=self.serverName)
147 self.tlsSession = tlsConnection.session
148