Package tlslite :: Package integration :: Module clienthelper
[hide private]
[frames] | no frames]

Source Code for Module tlslite.integration.clienthelper

  1  # Author: Trevor Perrin 
  2  # See the LICENSE file for legal information regarding use of this file. 
  3   
  4  """ 
  5  A helper class for using TLS Lite with stdlib clients 
  6  (httplib, xmlrpclib, imaplib, poplib). 
  7  """ 
  8   
  9  from tlslite.checker import Checker 
 10   
11 -class ClientHelper:
12 """This is a helper class used to integrate TLS Lite with various 13 TLS clients (e.g. poplib, smtplib, httplib, etc.)""" 14
15 - def __init__(self, 16 username=None, password=None, 17 certChain=None, privateKey=None, 18 x509Fingerprint=None, 19 tackID=None, 20 hardTack=None, 21 settings = None):
22 """ 23 For client authentication, use one of these argument 24 combinations: 25 - username, password (SRP) 26 - certChain, privateKey (certificate) 27 28 For server authentication, you can either rely on the 29 implicit mutual authentication performed by SRP, 30 or you can do certificate-based server 31 authentication with one of these argument combinations: 32 - x509Fingerprint 33 34 Certificate-based server authentication is compatible with 35 SRP or certificate-based client authentication. 36 37 The constructor does not perform the TLS handshake itself, but 38 simply stores these arguments for later. The handshake is 39 performed only when this class needs to connect with the 40 server. Then you should be prepared to handle TLS-specific 41 exceptions. See the client handshake functions in 42 L{tlslite.TLSConnection.TLSConnection} for details on which 43 exceptions might be raised. 44 45 @type username: str 46 @param username: SRP username. Requires the 47 'password' argument. 48 49 @type password: str 50 @param password: SRP password for mutual authentication. 51 Requires the 'username' argument. 52 53 @type certChain: L{tlslite.x509certchain.X509CertChain} 54 @param certChain: Certificate chain for client authentication. 55 Requires the 'privateKey' argument. Excludes the SRP arguments. 56 57 @type privateKey: L{tlslite.utils.rsakey.RSAKey} 58 @param privateKey: Private key for client authentication. 59 Requires the 'certChain' argument. Excludes the SRP arguments. 60 61 @type x509Fingerprint: str 62 @param x509Fingerprint: Hex-encoded X.509 fingerprint for 63 server authentication. 64 65 @type tackID: str 66 @param tackID: TACK ID for server authentication. 67 68 @type hardTack: bool 69 @param hardTack: Whether to raise TackBreakSigError on TACK Break. 70 71 @type settings: L{tlslite.handshakesettings.HandshakeSettings} 72 @param settings: Various settings which can be used to control 73 the ciphersuites, certificate types, and SSL/TLS versions 74 offered by the client. 75 """ 76 77 self.username = None 78 self.password = None 79 self.certChain = None 80 self.privateKey = None 81 self.checker = None 82 83 #SRP Authentication 84 if username and password and not \ 85 (certChain or privateKey): 86 self.username = username 87 self.password = password 88 89 #Certificate Chain Authentication 90 elif certChain and privateKey and not \ 91 (username or password): 92 self.certChain = certChain 93 self.privateKey = privateKey 94 95 #No Authentication 96 elif not password and not username and not \ 97 certChain and not privateKey: 98 pass 99 100 else: 101 raise ValueError("Bad parameters") 102 103 if tackID: 104 self.reqTack = True 105 else: 106 self.reqTack = False 107 108 self.checker = Checker(x509Fingerprint, tackID, hardTack) 109 self.settings = settings 110 111 self.tlsSession = None
112
113 - def _handshake(self, tlsConnection):
114 if self.username and self.password: 115 tlsConnection.handshakeClientSRP(username=self.username, 116 password=self.password, 117 reqTack=self.reqTack, 118 checker=self.checker, 119 settings=self.settings, 120 session=self.tlsSession) 121 else: 122 tlsConnection.handshakeClientCert(certChain=self.certChain, 123 privateKey=self.privateKey, 124 reqTack=self.reqTack, 125 checker=self.checker, 126 settings=self.settings, 127 session=self.tlsSession) 128 self.tlsSession = tlsConnection.session
129