Home       Trees       Index       Help   
Package cryptoIDlib :: Module Client :: Class Client
[show private | hide private]
[frames | no frames]

Class Client

This class represents a client-side connection to a key management server.

You can access all of the cryptoID key management protocols by calling methods on this class.

This class will contact the key management server using TLS. Thus, TLS Lite must be installed.
Method Summary
  __init__(self, url, username, password, minBits, cryptoID)
Create a new Client instance.
  __del__(self)
  close(self)
Close the underlying TLS connection and socket.
  getAllVASignatures(certChain)
(Static method)
cryptoIDlib.CertChain.CertChain getCertChain(self)
Get a certificate chain from the server.
cryptoIDlib.utils.RSAKey.RSAKey getKey(self)
Get the server's signing key.
  getSignatures(self, certChain)
Get signatures for the <certChain>.
  putCertChain(self, certChain)
Post a certificate chain to the server.
  registerCert(self, type, certChain, whichCert, notAfterDelta, expiresOn)
Register a certificate with the server.
  registerUser(self, username, password, subPassword, bits, subBits)
Register a username and password with the server.
  revokeCert(self, certChain, whichCert)
Revoke a certificate with the server.

Instance Method Details

__init__(self, url, username=None, password=None, minBits=2048, cryptoID=None)
(Constructor)

Create a new Client instance.

To use protocols requiring client authentication, you must pass in an SRP username and password.

For server authentication, you can rely on the implicit authentication offered by SRP, or you can pass in the server's cryptoID.
Parameters:
url - The URL identifying the server to contact.
           (type=str)
username - The username for SRP authentication.
           (type=str)
password - The password for SRP authentication.
           (type=str)
minBits - The minimum allowable SRP parameters size. Smaller values make it easier for an attacker to discover your password, so be careful here.
           (type=int)
cryptoID - The server's cryptoID.
           (type=str)

close(self)

Close the underlying TLS connection and socket.
Raises:
socket.error - If a socket error occurs.
tlslite.errors.TLSError - If a TLS error occurs.

getCertChain(self)

Get a certificate chain from the server.
Returns:
cryptoIDlib.CertChain.CertChain
Raises:
socket.error - If a socket error occurs.
tlslite.errors.TLSError - If a TLS error occurs.
httplib.HTTPException - If an HTTP error occurs.
SyntaxError - If a parsing error occurs.
cryptoIDlib.errors.CryptoIDNoCertChainError - If a <certChain> has not been posted to this account.
cryptoIDlib.errors.CryptoIDProtocolError - If a cryptoID protocol error occurs.

getKey(self)

Get the server's signing key.
Returns:
The server's signing key.
           (type=cryptoIDlib.utils.RSAKey.RSAKey)
Raises:
socket.error - If a socket error occurs.
tlslite.errors.TLSError - If a TLS error occurs.
httplib.HTTPException - If an HTTP error occurs.
SyntaxError - If a parsing error occurs.
cryptoIDlib.errors.CryptoIDProtocolError - If a cryptoID protocol error occurs.

getSignatures(self, certChain)

Get signatures for the <certChain>.
Parameters:
certChain - The signatures returned by the server will be added to this <certChain>.
           (type=cryptoIDlib.CertChain.CertChain)
Raises:
socket.error - If a socket error occurs.
tlslite.errors.TLSError - If a TLS error occurs.
httplib.HTTPException - If an HTTP error occurs.
SyntaxError - If a parsing error occurs.
cryptoIDlib.errors.CryptoIDNoSignaturesError - If the server found nothing to sign.
cryptoIDlib.errors.CryptoIDProtocolError - If a cryptoID protocol error occurs.

putCertChain(self, certChain)

Post a certificate chain to the server.
Parameters:
certChain
           (type=cryptoIDlib.CertChain.CertChain)
Raises:
socket.error - If a socket error occurs.
tlslite.errors.TLSError - If a TLS error occurs.
httplib.HTTPException - If an HTTP error occurs.
SyntaxError - If a parsing error occurs.
cryptoIDlib.errors.CryptoIDProtocolError - If a cryptoID protocol error occurs.

registerCert(self, type, certChain, whichCert, notAfterDelta, expiresOn=None)

Register a certificate with the server.
Parameters:
type - 'CA' or VA', to indicate whether you're registering for certification or validation signatures. If you're registering for validation signatures, the <certChain> will have a <VAServer> annotation added for this server.
           (type=str)
certChain - The <certChain> containing the relevant certificate.
           (type=cryptoIDlib.CertChain.CertChain)
whichCert - A number between 0 and 9, indicating which certificate from the chain is being registered.
           (type=int)
notAfterDelta - The number of minutes the server should add to the current time when determining the expiration time for signatures issued under this registration.
           (type=int)
expiresOn - The number of minutes until the registration expires and the server can safely delete it. If None, the certificate's <notAfter> expiration time will be used, if it has one.
           (type=datetime.datetime)
Raises:
socket.error - If a socket error occurs.
tlslite.errors.TLSError - If a TLS error occurs.
httplib.HTTPException - If an HTTP error occurs.
SyntaxError - If a parsing error occurs.
cryptoIDlib.errors.CryptoIDCertRegisteredError - The certificate is already registered.
cryptoIDlib.errors.CryptoIDProtocolError - If a cryptoID protocol error occurs.

registerUser(self, username, password, subPassword=None, bits=2048, subBits=None)

Register a username and password with the server.
Parameters:
username - The username.
           (type=str)
password - The main password.
           (type=str)
subPassword - The subordinate password. If None, then the main password is used as the subordinate password.
           (type=str or None)
bits - This values specifies which SRP group parameters to use in creating the password verifier(s). It must be one of (1024, 1536, 2048, 3072, 4096, 6144, 8192).
           (type=int)
Raises:
socket.error - If a socket error occurs.
tlslite.errors.TLSError - If a TLS error occurs.
httplib.HTTPException - If an HTTP error occurs.
SyntaxError - If a parsing error occurs.
cryptoIDlib.errors.CryptoIDUserRegisteredError - If the username is already registered.
cryptoIDlib.errors.CryptoIDProtocolError - If a cryptoID protocol error occurs.

revokeCert(self, certChain, whichCert)

Revoke a certificate with the server.
Parameters:
certChain - The <certChain> containing the relevant certificate.
           (type=cryptoIDlib.CertChain.CertChain)
whichCert - A number between 0 and 9, indicating which certificate from the chain is being revoked.
           (type=int)
Raises:
socket.error - If a socket error occurs.
tlslite.errors.TLSError - If a TLS error occurs.
httplib.HTTPException - If an HTTP error occurs.
SyntaxError - If a parsing error occurs.
cryptoIDlib.errors.CryptoIDCertRevokedError - If the certificate is already revoked.
cryptoIDlib.errors.CryptoIDCertNotRegisteredError - If the certificate is not registered.
cryptoIDlib.errors.CryptoIDNotAuthorizedError - If the user is not authorized to revoke the certificate.
cryptoIDlib.errors.CryptoIDProtocolError - If a cryptoID protocol error occurs.

   Home       Trees       Index       Help   
Generated by Epydoc 2.0 on Mon May 24 02:15:59 2004 http://epydoc.sf.net