예제 #1
0
 def _perform_achall_manually(self,
                              achall: achallenges.AnnotatedChallenge,
                              last_dns_achall: bool = False) -> None:
     validation = achall.validation(achall.account_key)
     if isinstance(achall.chall, challenges.HTTP01):
         msg = self._HTTP_INSTRUCTIONS.format(
             achall=achall,
             encoded_token=achall.chall.encode('token'),
             port=self.config.http01_port,
             uri=achall.chall.uri(achall.domain),
             validation=validation)
     else:
         assert isinstance(achall.chall, challenges.DNS01)
         msg = self._DNS_INSTRUCTIONS.format(
             domain=achall.validation_domain_name(achall.domain),
             validation=validation)
     if isinstance(achall.chall, challenges.DNS01):
         if self.subsequent_dns_challenge:
             # 2nd or later dns-01 challenge
             msg += self._SUBSEQUENT_DNS_CHALLENGE_INSTRUCTIONS
         elif self.subsequent_any_challenge:
             # 1st dns-01 challenge, but 2nd or later *any* challenge, so
             # instruct user not to remove any previous http-01 challenge
             msg += self._SUBSEQUENT_CHALLENGE_INSTRUCTIONS
         self.subsequent_dns_challenge = True
         if last_dns_achall:
             # last dns-01 challenge
             msg += self._DNS_VERIFY_INSTRUCTIONS.format(
                 domain=achall.validation_domain_name(achall.domain))
     elif self.subsequent_any_challenge:
         # 2nd or later challenge of another type
         msg += self._SUBSEQUENT_CHALLENGE_INSTRUCTIONS
     display_util.notification(msg, wrap=False, force_interactive=True)
     self.subsequent_any_challenge = True
예제 #2
0
 def _perform_http_01(
     self, achall: achallenges.AnnotatedChallenge
 ) -> Tuple[acme_standalone.HTTP01DualNetworkedServers,
            challenges.ChallengeResponse]:
     port = self.config.http01_port
     addr = self.config.http01_address
     servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
     response, validation = achall.response_and_validation()
     resource = acme_standalone.HTTP01RequestHandler.HTTP01Resource(
         chall=achall.chall, response=response, validation=validation)
     self.http_01_resources.add(resource)
     return servers, response
예제 #3
0
 def _perform_achall_with_script(self, achall: achallenges.AnnotatedChallenge,
                                 achalls: List[achallenges.AnnotatedChallenge]) -> None:
     env = dict(CERTBOT_DOMAIN=achall.domain,
                CERTBOT_VALIDATION=achall.validation(achall.account_key),
                CERTBOT_ALL_DOMAINS=','.join(one_achall.domain for one_achall in achalls),
                CERTBOT_REMAINING_CHALLENGES=str(len(achalls) - achalls.index(achall) - 1))
     if isinstance(achall.chall, challenges.HTTP01):
         env['CERTBOT_TOKEN'] = achall.chall.encode('token')
     else:
         os.environ.pop('CERTBOT_TOKEN', None)
     os.environ.update(env)
     _, out = self._execute_hook('auth-hook', achall.domain)
     env['CERTBOT_AUTH_OUTPUT'] = out.strip()
     self.env[achall] = env
예제 #4
0
    def _perform_single(
            self, achall: AnnotatedChallenge) -> challenges.ChallengeResponse:
        response, validation = achall.response_and_validation()

        root_path = self.full_roots[achall.domain]
        validation_path = self._get_validation_path(root_path, achall)
        logger.debug("Attempting to save validation to %s", validation_path)

        # Change permissions to be world-readable, owner-writable (GH #1795)
        old_umask = filesystem.umask(0o022)

        try:
            with safe_open(validation_path, mode="wb",
                           chmod=0o644) as validation_file:
                validation_file.write(validation.encode())
        finally:
            filesystem.umask(old_umask)

        self.performed[root_path].add(achall)
        return response