1
2
3
4
5
6
7
8 """TLS Lite + xmlrpclib."""
9
10 import xmlrpclib
11 import httplib
12 from tlslite.integration.httptlsconnection import HTTPTLSConnection
13 from tlslite.integration.clienthelper import ClientHelper
14 import tlslite.errors
15
16
18 """Handles an HTTPS transaction to an XML-RPC server."""
19
20
21 transport = xmlrpclib.Transport()
22 conn_class_is_http = not hasattr(transport, '_connection')
23 del(transport)
24
25 - def __init__(self, use_datetime=0,
26 username=None, password=None,
27 certChain=None, privateKey=None,
28 checker=None,
29 settings=None,
30 ignoreAbruptClose=False):
31 """Create a new XMLRPCTransport.
32
33 An instance of this class can be passed to L{xmlrpclib.ServerProxy}
34 to use TLS with XML-RPC calls::
35
36 from tlslite import XMLRPCTransport
37 from xmlrpclib import ServerProxy
38
39 transport = XMLRPCTransport(user="alice", password="abra123")
40 server = ServerProxy("https://localhost", transport)
41
42 For client authentication, use one of these argument
43 combinations:
44 - username, password (SRP)
45 - certChain, privateKey (certificate)
46
47 For server authentication, you can either rely on the
48 implicit mutual authentication performed by SRP or
49 you can do certificate-based server
50 authentication with one of these argument combinations:
51 - x509Fingerprint
52
53 Certificate-based server authentication is compatible with
54 SRP or certificate-based client authentication.
55
56 The constructor does not perform the TLS handshake itself, but
57 simply stores these arguments for later. The handshake is
58 performed only when this class needs to connect with the
59 server. Thus you should be prepared to handle TLS-specific
60 exceptions when calling methods of L{xmlrpclib.ServerProxy}. See the
61 client handshake functions in
62 L{tlslite.TLSConnection.TLSConnection} for details on which
63 exceptions might be raised.
64
65 @type username: str
66 @param username: SRP username. Requires the
67 'password' argument.
68
69 @type password: str
70 @param password: SRP password for mutual authentication.
71 Requires the 'username' argument.
72
73 @type certChain: L{tlslite.x509certchain.X509CertChain}
74 @param certChain: Certificate chain for client authentication.
75 Requires the 'privateKey' argument. Excludes the SRP arguments.
76
77 @type privateKey: L{tlslite.utils.rsakey.RSAKey}
78 @param privateKey: Private key for client authentication.
79 Requires the 'certChain' argument. Excludes the SRP arguments.
80
81 @type checker: L{tlslite.checker.Checker}
82 @param checker: Callable object called after handshaking to
83 evaluate the connection and raise an Exception if necessary.
84
85 @type settings: L{tlslite.handshakesettings.HandshakeSettings}
86 @param settings: Various settings which can be used to control
87 the ciphersuites, certificate types, and SSL/TLS versions
88 offered by the client.
89
90 @type ignoreAbruptClose: bool
91 @param ignoreAbruptClose: ignore the TLSAbruptCloseError on
92 unexpected hangup.
93 """
94
95
96
97 self._connection = (None, None)
98 xmlrpclib.Transport.__init__(self, use_datetime)
99 self.ignoreAbruptClose = ignoreAbruptClose
100 ClientHelper.__init__(self,
101 username, password,
102 certChain, privateKey,
103 checker,
104 settings)
105
107
108
109 if self._connection and host == self._connection[0]:
110 http = self._connection[1]
111 else:
112
113 chost, extra_headers, x509 = self.get_host_info(host)
114
115 http = HTTPTLSConnection(chost, None,
116 username=self.username, password=self.password,
117 certChain=self.certChain, privateKey=self.privateKey,
118 checker=self.checker,
119 settings=self.settings,
120 ignoreAbruptClose=self.ignoreAbruptClose)
121
122 self._connection = host, http
123 if not self.conn_class_is_http:
124 return http
125 http2 = httplib.HTTP()
126 http2._setup(http)
127 return http2
128