| Server IP : 209.38.156.173 / Your IP : 216.73.216.122 [ Web Server : Apache/2.4.52 (Ubuntu) System : Linux lakekumayuhotel 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64 User : root ( 0) PHP Version : 8.1.2-1ubuntu2.22 Disable Function : NONE Domains : 2 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /lib/python3/dist-packages/acme/__pycache__/ |
Upload File : |
o
����[
Pd�A����������������������@���s���d�Z�ddlZddlZddlZddlZddlZddlZddlZddlm Z �ddlm
Z
�ddlm
Z
�ddlm
Z
�ddlm
Z
�ddlmZ�dd lmZ�dd
lmZ�ddlZdd
lmZ�dd
lmZ�dd
lmZ�e�e�ZejZ
G�dd��d�Z
G�dd��d�Z
dde
ddfde de de de de dee!e f�de
e
e!��d
ej"fd
d
�Z# d>d e d!e
eee!�e
e!�f��d"e$d#e
e
eej%ej&f���d
e f
d$d%�Z'd&eej"ej(f�d
e
e!�fd'd(�Z)d)eej"ej(f�d
e
e!�fd*d+�Z*d)eej"ej(f�d
e
e!�fd,d-�Z+d)eej"ej(f�d
e
e!�fd.d/�Z, 1 d?d2ej-d!e
e
e!��d3e
e �d4e d5e$d6e
e
ej.��d7e
e
eej%ej%f���d
ej"fd8d9�Z/ej0fd:e
ej"�d;e d
e fd<d=�Z1dS�)@zCrypto utilities.�����N)�Any)�Callable)�List)�Mapping)�Optional)�Set)�Tuple)�Union)�crypto)�SSL)�errorsc�������������������@���sR���e�Zd�Zdeeeejejf�f�fdd�Z de
j
de
eejejf��fdd�Z
dS�) �_DefaultCertSelection�certsc�����������������C����
���||�_�d�S��N)r���)�selfr�����r����2/usr/lib/python3/dist-packages/acme/crypto_util.py�__init__%�������
z
_DefaultCertSelection.__init__�
connection�returnc�����������������C���s���|����}|�j�|d��S�r���)�get_servernamer����get)r���r����
server_namer���r���r����__call__(���s���z
_DefaultCertSelection.__call__N)�__name__�
__module__�
__qualname__r����bytesr���r
����PKey�X509r���r
����
Connectionr���r���r���r���r���r���r
���$���s����"(r
���c�������������������@���s����e�Zd�ZdZdeddfdejdeeee e
j
e
j
f�f��de
deeejee�gef��deeejge e
j
e
j
f�f��ddf
d d
�Zd
edefd
d
�Zdejddfdd�ZG�dd��d�Zde eef�fdd�ZdS�)� SSLSocketa���SSL wrapper for sockets.
:ivar socket sock: Original wrapped socket.
:ivar dict certs: Mapping from domain names (`bytes`) to
`OpenSSL.crypto.X509`.
:ivar method: See `OpenSSL.SSL.Context` for allowed values.
:ivar alpn_selection: Hook to select negotiated ALPN protocol for
connection.
:ivar cert_selection: Hook to select certificate for connection. If given,
`certs` parameter would be ignored, and therefore must be empty.
N�sockr����method�alpn_selection�cert_selectionr���c�����������������C���sX���||�_�||�_||�_|s|std��|r|rtd��|}|d�u�r't|r$|ni��}||�_d�S�)Nz*Neither cert_selection or certs specified.z(Both cert_selection and certs specified.)r$���r&���r%����
ValueErrorr
���r'���)r���r$���r���r%���r&���r'����actual_cert_selectionr���r���r���r���:���s����
zSSLSocket.__init__�namec�����������������C����
���t�|�j|�S�r���)�getattrr$����r���r*���r���r���r����
__getattr__P�������
zSSLSocket.__getattr__r���c�����������������C���s����|���|�}|du�rt�d|�����dS�|\}}t�|�j�}|�tj��|�tj ��|�
|��|�
|��|�j
dur>|�
|�j
��|�|��dS�)a���SNI certificate callback.
This method will set a new OpenSSL context object for this
connection when an incoming connection provides an SNI name
(in order to serve the appropriate certificate, if any).
:param connection: The TLS connection object on which the SNI
extension was received.
:type connection: :class:`OpenSSL.Connection`
Nz=Certificate selection for server name %s failed, dropping SSL)r'����logger�debugr���r
����Contextr%����
set_options�
OP_NO_SSLv2�
OP_NO_SSLv3�use_privatekey�use_certificater&����set_alpn_select_callback�
set_context)r���r����pair�key�cert�
new_contextr���r���r����_pick_certificate_cbS���s
���
�
z
SSLSocket._pick_certificate_cbc�������������������@���sH���e�Zd�ZdZdejddfdd�Zdedefdd �Z d
ede
fd
d
�Z
dS�)
zSSLSocket.FakeConnectionz
Fake OpenSSL.SSL.Connection.r���r���Nc�����������������C���r���r���)�_wrapped)r���r���r���r���r���r���s���r���z!SSLSocket.FakeConnection.__init__r*���c�����������������C���r+���r���)r,���r?���r-���r���r���r���r.���v���r/���z$SSLSocket.FakeConnection.__getattr__�
unused_argsc�����������������G���s
���|�j����S�r���)r?����shutdown)r���r@���r���r���r���rA���y���s���
z!SSLSocket.FakeConnection.shutdown)
r
���r
���r
����__doc__r
���r"���r����strr���r.����boolrA���r���r���r���r����FakeConnectionn���s
����rE���c��������������
���C���s����|�j����\}}t�|�j�}|�tj��|�tj��|�|�j ��|�j
d�ur*|�
|�j
��|��
t�
||��}|����t�d|��z |����W�||fS��tjyX�}�zt�|��d�}~ww�)Nz
Performing handshake with %s)r$����acceptr
���r2���r%���r3���r4���r5����
set_tlsext_servername_callbackr>���r&���r8���rE���r"����set_accept_stater0���r1����
do_handshake�Error�socket�error)r���r$����addr�context�ssl_sockrL���r���r���r���rF���}���s"���
�
��zSSLSocket.accept)r
���r
���r
���rB����_DEFAULT_SSL_METHODrK���r���r���r ���r���r
���r ���r!����intr���r
���r"���r���r���rC���r���r.���r>���rE���rF���r���r���r���r���r#���-���s.����
����
��
�r#���i���i,��)��r���r*����host�port�timeoutr%����source_address�alpn_protocolsr���c��������������
���C���s.��t��|�}|�|��d|i}z%t�d||t|�r"d�|d�|d��nd��||f} tj| fi�|��}
W�n�tj yE�}
�zt
�
|
��d}
~
ww�t
�
|
��@}
t��||
�}
|
����|
�|���|durd|
�|��z
|
����|
����W�n�t�j
y��}
�zt
�
|
��d}
~
ww�W�d����|
���S�1�s�w���Y��|
���S�)a��Probe SNI server for SSL certificate.
:param bytes name: Byte string to send as the server name in the
client hello message.
:param bytes host: Host to connect to.
:param int port: Port to connect to.
:param int timeout: Timeout in seconds.
:param method: See `OpenSSL.SSL.Context` for allowed values.
:param tuple source_address: Enables multi-path probing (selection
of source interface). See `socket.creation_connection` for more
info. Available only in Python 2.7+.
:param alpn_protocols: Protocols to request using ALPN.
:type alpn_protocols: `list` of `str`
:raises acme.errors.Error: In case of any problems.
:returns: SSL certificate presented by the server.
:rtype: OpenSSL.crypto.X509
rV���z!Attempting to connect to %s:%d%s.z
from {0}:{1}r�������rR���N)r
���r2����
set_timeoutr0���r1����any�formatrK����create_connectionrL���r
���rJ����
contextlib�closingr"����set_connect_state�set_tlsext_host_name�set_alpn_protosrI���rA����get_peer_certificate)r*���rS���rT���rU���r%���rV���rW���rN����
socket_kwargs�
socket_tupler$���rL����client�
client_sslr���r���r���� probe_sni����sJ���
���
��
���
�
�
rg���F�private_key_pem�domains�
must_staple�ipaddrsc�����������
������C���s����t��t�j|��}t����}g�}|du�rg�}|du�rg�}t|�t|��dkr'td��|D�] }|�d|���q)|D�]
}|�d|j���q5d�|�� d�} t�j
dd | d
�g}
|r^|
�t�j
d
d d
d
���|�
|
��|�
|��|�
d��|�|d
��t��t�j|�S�)a���Generate a CSR containing domains or IPs as subjectAltNames.
:param buffer private_key_pem: Private key, in PEM PKCS#8 format.
:param list domains: List of DNS names to include in subjectAltNames of CSR.
:param bool must_staple: Whether to include the TLS Feature extension (aka
OCSP Must Staple: https://tools.ietf.org/html/rfc7633).
:param list ipaddrs: List of IPaddress(type ipaddress.IPv4Address or ipaddress.IPv6Address)
names to include in subbjectAltNames of CSR.
params ordered this way for backward competablity when called by positional argument.
:returns: buffer PEM-encoded Certificate Signing Request.
Nr���zAAt least one of domains or ipaddrs parameter need to be not empty�DNS:�IP:�, �ascii����subjectAltNameF��critical�values���1.3.6.1.5.5.7.1.24s���DER:30:03:02:01:05�sha256)r
����load_privatekey�
FILETYPE_PEM�X509Req�lenr(����append�exploded�join�encode�
X509Extension�add_extensions�
set_pubkey�
set_version�sign�dump_certificate_request)
rh���ri���rj���rk����
private_key�csr�sanlist�address�ips�
san_string�
extensionsr���r���r����make_csr����sF�������
�r�����loaded_cert_or_reqc��������������������s6���|�����j��t|��}��d�u�r|S���g��fdd�|D���S�)Nc��������������������s���g�|�]}|��kr|�qS�r���r���)�.0�d��
common_namer���r����
<listcomp>
��s����z4_pyopenssl_cert_or_req_all_names.<locals>.<listcomp>)�
get_subject�CN�_pyopenssl_cert_or_req_san)r�����sansr���r����r���� _pyopenssl_cert_or_req_all_names��s
���
r�����
cert_or_reqc��������������������s(���d��d����t�|��}���fdd�|D��S�)a���Get Subject Alternative Names from certificate or CSR using pyOpenSSL.
.. todo:: Implement directly in PyOpenSSL!
.. note:: Although this is `acme` internal API, it is used by
`letsencrypt`.
:param cert_or_req: Certificate or CSR.
:type cert_or_req: `OpenSSL.crypto.X509` or `OpenSSL.crypto.X509Req`.
:returns: A list of Subject Alternative Names that is DNS.
:rtype: `list` of `unicode`
�:�DNSc��������������������s$���g�|�]}|����r|����d���qS�)rX���)�
startswith�split�r�����part��part_separator�prefixr���r���r����%��s����
�z._pyopenssl_cert_or_req_san.<locals>.<listcomp>�� _pyopenssl_extract_san_list_raw)r�����
sans_partsr���r����r���r������s
���
�r����c��������������������s&���d}d|���t�|��}��fdd�|D��S�)ai��Get Subject Alternative Names IPs from certificate or CSR using pyOpenSSL.
:param cert_or_req: Certificate or CSR.
:type cert_or_req: `OpenSSL.crypto.X509` or `OpenSSL.crypto.X509Req`.
:returns: A list of Subject Alternative Names that are IP Addresses.
:rtype: `list` of `unicode`. note that this returns as string, not IPaddress object
r����z
IP Addressc��������������������s&���g�|�]}|�����r|t���d����qS�r���)r����rx���r�����r����r���r���r����:��s���&�z1_pyopenssl_cert_or_req_san_ip.<locals>.<listcomp>r����)r����r����r����r���r����r����
_pyopenssl_cert_or_req_san_ip)��s���
r����c�����������������C���sj���t�|�tj�rt�tj|���d�}n
t�tj|���d�}t�d|�}d}|du�r+g�}|S�|� d��
|�}|S�)a��Get raw SAN string from cert or csr, parse it as UTF-8 and return.
:param cert_or_req: Certificate or CSR.
:type cert_or_req: `OpenSSL.crypto.X509` or `OpenSSL.crypto.X509Req`.
:returns: raw san strings, parsed byte as utf-8
:rtype: `list` of `unicode`
zutf-8z5X509v3 Subject Alternative Name:(?: critical)?\s*(.*)rn���NrX���)
�
isinstancer
���r!����dump_certificate�
FILETYPE_TEXT�decoder�����re�search�groupr����)r�����text�raw_san�parts_separatorr����r���r���r���r����=��s���
�r�����: �Tr;����
not_before�validity� force_sanr����r����c�����������
������C���sZ��|s|sJ�d��t����}|�tt�t�d��d���|�d��|du�r%g�}|du�r+g�}|du�r1g�}|� t��
ddd���t
|�dkrH|d�|�
��_
|�|�
����g�}|D�] } |� d | ���qS|D�]
}
|� d
|
j���q_d
�|��d
�}
|s�t
|�d
ks�t
|�dkr�|� t�j
dd|
d���|�|��|�|du�r�dn|��|�|��|�|���|�|�d��|S�)ax��Generate new self-signed certificate.
:type domains: `list` of `unicode`
:param OpenSSL.crypto.PKey key:
:param bool force_san:
:param extensions: List of additional extensions to include in the cert.
:type extensions: `list` of `OpenSSL.crypto.X509Extension`
:type ips: `list` of (`ipaddress.IPv4Address` or `ipaddress.IPv6Address`)
If more than one domain is provided, all of the domains are put into
``subjectAltName`` X.509 extension and first domain is set as the
subject CN. If only one domain is provided no ``subjectAltName``
extension is used, unless `force_san` is ``True``.
z7Must provide one or more hostnames or IPs for the cert.��������Ns���basicConstraintsTs���CA:TRUE, pathlen:0r���rl���rm���rn���ro���rX���rp���Frq���rt���)r
���r!����set_serial_numberrQ����binascii�hexlify�os�urandomr����ry���r}���rx���r����r�����
set_issuerrz���r{���r|���r~����gmtime_adj_notBefore�gmtime_adj_notAfterr���r����)
r;���ri���r����r����r����r����r����r<���r����r�����ipr����r���r���r����
gen_ss_cert\��sH���
��
�
r�����chain�filetypec��������������������s:���dt�tjtjf�dtf�fdd�
��d���fdd�|�D���S�)z�Dump certificate chain into a bundle.
:param list chain: List of `OpenSSL.crypto.X509` (or wrapped in
:class:`josepy.util.ComparableX509`).
:returns: certificate chain bundle
:rtype: bytes
r<���r���c��������������������s
���t�|�tj�r |�j}�t���|��S�r���)r�����jose�ComparableX509�wrappedr
���r����)r<���)r����r���r����
_dump_cert���s���
z(dump_pyopenssl_chain.<locals>._dump_cert�����c�����������������3���s�����|�]}��|�V��qd�S�r���r���)r����r<���)r����r���r���� <genexpr>���s�����z'dump_pyopenssl_chain.<locals>.<genexpr>)r ���r����r����r
���r!���r ���r{���)r����r����r���)r����r����r����dump_pyopenssl_chain���s���"
r����)NFN)NNr����TNN)2rB���r����r]���� ipaddress�loggingr����r����rK����typingr���r���r���r���r���r���r���r ����josepyr�����OpenSSLr
���r
����acmer
���� getLoggerr
���r0����
SSLv23_METHODrP���r
���r#���r ���rQ���rC���r!���rg���rD����
IPv4Address�
IPv6Addressr����rw���r����r����r����r����r ���r}���r����rv���r����r���r���r���r����<module>���s�����
h��
�
�
�7 ���
�7
�"
"" ����
��
�&B