102 lines
3.6 KiB
Python
102 lines
3.6 KiB
Python
# Author: Trevor Perrin
|
|
# See the LICENSE file for legal information regarding use of this file.
|
|
|
|
"""TLS Lite + imaplib."""
|
|
|
|
import socket
|
|
from imaplib import IMAP4
|
|
from tlslite.tlsconnection import TLSConnection
|
|
from tlslite.integration.clienthelper import ClientHelper
|
|
|
|
# IMAP TLS PORT
|
|
IMAP4_TLS_PORT = 993
|
|
|
|
class IMAP4_TLS(IMAP4, ClientHelper):
|
|
"""This class extends :py:class:`imaplib.IMAP4` with TLS support."""
|
|
|
|
def __init__(self, host = '', port = IMAP4_TLS_PORT,
|
|
username=None, password=None,
|
|
certChain=None, privateKey=None,
|
|
checker=None,
|
|
settings=None):
|
|
"""Create a new IMAP4_TLS.
|
|
|
|
For client authentication, use one of these argument
|
|
combinations:
|
|
|
|
- username, password (SRP)
|
|
- certChain, privateKey (certificate)
|
|
|
|
For server authentication, you can either rely on the
|
|
implicit mutual authentication performed by SRP
|
|
or you can do certificate-based server
|
|
authentication with one of these argument combinations:
|
|
|
|
- x509Fingerprint
|
|
|
|
Certificate-based server authentication is compatible with
|
|
SRP or certificate-based client authentication.
|
|
|
|
The caller should be prepared to handle TLS-specific
|
|
exceptions. See the client handshake functions in
|
|
:py:class:`~tlslite.tlsconnection.TLSConnection` for details on which
|
|
exceptions might be raised.
|
|
|
|
:type host: str
|
|
:param host: Server to connect to.
|
|
|
|
:type port: int
|
|
:param port: Port to connect to.
|
|
|
|
:type username: str
|
|
:param username: SRP username. Requires the
|
|
'password' argument.
|
|
|
|
:type password: str
|
|
:param password: SRP password for mutual authentication.
|
|
Requires the 'username' argument.
|
|
|
|
:type certChain: ~tlslite.x509certchain.X509CertChain
|
|
:param certChain: Certificate chain for client authentication.
|
|
Requires the 'privateKey' argument. Excludes the SRP arguments.
|
|
|
|
:type privateKey: ~tlslite.utils.rsakey.RSAKey
|
|
:param privateKey: Private key for client authentication.
|
|
Requires the 'certChain' argument. Excludes the SRP arguments.
|
|
|
|
:type checker: ~tlslite.checker.Checker
|
|
:param checker: Callable object called after handshaking to
|
|
evaluate the connection and raise an Exception if necessary.
|
|
|
|
:type settings: ~tlslite.handshakesettings.HandshakeSettings
|
|
:param settings: Various settings which can be used to control
|
|
the ciphersuites, certificate types, and SSL/TLS versions
|
|
offered by the client.
|
|
"""
|
|
|
|
ClientHelper.__init__(self,
|
|
username, password,
|
|
certChain, privateKey,
|
|
checker,
|
|
settings)
|
|
|
|
IMAP4.__init__(self, host, port)
|
|
|
|
# the `timeout` is a new argument in python3.9, so checks with
|
|
# older python versions will complain about unmatched parameters
|
|
# pylint: disable=arguments-differ
|
|
def open(self, host='', port=IMAP4_TLS_PORT, timeout=None):
|
|
"""Setup connection to remote server on "host:port".
|
|
|
|
This connection will be used by the routines:
|
|
read, readline, send, shutdown.
|
|
"""
|
|
del timeout
|
|
self.host = host
|
|
self.port = port
|
|
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
self.sock.connect((host, port))
|
|
self.sock = TLSConnection(self.sock)
|
|
ClientHelper._handshake(self, self.sock)
|
|
self.file = self.sock.makefile('rb')
|
|
# pylint: enable=arguments-differ
|