ó Á£ô_c@s¦dZddlZddlZddlZddlmZddlZddlZddlZ ddl m Z ddl m Z ddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZejeƒZer@ee jeejfZnde fd„ƒYZ!e j"j#ej$ƒe j"j%ej&ƒdej'fd„ƒYƒƒZ(d„Z)dS(sStandalone Authenticator.iÿÿÿÿN(terrno(t challenges(t standalone(t DefaultDict(tDict(tSet(tTuple(t TYPE_CHECKING(t achallenges(terrors(t interfaces(tcommont ServerManagercBs5eZdZd„Zdd„Zd„Zd„ZRS(s§Standalone servers manager. Manager for `ACMEServer` and `ACMETLSServer` instances. `certs` and `http_01_resources` correspond to `acme.crypto_util.SSLSocket.certs` and `acme.crypto_util.SSLSocket.http_01_resources` respectively. All created servers share the same certificates and resources, so if you're running both TLS and non-TLS instances, HTTP01 handlers will serve the same URLs! cCsi|_||_||_dS(N(t _instancestcertsthttp_01_resources(tselfRR((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pyt__init__-s  tcCs®|tjkst‚||jkr/|j|S||f}ytj||jƒ}Wn(tjk r~}t j ||ƒ‚nX|j ƒ|j ƒdd}||j|<|S(sRun ACME server on specified ``port``. This method is idempotent, i.e. all calls with the same pair of ``(port, challenge_type)`` will reuse the same server. :param int port: Port to run the server on. :param challenge_type: Subclass of `acme.challenges.Challenge`, currently only `acme.challenge.HTTP01`. :param str listenaddr: (optional) The address to listen on. Defaults to all addrs. :returns: DualNetworkedServers instance. :rtype: ACMEServerMixin ii( RtHTTP01tAssertionErrorR tacme_standalonetHTTP01DualNetworkedServersRtsocketterrorR tStandaloneBindErrort serve_forevert getsocknames(Rtporttchallenge_typet listenaddrtaddresstserversRt real_port((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pytrun2s    cCsP|j|}x(|jƒD]}tjd|d ŒqW|jƒ|j|=dS(sWStop ACME server running on the specified ``port``. :param int port: sStopping server at %s:%d...iN(R Rtloggertdebugtshutdown_and_server_close(RRtinstancetsockname((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pytstopTs    cCs |jjƒS(sÉReturn all running instances. Once the server is stopped using `stop`, it will not be returned. :returns: Mapping from ``port`` to ``servers``. :rtype: tuple (R tcopy(R((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pytrunningas (t__name__t __module__t__doc__RR"R(R*(((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pyR s    " t AuthenticatorcBsteZdZdZd„Zed„ƒZd„Zd„Zd„Z d„Z d„Z d „Z d „Z d „ZRS( sStandalone Authenticator. This authenticator creates its own ephemeral TCP listener on the necessary port in order to respond to incoming http-01 challenges from the certificate authority. Therefore, it does not rely on any existing server program. sSpin up a temporary webservercOs\tt|ƒj||Žtjtƒ|_i|_tƒ|_t |j|jƒ|_ dS(N( tsuperR.Rt collectionst defaultdicttsettservedRRR R (Rtargstkwargs((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pyR{s   cCsdS(N((tclstadd((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pytadd_parser_argumentsŠscCsdS(NsÞThis authenticator creates its own ephemeral TCP listener on the necessary port in order to respond to incoming http-01 challenges from the certificate authority. Therefore, it does not rely on any existing server program.((R((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pyt more_infoŽscCsdS(N((R((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pytprepare”scCs tjgS(N(RR(Rtdomain((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pytget_chall_pref—scCs g|D]}|j|ƒ^qS(N(t_try_perform_single(Rtachallstachall((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pytperform›scCsEx>tr@y|j|ƒSWqtjk r<}t|ƒqXqWdS(N(tTruet_perform_singleR Rt_handle_perform_error(RR?R((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pyR=žs  cCs-|j|ƒ\}}|j|j|ƒ|S(N(t_perform_http_01R3R7(RR?R tresponse((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pyRB¥scCs†|jj}|jj}|jj|tjd|ƒ}|jƒ\}}tj j d|j d|d|ƒ}|j j |ƒ||fS(NRtchallREt validation(tconfigt http01_portthttp01_addressR R"RRtresponse_and_validationRtHTTP01RequestHandlertHTTP01ResourceRFRR7(RR?RtaddrR RERGtresource((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pyRDªs   cCsšxJ|jjƒD]9\}}x*|D]"}||kr#|j|ƒq#q#WqWxFtj|jjƒƒD],\}}|j|sf|jj|ƒqfqfWdS(N(R3titemstremovetsixt iteritemsR R*R((RR>tunused_serverstserver_achallsR?RR ((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pytcleanup´s  % (R+R,R-t descriptionRt classmethodR8R9R:R<R@R=RBRDRV(((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pyR.ns         cCs¯|jjtjkr3tjdj|jƒƒ‚n|jjtjkr¥t j j t j ƒ}dj|jƒ}|j|dddtƒ}|s«tj|ƒ‚q«n|‚dS(Ns†Could not bind TCP port {0} because you don't have the appropriate permissions (for example, you aren't running this program as root).sªCould not bind TCP port {0} because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.tRetrytCanceltdefault(t socket_errorRt socket_errorstEACCESR t PluginErrortformatRt EADDRINUSEtzopet componentt getUtilityR tIDisplaytyesnotFalse(Rtdisplaytmsgt should_retry((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pyRC¿s  (*R-R0tloggingRRR]tOpenSSLRRtzope.interfaceRbtacmeRRRtacme.magic_typingRRRRRtcertbotRR R tcertbot.pluginsR t getLoggerR+R#tBaseDualNetworkedServerst"KeyAuthorizationAnnotatedChallenget ServedTypetobjectR t interfacet implementertIAuthenticatortprovidertIPluginFactorytPluginR.RC(((sH/usr/lib/python2.7/site-packages/certbot/_internal/plugins/standalone.pyts8      NO