a á `+ã@sdZddlZddlZddlZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z ddl mZe e¡ZGd d „d e jƒZGd d „d ƒZGd d„deƒZGdd„deeƒZGdd„dejƒZGdd„deeƒZGdd„deƒZGdd„dejƒZGdd„de jƒZdS)z1Support for standalone client challenge solvers. éN)ÚBaseHTTPServer)Ú http_client)Ú socketserver)Ú challenges)Ú crypto_util)ÚListc@s0eZdZdZdd„Zdd„Zdd„Zdd „Zd S) Ú TLSServerzGeneric TLS Server.cOsp| dd¡|_|jrtj|_ntj|_| di¡|_| dtj¡|_ | dd¡|_ t j j |g|¢Ri|¤ŽdS)NÚipv6FÚcertsÚmethodÚallow_reuse_addressT)Úpopr ÚsocketÚAF_INET6Úaddress_familyÚAF_INETr rZ_DEFAULT_SSL_METHODr r rÚ TCPServerÚ__init__©ÚselfÚargsÚkwargs©rú1/usr/lib/python3/dist-packages/acme/standalone.pyrs ÿzTLSServer.__init__cCs&tj|j|jt|ddƒ|jd|_dS)NÚ_alpn_selection)Zcert_selectionZalpn_selectionr )rZ SSLSocketrÚ_cert_selectionÚgetattrr ©rrrrÚ _wrap_sock"s  ýzTLSServer._wrap_sockcCs| ¡}|j |d¡S)z.Callback selecting certificate for connection.N)Úget_servernamer Úget©rZ connectionZ server_namerrrr(szTLSServer._cert_selectioncCs| ¡tj |¡S©N)rrrÚ server_bindrrrrr#-szTLSServer.server_bindN)Ú__name__Ú __module__Ú __qualname__Ú__doc__rrrr#rrrrrs  rc@seZdZdZdZdZdS)ÚACMEServerMixinz"ACME server common settings mixin.z'ACME client standalone challenge solverTN)r$r%r&r'Úserver_versionr rrrrr(2sr(c@s0eZdZdZdd„Zdd„Zdd„Zdd „Zd S) ÚBaseDualNetworkedServersaBase class for a pair of IPv6 and IPv4 servers that tries to do everything it's asked for both servers, but where failures in one server don't affect the other. If two servers are instantiated, they will serve on the same port. c Os |d}g|_g|_dD]Ü}z`||d<|df|f|dd…}|f|}||i|¤Ž} t d|d|d|rtdnd¡Wn\tjyØ|jr´t d |d|d|r¬dnd¡n t d |d|d|rÎdnd¡Yq0|j | ¡| j ¡d}q|jst d ¡‚dS) Né)TFr réz$Successfully bound to %s:%s using %sZIPv6ZIPv4z‚Certbot wasn't able to bind to %s:%s using %s, this is often expected due to the dual stack nature of IPv6 socket implementations.z Failed to bind to %s:%s using %szCould not bind to IPv4 or IPv6.)ÚthreadsÚserversÚloggerÚdebugrÚerrorÚappendÚ getsockname) rZ ServerClassÚserver_addressZremaining_argsrZportZ ip_versionZ new_addressÚnew_argsÚserverrrrrAs8  þ  ûþ  z!BaseDualNetworkedServers.__init__cCs2|jD]&}tj|jd}| ¡|j |¡qdS)z*Wraps socketserver.TCPServer.serve_forever)ÚtargetN)r.Ú threadingZThreadÚ serve_foreverÚstartr-r2©rr6Úthreadrrrr9ks  ÿz&BaseDualNetworkedServers.serve_forevercCsdd„|jDƒS)z/Wraps socketserver.TCPServer.socket.getsocknamecSsg|]}|j ¡‘qSr)rr3)Ú.0r6rrrÚ uóz9BaseDualNetworkedServers.getsocknames..)r.rrrrÚ getsocknamesssz%BaseDualNetworkedServers.getsocknamescCs:|jD]}| ¡| ¡q|jD] }| ¡q"g|_dS)zpWraps socketserver.TCPServer.shutdown, socketserver.TCPServer.server_close, and threading.Thread.joinN)r.ZshutdownZ server_closer-Újoinr;rrrÚshutdown_and_server_closews     z2BaseDualNetworkedServers.shutdown_and_server_closeN)r$r%r&r'rr9r@rBrrrrr*9s *r*c@s.eZdZdZdZd dd„Zdd„Zdd „Zd S) ÚTLSALPN01ServerzTLSALPN01 Server.s acme-tls/1FcCstj||t||d||_dS)N)r r )rrÚ_BaseRequestHandlerWithLoggingÚchallenge_certs)rr4r rEr rrrr‡s þzTLSALPN01Server.__init__cCs"| ¡}t d|¡|j |d¡S)Nz)Serving challenge cert for server name %s)rr/r0rEr r!rrrrs zTLSALPN01Server._cert_selectioncCsBt|ƒdkr.|d|jkr.t d|j¡|jSt dt|ƒ¡dS)z!Callback to select alpn protocol.r+rzAgreed on %s ALPNz#Cannot agree on ALPN proto. Got: %sr?)ÚlenÚACME_TLS_1_PROTOCOLr/r0Ústr)rZ _connectionZ alpn_protosrrrr™s zTLSALPN01Server._alpn_selectionN)F)r$r%r&r'rGrrrrrrrrC‚s   rCc@seZdZdZdd„ZdS)Ú HTTPServerzGeneric HTTP Server.cOsD| dd¡|_|jrtj|_ntj|_tjj|g|¢Ri|¤ŽdS)Nr F) r r rrrrrrIrrrrrr§s  zHTTPServer.__init__N©r$r%r&r'rrrrrrI¤srIc@seZdZdZddd„ZdS)Ú HTTP01ServerzHTTP01 Server.FécCs tj||tj||d|ddS)N©Úsimple_http_resourcesÚtimeout)r )rIrÚHTTP01RequestHandlerÚ partial_init)rr4Z resourcesr rOrrrr³s ÿþzHTTP01Server.__init__N)FrLrJrrrrrK°srKc@seZdZdZdd„ZdS)ÚHTTP01DualNetworkedServersz`HTTP01Server Wrapper. Tries everything for both. Failures for one don't affect the other.cOstj|tg|¢Ri|¤ŽdSr")r*rrKrrrrr½sz#HTTP01DualNetworkedServers.__init__NrJrrrrrR¹srRc@s`eZdZdZe dd¡Zdd„Zdd„Zdd „Z d d „Z d d „Z dd„Z dd„Z edd„ƒZdS)rPzÍHTTP01 challenge handler. Adheres to the stdlib's `socketserver.BaseRequestHandler` interface. :ivar set simple_http_resources: A set of `HTTP01Resource` objects. TODO: better name? ÚHTTP01Resourcezchall response validationcOs<| dtƒ¡|_| dd¡|_tjj|g|¢Ri|¤ŽdS)NrNrOrL)r ÚsetrNrOrÚBaseHTTPRequestHandlerrrrrrrÍszHTTP01RequestHandler.__init__cGst d|jd||¡dS©zLog arbitrary message.z %s - - %srN©r/r0Zclient_address©rÚformatrrrrÚ log_messageÒsz HTTP01RequestHandler.log_messagecCs| d¡tj |¡dS©zHandle request.zIncoming requestN)rZrrUÚhandlerrrrr\Ös zHTTP01RequestHandler.handlecCs>|jdkr| ¡n&|j dtjj¡r2| ¡n| ¡dS)Nú/)ÚpathÚ handle_indexÚ startswithrZHTTP01Z URI_ROOT_PATHÚhandle_simple_http_resourceÚ handle_404rrrrÚdo_GETÛs    zHTTP01RequestHandler.do_GETcCs6| d¡| dd¡| ¡|j |jj ¡¡dS)zHandle index page.éÈz Content-Typeú text/htmlN)Ú send_responseÚ send_headerÚ end_headersÚwfileÚwriter6r)Úencoderrrrr_ãs  z!HTTP01RequestHandler.handle_indexcCs4|jtjdd| dd¡| ¡|j d¡dS)zHandler 404 Not Found errors.z Not Found)Úmessagez Content-typeres404N)rfrZ NOT_FOUNDrgrhrirjrrrrrbês zHTTP01RequestHandler.handle_404cCsv|jD]R}|jj|jkr| d|j d¡¡| tj¡| ¡|j   |j  ¡¡dSq| d¡| d|j¡dS)z$Handle HTTP01 provisioned resources.zServing HTTP01 with token %rÚtokenNzNo resources to servez0%s does not correspond to any resource. ignoring) rNZchallr^rZrkrfrZOKrhrirjZ validation)rÚresourcerrrrañs  ÿ  ÿz0HTTP01RequestHandler.handle_simple_http_resourcecCstj|||dS)z¿Partially initialize this handler. This is useful because `socketserver.BaseServer` takes uninitialized handler and initializes it with the current request. rM)Ú functoolsÚpartial)ÚclsrNrOrrrrQs þz!HTTP01RequestHandler.partial_initN)r$r%r&r'Ú collectionsÚ namedtuplerSrrZr\rcr_rbraÚ classmethodrQrrrrrPÁsÿrPc@s eZdZdZdd„Zdd„ZdS)rDz BaseRequestHandler with logging.cGst d|jd||¡dSrVrWrXrrrrZsz*_BaseRequestHandlerWithLogging.log_messagecCs| d¡tj |¡dSr[)rZrÚBaseRequestHandlerr\rrrrr\s z%_BaseRequestHandlerWithLogging.handleN)r$r%r&r'rZr\rrrrrDsrD)r'rrroZloggingrr8Z six.movesrrrZacmerrZacme.magic_typingrZ getLoggerr$r/rrr(Úobjectr*rCrIrKrRrUrPrurDrrrrÚs*       I"  M