1# Author: Trevor Perrin
2# See the LICENSE file for legal information regarding use of this file.
3
4"""TLS Lite + poplib."""
5
6import socket
7from poplib import POP3, POP3_SSL_PORT
8from tlslite.tlsconnection import TLSConnection
9from tlslite.integration.clienthelper import ClientHelper
10
11class POP3_TLS(POP3, ClientHelper):
12    """This class extends L{poplib.POP3} with TLS support."""
13
14    def __init__(self, host, port = POP3_SSL_PORT,
15                 timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
16                 username=None, password=None,
17                 certChain=None, privateKey=None,
18                 checker=None,
19                 settings=None):
20        """Create a new POP3_TLS.
21
22        For client authentication, use one of these argument
23        combinations:
24         - username, password (SRP)
25         - certChain, privateKey (certificate)
26
27        For server authentication, you can either rely on the
28        implicit mutual authentication performed by SRP or
29        you can do certificate-based server
30        authentication with one of these argument combinations:
31         - x509Fingerprint
32
33        Certificate-based server authentication is compatible with
34        SRP or certificate-based client authentication.
35
36        The caller should be prepared to handle TLS-specific
37        exceptions.  See the client handshake functions in
38        L{tlslite.TLSConnection.TLSConnection} for details on which
39        exceptions might be raised.
40
41        @type host: str
42        @param host: Server to connect to.
43
44        @type port: int
45        @param port: Port to connect to.
46
47        @type username: str
48        @param username: SRP username.
49
50        @type password: str
51        @param password: SRP password for mutual authentication.
52        Requires the 'username' argument.
53
54        @type certChain: L{tlslite.x509certchain.X509CertChain}
55        @param certChain: Certificate chain for client authentication.
56        Requires the 'privateKey' argument.  Excludes the SRP argument.
57
58        @type privateKey: L{tlslite.utils.rsakey.RSAKey}
59        @param privateKey: Private key for client authentication.
60        Requires the 'certChain' argument.  Excludes the SRP argument.
61
62        @type checker: L{tlslite.checker.Checker}
63        @param checker: Callable object called after handshaking to
64        evaluate the connection and raise an Exception if necessary.
65
66        @type settings: L{tlslite.handshakesettings.HandshakeSettings}
67        @param settings: Various settings which can be used to control
68        the ciphersuites, certificate types, and SSL/TLS versions
69        offered by the client.
70        """
71        self.host = host
72        self.port = port
73        sock = socket.create_connection((host, port), timeout)
74        ClientHelper.__init__(self,
75                 username, password,
76                 certChain, privateKey,
77                 checker,
78                 settings)
79        connection = TLSConnection(sock)
80        ClientHelper._handshake(self, connection)
81        self.sock = connection
82        self.file = self.sock.makefile('rb')
83        self._debugging = 0
84        self.welcome = self._getresp()