3 گa#@sfdZddlZddlZddlZddlZddlmZddlmZddlmZddlm Z ddlm Z ddlm Z dd lm Z dd lm Z dd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZej e!Z"er,eej#e ej$fZ%GdddZ&Gdddej'ej(Z(ej)ddddZ*dS)zStandalone Authenticator.N)Any)Callable) DefaultDict)Dict)Iterable)List)Mapping)Set)Tuple)Type) TYPE_CHECKING)crypto) challenges) standalone) achallenges)errors) interfaces)util)commonc@seZdZdZeeeejej ffe e j j ddddZdeeejee jddd Zedd d d Zeee jfd ddZdS) ServerManageraStandalone servers manager. Manager for `ACMEServer` and `ACMETLSServer` instances. `certs` and `http_01_resources` correspond to `acme.crypto_util.SSLSocket.certs` and `acme.crypto_util.SSLSocket.http_01_resources` respectively. All created servers share the same certificates and resources, so if you're running both TLS and non-TLS instances, HTTP01 handlers will serve the same URLs! N)certshttp_01_resourcesreturncCsi|_||_||_dS)N) _instancesrr)selfrrr /usr/lib/python3.6/standalone.py__init__2szServerManager.__init__)portchallenge_type listenaddrrcCs|tjkst||jkr"|j|S||f}ytj||j}Wn0tjk rl}zt j ||WYdd}~XnX|j |j dd}||j|<|S)aRun ACME server on specified ``port``. This method is idempotent, i.e. all calls with the same pair of ``(port, challenge_type)`` will reuse the same server. :param int port: Port to run the server on. :param challenge_type: Subclass of `acme.challenges.Challenge`, currently only `acme.challenge.HTTP01`. :param str listenaddr: (optional) The address to listen on. Defaults to all addrs. :returns: DualNetworkedServers instance. :rtype: ACMEServerMixin Nr) rHTTP01AssertionErrorracme_standaloneHTTP01DualNetworkedServersrsocketerrorrStandaloneBindErrorZ serve_forever getsocknames)rrr r!Zaddressserversr(Z real_portrrrrun9s   zServerManager.run)rrcCsF|j|}x&|jD]}tjd|ddqW|j|j|=dS)zWStop ACME server running on the specified ``port``. :param int port: Stopping server at %s:%d...N)r-)rr*loggerdebugZshutdown_and_server_close)rrinstanceZsocknamerrrstop\s  zServerManager.stop)rcCs |jjS)zReturn all running instances. Once the server is stopped using `stop`, it will not be returned. :returns: Mapping from ``port`` to ``servers``. :rtype: tuple )rcopy)rrrrrunningis zServerManager.running)r)__name__ __module__ __qualname____doc__rbytesr r ZPKeyZX509r r%HTTP01RequestHandlerHTTP01Resourcerintr r Challengestrr&r,r2rr4rrrrr%s  " rcs eZdZdZdZeeddfdd Zeed"ddd d Z e d d d Z dd ddZ e e eejdddZe ejeejdddZejejdddZejejdddZejeejejfdddZe ejddddZeeje dd d!ZZS)# AuthenticatoraStandalone Authenticator. This authenticator creates its own ephemeral TCP listener on the necessary port in order to respond to incoming http-01 challenges from the certificate authority. Therefore, it does not rely on any existing server program. zSpin up a temporary webserverN)argskwargsrcs<tj||tjt|_i|_t|_t|j|j|_ dS)N) superr collections defaultdictsetservedrrrr+)rr@rA) __class__rrrs  zAuthenticator.__init__.)addrcCsdS)Nr)clsrHrrradd_parser_argumentssz"Authenticator.add_parser_arguments)rcCsdS)NzThis authenticator creates its own ephemeral TCP listener on the necessary port in order to respond to incoming http-01 challenges from the certificate authority. Therefore, it does not rely on any existing server program.r)rrrr more_infoszAuthenticator.more_infocCsdS)Nr)rrrrprepareszAuthenticator.prepare)domainrcCstjgS)N)rr#)rrMrrrget_chall_prefszAuthenticator.get_chall_pref)achallsrcsfdd|DS)Ncsg|]}j|qSr)_try_perform_single).0achall)rrr sz)Authenticator.perform..r)rrOr)rrperformszAuthenticator.perform)rRrcCsBxrKrLrr rr=rNrZAnnotatedChallengerZChallengeResponserTrPrUr r%r&rWrard __classcell__rr)rGrr?vs"  r?)r(rcCsd|jjtjkr tjdj|j|jjtjkr\dj|j}tj |dddd}|s`tj|n|dS)NzCould not bind TCP port {0} because you don't have the appropriate permissions (for example, you aren't running this program as root).zCould not bind TCP port {0} because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.ZRetryZCancelF)default) Z socket_errorerrnoZEACCESrZ PluginErrorformatrZ EADDRINUSE display_utilZyesno)r(msgZ should_retryrrrrVs  rV)+r8rCriZloggingr'Ztypingrrrrrrrr r r r ZOpenSSLr Zacmerrr%ZcertbotrrrZcertbot.displayrrkZcertbot.pluginsrZ getLoggerr5r/ZBaseDualNetworkedServersZ"KeyAuthorizationAnnotatedChallengeZ ServedTyperZPluginr?r)rVrrrrs>                    Q[