HOME


Mini Shell 1.0
DIR: /snap/certbot/4482/lib64/python3.12/site-packages/acme/__pycache__/
Upload File :
Current File : //snap/certbot/4482/lib64/python3.12/site-packages/acme/__pycache__/client.cpython-312.pyc
�

�S�gT{��x�dZddlZddlZddlmZddlmZddlZddl	Z	ddl
Z
ddlmZddlm
Z
ddlmZddlmZddlmZdd	lmZdd
lmZddlmZddlZddlmZddlZddlZddlZdd
lmZddlmZddlm Z ddlm!Z!ddlm"Z"ddlm#Z#ddlm$Z$ejJe&�Z'dZ(Gd�d�Z)Gd�d�Z*y)zACME client API.�N)�parsedate_tz)�Any)�cast)�List)�Mapping)�Optional)�Set)�Tuple)�Union)�x509)�HTTPAdapter)�parse_header_links)�
challenges)�crypto_util)�errors)�jws)�messages�-c
��eZdZdZdej
ddddfd�Zdejdejfd	�Z	d
ejdejfd�Z
	d8d
ejdeejdejfd
�Z
d9d
ejdedejfd�Zd8dedeedej$fd�Zdej(deej(ej.ffd�Z	d8dej$deej2dej$fd�Zdej$dej2dej$fd�Zdej$dej$fd�Z	d9dej$dej2dedej$fd�Z	d9dej$dej2dedej$fd�Zdej@de!ddfd�Z"defd �Z#d!e$d"e$dej.fd#�Z%d$ej.d%ede&efd&�Z'e(d'edddej
fd(��Z)e(		d:d$ej.d)eed*eedejfd+��Z*d
ejd,ejdejfd-�Z+d!e$d"e$dej.fd.�Z,d
ejdejfd/�Z-dej(dej(fd0�Z.		d:d$ej.d1eej^d)eedej(fd2�Z0d3ejbd$e2jfdejhfd4�Z5e(d$ej.d5e!dej2fd6��Z6dej@de!d'eddfd7�Z7y);�ClientV2zuACME client for a v2 API.

    :ivar messages.Directory directory:
    :ivar .ClientNetwork net: Client network.
    �	directory�net�
ClientNetwork�returnNc� �||_||_y)z�Initialize.

        :param .messages.Directory directory: Directory Resource
        :param .ClientNetwork net: Client network.
        N)rr)�selfrrs   �{/build/snapcraft-certbot-29b1212f749eeba2f1dece1adfe9a83a/parts/certbot/install/lib/python3.12/site-packages/acme/client.py�__init__zClientV2.__init__-s��#�������new_accountc��|j|jd|�}|jdk(r0d|jvr"t	j
|jd��|j
|�}||j_|S)z�Register.

        :param .NewRegistration new_account:

        :raises .ConflictError: in case the account already exists

        :returns: Registration Resource.
        :rtype: `.RegistrationResource`
        �
newAccount���Location)	�_postr�status_code�headersr�
ConflictError�_regr_from_responser�account)rr �response�regrs    rr zClientV2.new_account6su���:�:�d�n�n�\�:�K�H�����3�&�:��9I�9I�+I��&�&�x�'7�'7�
�'C�D�D��'�'��1��������rr,c�p�|j|d�|j_|jjS)z�Query server about registration.

        :param messages.RegistrationResource regr: Existing Registration
            Resource.

        T)�_get_v2_accountrr*�rr,s  r�query_registrationzClientV2.query_registrationIs-�� �/�/��d�;������x�x���r�updatec���|j|�}|�|jn|}tjdit	|���}|j||��}||j_|S)aKUpdate registration.

        :param messages.RegistrationResource regr: Registration Resource.
        :param messages.Registration update: Updated body of the
            resource. If not provided, body will be taken from `regr`.

        :returns: Updated Registration Resource.
        :rtype: `.RegistrationResource`

        ��body�)r.r4r�UpdateRegistration�dict�_send_recv_regrrr*)rr,r1r4�updated_regrs     r�update_registrationzClientV2.update_registrationUsa���#�#�D�)��$�n����&���*�*�:�T�&�\�:���+�+�D�t�+�<��'������r�update_bodyc�v�d|j_|jjd��}|j	|j
d|�}|jd}|j|r-tjj|j��n|j|��}||j_|S)NT)�only_return_existingr"r$�r4�uri)rr*r4r1r%rr'r�Registration�	from_json�json)rr,r;�only_existing_regr+�updated_uri�new_regrs       rr.zClientV2._get_v2_accountks�������� �I�I�,�,�$�,�G���:�:�d�n�n�\�:�<M�N���&�&�z�2���;�;�"-�%-�$9�$9�$C�$C�H�M�M�O�$T�37�9�9�#.��0��$������r�csr_pem�profilec	��tj|�}tj|j|j
�}	|j
j
tj�}|jjtj�}g}|D]6}|jtjtj|����8|D]?}	|jtjtj t#|	�����A|�d}tj$||��}
|j'|j(d|
�}tj*j-|j/��}g}
|j0D]3}|
j|j3|j5|�|����5tj6||j8j;d�|
|��S#tj$rg}Y��vwxYw)z�Request a new Order object from the server.

        :param bytes csr_pem: A CSR in PEM format.

        :returns: The newly created order.
        :rtype: OrderResource
        )�typ�value�)�identifiersrG�newOrder�r?r$)r4r?�authorizationsrF)r�load_pem_x509_csrr�%get_names_from_subject_and_extensions�subject�
extensions�get_extension_for_class�SubjectAlternativeNamerJ�get_values_for_type�	IPAddress�ExtensionNotFound�appendr�
Identifier�IDENTIFIER_FQDN�
IDENTIFIER_IP�str�NewOrderr%r�OrderrArBrO�_authzr_from_response�_post_as_get�
OrderResourcer'�get)rrFrG�csr�dnsNames�san_ext�ipNamesrL�name�ip�orderr+r4rO�urls               r�	new_orderzClientV2.new_orderws����$�$�W�-���D�D�S�[�[�RU�R`�R`�a��	H��n�n�<�<�T�=X�=X�Y�G��m�m�7�7����G�G����	�D����x�2�2�x�7O�7O�� �
�	��	 �B����x�2�2�x�7M�7M��"�g� �
 �	 ��?��G��!�!�k�7�K���:�:�d�n�n�Z�8�%�@���~�~�'�'��
�
��8�����&�&�	_�C��!�!�$�"<�"<�T�=N�=N�s�=S�Y\�"<�"]�^�	_��%�%��� � �$�$�Z�0�)��	�	��-�%�%�	��G�	�s�)G1�1H
�	H
�authzrc��|j|j�}|j||jj|j�}||fS)aPoll Authorization Resource for status.

        :param authzr: Authorization Resource
        :type authzr: `.AuthorizationResource`

        :returns: Updated Authorization Resource and HTTP response.

        :rtype: (`.AuthorizationResource`, `requests.Response`)

        )rar?r`r4�
identifier)rrmr+�updated_authzrs    r�pollz
ClientV2.poll�sH���$�$�V�Z�Z�0���3�3��f�k�k�,�,�f�j�j�:���x�'�'r�orderr�deadlinec��|�5tjj�tjd��z}|j||�}|j	||�S)adPoll authorizations and finalize the order.

        If no deadline is provided, this method will timeout after 90
        seconds.

        :param messages.OrderResource orderr: order to finalize
        :param datetime.datetime deadline: when to stop polling and timeout

        :returns: finalized order
        :rtype: messages.OrderResource

        �Z��seconds)�datetime�now�	timedelta�poll_authorizations�finalize_order)rrrrss   r�poll_and_finalizezClientV2.poll_and_finalize�sS�����(�(�,�,�.��1C�1C�B�1O�O�H��)�)�&�(�;���"�"�6�8�4�4rc�H�g}|jjD]�}tjj�|ks�%|j	|j|�|��}|jjtjk7r|j|���tjd�tjj�|kr����t|�t|jj�krtj��g}|D]c}|jjtjk7s�+|jj D] }|j"��|j|��"�e|rtj$|��|j'|��S)zPoll Order Resource for status.rN�)rO)r4rOrxryr`ra�statusr�STATUS_PENDINGrY�time�sleep�lenr�TimeoutError�STATUS_VALIDr�error�ValidationErrorr1)rrrrs�	responsesrkrm�failed�challs        rr{zClientV2.poll_authorizations�sU���	��;�;�-�-�	�C��#�#�'�'�)�H�4��3�3�D�4E�4E�c�4J�PS�3�T���;�;�%�%��)@�)@�@��$�$�V�,���
�
�1�
��#�#�'�'�)�H�4�	��y�>�C���� :� :�;�;��%�%�'�'����	.�F��{�{�!�!�X�%:�%:�:�#�[�[�3�3�.�E��{�{�.��
�
�f�-�.�	.�
��(�(��0�0��}�}�I�}�6�6rc�"�tjjtjj|j�}tj�5tjdd��tjtj|���}ddd�|j|jj�}|jtj j#|j%����}|S#1swY�nxYw)aStart the process of finalizing an order.

        :param messages.OrderResource orderr: order to finalize
        :param datetime.datetime deadline: when to stop polling and timeout

        :returns: updated order
        :rtype: messages.OrderResource
        �ignorezGThe next major version of josepy will remove josepy.util.ComparableX509)�message)rdNr3)�OpenSSL�crypto�load_certificate_request�FILETYPE_PEMrF�warnings�catch_warnings�filterwarningsr�CertificateRequest�jose�ComparableX509r%r4�finalizer1r_rArB)rrrrd�wrapped_csr�ress     r�begin_finalizationzClientV2.begin_finalization�s����n�n�5�5��N�N�'�'����9��
�
$�
$�
&�	T��#�#�H�a�
c�"�5�5�$�:M�:M�c�:R�S�K�	T��j�j����-�-�{�;�����H�N�N�$<�$<�S�X�X�Z�$H��I���
�
	T�	T�s
�AD�D�fetch_alternative_chainsc��tjj�|k�r�tjd�|j	|j
�}tjj|j��}|jtjk(r@|j�tj|j��tjd��|jtj k(r�|j"��|j	|j"�}|j%||j&��}|rL|j)|d�}|D�cgc]}|j	|�j&��}	}|j%|	��}|Stjj�|kr���tj*��cc}w)z�
        Poll an order that has been finalized for its status.
        If it becomes valid, obtain the certificate.

        :returns: finalized order (with certificate)
        :rtype: messages.OrderResource
        rzPThe certificate order failed. No further information was provided by the server.)r4�
fullchain_pem�	alternate)�alternative_fullchains_pem)rxryr�r�rar?rr_rArBr��STATUS_INVALIDr�r�
IssuanceError�Errorr��certificater1�text�
_get_linksr�)
rrrrsr�r+r4�certificate_response�alt_chains_urlsrk�
alt_chainss
          r�poll_finalizationzClientV2.poll_finalization�sg�����#�#�%��0��J�J�q�M��(�(����4�H��>�>�+�+�H�M�M�O�<�D��{�{�h�5�5�5��:�:�)� �.�.�t�z�z�:�:��l�l�%�&�&����� 5� 5�5�$�:J�:J�:V�'+�'8�'8��9I�9I�'J�$����D�@T�@Y�@Y��Z��+�&*�o�o�6J�K�&X�O�IX�!Y�#�$�"3�"3�C�"8�"=�"=�!Y�J�!Y�#�]�]�j�]�Q�F��
�#���#�#�%��0�$�!�!�#�#��"Zs�"Gc�J�|j|�|j|||�S)a{Finalize an order and obtain a certificate.

        :param messages.OrderResource orderr: order to finalize
        :param datetime.datetime deadline: when to stop polling and timeout
        :param bool fetch_alternative_chains: whether to also fetch alternative
            certificate chains

        :returns: finalized order
        :rtype: messages.OrderResource

        )r�r�)rrrrsr�s    rr|zClientV2.finalize_orders(��	
����'��%�%�f�h�8P�Q�Qr�cert�rsnc�D�|j|||jd�y)aRevoke certificate.

        :param .ComparableX509 cert: `OpenSSL.crypto.X509` wrapped in
            `.ComparableX509`

        :param int rsn: Reason code for certificate revocation.

        :raises .ClientError: If revocation is unsuccessful.

        �
revokeCertN)�_revoker)rr�r�s   r�revokezClientV2.revoke s��	
���T�3����|� <�=rc��t|jd�xrBt|jjd�xr |jjjS)zGChecks if ACME server requires External Account Binding authentication.�meta�external_account_required)�hasattrrr�r��rs rr�z"ClientV2.external_account_required-sG���t�~�~�v�.�=��t�~�~�*�*�,G�H�=��~�~�"�"�<�<�	=r�args�kwargsc�B�|dddz|ddz}|j|i|��S)z
        Send GET request using the POST-as-GET protocol.
        :param args:
        :param kwargs:
        :return:
        Nr�N)r%)rr�r��new_argss    rrazClientV2._post_as_get3s5�����8�g�%��Q�R��0���t�z�z�8�.�v�.�.rr+�
relation_typec��d|jvrgSt|jd�}|D�cgc]}d|vrd|vr
|d|k(r|d��c}Scc}w)z�
        Retrieves all Link URIs of relation_type from the response.
        :param requests.Response response: The requests HTTP response.
        :param str relation_type: The relation type to filter by.
        �Link�relrk)r'r)rr+r��links�ls     rr�zClientV2._get_links=sk����)�)�)��I�"�8�#3�#3�F�#;�<��"'�L�Q��A�:�%�1�*��5��]�1J��%��L�	L��Ls�Arkc�z�tjj|j|�j	��S)aB
        Retrieves the ACME directory (RFC 8555 section 7.1.1) from the ACME server.
        :param str url: the URL where the ACME directory is available
        :param ClientNetwork net: the ClientNetwork to use to make the request

        :returns: the ACME directory object
        :rtype: messages.Directory
        )r�	DirectoryrArcrB)�clsrkrs   r�
get_directoryzClientV2.get_directoryKs,���!�!�+�+�C�G�G�C�L�,=�,=�,?�@�@rr?�terms_of_servicec��d|jvr|jdd}tjtjj	|j��|jjd|�|��S)Nzterms-of-servicerkr$)r4r?r�)r�r�RegistrationResourcer@rArBr'rc)r�r+r?r�s    rr)zClientV2._regr_from_responseWsk������/�'�~�~�.@�A�%�H���,�,��&�&�0�0�����A�� � �$�$�Z��5�-�/�	/rr4c��|j|j|�}|j||j|j��S)N)r?r�)r%r?r)r�)rr,r4r+s    rr8zClientV2._send_recv_regrcsB���:�:�d�h�h��-���'�'��$�(�(�!�2�2�(�4�	4rc��|jdt|jd��|jj|i|��S)z�Wrapper around self.net.post that adds the newNonce URL.

        This is used to retry the request in case of a badNonce error.

        �
new_nonce_url�newNonce)�
setdefault�getattrrr�post�rr�r�s   rr%zClientV2._postqs9��	���/�7�4�>�>�:�+N�O��t�x�x�}�}�d�-�f�-�-rc�f�|j|tjjddd���S)z�Deactivate registration.

        :param messages.RegistrationResource regr: The Registration Resource
            to be deactivated.

        :returns: The Registration resource that was deactivated.
        :rtype: `.RegistrationResource`

        �deactivatedN)r��contact)r:rr@rAr/s  r�deactivate_registrationz ClientV2.deactivate_registrationzs4���'�'��h�.C�.C�.M�.M�$��6�/8�9�	9rc���tjd��}|j|j|�}|j	||j
j|j�S)aDeactivate authorization.

        :param messages.AuthorizationResource authzr: The Authorization resource
            to be deactivated.

        :returns: The Authorization resource that was deactivated.
        :rtype: `.AuthorizationResource`

        r�)r�)r�UpdateAuthorizationr%r?r`r4ro)rrmr4r+s    r�deactivate_authorizationz!ClientV2.deactivate_authorization�sP���+�+�=�A���:�:�f�j�j�$�/���)�)�(��K�K�"�"�F�J�J�0�	0rroc��tjtjj|j	��|j
j
d|���}|�.|jj|k7rtj|��|S)Nr$r>)r�AuthorizationResource�
AuthorizationrArBr'rcr4ror�UnexpectedUpdate)rr+ror?rms     rr`zClientV2._authzr_from_response�ss���/�/��'�'�1�1�(�-�-�/�B�� � �$�$�Z��5�7���!�f�k�k�&<�&<�
�&J��)�)�&�1�1��
r�challbc��|j|j|�}	|jdd}t
j|tjj|j����}|j|jk7rt	j|j��|S#t$rt	j
d��wxYw)ahAnswer challenge.

        :param challb: Challenge Resource body.
        :type challb: `.ChallengeBody`

        :param response: Corresponding Challenge response
        :type response: `.challenges.ChallengeResponse`

        :returns: Challenge Resource with updated body.
        :rtype: `.ChallengeResource`

        :raises .UnexpectedUpdate:

        �uprkz"up" Link header missing)�
authzr_urir4)r%r?r��KeyErrorr�ClientErrorr�ChallengeResource�
ChallengeBodyrArBr�)rr�r+�respr��challrs      r�answer_challengezClientV2.answer_challenge�s��� �z�z�&�*�*�h�/��	A����D�)�%�0�J��+�+�!��'�'�1�1�$�)�)�+�>�@���:�:����#��)�)�&�*�*�5�5��
���	A��$�$�%?�@�@�	A�s�B,�,C�defaultc��|jjdt|��}	t|�}tjj�t
j|��zS#t$rat|�}|�O	t
j|d�|dnd�}t
j|dd�|z
cYS#ttf$rYnwxYw|}Y��wxYw)a�Compute next `poll` time based on response ``Retry-After`` header.

        Handles integers and various datestring formats per
        https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.37

        :param requests.Response response: Response from `poll`.
        :param int default: Default value (in seconds), used when
            ``Retry-After`` header is not present or invalid.

        :returns: Time point when next `poll` should be performed.
        :rtype: `datetime.datetime`

        zRetry-AfterN���r�rv)
r'rcr]�int�
ValueErrorrrxrz�
OverflowErrorry)r�r+r��retry_afterrw�when�tz_secss       rr�zClientV2.retry_after�s����&�&�*�*�=�#�g�,�G��	��+�&�G�� � �$�$�&��);�);�G�)L�L�L���
	� ��,�D����&�0�0�T�"�X�=Q��b��WX�Y�G�#�,�,�d�2�A�h�7�'�A�A��"�M�2������G�
	�s5�A'�'C�>6B7�4C�7C	�C�C	�	C�Cc��|j|tj||���}|jtj
k7rt
jd��y)a.Revoke certificate.

        :param .ComparableX509 cert: `OpenSSL.crypto.X509` wrapped in
            `.ComparableX509`

        :param int rsn: Reason code for certificate revocation.

        :param str url: ACME URL to post to

        :raises .ClientError: If revocation is unsuccessful.

        )r��reasonz0Successful revocation must return HTTP OK statusN)r%r�
Revocationr&�http_client�OKrr�)rr�r�rkr+s     rr�zClientV2._revoke�sY���:�:�c�&�1�1�,0�'*�,�-�����;�>�>�1��$�$�B�D�
D�2rr�)F)NN)8�__name__�
__module__�__qualname__�__doc__rr�r�NewRegistrationr�r r0rr@r:�boolr.�bytesr]rbrlr�r
�requests�Responserqrxr}r{r�r�r|r�r�r�r�r�rrarr��classmethodr�r)r8r%r�r�rZr`r�r�ChallengeResponser�r�r�r�r5rrrr&s�����(�"4�"4��?��t���x�'?�'?��H�Da�Da��&
 �x�'D�'D�
 � (� =� =�
 �GK���(E�(E��$,�X�-B�-B�$C��!)�!>�!>��,
�H�$A�$A�
�PT�
�$�9�9�
�&��&��#��&�(�J`�J`�&�P(�8�9�9�(���6�6��8I�8I�I�J�(�$CG�5��(>�(>�5�$,�X�->�->�$?�5�KS�Ka�Ka�5�&7�(�*@�*@�7�H�L]�L]�7�!)�!7�!7�7�2��)?�)?�� (� 6� 6��,<A�$��(>�(>�$�$,�$5�$5�$�48�$� (�5�5�$�B9>�R�X�%;�%;�R�x�GX�GX�R�15�R�BJ�BX�BX�R� >�4�.�.�>�S�>�T�>�=�4�=�/�#�/��/��9J�9J�/�L�8�#4�#4�L�S�L�T�RU�Y�L��	A��	A�/�	A�h�>P�>P�	A��	A��SW�>B�	/�8�+<�+<�	/�8�C�=�	/�.6�s�m�	/�!)�!>�!>�	/��	/�4�H�$A�$A�4�&�3�3�4�8@�8U�8U�4�.�3�.�#�.�(�2C�2C�.�9�H�,I�,I�9�%-�%B�%B�9�0�)1�)G�)G�0�&.�&D�&D�0�$KO�37��h�.?�.?��*2�8�3F�3F�*G��#+�C�=��<D�<Z�<Z���x�'=�'=��#-�#?�#?��DL�D^�D^��:�M�8�#4�#4�M�s�M�x�GX�GX�M��M�>D�D�/�/�D�c�D��D��Drrc�\�eZdZdZdZdZdZdZ	dejdde
fd	ejd
ee
jdejded
ededdfd�Zd$d�Zdej*dededefd�Ze	d%dej2deedej2fd��Zdededededej2f
d�Zdededej2fd�Zefdedededej2fd�Zdej2ddfd�Zded edefd!�Z dededej2fd"�Z!efdedej*dededej2f
d#�Z"y)&rzvWrapper around requests that signs POSTs for authentication.

    Also adds user agent, and handles Content-Type.
    zapplication/jsonzapplication/jose+jsonzapplication/problem+jsonzReplay-NonceNTzacme-python�keyr*�alg�
verify_ssl�
user_agent�timeoutrc�,�||_||_||_||_t	�|_||_tj�|_	||_
t�}|jjd|�|jjd|�y)Nzhttp://zhttps://)
rr*rr�set�_noncesrr��Session�session�_default_timeoutr
�mount)rrr*rrrr�adapters        rrzClientNetwork.__init__sw�����������$���!$����$����'�'�)��� '����-�������9�g�.������:�w�/rc�X�	|jj�y#t$rYywxYwr�)r�close�	Exceptionr�s r�__del__zClientNetwork.__del__s)��	��L�L��� ���	��	�s��	)�)�obj�noncerkc	��|r |jd��j�nd}tjd|�|j||d�}|j
�|j
d|d<|j|d<tjj|fittttf|���jd��S)	z�Wrap `JSONDeSerializable` object in JWS.

        .. todo:: Implement ``acmePath``.

        :param josepy.JSONDeSerializable obj:
        :param str url: The URL to which this object will be POSTed
        :param str nonce:
        :rtype: str

        �)�indentrzJWS payload:
%s)rrrkr?�kidr)�
json_dumps�encode�logger�debugrr*rr�JWS�signrrr]r)rrrrk�jobjr�s      r�_wrap_in_jwszClientNetwork._wrap_in_jws#s���58�s�~�~�Q�~�'�.�.�0�S�����'��.��8�8���
���<�<�#� �L�L��/�F�5�M�����u�
��w�w�|�|�D�D�D���c��):�F�$C�D�O�O�WX�O�Y�Yrr+�content_typec��|jjd�}|r"|jd�dj�}	|j	�}|jdk(r/tj|jjdd���|js\|�E||jk7rtjd|�	tjj|��tj$|��|�%||j&k7rtjd	|�||j&k(r|�tj$d
|����|S#t
$rd}Y��wxYw#t j"$r}tj$||f��d}~wwxYw)a�Check response content and its type.

        .. note::
           Checking is not strict: wrong server response ``Content-Type``
           HTTP header is ignored if response is an expected JSON object
           (c.f. Boulder #56).

        :param str content_type: Expected Content-Type response header.
            If JSON is expected and not present in server response, this
            function will raise an error. Otherwise, wrong Content-Type
            is ignored, but logged.

        :raises .messages.Error: If server response body
            carries HTTP Problem (https://datatracker.ietf.org/doc/html/rfc7807).
        :raises .ClientError: In case of other networking errors.

        �Content-Type�;rNi�r$zUNKNOWN-LOCATIONz/Ignoring wrong Content-Type (%r) for JSON Errorz<Ignoring wrong Content-Type (%r) for JSON decodable responsez"Unexpected response Content-Type: )r'rc�split�striprBr�r&rr(�ok�JSON_ERROR_CONTENT_TYPErrrr�rAr��DeserializationErrorr��JSON_CONTENT_TYPE)r�r+r"�response_ctr r�s      r�_check_responsezClientNetwork._check_response<s{��(�&�&�*�*�>�:���%�+�+�C�0��3�9�9�;�K�	��=�=�?�D����3�&��&�&�x�'7�'7�';�';�J�HZ�'[�\�\��{�{����#�"=�"=�=��L�L�I�#�%�@�"�.�.�2�2�4�8�8��(�(��2�2���K�3�3H�3H�$H����� +�-��s�4�4�4����(�(�+M�k�]�)[�\�\����;�	��D�	���0�0�@� �,�,�h��->�?�?��@�s*�E	�E�	E�E�F
�.F�F
�methodr�r�c	�h�|dk(rtjd||d�ntjd||�|j|d<|jdi�|djd|j�|jd|j
�	|jj||g|��i|��}d
|dvr t!j"|j$�}
nd|_|j(}
tjd|j*dj-d�|j.j1�D��|
�|S#tjj$rR}	d	}tj|t|��}|��|j�\}	}
}}td|	�|
�d|����d
}~wwxYw)a�Send HTTP request.

        Makes sure that `verify_ssl` is respected. Logs request and
        response (with headers). For allowed parameters please see
        `requests.request`.

        :param str method: method for the new `requests.Request` object
        :param str url: URL for the new `requests.Request` object

        :raises requests.exceptions.RequestException: in case of any problems

        :returns: HTTP Response
        :rtype: `requests.Response`


        �POSTzSending POST request to %s:
%s�datazSending %s request to %s.�verifyr'z
User-AgentrzT.*host='(\S*)'.*Max retries exceeded with url\: (\/\w*).*(\[Errno \d+\])([A-Za-z ]*)NzRequesting �:�Acceptzutf-8z!Received response:
HTTP %d
%s

%s�
c3�FK�|]\}}dj||����y�w)z{0}: {1}N)�format)�.0�k�vs   r�	<genexpr>z.ClientNetwork._send_request.<locals>.<genexpr>�s+����F�$(�A�q� *�0�0��A�6�F�s�!)rrrr�rr
r�requestr��
exceptions�RequestException�re�matchr]�groupsr��base64�	b64encode�content�encodingr�r&�joinr'�items)rr.rkr�r�r+�e�	err_regex�m�host�path�_err_no�err_msg�
debug_contents              r�
_send_requestzClientNetwork._send_requestws���"�V���L�L�:��v�f�~�
/�
�L�L�4�f�c�B��?�?��x�����)�R�(��y��$�$�\�4�?�?�C����)�T�%:�%:�;�	C�+�t�|�|�+�+�F�C�I�$�I�&�I�H�8�v�i�(�(�"�,�,�X�-=�-=�>�M�!(�H��$�M�M�M����<��)�)��Y�Y�F�,4�,<�,<�,B�,B�,D�F�F�"�		$�
���S�"�"�3�3�	C�
/�p�I�����C��F�+�A��y��+,�8�8�:�(�D�$����{�4�&���a��y�A�B�B��+	C�s�!E�F1�A
F,�,F1c�.�|jdg|��i|��S)aSend HEAD request without checking the response.

        Note, that `_check_response` is not called, as it is expected
        that status code other than successfully 2xx will be returned, or
        messages2.Error will be raised by the server.

        �HEAD)rPr�s   r�headzClientNetwork.head�s!��"�t�!�!�&�:�4�:�6�:�:rc�L�|j|jd|fi|��|��S)z$Send GET request and check response.�GET�r")r-rP)rrkr"r�s    rrczClientNetwork.get�s7���#�#��D���u�c�4�V�4�<�$�Q�	Qrc��|j|jvrx|j|j}	tjjdj|�}tjd|�|jj|�ytj|��#tj$r}tj||��d}~wwxYw)NrzStoring nonce: %s)�REPLAY_NONCE_HEADERr'r�Header�_fields�decoder�r*r�BadNoncerrr
�add�MissingNonce)rr+r�
decoded_noncer�s     r�
_add_noncezClientNetwork._add_nonce�s����#�#�x�'7�'7�7��$�$�T�%=�%=�>�E�
4� #�
�
� 2� 2�7� ;� B� B�5� I�
�
�L�L�,�e�4��L�L���]�+��%�%�h�/�/���,�,�
4��o�o�e�U�3�3��
4�s�,B&�&C�9C�Cr�c��|js\tjd�|�|j|�}n"|j	|j|�d��}|j|�|jj
�S)NzRequesting fresh noncerV)r
rrrSr-r`�pop)rrkr�r+s    r�
_get_noncezClientNetwork._get_nonce�si���|�|��L�L�1�2��$��9�9�S�>�� �/�/��	�	�-�0H�W[�/�\���O�O�H�%��|�|���!�!rc���	|j|i|��S#tj$rB}|jdk(r-tjd|�|j|i|��cYd}~S�d}~wwxYw)z�POST object wrapped in `.JWS` and check response.

        If the server responded with a badNonce error, the request will
        be retried once.

        �badNoncez Retrying request after error:
%sN)�
_post_oncerr��coderr)rr�r�r�s    rr�zClientNetwork.post�se��	�"�4�?�?�D�3�F�3�3���~�~�	��z�z�Z�'����@�%�H�&�t����7��7�7���		�s ��A)�6A$�A)�#A$�$A)c��|jdd�}|j||j||�|�}|jdd|i�|jd|fd|i|��}|j||��}|j
|�|S)Nr�r'r$r0r1rV)rbr!rcr�rPr-r`)rrkrr"r�r�r1r+s        rrfzClientNetwork._post_once�s����
�
�?�D�9�
�� � ��d�o�o�c�=�&I�3�O�����)�n�l�%C�D�%�4�%�%�f�c�G��G��G���'�'��|�'�L������!��r)rNr�)#r�r�r�r�r+�JOSE_CONTENT_TYPEr)rXr��RS256�DEFAULT_NETWORK_TIMEOUT�JWKrrr��JWASignaturer�r]r�rr�JSONDeSerializabler!rr�r�r-rrPrSrcr`rcr�rfr5rrrr�s���+��/��8��(��
�Z^�*.�*�*��#0�AX�0�D�H�H�0�x��8U�8U�/V�0��'�'�0�BF�0� �0�;>�0�]a�0� �Z�� 7� 7�Z��Z�#�Z�RU�Z�2�6:�8�x�'8�'8�8�&.�s�m�8�?G�?P�?P�8��8�tE�C�E�c�E�#�E��E�QY�Qb�Qb�E�N;�#�;��;��1B�1B�;�1B�Q�s�Q�#�Q��Q�&�/�/�Q�
0�8�#4�#4�
0��
0�	"�c�	"�#�	"�#�	"�
�#�
��
��1B�1B�
� (9��c���(?�(?��!$��DG��LT�L]�L]�rr)+r�rBrx�email.utilsr�http.client�clientr��loggingr?r��typingrrrrrr	r
rr��cryptographyr�josepyr�r�r��requests.adaptersr
�requests.utilsr�acmerrrrr�	getLoggerr�rrkrrr5rr�<module>rzs����
��$�!��	���������������)�-������	��	�	�8�	$����MD�MD�`F�Fr