| OLD | NEW |
|---|
| (Empty) |
| 1 """TLS Lite + xmlrpclib.""" | |
| 2 | |
| 3 import xmlrpclib | |
| 4 import httplib | |
| 5 from tlslite.integration.HTTPTLSConnection import HTTPTLSConnection | |
| 6 from tlslite.integration.ClientHelper import ClientHelper | |
| 7 | |
| 8 | |
| 9 class XMLRPCTransport(xmlrpclib.Transport, ClientHelper): | |
| 10 """Handles an HTTPS transaction to an XML-RPC server.""" | |
| 11 | |
| 12 def __init__(self, | |
| 13 username=None, password=None, sharedKey=None, | |
| 14 certChain=None, privateKey=None, | |
| 15 cryptoID=None, protocol=None, | |
| 16 x509Fingerprint=None, | |
| 17 x509TrustList=None, x509CommonName=None, | |
| 18 settings=None): | |
| 19 """Create a new XMLRPCTransport. | |
| 20 | |
| 21 An instance of this class can be passed to L{xmlrpclib.ServerProxy} | |
| 22 to use TLS with XML-RPC calls:: | |
| 23 | |
| 24 from tlslite.api import XMLRPCTransport | |
| 25 from xmlrpclib import ServerProxy | |
| 26 | |
| 27 transport = XMLRPCTransport(user="alice", password="abra123") | |
| 28 server = ServerProxy("https://localhost", transport) | |
| 29 | |
| 30 For client authentication, use one of these argument | |
| 31 combinations: | |
| 32 - username, password (SRP) | |
| 33 - username, sharedKey (shared-key) | |
| 34 - certChain, privateKey (certificate) | |
| 35 | |
| 36 For server authentication, you can either rely on the | |
| 37 implicit mutual authentication performed by SRP or | |
| 38 shared-keys, or you can do certificate-based server | |
| 39 authentication with one of these argument combinations: | |
| 40 - cryptoID[, protocol] (requires cryptoIDlib) | |
| 41 - x509Fingerprint | |
| 42 - x509TrustList[, x509CommonName] (requires cryptlib_py) | |
| 43 | |
| 44 Certificate-based server authentication is compatible with | |
| 45 SRP or certificate-based client authentication. It is | |
| 46 not compatible with shared-keys. | |
| 47 | |
| 48 The constructor does not perform the TLS handshake itself, but | |
| 49 simply stores these arguments for later. The handshake is | |
| 50 performed only when this class needs to connect with the | |
| 51 server. Thus you should be prepared to handle TLS-specific | |
| 52 exceptions when calling methods of L{xmlrpclib.ServerProxy}. See the | |
| 53 client handshake functions in | |
| 54 L{tlslite.TLSConnection.TLSConnection} for details on which | |
| 55 exceptions might be raised. | |
| 56 | |
| 57 @type username: str | |
| 58 @param username: SRP or shared-key username. Requires the | |
| 59 'password' or 'sharedKey' argument. | |
| 60 | |
| 61 @type password: str | |
| 62 @param password: SRP password for mutual authentication. | |
| 63 Requires the 'username' argument. | |
| 64 | |
| 65 @type sharedKey: str | |
| 66 @param sharedKey: Shared key for mutual authentication. | |
| 67 Requires the 'username' argument. | |
| 68 | |
| 69 @type certChain: L{tlslite.X509CertChain.X509CertChain} or | |
| 70 L{cryptoIDlib.CertChain.CertChain} | |
| 71 @param certChain: Certificate chain for client authentication. | |
| 72 Requires the 'privateKey' argument. Excludes the SRP or | |
| 73 shared-key related arguments. | |
| 74 | |
| 75 @type privateKey: L{tlslite.utils.RSAKey.RSAKey} | |
| 76 @param privateKey: Private key for client authentication. | |
| 77 Requires the 'certChain' argument. Excludes the SRP or | |
| 78 shared-key related arguments. | |
| 79 | |
| 80 @type cryptoID: str | |
| 81 @param cryptoID: cryptoID for server authentication. Mutually | |
| 82 exclusive with the 'x509...' arguments. | |
| 83 | |
| 84 @type protocol: str | |
| 85 @param protocol: cryptoID protocol URI for server | |
| 86 authentication. Requires the 'cryptoID' argument. | |
| 87 | |
| 88 @type x509Fingerprint: str | |
| 89 @param x509Fingerprint: Hex-encoded X.509 fingerprint for | |
| 90 server authentication. Mutually exclusive with the 'cryptoID' | |
| 91 and 'x509TrustList' arguments. | |
| 92 | |
| 93 @type x509TrustList: list of L{tlslite.X509.X509} | |
| 94 @param x509TrustList: A list of trusted root certificates. The | |
| 95 other party must present a certificate chain which extends to | |
| 96 one of these root certificates. The cryptlib_py module must be | |
| 97 installed to use this parameter. Mutually exclusive with the | |
| 98 'cryptoID' and 'x509Fingerprint' arguments. | |
| 99 | |
| 100 @type x509CommonName: str | |
| 101 @param x509CommonName: The end-entity certificate's 'CN' field | |
| 102 must match this value. For a web server, this is typically a | |
| 103 server name such as 'www.amazon.com'. Mutually exclusive with | |
| 104 the 'cryptoID' and 'x509Fingerprint' arguments. Requires the | |
| 105 'x509TrustList' argument. | |
| 106 | |
| 107 @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} | |
| 108 @param settings: Various settings which can be used to control | |
| 109 the ciphersuites, certificate types, and SSL/TLS versions | |
| 110 offered by the client. | |
| 111 """ | |
| 112 | |
| 113 ClientHelper.__init__(self, | |
| 114 username, password, sharedKey, | |
| 115 certChain, privateKey, | |
| 116 cryptoID, protocol, | |
| 117 x509Fingerprint, | |
| 118 x509TrustList, x509CommonName, | |
| 119 settings) | |
| 120 | |
| 121 | |
| 122 def make_connection(self, host): | |
| 123 # create a HTTPS connection object from a host descriptor | |
| 124 host, extra_headers, x509 = self.get_host_info(host) | |
| 125 http = HTTPTLSConnection(host, None, | |
| 126 self.username, self.password, | |
| 127 self.sharedKey, | |
| 128 self.certChain, self.privateKey, | |
| 129 self.checker.cryptoID, | |
| 130 self.checker.protocol, | |
| 131 self.checker.x509Fingerprint, | |
| 132 self.checker.x509TrustList, | |
| 133 self.checker.x509CommonName, | |
| 134 self.settings) | |
| 135 http2 = httplib.HTTP() | |
| 136 http2._setup(http) | |
| 137 return http2 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 210323002:
Update tlslite to 0.4.6. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src