404

[ Avaa Bypassed ]

Upload:

Command:

elspacio@18.118.142.122: ~ $ 
3

گau��@s�dZddlZddlZddlZddlmZddlZddljZ	ddl
Z
ddlZddlZddl
Z
ddlmZddlmZddlmZddlmZddlmZdd	lmZdd
lmZddlmZddlmZdd
lmZddlmZddlmZddlZddlZddlZddl Z ddl!m"Z"ddl#m$Z$ddl%m&Z&ddl'm(Z(ddl'm)Z)ddl'm*Z*ddl'm+Z+ddl,m-Z-e
j.e/�Z0dZ1dZ2Gdd�d�Z3Gdd�de3�Z4Gdd�de3�Z5Gd d!�d!�Z6Gd"d#�d#�Z7Gd$d%�d%�Z8eee8ej9e/��ej9e/<dS)&zACME client API.�N)�parsedate_tz)�
ModuleType)�Any)�Callable)�cast)�Dict)�Iterable)�List)�Optional)�Set)�Text)�Tuple)�Union)�HTTPAdapter)�parse_header_links)�SourceAddressAdapter)�crypto_util)�errors)�jws)�messages)�VersionedLEACMEMixin�-zapplication/pkix-certc@s*eZdZdZejdedd�dd�Zed%e	j
eeeeej
d�dd	��Zej
ejej
d
�dd�Zeee	j
d
�dd�Zd&ej
eejej
d�dd�Zej
ej
d�dd�Zejejd�dd�Zd'e	j
eejeeejd�dd�Zeje	j
ejd�dd�Zee	j
eejd�d d!��Zejeedd"�d#d$�Z dS)(�
ClientBasez�ACME client base object.

    :ivar messages.Directory directory:
    :ivar .ClientNetwork net: Client network.
    :ivar int acme_version: ACME protocol version. 1 or 2.
    �
ClientNetworkN)�	directory�net�acme_version�returncCs||_||_||_dS)z�Initialize.

        :param .messages.Directory directory: Directory Resource
        :param .ClientNetwork net: Client network.
        :param int acme_version: ACME protocol version. 1 or 2.
        N)rrr)�selfrrr�r�/usr/lib/python3.6/client.py�__init__8szClientBase.__init__)�response�uri�terms_of_servicercCs>d|jkr|jdd}tjtjj|j��|jjd|�|d�S)Nzterms-of-service�url�Location)�bodyr#r$)�linksr�RegistrationResource�Registration�	from_json�json�headers�get)�clsr"r#r$rrr �_regr_from_responseDs
zClientBase._regr_from_response)�regrr'rcCs"|j|j|�}|j||j|jd�S)N)r#r$)�_postr#r0r$)rr1r'r"rrr �_send_recv_regrPszClientBase._send_recv_regr)�args�kwargsrcOs<|jd|j�t|jd�r.|jdt|jd��|jj||�S)zBWrapper around self.net.post that adds the acme_version.

        r�newNonce�
new_nonce_url)�
setdefaultr�hasattrr�getattrr�post)rr4r5rrr r2^szClientBase._post)r1�updatercCs<|dkr|jn|}tjft|��}|j||d�}||j_|S)aKUpdate registration.

        :param messages.RegistrationResource regr: Registration Resource.
        :param messages.Registration update: Updated body of the
            resource. If not provided, body will be taken from `regr`.

        :returns: Updated Registration Resource.
        :rtype: `.RegistrationResource`

        N)r')r'r�UpdateRegistration�dictr3r�account)rr1r<r'Zupdated_regrrrr �update_registrationgs

zClientBase.update_registration)r1rcCs|j|tjjddd���S)z�Deactivate registration.

        :param messages.RegistrationResource regr: The Registration Resource
            to be deactivated.

        :returns: The Registration resource that was deactivated.
        :rtype: `.RegistrationResource`

        �deactivatedN)�statusZcontact)r@rr*r+)rr1rrr �deactivate_registrationzsz"ClientBase.deactivate_registration)�authzrrcCs.tjdd�}|j|j|�}|j||jj|j�S)aDeactivate authorization.

        :param messages.AuthorizationResource authzr: The Authorization resource
            to be deactivated.

        :returns: The Authorization resource that was deactivated.
        :rtype: `.AuthorizationResource`

        rA)rB)rZUpdateAuthorizationr2r#�_authzr_from_responser'�
identifier)rrDr'r"rrr �deactivate_authorization�sz#ClientBase.deactivate_authorization)r"rFr#rcCsFtjtjj|j��|jjd|�d�}|dk	rB|jj|krBt	j
|��|S)Nr&)r'r#)r�AuthorizationResourceZ
Authorizationr+r,r-r.r'rFr�UnexpectedUpdate)rr"rFr#rDrrr rE�s
z ClientBase._authzr_from_response)�challbr"rcCsv|j|j|�}y|jdd}Wntk
r>tjd��YnXtj|tjj	|j
��d�}|j|jkrrtj|j��|S)ahAnswer challenge.

        :param challb: Challenge Resource body.
        :type challb: `.ChallengeBody`

        :param response: Corresponding Challenge response
        :type response: `.challenges.ChallengeResponse`

        :returns: Challenge Resource with updated body.
        :rtype: `.ChallengeResource`

        :raises .UnexpectedUpdate:

        �upr%z"up" Link header missing)�
authzr_urir')r2r#r(�KeyErrorr�ClientErrorr�ChallengeResource�
ChallengeBodyr+r,rI)rrJr"rLZchallrrrr �answer_challenge�szClientBase.answer_challenge)r"�defaultrcCs�|jjdt|��}yt|�}Wnvtk
r�t|�}|dk	r�y4tj|ddk	rX|dnd�}tj|dd��|Sttfk
r�YnX|}YnXtjj	�tj|d�S)	a�Compute next `poll` time based on response ``Retry-After`` header.

        Handles integers and various datestring formats per
        https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.37

        :param requests.Response response: Response from `poll`.
        :param int default: Default value (in seconds), used when
            ``Retry-After`` header is not present or invalid.

        :returns: Time point when next `poll` should be performed.
        :rtype: `datetime.datetime`

        zRetry-AfterN�r�)�seconds���rV)
r-r.�str�int�
ValueErrorr�datetime�	timedelta�
OverflowError�now)r/r"rR�retry_afterrU�whenZtz_secsrrr r^�s
zClientBase.retry_after)�cert�rsnr%rcCs0|j|tj||d��}|jtjkr,tjd��dS)a.Revoke certificate.

        :param .ComparableX509 cert: `OpenSSL.crypto.X509` wrapped in
            `.ComparableX509`

        :param int rsn: Reason code for certificate revocation.

        :param str url: ACME URL to post to

        :raises .ClientError: If revocation is unsuccessful.

        )�certificate�reasonz0Successful revocation must return HTTP OK statusN)r2r�
Revocation�status_code�http_clientZOKrrN)rr`rar%r"rrr �_revoke�s

zClientBase._revoke)NN)N)NN)!�__name__�
__module__�__qualname__�__doc__r�	DirectoryrXr!�classmethod�requests�Responser
rWr)r0r*r3rr2r@rCrHrG�
IdentifierrErPrOrQrZr^�jose�ComparableX509rgrrrr r1s.	

$rc
s�eZdZdZejddfejejej	e
eddd��fdd�
Zd0eej
ejd�d	d
�Zejejd�dd
�Zejejd�dd�Zd1ejeeejd�dd�Zd2eeeejd�dd�Zejeejejd�dd�Zejeejejfd�dd�Zd3ejeejeeeejeejdffd�d d!�Z eeejejfd"�d#d$�Z!ejejd%�d&d'�Z"ejejd%�d(d)�Z#d4ejee$ejd*�d+d,�Z%ejedd-�d.d/�Z&�Z'S)5�ClientaFACME client for a v1 API.

    .. deprecated:: 1.18.0
       Use :class:`ClientV2` instead.

    .. todo::
       Clean up raised error types hierarchy, document, and handle (wrap)
       instances of `.DeserializationError` raised in `from_json()`.

    :ivar messages.Directory directory:
    :ivar key: `josepy.JWK` (private)
    :ivar alg: `josepy.JWASignature`
    :ivar bool verify_ssl: Verify SSL certificates?
    :ivar .ClientNetwork net: Client network. Useful for testing. If not
        supplied, it will be initialized using `key`, `alg` and
        `verify_ssl`.

    TNr)r�key�alg�
verify_sslrrcsR||_|dkrt|||d�}t|t�r<tjj|j|�j��}t	�j
||dd�dS)z�Initialize.

        :param directory: Directory Resource (`.messages.Directory`) or
            URI from which the resource will be downloaded.

        N)rurvrS)rrr)rtr�
isinstancerWrrlr+r.r,�superr!)rrrtrurvr)�	__class__rr r!
s	
zClient.__init__)�new_regrcCs@|dkrtj�n|}|j|j||�}|jtjks6t�|j|�S)z�Register.

        :param .NewRegistration new_reg:

        :returns: Registration Resource.
        :rtype: `.RegistrationResource`

        N)	r�NewRegistrationr2rrerf�CREATED�AssertionErrorr0)rrzr"rrr �registers
zClient.register)r1rcCs|j|tj��S)z�Query server about registration.

        :param messages.RegistrationResource regr: Existing Registration
            Resource.

        )r3rr=)rr1rrr �query_registration/szClient.query_registrationcCs|j|j|jj|jd�d��S)aAgree to the terms-of-service.

        Agree to the terms-of-service in a Registration Resource.

        :param regr: Registration Resource.
        :type regr: `.RegistrationResource`

        :returns: Updated Registration Resource.
        :rtype: `.RegistrationResource`

        )Z	agreement)r')r@r<r'r$)rr1rrr �agree_to_tos9s
zClient.agree_to_tos)rF�new_authzr_urircCs`|dk	rtjd�|jjd�r(tjd��tj|d�}|j|j	j
|�}|jtj
ksTt�|j||�S)aGRequest challenges.

        :param .messages.Identifier identifier: Identifier to be challenged.
        :param str new_authzr_uri: Deprecated. Do not use.

        :returns: Authorization Resource.
        :rtype: `.AuthorizationResource`

        :raises errors.WildcardUnsupportedError: if a wildcard is requested

        Nz2request_challenges with new_authzr_uri deprecated.�*zbRequesting an authorization for a wildcard name is forbidden by this version of the ACME protocol.)rF)�logger�debug�value�
startswithrZWildcardUnsupportedErrorrZNewAuthorizationr2r�	new_authzrerfr|r}rE)rrFr�r�r"rrr �request_challengesIs

zClient.request_challenges)�domainr�rcCs|jtjtj|d�|�S)a"Request challenges for domain names.

        This is simply a convenience function that wraps around
        `request_challenges`, but works with domain names instead of
        generic identifiers. See ``request_challenges`` for more
        documentation.

        :param str domain: Domain name to be challenged.
        :param str new_authzr_uri: Deprecated. Do not use.

        :returns: Authorization Resource.
        :rtype: `.AuthorizationResource`

        :raises errors.WildcardUnsupportedError: if a wildcard is requested

        )�typr�)r�rrp�IDENTIFIER_FQDN)rr�r�rrr �request_domain_challengesdsz Client.request_domain_challenges)�csr�authzrsrcCs�|std��tjd�tj|d�}t}|j|jj||d|id�}|j	j
di�j
d�}y|jd}Wntk
r�t
jd	��YnXtj|||tjtjjtjj|j��d
�S)aRequest issuance.

        :param csr: CSR
        :type csr: `OpenSSL.crypto.X509Req` wrapped in `.ComparableX509`

        :param authzrs: `list` of `.AuthorizationResource`

        :returns: Issued certificate
        :rtype: `.messages.CertificateResource`

        zAuthorizations list is emptyzRequesting issuance...)r��Accept)�content_typer-rKr%r&z"Location" Header missing)r#r��cert_chain_urir')r}r�r�r�CertificateRequest�DER_CONTENT_TYPEr2rZnew_certr(r.r-rMrrN�CertificateResourcerqrr�OpenSSL�crypto�load_certificate�
FILETYPE_ASN1�content)rr�r�Zreqr�r"r�r#rrr �request_issuanceys$

zClient.request_issuance)rDrcCs*|jj|j�}|j||jj|j�}||fS)aPoll Authorization Resource for status.

        :param authzr: Authorization Resource
        :type authzr: `.AuthorizationResource`

        :returns: Updated Authorization Resource and HTTP response.

        :rtype: (`.AuthorizationResource`, `requests.Response`)

        )rr.r#rEr'rF)rrDr"�updated_authzrrrr �poll�szClient.poll��
.)r�r��mintime�max_attemptsrcsV|dkst�tjt�}t�}dd�t|�D�}tj|�dd�|D��x�|�rtj|�\}}	}
t	j	j
�}||kr�||j}tj
d|�tj|�|j�|
�\}
}|
�|
<||
d7<|
jjtjtjfkrH||
|kr�tj||j||d�|	|
f�qH|j|
�qHW|�s$td	d
��j�D���r0tj|���t�fdd
�|D��}|j||�|fS)a�Poll and request issuance.

        This function polls all provided Authorization Resource URIs
        until all challenges are valid, respecting ``Retry-After`` HTTP
        headers, and then calls `request_issuance`.

        :param .ComparableX509 csr: CSR (`OpenSSL.crypto.X509Req`
            wrapped in `.ComparableX509`)
        :param authzrs: `list` of `.AuthorizationResource`
        :param int mintime: Minimum time before next attempt, used if
            ``Retry-After`` is not present in the response.
        :param int max_attempts: Maximum number of attempts (per
            authorization) before `PollError` with non-empty ``waiting``
            is raised.

        :returns: ``(cert, updated_authzrs)`` `tuple` where ``cert`` is
            the issued certificate (`.messages.CertificateResource`),
            and ``updated_authzrs`` is a `tuple` consisting of updated
            Authorization Resources (`.AuthorizationResource`) as
            present in the responses from server, and in the same order
            as the input ``authzrs``.
        :rtype: `tuple`

        :raises PollError: in case of timeout or if some authorization
            was marked by the CA as invalid

        rcSs g|]\}}tjj�||f�qSr)rZr])�.0�indexrDrrr �
<listcomp>�sz4Client.poll_and_request_issuance.<locals>.<listcomp>cSsi|]
}||�qSrr)r�rDrrr �
<dictcomp>�sz4Client.poll_and_request_issuance.<locals>.<dictcomp>zSleeping for %d secondsrS)rRcss|]}|jjtjkVqdS)N)r'rBr�STATUS_INVALID)r�rDrrr �	<genexpr>�sz3Client.poll_and_request_issuance.<locals>.<genexpr>c3s|]}�|VqdS)Nr)r�rD)�updatedrr r��s)r}�collections�defaultdictrX�set�	enumerate�heapq�heapify�heappoprZr]rUr�r��time�sleepr�r'rBr�STATUS_VALIDr��heappushr^�add�any�valuesrZ	PollError�tupler�)rr�r�r�r�ZattemptsZ	exhaustedZwaitingr_r�rDr]rUr�r"Zupdated_authzrsr)r�r �poll_and_request_issuance�s8 





z Client.poll_and_request_issuance)r#rcCs8t}|jj|d|i|d�}|tjtjjtjj|j	��fS)z�Returns certificate from URI.

        :param str uri: URI of certificate

        :returns: tuple of the form
            (response, :class:`josepy.util.ComparableX509`)
        :rtype: tuple

        r�)r-r�)
r�rr.rqrrr�r�r�r�r�)rr#r�r"rrr �	_get_cert�s

zClient._get_cert)�certrrcCsL|j|j�\}}d|jkr$tjd��|jd|jkr@tj|j��|j|d�S)z�Check for new cert.

        :param certr: Certificate Resource
        :type certr: `.CertificateResource`

        :returns: Updated Certificate Resource.
        :rtype: `.CertificateResource`

        r&zLocation header missing)r')r�r#r-rrNrI�textr<)rr�r"r`rrr �
check_certs

zClient.check_certcCs
|j|�S)z�Refresh certificate.

        :param certr: Certificate Resource
        :type certr: `.CertificateResource`

        :returns: Updated Certificate Resource.
        :rtype: `.CertificateResource`

        )r�)rr�rrr �refresh"s
zClient.refresh)r��
max_lengthrcCslg}|j}xD|dk	rNt|�|krN|j|�\}}|jjdi�jd�}|j|�qW|dk	rhtjdj|���|S)a�Fetch chain for certificate.

        :param .CertificateResource certr: Certificate Resource
        :param int max_length: Maximum allowed length of the chain.
            Note that each element in the certificate requires new
            ``HTTP GET`` request, and the length of the chain is
            controlled by the ACME CA.

        :raises errors.Error: if recursion exceeds `max_length`

        :returns: Certificate chain for the Certificate Resource. It is
            a list ordered so that the first element is a signer of the
            certificate from Certificate Resource. Will be empty if
            ``cert_chain_uri`` is ``None``.
        :rtype: `list` of `OpenSSL.crypto.X509` wrapped in `.ComparableX509`

        NrKr%z'Recursion limit reached. Didn't get {0})	r��lenr�r(r.�appendr�Error�format)rr�r��chainr#r"r`rrr �fetch_chain1szClient.fetch_chain)r`rarcCs |j|||jtttj��dS)aRevoke certificate.

        :param .ComparableX509 cert: `OpenSSL.crypto.X509` wrapped in
            `.ComparableX509`

        :param int rsn: Reason code for certificate revocation.

        :raises .ClientError: If revocation is unsuccessful.

        N)rgrrrWrrd)rr`rarrr �revokeOsz
Client.revoke)N)N)N)r�r�)r�)(rhrirjrkrq�RS256rrl�JWK�JWASignature�boolr
r!r{r)r~rr�rprWrHr�r�rrrr�r�r
rnror�rXr�r�r�r�r	r�r��
__classcell__rr)ryr rs�s2*
	
%JrscsZeZdZdZejddd��fdd�Zejejd�dd	�Z	ejejd
�dd�Z
d-ejeejejd
��fdd�
Z
ejejd
�dd�Zeejd�dd�Zejeejejfd�dd�Zd.ejeejejd�dd�Zejejejd�dd�Zd/ejejeejd�dd �Zejedd!�d"d#�Zed$�d%d&�Z e!e!ejd'�d(d)�Z"eje#e$e#d*�d+d,�Z%�Z&S)0�ClientV2zuACME client for a v2 API.

    :ivar messages.Directory directory:
    :ivar .ClientNetwork net: Client network.
    rN)rrrcst�j||dd�dS)z�Initialize.

        :param .messages.Directory directory: Directory Resource
        :param .ClientNetwork net: Client network.
        �)rrrN)rxr!)rrr)ryrr r!dszClientV2.__init__)�new_accountrcCsL|j|jd|�}|jdkr6d|jkr6tj|jd��|j|�}||j_|S)z�Register.

        :param .NewRegistration new_account:

        :raises .ConflictError: in case the account already exists

        :returns: Registration Resource.
        :rtype: `.RegistrationResource`
        �
newAccount��r&)	r2rrer-r�
ConflictErrorr0rr?)rr�r"r1rrr r�ls

zClientV2.new_account)r1rcCs6||j_|j|jd�}|j||j|jd�|j_|jjS)z�Query server about registration.

        :param messages.RegistrationResource regr: Existing Registration
            Resource.

        N)r#r$)rr?r2r#r0r$)rr1r"rrr rs

zClientV2.query_registration)r1r<rcs|j|�}t�j||�S)aKUpdate registration.

        :param messages.RegistrationResource regr: Registration Resource.
        :param messages.Registration update: Updated body of the
            resource. If not provided, body will be taken from `regr`.

        :returns: Updated Registration Resource.
        :rtype: `.RegistrationResource`

        )�_get_v2_accountrxr@)rr1r<�new_regr)ryrr r@�s
zClientV2.update_registrationcCsJd|j_|jjdd�}|j|jd|�}|jd}|j|d�}||j_|S)NT)Zonly_return_existingr�r&)r#)rr?r'r<r2rr-)rr1Zonly_existing_regr"Zupdated_urir�rrr r��s
zClientV2._get_v2_account)�csr_pemrc
Cs�tjjtjj|�}tj|�}tj|�}g}x"|D]}|jtj	tj
|d��q0Wx"|D]}|jtj	tj|d��qTWtj|d�}|j
|jd|�}	tjj|	j��}
g}x(|
jD]}|j|j|j|�|d��q�Wtj|
|	jjd�||d�S)z�Request a new Order object from the server.

        :param bytes csr_pem: A CSR in PEM format.

        :returns: The newly created order.
        :rtype: OrderResource
        )r�r�)�identifiersZnewOrder)r#r&)r'r#�authorizationsr�)r�r��load_certificate_request�FILETYPE_PEMr� _pyopenssl_cert_or_req_all_namesZ_pyopenssl_cert_or_req_san_ipr�rrpr�Z
IDENTIFIER_IPZNewOrderr2r�Orderr+r,r�rE�_post_as_get�
OrderResourcer-r.)
rr�r��dnsNamesZipNamesr��nameZips�orderr"r'r�r%rrr �	new_order�s*




zClientV2.new_order)rDrcCs(|j|j�}|j||jj|j�}||fS)aPoll Authorization Resource for status.

        :param authzr: Authorization Resource
        :type authzr: `.AuthorizationResource`

        :returns: Updated Authorization Resource and HTTP response.

        :rtype: (`.AuthorizationResource`, `requests.Response`)

        )r�r#rEr'rF)rrDr"r�rrr r��sz
ClientV2.poll)�orderr�deadlinercCs6|dkrtjj�tjdd�}|j||�}|j||�S)adPoll authorizations and finalize the order.

        If no deadline is provided, this method will timeout after 90
        seconds.

        :param messages.OrderResource orderr: order to finalize
        :param datetime.datetime deadline: when to stop polling and timeout

        :returns: finalized order
        :rtype: messages.OrderResource

        N�Z)rU)rZr]r[�poll_authorizations�finalize_order)rr�r�rrr �poll_and_finalize�szClientV2.poll_and_finalizecCs�g}x\|jjD]P}xJtjj�|kr\|j|j|�|d�}|jjtjkrP|j	|�Pt
jd�qWqWt|�t|jj�kr~t
j��g}x@|D]8}|jjtjkr�x$|jjD]}|jdk	r�|j	|�q�Wq�W|r�t
j|��|j|d�S)zPoll Order Resource for status.)r#rSN)r�)r'r�rZr]rEr�rBrZSTATUS_PENDINGr�r�r�r�r�TimeoutErrorr�Z
challenges�errorZValidationErrorr<)rr�r�Z	responsesr%rDZfailedZchallrrr r��s&



zClientV2.poll_authorizationsF)r�r��fetch_alternative_chainsrcs�tjjtjj|j�}tjtj|�d�}�j	|j
j|�x�tjj
�|kr�tjd��j|j�}tjj|j��}|jdk	r�tj|j��|jdk	r8�j|j�}|j||jd�}|rֈj|d�}	�fdd�|	D�}
|j|
d�}|Sq8Wtj��dS)	a{Finalize an order and obtain a certificate.

        :param messages.OrderResource orderr: order to finalize
        :param datetime.datetime deadline: when to stop polling and timeout
        :param bool fetch_alternative_chains: whether to also fetch alternative
            certificate chains

        :returns: finalized order
        :rtype: messages.OrderResource

        )r�rSN)r'�
fullchain_pemZ	alternatecsg|]}�j|�j�qSr)r�r�)r�r%)rrr r�%sz+ClientV2.finalize_order.<locals>.<listcomp>)Zalternative_fullchains_pem)r�r�r�r�r�rr�rqrrr2r'�finalizerZr]r�r�r�r#r�r+r,r�rZ
IssuanceErrorrbr<r��
_get_linksr�)rr�r�r�r�Zwrapped_csrr"r'Zcertificate_responseZalt_chains_urlsZ
alt_chainsr)rr r�	s&



zClientV2.finalize_order)r`rarcCs|j|||jd�dS)aRevoke certificate.

        :param .ComparableX509 cert: `OpenSSL.crypto.X509` wrapped in
            `.ComparableX509`

        :param int rsn: Reason code for certificate revocation.

        :raises .ClientError: If revocation is unsuccessful.

        Z
revokeCertN)rgr)rr`rarrr r�*szClientV2.revoke)rcCst|jd�o|jjjS)zGChecks if ACME server requires External Account Binding authentication.�meta)r9rr��external_account_required)rrrr r�7sz"ClientV2.external_account_required)r4r5rcOs(|dd�d|dd�}|j||�S)z
        Send GET request using the POST-as-GET protocol.
        :param args:
        :param kwargs:
        :return:
        NrS)N)r2)rr4r5Znew_argsrrr r�;szClientV2._post_as_get)r"�
relation_typercs.d|jkrgSt|jd�}�fdd�|D�S)z�
        Retrieves all Link URIs of relation_type from the response.
        :param requests.Response response: The requests HTTP response.
        :param str relation_type: The relation type to filter by.
        ZLinkcs0g|](}d|krd|kr|d�kr|d�qS)Zrelr%r)r��l)r�rr r�Psz'ClientV2._get_links.<locals>.<listcomp>)r-r)rr"r�r(r)r�r r�Es
zClientV2._get_links)N)N)F)'rhrirjrkrrlr!r{r)r�rr
r*r@r��bytesr�r�rHr
rnror�rZr�r�r�r�rqrrrXr�r�rr�rWr	r�r�rr)ryr r�]s&	# 

r�c@s�eZdZdZdejedd�dd�Zeed�dd	�Z	de
jee
egdfe
jd
�dd�Zee
jd
�dd�Zde
jejee
jd�dd�Zejedd�dd�Ze
jed�dd�Zed�dd�ZdS)�BackwardsCompatibleClientV2a�ACME client wrapper that tends towards V2-style calls, but
    supports V1 servers.

    .. deprecated:: 1.18.0
       Use :class:`ClientV2` instead.

    .. note:: While this class handles the majority of the differences
        between versions of the ACME protocol, if you need to support an
        ACME server based on version 3 or older of the IETF ACME draft
        that uses combinations in authorizations (or lack thereof) to
        signal that the client needs to complete something other than
        any single challenge in the authorization to make it valid, the
        user of this class needs to understand and handle these
        differences themselves.  This does not apply to either of Let's
        Encrypt's endpoints where successfully completing any challenge
        in an authorization will make it valid.

    :ivar int acme_version: 1 or 2, corresponding to the Let's Encrypt endpoint
    :ivar .ClientBase client: either Client or ClientV2
    rN)rrt�serverrcCsTtjj|j|�j��}|j|�|_||jdkrBt|||d�|_nt	||d�|_dS)NrS)rtr)r)
rrlr+r.r,�_acme_version_from_directoryrrs�clientr�)rrrtr�rrrr r!js
z$BackwardsCompatibleClientV2.__init__)r�rcCst|j|�S)N)r:r�)rr�rrr �__getattr__ssz'BackwardsCompatibleClientV2.__getattr__)r1�check_tos_cbrcs�tdd��fdd�}|jdkrVtt|j�}|j|�}|jdk	rR||j�|j|�S|Stt|j�}d|j	j
kr�||j	j
j�|jdd�}|j|�SdS)	z�Combined register and agree_tos for V1, new_account for V2

        :param .NewRegistration regr:
        :param callable check_tos_cb: callback that raises an error if
            the check does not work
        N)�tosrcs�dk	r�|�dS)Nr)r�)r�rr �_assess_tosszDBackwardsCompatibleClientV2.new_account_and_tos.<locals>._assess_tosrSr$T)Zterms_of_service_agreed)
rWrrrsr�r~r$r�r�rr�r<r�)rr1r�r��	client_v1Z	client_v2r)r�r �new_account_and_tosvs	




z/BackwardsCompatibleClientV2.new_account_and_tos)r�rcCst|jdkrbtt|j�}tjjtjj|�}tj	|�}g}x|D]}|j
|j|��q<Wtj
||d�Stt|j�j|�S)a�Request a new Order object from the server.

        If using ACMEv1, returns a dummy OrderResource with only
        the authorizations field filled in.

        :param bytes csr_pem: A CSR in PEM format.

        :returns: The newly created order.
        :rtype: OrderResource

        :raises errors.WildcardUnsupportedError: if a wildcard domain is
            requested but unsupported by the ACME version

        rS)r�r�)rrrsr�r�r�r�r�rr�r�r�rr�r�r�)rr�r�r�r�r�r�rrr r��s


z%BackwardsCompatibleClientV2.new_orderF)r�r�r�rc
Cs�|jdkr�tt|j�}|j}|jtjtj	j
tj	j|��|j�}d}xDt
j
j�|kr�y|j|�}PWqDtjk
r�tjd�YqDXqDW|dkr�tjd��tj	jtj	j|jj�j�}tj|�j�}	|j||	d�Stt|j�j|||�S)a{Finalize an order and obtain a certificate.

        :param messages.OrderResource orderr: order to finalize
        :param datetime.datetime deadline: when to stop polling and timeout
        :param bool fetch_alternative_chains: whether to also fetch alternative
            certificate chains

        :returns: finalized order
        :rtype: messages.OrderResource

        rSNzoFailed to fetch chain. You should not deploy the generated certificate, please rerun the command for a new one.)r�)rrrsr�r�r�rqrrr�r�r�r�r�rZr]r�rr�r�r�r�Zdump_certificater'�wrapped�decoderZdump_pyopenssl_chainr<r�r�)
rr�r�r�r�r�r�r�r`Z	chain_strrrr r��s.

z*BackwardsCompatibleClientV2.finalize_order)r`rarcCs|jj||�dS)aRevoke certificate.

        :param .ComparableX509 cert: `OpenSSL.crypto.X509` wrapped in
            `.ComparableX509`

        :param int rsn: Reason code for certificate revocation.

        :raises .ClientError: If revocation is unsuccessful.

        N)r�r�)rr`rarrr r��sz"BackwardsCompatibleClientV2.revoke)rrcCst|d�rdSdS)Nr6r�rS)r9)rrrrr r��s
z8BackwardsCompatibleClientV2._acme_version_from_directory)rcCs|jdkrdStt|j�j�S)z�Checks if the server requires an external account for ACMEv2 servers.

        Always return False for ACMEv1 servers, as it doesn't use External Account Binding.rSF)rrr�r�r�)rrrr r��s
z5BackwardsCompatibleClientV2.external_account_required)N)F)rhrirjrkrqr�rWr!rr�rr{r
rr)r�r�r�r�rZr�r�rrrXr�rlr�r�rrrr r�Ts	)
r�c
@sReZdZdZdZdZdZdZdej	dde
dfejee
jejeeeeeeeeeffdd	�d
d�Zdd�d
d�Zejeeeejd�dd�Zed*ejeeejd�dd��Zeeeeejd�dd�Zeeejd�dd�Z efeeeejd�dd�Z!ejdd�dd �Z"eeed!�d"d#�Z#eeejd�d$d%�Z$ed&feejeeeejd'�d(d)�Z%dS)+rzvWrapper around requests that signs POSTs for authentication.

    Also adds user agent, and handles Content-Type.
    zapplication/jsonzapplication/jose+jsonzapplication/problem+jsonzReplay-NonceNTzacme-python)rtr?rurv�
user_agent�timeout�source_addressrc	Csl||_||_||_||_t�|_||_tj�|_	||_
t�}|dk	rLt|�}|j	j
d|�|j	j
d|�dS)Nzhttp://zhttps://)rtr?rurvr��_noncesr�rnZSession�session�_default_timeoutrrZmount)	rrtr?rurvr�r�r�Zadapterrrr r!s
zClientNetwork.__init__)rcCs(y|jj�Wntk
r"YnXdS)N)r�close�	Exception)rrrr �__del__szClientNetwork.__del__)�obj�noncer%rrcCs�t|t�r||_|r$|jdd�j�nd}tjd|�|j|d�}|dkrh||d<|jdk	rh|jd|d	<|j	|d
<t
jj|f|�jdd�S)aWrap `JSONDeSerializable` object in JWS.

        .. todo:: Implement ``acmePath``.

        :param josepy.JSONDeSerializable obj:
        :param str url: The URL to which this object will be POSTed
        :param str nonce:
        :rtype: `josepy.JWS`

        r�)�indent�zJWS payload:
%s)rurr%Nr#Zkidrt)
rwrZle_acme_versionZ
json_dumps�encoder�r�rur?rtr�JWSZsign)rrrr%r�jobjr5rrr �_wrap_in_jws"s


zClientNetwork._wrap_in_jws)r"r�rcCs$|jjd�}|r"|jd�dj�}y|j�}Wntk
rFd}YnX|jdkrftj|jjdd���|j	s�|dk	r�||j
kr�tjd|�yt
jj|��Wq�tjk
r�}ztj||f��WYdd}~Xq�Xn
tj|��nD|dk	r�||jkr�tjd	|�||jk�r |dk�r tjd
j|���|S)a�Check response content and its type.

        .. note::
           Checking is not strict: wrong server response ``Content-Type``
           HTTP header is ignored if response is an expected JSON object
           (c.f. Boulder #56).

        :param str content_type: Expected Content-Type response header.
            If JSON is expected and not present in server response, this
            function will raise an error. Otherwise, wrong Content-Type
            is ignored, but logged.

        :raises .messages.Error: If server response body
            carries HTTP Problem (draft-ietf-appsawg-http-problem-00).
        :raises .ClientError: In case of other networking errors.

        zContent-Type�;rNi�r&zUNKNOWN-LOCATIONz/Ignoring wrong Content-Type (%r) for JSON Errorz<Ignoring wrong Content-Type (%r) for JSON decodable responsez%Unexpected response Content-Type: {0})r-r.�split�stripr,rYrerr��ok�JSON_ERROR_CONTENT_TYPEr�r�rr�r+rq�DeserializationErrorrN�JSON_CONTENT_TYPEr�)r/r"r�Zresponse_ctrr�rrr �_check_response?s8


"zClientNetwork._check_response)�methodr%r4r5rcOsF|dkrtjd||d�ntjd||�|j|d<|jdi�|djd|j�|jd|j�y|jj||f|�|�}Wnftj	j
k
r�}zFd	}tj|t
|��}|d
kr��|j�\}	}
}}tdj|	|
|���WYd
d
}~XnX|jjd�tkp�d
|dk�rtj|j�}
nd|_|j}
tjd|jdjdd�|jj�D��|
�|S)a�Send HTTP request.

        Makes sure that `verify_ssl` is respected. Logs request and
        response (with headers). For allowed parameters please see
        `requests.request`.

        :param str method: method for the new `requests.Request` object
        :param str url: URL for the new `requests.Request` object

        :raises requests.exceptions.RequestException: in case of any problems

        :returns: HTTP Response
        :rtype: `requests.Response`


        �POSTzSending POST request to %s:
%s�datazSending %s request to %s.Zverifyr-z
User-Agentr�zT.*host='(\S*)'.*Max retries exceeded with url\: (\/\w*).*(\[Errno \d+\])([A-Za-z ]*)NzRequesting {0}{1}:{2}zContent-Typer�zutf-8z!Received response:
HTTP %d
%s

%s�
css|]\}}dj||�VqdS)z{0}: {1}N)r�)r��k�vrrr r��sz.ClientNetwork._send_request.<locals>.<genexpr>)r�r�rvr8r�rrZrequestrn�
exceptionsZRequestException�re�matchrW�groupsrYr�r-r.r��base64Z	b64encoder��encodingr�re�join�items)rrr%r4r5r"�eZ	err_regex�m�host�pathZ_err_noZerr_msgZ
debug_contentrrr �
_send_request{s8
$	
zClientNetwork._send_request)r4r5rcOs|jd|�|�S)aSend HEAD request without checking the response.

        Note, that `_check_response` is not called, as it is expected
        that status code other than successfully 2xx will be returned, or
        messages2.Error will be raised by the server.

        �HEAD)r()r')rr4r5rrr �head�szClientNetwork.head)r%r�r5rcKs|j|jd|f|�|d�S)z$Send GET request and check response.ZGET)r�)rr')rr%r�r5rrr r.�szClientNetwork.get)r"rcCs�|j|jkrz|j|j}ytjjdj|�}Wn0tjk
r^}ztj	||��WYdd}~XnXt
jd|�|jj
|�n
tj|��dS)NrzStoring nonce: %s)�REPLAY_NONCE_HEADERr-rZHeader�_fieldsr�rqrrZBadNoncer�r�r�r�ZMissingNonce)rr"rZ
decoded_noncer�rrr �
_add_nonce�szClientNetwork._add_nonce)r%r7rcCsL|jsBtjd�|dkr$|j|�}n|j|j|�dd�}|j|�|jj�S)NzRequesting fresh nonce)r�)r�r�r�r)rr,�pop)rr%r7r"rrr �
_get_nonce�s

zClientNetwork._get_noncecOsZy|j||�Stjk
rT}z*|jdkrBtjd|�|j||�S�WYdd}~XnXdS)z�POST object wrapped in `.JWS` and check response.

        If the server responded with a badNonce error, the request will
        be retried once.

        ZbadNoncez Retrying request after error:
%sN)�
_post_oncerr��coder�r�)rr4r5r�rrr r;�s
zClientNetwork.postrS)r%rr�rr5rc	Ksh|jdd�}|j||j||�||�}|jdd|i�|jd|fd|i|��}|j||d�}|j|�|S)Nr7r-zContent-Typerr)r�)r-rr.r8r'rr,)	rr%rr�rr5r7rr"rrr r/�s
zClientNetwork._post_once)N)&rhrirjrkrZJOSE_CONTENT_TYPErr*rqr��DEFAULT_NETWORK_TIMEOUTr�r
rr)r�r�rWrXrr
r!rZJSONDeSerializabler
rrmrnrorrr'r)r.r,r.r;r/rrrr r�s.>:K
rc@sdeZdZdZedd�dd�Zeed�dd�Zeedd	�d
d�Z	edd�dd
�Z
eed�dd�ZdS)�_ClientDeprecationModulez�
    Internal class delegating to a module, and displaying warnings when attributes
    related to deprecated attributes in the acme.client module.
    N)�modulercCs||jd<dS)N�_module)�__dict__)rr3rrr r!sz!_ClientDeprecationModule.__init__)�attrrcCs*|dkrtjdj|�tdd�t|j|�S)Nrsr�zHThe {0} attribute in acme.client is deprecated and will be removed soon.r�)�
stacklevel)rsr�)�warnings�warnr��DeprecationWarningr:r4)rr6rrr r�s

z$_ClientDeprecationModule.__getattr__)r6r�rcCst|j||�dS)N)�setattrr4)rr6r�rrr �__setattr__sz$_ClientDeprecationModule.__setattr__cCst|j|�dS)N)�delattrr4)rr6rrr �__delattr__sz$_ClientDeprecationModule.__delattr__)rcCsdgt|j�S)Nr4)�dirr4)rrrr �__dir__ sz _ClientDeprecationModule.__dir__)
rhrirjrkrr!rWrr�r<r>r	r@rrrr r2sr2):rkrr�rZZemail.utilsrr�Zhttp.clientr�rfZloggingr�sysr��typesrZtypingrrrrrr	r
rrr
rr8Zjosepyrqr�rnZrequests.adaptersrZrequests.utilsrZ!requests_toolbelt.adapters.sourcerZacmerrrrZacme.mixinsrZ	getLoggerrhr�r1r�rrsr�r�rr2�modulesrrrr �<module>sf

Fix

Filemanager

DIR : / lib/ python3.6/ site-packages/ acme/ __pycache__/
Name Type Size Permission Actions
__init__.cpython-36.opt-1.pyc File 463 B 0644
__init__.cpython-36.pyc File 463 B 0644
challenges.cpython-36.opt-1.pyc File 20.02 KB 0644
challenges.cpython-36.pyc File 20.02 KB 0644
client.cpython-36.opt-1.pyc File 41.89 KB 0644
client.cpython-36.pyc File 42.06 KB 0644
crypto_util.cpython-36.opt-1.pyc File 13.45 KB 0644
crypto_util.cpython-36.pyc File 13.55 KB 0644
errors.cpython-36.opt-1.pyc File 6.19 KB 0644
errors.cpython-36.pyc File 6.19 KB 0644
fields.cpython-36.opt-1.pyc File 2.59 KB 0644
fields.cpython-36.pyc File 2.59 KB 0644
jws.cpython-36.opt-1.pyc File 2.11 KB 0644
jws.cpython-36.pyc File 2.11 KB 0644
magic_typing.cpython-36.opt-1.pyc File 875 B 0644
magic_typing.cpython-36.pyc File 875 B 0644
messages.cpython-36.opt-1.pyc File 26.46 KB 0644
messages.cpython-36.pyc File 26.49 KB 0644
mixins.cpython-36.opt-1.pyc File 3.03 KB 0644
mixins.cpython-36.pyc File 3.03 KB 0644
standalone.cpython-36.opt-1.pyc File 11.41 KB 0644
standalone.cpython-36.pyc File 11.41 KB 0644
util.cpython-36.opt-1.pyc File 622 B 0644
util.cpython-36.pyc File 622 B 0644