1
2
3
4 """TLS Lite + xmlrpclib."""
5
6 import xmlrpclib
7 import httplib
8 from tlslite.integration.httptlsconnection import HTTPTLSConnection
9 from tlslite.integration.clienthelper import ClientHelper
10
11
13 """Handles an HTTPS transaction to an XML-RPC server."""
14
15 - def __init__(self,
16 username=None, password=None,
17 certChain=None, privateKey=None,
18 x509Fingerprint=None,
19 tackID=None,
20 hardTack=None,
21 settings=None):
22 """Create a new XMLRPCTransport.
23
24 An instance of this class can be passed to L{xmlrpclib.ServerProxy}
25 to use TLS with XML-RPC calls::
26
27 from tlslite import XMLRPCTransport
28 from xmlrpclib import ServerProxy
29
30 transport = XMLRPCTransport(user="alice", password="abra123")
31 server = ServerProxy("https://localhost", transport)
32
33 For client authentication, use one of these argument
34 combinations:
35 - username, password (SRP)
36 - certChain, privateKey (certificate)
37
38 For server authentication, you can either rely on the
39 implicit mutual authentication performed by SRP or
40 you can do certificate-based server
41 authentication with one of these argument combinations:
42 - x509Fingerprint
43
44 Certificate-based server authentication is compatible with
45 SRP or certificate-based client authentication.
46
47 The constructor does not perform the TLS handshake itself, but
48 simply stores these arguments for later. The handshake is
49 performed only when this class needs to connect with the
50 server. Thus you should be prepared to handle TLS-specific
51 exceptions when calling methods of L{xmlrpclib.ServerProxy}. See the
52 client handshake functions in
53 L{tlslite.TLSConnection.TLSConnection} for details on which
54 exceptions might be raised.
55
56 @type username: str
57 @param username: SRP username. Requires the
58 'password' argument.
59
60 @type password: str
61 @param password: SRP password for mutual authentication.
62 Requires the 'username' argument.
63
64 @type certChain: L{tlslite.x509certchain.X509CertChain}
65 @param certChain: Certificate chain for client authentication.
66 Requires the 'privateKey' argument. Excludes the SRP arguments.
67
68 @type privateKey: L{tlslite.utils.rsakey.RSAKey}
69 @param privateKey: Private key for client authentication.
70 Requires the 'certChain' argument. Excludes the SRP arguments.
71
72 @type x509Fingerprint: str
73 @param x509Fingerprint: Hex-encoded X.509 fingerprint for
74 server authentication.
75
76 @type tackID: str
77 @param tackID: TACK ID for server authentication.
78
79 @type hardTack: bool
80 @param hardTack: Whether to raise TackBreakSigError on TACK Break.
81
82 @type settings: L{tlslite.handshakesettings.HandshakeSettings}
83 @param settings: Various settings which can be used to control
84 the ciphersuites, certificate types, and SSL/TLS versions
85 offered by the client.
86 """
87
88 ClientHelper.__init__(self,
89 username, password,
90 certChain, privateKey,
91 x509Fingerprint,
92 tackID,
93 hardTack,
94 settings)
95
96
98
99 host, extra_headers, x509 = self.get_host_info(host)
100 if hasattr(self, "http") and self.http:
101 tlsSession = self.http.tlsSession
102 else:
103 tlsSession = None
104 http = HTTPTLSConnection(host, None,
105 self.username, self.password,
106 self.certChain, self.privateKey,
107 self.checker.x509Fingerprint,
108 self.checker.tack,
109 self.checker.hardTack,
110 self.settings)
111 self.http.tlsSession = tlsSession
112 http2 = httplib.HTTP()
113 http2._setup(http)
114 return http2
115