/gdata/tlslite/integration/XMLRPCTransport.py

http://radioappz.googlecode.com/ · Python · 137 lines · 119 code · 7 blank · 11 comment · 0 complexity · 5f134cbff39ce6b28c585df920d4765a MD5 · raw file

  1. """TLS Lite + xmlrpclib."""
  2. import xmlrpclib
  3. import httplib
  4. from gdata.tlslite.integration.HTTPTLSConnection import HTTPTLSConnection
  5. from gdata.tlslite.integration.ClientHelper import ClientHelper
  6. class XMLRPCTransport(xmlrpclib.Transport, ClientHelper):
  7. """Handles an HTTPS transaction to an XML-RPC server."""
  8. def __init__(self,
  9. username=None, password=None, sharedKey=None,
  10. certChain=None, privateKey=None,
  11. cryptoID=None, protocol=None,
  12. x509Fingerprint=None,
  13. x509TrustList=None, x509CommonName=None,
  14. settings=None):
  15. """Create a new XMLRPCTransport.
  16. An instance of this class can be passed to L{xmlrpclib.ServerProxy}
  17. to use TLS with XML-RPC calls::
  18. from tlslite.api import XMLRPCTransport
  19. from xmlrpclib import ServerProxy
  20. transport = XMLRPCTransport(user="alice", password="abra123")
  21. server = ServerProxy("https://localhost", transport)
  22. For client authentication, use one of these argument
  23. combinations:
  24. - username, password (SRP)
  25. - username, sharedKey (shared-key)
  26. - certChain, privateKey (certificate)
  27. For server authentication, you can either rely on the
  28. implicit mutual authentication performed by SRP or
  29. shared-keys, or you can do certificate-based server
  30. authentication with one of these argument combinations:
  31. - cryptoID[, protocol] (requires cryptoIDlib)
  32. - x509Fingerprint
  33. - x509TrustList[, x509CommonName] (requires cryptlib_py)
  34. Certificate-based server authentication is compatible with
  35. SRP or certificate-based client authentication. It is
  36. not compatible with shared-keys.
  37. The constructor does not perform the TLS handshake itself, but
  38. simply stores these arguments for later. The handshake is
  39. performed only when this class needs to connect with the
  40. server. Thus you should be prepared to handle TLS-specific
  41. exceptions when calling methods of L{xmlrpclib.ServerProxy}. See the
  42. client handshake functions in
  43. L{tlslite.TLSConnection.TLSConnection} for details on which
  44. exceptions might be raised.
  45. @type username: str
  46. @param username: SRP or shared-key username. Requires the
  47. 'password' or 'sharedKey' argument.
  48. @type password: str
  49. @param password: SRP password for mutual authentication.
  50. Requires the 'username' argument.
  51. @type sharedKey: str
  52. @param sharedKey: Shared key for mutual authentication.
  53. Requires the 'username' argument.
  54. @type certChain: L{tlslite.X509CertChain.X509CertChain} or
  55. L{cryptoIDlib.CertChain.CertChain}
  56. @param certChain: Certificate chain for client authentication.
  57. Requires the 'privateKey' argument. Excludes the SRP or
  58. shared-key related arguments.
  59. @type privateKey: L{tlslite.utils.RSAKey.RSAKey}
  60. @param privateKey: Private key for client authentication.
  61. Requires the 'certChain' argument. Excludes the SRP or
  62. shared-key related arguments.
  63. @type cryptoID: str
  64. @param cryptoID: cryptoID for server authentication. Mutually
  65. exclusive with the 'x509...' arguments.
  66. @type protocol: str
  67. @param protocol: cryptoID protocol URI for server
  68. authentication. Requires the 'cryptoID' argument.
  69. @type x509Fingerprint: str
  70. @param x509Fingerprint: Hex-encoded X.509 fingerprint for
  71. server authentication. Mutually exclusive with the 'cryptoID'
  72. and 'x509TrustList' arguments.
  73. @type x509TrustList: list of L{tlslite.X509.X509}
  74. @param x509TrustList: A list of trusted root certificates. The
  75. other party must present a certificate chain which extends to
  76. one of these root certificates. The cryptlib_py module must be
  77. installed to use this parameter. Mutually exclusive with the
  78. 'cryptoID' and 'x509Fingerprint' arguments.
  79. @type x509CommonName: str
  80. @param x509CommonName: The end-entity certificate's 'CN' field
  81. must match this value. For a web server, this is typically a
  82. server name such as 'www.amazon.com'. Mutually exclusive with
  83. the 'cryptoID' and 'x509Fingerprint' arguments. Requires the
  84. 'x509TrustList' argument.
  85. @type settings: L{tlslite.HandshakeSettings.HandshakeSettings}
  86. @param settings: Various settings which can be used to control
  87. the ciphersuites, certificate types, and SSL/TLS versions
  88. offered by the client.
  89. """
  90. ClientHelper.__init__(self,
  91. username, password, sharedKey,
  92. certChain, privateKey,
  93. cryptoID, protocol,
  94. x509Fingerprint,
  95. x509TrustList, x509CommonName,
  96. settings)
  97. def make_connection(self, host):
  98. # create a HTTPS connection object from a host descriptor
  99. host, extra_headers, x509 = self.get_host_info(host)
  100. http = HTTPTLSConnection(host, None,
  101. self.username, self.password,
  102. self.sharedKey,
  103. self.certChain, self.privateKey,
  104. self.checker.cryptoID,
  105. self.checker.protocol,
  106. self.checker.x509Fingerprint,
  107. self.checker.x509TrustList,
  108. self.checker.x509CommonName,
  109. self.settings)
  110. http2 = httplib.HTTP()
  111. http2._setup(http)
  112. return http2