M/e2dZddlZddlZddlmZddlmZddl Z ddl Z ddl Z ddl Z ddl mZddl mZddl mZddl mZddl mZddl mZdd l mZdd l mZdd lmZdd lmZdd lmZddlmZe j8eZGdde j>Z GddZ!GddZ"Gdde e!Z#GddejHZ$Gdde$e!Z%Gdde"Z&GddejNZ(y)z1Support for standalone client challenge solvers. N)Any)cast)List)Mapping)Optional)Set)Tuple)Type)crypto)SSL) challenges) crypto_utilceZdZdZdededdffd Zd dZdejde e e je jffd Zd d ZxZS) TLSServerzGeneric TLS Server.argskwargsreturnNcf|jdd|_|jrtj|_ntj |_|jdi|_|jdtj|_ |jdd|_ t|0|i|y)Nipv6Fcertsmethodallow_reuse_addressT) poprsocketAF_INET6address_familyAF_INETrr_DEFAULT_SSL_METHODrrsuper__init__selfrr __class__s 1/usr/lib/python3/dist-packages/acme/standalone.pyr zTLSServer.__init__sJJvu- 99"(//D "(..D ZZ, jj;+J+JK #)::.CT#J  $)&)c ttjtj|j|jt |dd|j |_y)N_alpn_selection)cert_selectionalpn_selectionr)rrr SSLSocket_cert_selectiongetattrrr"s r$ _wrap_sockzTLSServer._wrap_sock*sD6==+*?*? KK(<(<"4):DA;;+ ! r% connectionc`|j}|r|jj|dSy)z.Callback selecting certificate for connection.N)get_servernamergetr"r/ server_names r$r+zTLSServer._cert_selection0s-!//1 ::>>+t4 4r%c`|jtjj|SN)r. socketserver TCPServer server_bindr-s r$r9zTLSServer.server_bind8s# %%11$77r%rN)__name__ __module__ __qualname____doc__rr r.r Connectionrr r PKeyX509r+r9 __classcell__r#s@r$rrsY *c *S *T *! #..%eFKK,D&EF8r%rceZdZdZdZdZy)ACMEServerMixinz"ACME server common settings mixin.z'ACME client standalone challenge solverTN)r;r<r=r>server_versionrr%r$rErE=s,>Nr%rEc |eZdZdZdeej deee fde de ddf dZ d d Z de eee ffd Zd d Zy) BaseDualNetworkedServersaBase class for a pair of IPv6 and IPv4 servers that tries to do everything it's asked for both servers, but where failures in one server don't affect the other. If two servers are instantiated, they will serve on the same port. ServerClassserver_addressremaining_argsrrNcj|d}g|_g|_d}dD]} ||d<|df|fz|ddz}|f|z} || i|} tjd|d|d|rdnd|jj | | j j d}|js|r|t jd y#t j$r^} | }|jr#tjd d|d|rdndn"tjd d|d|rdndYd} ~ d} ~ wwxYw) N)TFrrz$Successfully bound to %s:%s using %sIPv6IPv4zCertbot wasn't able to bind to %s:%s using %s, this is often expected due to the dual stack nature of IPv6 socket implementations.z Failed to bind to %s:%s using %szCould not bind to IPv4 or IPv6.)threadsserversloggerdebugappendr getsocknameerror) r"rJrKrLrportlast_socket_err ip_version new_addressnew_argsserveres r$r z!BaseDualNetworkedServers.__init__Lsca /1 68 37( 6J 6!+v-a02dW<~ab?QQ '>N:$h9&9 :KNNjFfF$ ##F+}}002157 68||%%ll#DEE '<< J"#<<LL7$A A",& :LL:KN#A*&J JsACD2AD--D2c|jD]M}tj|j}|j |j j |Oy)z*Wraps socketserver.TCPServer.serve_forever)targetN)rS threadingThread serve_foreverstartrRrVr"r^threads r$rdz&BaseDualNetworkedServers.serve_forever~sIll (F%%++-F LLN LL   '  (r%cp|jDcgc]}|jjc}Scc}w)z/Wraps socketserver.TCPServer.socket.getsockname)rSrrW)r"r^s r$ getsocknamesz%BaseDualNetworkedServers.getsocknamess':>,,G ))+GGGs!3c|jD]"}|j|j$|jD]}|j g|_y)zpWraps socketserver.TCPServer.shutdown, socketserver.TCPServer.server_close, and threading.Thread.joinN)rSshutdown server_closerRjoinrfs r$shutdown_and_server_closez2BaseDualNetworkedServers.shutdown_and_server_closesRll "F OO     ! "ll F KKM  r%r:)r;r<r=r>r r7r8r strintrr rdrrirnrGr%r$rIrIDsv 0FD)?)?$@0FRWX[]`X`Ra0F"%0F140F9=0Fd(Hd5c?3Hr%rIc <eZdZdZdZ ddeeefdeee je jfde e ee je jffdeddf d Zd ej"deee je jffd Zd ej"d ee de fdZy)TLSALPN01ServerzTLSALPN01 Server.s acme-tls/1rKrchallenge_certsrrNcbtj||tj||||_y)N)rr)rr r7BaseRequestHandlerrs)r"rKrrsrs r$r zTLSALPN01Server.__init__s3  .,"A"A   /r%r/cr|j}|r%tjd||j|Sy)Nz)Serving challenge cert for server name %s)r1rTrUrsr3s r$r+zTLSALPN01Server._cert_selections8!//1  LLDk R'' 4 4r% _connection alpn_protosct|dk(r>|d|jk(r,tjd|j|jStjdt |y)z!Callback to select alpn protocol.rNrzAgreed on %s ALPNz#Cannot agree on ALPN proto. Got: %sr%)lenACME_TLS_1_PROTOCOLrTrUro)r"rwrxs r$r'zTLSALPN01Server._alpn_selectionsZ { q [^t7O7O%O LL,d.F.F G++ + :C r{r rorprr r@rArbytesboolr r r?rr+r'rGr%r$rrrrs' $ /uS#X /U6;; #;<= /")%v{{FKK7O1P*P"Q / /)- / #.. XeFKKLRKKMXGY>Z 3>>U X]r%rrc0eZdZdZdededdffd ZxZS) HTTPServerzGeneric HTTP Server.rrrNc|jdd|_|jrtj|_ntj |_t ||i|y)NrF)rrrrrrrr r!s r$r zHTTPServer.__init__sFJJvu- 99"(//D "(..D  $)&)r%r;r<r=r>rr rBrCs@r$rrs%*c*S*T**r%rc `eZdZdZ d deeefdeejde deddf fd Z xZ S) HTTP01ServerzHTTP01 Server.rK resourcesrtimeoutrNcTt||tj|||y)Nsimple_http_resourcesr)r)rr HTTP01RequestHandler partial_init)r"rKrrrr#s r$r zHTTP01Server.__init__s5  0==&/>BHL  Nr%)F) r;r<r=r>r rorprr HTTP01r}r rBrCs@r$rrsU57NuS#XN3zGXGXCYNN.1N;?NNr%rc0eZdZdZdededdffd ZxZS)HTTP01DualNetworkedServersz`HTTP01Server Wrapper. Tries everything for both. Failures for one don't affect the other.rrrNc4t|tg|i|yr6)rr rr!s r$r z#HTTP01DualNetworkedServers.__init__s 777r%rrCs@r$rrs'8c8S8T88r%rceZdZdZej ddZdededdffd Ze de fd Z d e deddfd Z dd Zdd ZddZddZddZedeej,de ddfdZxZS)rzHTTP01 challenge handler. Adheres to the stdlib's `socketserver.BaseRequestHandler` interface. :ivar set simple_http_resources: A set of `HTTP01Resource` objects. TODO: better name? HTTP01Resourcezchall response validationrrrNc|jdt|_|jdd|_t ||i||y)Nrrr)rsetr_timeoutrr r!s r$r zHTTP01RequestHandler.__init__s@%+ZZ0G%O" 9b1  $)&) r%c|jS)z The default timeout this server should apply to requests. :return: timeout to apply :rtype: int )rr-s r$rzHTTP01RequestHandler.timeouts}}r%formatcRtjd|jd||zy)zLog arbitrary message.z %s - - %srN)rTrUclient_address)r"rrs r$ log_messagez HTTP01RequestHandler.log_messages! [$"5"5a"8&4-Hr%cd|jdtjj|y)zHandle request.zIncoming requestN)rBaseHTTPServerBaseHTTPRequestHandlerhandler-s r$rzHTTP01RequestHandler.handles% +,--44T:r%c|jdk(r|jy|jjdtjj zr|j y|jy)N/)path handle_index startswithr r URI_ROOT_PATHhandle_simple_http_resource handle_404r-s r$do_GETzHTTP01RequestHandler.do_GETsS 99      YY ! !# (9(9(G(G"G H  , , . OO r%c|jd|jdd|j|jj |j j jy)zHandle index page.z Content-Type text/htmlN) send_response send_header end_headerswfilewriter^rFencoder-s r$rz!HTTP01RequestHandler.handle_indexsQ 3 5  33::<=r%c|jtjd|jdd|j |j j dy)zHandler 404 Not Found errors.z Not Found)messagez Content-typers404N)r http_client NOT_FOUNDrrrrr-s r$rzHTTP01RequestHandler.handle_404sI ;00+F 5   r%c|jD]}|jj|jk(s'|jd|jj d|j t j|j|jj|jj y|jd|jd|jy)z$Handle HTTP01 provisioned resources.zServing HTTP01 with token %rtokenNzNo resources to servez0%s does not correspond to any resource. ignoring) rchallrrrrrOKrrr validation)r"resources r$rz0HTTP01RequestHandler.handle_simple_http_resources22 6H~~""dii/  !?!)!6!6w!?A"";>>2  "   !4!4!;!;!=> 6   4 5 K $r%rrz'functools.partial[HTTP01RequestHandler]c2tj|||S)zPartially initialize this handler. This is useful because `socketserver.BaseServer` takes uninitialized handler and initializes it with the current request. r) functoolspartial)clsrrs r$rz!HTTP01RequestHandler.partial_init-s   '< r%r:)r;r<r=r> collections namedtuplerrr propertyrprrorrrrrr classmethodrr rrrBrCs@r$rrs,[++57N"c"S"T"I#IcIdI; >! $ Z5F5F1G ! &O  r%r))r>rr http.clientclientr http.serverr^rloggingrr7rbtypingrrrrrrr r OpenSSLr r acmer r getLoggerr;rTr8rrErIrrrrrrrrGr%r$rs7!$    8 $8 &&8BNNb(i(V *** *N:N8!98[>@@[r%