1# Authors: 2# Trevor Perrin 3# Dimitris Moraitis - Anon ciphersuites 4# 5# See the LICENSE file for legal information regarding use of this file. 6 7""" 8A helper class for using TLS Lite with stdlib clients 9(httplib, xmlrpclib, imaplib, poplib). 10""" 11 12from tlslite.checker import Checker 13 14class ClientHelper(object): 15 """This is a helper class used to integrate TLS Lite with various 16 TLS clients (e.g. poplib, smtplib, httplib, etc.)""" 17 18 def __init__(self, 19 username=None, password=None, 20 certChain=None, privateKey=None, 21 checker=None, 22 settings = None, 23 anon = False): 24 """ 25 For client authentication, use one of these argument 26 combinations: 27 - username, password (SRP) 28 - certChain, privateKey (certificate) 29 30 For server authentication, you can either rely on the 31 implicit mutual authentication performed by SRP, 32 or you can do certificate-based server 33 authentication with one of these argument combinations: 34 - x509Fingerprint 35 36 Certificate-based server authentication is compatible with 37 SRP or certificate-based client authentication. 38 39 The constructor does not perform the TLS handshake itself, but 40 simply stores these arguments for later. The handshake is 41 performed only when this class needs to connect with the 42 server. Then you should be prepared to handle TLS-specific 43 exceptions. See the client handshake functions in 44 L{tlslite.TLSConnection.TLSConnection} for details on which 45 exceptions might be raised. 46 47 @type username: str 48 @param username: SRP username. Requires the 49 'password' argument. 50 51 @type password: str 52 @param password: SRP password for mutual authentication. 53 Requires the 'username' argument. 54 55 @type certChain: L{tlslite.x509certchain.X509CertChain} 56 @param certChain: Certificate chain for client authentication. 57 Requires the 'privateKey' argument. Excludes the SRP arguments. 58 59 @type privateKey: L{tlslite.utils.rsakey.RSAKey} 60 @param privateKey: Private key for client authentication. 61 Requires the 'certChain' argument. Excludes the SRP arguments. 62 63 @type checker: L{tlslite.checker.Checker} 64 @param checker: Callable object called after handshaking to 65 evaluate the connection and raise an Exception if necessary. 66 67 @type settings: L{tlslite.handshakesettings.HandshakeSettings} 68 @param settings: Various settings which can be used to control 69 the ciphersuites, certificate types, and SSL/TLS versions 70 offered by the client. 71 """ 72 73 self.username = None 74 self.password = None 75 self.certChain = None 76 self.privateKey = None 77 self.checker = None 78 self.anon = anon 79 80 #SRP Authentication 81 if username and password and not \ 82 (certChain or privateKey): 83 self.username = username 84 self.password = password 85 86 #Certificate Chain Authentication 87 elif certChain and privateKey and not \ 88 (username or password): 89 self.certChain = certChain 90 self.privateKey = privateKey 91 92 #No Authentication 93 elif not password and not username and not \ 94 certChain and not privateKey: 95 pass 96 97 else: 98 raise ValueError("Bad parameters") 99 100 self.checker = checker 101 self.settings = settings 102 103 self.tlsSession = None 104 105 def _handshake(self, tlsConnection): 106 if self.username and self.password: 107 tlsConnection.handshakeClientSRP(username=self.username, 108 password=self.password, 109 checker=self.checker, 110 settings=self.settings, 111 session=self.tlsSession) 112 elif self.anon: 113 tlsConnection.handshakeClientAnonymous(session=self.tlsSession, 114 settings=self.settings, 115 checker=self.checker) 116 else: 117 tlsConnection.handshakeClientCert(certChain=self.certChain, 118 privateKey=self.privateKey, 119 checker=self.checker, 120 settings=self.settings, 121 session=self.tlsSession) 122 self.tlsSession = tlsConnection.session