o 6aV3@svdZddlZddlZddlmZddlmZddl Z ddl Z ddl Z ddl Z ddl mZddl mZddl mZddl mZddl mZddl mZdd l mZdd lmZdd lmZdd lmZdd lmZe eZGddde jZGdddZ GdddZ!Gdddee Z"Gdddej#Z#Gddde#e Z$Gddde!Z%Gdddej&Z'Gddde j(Z)dS) z1Support for standalone client challenge solvers. N)Any)List)Mapping)Optional)Set)Tuple)Type)crypto)SSL) challenges) crypto_utilc@sZeZdZdZdededdfddZddd Zd ejde e j e j ffd d Z dd dZdS) TLSServerzGeneric TLS Server.argskwargsreturnNcOsp|dd|_|jrtj|_ntj|_|di|_|dtj|_ |dd|_ t j j |g|Ri|dS)Nipv6Fcertsmethodallow_reuse_addressT)poprsocketAF_INET6address_familyAF_INETrr _DEFAULT_SSL_METHODrr socketserver TCPServer__init__selfrrr 1/usr/lib/python3/dist-packages/acme/standalone.pyrs zTLSServer.__init__cCs&tj|j|jt|dd|jd|_dS)N_alpn_selection)cert_selectionalpn_selectionr)r SSLSocketr_cert_selectiongetattrrrr r r! _wrap_sock*s   zTLSServer._wrap_sock connectioncCs|}|j|dS)z.Callback selecting certificate for connection.N)get_servernamergetrr* server_namer r r!r&0szTLSServer._cert_selectioncCs|tj|SN)r)rr server_bindr(r r r!r06s zTLSServer.server_bindrN)__name__ __module__ __qualname____doc__rrr)r Connectionrr PKeyX509r&r0r r r r!r s  r c@seZdZdZdZdZdS)ACMEServerMixinz"ACME server common settings mixin.z'ACME client standalone challenge solverTN)r2r3r4r5server_versionrr r r r!r9;sr9c @sjeZdZdZdeejdeee fde de ddf dd Z dd d Z de eee ffd d ZdddZdS)BaseDualNetworkedServersaBase class for a pair of IPv6 and IPv4 servers that tries to do everything it's asked for both servers, but where failures in one server don't affect the other. If two servers are instantiated, they will serve on the same port. ServerClassserver_addressremaining_argsrrNc Os,|d}g|_g|_d}dD]y}z0||d<|df|f|dd}|f|} || i|} td|d|d|rrportlast_socket_err ip_version new_addressnew_argsserverer r r!rJsF      z!BaseDualNetworkedServers.__init__cCs2|jD]}tj|jd}||j|qdS)z*Wraps socketserver.TCPServer.serve_forever)targetN)rD threadingThread serve_foreverstartrCrHrrOthreadr r r!rT|s z&BaseDualNetworkedServers.serve_forevercCsdd|jDS)z/Wraps socketserver.TCPServer.socket.getsocknamecSsg|]}|jqSr )rrI).0rOr r r! sz9BaseDualNetworkedServers.getsocknames..)rDr(r r r! getsocknamessz%BaseDualNetworkedServers.getsocknamescCs:|jD] }||q|jD]}|qg|_dS)zpWraps socketserver.TCPServer.shutdown, socketserver.TCPServer.server_close, and threading.Thread.joinN)rDshutdown server_closerCjoinrVr r r!shutdown_and_server_closes     z2BaseDualNetworkedServers.shutdown_and_server_closer1)r2r3r4r5rrrrstrintrrrTrrZr^r r r r!r;Bs 2r;c @seZdZdZdZ ddeeefdeee j e j fde eee j e j ffde dd f d d Zd ejdee j e j ffd dZdejdeedefddZd S)TLSALPN01ServerzTLSALPN01 Server.s acme-tls/1Fr=rchallenge_certsrrNcCstj||t||d||_dS)N)rr)r r_BaseRequestHandlerWithLoggingrb)rr=rrbrr r r!rs  zTLSALPN01Server.__init__r*cCs|}td||j|S)Nz)Serving challenge cert for server name %s)r+rErFrbr-r r r!r&s  zTLSALPN01Server._cert_selection _connection alpn_protoscCsBt|dkr|d|jkrtd|j|jStdt|dS)z!Callback to select alpn protocol.r?rzAgreed on %s ALPNz#Cannot agree on ALPN proto. Got: %s)lenACME_TLS_1_PROTOCOLrErFr_)rrdrer r r!r"s zTLSALPN01Server._alpn_selection)F)r2r3r4r5rhrr_r`rr r7r8rboolrr r6r&bytesr"r r r r!ras rac@&eZdZdZdededdfddZdS) HTTPServerzGeneric HTTP Server.rrrNcOsD|dd|_|jrtj|_ntj|_tjj|g|Ri|dS)NrF) rrrrrrBaseHTTPServerrlrrr r r!rs  zHTTPServer.__init__r2r3r4r5rrr r r r!rlsrlc @s@eZdZdZ d deeefdeej de dedd f d d Z d S) HTTP01ServerzHTTP01 Server.Fr= resourcesrtimeoutrNcCs tj||tj||d|ddS)Nsimple_http_resourcesrr)r)rlrHTTP01RequestHandler partial_init)rr=rqrrrr r r!rs  zHTTP01Server.__init__)Frp) r2r3r4r5rr_r`rr HTTP01rirr r r r!rosroc@rk)HTTP01DualNetworkedServersz`HTTP01Server Wrapper. Tries everything for both. Failures for one don't affect the other.rrrNcOstj|tg|Ri|dSr/)r;rrorr r r!rsz#HTTP01DualNetworkedServers.__init__rnr r r r!rxsrxc@seZdZdZeddZdededdfdd Ze de fd d Z d e deddfd dZ dddZdddZdddZdddZdddZedeejde ddfddZdS)ruzHTTP01 challenge handler. Adheres to the stdlib's `socketserver.BaseRequestHandler` interface. :ivar set simple_http_resources: A set of `HTTP01Resource` objects. TODO: better name? HTTP01Resourcezchall response validationrrrNcOs@|dt|_|dd|_tjj|g|Ri||dS)Nrtrrrp)rsetrt_timeoutrmBaseHTTPRequestHandlerrrr r r!rszHTTP01RequestHandler.__init__cCs|jS)z The default timeout this server should apply to requests. :return: timeout to apply :rtype: int )r{r(r r r!rrszHTTP01RequestHandler.timeoutformatcGtd|jd||dSzLog arbitrary message.z %s - - %srNrErFclient_addressrr}rr r r! log_messagez HTTP01RequestHandler.log_messagecC|dtj|dSzHandle request.zIncoming requestN)rrmr|handler(r r r!r zHTTP01RequestHandler.handlecCsB|jdkr |dS|jdtjjr|dS|dS)N/)path handle_index startswithr rw URI_ROOT_PATHhandle_simple_http_resource handle_404r(r r r!do_GETs    zHTTP01RequestHandler.do_GETcCs6|d|dd||j|jjdS)zHandle index page.z Content-Type text/htmlN) send_response send_header end_headerswfilewriterOr:encoder(r r r!rs  z!HTTP01RequestHandler.handle_indexcCs4|jtjdd|dd||jddS)zHandler 404 Not Found errors.z Not Found)messagez Content-typers404N)r http_client NOT_FOUNDrrrrr(r r r!rs zHTTP01RequestHandler.handle_404cCsv|jD])}|jj|jkr,|d|jd|tj||j |j dSq|d|d|jdS)z$Handle HTTP01 provisioned resources.zServing HTTP01 with token %rtokenNzNo resources to servez0%s does not correspond to any resource. ignoring) rtchallrrrrrOKrrr validation)rresourcer r r!rs    z0HTTP01RequestHandler.handle_simple_http_resourcertrrz'functools.partial[HTTP01RequestHandler]cCstj|||dS)zPartially initialize this handler. This is useful because `socketserver.BaseServer` takes uninitialized handler and initializes it with the current request. rs) functoolspartial)clsrtrrr r r!rv%s z!HTTP01RequestHandler.partial_initr1)r2r3r4r5 collections namedtupleryrrpropertyr`rrr_rrrrrr classmethodrr rwrvr r r r!rus(       ruc@s0eZdZdZdededdfddZd dd ZdS) rcz BaseRequestHandler with logging.r}rrNcGr~rrrr r r!r7rz*_BaseRequestHandlerWithLogging.log_messagecCrr)rrBaseRequestHandlerrr(r r r!r;rz%_BaseRequestHandlerWithLogging.handler1)r2r3r4r5r_rrrr r r r!rc4src)*r5rr http.clientclientr http.serverrOrmloggingrrrRtypingrrrrrrrOpenSSLr r acmer r getLoggerr2rErr r9r;rarlrorxr|rurrcr r r r!s<               Q%  ^