M/e dZddlZddlZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l mZdd l mZdd lmZdd lmZdd lmZerddlmZej0eZGddej6Zy)z3A class that performs HTTP-01 challenges for ApacheN)List)Set) TYPE_CHECKING)!KeyAuthorizationChallengeResponse)errors)"KeyAuthorizationAnnotatedChallenge) filesystem)os)common) VirtualHost) get_aug_path)ApacheConfiguratorceZdZdZdZdZdfd ZdeefdZ ddZ dd Z d e dee fd Zdee fd Zdee fd ZdeefdZdedefdZde ddfdZxZS) ApacheHttp01zFClass that performs HTTP-01 challenges within the Apache configurator.zo RewriteEngine on RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ {0}/$1 [END] z Require all granted Require all granted returnNct|||tjj |j j dd|_tjj |j j dd|_tjj |j jjd|_ t|_ y)Nzchallenge-locationzle_http_01_challenge_pre.confzle_http_01_challenge_post.confhttp_challenges)super__init__r pathjoin configuratorconfchallenge_conf_prechallenge_conf_postconfigwork_dir challenge_dirset moded_vhosts)selfr __class__s B/usr/lib/python3/dist-packages/certbot_apache/_internal/http_01.pyrzApacheHttp01.__init__'s & "$'',,    " "#7 8 +#-$&77<<    " "#7 8 ,$.  WW\\    $ $ - - /2ecv|jsgS|jjdd|jjt |jj j |j|j}|j|jjdd|S)zPerform all HTTP-01 challenges.zChanges before challenge setupTzHTTP Challenge) achallsrsave ensure_listenstrr http01_portprepare_http01_modules_set_up_challenges _mod_config)r! responsess r#performzApacheHttp01.perform5s||I ?F ''D,=,=,D,D,P,P(QR ##%++-   /6r$c|jjdrOddg}|D]E}|dz|jjjvs)|jj |dGyy)z>Make sure that we have the needed modules available for http01zhandle-modulesrewrite authz_core_moduleT)tempN)rrparsermodules enable_mod)r!needed_modulesmods r#r+z#ApacheHttp01.prepare_http01_modulesHsp    ! !"2 3'6N% A?$*;*;*B*B*J*JJ%%0040@ A 4r$c, g}t|jjj |jD] }||j |j z }"d}|D]#}t fd|jDs"d}%|r||jz }n||jz }|D]}|j||jjjd|j|jjjd|j|j j#|j$}|j&j#|j$}t(j+d|t-|jd5}|j/|dddt(j+d|t-|jd5}|j/|dddy#1swYPxYw#1swYyxYw)NFc3hK|])}|jxs|jk(+ywN is_wildcardget_port).0a http_ports r# z+ApacheHttp01._mod_config..]s*UA1==??ajjli&??U/2Tz(writing a pre config file with text: %swz)writing a post config file with text: %s)r)rrr*r&_matching_vhostsdomainanyaddrs_unnamed_vhosts_relevant_vhosts_set_up_include_directivesreverterregister_file_creationrrCONFIG_TEMPLATE24_PREformatrCONFIG_TEMPLATE24_POSTloggerdebugopenwrite) r!selected_vhostschallfoundvhostvhconfig_text_preconfig_text_postnew_confrBs @r#r-zApacheHttp01._mod_configQs-/))00<<= \\ CE t44U\\B BO C $ EUUU   t335 5O t446 6O" 0B  + +B / 0 ""99 $)) + ""99 $** ,44;;DP>PQ @/R $))3 / ,8 NN? + , ACST $**C 0 -H NN+ , - - , , - -sG>#H >H HrGcg}|jjD]>}|jj|j|s.|j |@|S)zReturn all VirtualHost objects that have the requested domain name or a wildcard name that would match the domain in ServerName or ServerAlias directive. )rvhostsdomain_in_names get_namesappend)r!rGmatching_vhostsrYs r#rFzApacheHttp01._matching_vhosts{sY &&-- .E  001BFK &&u-  . r$cZt|jjjg}|jjD]?}t fd|j Ds"|jr/|j|A|s$tjdj|S)Nc3hK|])}|jxs|jk(+ywr<r=)r@rAr*s r#rCz0ApacheHttp01._relevant_vhosts..s*Wa1==?Aajjlk&AAWrDzUnable to find a virtual host listening on port {0} which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port {0}.) r)rrr*r_rHrIsslrbr PluginErrorrP)r!relevant_vhostsrYr*s @r#rKzApacheHttp01._relevant_vhostss$++22>>? -/&&-- 2EW5;;WWyy#**51 2$${+ - - r$cn|jjDcgc]}|j|c}Scc}w)z1Return all VirtualHost objects with no ServerName)rr_name)r!rZs r#rJzApacheHttp01._unnamed_vhostss*!..55IrIIIs22ctjj|js?t j d5 t j |jddddg}|jD]"}|j|j|$|S#t$rK}|jtjtjfvrtjdYd}~d}~wwxYw#1swYxYw)Niz*Couldn't create root for http-01 challenge)r risdirrr temp_umaskmakedirsOSErrorerrnoEEXISTEISDIRrrgr&rb_set_up_challenge)r! exceptionr.achalls r#r,zApacheHttp01._set_up_challengessww}}T//0&&u- JJ''(:(:EB J ll =F   T33F; < =J u||U\\.JJ$00HJJKJ J Js0C5 B C2'AC-(C5-C22C55C>rvc|j\}}tjj|j|j j d}|jjjd|t|d5}|j|j dddtj|d|S#1swY!xYw)NtokenTwbi)response_and_validationr rrrrWencoderrMrNrTrUr chmod)r!rvresponse validationrjfs r#rtzApacheHttp01._set_up_challenges%==?*GGLL!3!3V\\5H5H5QR ""99$E $  ) GGJ%%' ( )u%  ) )s C  CrYcj||jvr$tjd|j|j|j j j|jd|j|j j j|jd|j|js[|j j jt|j j jdd|j|jj|yy)zIncludes override configuration to the beginning and to the end of VirtualHost. Note that this include isn't added to Augeas search treezCAdding a temporary challenge validation Include for name: %s in: %sIncludedefaultN)r rRrSrjfileprr5add_dir_beginningrradd_dirrenabledr locadd)r!rYs r#rLz'ApacheHttp01._set_up_include_directivess )) ) LLU EKK )    $ $ 6 6 It'>'> @    $ $ , , It'?'? A==!!((00 !2!2!9!9!=!=i!HIu{{,    ! !% ( *r$)rrrN)rN)__name__ __module__ __qualname____doc__rOrQrrrr/r+r-r)r rFrKrJr,rrtrL __classcell__)r"s@r#rrsP 4?@&A(-T s tK/@ ${"3 Jk!2JD)J$K (J @ ) ))r$r)rrqloggingtypingrrracme.challengesrcertbotrcertbot.achallengesrcertbot.compatr r certbot.pluginsr certbot_apache._internal.objr certbot_apache._internal.parserr %certbot_apache._internal.configuratorr getLoggerrrRChallengePerformerrr$r#rs[9  =B%"48H   8 $u)6,,u)r$