3 گaV3@srdZddlZddlZddljZddljZddl Z ddl Z ddl Z ddl Z ddl mZddl mZddl mZddl mZddl mZddl mZdd l mZdd lmZdd lmZdd lmZdd lmZe jeZGddde jZGdddZ GdddZ!Gdddee Z"Gdddej#Z#Gddde#e Z$Gddde!Z%Gdddej&Z'Gddde j(Z)dS) z1Support for standalone client challenge solvers. N)Any)List)Mapping)Optional)Set)Tuple)Type)crypto)SSL) challenges) crypto_utilc@s\eZdZdZeeddddZddddZeje e j e j fd d d Z ddd d ZdS) TLSServerzGeneric TLS Server.N)argskwargsreturncOsj|jdd|_|jrtj|_ntj|_|jdi|_|jdtj|_ |jdd|_ t j j |f||dS)Nipv6Fcertsmethodallow_reuse_addressT)poprsocketAF_INET6address_familyAF_INETrr Z_DEFAULT_SSL_METHODrr socketserver TCPServer__init__)selfrrr /usr/lib/python3.6/standalone.pyrs  zTLSServer.__init__)rcCs&tj|j|jt|dd|jd|_dS)N_alpn_selection)Zcert_selectionZalpn_selectionr)r Z SSLSocketr_cert_selectiongetattrr)rrrr _wrap_sock*s zTLSServer._wrap_sock) connectionrcCs|j}|jj|dS)z.Callback selecting certificate for connection.N)get_servernamerget)rr$ server_namerrrr!0szTLSServer._cert_selectioncCs|jtjj|S)N)r#rr server_bind)rrrrr(6szTLSServer.server_bind)__name__ __module__ __qualname____doc__rrr#r Connectionrr PKeyX509r!r(rrrrr s  r c@seZdZdZdZdZdS)ACMEServerMixinz"ACME server common settings mixin.z'ACME client standalone challenge solverTN)r)r*r+r,server_versionrrrrrr0;sr0c@sjeZdZdZeejeee fe e ddddZ ddddZ e eee fdd d Zddd d ZdS) BaseDualNetworkedServersaBase class for a pair of IPv6 and IPv4 servers that tries to do everything it's asked for both servers, but where failures in one server don't affect the other. If two servers are instantiated, they will serve on the same port. N) ServerClassserver_addressremaining_argsrrc Os0|d}g|_g|_d}xd D]}y\||d<|df|f|dd}|f|} || |} tjd|d|d|rvdnd Wnptjk r} zR| }|jrtjd |d|d|rdnd n tjd |d|d|rdnd WYdd} ~ XqX|jj| | jjd}qW|js,|r"|n tjd dS)NTFrrz$Successfully bound to %s:%s using %sZIPv6ZIPv4zCertbot wasn't able to bind to %s:%s using %s, this is often expected due to the dual stack nature of IPv6 socket implementations.z Failed to bind to %s:%s using %szCould not bind to IPv4 or IPv6.)TF)threadsserversloggerdebugrerrorappend getsockname) rr3r4r5rZportZlast_socket_errZ ip_versionZ new_addressZnew_argsservererrrrJs:    & z!BaseDualNetworkedServers.__init__)rcCs6x0|jD]&}tj|jd}|j|jj|qWdS)z*Wraps socketserver.TCPServer.serve_forever)targetN)r9 threadingZThread serve_foreverstartr8r=)rr?threadrrrrC|s   z&BaseDualNetworkedServers.serve_forevercCsdd|jDS)z/Wraps socketserver.TCPServer.socket.getsocknamecSsg|]}|jjqSr)rr>).0r?rrr sz9BaseDualNetworkedServers.getsocknames..)r9)rrrr getsocknamessz%BaseDualNetworkedServers.getsocknamescCsBx|jD]}|j|jqWx|jD] }|jq(Wg|_dS)zpWraps socketserver.TCPServer.shutdown, socketserver.TCPServer.server_close, and threading.Thread.joinN)r9ZshutdownZ server_closer8join)rr?rErrrshutdown_and_server_closes     z2BaseDualNetworkedServers.shutdown_and_server_close)r)r*r+r,rrrrstrintrrrCrrHrJrrrrr2Bs 1r2c@seZdZdZdZdeeefeee j e j fe eee j e j ffe ddddZejee j e j fdd d Zejeeed d d ZdS)TLSALPN01ServerzTLSALPN01 Server.s acme-tls/1FN)r4rchallenge_certsrrcCstj||t||d||_dS)N)rr)r r_BaseRequestHandlerWithLoggingrN)rr4rrNrrrrrszTLSALPN01Server.__init__)r$rcCs|j}tjd||j|S)Nz)Serving challenge cert for server name %s)r%r:r;rN)rr$r'rrrr!s zTLSALPN01Server._cert_selection) _connection alpn_protosrcCsBt|dkr.|d|jkr.tjd|j|jStjdt|dS)z!Callback to select alpn protocol.r6rzAgreed on %s ALPNz#Cannot agree on ALPN proto. Got: %s)lenACME_TLS_1_PROTOCOLr:r;rK)rrPrQrrrr s zTLSALPN01Server._alpn_selection)F)r)r*r+r,rTrrKrLrr r.r/rboolrr r-r!bytesr rrrrrMs D rMc@s"eZdZdZeeddddZdS) HTTPServerzGeneric HTTP Server.N)rrrcOs>|jdd|_|jrtj|_ntj|_tjj|f||dS)NrF) rrrrrrBaseHTTPServerrWr)rrrrrrrs  zHTTPServer.__init__)r)r*r+r,rrrrrrrWsrWc@s6eZdZdZdeeefeej e eddddZ dS) HTTP01ServerzHTTP01 Server.FN)r4 resourcesrtimeoutrcCs tj||tj||d|ddS)N)simple_http_resourcesr\)r)rWrHTTP01RequestHandler partial_init)rr4r[rr\rrrrszHTTP01Server.__init__)FrZ) r)r*r+r,rrKrLrr HTTP01rUrrrrrrYsrYc@s"eZdZdZeeddddZdS)HTTP01DualNetworkedServersz`HTTP01Server Wrapper. Tries everything for both. Failures for one don't affect the other.N)rrrcOstj|tf||dS)N)r2rrY)rrrrrrrsz#HTTP01DualNetworkedServers.__init__)r)r*r+r,rrrrrrrasrac@seZdZdZejddZeeddddZe e dd d Z e edd d d Z ddddZddddZddddZddddZddddZeeeje ddddZdS)r^zHTTP01 challenge handler. Adheres to the stdlib's `socketserver.BaseRequestHandler` interface. :ivar set simple_http_resources: A set of `HTTP01Resource` objects. TODO: better name? HTTP01Resourcezchall response validationN)rrrcOs:|jdt|_|jdd|_tjj|f|||dS)Nr]r\rZ)rsetr]_timeoutrXBaseHTTPRequestHandlerr)rrrrrrrszHTTP01RequestHandler.__init__)rcCs|jS)z The default timeout this server should apply to requests. :return: timeout to apply :rtype: int )rd)rrrrr\szHTTP01RequestHandler.timeout)formatrrcGstjd|jd||dS)zLog arbitrary message.z %s - - %srN)r:r;client_address)rrfrrrr log_messagesz HTTP01RequestHandler.log_messagecCs|jdtjj|dS)zHandle request.zIncoming requestN)rhrXrehandle)rrrrris zHTTP01RequestHandler.handlecCs>|jdkr|jn&|jjdtjjr2|jn|jdS)N/)path handle_index startswithr r`Z URI_ROOT_PATHhandle_simple_http_resource handle_404)rrrrdo_GETs    zHTTP01RequestHandler.do_GETcCs6|jd|jdd|j|jj|jjjdS)zHandle index page.z Content-Typez text/htmlN) send_response send_header end_headerswfilewriter?r1encode)rrrrrls  z!HTTP01RequestHandler.handle_indexcCs4|jtjdd|jdd|j|jjddS)zHandler 404 Not Found errors.z Not Found)messagez Content-typez text/htmls404N)rr http_clientZ NOT_FOUNDrsrtrurv)rrrrros zHTTP01RequestHandler.handle_404cCsxxd|jD]P}|jj|jkr|jd|jjd|jtj|j|j j |j jdSqW|jd|jd|jdS)z$Handle HTTP01 provisioned resources.zServing HTTP01 with token %rtokenNzNo resources to servez0%s does not correspond to any resource. ignoring) r]ZchallrkrhrwrrryZOKrtrurvZ validation)rZresourcerrrrns   z0HTTP01RequestHandler.handle_simple_http_resourcez'functools.partial[HTTP01RequestHandler])r]r\rcCstj|||dS)zPartially initialize this handler. This is useful because `socketserver.BaseServer` takes uninitialized handler and initializes it with the current request. )r]r\) functoolspartial)clsr]r\rrrr_%s z!HTTP01RequestHandler.partial_init)r)r*r+r, collections namedtuplerbrrpropertyrLr\rKrhrirprlrorn classmethodrr r`r_rrrrr^s r^c@s0eZdZdZeeddddZddddZdS) rOz BaseRequestHandler with logging.N)rfrrcGstjd|jd||dS)zLog arbitrary message.z %s - - %srN)r:r;rg)rrfrrrrrh7sz*_BaseRequestHandlerWithLogging.log_message)rcCs|jdtjj|dS)zHandle request.zIncoming requestN)rhrBaseRequestHandlerri)rrrrri;s z%_BaseRequestHandlerWithLogging.handle)r)r*r+r,rKrrhrirrrrrO4srO)*r,r~r{Z http.clientZclientryZ http.serverr?rXZloggingrrrBZtypingrrrrrrrZOpenSSLr r Zacmer r Z getLoggerr)r:rr r0r2rMrWrYrarer^rrOrrrrs:               Q%  ^