__init__(self,
username=None,
password=None,
sharedKey=None,
certChain=None,
privateKey=None,
cryptoID=None,
protocol=None,
x509Fingerprint=None,
x509TrustList=None,
x509CommonName=None,
settings=None)
(Constructor)
Create a new XMLRPCTransport.
An instance of this class can be passed to
xmlrpclib.ServerProxy to use TLS with XML-RPC calls:
from tlslite.api import XMLRPCTransport
from xmlrpclib import ServerProxy
transport = XMLRPCTransport(user="alice", password="abra123")
server = ServerProxy("https://localhost", transport)
For client authentication, use one of these argument
combinations:
-
username, password (SRP)
-
username, sharedKey (shared-key)
-
certChain, privateKey (certificate)
For server authentication, you can either rely on the implicit
mutual authentication performed by SRP or shared-keys, or you can do
certificate-based server authentication with one of these argument
combinations:
-
cryptoID[, protocol] (requires cryptoIDlib)
-
x509Fingerprint
-
x509TrustList[, x509CommonName] (requires cryptlib_py)
Certificate-based server authentication is compatible with SRP or
certificate-based client authentication. It is not compatible with
shared-keys.
The constructor does not perform the TLS handshake itself, but
simply stores these arguments for later. The handshake is performed
only when this class needs to connect with the server. Thus you should
be prepared to handle TLS-specific exceptions when calling methods of
xmlrpclib.ServerProxy . See the client handshake functions
in tlslite.TLSConnection.TLSConnection for
details on which exceptions might be raised.
-
- Parameters:
username -
SRP or shared-key username. Requires the 'password' or
'sharedKey' argument.
(type=str)
password -
SRP password for mutual authentication. Requires the
'username' argument.
(type=str)
sharedKey -
Shared key for mutual authentication. Requires the 'username'
argument.
(type=str)
certChain -
Certificate chain for client authentication. Requires the
'privateKey' argument. Excludes the SRP or shared-key related
arguments.
(type=tlslite.X509CertChain.X509CertChain
or cryptoIDlib.CertChain.CertChain )
privateKey -
Private key for client authentication. Requires the
'certChain' argument. Excludes the SRP or shared-key related
arguments.
(type=tlslite.utils.RSAKey.RSAKey )
cryptoID -
cryptoID for server authentication. Mutually exclusive with
the 'x509...' arguments.
(type=str)
protocol -
cryptoID protocol URI for server authentication. Requires the
'cryptoID' argument.
(type=str)
x509Fingerprint -
Hex-encoded X.509 fingerprint for server authentication.
Mutually exclusive with the 'cryptoID' and 'x509TrustList'
arguments.
(type=str)
x509TrustList -
A list of trusted root certificates. The other party must
present a certificate chain which extends to one of these root
certificates. The cryptlib_py module must be installed to use
this parameter. Mutually exclusive with the 'cryptoID' and
'x509Fingerprint' arguments.
(type=list of tlslite.X509.X509 )
x509CommonName -
The end-entity certificate's 'CN' field must match this value.
For a web server, this is typically a server name such as
'www.amazon.com'. Mutually exclusive with the 'cryptoID' and
'x509Fingerprint' arguments. Requires the 'x509TrustList'
argument.
(type=str)
settings -
Various settings which can be used to control the
ciphersuites, certificate types, and SSL/TLS versions offered by
the client.
(type=tlslite.HandshakeSettings.HandshakeSettings )
- Overrides:
tlslite.integration.ClientHelper.ClientHelper.__init__
|