Package tlslite :: Module session
[hide private]
[frames] | no frames]

Source Code for Module tlslite.session

  1  # Authors:  
  2  #   Trevor Perrin 
  3  #   Dave Baggett (Arcode Corporation) - canonicalCipherName 
  4  # 
  5  # See the LICENSE file for legal information regarding use of this file. 
  6   
  7  """Class representing a TLS session.""" 
  8   
  9  from .utils.compat import * 
 10  from .mathtls import * 
 11  from .constants import * 
 12   
13 -class Session(object):
14 """ 15 This class represents a TLS session. 16 17 TLS distinguishes between connections and sessions. A new 18 handshake creates both a connection and a session. Data is 19 transmitted over the connection. 20 21 The session contains a more permanent record of the handshake. The 22 session can be inspected to determine handshake results. The 23 session can also be used to create a new connection through 24 "session resumption". If the client and server both support this, 25 they can create a new connection based on an old session without 26 the overhead of a full handshake. 27 28 The session for a L{tlslite.TLSConnection.TLSConnection} can be 29 retrieved from the connection's 'session' attribute. 30 31 @type srpUsername: str 32 @ivar srpUsername: The client's SRP username (or None). 33 34 @type clientCertChain: L{tlslite.x509certchain.X509CertChain} 35 @ivar clientCertChain: The client's certificate chain (or None). 36 37 @type serverCertChain: L{tlslite.x509certchain.X509CertChain} 38 @ivar serverCertChain: The server's certificate chain (or None). 39 40 @type tackExt: L{tack.structures.TackExtension.TackExtension} 41 @ivar tackExt: The server's TackExtension (or None). 42 43 @type tackInHelloExt: L{bool} 44 @ivar tackInHelloExt:True if a TACK was presented via TLS Extension. 45 46 @type encryptThenMAC: bool 47 @ivar encryptThenMAC: True if connection uses CBC cipher in 48 encrypt-then-MAC mode 49 50 @type appProto: bytearray 51 @ivar appProto: name of the negotiated application level protocol, None 52 if not negotiated 53 """ 54
55 - def __init__(self):
56 self.masterSecret = bytearray(0) 57 self.sessionID = bytearray(0) 58 self.cipherSuite = 0 59 self.srpUsername = "" 60 self.clientCertChain = None 61 self.serverCertChain = None 62 self.tackExt = None 63 self.tackInHelloExt = False 64 self.serverName = "" 65 self.resumable = False 66 self.encryptThenMAC = False 67 self.extendedMasterSecret = False 68 self.appProto = bytearray(0)
69
70 - def create(self, masterSecret, sessionID, cipherSuite, 71 srpUsername, clientCertChain, serverCertChain, 72 tackExt, tackInHelloExt, serverName, resumable=True, 73 encryptThenMAC=False, extendedMasterSecret=False, 74 appProto=bytearray(0)):
75 self.masterSecret = masterSecret 76 self.sessionID = sessionID 77 self.cipherSuite = cipherSuite 78 self.srpUsername = srpUsername 79 self.clientCertChain = clientCertChain 80 self.serverCertChain = serverCertChain 81 self.tackExt = tackExt 82 self.tackInHelloExt = tackInHelloExt 83 self.serverName = serverName 84 self.resumable = resumable 85 self.encryptThenMAC = encryptThenMAC 86 self.extendedMasterSecret = extendedMasterSecret 87 self.appProto = appProto
88
89 - def _clone(self):
90 other = Session() 91 other.masterSecret = self.masterSecret 92 other.sessionID = self.sessionID 93 other.cipherSuite = self.cipherSuite 94 other.srpUsername = self.srpUsername 95 other.clientCertChain = self.clientCertChain 96 other.serverCertChain = self.serverCertChain 97 other.tackExt = self.tackExt 98 other.tackInHelloExt = self.tackInHelloExt 99 other.serverName = self.serverName 100 other.resumable = self.resumable 101 other.encryptThenMAC = self.encryptThenMAC 102 other.extendedMasterSecret = self.extendedMasterSecret 103 other.appProto = self.appProto 104 return other
105
106 - def valid(self):
107 """If this session can be used for session resumption. 108 109 @rtype: bool 110 @return: If this session can be used for session resumption. 111 """ 112 return self.resumable and self.sessionID
113
114 - def _setResumable(self, boolean):
115 #Only let it be set to True if the sessionID is non-null 116 if (not boolean) or (boolean and self.sessionID): 117 self.resumable = boolean
118
119 - def getTackId(self):
120 if self.tackExt and self.tackExt.tack: 121 return self.tackExt.tack.getTackId() 122 else: 123 return None
124
125 - def getBreakSigs(self):
126 if self.tackExt and self.tackExt.break_sigs: 127 return self.tackExt.break_sigs 128 else: 129 return None
130
131 - def getCipherName(self):
132 """Get the name of the cipher used with this connection. 133 134 @rtype: str 135 @return: The name of the cipher used with this connection. 136 """ 137 return CipherSuite.canonicalCipherName(self.cipherSuite)
138
139 - def getMacName(self):
140 """Get the name of the HMAC hash algo used with this connection. 141 142 @rtype: str 143 @return: The name of the HMAC hash algo used with this connection. 144 """ 145 return CipherSuite.canonicalMacName(self.cipherSuite)
146