a `@s0dZddlZddlZddlZddlmZddlZddlZddlZ ddl m Z ddl m Z ddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZeeZeree jeejfZGddde Z!e j"#ej$e j"%ej&Gdddej'Z(ddZ)dS)zStandalone Authenticator.N)errno) challenges) standalone) DefaultDict)Dict)Set)Tuple) TYPE_CHECKING) achallenges)errors) interfaces)commonc@s2eZdZdZddZd ddZddZd d Zd S) ServerManageraStandalone servers manager. Manager for `ACMEServer` and `ACMETLSServer` instances. `certs` and `http_01_resources` correspond to `acme.crypto_util.SSLSocket.certs` and `acme.crypto_util.SSLSocket.http_01_resources` respectively. All created servers share the same certificates and resources, so if you're running both TLS and non-TLS instances, HTTP01 handlers will serve the same URLs! cCsi|_||_||_dSN) _instancescertshttp_01_resources)selfrrrF/usr/lib/python3/dist-packages/certbot/_internal/plugins/standalone.py__init__-szServerManager.__init__c Cs|tjksJ||jvr"|j|S||f}zt||j}Wn2tjyn}zt ||WYd}~n d}~00| | dd}||j|<|S)aRun ACME server on specified ``port``. This method is idempotent, i.e. all calls with the same pair of ``(port, challenge_type)`` will reuse the same server. :param int port: Port to run the server on. :param challenge_type: Subclass of `acme.challenges.Challenge`, currently only `acme.challenge.HTTP01`. :param str listenaddr: (optional) The address to listen on. Defaults to all addrs. :returns: DualNetworkedServers instance. :rtype: ACMEServerMixin Nr) rHTTP01racme_standaloneZHTTP01DualNetworkedServersrsocketerrorr StandaloneBindErrorZ serve_forever getsocknames)rportZchallenge_type listenaddrZaddressserversrZ real_portrrrrun2s  " zServerManager.runcCsF|j|}|D]}tjdg|ddRq||j|=dS)zWStop ACME server running on the specified ``port``. :param int port: zStopping server at %s:%d...N)rrloggerdebugZshutdown_and_server_close)rrinstanceZsocknamerrrstopTs   zServerManager.stopcCs |jS)zReturn all running instances. Once the server is stopped using `stop`, it will not be returned. :returns: Mapping from ``port`` to ``servers``. :rtype: tuple )rcopyrrrrrunningas zServerManager.runningN)r)__name__ __module__ __qualname____doc__rr"r'r*rrrrr s   " rcspeZdZdZdZfddZeddZddZd d Z d d Z d dZ ddZ ddZ ddZddZZS) AuthenticatoraStandalone Authenticator. This authenticator creates its own ephemeral TCP listener on the necessary port in order to respond to incoming http-01 challenges from the certificate authority. Therefore, it does not rely on any existing server program. zSpin up a temporary webservercsDtt|j|i|tt|_i|_t|_t |j|j|_ dSr) superr/r collections defaultdictsetservedrrrr!)rargskwargs __class__rrr{s  zAuthenticator.__init__cCsdSrr)clsaddrrradd_parser_argumentssz"Authenticator.add_parser_argumentscCsdS)NzThis authenticator creates its own ephemeral TCP listener on the necessary port in order to respond to incoming http-01 challenges from the certificate authority. Therefore, it does not rely on any existing server program.rr)rrr more_infoszAuthenticator.more_infocCsdSrrr)rrrprepareszAuthenticator.preparecCstjgSr)rr)rZdomainrrrget_chall_prefszAuthenticator.get_chall_prefcsfdd|DS)Ncsg|]}|qSr)_try_perform_single).0achallr)rr z)Authenticator.perform..r)rachallsrr)rperformszAuthenticator.performc CsBz ||WStjy:}zt|WYd}~qd}~00qdSr)_perform_singler r_handle_perform_error)rrArrrrr?s z!Authenticator._try_perform_singlecCs"||\}}|j|||Sr)_perform_http_01r4r:)rrAr!responserrrrFszAuthenticator._perform_singlecCsX|jj}|jj}|jj|tj|d}|\}}tj j |j ||d}|j |||fS)N)r )challrI validation)ZconfigZ http01_portZhttp01_addressr!r"rrZresponse_and_validationrZHTTP01RequestHandlerZHTTP01ResourcerJrr:)rrArZaddrr!rIrKresourcerrrrHs  zAuthenticator._perform_http_01cCsd|jD]$\}}|D]}||vr||qq t|jD]\}}|j|s@|j|q@dSr)r4itemsremovesixZ iteritemsr!r*r')rrDZunused_serversZserver_achallsrArr!rrrcleanups zAuthenticator.cleanup)r+r,r-r.Z descriptionr classmethodr;r<r=r>rEr?rFrHrP __classcell__rrr7rr/ns   r/cCsr|jjtjkr td|j|jjtjkrjt j t j }d|j}|j|dddd}|snt|n|dS)NzCould not bind TCP port {0} because you don't have the appropriate permissions (for example, you aren't running this program as root).zCould not bind TCP port {0} because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.ZRetryZCancelF)default)Z socket_errorr socket_errorsZEACCESr Z PluginErrorformatrZ EADDRINUSEzopeZ componentZ getUtilityr ZIDisplayZyesno)rZdisplaymsgZ should_retryrrrrGs$ rG)*r.r1ZloggingrrrTZOpenSSLrOZzope.interfacerVZacmerrrZacme.magic_typingrrrrr Zcertbotr r r Zcertbot.pluginsr Z getLoggerr+r$ZBaseDualNetworkedServersZ"KeyAuthorizationAnnotatedChallengeZ ServedTypeobjectrZ interfaceZ implementerZIAuthenticatorZproviderZIPluginFactoryZPluginr/rGrrrrs<             N  O