a }|g2@spdZddlZddlZddlmZddlmZddl Z ddl Z ddl Z ddl Z ddl mZddl mZddl mZddl mZddl mZddl mZdd l mZdd l mZdd lmZdd lmZdd lmZddlmZe eZGddde jZ GdddZ!GdddZ"Gddde e!Z#Gdddej$Z$Gddde$e!Z%Gddde"Z&Gdddej'Z(dS)z1Support for standalone client challenge solvers. N)Any)cast)List)Mapping)Optional)Set)Tuple)Type)crypto)SSL) challenges) crypto_utilcsheZdZdZeeddfdd ZddddZeje e e j e j fd d d Zddd d ZZS) TLSServerzGeneric TLS Server.Nargskwargsreturncsh|dd|_|jrtj|_ntj|_|di|_|dtj|_ |dd|_ t j |i|dS)Nipv6Fcertsmethodallow_reuse_addressT) poprsocketAF_INET6address_familyAF_INETrr Z_DEFAULT_SSL_METHODrrsuper__init__selfrr __class__3/usr/lib/python3.9/site-packages/acme/standalone.pyrs zTLSServer.__init__rc Cs.ttjtj|j|jt|dd|jd|_dS)N_alpn_selection)Zcert_selectionZalpn_selectionr)rrr Z SSLSocket_cert_selectiongetattrrrr"r"r# _wrap_sock*s   zTLSServer._wrap_sock connectionrcCs|}|r|j|dSdS)z.Callback selecting certificate for connection.N)get_servernamergetrr+Z server_namer"r"r#r&0szTLSServer._cert_selectioncCs|tj|SN)r) socketserver TCPServer server_bindr(r"r"r#r28szTLSServer.server_bind)__name__ __module__ __qualname____doc__rrr)r Connectionrrr PKeyX509r&r2 __classcell__r"r"r r#rs  rc@seZdZdZdZdZdS)ACMEServerMixinz"ACME server common settings mixin.z'ACME client standalone challenge solverTN)r3r4r5r6server_versionrr"r"r"r#r;=sr;c@sjeZdZdZeejeee fe e ddddZ ddddZ e eee fdd d Zddd d ZdS) BaseDualNetworkedServersaBase class for a pair of IPv6 and IPv4 servers that tries to do everything it's asked for both servers, but where failures in one server don't affect the other. If two servers are instantiated, they will serve on the same port. N) ServerClassserver_addressremaining_argsrrc Os.|d}g|_g|_d}dD]}z`||d<|df|f|dd}|f|} || i|} td|d|d|rxdndWnpty} zX| }|jrtd |d|d|rdndn td |d|d|rdndWYd} ~ qd} ~ 00|j| | jd}q|js*|r"|ntd dS) N)TFrrz$Successfully bound to %s:%s using %sZIPv6ZIPv4zCertbot wasn't able to bind to %s:%s using %s, this is often expected due to the dual stack nature of IPv6 socket implementations.z Failed to bind to %s:%s using %szCould not bind to IPv4 or IPv6.)threadsserversloggerdebugOSErrorappendr getsockname) rr>r?r@rportZlast_socket_errZ ip_versionZ new_addressnew_argsserverer"r"r#rLs@     z!BaseDualNetworkedServers.__init__r$cCs2|jD]&}tj|jd}||j|qdS)z*Wraps socketserver.TCPServer.serve_forever)targetN)rD threadingThread serve_foreverstartrCrHrrLthreadr"r"r#rQ~s  z&BaseDualNetworkedServers.serve_forevercCsdd|jDS)z/Wraps socketserver.TCPServer.socket.getsocknamecSsg|]}|jqSr")rrI).0rLr"r"r# z9BaseDualNetworkedServers.getsocknames..)rDr(r"r"r# getsocknamessz%BaseDualNetworkedServers.getsocknamescCs:|jD]}||q|jD] }|q"g|_dS)zpWraps socketserver.TCPServer.shutdown, socketserver.TCPServer.server_close, and threading.Thread.joinN)rDZshutdownZ server_closerCjoinrSr"r"r#shutdown_and_server_closes     z2BaseDualNetworkedServers.shutdown_and_server_close)r3r4r5r6r r0r1rstrintrrrQrrXrZr"r"r"r#r=Ds 2r=c@seZdZdZdZdeeefeee j e j fe e ee j e j ffeddddZejeee j e j fdd d Zejee e d d d ZdS)TLSALPN01ServerzTLSALPN01 Server.s acme-tls/1FN)r?rchallenge_certsrrcCs tj||tj||d||_dS)N)rr)rrr0ZBaseRequestHandlerr^)rr?rr^rr"r"r#rs  zTLSALPN01Server.__init__r*cCs&|}|r"td||j|SdS)Nz)Serving challenge cert for server name %s)r,rErFr^r.r"r"r#r&s   zTLSALPN01Server._cert_selection) _connection alpn_protosrcCsBt|dkr.|d|jkr.td|j|jStdt|dS)z!Callback to select alpn protocol.rArzAgreed on %s ALPNz#Cannot agree on ALPN proto. Got: %srW)lenACME_TLS_1_PROTOCOLrErFr[)rr_r`r"r"r#r%s zTLSALPN01Server._alpn_selection)F)r3r4r5r6rbrr[r\rr r8r9rbytesboolrr r7rr&r%r"r"r"r#r]s  r]cs*eZdZdZeeddfdd ZZS) HTTPServerzGeneric HTTP Server.Nrcs<|dd|_|jrtj|_ntj|_tj|i|dS)NrF)rrrrrrrrrr r"r#rs  zHTTPServer.__init__r3r4r5r6rrr:r"r"r r#resrecs>eZdZdZdeeefeej e eddfdd Z Z S) HTTP01ServerzHTTP01 Server.FN)r? resourcesrtimeoutrcs tj|tj||d|ddS)Nsimple_http_resourcesrj)r)rrHTTP01RequestHandler partial_init)rr?rirrjr r"r#rs zHTTP01Server.__init__)Frh) r3r4r5r6rr[r\rr HTTP01rdrr:r"r"r r#rgs rgcs*eZdZdZeeddfdd ZZS)HTTP01DualNetworkedServersz`HTTP01Server Wrapper. Tries everything for both. Failures for one don't affect the other.Nrcstjtg|Ri|dSr/)rrrgrr r"r#rsz#HTTP01DualNetworkedServers.__init__rfr"r"r r#rpsrpcseZdZdZeddZeeddfdd Ze e dd d Z e edd d d Z ddddZddddZddddZddddZddddZeeeje ddddZZS)rmzHTTP01 challenge handler. Adheres to the stdlib's `socketserver.BaseRequestHandler` interface. :ivar set simple_http_resources: A set of `HTTP01Resource` objects. TODO: better name? HTTP01Resourcezchall response validationNrcs8|dt|_|dd|_tj|i||dS)Nrlrjrh)rsetrl_timeoutrrrr r"r#rszHTTP01RequestHandler.__init__r$cCs|jS)z The default timeout this server should apply to requests. :return: timeout to apply :rtype: int )rsr(r"r"r#rjszHTTP01RequestHandler.timeout)formatrrcGstd|jd||dS)zLog arbitrary message.z %s - - %srN)rErFZclient_address)rrtrr"r"r# log_messagesz HTTP01RequestHandler.log_messagecCs|dtj|dS)zHandle request.zIncoming requestN)ruBaseHTTPServerBaseHTTPRequestHandlerhandler(r"r"r#rxs zHTTP01RequestHandler.handlecCs>|jdkr|n&|jdtjjr2|n|dS)N/)path handle_index startswithr roZ URI_ROOT_PATHhandle_simple_http_resource handle_404r(r"r"r#do_GETs    zHTTP01RequestHandler.do_GETcCs6|d|dd||j|jjdS)zHandle index page.z Content-Type text/htmlN) send_response send_header end_headerswfilewriterLr<encoder(r"r"r#r{s  z!HTTP01RequestHandler.handle_indexcCs4|jtjdd|dd||jddS)zHandler 404 Not Found errors.z Not Found)messagez Content-typers404N)r http_clientZ NOT_FOUNDrrrrr(r"r"r#r~s zHTTP01RequestHandler.handle_404cCsv|jD]R}|jj|jkr|d|jd|tj||j |j dSq|d|d|jdS)z$Handle HTTP01 provisioned resources.zServing HTTP01 with token %rtokenNzNo resources to servez0%s does not correspond to any resource. ignoring) rlZchallrzrurrrZOKrrrZ validation)rresourcer"r"r#r}s    z0HTTP01RequestHandler.handle_simple_http_resourcez'functools.partial[HTTP01RequestHandler])rlrjrcCstj|||dS)zPartially initialize this handler. This is useful because `socketserver.BaseServer` takes uninitialized handler and initializes it with the current request. rk) functoolspartial)clsrlrjr"r"r#rn-s z!HTTP01RequestHandler.partial_init)r3r4r5r6 collections namedtuplerqrrpropertyr\rjr[rurxrr{r~r} classmethodrr rornr:r"r"r r#rms" rm))r6rrZ http.clientZclientrZ http.serverrLrvZloggingrr0rOtypingrrrrrrrr ZOpenSSLr r Zacmer r Z getLoggerr3rEr1rr;r=r]rergrprwrmr"r"r"r#s:               !Q+