Coverage for certbot/plugins/standalone.py : 99%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
"""Standalone Authenticator.""" # https://github.com/python/typeshed/blob/master/stdlib/2and3/socket.pyi
# pylint: disable=unused-import, no-name-in-module
ServedType = DefaultDict[ acme_standalone.BaseDualNetworkedServers, Set[achallenges.KeyAuthorizationAnnotatedChallenge] ]
"""Standalone servers manager.
Manager for `ACMEServer` and `ACMETLSServer` instances.
`certs` and `http_01_resources` correspond to `acme.crypto_util.SSLSocket.certs` and `acme.crypto_util.SSLSocket.http_01_resources` respectively. All created servers share the same certificates and resources, so if you're running both TLS and non-TLS instances, HTTP01 handlers will serve the same URLs!
"""
"""Run ACME server on specified ``port``.
This method is idempotent, i.e. all calls with the same pair of ``(port, challenge_type)`` will reuse the same server.
:param int port: Port to run the server on. :param challenge_type: Subclass of `acme.challenges.Challenge`, either `acme.challenge.HTTP01` or `acme.challenges.TLSSNI01`. :param str listenaddr: (optional) The address to listen on. Defaults to all addrs.
:returns: DualNetworkedServers instance. :rtype: ACMEServerMixin
"""
address, self.certs) # type: acme_standalone.BaseDualNetworkedServers else: # challenges.HTTP01 address, self.http_01_resources)
# if port == 0, then random free port on OS is taken # pylint: disable=no-member # both servers, if they exist, have the same port
"""Stop ACME server running on the specified ``port``.
:param int port:
""" *sockname[:2]) # Not calling server_close causes problems when renewing multiple # certs with `certbot renew` using TLSSNI01 and PyOpenSSL 0.13
"""Return all running instances.
Once the server is stopped using `stop`, it will not be returned.
:returns: Mapping from ``port`` to ``servers``. :rtype: tuple
"""
# type: List[Type[challenges.KeyAuthorizationChallenge]]
"""Action class for parsing standalone_supported_challenges."""
"The standalone specific supported challenges flag is " "deprecated. Please use the --preferred-challenges flag " "instead.")
"""Validate the value of supported challenges provided by the user.
References to "dvsni" are automatically converted to "tls-sni-01".
:param str data: comma delimited list of challenge types
:returns: validated and converted list of challenge types :rtype: str
"""
# tls-sni-01 was dvsni during private beta "Updating legacy standalone_supported_challenges value") for chall in challs]
if name not in challenges.Challenge.TYPES]
# argparse.ArgumentErrors raised out of argparse.Action objects # are caught by argparse which prints usage information and the # error that occurred before calling sys.exit. self, "Unrecognized challenges: {0}".format(", ".join(unrecognized)))
self, "Plugin does not support the following (valid) " "challenges: {0}".format(", ".join(set(challs) - choices)))
"""Standalone Authenticator.
This authenticator creates its own ephemeral TCP listener on the necessary port in order to respond to incoming tls-sni-01 and http-01 challenges from the certificate authority. Therefore, it does not rely on any existing server program. """
# one self-signed key for all tls-sni-01 certificates
# Stuff below is shared across threads (i.e. servers read # values, main thread writes). Due to the nature of CPython's # GIL, the operations are safe, c.f. # https://docs.python.org/2/faq/library.html#what-kinds-of-global-value-mutation-are-thread-safe # type: Set[acme_standalone.HTTP01RequestHandler.HTTP01Resource]
def add_parser_arguments(cls, add): help=argparse.SUPPRESS, action=SupportedChallengesAction, default=",".join(chall.typ for chall in SUPPORTED_CHALLENGES))
def supported_challenges(self): """Challenges supported by this plugin.""" self.conf("supported-challenges").split(",")]
"on the necessary port in order to respond to incoming " "tls-sni-01 and http-01 challenges from the certificate " "authority. Therefore, it does not rely on any existing " "server program.")
# pylint: disable=unused-argument,missing-docstring
else: # tls-sni-01
chall=achall.chall, response=response, validation=validation)
# reduce self.served and close servers if no challenges are served
"Could not bind TCP port {0} because you don't have " "the appropriate permissions (for example, you " "aren't running this program as " "root).".format(error.port)) "Could not bind TCP port {0} because it is already in " "use by another process on this system (such as a web " "server). Please stop the program in question and " "then try again.".format(error.port)) "Cancel", default=False) else: |