blob: 6aadf58e0541ecfb87d71c838d110bdb504f14b6 [file] [log] [blame]
# Authors:
# Trevor Perrin
# Dave Baggett (Arcode Corporation) - canonicalCipherName
# See the LICENSE file for legal information regarding use of this file.
"""Class representing a TLS session."""
from .utils.compat import *
from .mathtls import *
from .constants import *
class Session(object):
This class represents a TLS session.
TLS distinguishes between connections and sessions. A new
handshake creates both a connection and a session. Data is
transmitted over the connection.
The session contains a more permanent record of the handshake. The
session can be inspected to determine handshake results. The
session can also be used to create a new connection through
"session resumption". If the client and server both support this,
they can create a new connection based on an old session without
the overhead of a full handshake.
The session for a L{tlslite.TLSConnection.TLSConnection} can be
retrieved from the connection's 'session' attribute.
@type srpUsername: str
@ivar srpUsername: The client's SRP username (or None).
@type clientCertChain: L{tlslite.x509certchain.X509CertChain}
@ivar clientCertChain: The client's certificate chain (or None).
@type serverCertChain: L{tlslite.x509certchain.X509CertChain}
@ivar serverCertChain: The server's certificate chain (or None).
@type tackExt: L{tack.structures.TackExtension.TackExtension}
@ivar tackExt: The server's TackExtension (or None).
@type tackInHelloExt: L{bool}
@ivar tackInHelloExt: True if a TACK was presented via TLS Extension.
def __init__(self):
self.masterSecret = bytearray(0)
self.sessionID = bytearray(0)
self.cipherSuite = 0
self.srpUsername = ""
self.clientCertChain = None
self.serverCertChain = None
self.tackExt = None
self.tackInHelloExt = False
self.serverName = ""
self.resumable = False
def create(self, masterSecret, sessionID, cipherSuite,
srpUsername, clientCertChain, serverCertChain,
tackExt, tackInHelloExt, serverName, resumable=True):
self.masterSecret = masterSecret
self.sessionID = sessionID
self.cipherSuite = cipherSuite
self.srpUsername = srpUsername
self.clientCertChain = clientCertChain
self.serverCertChain = serverCertChain
self.tackExt = tackExt
self.tackInHelloExt = tackInHelloExt
self.serverName = serverName
self.resumable = resumable
def _clone(self):
other = Session()
other.masterSecret = self.masterSecret
other.sessionID = self.sessionID
other.cipherSuite = self.cipherSuite
other.srpUsername = self.srpUsername
other.clientCertChain = self.clientCertChain
other.serverCertChain = self.serverCertChain
other.tackExt = self.tackExt
other.tackInHelloExt = self.tackInHelloExt
other.serverName = self.serverName
other.resumable = self.resumable
return other
def valid(self):
"""If this session can be used for session resumption.
@rtype: bool
@return: If this session can be used for session resumption.
return self.resumable and self.sessionID
def _setResumable(self, boolean):
#Only let it be set to True if the sessionID is non-null
if (not boolean) or (boolean and self.sessionID):
self.resumable = boolean
def getTackId(self):
if self.tackExt and self.tackExt.tack:
return self.tackExt.tack.getTackId()
return None
def getBreakSigs(self):
if self.tackExt and self.tackExt.break_sigs:
return self.tackExt.break_sigs
return None
def getCipherName(self):
"""Get the name of the cipher used with this connection.
@rtype: str
@return: The name of the cipher used with this connection.
return CipherSuite.canonicalCipherName(self.cipherSuite)
def getMacName(self):
"""Get the name of the HMAC hash algo used with this connection.
@rtype: str
@return: The name of the HMAC hash algo used with this connection.
return CipherSuite.canonicalMacName(self.cipherSuite)