1
2
3
4 """
5 A helper class for using TLS Lite with stdlib clients
6 (httplib, xmlrpclib, imaplib, poplib).
7 """
8
9 from tlslite.checker import Checker
10
12 """This is a helper class used to integrate TLS Lite with various
13 TLS clients (e.g. poplib, smtplib, httplib, etc.)"""
14
15 - def __init__(self,
16 username=None, password=None,
17 certChain=None, privateKey=None,
18 x509Fingerprint=None,
19 tackID=None,
20 hardTack=None,
21 settings = None):
22 """
23 For client authentication, use one of these argument
24 combinations:
25 - username, password (SRP)
26 - certChain, privateKey (certificate)
27
28 For server authentication, you can either rely on the
29 implicit mutual authentication performed by SRP,
30 or you can do certificate-based server
31 authentication with one of these argument combinations:
32 - x509Fingerprint
33
34 Certificate-based server authentication is compatible with
35 SRP or certificate-based client authentication.
36
37 The constructor does not perform the TLS handshake itself, but
38 simply stores these arguments for later. The handshake is
39 performed only when this class needs to connect with the
40 server. Then you should be prepared to handle TLS-specific
41 exceptions. See the client handshake functions in
42 L{tlslite.TLSConnection.TLSConnection} for details on which
43 exceptions might be raised.
44
45 @type username: str
46 @param username: SRP username. Requires the
47 'password' argument.
48
49 @type password: str
50 @param password: SRP password for mutual authentication.
51 Requires the 'username' argument.
52
53 @type certChain: L{tlslite.x509certchain.X509CertChain}
54 @param certChain: Certificate chain for client authentication.
55 Requires the 'privateKey' argument. Excludes the SRP arguments.
56
57 @type privateKey: L{tlslite.utils.rsakey.RSAKey}
58 @param privateKey: Private key for client authentication.
59 Requires the 'certChain' argument. Excludes the SRP arguments.
60
61 @type x509Fingerprint: str
62 @param x509Fingerprint: Hex-encoded X.509 fingerprint for
63 server authentication.
64
65 @type tackID: str
66 @param tackID: TACK ID for server authentication.
67
68 @type hardTack: bool
69 @param hardTack: Whether to raise TackBreakSigError on TACK Break.
70
71 @type settings: L{tlslite.handshakesettings.HandshakeSettings}
72 @param settings: Various settings which can be used to control
73 the ciphersuites, certificate types, and SSL/TLS versions
74 offered by the client.
75 """
76
77 self.username = None
78 self.password = None
79 self.certChain = None
80 self.privateKey = None
81 self.checker = None
82
83
84 if username and password and not \
85 (certChain or privateKey):
86 self.username = username
87 self.password = password
88
89
90 elif certChain and privateKey and not \
91 (username or password):
92 self.certChain = certChain
93 self.privateKey = privateKey
94
95
96 elif not password and not username and not \
97 certChain and not privateKey:
98 pass
99
100 else:
101 raise ValueError("Bad parameters")
102
103 if tackID:
104 self.reqTack = True
105 else:
106 self.reqTack = False
107
108 self.checker = Checker(x509Fingerprint, tackID, hardTack)
109 self.settings = settings
110
111 self.tlsSession = None
112
114 if self.username and self.password:
115 tlsConnection.handshakeClientSRP(username=self.username,
116 password=self.password,
117 reqTack=self.reqTack,
118 checker=self.checker,
119 settings=self.settings,
120 session=self.tlsSession)
121 else:
122 tlsConnection.handshakeClientCert(certChain=self.certChain,
123 privateKey=self.privateKey,
124 reqTack=self.reqTack,
125 checker=self.checker,
126 settings=self.settings,
127 session=self.tlsSession)
128 self.tlsSession = tlsConnection.session
129