Spade
Mini Shell
| Directory:~$ /proc/self/root/lib/python2.7/site-packages/certbot/_internal/ |
| [Home] [System Details] [Kill Me] |
�
���_c@s�dZddlZddlZddlZddlZddlmZddlmZ ddlm
Z
ddl
m
Z
ddl
m
Z
ddl
mZdd lmZddlmZdd
lmZdd
lmZeje�Zd
efd
��YZd�Zd�Zd�Zd�Z
d�Z
dZ
ie
dd6e
dd6dd6dd6e
d
d
6e
d
6e
d 6Z d
�Z d!�Z!dS("sACME AuthHandler.i����N(t
challenges(terrors(tmessages(tDict(tList(tTuple(t
achallenges(t
interfaces(t
error_handlert
AuthHandlercBs\eZdZd�Zedd�Zd�Zd�Zd�Zd�Z d�Z
d �Z
RS(
s
ACME Authorization Handler for a client.
:ivar auth: Authenticator capable of solving
:class:`~acme.challenges.Challenge` types
:type auth: :class:`certbot.interfaces.IAuthenticator`
:ivar acme.client.BackwardsCompatibleClientV2 acme_client: ACME client
API.
:ivar account: Client's Account
:type account: :class:`certbot._internal.account.Account`
:ivar list pref_challs: sorted user specified preferred challenges
type strings with the most preferred challenge listed first
cCs(||_||_||_||_dS(N(tauthtacmetaccountt
pref_challs(tselfR
t
acme_clientR
R
((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyt__init__&s i
c Cs�|j
}|s"tjd��n|j|�}|s;|Stj|j|��ayl|jj|�}t j
d�t
j
j
tj�}|jr�t
j
j
tj�j}|ddt�nWn6tjk
r�} t jd�t j
d�| �nXt|�t|�kstd��x3t||�D]"\}
}
|jj|
j|
�q*W|j|||�g|D]!}
|
j
j
t
j krj|
^qj}
|
s�tjd��n|
SWd QXd S(
sT
Retrieve all authorizations, perform all challenges required to
validate
these authorizations, then poll and wait for the authorization to
be checked.
:param acme.messages.OrderResource orderr: must have authorizations
filled in
:param bool best_effort: if True, not all authorizations need to be
validated (eg. renew)
:param int max_retries: maximum number of retries to poll
authorizations
:returns: list of all validated authorizations
:rtype: List
:raises .AuthorizationError: If unable to retrieve all
authorizations
sNo authorization to handle.sWaiting for
verification...s\Challenges loaded. Press continue to submit to CA. Pass
"-v" for more info about challenges.tpauses!Failure in setting
up challenges.s0Attempting to clean up outstanding challenges...s(Some
challenges have not been performed.sAll challenges have failed.N(
tauthorizationsRtAuthorizationErrort_choose_challengesRt
ExitHandlert_cleanup_challengesR
tperformtloggertinfotzopet componentt
getUtilityRtIConfigtdebug_challengestIDisplayt
notificationtTruetcriticaltlentAssertionErrortzipR
tanswer_challengetchallbt_poll_authorizationstbodytstatusRt
STATUS_VALID(Rtorderrt
best_effortt
max_retriestauthzrstachallstrespstconfigtnotifyterrortachalltresptauthzrtauthzrs_validated((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pythandle_authorizations-s8
$
!cCs�g|jD]!}|jjtjkr
|^q
}g}g}xm|D]e}y#|jj|�}|j|�WqDtj k
r�}|j|�t
j
d|j
|�qDXqDW||fS(s~
Deactivate all `valid` authorizations in the order, so that they
cannot be re-used
in subsequent orders.
:param messages.OrderResource orderr: must have authorizations
filled in
:returns: tuple of list of successfully deactivated authorizations,
and
list of unsuccessfully deactivated authorizations.
:rtype: tuple
s)Failed to deactivate authorization %s:
%s(
RR)R*RR+R
tdeactivate_authorizationtappendt
acme_errorstErrorRtdebugturi(RR,R7t
to_deactivatet
deactivatedtfailedte((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyt deactivate_valid_authorizationses
!
c
s�d�t|�D�}g}d}xEt|�D]7}|dkrQtj|�n�fd�|j�D�}x*|j�D]
\}\} }| ||<qzWg|j�D]'\} }| jjtj kr�| ^q�}
x'|
D] }
t
j
d|
jj
j
�q�W|j|
�d�|j�D�}|s+Pnt�fd�|j�D��}
|
tjj�j�}q/W|r�t|�jj�|s�tjd��q�n|r�tjd ��nd
S(
s
Poll the ACME CA server, to wait for confirmation that
authorizations have their challenges
all verified. The poll may occur several times, until all
authorizations are checked
(valid or invalid), or after a maximum of retries.
cSs%i|]\}}|df|�qS(N(tNone(t.0tindexR7((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pys
<dictcomp>�s iics1i|]'\}\}}�jj|�|�qS((R
tpoll(RFRGR7t_(R(sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pys
<dictcomp>�s s
Challenge failed for domain
%scSs@i|]6\}\}}|jjtjkr||f|�qS((R)R*RtSTATUS_PENDING(RFRGR7R6((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pys
<dictcomp>�s c3s*|]
\}}�jj|d�VqdS(iN(R
t
retry_after(RFRIR6(R(sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pys <genexpr>�ss
Some
challenges have failed.s0All authorizations were not finalized by the
CA.N(t enumeratetrangettimetsleeptitemstvaluesR)R*RtSTATUS_INVALIDRtwarningt
identifiertvaluetextendtmaxtdatetimetnowt
total_secondst_report_failed_authzrsR
tkeyRR(
RR/R.R-tauthzrs_to_checktauthzrs_failed_to_reportt
sleep_secondsRIRGR7tauthzrs_failedt
authzr_failedRK((RsB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyR(~s<
!
cCs�g|D]!}|jjtjkr|^q}g}|rJtjd�nx�|D]�}|jj}|jjdkr�|jj }n"t
d�t
t
|��D��}t
||j|jjj�|�}|j|j||��qQW|S(s�
Retrieve necessary and pending challenges to satisfy server.
NB: Necessary and already validated challenges are not retrieved,
as they can be reused for a certificate issuance.
s$Performing the following
challenges:icss|]}|fVqdS(N((RFti((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pys <genexpr>�s(R)R*RR+RRRR
t
acme_versiont
combinationsttupleRMR#tgen_challenge_patht_get_chall_prefRTRURVt_challenge_factory(RR/R7tpending_authzrsR0tauthzr_challengesRdtpath((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyR�s
!
"
cCs�g}|jj|�}|jr�td�|D��}x7|jD],}||krA|jtjj|�qAqAW|r{|Stj d��n|j
|�|S(s{Return list of challenge preferences.
:param str domain: domain for which you are requesting preferences
css|]}|jVqdS(N(ttyp(RFtchall((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pys <genexpr>�ssENone
of the preferred challenges are supported by the selected plugin(
R
tget_chall_prefR
tsetR;Rt ChallengetTYPESRRRV(Rtdomaint
chall_prefst
plugin_preftplugin_pref_typesRl((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyRg�s
cCs!tjd�|jj|�dS(s�Cleanup
challenges.
:param achalls: annotated challenges to cleanup
:type achalls: `list` of
:class:`certbot.achallenges.AnnotatedChallenge`
sCleaning up challengesN(RRR
tcleanup(RR0((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyR�s
cCsSg}xF|D]>}|jj|}|jt||jj|jjj��q
W|S(siConstruct
Namedtuple Challenges
:param messages.AuthorizationResource authzr: authorization
:param list path: List of indices from `challenges`.
:returns: achalls, list of challenge type
:class:`certbot.achallenges.Indexed`
:rtype: list
:raises .errors.Error: if challenge type is not recognized
(R)RR;tchallb_to_achallR
R\RTRU(RR7RkR0RGR'((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyRh�s
#(
t__name__t
__module__t__doc__RtFalseR9RDR(RRgRRh(((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyR s 8 <
cCs�|j}tjd|j|�t|tj�rMtjd|d|d|�St|tj �rutj d|d|�St
j
dj
|j���dS(s:Converts a ChallengeBody object to an
AnnotatedChallenge.
:param .ChallengeBody challb: ChallengeBody
:param .JWK account_key: Authorized Account Key
:param str domain: Domain of the challb
:returns: Appropriate AnnotatedChallenge
:rtype: :class:`certbot.achallenges.AnnotatedChallenge`
s%s challenge for %sR'Rrt
account_keys+Received unsupported
challenge of type: {0}N(
RmRRRlt
isinstanceRtKeyAuthorizationChallengeRt"KeyAuthorizationAnnotatedChallengetDNSRR=tformat(R'R|RrRm((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyRw
s
cCs#|rt|||�St||�S(s�Generate
a plan to get authority over the identity.
.. todo:: This can be possibly be rewritten to use
resolved_combinations.
:param tuple challbs: A tuple of challenges
(:class:`acme.messages.Challenge`) from
:class:`acme.messages.AuthorizationResource` to be
fulfilled by the client in order to prove possession of the
identifier.
:param list preferences: List of challenge preferences for domain
(:class:`acme.challenges.Challenge` subclasses)
:param tuple combinations: A collection of sets of challenges from
:class:`acme.messages.Challenge`, each of which would
be sufficient to prove possession of the identifier.
:returns: tuple of indices from ``challenges``.
:rtype: tuple
:raises certbot.errors.AuthorizationError: If a
path cannot be created that satisfies the CA given the preferences
and
combinations.
(t_find_smart_patht_find_dumb_path(tchallbst
preferencesRd((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyRf$sc
Cs�i}d}x.t|�D]
\}}|||<||7}qWd}|}d} x`|D]X}
x.|
D]&}
| |j||
jj|�7} qcW| |kr�|
}| }nd} qVW|s�t|�n|S(s�Find challenge path with server
hints.
Can be called if combinations is included. Function uses a simple
ranking system to choose the combo with the lowest cost.
iiN(RLREtgetRmt __class__t_report_no_chall_path(
R�R�Rdt
chall_costtmax_costRbt chall_clst
best_combotbest_combo_costt
combo_totaltcombotchallenge_index((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyR�Cs&
csfg}xYt|�D]K\}�t�fd�|D�t�}|rT|j|�qt|�qW|S(s�Find
challenge path without server hints.
Should be called if the combinations hint is not included by the
server. This function either returns a path containing all
challenges provided by the CA or raises an exception.
c3s'|]
}t�j|�rtVqdS(N(R}RmR!(RFtpref_c(R'(sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pys <genexpr>ss(RLtnextR{R;R�(R�R�RkRbt supported((R'sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyR�hs cCs^d}t|�dkr>t|djtj�r>|d7}ntj|�tj|��dS(s�Logs
and raises an error that no satisfiable chall path exists.
:param challbs: challenges from the authorization that can't be
satisfied
syClient with the currently selected authenticator does not support any
combination of challenges that will satisfy the CA.iisM You may need to
use an authenticator plugin that can do challenges over
DNS.N( R#R}RmRtDNS01RR"RR(R�tmsg((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyR�}s
+
s�To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain contain(s)
the right IP address.s Additionally, please check that your computer has
a publicly routable IP address and that no firewalls are preventing the
server from communicating with the client. If you're using the webroot
plugin, you should also verify that you are serving files from the webroot
path you provided.t
connectionse Additionally, if you have DNSSEC enabled for your domain,
please ensure that the signature is valid.tdnssecs�To fix these errors,
please make sure that you did not provide any invalid information to the
client, and try running Certbot again.t malformedsoUnfortunately, an error
on the ACME server prevented you from completing authorization. Please try
again later.tserverInternals� Additionally, please check that you have
an up-to-date TLS configuration that allows the server to communicate with
the Certbot
client.ttlst
unauthorizedt
unknownHostc Cs�i}g|D]=}|jjD]*}|jr
t|||jjj�^q
q
}x-|D]%}|j|jjg�j|�qWWt j
j
t
j
�}x-|j�D] }|jt|�|j�q�WdS(s.Notifies the
user about failed authorizations.N(R)RR4RwRTRUt
setdefaultRlR;RRR
Rt IReporterRQt
add_messaget_generate_failed_chall_msgtMEDIUM_PRIORITY( tfailed_authzrsR|tproblemsR7R'tfailed_achallsR5treporterR0((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyR[�s-
#cCs�|dj}|j}tj|�r1|j}ndg}x1|D])}|jd|j||jjf�qAW|tkr�|jd�|jt|�ndj |�S(sCreates
a user friendly error message about failed challenges.
:param list failed_achalls: A list of failed
:class:`certbot.achallenges.AnnotatedChallenge` with the same error
type.
:returns: A formatted error message for the client.
:rtype: str
is1The following errors were reported by the server:s"
Domain: %s
Type: %s
Detail: %ss
t(
R4RlRt
is_acme_errortcodeR;Rrtdetailt
_ERROR_HELPtjoin(R�R4RlR�R5((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyR��s
("RzRXtloggingRNtzope.componentRR
RRR<Rtacme.magic_typingRRRtcertbotRRtcertbot._internalRt getLoggerRxRtobjectR RwRfR�R�R�t_ERROR_HELP_COMMONR�R[R�(((sB/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.pyt<module>s@
� %