1# Author: Trevor Perrin
2# See the LICENSE file for legal information regarding use of this file.
3
4"""TLS Lite + smtplib."""
5
6from smtplib import SMTP
7from tlslite.tlsconnection import TLSConnection
8from tlslite.integration.clienthelper import ClientHelper
9
10class SMTP_TLS(SMTP):
11    """This class extends L{smtplib.SMTP} with TLS support."""
12
13    def starttls(self,
14                 username=None, password=None,
15                 certChain=None, privateKey=None,
16                 checker=None,
17                 settings=None):
18        """Puts the connection to the SMTP server into TLS mode.
19
20        If the server supports TLS, this will encrypt the rest of the SMTP
21        session.
22
23        For client authentication, use one of these argument
24        combinations:
25         - username, password (SRP)
26         - certChain, privateKey (certificate)
27
28        For server authentication, you can either rely on the
29        implicit mutual authentication performed by SRP or
30        you can do certificate-based server
31        authentication with one of these argument combinations:
32         - x509Fingerprint
33
34        Certificate-based server authentication is compatible with
35        SRP or certificate-based client authentication.
36
37        The caller should be prepared to handle TLS-specific
38        exceptions.  See the client handshake functions in
39        L{tlslite.TLSConnection.TLSConnection} for details on which
40        exceptions might be raised.
41
42        @type username: str
43        @param username: SRP username.  Requires the
44        'password' argument.
45
46        @type password: str
47        @param password: SRP password for mutual authentication.
48        Requires the 'username' argument.
49
50        @type certChain: L{tlslite.x509certchain.X509CertChain}
51        @param certChain: Certificate chain for client authentication.
52        Requires the 'privateKey' argument.  Excludes the SRP arguments.
53
54        @type privateKey: L{tlslite.utils.rsakey.RSAKey}
55        @param privateKey: Private key for client authentication.
56        Requires the 'certChain' argument.  Excludes the SRP arguments.
57
58        @type checker: L{tlslite.checker.Checker}
59        @param checker: Callable object called after handshaking to
60        evaluate the connection and raise an Exception if necessary.
61
62        @type settings: L{tlslite.handshakesettings.HandshakeSettings}
63        @param settings: Various settings which can be used to control
64        the ciphersuites, certificate types, and SSL/TLS versions
65        offered by the client.
66        """
67        (resp, reply) = self.docmd("STARTTLS")
68        if resp == 220:
69            helper = ClientHelper(
70                     username, password,
71                     certChain, privateKey,
72                     checker,
73                     settings)
74            conn = TLSConnection(self.sock)
75            helper._handshake(conn)
76            self.sock = conn
77            self.file = conn.makefile('rb')
78        return (resp, reply)