Spade
Mini Shell
| Directory:~$ /proc/self/root/usr/lib/python2.7/site-packages/acme/ |
| [Home] [System Details] [Kill Me] |
�
���_c@s�dZddlZddlZddlZddlZddlZddlZddlmZddl Z
ddl
Z
ddl
Z
ddl
mZddl
mZddlmZddlmZddlmZdd lmZmZeje�Zd
e
jfd
��YZd
eee
jfd
��YZ
defd��YZ
defd��YZ
de
fd��YZ e
j
ej!�de
fd��Y�Z"e
j#de fd��Y�Z$ej#de"fd��Y�Z%e
j#de fd��Y�Z&ej#d
e"fd
��Y�Z'e
j#d
e fd ��Y�Z(ej#d
e"fd!��Y�Z)ej#d"e
fd#��Y�Z*e
j#d$e
fd%��Y�Z+dS(&s&ACME
Identifier Validation
Challenges.i����N(thashes(tSSL(tcrypto(t
crypto_util(terrors(tfields(t
ResourceMixint TypeMixint ChallengecBs#eZdZiZed��ZRS(sACME
challenge.cCsNytt|�j|�SWn-tjk
rI}tj|�tj|�SXdS(N(tsuperRt from_jsontjosetUnrecognizedTypeErrortloggertdebugtUnrecognizedChallenge(tclstjobjterror((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR
s
(t__name__t
__module__t__doc__tTYPESt
classmethodR
(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRstChallengeResponsecBs)eZdZiZdZeje�ZRS(sACME
challenge
response.t challenge(RRRRt
resource_typeRtResourcetresource(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR&sRcBs/eZdZd�Zd�Zed��ZRS(slUnrecognized
challenge.
ACME specification defines a generic framework for challenges and
defines some standard challenges that are implemented in this
module. However, other implementations (including peers) might
define additional challenge types, which should be ignored if
unrecognized.
:ivar jobj: Original JSON decoded object.
cCs*tt|�j�tj|d|�dS(NR(R Rt__init__tobjectt
__setattr__(tselfR((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR
;scCs|jS(N(R(R
((s3/usr/lib/python2.7/site-packages/acme/challenges.pytto_partial_json?scCs
||�S(N((RR((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR
Bs(RRRR
R!RR
(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR.s
t_TokenChallengec
Bs]eZdZddZejddejdejej dede
��Z
e
d��Z
RS( s3Challenge with token.
:ivar bytes token:
i�ittokentencodertdecodertsizetminimumcCs
d|jkod|jkS(s�Is
`token` good?
.. todo:: acme-spec wants "It MUST NOT contain any non-ASCII
characters", but it should also warrant that it
doesn't
contain ".." or "/"...
s..t/(R#(R
((s3/usr/lib/python2.7/site-packages/acme/challenges.pyt
good_tokenVs
(RRRt
TOKEN_SIZER
tFieldtencode_b64joset functoolstpartialtdecode_b64josetTrueR#tpropertyR)(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR"Gs
t!KeyAuthorizationChallengeResponsecBs8eZdZejd�ZejZd�Z d�Z
RS(s_Response to Challenges based on Key Authorization.
:param unicode key_authorization:
tkeyAuthorizationcCs�|jjd�}t|�dkr;tjd|j�tS|d|jd�krxtjd|d|jd��tStj|j d|j
��j
�}|d|kr�tjd |d|�tSt
S(
s%Verify the key authorization.
:param KeyAuthorization chall: Challenge that corresponds to
this response.
:param JWK account_public_key:
:return: ``True`` iff verification of the key authorization was
successful.
:rtype: bool
t.is)Key authorization (%r) is not well formediR#s8Mismatching
token in key authorization: %r instead of %rt
hash_functionis=Mismatching
thumbprint in key authorization: %r instead of
%r(
tkey_authorizationtsplittlenR
RtFalsetencodeR
t b64encodet
thumbprinttthumbprint_hash_functiontdecodeR0(R
tchalltaccount_public_keytpartsR<((s3/usr/lib/python2.7/site-packages/acme/challenges.pytverifyns
cCs)tt|�j�}|jdd�|S(NR3(R R2R!tpoptNone(R
R((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR!�s(
RRRR
R+R6RtSHA256R=RBR!(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR2es
tKeyAuthorizationChallengecBsPeZdZeZeZejZd�Zd�Z e
j
d��Z
d�Z
RS(s�Challenge based on Key Authorization.
:param response_cls: Subclass of `KeyAuthorizationChallengeResponse`
that will be used to generate `response`.
:param str typ: type of the challenge
cCs3|jd�dtj|jd|j��j�S(s^Generate Key
Authorization.
:param JWK account_key:
:rtype unicode:
R#R4R5(R:R
R;R<R=R>(R
t
account_key((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR6�s cCs|jd|j|��S(s�Generate
response to the challenge.
:param JWK account_key:
:returns: Response (initialized `response_cls`) to the challenge.
:rtype: KeyAuthorizationChallengeResponse
R6(t
response_clsR6(R
RG((s3/usr/lib/python2.7/site-packages/acme/challenges.pytresponse�s cKs
t��dS(s�Generate
validation for the challenge.
Subclasses must implement this method, but they are likely to
return completely different data structures, depending on
what's
necessary to complete the challenge. Interpretation of that
return value must be known to the caller.
:param JWK account_key:
:returns: Challenge-specific validation.
N(tNotImplementedError(R
RGtkwargs((s3/usr/lib/python2.7/site-packages/acme/challenges.pyt
validation�s
cOs"|j|�|j|||�fS(s�Generate response
and validation.
Convenience function that return results of `response` and
`validation`.
:param JWK account_key:
:rtype: tuple
(RIRL(R
RGtargsRK((s3/usr/lib/python2.7/site-packages/acme/challenges.pytresponse_and_validation�s
(RRRtNotImplementedttypRHR2R=R6RItabctabstractmethodRLRN(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRF�s
t
DNS01ResponsecBs
eZdZdZd�ZRS(s ACME
dns-01 challenge
response.sdns-01cCs,|j||�}|s(tjd�n|S(s�Simple
verify.
This method no longer checks DNS records and is a simple wrapper
around `KeyAuthorizationChallengeResponse.verify`.
:param challenges.DNS01 chall: Corresponding challenge.
:param unicode domain: Domain name being verified.
:param JWK account_public_key: Public key for the key pair
being authorized.
:return: ``True`` iff verification of the key authorization was
successful.
:rtype: bool
s4Verification of key authorization in response failed(RBR
R(R
R?tdomainR@tverified((s3/usr/lib/python2.7/site-packages/acme/challenges.pyt
simple_verify�s(RRRRPRV(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRS�stDNS01cBs5eZdZeZejZdZd�Zd�ZRS(sACME
dns-01
challenge.s_acme-challengecKs4tjtj|j|�jd��j��j�S(sWGenerate
validation.
:param JWK account_key:
:rtype: unicode
sutf-8(R
R;thashlibtsha256R6R:tdigestR>(R
RGt
unused_kwargs((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRL�scCsdj|j|�S(skDomain
name for TXT validation record.
:param unicode name: Domain name being validated.
s{0}.{1}(tformattLABEL(R
tname((s3/usr/lib/python2.7/site-packages/acme/challenges.pytvalidation_domain_names( RRRRSRHRPR]RLR_(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRW�s
tHTTP01ResponsecBs,eZdZdZdZdZdd�ZRS(s ACME http-01
challenge response.shttp-01iPs
c Cs0|j||�s#tjd�tS|d k rd||jkrdtjd|�|dj|�7}n|j|�}tjd|j |�yt
j
|dt�}Wn-t
j
j
k
r�}tjd||�tSXtjd||j|j�|jj|j�}|j|kr,tjd|j|�tStS(
s�Simple verify.
:param challenges.SimpleHTTP chall: Corresponding challenge.
:param unicode domain: Domain name being verified.
:param JWK account_public_key: Public key for the key pair
being authorized.
:param int port: Port used in the validation.
:returns: ``True`` iff validation with the files currently served
by the
HTTP server is successful.
:rtype: bool
s4Verification of key authorization in response faileds4Using
non-standard port for http-01 verification: %ss:{0}sVerifying %s at
%s...RBsUnable to reach %s: %ss
Received %s: %s. Headers: %ssEKey
authorization from response (%r) doesn't match HTTP response
(%r)N(RBR
RR9RDtPORTtwarningR\turiRPtrequeststgett
exceptionstRequestExceptionRttexttheaderstrstriptWHITESPACE_CUTSETR6R0( R
R?RTR@tportRct
http_responseRtchallenge_response((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRV
s.
N(RRRRPRaRkRDRV(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR`
s
tHTTP01cBsDeZdZeZejZdZed��Zd�Z d�Z
RS(sACME http-01
challenge.s.well-known/acme-challengecCs
d|jd|jd�S(sTPath
(starting with '/') for provisioned resource.
:rtype: string
R(R#(t
URI_ROOT_PATHR:(R
((s3/usr/lib/python2.7/site-packages/acme/challenges.pytpathSscCsd||jS(s�Create
an URI to the provisioned resource.
Forms an URI to the HTTPS server provisioned resource
(containing :attr:`~SimpleHTTP.token`).
:param unicode domain: Domain name being verified.
:rtype: string
shttp://(Rq(R
RT((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRc\s
cKs
|j|�S(sWGenerate validation.
:param JWK account_key:
:rtype: unicode
(R6(R
RGR[((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRLhs(
RRRR`RHRPRpR1RqRcRL(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRoJs
tTLSALPN01ResponsecBsneZdZdZdZdZdZed��Zd
dd�Z
d
d
d�Z
d �Z
d
d
d
d
�Z
RS(
s$ACME tls-alpn-01 challenge
response.s
tls-alpn-01i�s1.3.6.1.5.5.7.1.30.1s
acme-tls/1cCs tj|jjd��j�S(s*Hash value stored in challenge
certificatesutf-8(RXRYR6R:RZ(R
((s3/usr/lib/python2.7/site-packages/acme/challenges.pyth�sicCs�|dkr.tj�}|jtj|�ndtj|jd�}tj|j dt
d|�}t
j
||gdt
d|g�|fS(s�Generate tls-alpn-01 certificate.
:param unicode domain: Domain verified by the challenge.
:param OpenSSL.crypto.PKey key: Optional private key used in
certificate generation. If not provided (``None``), then
fresh key will be generated.
:param int bits: Number of bits for newly generated key.
:rtype: `tuple` of `OpenSSL.crypto.X509` and `OpenSSL.crypto.PKey`
sDER:thextcriticaltvaluet force_sant
extensionsN(
RDRtPKeyt
generate_keytTYPE_RSAtcodecsR:Rst
X509ExtensiontID_PE_ACME_IDENTIFIER_V1R0Rt
gen_ss_cert(R
RTtkeytbitst der_valuetacme_extension((s3/usr/lib/python2.7/site-packages/acme/challenges.pytgen_cert�s
c Csq|dkr1tj|�}tjd||�n|dkrI|j}ntjd|d|d|d|jg�S(s�Probe
tls-alpn-01 challenge certificate.
:param unicode domain: domain being validated, required.
:param string host: IP address used to probe the certificate.
:param int port: Port used to probe the certificate.
s%s resolved to
%sthostRlR^talpn_protocolsN( RDtsockett
gethostbynameR
RRaRt probe_snitACME_TLS_1_PROTOCOL(R
RTR�Rl((s3/usr/lib/python2.7/site-packages/acme/challenges.pyt
probe_cert�s
cCs�tj|�}tjd|jd�|�t|�dksY|dj�|j�kr]tSxTt|j ��D]@}|j
|�}|j
�dkrp|j
�}||j
kSqpWtS(s
Verify tls-alpn-01
challenge certificate.
:param unicode domain: Domain name being validated.
:param OpensSSL.crypto.X509 cert: Challenge certificate.
:returns: Whether the certificate was successfully verified.
:rtype: bool
sCertificate %s. SANs: %sRYiitUNDEF(Rt
_pyopenssl_cert_or_req_all_namesR
RRZR8tlowerR9trangetget_extension_countt
get_extensiontget_short_nametget_dataRs(R
RTtcerttnamestitexttdata((s3/usr/lib/python2.7/site-packages/acme/challenges.pyt
verify_cert�s
.
cCs�|j||�s#tjd�tS|dkr�y"|jd|d|d|�}Wq�tjk
r�}tjt|�dt �tSXn|j
||�S(s�Simple verify.
Verify ``validation`` using ``account_public_key``, optionally
probe tls-alpn-01 certificate and check using `verify_cert`.
:param .challenges.TLSALPN01 chall: Corresponding challenge.
:param str domain: Domain name being validated.
:param JWK account_public_key:
:param OpenSSL.crypto.X509 cert: Optional certificate. If not
provided (``None``) certificate will be retrieved using
`probe_cert`.
:param string host: IP address used to probe the certificate.
:param int port: Port used to probe the certificate.
:returns: ``True`` if and only if client's control of the
domain has been verified.
:rtype: bool
s4Verification of key authorization in response
failedRTR�Rltexc_infoN(
RBR
RR9RDR�RtErrortstrR0R�(R
R?RTR@R�R�RlR((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRV�s
"N(RRRRPRaR~R�R1RsRDR�R�R�RV(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRrrs
t TLSALPN01cBs5eZdZeZejZd�Zed��ZRS(sACME
tls-alpn-01
challenge.cKs1|j|�jd|jd�d|jd��S(s�Generate
validation.
:param JWK account_key:
:param unicode domain: Domain verified by the challenge.
:param OpenSSL.crypto.PKey cert_key: Optional private key used
in certificate generation. If not provided (``None``), then
fresh key will be generated.
:rtype: `tuple` of `OpenSSL.crypto.X509` and `OpenSSL.crypto.PKey`
R�tcert_keyRT(RIR�Re(R
RGRK((s3/usr/lib/python2.7/site-packages/acme/challenges.pyRL�s
cCs"ttjd�o!ttjd�S(si
Check if TLS-ALPN-01 challenge is supported on this machine.
This implies that a recent version of OpenSSL is installed (>=
1.0.2),
or a recent cryptography version shipped with the OpenSSL library
is installed.
:returns: ``True`` if TLS-ALPN-01 is supported on this machine,
``False`` otherwise.
:rtype: bool
tset_alpn_protostset_alpn_select_callback(thasattrRt
ConnectiontContext(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyt
is_supporteds
( RRRRrRHRPRLt
staticmethodR�(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR��s
tDNScBsDeZdZdZdZejd�Zd�Zd�Z d�Z
RS(sACME "dns"
challenge.tdnss_acme-challengecKs7tjjd|jdt�jd�d|d||�S(s�Generate
validation.
:param .JWK account_key: Private account key.
:param .JWA alg:
:returns: This challenge wrapped in `.JWS`
:rtype: .JWS
tpayloadt sort_keyssutf-8R�talg(R
tJWStsignt
json_dumpsR0R:(R
RGR�RK((s3/usr/lib/python2.7/site-packages/acme/challenges.pytgen_validations
cCsg|jd|�stSy#||j|jjd��kSWn'tjk
rb}tjd|�tSXdS(swCheck validation.
:param JWS validation:
:param JWK account_public_key:
:rtype: bool
R�sutf-8s&Checking validation for DNS failed: %sN( RBR9t
json_loadsR�R>R
tDeserializationErrorR
R(R
RLR@R((s3/usr/lib/python2.7/site-packages/acme/challenges.pytcheck_validation)s cKstd|j||��S(s�Generate
response.
:param .JWK account_key: Private account key.
:param .JWA alg:
:rtype: DNSResponse
RL(t
DNSResponseR�(R
RGRK((s3/usr/lib/python2.7/site-packages/acme/challenges.pyt
gen_response:s
cCsdj|j|�S(skDomain
name for TXT validation record.
:param unicode name: Domain name being validated.
s{0}.{1}(R\R](R
R^((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR_Fs(
RRRRPR]R
tRS256R�R�R�R_(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR�s
R�cBs8eZdZdZejddejj�Zd�Z RS(s@ACME
"dns" challenge response.
:param JWS validation:
R�RLR%cCs|j|j|�S(s~Check validation.
:param challenges.DNS chall:
:param JWK account_public_key:
:rtype: bool
(R�RL(R
R?R@((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR�Zs (
RRRRPR
R+R�R
RLR�(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyR�Os(,RRQR|R-RXtloggingR�t
cryptography.hazmat.primitivesRtjosepyR
RdtsixtOpenSSLRRtacmeRRRt
acme.mixinsRRt getLoggerRR
tTypedJSONObjectWithFieldsRRRR"R2t
add_metaclasstABCMetaRFtregisterRSRWR`RoRrR�R�R�(((s3/usr/lib/python2.7/site-packages/acme/challenges.pyt<module>sP
/@ = ' { $ ;