1# Author: Trevor Perrin
2# See the LICENSE file for legal information regarding use of this file.
3
4"""TLS Lite + imaplib."""
5
6import socket
7from imaplib import IMAP4
8from tlslite.tlsconnection import TLSConnection
9from tlslite.integration.clienthelper import ClientHelper
10
11# IMAP TLS PORT
12IMAP4_TLS_PORT = 993
13
14class IMAP4_TLS(IMAP4, ClientHelper):
15    """This class extends L{imaplib.IMAP4} with TLS support."""
16
17    def __init__(self, host = '', port = IMAP4_TLS_PORT,
18                 username=None, password=None,
19                 certChain=None, privateKey=None,
20                 checker=None,
21                 settings=None):
22        """Create a new IMAP4_TLS.
23
24        For client authentication, use one of these argument
25        combinations:
26         - username, password (SRP)
27         - certChain, privateKey (certificate)
28
29        For server authentication, you can either rely on the
30        implicit mutual authentication performed by SRP
31        or you can do certificate-based server
32        authentication with one of these argument combinations:
33         - x509Fingerprint
34
35        Certificate-based server authentication is compatible with
36        SRP or certificate-based client authentication.
37
38        The caller should be prepared to handle TLS-specific
39        exceptions.  See the client handshake functions in
40        L{tlslite.TLSConnection.TLSConnection} for details on which
41        exceptions might be raised.
42
43        @type host: str
44        @param host: Server to connect to.
45
46        @type port: int
47        @param port: Port to connect to.
48
49        @type username: str
50        @param username: SRP username.  Requires the
51        'password' argument.
52
53        @type password: str
54        @param password: SRP password for mutual authentication.
55        Requires the 'username' argument.
56
57        @type certChain: L{tlslite.x509certchain.X509CertChain}
58        @param certChain: Certificate chain for client authentication.
59        Requires the 'privateKey' argument.  Excludes the SRP arguments.
60
61        @type privateKey: L{tlslite.utils.rsakey.RSAKey}
62        @param privateKey: Private key for client authentication.
63        Requires the 'certChain' argument.  Excludes the SRP arguments.
64
65        @type checker: L{tlslite.checker.Checker}
66        @param checker: Callable object called after handshaking to
67        evaluate the connection and raise an Exception if necessary.
68
69        @type settings: L{tlslite.handshakesettings.HandshakeSettings}
70        @param settings: Various settings which can be used to control
71        the ciphersuites, certificate types, and SSL/TLS versions
72        offered by the client.
73        """
74
75        ClientHelper.__init__(self,
76                 username, password,
77                 certChain, privateKey,
78                 checker,
79                 settings)
80
81        IMAP4.__init__(self, host, port)
82
83
84    def open(self, host = '', port = IMAP4_TLS_PORT):
85        """Setup connection to remote server on "host:port".
86
87        This connection will be used by the routines:
88        read, readline, send, shutdown.
89        """
90        self.host = host
91        self.port = port
92        self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
93        self.sock.connect((host, port))
94        self.sock = TLSConnection(self.sock)
95        ClientHelper._handshake(self, self.sock)
96        self.file = self.sock.makefile('rb')