403Webshell
Server IP : 15.235.198.142  /  Your IP : 216.73.216.168
Web Server : Apache/2.4.58 (Ubuntu)
System : Linux ballsack 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64
User : www-data ( 33)
PHP Version : 8.3.6
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /snap/certbot/current/lib/python3.12/site-packages/acme/__pycache__/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /snap/certbot/current/lib/python3.12/site-packages/acme/__pycache__/client.cpython-312.pyc
�

:Kh�����dZddlZddlZddlmZddlmZddlZddl	Z	ddl
Z
ddlZddlZddl
mZddl
mZddl
mZddl
mZddl
mZdd	l
mZdd
l
mZddl
mZddlmZddlZddlZdd
lmZddlmZddlm Z ddlm!Z!ddlm"Z"ddlm#Z#ddlm$Z$ejJe&�Z'dZ(Gd�d�Z)Gd�d�Z*dejVde,fd�Z-y)zACME client API.�N)�parsedate_tz)�Any)�cast)�List)�Mapping)�Optional)�Set)�Tuple)�Union)�x509)�HTTPAdapter)�parse_header_links)�
challenges)�crypto_util)�errors)�jws)�messages�-c
���eZdZdZdej
ddddfd�Zdejdejfd	�Z	d
ejdejfd�Z
	d:d
ejdeejdejfd
�Z
d;d
ejdedejfd�Zd:dedeedej$fd�Zdej(deej(ej.ffd�Z	d:dej$deej2dej$fd�Zdej$dej2dej$fd�Zdej$dej$fd�Z	d;dej$dej2dedej$fd�Z	d;dej$dej2dedej$fd�Zdedeeej2ej2ffd�Zde jBd e"ddfd!�Z#defd"�Z$d#e%d$e%dej.fd%�Z&d&ej.d'ede'efd(�Z(e)d)edddej
fd*��Z*e)		d<d&ej.d+eed,eedejfd-��Z+d
ejd.ejdejfd/�Z,d#e%d$e%dej.fd0�Z-d
ejdejfd1�Z.dej(dej(fd2�Z/		d<d&ej.d3eej`d+eedej(fd4�Z1d5ejdd&e3jhdejjfd6�Z6e)d&ej.d7e"dej2fd8��Z7de jBd e"d)eddfd9�Z8y)=�ClientV2zuACME client for a v2 API.

    :ivar messages.Directory directory:
    :ivar .ClientNetwork net: Client network.
    �	directory�net�
ClientNetwork�returnNc� �||_||_y)z�Initialize.

        :param .messages.Directory directory: Directory Resource
        :param .ClientNetwork net: Client network.
        N)rr)�selfrrs   �{/build/snapcraft-certbot-96d641e948b53801324821d152d90051/parts/certbot/install/lib/python3.12/site-packages/acme/client.py�__init__zClientV2.__init__-s��#�������new_accountc��|j|jd|�}|jdk(r0d|jvr"t	j
|jd��|j
|�}||j_|S)z�Register.

        :param .NewRegistration new_account:

        :raises .ConflictError: in case the account already exists

        :returns: Registration Resource.
        :rtype: `.RegistrationResource`
        �
newAccount���Location)	�_postr�status_code�headersr�
ConflictError�_regr_from_responser�account)rr �response�regrs    rr zClientV2.new_account6su���:�:�d�n�n�\�:�K�H�����3�&�:��9I�9I�+I��&�&�x�'7�'7�
�'C�D�D��'�'��1��������rr,c�p�|j|d�|j_|jjS)z�Query server about registration.

        :param messages.RegistrationResource regr: Existing Registration
            Resource.

        T)�_get_v2_accountrr*�rr,s  r�query_registrationzClientV2.query_registrationIs-�� �/�/��d�;������x�x���r�updatec���|j|�}|�|jn|}tjdit	|���}|j||��}||j_|S)aKUpdate registration.

        :param messages.RegistrationResource regr: Registration Resource.
        :param messages.Registration update: Updated body of the
            resource. If not provided, body will be taken from `regr`.

        :returns: Updated Registration Resource.
        :rtype: `.RegistrationResource`

        ��body�)r.r4r�UpdateRegistration�dict�_send_recv_regrrr*)rr,r1r4�updated_regrs     r�update_registrationzClientV2.update_registrationUsa���#�#�D�)��$�n����&���*�*�:�T�&�\�:���+�+�D�t�+�<��'������r�update_bodyc�v�d|j_|jjd��}|j	|j
d|�}|jd}|j|r-tjj|j��n|j|��}||j_|S)NT)�only_return_existingr"r$�r4�uri)rr*r4r1r%rr'r�Registration�	from_json�json)rr,r;�only_existing_regr+�updated_uri�new_regrs       rr.zClientV2._get_v2_accountks�������� �I�I�,�,�$�,�G���:�:�d�n�n�\�:�<M�N���&�&�z�2���;�;�"-�%-�$9�$9�$C�$C�H�M�M�O�$T�37�9�9�#.��0��$������r�csr_pem�profilec	��tj|�}tj|j|j
�}	|j
j
tj�}|jjtj�}g}|D]6}|jtjtj|����8|D]?}	|jtjtj t#|	�����A|�d}tj$||��}
|j'|j(d|
�}tj*j-|j/��}g}
|j0D]3}|
j|j3|j5|�|����5tj6||j8j;d�|
|��S#tj$rg}Y��vwxYw)z�Request a new Order object from the server.

        :param bytes csr_pem: A CSR in PEM format.

        :returns: The newly created order.
        :rtype: OrderResource
        )�typ�value�)�identifiersrG�newOrder�r?r$)r4r?�authorizationsrF)r�load_pem_x509_csrr�%get_names_from_subject_and_extensions�subject�
extensions�get_extension_for_class�SubjectAlternativeNamerJ�get_values_for_type�	IPAddress�ExtensionNotFound�appendr�
Identifier�IDENTIFIER_FQDN�
IDENTIFIER_IP�str�NewOrderr%r�OrderrArBrO�_authzr_from_response�_post_as_get�
OrderResourcer'�get)rrFrG�csr�dnsNames�san_ext�ipNamesrL�name�ip�orderr+r4rO�urls               r�	new_orderzClientV2.new_orderws����$�$�W�-���D�D�S�[�[�RU�R`�R`�a��	H��n�n�<�<�T�=X�=X�Y�G��m�m�7�7����G�G����	�D����x�2�2�x�7O�7O�� �
�	��	 �B����x�2�2�x�7M�7M��"�g� �
 �	 ��?��G��!�!�k�7�K���:�:�d�n�n�Z�8�%�@���~�~�'�'��
�
��8�����&�&�	_�C��!�!�$�"<�"<�T�=N�=N�s�=S�Y\�"<�"]�^�	_��%�%��� � �$�$�Z�0�)��	�	��-�%�%�	��G�	�s�)G1�1H
�	H
�authzrc��|j|j�}|j||jj|j�}||fS)aPoll Authorization Resource for status.

        :param authzr: Authorization Resource
        :type authzr: `.AuthorizationResource`

        :returns: Updated Authorization Resource and HTTP response.

        :rtype: (`.AuthorizationResource`, `requests.Response`)

        )rar?r`r4�
identifier)rrmr+�updated_authzrs    r�pollz
ClientV2.poll�sH���$�$�V�Z�Z�0���3�3��f�k�k�,�,�f�j�j�:���x�'�'r�orderr�deadlinec��|�5tjj�tjd��z}|j||�}|j	||�S)adPoll authorizations and finalize the order.

        If no deadline is provided, this method will timeout after 90
        seconds.

        :param messages.OrderResource orderr: order to finalize
        :param datetime.datetime deadline: when to stop polling and timeout

        :returns: finalized order
        :rtype: messages.OrderResource

        �Z��seconds)�datetime�now�	timedelta�poll_authorizations�finalize_order)rrrrss   r�poll_and_finalizezClientV2.poll_and_finalize�sS�����(�(�,�,�.��1C�1C�B�1O�O�H��)�)�&�(�;���"�"�6�8�4�4rc�H�g}|jjD]�}tjj�|ks�%|j	|j|�|��}|jjtjk7r|j|���tjd�tjj�|kr����t|�t|jj�krtj��g}|D]c}|jjtjk7s�+|jj D] }|j"��|j|��"�e|rtj$|��|j'|��S)zPoll Order Resource for status.rN�)rO)r4rOrxryr`ra�statusr�STATUS_PENDINGrY�time�sleep�lenr�TimeoutError�STATUS_VALIDr�error�ValidationErrorr1)rrrrs�	responsesrkrm�failed�challs        rr{zClientV2.poll_authorizations�sU���	��;�;�-�-�	�C��#�#�'�'�)�H�4��3�3�D�4E�4E�c�4J�PS�3�T���;�;�%�%��)@�)@�@��$�$�V�,���
�
�1�
��#�#�'�'�)�H�4�	��y�>�C���� :� :�;�;��%�%�'�'����	.�F��{�{�!�!�X�%:�%:�:�#�[�[�3�3�.�E��{�{�.��
�
�f�-�.�	.�
��(�(��0�0��}�}�I�}�6�6rc�6�tj|j�}tj|��}|j|jj|�}|jtjj|j����}|S)a�Start the process of finalizing an order.

        :param messages.OrderResource orderr: order to finalize
        :param datetime.datetime deadline: when to stop polling and timeout

        :returns: updated order
        :rtype: messages.OrderResource

        :raises .messages.Error: If server indicates order is not yet in ready state,
            it will return a 403 (Forbidden) error with a problem document/error code of type
            "orderNotReady"

        )rdr3)rrPrFr�CertificateRequestr%r4�finalizer1r_rArB)rrrrd�wrapped_csr�ress     r�begin_finalizationzClientV2.begin_finalization�sl���$�$�V�^�^�4���1�1�c�:���j�j����-�-�{�;�����H�N�N�$<�$<�S�X�X�Z�$H��I���
r�fetch_alternative_chainsc���d}tjj�|k�r/|dkDrtj|�|j	|j
�}tjj|j��}|jtjk(r@|j�tj|j��tjd��|jtj k(r|j#|�d}�n|jtj$k(r�|j&��|j	|j&�}|j)||j*��}|rL|j-|d�}|D�	cgc]}	|j	|	�j*��}
}	|j)|
��}|S|jtj.k(rM|j1|d�}t3||�}|tjj�z
j5�}tjj�|kr��/tj6��cc}	w)a�
        Poll an order that has been finalized for its status.
        If it becomes valid, obtain the certificate.

        If a finalization request previously returned `orderNotReady`,
        poll until ready, send a new finalization request, and continue
        polling until valid as above.

        :returns: finalized order (with certificate)
        :rtype: messages.OrderResource
        rrzPThe certificate order failed. No further information was provided by the server.)r4�
fullchain_pem�	alternate)�alternative_fullchains_pem)rxryr�r�rar?rr_rArBr��STATUS_INVALIDr�r�
IssuanceError�Error�STATUS_READYr�r��certificater1�text�
_get_links�STATUS_PROCESSING�retry_after�min�
total_secondsr�)rrrrsr��
sleep_secondsr+r4�certificate_response�alt_chains_urlsrk�
alt_chainsr�s            r�poll_finalizationzClientV2.poll_finalization�s��� !�
����#�#�%��0��q� ��
�
�=�)��(�(����4�H��>�>�+�+�H�M�M�O�<�D��{�{�h�5�5�5��:�:�)� �.�.�t�z�z�:�:��l�l�%�&�&����� 5� 5�5��'�'��/� !�
����� 5� 5�5�$�:J�:J�:V�(,�'8�'8��9I�9I�'J�$����D�@T�@Y�@Y��Z��+�&*�o�o�6J�K�&X�O�IX�!Y�#�$�"3�"3�C�"8�"=�"=�!Y�J�!Y�#�]�]�j�]�Q�F��
����� :� :�:�#�.�.�x��;��"�+�x�8��!,�x�/@�/@�/D�/D�/F�!F� U� U� W�
�K���#�#�%��0�L�!�!�#�#��"Zs�"I(c��	|j|�|j	|||�S#tj$r}|jdk7r|�Yd}~�<d}~wwxYw)a{Finalize an order and obtain a certificate.

        :param messages.OrderResource orderr: order to finalize
        :param datetime.datetime deadline: when to stop polling and timeout
        :param bool fetch_alternative_chains: whether to also fetch alternative
            certificate chains

        :returns: finalized order
        :rtype: messages.OrderResource

        �
orderNotReadyN)r�rr��coder�)rrrrsr��es     rr|zClientV2.finalize_order)sY��	��#�#�F�+��%�%�f�h�8P�Q�Q���~�~�	��v�v��(���)��	�s�&�A�A�A�cert_pemc��tjj�}tjd��}tj|�}|j
tjjtjj�kr|j
||zfS	|jd}|dzt|�z}	|jj|d��}t j(j+|j-��}	|	j.j0}
|	j.j2}||
z
j5�}t7j8d	|�}
|
tj|
��z}|j;||j<�}||fS#t$r
d||zfcYSwxYw#tjjt j"f$r(}t$j'd||�d||zfcYd}~Sd}~wwxYw)
a�Return an appropriate time to attempt renewal of the certificate,
        and the next time to ask the ACME server for renewal info.

        If the certificate has already expired, renewal info isn't checked.
        Instead, the certificate's notAfter time is returned and the certificate
        should be immediately renewed.

        If the ACME directory has a "renewalInfo" field, the response will be
        based on a fetch of the renewal info resource for the certificate
        (https://www.ietf.org/archive/id/draft-ietf-acme-ari-08.html).

        If there is no "renewalInfo" field, this function will return a tuple of
        None, and the next time to ask the ACME server for renewal info.

        This function may make other network calls in the future (e.g., OCSP
        or CRL).

        :param bytes cert_pem: cert as pem file

        :returns: Tuple of time to attempt renewal, next time to ask for renewal info
        i`Trv�renewalInfoN�/�application/json��content_typez)failed to fetch renewal_info URL (%s): %sr)rxryrzr�load_pem_x509_certificate�not_valid_after_utc�timezone�utcr�KeyError�_renewal_info_path_componentrrc�requests�
exceptions�RequestExceptionrr��logger�info�RenewalInforArB�suggested_window�start�endr��random�uniformr�rw)rr�ry�default_retry_after�cert�renewal_info_base_url�ari_url�respr��renewal_infor�r��
delta_seconds�random_seconds�random_timer�s                r�renewal_timezClientV2.renewal_time=s���.���#�#�%��&�0�0��E���-�-�h�7���#�#�h�&7�&7�&;�&;�H�<M�<M�<Q�<Q�&R�R��+�+�S�3F�-F�F�F�	3�$(�N�N�=�$A�!�(�#�-�0L�T�0R�R��	3��8�8�<�<��6H�<�I�D�
.6�-A�-A�-K�-K�D�I�I�K�-X���-�-�3�3���+�+�/�/���u��3�3�5�
�����=�9���h�0�0��H�H���&�&�t�-@�-H�-H�I���K�'�'��)�	3���2�2�2�2�	3���#�#�4�4�h�n�n�E�	3��K�K�C�W�e�T���2�2�2�2��	3�s0� F�F/�F,�+F,�/-H�G?�9H�?Hr��rsnc�D�|j|||jd�y)z�Revoke certificate.

        :param x509.Certificate cert: `x509.Certificate`

        :param int rsn: Reason code for certificate revocation.

        :raises .ClientError: If revocation is unsuccessful.

        �
revokeCertN)�_revoker)rr�r�s   r�revokezClientV2.revoke{s��	
���T�3����|� <�=rc��t|jd�xrBt|jjd�xr |jjjS)zGChecks if ACME server requires External Account Binding authentication.�meta�external_account_required)�hasattrrr�r��rs rr�z"ClientV2.external_account_required�sG���t�~�~�v�.�=��t�~�~�*�*�,G�H�=��~�~�"�"�<�<�	=r�args�kwargsc�B�|dddz|ddz}|j|i|��S)z
        Send GET request using the POST-as-GET protocol.
        :param args:
        :param kwargs:
        :return:
        Nr�N)r%)rr�r��new_argss    rrazClientV2._post_as_get�s5�����8�g�%��Q�R��0���t�z�z�8�.�v�.�.rr+�
relation_typec��d|jvrgSt|jd�}|D�cgc]}d|vrd|vr
|d|k(r|d��c}Scc}w)z�
        Retrieves all Link URIs of relation_type from the response.
        :param requests.Response response: The requests HTTP response.
        :param str relation_type: The relation type to filter by.
        �Link�relrk)r'r)rr+r��links�ls     rr�zClientV2._get_links�sk����)�)�)��I�"�8�#3�#3�F�#;�<��"'�L�Q��A�:�%�1�*��5��]�1J��%��L�	L��Ls�Arkc�z�tjj|j|�j	��S)aB
        Retrieves the ACME directory (RFC 8555 section 7.1.1) from the ACME server.
        :param str url: the URL where the ACME directory is available
        :param ClientNetwork net: the ClientNetwork to use to make the request

        :returns: the ACME directory object
        :rtype: messages.Directory
        )r�	DirectoryrArcrB)�clsrkrs   r�
get_directoryzClientV2.get_directory�s,���!�!�+�+�C�G�G�C�L�,=�,=�,?�@�@rr?�terms_of_servicec��d|jvr|jdd}tjtjj	|j��|jjd|�|��S)Nzterms-of-servicerkr$)r4r?r�)r�r�RegistrationResourcer@rArBr'rc)r�r+r?r�s    rr)zClientV2._regr_from_response�sk������/�'�~�~�.@�A�%�H���,�,��&�&�0�0�����A�� � �$�$�Z��5�-�/�	/rr4c��|j|j|�}|j||j|j��S)N)r?r�)r%r?r)r�)rr,r4r+s    rr8zClientV2._send_recv_regr�sB���:�:�d�h�h��-���'�'��$�(�(�!�2�2�(�4�	4rc��|jdt|jd��|jj|i|��S)z�Wrapper around self.net.post that adds the newNonce URL.

        This is used to retry the request in case of a badNonce error.

        �
new_nonce_url�newNonce)�
setdefault�getattrrr�post�rr�r�s   rr%zClientV2._post�s9��	���/�7�4�>�>�:�+N�O��t�x�x�}�}�d�-�f�-�-rc�f�|j|tjjddd���S)z�Deactivate registration.

        :param messages.RegistrationResource regr: The Registration Resource
            to be deactivated.

        :returns: The Registration resource that was deactivated.
        :rtype: `.RegistrationResource`

        �deactivatedN)r��contact)r:rr@rAr/s  r�deactivate_registrationz ClientV2.deactivate_registration�s4���'�'��h�.C�.C�.M�.M�$��6�/8�9�	9rc���tjd��}|j|j|�}|j	||j
j|j�S)aDeactivate authorization.

        :param messages.AuthorizationResource authzr: The Authorization resource
            to be deactivated.

        :returns: The Authorization resource that was deactivated.
        :rtype: `.AuthorizationResource`

        r�)r�)r�UpdateAuthorizationr%r?r`r4ro)rrmr4r+s    r�deactivate_authorizationz!ClientV2.deactivate_authorization�sP���+�+�=�A���:�:�f�j�j�$�/���)�)�(��K�K�"�"�F�J�J�0�	0rroc��tjtjj|j	��|j
j
d|���}|�.|jj|k7rtj|��|S)Nr$r>)r�AuthorizationResource�
AuthorizationrArBr'rcr4ror�UnexpectedUpdate)rr+ror?rms     rr`zClientV2._authzr_from_response�ss���/�/��'�'�1�1�(�-�-�/�B�� � �$�$�Z��5�7���!�f�k�k�&<�&<�
�&J��)�)�&�1�1��
r�challbc��|j|j|�}	|jdd}t
j|tjj|j����}|j|jk7rt	j|j��|S#t$rt	j
d��wxYw)ahAnswer challenge.

        :param challb: Challenge Resource body.
        :type challb: `.ChallengeBody`

        :param response: Corresponding Challenge response
        :type response: `.challenges.ChallengeResponse`

        :returns: Challenge Resource with updated body.
        :rtype: `.ChallengeResource`

        :raises .UnexpectedUpdate:

        �uprkz"up" Link header missing)�
authzr_urir4)r%r?r�r�r�ClientErrorr�ChallengeResource�
ChallengeBodyrArBr�)rr�r+r�r��challrs      r�answer_challengezClientV2.answer_challenge�s��� �z�z�&�*�*�h�/��	A����D�)�%�0�J��+�+�!��'�'�1�1�$�)�)�+�>�@���:�:����#��)�)�&�*�*�5�5��
���	A��$�$�%?�@�@�	A�s�B,�,C�defaultc��|jjdt|��}	t|�}tjj�t
j|��zS#t$rat|�}|�O	t
j|d�|dnd�}t
j|dd�|z
cYS#ttf$rYnwxYw|}Y��wxYw)a�Compute next `poll` time based on response ``Retry-After`` header.

        Handles integers and various datestring formats per
        https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.37

        :param requests.Response response: Response from `poll`.
        :param int default: Default value (in seconds), used when
            ``Retry-After`` header is not present or invalid.

        :returns: Time point when next `poll` should be performed.
        :rtype: `datetime.datetime`

        zRetry-AfterN���r�rv)
r'rcr]�int�
ValueErrorrrxrz�
OverflowErrorry)r�r+rr�rw�when�tz_secss       rr�zClientV2.retry_afters����&�&�*�*�=�#�g�,�G��	��+�&�G�� � �$�$�&��);�);�G�)L�L�L���
	� ��,�D����&�0�0�T�"�X�=Q��b��WX�Y�G�#�,�,�d�2�A�h�7�'�A�A��"�M�2������G�
	�s5�A'�'C�>6B7�4C�7C	�C�C	�	C�Cc��|j|tj||���}|jtj
k7rt
jd��y)aRevoke certificate.

        :param .x509.Certificate cert: `x509.Certificate`

        :param int rsn: Reason code for certificate revocation.

        :param str url: ACME URL to post to

        :raises .ClientError: If revocation is unsuccessful.

        )r��reasonz0Successful revocation must return HTTP OK statusN)r%r�
Revocationr&�http_client�OKrr)rr�r�rkr+s     rr�zClientV2._revoke:sY���:�:�c�&�1�1�,0�'*�,�-�����;�>�>�1��$�$�B�D�
D�2rr�)F)NN)9�__name__�
__module__�__qualname__�__doc__rr�r�NewRegistrationr�r r0rr@r:�boolr.�bytesr]rbrlr�r
r��Responserqrxr}r{r�r�r|r�r�Certificater	r�r�rrarr��classmethodr�r)r8r%r�r�rZr`rr�ChallengeResponserrr�r�r5rrrr&s�����(�"4�"4��?��t���x�'?�'?��H�Da�Da��&
 �x�'D�'D�
 � (� =� =�
 �GK���(E�(E��$,�X�-B�-B�$C��!)�!>�!>��,
�H�$A�$A�
�PT�
�$�9�9�
�&��&��#��&�(�J`�J`�&�P(�8�9�9�(���6�6��8I�8I�I�J�(�$CG�5��(>�(>�5�$,�X�->�->�$?�5�KS�Ka�Ka�5�&7�(�*@�*@�7�H�L]�L]�7�!)�!7�!7�7�2��)?�)?�� (� 6� 6��.<A�6$��(>�(>�6$�$,�$5�$5�6$�48�6$� (�5�5�6$�r9>�R�X�%;�%;�R�x�GX�GX�R�15�R�BJ�BX�BX�R�(;(�U�;(�
�8�H�-�-�.��0A�0A�A�
B�;(�|
>�4�+�+�
>�#�
>�$�
>�=�4�=�/�#�/��/��9J�9J�/�L�8�#4�#4�L�S�L�T�RU�Y�L��	A��	A�/�	A�h�>P�>P�	A��	A��SW�>B�	/�8�+<�+<�	/�8�C�=�	/�.6�s�m�	/�!)�!>�!>�	/��	/�4�H�$A�$A�4�&�3�3�4�8@�8U�8U�4�.�3�.�#�.�(�2C�2C�.�9�H�,I�,I�9�%-�%B�%B�9�0�)1�)G�)G�0�&.�&D�&D�0�$KO�37��h�.?�.?��*2�8�3F�3F�*G��#+�C�=��<D�<Z�<Z���x�'=�'=��#-�#?�#?��DL�D^�D^��:�M�8�#4�#4�M�s�M�x�GX�GX�M��M�>D�D�,�,�D�3�D�S�D�T�Drrc�d�eZdZdZdZdZdZdZ	ddejdde
fd	eejd
ee
jdejded
ededdfd�Zd$d�Zdej*dededefd�Ze	d%dej2deedej2fd��Zdededededej2f
d�Zdededej2fd�Zefdedededej2fd�Zdej2ddfd�Zded edefd!�Z dededej2fd"�Z!efdedej*dededej2f
d#�Z"y)&rzvWrapper around requests that signs POSTs for authentication.

    Also adds user agent, and handles Content-Type.
    r�zapplication/jose+jsonzapplication/problem+jsonzReplay-NonceNTzacme-python�keyr*�alg�
verify_ssl�
user_agent�timeoutrc�,�||_||_||_||_t	�|_||_tj�|_	||_
t�}|jjd|�|jjd|�y)Nzhttp://zhttps://)
rr*r r!�set�_noncesr"r��Session�session�_default_timeoutr
�mount)rrr*r r!r"r#�adapters        rrzClientNetwork.__init__dsw�����������$���!$����$����'�'�)��� '����-�������9�g�.������:�w�/rc�X�	|jj�y#t$rYywxYwr�)r(�close�	Exceptionr�s r�__del__zClientNetwork.__del__us)��	��L�L��� ���	��	�s��	)�)�obj�noncerkc	��|r |jd��j�nd}tjd|�|jsJ�|j
|||jd�}|j�|jd|d<tjj|fittttf|���jd��S)z�Wrap `JSONDeSerializable` object in JWS.

        .. todo:: Implement ``acmePath``.

        :param josepy.JSONDeSerializable obj:
        :param str url: The URL to which this object will be POSTed
        :param str nonce:
        :rtype: str

        �)�indentrzJWS payload:
%s)r r1rkrr?�kid)�
json_dumps�encoder��debugrr r*r�JWS�signrrr]r)rr0r1rk�jobjr�s      r�_wrap_in_jwszClientNetwork._wrap_in_jws}s���58�s�~�~�Q�~�'�.�.�0�S�����'��.��x�x��x��8�8����8�8�	
���<�<�#� �L�L��/�F�5�M��w�w�|�|�D�D�D���c��):�F�$C�D�O�O�WX�O�Y�Yrr+r�c��|jjd�}|r"|jd�dj�}	|j	�}|jdk(r/tj|jjdd���|js\|�E||jk7rtjd|�	tjj|��tj$|��|�%||j&k7rtjd	|�||j&k(r|�tj$d
|����|S#t
$rd}Y��wxYw#t j"$r}tj$||f��d}~wwxYw)a�Check response content and its type.

        .. note::
           Checking is not strict: wrong server response ``Content-Type``
           HTTP header is ignored if response is an expected JSON object
           (c.f. Boulder #56).

        :param str content_type: Expected Content-Type response header.
            If JSON is expected and not present in server response, this
            function will raise an error. Otherwise, wrong Content-Type
            is ignored, but logged.

        :raises .messages.Error: If server response body
            carries HTTP Problem (https://datatracker.ietf.org/doc/html/rfc7807).
        :raises .ClientError: In case of other networking errors.

        �Content-Type�;rNi�r$zUNKNOWN-LOCATIONz/Ignoring wrong Content-Type (%r) for JSON Errorz<Ignoring wrong Content-Type (%r) for JSON decodable responsez"Unexpected response Content-Type: )r'rc�split�striprBr
r&rr(�ok�JSON_ERROR_CONTENT_TYPEr�r8rr�rA�jose�DeserializationErrorr�JSON_CONTENT_TYPE)r�r+r��response_ctr;r�s      r�_check_responsezClientNetwork._check_response�s{��(�&�&�*�*�>�:���%�+�+�C�0��3�9�9�;�K�	��=�=�?�D����3�&��&�&�x�'7�'7�';�';�J�HZ�'[�\�\��{�{����#�"=�"=�=��L�L�I�#�%�@�"�.�.�2�2�4�8�8��(�(��2�2���K�3�3H�3H�$H����� +�-��s�4�4�4����(�(�+M�k�]�)[�\�\����;�	��D�	���0�0�@� �,�,�h��->�?�?��@�s*�E	�E�	E�E�F
�.F�F
�methodr�r�c	�h�|dk(rtjd||d�ntjd||�|j|d<|jdi�|djd|j�|jd|j
�	|jj||g|��i|��}d
|dvr t!j"|j$�}
nd|_|j(}
tjd|j*dj-d�|j.j1�D��|
�|S#tjj$rR}	d	}tj|t|��}|��|j�\}	}
}}td|	�|
�d|����d
}~wwxYw)a�Send HTTP request.

        Makes sure that `verify_ssl` is respected. Logs request and
        response (with headers). For allowed parameters please see
        `requests.request`.

        :param str method: method for the new `requests.Request` object
        :param str url: URL for the new `requests.Request` object

        :raises requests.exceptions.RequestException: in case of any problems

        :returns: HTTP Response
        :rtype: `requests.Response`


        �POSTzSending POST request to %s:
%s�datazSending %s request to %s.�verifyr'z
User-Agentr#zT.*host='(\S*)'.*Max retries exceeded with url\: (\/\w*).*(\[Errno \d+\])([A-Za-z ]*)NzRequesting �:�Acceptzutf-8z!Received response:
HTTP %d
%s

%s�
c3�FK�|]\}}dj||����y�w)z{0}: {1}N)�format)�.0�k�vs   r�	<genexpr>z.ClientNetwork._send_request.<locals>.<genexpr>s+����F�$(�A�q� *�0�0��A�6�F�s�!)r�r8r!r�r"r)r(�requestr�r�r��re�matchr]�groupsr
�base64�	b64encode�content�encodingr�r&�joinr'�items)rrIrkr�r�r+r��	err_regex�m�host�path�_err_no�err_msg�
debug_contents              r�
_send_requestzClientNetwork._send_request�s���"�V���L�L�:��v�f�~�
/�
�L�L�4�f�c�B��?�?��x�����)�R�(��y��$�$�\�4�?�?�C����)�T�%:�%:�;�	C�+�t�|�|�+�+�F�C�I�$�I�&�I�H�8�v�i�(�(�"�,�,�X�-=�-=�>�M�!(�H��$�M�M�M����<��)�)��Y�Y�F�,4�,<�,<�,B�,B�,D�F�F�"�		$�
���S�"�"�3�3�	C�
/�p�I�����C��F�+�A��y��+,�8�8�:�(�D�$����{�4�&���a��y�A�B�B��+	C�s�!E�F1�A
F,�,F1c�.�|jdg|��i|��S)aSend HEAD request without checking the response.

        Note, that `_check_response` is not called, as it is expected
        that status code other than successfully 2xx will be returned, or
        messages2.Error will be raised by the server.

        �HEAD)rhr�s   r�headzClientNetwork.heads!��"�t�!�!�&�:�4�:�6�:�:rc�L�|j|jd|fi|��|��S)z$Send GET request and check response.�GETr�)rHrh)rrkr�r�s    rrczClientNetwork.get#s7���#�#��D���u�c�4�V�4�<�$�Q�	Qrc��|j|jvrx|j|j}	tjjdj|�}tjd|�|jj|�ytj|��#tj$r}tj||��d}~wwxYw)Nr1zStoring nonce: %s)�REPLAY_NONCE_HEADERr'r�Header�_fields�decoderDrEr�BadNoncer�r8r&�add�MissingNonce)rr+r1�
decoded_noncer�s     r�
_add_noncezClientNetwork._add_nonce)s����#�#�x�'7�'7�7��$�$�T�%=�%=�>�E�
4� #�
�
� 2� 2�7� ;� B� B�5� I�
�
�L�L�,�e�4��L�L���]�+��%�%�h�/�/���,�,�
4��o�o�e�U�3�3��
4�s�,B&�&C�9C�Cr�c��|js\tjd�|�|j|�}n"|j	|j|�d��}|j|�|jj
�S)NzRequesting fresh noncer�)r&r�r8rkrHrw�pop)rrkr�r+s    r�
_get_noncezClientNetwork._get_nonce5si���|�|��L�L�1�2��$��9�9�S�>�� �/�/��	�	�-�0H�W[�/�\���O�O�H�%��|�|���!�!rc���	|j|i|��S#tj$rB}|jdk(r-tjd|�|j|i|��cYd}~S�d}~wwxYw)z�POST object wrapped in `.JWS` and check response.

        If the server responded with a badNonce error, the request will
        be retried once.

        �badNoncez Retrying request after error:
%sN)�
_post_oncerr�r�r�r8)rr�r�r�s    rr�zClientNetwork.post@se��	�"�4�?�?�D�3�F�3�3���~�~�	��z�z�Z�'����@�%�H�&�t����7��7�7���		�s ��A)�6A$�A)�#A$�$A)c�N�|jdd�}|jstjd��|j	||j||�|�}|j
dd|i�|jd|fd|i|��}|j||��}|j|�|S)Nr�z2acme.ClientNetwork with no private key can't POST.r'r>rKrLr�)
ryrrr�r<rzr�rhrHrw)rrkr0r�r�r�rLr+s        rr}zClientNetwork._post_onceOs����
�
�?�D�9�
��x�x��,�,�S�T�T�� � ��d�o�o�c�=�&I�3�O�����)�n�l�%C�D�%�4�%�%�f�c�G��G��G���'�'��|�'�L������!��r)rNr�)#rrrrrF�JOSE_CONTENT_TYPErCrorD�RS256�DEFAULT_NETWORK_TIMEOUTr�JWKrr��JWASignaturerr]r	rr/�JSONDeSerializabler<rr�rrHrrhrkrcrwrzr�r}r5rrrrOs%���+��/��8��(��
�26�DH�*.�*�*��#0�AX�0�H�T�X�X�.�0�"�8�#@�#@�A�0��'�'�0�BF�0�!�0�<?�0�^b�0�"�Z�� 7� 7�Z��Z�#�Z�RU�Z�4�6:�8�x�'8�'8�8�&.�s�m�8�?G�?P�?P�8��8�tE�C�E�c�E�#�E��E�QY�Qb�Qb�E�N;�#�;��;��1B�1B�;�1B�Q�s�Q�#�Q��Q�&�/�/�Q�
0�8�#4�#4�
0��
0�	"�c�	"�#�	"�#�	"�
�#�
��
��1B�1B�
� (9�
�c�
��(?�(?�
�!$�
�DG�
�LT�L]�L]�
rrr�rc��|jjtjj�}|j
j}tj|�jd�jdd�}|j}tj|j�dzdz�}|j|dd��}tj|�jd�jdd�}|�d	|��S)
N�ascii�=rKr��bigT)�	byteorder�signed�.)rS�get_extension_for_oidr�ExtensionOID�AUTHORITY_KEY_IDENTIFIERrJ�key_identifierr[�urlsafe_b64encoderr�replace�
serial_number�math�ceil�
bit_length�to_bytes)r��akid_extr��akid_encoded�serial�encoded_serial_len�serial_bytes�serial_encodeds        rr�r�[s������4�4�T�5F�5F�5_�5_�`�H��^�^�2�2�N��+�+�N�;�B�B�7�K�S�S�TW�Y[�\�L��
�
�F����F�$5�$5�$7��$9�1�#<�=���?�?�#5��t�?�T�L��-�-�l�;�B�B�7�K�S�S�TW�Y[�\�N��^�1�^�,�-�-r).rr[rx�email.utilsr�http.client�clientr�loggingr�r�rXr��typingrrrrrr	r
r�cryptographyr�josepyrDr��requests.adaptersr
�requests.utilsr�acmerrrrr�	getLoggerrr�r�rrrr]r�r5rr�<module>r�s����
��$�!���
�	�������������)�-������	��	�	�8�	$����fD�fD�RJ�J�X.�t�'7�'7�.�C�.r

Youez - 2016 - github.com/yon3zu
LinuXploit