M/eN&dZddlZddlZddlmZddlmZddlmZddlmZddlm Z ddl m Z dd l m Z dd lmZdd lmZdd lmZdd lmZddlmZerddlmZej4eZGddej:Zy)z2A class that performs HTTP-01 challenges for NginxN)Any)List)Optional) TYPE_CHECKING) challenges)!KeyAuthorizationChallengeResponse)errors)"KeyAuthorizationAnnotatedChallenge)os)common) nginxparser)Addr)NginxConfiguratorceZdZdZd fd ZdeefdZd dZdee fdZ de de fdZ de deefd Zde deefd Zde deeefd ZxZS) NginxHttp01aHTTP-01 authenticator for Nginx :ivar configurator: NginxConfigurator object :type configurator: :class:`~nginx.configurator.NginxConfigurator` :ivar list achalls: Annotated class:`~certbot.achallenges.KeyAuthorizationAnnotatedChallenge` challenges :param list indices: Meant to hold indices of challenges in a larger array. NginxHttp01 is capable of solving many challenges at once which causes an indexing issue within NginxConfigurator who must return all responses in order. Imagine NginxConfigurator maintaining state about where all of the challenges, possibly of different types, belong in the response array. This is an optional utility. returnct|||tjj |j j d|_y)Nzle_http_01_cert_challenge.conf)super__init__r pathjoinconfig config_dirchallenge_conf)self configurator __class__s A/usr/lib/python3/dist-packages/certbot_nginx/_internal/http_01.pyrzNginxHttp01.__init__-s; &  ggll    * *,LNc|jsgS|jDcgc]}|j|j}}|j|jj dd|Scc}w)zPerform a challenge on Nginx. :returns: list of :class:`acme.challenges.KeyAuthorizationChallengeResponse` :rtype: list zHTTP ChallengeT)achallsresponse account_key _mod_configrsave)rx responsess rperformzNginxHttp01.perform3sg||I8< E1QZZ .E E  /6Fs"A/cd}ddd|jg}|jjj}gd}|jjj|}|D]*}|ddgk(s |d}||vr|j d|d }nd}|jjjj D]c} | }| D]}|ddgk(s |d}nt|D]6\} } | d|dk(st| dt|d kr||| <d }n|scn|s)|D]$}|ddgk(s |d}|j d|n|stjd |z|jD cgc]} |j| } } | Dcgc]}|| } }tj| } tj!d t#| |jj$j'd |jt)j*|jdd5}tj,| |d d d y cc} wcc}w#1swYy xYw)aModifies Nginx config to include server_names_hash_bucket_size directive and server challenge blocks. :raises .MisconfigurationError: Unable to find a suitable HTTP block in which to include authenticator hosts. F include )r*server_names_hash_bucket_sizer,128rhttpTz;Certbot could not find a block to include challenges in %s.NzGenerated server block: %swzutf-8)encoding)rrparser config_rootparsedinsertvalues enumerateintr MisconfigurationErrorr!_make_or_mod_server_blockr UnspacedListloggerdebugstrreverterregister_file_creationioopendump)rincludedinclude_directiverootbucket_directivemainlinebody found_bucket file_contentsposn inner_lineachallrr&new_confs rr$zNginxHttp01._mod_configGs!9c43F3FG  ''33N  ''..t4 DAw6("Aw$D0KK#45  $ !..55<<CCE M D% 7vh&7D  %.dO  ja=$4Q$77:a=)C0@0C,DD%5T #'L   " 7vh&7DKK#34   ..$&*+, ,HL||TV$008TT#5q}!55))&1 2CK@ ""99 $%% 'WWT((# @ /H   VX . / /U5 / /s2II I $IIcVg}d|jjjz}dj|jjj}|jjj}|jj t |\}}|rI|s|dz}t j|t j|g}tjd||n,t j|g}tjd||Dcgc]}|s| c}Scc}w)zFinds addresses for a challenge block to listen on. :returns: list of :class:`certbot_nginx._internal.obj.Addr` to apply :rtype: list z%sz[::]:{0}z ipv6only=onz5Using default addresses %s and %s for authentication.z,Using default address %s for authentication.) rr http01_portformat ipv6_infor@r fromstringr>r?)r addresses default_addr ipv6_addrportipv6ipv6onlyaddresss r_default_listen_addressesz%NginxHttp01._default_listen_addressess +- d//66BBB %%    $ $ 0 02   ''33**44SY?h %6 635I LLQ$! #67I LLG$ &(1E"&"E"Ef"M!N     $ $ : :5BT U";!<     $ $ : :( ; > >r)rrrN)rN)__name__ __module__ __qualname____doc__rrrr(r$rr_r r@rgrrwrrrr< __classcell__)rs@rrrs&N ?@(H/T=4:=<d+MdRUd#)K#PTUXPY#."5W",0I"0R'/S ':rr)rrCloggingtypingrrrracmeracme.challengesrcertbotr certbot.achallengesr certbot.compatr certbot.pluginsr certbot_nginx._internalr certbot_nginx._internal.objr$certbot_nginx._internal.configuratorr getLoggerrr>ChallengePerformerrrrrs^8  =B"/,F   8 $Y&++Yr