OLD | NEW |
| 1 # Author: Trevor Perrin |
| 2 # See the LICENSE file for legal information regarding use of this file. |
| 3 |
1 """TLS Lite + imaplib.""" | 4 """TLS Lite + imaplib.""" |
2 | 5 |
3 import socket | 6 import socket |
4 from imaplib import IMAP4 | 7 from imaplib import IMAP4 |
5 from tlslite.tlsconnection import TLSConnection | 8 from tlslite.tlsconnection import TLSConnection |
6 from tlslite.integration.clienthelper import ClientHelper | 9 from tlslite.integration.clienthelper import ClientHelper |
7 | 10 |
8 # IMAP TLS PORT | 11 # IMAP TLS PORT |
9 IMAP4_TLS_PORT = 993 | 12 IMAP4_TLS_PORT = 993 |
10 | 13 |
11 class IMAP4_TLS(IMAP4, ClientHelper): | 14 class IMAP4_TLS(IMAP4, ClientHelper): |
12 """This class extends L{imaplib.IMAP4} with TLS support.""" | 15 """This class extends L{imaplib.IMAP4} with TLS support.""" |
13 | 16 |
14 def __init__(self, host = '', port = IMAP4_TLS_PORT, | 17 def __init__(self, host = '', port = IMAP4_TLS_PORT, |
15 username=None, password=None, sharedKey=None, | 18 username=None, password=None, |
16 certChain=None, privateKey=None, | 19 certChain=None, privateKey=None, |
17 cryptoID=None, protocol=None, | 20 checker=None, |
18 x509Fingerprint=None, | |
19 x509TrustList=None, x509CommonName=None, | |
20 settings=None): | 21 settings=None): |
21 """Create a new IMAP4_TLS. | 22 """Create a new IMAP4_TLS. |
22 | 23 |
23 For client authentication, use one of these argument | 24 For client authentication, use one of these argument |
24 combinations: | 25 combinations: |
25 - username, password (SRP) | 26 - username, password (SRP) |
26 - username, sharedKey (shared-key) | |
27 - certChain, privateKey (certificate) | 27 - certChain, privateKey (certificate) |
28 | 28 |
29 For server authentication, you can either rely on the | 29 For server authentication, you can either rely on the |
30 implicit mutual authentication performed by SRP or | 30 implicit mutual authentication performed by SRP |
31 shared-keys, or you can do certificate-based server | 31 or you can do certificate-based server |
32 authentication with one of these argument combinations: | 32 authentication with one of these argument combinations: |
33 - cryptoID[, protocol] (requires cryptoIDlib) | |
34 - x509Fingerprint | 33 - x509Fingerprint |
35 - x509TrustList[, x509CommonName] (requires cryptlib_py) | |
36 | 34 |
37 Certificate-based server authentication is compatible with | 35 Certificate-based server authentication is compatible with |
38 SRP or certificate-based client authentication. It is | 36 SRP or certificate-based client authentication. |
39 not compatible with shared-keys. | |
40 | 37 |
41 The caller should be prepared to handle TLS-specific | 38 The caller should be prepared to handle TLS-specific |
42 exceptions. See the client handshake functions in | 39 exceptions. See the client handshake functions in |
43 L{tlslite.TLSConnection.TLSConnection} for details on which | 40 L{tlslite.TLSConnection.TLSConnection} for details on which |
44 exceptions might be raised. | 41 exceptions might be raised. |
45 | 42 |
46 @type host: str | 43 @type host: str |
47 @param host: Server to connect to. | 44 @param host: Server to connect to. |
48 | 45 |
49 @type port: int | 46 @type port: int |
50 @param port: Port to connect to. | 47 @param port: Port to connect to. |
51 | 48 |
52 @type username: str | 49 @type username: str |
53 @param username: SRP or shared-key username. Requires the | 50 @param username: SRP username. Requires the |
54 'password' or 'sharedKey' argument. | 51 'password' argument. |
55 | 52 |
56 @type password: str | 53 @type password: str |
57 @param password: SRP password for mutual authentication. | 54 @param password: SRP password for mutual authentication. |
58 Requires the 'username' argument. | 55 Requires the 'username' argument. |
59 | 56 |
60 @type sharedKey: str | 57 @type certChain: L{tlslite.x509certchain.X509CertChain} |
61 @param sharedKey: Shared key for mutual authentication. | 58 @param certChain: Certificate chain for client authentication. |
62 Requires the 'username' argument. | 59 Requires the 'privateKey' argument. Excludes the SRP arguments. |
63 | 60 |
64 @type certChain: L{tlslite.X509CertChain.X509CertChain} or | 61 @type privateKey: L{tlslite.utils.rsakey.RSAKey} |
65 L{cryptoIDlib.CertChain.CertChain} | 62 @param privateKey: Private key for client authentication. |
66 @param certChain: Certificate chain for client authentication. | 63 Requires the 'certChain' argument. Excludes the SRP arguments. |
67 Requires the 'privateKey' argument. Excludes the SRP or | 64 |
68 shared-key related arguments. | 65 @type checker: L{tlslite.checker.Checker} |
| 66 @param checker: Callable object called after handshaking to |
| 67 evaluate the connection and raise an Exception if necessary. |
69 | 68 |
70 @type privateKey: L{tlslite.utils.RSAKey.RSAKey} | 69 @type settings: L{tlslite.handshakesettings.HandshakeSettings} |
71 @param privateKey: Private key for client authentication. | |
72 Requires the 'certChain' argument. Excludes the SRP or | |
73 shared-key related arguments. | |
74 | |
75 @type cryptoID: str | |
76 @param cryptoID: cryptoID for server authentication. Mutually | |
77 exclusive with the 'x509...' arguments. | |
78 | |
79 @type protocol: str | |
80 @param protocol: cryptoID protocol URI for server | |
81 authentication. Requires the 'cryptoID' argument. | |
82 | |
83 @type x509Fingerprint: str | |
84 @param x509Fingerprint: Hex-encoded X.509 fingerprint for | |
85 server authentication. Mutually exclusive with the 'cryptoID' | |
86 and 'x509TrustList' arguments. | |
87 | |
88 @type x509TrustList: list of L{tlslite.X509.X509} | |
89 @param x509TrustList: A list of trusted root certificates. The | |
90 other party must present a certificate chain which extends to | |
91 one of these root certificates. The cryptlib_py module must be | |
92 installed to use this parameter. Mutually exclusive with the | |
93 'cryptoID' and 'x509Fingerprint' arguments. | |
94 | |
95 @type x509CommonName: str | |
96 @param x509CommonName: The end-entity certificate's 'CN' field | |
97 must match this value. For a web server, this is typically a | |
98 server name such as 'www.amazon.com'. Mutually exclusive with | |
99 the 'cryptoID' and 'x509Fingerprint' arguments. Requires the | |
100 'x509TrustList' argument. | |
101 | |
102 @type settings: L{tlslite.HandshakeSettings.HandshakeSettings} | |
103 @param settings: Various settings which can be used to control | 70 @param settings: Various settings which can be used to control |
104 the ciphersuites, certificate types, and SSL/TLS versions | 71 the ciphersuites, certificate types, and SSL/TLS versions |
105 offered by the client. | 72 offered by the client. |
106 """ | 73 """ |
107 | 74 |
108 ClientHelper.__init__(self, | 75 ClientHelper.__init__(self, |
109 username, password, sharedKey, | 76 username, password, |
110 certChain, privateKey, | 77 certChain, privateKey, |
111 cryptoID, protocol, | 78 checker, |
112 x509Fingerprint, | |
113 x509TrustList, x509CommonName, | |
114 settings) | 79 settings) |
115 | 80 |
116 IMAP4.__init__(self, host, port) | 81 IMAP4.__init__(self, host, port) |
117 | 82 |
118 | 83 |
119 def open(self, host = '', port = IMAP4_TLS_PORT): | 84 def open(self, host = '', port = IMAP4_TLS_PORT): |
120 """Setup connection to remote server on "host:port". | 85 """Setup connection to remote server on "host:port". |
121 | 86 |
122 This connection will be used by the routines: | 87 This connection will be used by the routines: |
123 read, readline, send, shutdown. | 88 read, readline, send, shutdown. |
124 """ | 89 """ |
125 self.host = host | 90 self.host = host |
126 self.port = port | 91 self.port = port |
127 self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | 92 self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
128 self.sock.connect((host, port)) | 93 self.sock.connect((host, port)) |
129 self.sock = TLSConnection(self.sock) | 94 self.sock = TLSConnection(self.sock) |
130 self.sock.closeSocket = True | |
131 ClientHelper._handshake(self, self.sock) | 95 ClientHelper._handshake(self, self.sock) |
132 self.file = self.sock.makefile('rb') | 96 self.file = self.sock.makefile('rb') |
OLD | NEW |