1# Authors: 2# Trevor Perrin 3# Kees Bos - Added ignoreAbruptClose parameter 4# Dimitris Moraitis - Anon ciphersuites 5# Martin von Loewis - python 3 port 6# 7# See the LICENSE file for legal information regarding use of this file. 8 9"""TLS Lite + httplib.""" 10 11import socket 12try: 13 import httplib 14except ImportError: 15 # Python 3 16 from http import client as httplib 17from tlslite.tlsconnection import TLSConnection 18from tlslite.integration.clienthelper import ClientHelper 19 20 21class HTTPTLSConnection(httplib.HTTPConnection, ClientHelper): 22 """This class extends L{httplib.HTTPConnection} to support TLS.""" 23 24 def __init__(self, host, port=None, strict=None, 25 timeout=socket._GLOBAL_DEFAULT_TIMEOUT, 26 source_address=None, 27 username=None, password=None, 28 certChain=None, privateKey=None, 29 checker=None, 30 settings=None, 31 ignoreAbruptClose=False, 32 anon=False): 33 """Create a new HTTPTLSConnection. 34 35 For client authentication, use one of these argument 36 combinations: 37 - username, password (SRP) 38 - certChain, privateKey (certificate) 39 40 For server authentication, you can either rely on the 41 implicit mutual authentication performed by SRP 42 or you can do certificate-based server 43 authentication with one of these argument combinations: 44 - x509Fingerprint 45 46 Certificate-based server authentication is compatible with 47 SRP or certificate-based client authentication. 48 49 The constructor does not perform the TLS handshake itself, but 50 simply stores these arguments for later. The handshake is 51 performed only when this class needs to connect with the 52 server. Thus you should be prepared to handle TLS-specific 53 exceptions when calling methods inherited from 54 L{httplib.HTTPConnection} such as request(), connect(), and 55 send(). See the client handshake functions in 56 L{tlslite.TLSConnection.TLSConnection} for details on which 57 exceptions might be raised. 58 59 @type host: str 60 @param host: Server to connect to. 61 62 @type port: int 63 @param port: Port to connect to. 64 65 @type username: str 66 @param username: SRP username. Requires the 67 'password' argument. 68 69 @type password: str 70 @param password: SRP password for mutual authentication. 71 Requires the 'username' argument. 72 73 @type certChain: L{tlslite.x509certchain.X509CertChain} or 74 @param certChain: Certificate chain for client authentication. 75 Requires the 'privateKey' argument. Excludes the SRP arguments. 76 77 @type privateKey: L{tlslite.utils.rsakey.RSAKey} 78 @param privateKey: Private key for client authentication. 79 Requires the 'certChain' argument. Excludes the SRP arguments. 80 81 @type checker: L{tlslite.checker.Checker} 82 @param checker: Callable object called after handshaking to 83 evaluate the connection and raise an Exception if necessary. 84 85 @type settings: L{tlslite.handshakesettings.HandshakeSettings} 86 @param settings: Various settings which can be used to control 87 the ciphersuites, certificate types, and SSL/TLS versions 88 offered by the client. 89 90 @type ignoreAbruptClose: bool 91 @param ignoreAbruptClose: ignore the TLSAbruptCloseError on 92 unexpected hangup. 93 """ 94 if source_address: 95 httplib.HTTPConnection.__init__(self, host, port, strict, 96 timeout, source_address) 97 if not source_address: 98 httplib.HTTPConnection.__init__(self, host, port, strict, 99 timeout) 100 self.ignoreAbruptClose = ignoreAbruptClose 101 ClientHelper.__init__(self, 102 username, password, 103 certChain, privateKey, 104 checker, 105 settings, 106 anon) 107 108 def connect(self): 109 httplib.HTTPConnection.connect(self) 110 self.sock = TLSConnection(self.sock) 111 self.sock.ignoreAbruptClose = self.ignoreAbruptClose 112 ClientHelper._handshake(self, self.sock) 113