Anons79 Mini Shell

Directory : /lib/python2.7/site-packages/ansible/module_utils/
Upload File :
Current File : //lib/python2.7/site-packages/ansible/module_utils/acme.pyo

�
�Udac@`sddlmZmZmZeZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZddl
Z
ddlZddlZddlZddlZddlmZmZmZddlmZddlmZddlmZy�ddlZddlZddlZddl Zddl!Zddl"Zddl#Zddl$Zddl%Zddl&Zddl'm(Z(ej)Z*e(e*�e(d�ka+t+r�ej,j-j.�Z/nWne0k
r�Z1e2a+nXd	e0fd
��YZ3d�Z4dd
�Z5d�Z6d�Z7e8e8d�Z9d�Z:ej;ddkrhd�Z<d�Z=d�Z>nd�Z<d�Z=d�Z>e8e8d�Z?d�Z@e2eAeAd�ZBdeCfd��YZDdeCfd��YZEd �ZFd!�ZGd"�ZHe8d#�ZId$�ZJd%�ZKdS(&i(tabsolute_importtdivisiontprint_functionN(t	to_nativetto_texttto_bytes(t	fetch_url(t	ipaddress(tunquote(tLooseVersions1.5tModuleFailExceptioncB`s eZdZd�Zd�ZRS(s_
    If raised, module.fail_json() will be called with the given parameters after cleanup.
    cK`s/tt|�j||�||_||_dS(N(tsuperR
t__init__tmsgtmodule_fail_args(tselfR
targs((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR;s	cK`s#|jd|jd|j|�dS(NR
tother(t	fail_jsonR
R(Rtmodulet	arguments((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pytdo_fail@s(t__name__t
__module__t__doc__RR(((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR
7s	cC`s"tj|�jd�jdd�S(Ntutf8t=t(tbase64turlsafe_b64encodetdecodetreplace(tdata((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt	nopad_b64DstbcC`s\y*t|d|��}|j�SWdQXWn+tk
rW}tdj||���nXdS(Ntrs#Error while reading file "{0}": {1}(topentreadt	ExceptionR
tformat(tfntmodetfte((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt	read_fileHs
cC`s�t}tjdt�\}}tj|d�}y|j|�Wnftk
r�}y|j�Wntk
rv}nXtj|�t	dt
|�dtj���nX|j�d}	d}
tjj|�sytj|�Wntk
r�}nXt	d|��ntj|tj�sAtj|�t	d|��n|j|�}	tjj|�r�tj|tj�s�tj|�t	d|��ntj|tj�s�tj|�t	d|��n|j|�}
nMtjj|�p�d	}tj|tj�s+tj|�t	d
|��n|	|
kr�ytj||�t}Wq�tk
r�}tj|�t	d||t
|�fdtj���q�Xntj|�|S(
sV
    Write content to destination file dest, only if the content
    has changed.
    ttexttwbs+failed to create temporary content file: %st	exceptionsSource %s does not existsSource %s not readablesDestination %s not writablesDestination %s not readablet.sDestination dir %s not writablesfailed to copy %s to %s: %sN(tFalsettempfiletmkstemptostfdopentwriteR&tclosetremoveR
Rt	tracebackt
format_exctNonetpathtexiststaccesstR_OKtsha1tW_OKtdirnametshutiltcopyfiletTrue(RtdesttcontenttchangedtfdttmpsrcR*terrtdummytchecksum_srct
checksum_destRB((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt
write_fileQs\
&






2
cC`s�g}yut|d��`}d}xP|D]H}|jd�r]|d7}|dkr(Pq(q(n|j|j��q(WWdQXWn=tk
r�}tdj|t|��dtj	���nXt
jd	j|��S(
ss
    Load PEM file, and convert to DER.

    If PEM contains multiple entities, the first entity will be used.
    trtis-----iiNscannot load PEM file {0}: {1}R/R(
R$t
startswithtappendtstripR&R
R'RR9R:Rt	b64decodetjoin(tpem_filenametcertificate_linesR*theader_line_counttlineRK((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt
pem_to_der�s

!.c
C`s�|dkr�tj�\}}|j|�tj|d�}y |j|jd��|}WnYtk
r�}y|j	�Wntk
r�}nXt
dt|�dtj
���nX|j	�nd}	t|d��O}xE|D]=}
tjd|
�}|dk	r�|jd�j�}	Pq�q�WWdQX|	dkrAd	}	n|	dCkr[d|	ifS||	d|d
dg}|j|dt�\}}
}|	d	kr�tjdt|
dd�tjtjB�j�\}}djt|��}t|�drdj|�}ndi|d6d	d6dd6idd6ttj|jd���d6ttjtj dd|�jd���d6d 6d!d"6fS|	d
kr�tjd#t|
dd�tjtjB�}|dkr�d$ifStjtj dd|jd��jd��}|jd�j�}|jd%�rB|jd%�j�nd}|d&ks`|d'kr�d(}d)}d!}d*}d+}n�|d,ks�|d-kr�d.}d/}d0}d1}d2}nM|d3ks�|d4kr�d5}d6}d7}d8}d9}nd:||fifS|d;d<}t|�d|kr?d=||fifSdi|d6d
d6|d6id>d6|d?6t|| �d@6t||�dA6d 6|d"6|dB6fSdS(Dsj
    Parses an RSA or Elliptic Curve key file in PEM format and returns a pair
    (error, key_data).
    R.sutf-8s+failed to create temporary content file: %sR/RPs2^\s*-{5,}BEGIN\s+(EC|RSA)\s+PRIVATE\s+KEY-{5,}\s*$iNtrsatecsunknown key type "%s"s-ins-noouts-texttcheck_rcs:modulus:\n\s+00:([a-f0-9\:\s]+?)\npublicExponent: ([0-9]+)terrorstsurrogate_or_stricts{0:x}is0{0}tkey_filettypetRS256talgtRSAtktyR+s(\s|:)Rtntjwktsha256thashsHpub:\s*\n\s+04:([a-f0-9\:\s]+?)\nASN1 OID: (\S+)(?:\nNIST CURVE: (\S+))?scannot parse elliptic curve keyit
prime256v1sp-256itES256i sP-256t	secp384r1sp-384i�tES384tsha384i0sP-384t	secp521r1sp-521i	tES512tsha512iBsP-521sunknown elliptic curve: %s / %siis"bad elliptic curve point (%s / %s)tECtcrvtxtyt
point_size(srsasec(!R;R2R3tadd_cleanup_fileR4R5R6tencodeR&R7R
RR9R:R$tretmatchtgrouptlowertrun_commandREtsearchRt	MULTILINEtDOTALLtgroupsR'tinttlenR!tbinasciit	unhexlifytsub(topenssl_binaryRR`tkey_contentRIRJR*RKRLtaccount_key_typeRYtmtopenssl_keydump_cmdtouttpub_hextpub_exptpub_datatasn1_oid_curvet
nist_curvetbitsRcthashalgRvtcurvet	num_bytes((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt_parse_key_openssl�s�

&

	.2"
0*			cC`s�|ddj|d�d|dg}dj||�jd�}|j|d|d	td
t�\}}}|ddkr�|j|d
ddgd|d
t�\}}	}d|d}
tjd|
t|	dd��}t|�dkrtdjt|	dd����n|
t|d�d|d|d<|
t|d�d|d|d<t	j
|d�t	j
|d�}ni|d6|d6tt|��d6S(Ntdgsts-{0}Ris-signR`s{0}.{1}RR R]tbinary_dataRaR\t	asn1parses-informtDERiRvs%prim:\s+INTEGER\s+:([0-9A-F]{1,%s})\nR^R_sIfailed to generate Elliptic Curve signature; cannot parse DER output: {0}it0it	protectedtpayloadt	signature(
R'RxR}RERytfindallRR�R
R�R�R!R(R�Rt	payload64tprotected64tkey_datatopenssl_sign_cmdtsign_payloadRLR�tder_outtexpected_lentsig((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt_sign_request_openssls,&*$$'icC`s"|dkr|j�ddSdS(Niii(t
bit_length(Rf((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt_count_bytes-scC`s|j|dd�S(Nt	byteordertbig(R(tcounttno((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt_convert_int_to_bytes0scC`sAt|�d}t|�|kr=d|t|�|}n|S(NiR�(thexR�(Rftdigitstres((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt_pad_hex3scC`s,|dkrdSd|}t|�ddS(Nis%xii(R�(Rfth((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR�:s
cC`s^d|}t|�d|kr;tdj||���ndd|t|�|jd�S(Ns%xis%Number {1} needs more than {0} bytes!R�R�(R�R&R'R(R�RfR�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR�@s
cC`s;d|}t|�|kr7d|t|�|}n|S(Ns%xR�(R�(RfR�R�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR�Fs
cC`s�|d+krt|�}nt|�}y(tjjjj|dd+dt�}Wn#t	k
rt}dj
|�d+fSXt|tjjjj
j�r|j�j�}d+i|d6dd6dd6id	d
6ttt|j�|j��d6ttt|j�|j��d6d
6dd6fSt|tjjjjj�r�|j�j�}|jjdkr�d}d}d}d}	d}
n|jjdkr�d}d}d}d}	d}
nL|jjdkr�d}d}d}d}	d }
nd!j
|jj�ifS|d"d#}d+i|d6d$d6|d6id%d
6|
d&6tt||j��d'6tt||j��d(6d
6|d6|	d)6fSd*j
t|��ifSd+S(,sj
    Parses an RSA or Elliptic Curve key file in PEM format and returns a pair
    (error, key_data).
    tpasswordtbackendserror while loading key: {0}tkey_objR[RaRbRcRdReR+RfRgRhRit	secp256r1iRki sP-256Rli�RmRni0sP-384Roi	RpRqiBsP-521sunknown elliptic curve: {0}iiR\RrRsRtRuRvsunknown key type "{0}"N(R;R,Rtcryptographythazmatt
primitivest
serializationtload_pem_private_keyt_cryptography_backendR&R't
isinstancet
asymmetricR[t
RSAPrivateKeyt
public_keytpublic_numbersR!R�R�R+RfR\tEllipticCurvePrivateKeyR�tnameRtRuRa(RR`R�tkeyR+tpkR�RcR�RvR�R�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt_parse_key_cryptographyMsh("&			c
C`s�dj||�jd�}t|dtjjjjj�r�tjjjj	j
�}tjjjj}|dj
|||��}n-t|dtjjjjj�r�|ddkr�tjjjj}nJ|ddkr�tjjjj}n%|ddkrtjjjj}ntjjjjj|��}tjjjjj|dj
||��\}	}
t|	d|d	�}t|
d|d	�}tj|�tj|�}ni|d
6|d6t|�d6S(
Ns{0}.{1}RR�RiRhRnRqiRvR�R�R�(R'RxR�R�R�R�R�R[R�tpaddingtPKCS1v15thashestSHA256tsignR\R�tSHA384tSHA512tECDSAtutilstdecode_dss_signatureR�R�R�R!(
RR�R�R�R�R�R�R�tecdsaR#tstrrtss((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt_sign_request_cryptography�s*""1cC`s�|ddkr4tdd|d|df��nd|dkoOdknr[|s�d|dkovdknr�|s�|ddkr�|r�td	j|d|d|���ndS(
NtstatusiR
sFailure downloading %s, %sturli,i�i�s3ACME request failed: CODE: {0} MGS: {1} RESULT: {2}(R
R'(tresponsetinfotallow_redirecttallow_client_errortallow_server_error((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt_assert_fetch_url_success�s$''t
ACMEDirectorycB`s,eZdZd�Zd�Zdd�ZRS(s5
    The ACME server directory. Gives access to the available resources,
    and allows to obtain a Replay-Nonce. The acme_directory URL
    needs to support unauthenticated GET requests; ACME endpoints
    requiring authentication are not supported.
    https://tools.ietf.org/html/rfc8555#section-7.1.1
    cC`s�||_|jd|_|jd|_|j|jdt�\|_}|jdkr�x/dD]$}||jkr`td��q`q`Wn|jd	kr�x/dD]$}||jkr�td
��q�q�WndS(Ntacme_directorytacme_versiontget_onlyisnew-regs	new-authzsnew-certs7ACME directory does not seem to follow protocol ACME v1itnewNoncet
newAccounttnewOrders7ACME directory does not seem to follow protocol ACME v2(snew-regs	new-authzsnew-cert(R�R�R�(Rtparamstdirectory_roottversiontget_requestREt	directoryR
(RRtaccountRLR�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR�s	!

cC`s|j|S(N(R�(RR�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt__getitem__�scC`s�|jdkr|jn
|jd}|dk	r:|}nt|j|dd�\}}|dd
kr�tdj|d���n|d	S(NiR�tmethodtHEADR�i�i�s*Failed to get replay-nonce, got status {0}sreplay-nonce(i�i�(R�R�R�R;RRR
R'(RtresourceR�RLR�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt	get_nonce�s%	N(RRRRR�R;R�(((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR��s		tACMEAccountcB`s�eZdZd�Zd�Zd
d
d�Zed�Zd
d�Z	d
d
eed�Z
ed
eed�Zd�Z
d
d
eed	�Zd
�Zd
d
eeed�Zd
d�ZRS(s�
    ACME account object. Handles the authorized communication with the
    ACME server. Provides access to account bound information like
    the currently active authorizations and valid certificates
    cC`s0t|_||_|jd|_|jd|_|jd|_|jjd�pWd|_	|j
dt�|_|jdk	s�|jdk	r|j
|j|j�\}|_|r�td|��n|jd|_i|jdd6|jd6|_|j	r|j|j	�qnt||�|_dS(	NR�taccount_key_srctaccount_key_contenttaccount_uritopenssls#error while parsing account key: %sRgRc(R1t_debugRR�R�R�R�tgetR;turitget_bin_pathREt_openssl_bint	parse_keyR�R
Rgt
jws_headertset_account_uriR�R�(RRterror((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR�s$		!	cC`sRtj|jdtdd�}ttj|jd��j��}dj	||�S(s{
        Returns the key authorization for the given token
        https://tools.ietf.org/html/rfc8555#section-8.1
        t	sort_keyst
separatorst,t:Rs{0}.{1}(RR(
tjsontdumpsRgRER!thashlibRhRxtdigestR'(Rttokentaccountkey_jsont
thumbprint((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pytget_keyauthorizations$cC`s]|dkr'|dkr'td��ntr@t|j||�St|j|j||�SdS(sv
        Parses an RSA or Elliptic Curve key file in PEM format and returns a pair
        (error, key_data).
        s2One of key_file and key_content must be specified!N(R;tAssertionErrortHAS_CURRENT_CRYPTOGRAPHYR�RR�R�(RR`R�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR�
s
cC`s�yp|dkrd}n6|r<|jj|�jd�}ntt|��}t|jj|�jd��}Wn(tk
r�}tdj|���nXt	r�t
|j|||�St|j|j|||�SdS(NRRs/Failed to encode payload / headers as JSON: {0}(
R;RtjsonifyRxR!RR&R
R'R
R�R�R�(RR�R�R�tencode_payloadR�R�R+((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pytsign_requests	%cC`s�|jr�tdd��~}|jdjtjj�jd�|�jd��|d
k	r�|jdjt	j
|ddd	t��jd��nWd
QXnd
S(sF
        Write arguments to acme.log when logging is enabled.
        sacme.logtabs
[{0}] {1}
s%Y-%m-%d %H:%M:%S.%ssutf-8s{0}

tindentiRN(R�R$R6R'tdatetimetnowtstrftimeRxR;RRRE(RR
R R*((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt_log,s
	4cC`s�|p|j}|p|j}d}x�tr�tj|�}|jj�|d<|jdkrk||d<n|jd|�|jd|�|jd|�|j	|||d|�}	|jdkr|j�|	d	<x3|j
�D]"\}
}|	d	j|
d�}q�Wn|jd
|	�|j
j|	�}	idd6}
t|j
|d
|	d|
dd�\}}t||�i}y|j�}Wn#tk
r�|jdd�}nX|s�|r�|r�|djd�s�d|dko�dknr�y�|j
j|jd��}|jd|�d|dko<dknrr|jd�dkrr|dkrr|d7}w'n|r�|}n|}Wq�tk
r�tdj||���q�Xq�|}n||fSWdS(s#
        Sends a JWS signed HTTP POST request to the ACME server and returns
        the response as dictionary
        https://tools.ietf.org/html/rfc8555#section-6.2

        If payload is None, a POST-as-GET is performed.
        (https://tools.ietf.org/html/rfc8555#section-6.3)
        itnonceiR�tURLR�R�Rtheaderssigned requestsapplication/jose+jsonsContent-TypeR theadersR�tPOSTtbodyscontent-typesapplication/jsoni�R�iXRs
parsed resultRas#urn:ietf:params:acme:error:badNonceis*Failed to parse the ACME response: {0} {1}N(R�R�REtcopytdeepcopyR�R�R�RRtitemstpopR;RRRR�R%tAttributeErrorRQt	from_jsonRR�t
ValueErrorR
R'(RR�R�R�R�tparse_json_resultRtfailed_triesR�R tktvthvRtrespR�tresultRGtdecoded_result((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pytsend_signed_request6sX		

*


9 
	

	c
C`s�|rP|jdkrP|j|ddt�\}}|ddkrVt}qVnt}|r�t|j|ddd|�\}}t||�y|j�}Wq�t	k
r�|j
dd�}q�Xn|rEi}	|rK|d	jd
�r9y|jj|j
d��}	Wq?tk
r5tdj||���q?XqB|}	qKn|}	|r�|dd
ksq|ddkr�tdj|d|	���n|	|fS(s�
        Perform a GET-like request. Will try POST-as-GET for ACMEv2, with fallback
        to GET if server replies with a status code of 405.
        iR$R�i�R�tGETRRscontent-typesapplication/jsonRs*Failed to parse the ACME response: {0} {1}i�i�s*ACME request failed: CODE: {0} RESULT: {1}N(R�R,R;R1RERRR�R%R!R RQR"RR#R
R'(
RR�R$RR�t
fail_on_errorRGR�R)R*((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR�us2$


&cC`s?||_|jdkr;|jjd�|j|jd<ndS(sg
        Set account URI. For ACME v2, it needs to be used to sending signed
        requests.
        iRgtkidN(R�R�R�R (RR�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR��s	c	
C`sE|p	g}|jdkrgidd6|d6}|rB||d<n|jdd|d<|jd}n@i|d6}|s�t|d<n|r�t|d	<n|jd
}|j||�\}}|d|jdkr�dd
gnd
gkrd|kr
|j|d�nt|fS|d|jdkr3dndkr�|jd�dkrp|satdfStd��nd|kr�|j|d�nt|fS|ddkr�|ddkr�|r�tdfS|ddkr%|ddkr%d|jd�pdkr%|stdfStd��ntdj	|d|���dS(s�
        Registers a new ACME account. Returns a pair ``(created, data)``.
        Here, ``created`` is ``True`` if the account was created and
        ``False`` if it already existed (e.g. it was not newly created),
        or does not exist. In case the account was created or exists,
        ``data`` contains the account data; otherwise, it is ``None``.
        https://tools.ietf.org/html/rfc8555#section-7.3
        isnew-regR�tcontactt	agreementtmetasterms-of-servicetonlyReturnExistingttermsOfServiceAgreedR�R�i�i�tlocationi�tdeactivatedsAccount is deactivatedi�Ras.urn:ietf:params:acme:error:accountDoesNotExisti�s'urn:ietf:params:acme:error:unauthorizedtdetailRsError registering: {0} {1}N(
R�R�RER,R�R�R1R;R
R'(	RR0R1tterms_agreedtallow_creationtnew_regR�R*R�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt_new_reg�sH	





.
%

'
;
c	C`s`|jdkrtd��n|jdkr[i}d|d<|j|j|�\}}njd}|j|j|�\}}|ddkr�|jd�dkr�i}|j|j|�\}}n|ddkr�|jd�d
kr�dS|ddkr|jd�dkrdS|dd
ks7|ddkr\tdj|d||j���n|S(s�
        Retrieve account information. Can only be called when the account
        URI is already known (such as after calling setup_account).
        Return None if the account was deactivated, or a dict otherwise.
        sAccount URI unknownitregR�R�i�Ras$urn:ietf:params:acme:error:malformedi�s'urn:ietf:params:acme:error:unauthorizedi�s.urn:ietf:params:acme:error:accountDoesNotExisti�i,s,Error getting account data from {2}: {0} {1}N(i�i�(i�i�(R�R;R
R�R,R�R'(RR R*R�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pytget_account_data�s$
%%% %c	C`s�|jdk	rXt}|j�}|dkr�|rF|rFd|_qUtd��q�nq|j|d|d|d|o�|jj�\}}|jjr�|jdkr�|r�t}i|p�gd6}n||fS(s�
        Detect or create an account on the ACME server. For ACME v1,
        as the only way (without knowing an account URI) to test if an
        account exists is to try and create one with the provided account
        key, this method will always result in an account being present
        (except on error situations). For ACME v2, a new account will
        only be created if ``allow_creation`` is set to True.

        For ACME v2, ``check_mode`` is fully respected. For ACME v1, the
        account might be created if it does not yet exist.

        Return a pair ``(created, account_data)``. Here, ``created`` will
        be ``True`` in case the account was created or would be created
        (check mode). ``account_data`` will be the current account data,
        or ``None`` if the account does not exist.

        The account URI will be stored in ``self.uri``; if it is ``None``,
        the account does not exist.

        https://tools.ietf.org/html/rfc8555#section-7.3
        s)Account is deactivated or does not exist!R1R8R9R0N(	R�R;R1R=R
R;Rt
check_modeRE(RR0R1R8R9t remove_account_uri_if_not_existstcreatedtaccount_data((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt
setup_accounts"
!cC`s�i}|dk	r=|jdg�|kr=t|�|d<n|sStt|�fS|jjr{t|�}|j|�n7|jdkr�d|d<n|j	|j
|�\}}t|fS(s�
        Update an account on the ACME server. Check mode is fully respected.

        The current account data must be provided as ``account_data``.

        Return a pair ``(updated, account_data)``, where ``updated`` is
        ``True`` in case something changed (contact info updated) or
        would be changed (check mode), and ``account_data`` the updated
        account data.

        https://tools.ietf.org/html/rfc8555#section-7.3.2
        R0iR<R�N(R;R�tlistR1tdictRR>tupdateR�R,R�RE(RRAR0tupdate_requestRL((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pytupdate_account>s$
N(RRRRRR;R�RERRR,R1R�R�R;R=RBRG(((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyR��s			
?,	
E	/cC`s9y ttjt|��j�SWntk
r4|SXdS(N(Rtcompat_ipaddresst
ip_addressRt
compressedR#(tip((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt
_normalize_ip_s 
c
C`s�|dd|ddg}|j|dt�\}}}tg�}tjdt|dd��}|dk	r�|jd	|jd
�f�ntjdt|dd�tj	tj
B�}|dk	r�x�|jd
�jd�D]�}	|	j�j
d
�r|jd	|	df�q�|	j�j
d�rE|jdt|	d�f�q�|	j�j
d�rz|jdt|	d�f�q�tdj|	���q�Wn|S(s�
    Return a set of requested identifiers (CN and SANs) for the CSR.
    Each identifier is a pair (type, identifier), where type is either
    'dns' or 'ip'.
    treqs-ins-noouts-textR]sSubject:.* CN\s?=\s?([^\s,;/]+)R^R_tdnsis<X509v3 Subject Alternative Name: (?:critical)?\n +([^\n]+)\ns, sdns:isip:RKisip address:is&Found unsupported SAN identifier "{0}"N(R}REtsetRyR~RR;taddR{RR�tsplitR|RQRLR
R'(
R�Rtcsr_filenametopenssl_csr_cmdRLR�tidentifierstcommon_nametsubject_alt_namestsan((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pytopenssl_get_csr_identifiersgs&"  cC`s-tg�}tjjt|�t�}xE|jD]:}|jtjjjj	kr1|j
d|jf�q1q1Wx�|jD]�}|jtjjj
jkryx�|jD]z}t|tjj�r�|j
d|jf�q�t|tjj�r	|j
d|jjf�q�tdj|���q�WqyqyW|S(s�
    Return a set of requested identifiers (CN and SANs) for the CSR.
    Each identifier is a pair (type, identifier), where type is either
    'dns' or 'ip'.
    RNRKs$Found unsupported SAN identifier {0}(ROR�tx509tload_pem_x509_csrR,R�tsubjecttoidtNameOIDtCOMMON_NAMERPtvaluet
extensionstExtensionOIDtSUBJECT_ALTERNATIVE_NAMER�tDNSNamet	IPAddressRJR
R'(RRRRTtcsrR�t	extensionR�((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt cryptography_get_csr_identifiers�s cC`s�tjj|�sdSytjjt|�t�}Wn+tk
rb}t	dj
||���nX|dkr�tjj
�}n|j|jS(s�
    Return the days the certificate in cert_file remains valid and -1
    if the file was not found. If cert_file contains more than one
    certificate, only the first one will be considered.
    i����s!Cannot parse certificate {0}: {1}N(R4R<R=R�RYtload_pem_x509_certificateR,R�R&R
R'R;RRtnot_valid_aftertdays(Rt	cert_fileRtcertR+((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pytcryptography_get_cert_days�scC`s�|jd}|dkrnt|dkr1tan_|dkrwytjWn#tk
rm}|jdd�nXtan|jddj|��tr�|j	djt
��n
|j	d	�d
S(s�
    Sets which crypto backend to use (default: auto detection).

    Does not care whether a new enough cryptoraphy is available or not. Must
    be called before any real stuff is done which might evaluate
    ``HAS_CURRENT_CRYPTOGRAPHY``.
    tselect_crypto_backendtautoR�R�R
s Cannot find cryptography module!sUnknown crypto backend "{0}"!s0Using cryptography backend (library version {0})sUsing OpenSSL binary backendN(R�R1R
R�t__version__R&RRER'tdebugtCRYPTOGRAPHY_VERSION(RR�RL((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pytset_crypto_backend�s

		cC`sSd|krO|d}x6tjd|�D]\}}|t|�|�q)WndS(si
    Process link header, calls callback for every link header with the URL and relation as options.
    tlinks<([^>]+)>;\s*rel="(\w+)"N(RyR�R(R�tcallbackRtR�trelation((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt
process_links�s
(Lt
__future__RRRRat
__metaclass__RR�RRRRR4RyRCtsysR2R9tansible.module_utils._textRRRtansible.module_utils.urlsRtansible.module_utils.compatRRHt+ansible.module_utils.six.moves.urllib.parseRR�tcryptography.hazmat.backendst,cryptography.hazmat.primitives.serializationt-cryptography.hazmat.primitives.asymmetric.rsat,cryptography.hazmat.primitives.asymmetric.ect1cryptography.hazmat.primitives.asymmetric.paddingt%cryptography.hazmat.primitives.hashest/cryptography.hazmat.primitives.asymmetric.utilstcryptography.x509tcryptography.x509.oidtdistutils.versionR	RpRrR
R�tbackendstdefault_backendR�R&RLR1R
R!R,RORZR;R�R�tversion_infoR�R�R�R�R�RER�tobjectR�R�RLRXRgRmRsRw(((s=/usr/lib/python2.7/site-packages/ansible/module_utils/acme.pyt<module>
sz	

			:	l						F	
'��				

Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]