o cW@s dZddlZddlZddlZddlZddlZddlZddlmZddlm Z ddlm Z ddlm Z ddlm Z ddlm Z dd lmZdd lmZdd lmZdd lmZddlZdd lmZddlmZddlZddlmZddlmZeeZedddZGdddej Z!Gdddej Z"Gddde!Z#Gddde!Z$Gddde"Z%Gddde$ej&dZ'e"j(Gd d!d!e%Z)e!j(Gd"d#d#e'Z*e"j(Gd$d%d%e%Z+e!j(Gd&d'd'e'Z,e"j(Gd(d)d)e%Z-e!j(Gd*d+d+e'Z.e!j(Gd,d-d-e$Z/e"j(Gd.d/d/e"Z0dS)0z&ACME Identifier Validation Challenges.N)Any)cast)Dict)Mapping)Optional)Tuple)Type)TypeVar)Union)hashes)crypto)SSL) crypto_util)errorsGenericChallenge Challenge)boundc s`eZdZUdZiZeeedfed<e dee de ee fde e dfffdd ZZS) rzACME challenge.TYPESclsjobjreturnUnrecognizedChallengec sPz ttt|WStjy'}zt|t|WYd}~Sd}~wwN) rrsuper from_jsonjoseUnrecognizedTypeErrorloggerdebugr)rrerror __class__  rc@sPeZdZdZeZejZdejde de e j e j ffddZedefddZd S) rzACME tls-alpn-01 challenge.r_rcrcKs,tt||j|dtt|ddS)aGenerate validation. :param JWK account_key: :param str domain: Domain verified by the challenge. :param OpenSSL.crypto.PKey cert_key: Optional private key used in certificate generation. If not provided (``None``), then fresh key will be generated. :rtype: `tuple` of `OpenSSL.crypto.X509` and `OpenSSL.crypto.PKey` cert_keyro)rro)rrrbrrr(rer"r"r#rfs zTLSALPN01.validationcCsttjdo ttjdS)ai Check if TLS-ALPN-01 challenge is supported on this machine. This implies that a recent version of OpenSSL is installed (>= 1.0.2), or a recent cryptography version shipped with the OpenSSL library is installed. :returns: ``True`` if TLS-ALPN-01 is supported on this machine, ``False`` otherwise. :rtype: bool set_alpn_protosset_alpn_select_callback)hasattrr ConnectionContextr"r"r"r# is_supported(s zTLSALPN01.is_supportedN)r$r%r&r'rr^r]rr\rrr rrrf staticmethodrFrr"r"r"r#rs$rc @seZdZdZdZdZ ejfdejdej de dej fdd Z d ej d ejde fd d Zdejde ddfddZdedefddZdS)DNSzACME "dns" challenge.dnsrsr_algrcrcKs(tjjd|jddd||d|S)zGenerate validation. :param .JWK account_key: Private account key. :param .JWA alg: :returns: This challenge wrapped in `.JWS` :rtype: .JWS T) sort_keysrv)payloadrrNr")rJWSsign json_dumpsrT)r1r_rrcr"r"r#gen_validation?s  zDNS.gen_validationrfrLc Cs^|j|dsdSz |||jdkWStjy.}z td|WYd}~dSd}~ww)zwCheck validation. :param JWS validation: :param JWK account_public_key: :rtype: bool )rFrvz&Checking validation for DNS failed: %sN)rZ json_loadsrrXrDeserializationErrorrr)r1rfrLrr"r"r#check_validationNs   zDNS.check_validation DNSResponsecKst|j|fi|dS)zGenerate response. :param .JWK account_key: Private account key. :param .JWA alg: :rtype: DNSResponse )rf)rrrer"r"r# gen_response_s zDNS.gen_responser{cCsd|j|S)zgDomain name for TXT validation record. :param str name: Domain name being validated. z{0}.{1})rr|r}r"r"r#r~jszDNS.validation_domain_nameN)r$r%r&r'r]r|rRS256r\ JWASignaturerrrrFrrr(r~r"r"r"r#r7s  rc@sJeZdZUdZdZejdejjdZ eje d<dddej de fd d Z d S) rz@ACME "dns" challenge response. :param JWS validation: rrf)r;rJrrLrcCs||j|S)z~Check validation. :param challenges.DNS chall: :param JWK account_public_key: :rtype: bool )rrf)r1rJrLr"r"r#r~s zDNSResponse.check_validationN)r$r%r&r'r]rr?rrrfr)r\rFrr"r"r"r#rss r)1r'rjrrArwloggingrtypingrrrrrrrr r cryptography.hazmat.primitivesr josepyrOpenSSLr r racmerr getLoggerr$rrTypedJSONObjectWithFieldsrr,rr6rGABCMetarKregisterrmrnrrrrrrr"r"r"r#s`                 2AH'%;