google · hagayo · Jun 10, 2016 · Jun 10, 2016
diff --git a/src/gdata/tlslite/__init__.py b/src/gdata/tlslite/__init__.py
@@ -0,0 +1,28 @@
+# Author: Trevor Perrin
+# See the LICENSE file for legal information regarding use of this file.
+
+"""TLS Lite is a free python library that implements SSL and TLS. TLS Lite
+supports RSA and SRP ciphersuites. TLS Lite is pure python, however it can use
+other libraries for faster crypto operations. TLS Lite integrates with several
+stdlib neworking libraries.
+
+API documentation is available in the 'docs' directory.
+
+If you have questions or feedback, feel free to contact me.
+
+To use, do::
+
+    from tlslite import TLSConnection, ...
+
+If you want to import the most useful objects, the cleanest way is::
+
+    from tlslite.api import *
+
+Then use the L{tlslite.TLSConnection.TLSConnection} class with a socket.
+(Or, use one of the integration classes in L{tlslite.integration}).
+
+@version: 0.4.9
+"""
+
+from tlslite.api import *
+from tlslite.api import __version__ # Unsure why this is needed, but it is
diff --git a/src/gdata/tlslite/__init__.pyc b/src/gdata/tlslite/__init__.pyc
diff --git a/src/gdata/tlslite/api.py b/src/gdata/tlslite/api.py
@@ -0,0 +1,31 @@
+# Author: Trevor Perrin
+# See the LICENSE file for legal information regarding use of this file.
+
+__version__ = "0.4.9"
+from .constants import AlertLevel, AlertDescription, Fault
+from .errors import *
+from .checker import Checker
+from .handshakesettings import HandshakeSettings
+from .session import Session
+from .sessioncache import SessionCache
+from .tlsconnection import TLSConnection
+from .verifierdb import VerifierDB
+from .x509 import X509
+from .x509certchain import X509CertChain
+
+from .integration.httptlsconnection import HTTPTLSConnection
+from .integration.tlssocketservermixin import TLSSocketServerMixIn
+from .integration.tlsasyncdispatchermixin import TLSAsyncDispatcherMixIn
+from .integration.pop3_tls import POP3_TLS
+from .integration.imap4_tls import IMAP4_TLS
+from .integration.smtp_tls import SMTP_TLS
+from .integration.xmlrpctransport import XMLRPCTransport
+from .integration.xmlrpcserver import TLSXMLRPCRequestHandler, \
+                                      TLSXMLRPCServer, \
+                                      MultiPathTLSXMLRPCServer
+
+from .utils.cryptomath import m2cryptoLoaded, gmpyLoaded, \
+                             pycryptoLoaded, prngName
+from .utils.keyfactory import generateRSAKey, parsePEMKey, \
+                             parseAsPublicKey, parsePrivateKey
+from .utils.tackwrapper import tackpyLoaded
diff --git a/src/gdata/tlslite/basedb.py b/src/gdata/tlslite/basedb.py
@@ -0,0 +1,130 @@
+# Authors: 
+#   Trevor Perrin
+#   Martin von Loewis - python 3 port
+#
+# See the LICENSE file for legal information regarding use of this file.
+
+"""Base class for SharedKeyDB and VerifierDB."""
+
+try:
+    import anydbm
+except ImportError:
+    # Python 3
+    import dbm as anydbm
+import threading
+
+class BaseDB(object):
+    def __init__(self, filename, type):
+        self.type = type
+        self.filename = filename
+        if self.filename:
+            self.db = None
+        else:
+            self.db = {}
+        self.lock = threading.Lock()
+
+    def create(self):
+        """Create a new on-disk database.
+
+        @raise anydbm.error: If there's a problem creating the database.
+        """
+        if self.filename:
+            self.db = anydbm.open(self.filename, "n") #raises anydbm.error
+            self.db["--Reserved--type"] = self.type
+            self.db.sync()
+        else:
+            self.db = {}
+
+    def open(self):
+        """Open a pre-existing on-disk database.
+
+        @raise anydbm.error: If there's a problem opening the database.
+        @raise ValueError: If the database is not of the right type.
+        """
+        if not self.filename:
+            raise ValueError("Can only open on-disk databases")
+        self.db = anydbm.open(self.filename, "w") #raises anydbm.error
+        try:
+            if self.db["--Reserved--type"] != self.type:
+                raise ValueError("Not a %s database" % self.type)
+        except KeyError:
+            raise ValueError("Not a recognized database")
+
+    def __getitem__(self, username):
+        if self.db == None:
+            raise AssertionError("DB not open")
+
+        self.lock.acquire()
+        try:
+            valueStr = self.db[username]
+        finally:
+            self.lock.release()
+
+        return self._getItem(username, valueStr)
+
+    def __setitem__(self, username, value):
+        if self.db == None:
+            raise AssertionError("DB not open")
+
+        valueStr = self._setItem(username, value)
+
+        self.lock.acquire()
+        try:
+            self.db[username] = valueStr
+            if self.filename:
+                self.db.sync()
+        finally:
+            self.lock.release()
+
+    def __delitem__(self, username):
+        if self.db == None:
+            raise AssertionError("DB not open")
+
+        self.lock.acquire()
+        try:
+            del(self.db[username])
+            if self.filename:
+                self.db.sync()
+        finally:
+            self.lock.release()
+
+    def __contains__(self, username):
+        """Check if the database contains the specified username.
+
+        @type username: str
+        @param username: The username to check for.
+
+        @rtype: bool
+        @return: True if the database contains the username, False
+        otherwise.
+
+        """
+        if self.db == None:
+            raise AssertionError("DB not open")
+
+        self.lock.acquire()
+        try:
+            return self.db.has_key(username)
+        finally:
+            self.lock.release()
+
+    def check(self, username, param):
+        value = self.__getitem__(username)
+        return self._checkItem(value, username, param)
+
+    def keys(self):
+        """Return a list of usernames in the database.
+
+        @rtype: list
+        @return: The usernames in the database.
+        """
+        if self.db == None:
+            raise AssertionError("DB not open")
+
+        self.lock.acquire()
+        try:
+            usernames = self.db.keys()
+        finally:
+            self.lock.release()
+        usernames = [u for u in usernames if not u.startswith("--Reserved--")]
+        return usernames
diff --git a/src/gdata/tlslite/checker.py b/src/gdata/tlslite/checker.py
@@ -0,0 +1,77 @@
+# Author: Trevor Perrin
+# See the LICENSE file for legal information regarding use of this file.
+
+"""Class for post-handshake certificate checking."""
+
+from .x509 import X509
+from .x509certchain import X509CertChain
+from .errors import *
+
+
+class Checker(object):
+    """This class is passed to a handshake function to check the other
+    party's certificate chain.
+
+    If a handshake function completes successfully, but the Checker
+    judges the other party's certificate chain to be missing or
+    inadequate, a subclass of
+    L{tlslite.errors.TLSAuthenticationError} will be raised.
+
+    Currently, the Checker can check an X.509 chain.
+    """
+
+    def __init__(self, 
+                 x509Fingerprint=None,
+                 checkResumedSession=False):
+        """Create a new Checker instance.
+
+        You must pass in one of these argument combinations:
+         - x509Fingerprint
+
+        @type x509Fingerprint: str
+        @param x509Fingerprint: A hex-encoded X.509 end-entity
+        fingerprint which the other party's end-entity certificate must
+        match.
+
+        @type checkResumedSession: bool
+        @param checkResumedSession: If resumed sessions should be
+        checked.  This defaults to False, on the theory that if the
+        session was checked once, we don't need to bother
+        re-checking it.
+        """
+
+        self.x509Fingerprint = x509Fingerprint
+        self.checkResumedSession = checkResumedSession
+
+    def __call__(self, connection):
+        """Check a TLSConnection.
+
+        When a Checker is passed to a handshake function, this will
+        be called at the end of the function.
+
+        @type connection: L{tlslite.tlsconnection.TLSConnection}
+        @param connection: The TLSConnection to examine.
+
+        @raise tlslite.errors.TLSAuthenticationError: If the other
+        party's certificate chain is missing or bad.
+        """
+        if not self.checkResumedSession and connection.resumed:
+            return
+
+        if self.x509Fingerprint:
+            if connection._client:
+                chain = connection.session.serverCertChain
+            else:
+                chain = connection.session.clientCertChain
+
+            if self.x509Fingerprint:
+                if isinstance(chain, X509CertChain):
+                    if self.x509Fingerprint:
+                        if chain.getFingerprint() != self.x509Fingerprint:
+                            raise TLSFingerprintError(\
+                                "X.509 fingerprint mismatch: %s, %s" % \
+                                (chain.getFingerprint(), self.x509Fingerprint))
+                elif chain:
+                    raise TLSAuthenticationTypeError()
+                else:
+                    raise TLSNoAuthenticationError()