|
Server : Apache/2.4.41 (Ubuntu) System : Linux vmi1525618.contaboserver.net 5.4.0-105-generic #119-Ubuntu SMP Mon Mar 7 18:49:24 UTC 2022 x86_64 User : www-data ( 33) PHP Version : 8.2.12 Disable Function : NONE Directory : /lib/python3/dist-packages/certbot/__pycache__/ |
Upload File : |
U
�����]
<����������������������@���s:��d�Z�ddlZddlZddlZddlZddlZddlZddlm Z �ddl
m
Z
�ddl
m
Z
�ddl
m
Z
�ddl
mZ�ddl
mZ�dd l
mZ�dd
lmZ�dd lmZ�e�e�Zd
d
��Zd
d��Zdd��Zdd��Zdd��Z
dd��Z
dd��Z
dd��Z dd
��Z d
d
��Z!d d ��Z"d.d"d#�Z#d/d$d%�Z$d&d'��Z%d(d)��Z&d*d+��Z'd,d-��Z(dS�)0z Tools for managing certificates.�����N)�List)�
crypto_util)�errors)�
interfaces)�ocsp)�storage)�util)�osc�����������������C���s$���t��|��D�]}t�j||�dd��q
dS�)a`��Update the certificate file family symlinks to use archive_dir.
Use the information in the config file to make symlinks point to
the correct archive directory.
.. note:: This assumes that the installation is using a Reverter object.
:param config: Configuration.
:type config: :class:`certbot.configuration.NamespaceConfig`
T)Zupdate_symlinksN)r����renewal_conf_files�
RenewableCert)�config�
renewal_file��r����6/usr/lib/python3/dist-packages/certbot/cert_manager.py�update_live_symlinks���s����
r���c�����������������C���s����t�j�tj�}t|�d�d�}|�j}|sX|jd�|�ddd�\}}|t j
ksN|sXt
�
d��t
|�|�}|svt
�d�|���t�|||���|jd �||�d
d
��d
S�)
z�Rename the specified lineage to the new name.
:param config: Configuration.
:type config: :class:`certbot.configuration.NamespaceConfig`
�renamer���z&Enter the new name for certificate {0}z--updated-cert-nameT)�flag�force_interactive�User ended interaction.z,No existing certificate with name {0} found.z Successfully renamed {0} to {1}.F��pauseN)�zope� component�
getUtilityr����IDisplay�
get_certnames�
new_certname�input�format�
display_util�OKr����Error�lineage_for_certnameZConfigurationErrorr���Zrename_renewal_config�
notification)r
����disp�certnamer
����code�lineager���r���r����rename_lineage*���s.������
����r(���c��������������
���C���s����g�}g�}t��|��D�]t}z$t��||��}t�|��|�|��W�q�tk
r��}�z,t�d||��t� dt
�
����|�|��W�5�d}~X�Y�qX�qt
|�||��dS�)z�Display information about certs configured with Certbot
:param config: Configuration.
:type config: :class:`certbot.configuration.NamespaceConfig`
zIRenewal configuration file %s produced an unexpected error: %s. Skipping.�Traceback was:
%sN)
r���r
���r
���r���Zverify_renewable_cert�append� Exception�loggerZwarning�debug� traceback�
format_exc�_describe_certs)r
����
parsed_certs�parse_failuresr
���Zrenewal_candidate�er���r���r����
certificatesE���s
����
��
r4���c�����������������C���sJ���t�|�ddd�}|D�]2}t�|�|��tj�tj�}|jd� |�dd��qdS�)z;Delete Certbot files associated with a certificate lineage.�deleteT)�allow_multiplez.Deleted all files relating to certificate {0}.Fr���N)
r���r���Z
delete_filesr���r���r���r���r���r#���r
���)r
���� certnamesr%���r$���r���r���r���r5���[���s����
��r5���c�������������� ���C���s����|�j�}tj|dd��zt�|�|�}W�n�tjk
r<���Y�dS�X�zt�||��W�S��tjtfk
r����t �
d|��t �
dt
�
����Y�dS�X�dS�)z)Find a lineage object with name certname.������modeNz Renewal conf file %s is broken.r)���)
�renewal_configs_dirr����make_or_verify_dirr���Zrenewal_file_for_certnamer����CertStorageErrorr
����IOErrorr,���r-���r.���r/���)�
cli_configr%����
configs_dirr
���r���r���r���r"���h���s����
r"���c�����������������C���s���t�|�|�}|r|���S�dS�)z0Find the domains in the cert with name certname.N)r"����names)r
���r%���r'���r���r���r����domains_for_certnamex���s����
rB���c��������������������s�����fdd�}t�|�|d�S�)a~��Find existing certs that match the given domain names.
This function searches for certificates whose domains are equal to
the `domains` parameter and certificates whose domains are a subset
of the domains in the `domains` parameter. If multiple certificates
are found whose names are a subset of `domains`, the one whose names
are the largest subset of `domains` is returned.
If multiple certificates' domains are an exact match or equally
sized subsets, which matching certificates are returned is
undefined.
:param config: Configuration.
:type config: :class:`certbot.configuration.NamespaceConfig`
:param domains: List of domain names
:type domains: `list` of `str`
:returns: lineages representing the identically matching cert and the
largest subset if they exist
:rtype: `tuple` of `storage.RenewableCert` or `None`
c��������������������sb���|\}}t�|�����}|t����kr&|�}n4|�t�����rZ|dkrB|�}nt|�t|����krZ|�}||fS�)zsReturn cert as identical_names_cert if it matches,
or subset_names_cert if it matches as subset
N)�setrA����issubset�len)�candidate_lineage�rvZidentical_names_certZsubset_names_certZcandidate_names��domainsr���r���� update_certs_for_domain_matches����s����
z?find_duplicative_certs.<locals>.update_certs_for_domain_matches)NN)�_search_lineages)r
���rI���rJ���r���rH���r����find_duplicative_certs}���s����
rL���c��������������������s,���|�j������fdd�t����D��}|r(|S�dS�)aJ�� In order to match things like:
/etc/letsencrypt/archive/example.com/chain1.pem.
Anonymous functions which call this function are eventually passed (in a list) to
`match_and_check_overlaps` to help specify the acceptable_matches.
:param `.storage.RenewableCert` candidate_lineage: Lineage whose archive dir is to
be searched.
:param str filetype: main file name prefix e.g. "fullchain" or "chain".
:returns: Files in candidate_lineage's archive dir that match the provided filetype.
:rtype: list of str or None
c��������������������s,���g�|�]$}t��d����|�rtj���|��qS�)z
{0}[0-9]*.pem)�re�matchr
���r ����path�join)�.0�f��
archive_dir�filetyper���r����
<listcomp>����s�����z"_archive_files.<locals>.<listcomp>N)rT���r ����listdir)rF���rU����patternr���rS���r����_archive_files����s
����rY���c�������������������C���s
���dd��dd��dd��dd��gS�)z� Generates the list that's passed to match_and_check_overlaps. Is its own function to
make unit testing easier.
:returns: list of functions
:rtype: list
c�����������������S���s���|�j�S��N)Zfullchain_path��xr���r���r����<lambda>���������z%_acceptable_matches.<locals>.<lambda>c�����������������S���s���|�j�S�rZ����� cert_pathr[���r���r���r���r]�������r^���c�����������������S���s
���t�|�d�S�)N�cert�rY���r[���r���r���r���r]�������r^���c�����������������S���s
���t�|�d�S�)N� fullchainrb���r[���r���r���r���r]�������r^���r���r���r���r���r����_acceptable_matches����s����
��rd���c��������������������s(���t���}t��|��fdd�dd���}|d�S�)a��� If config.cert_path is defined, try to find an appropriate value for config.certname.
:param `configuration.NamespaceConfig` cli_config: parsed command line arguments
:returns: a lineage name
:rtype: str
:raises `errors.Error`: If the specified cert path can't be matched to a lineage name.
:raises `errors.OverlappingMatchFound`: If the matched lineage's archive is shared.
c��������������������s
�����j�d�S�)Nr���r_���r[����r?���r���r���r]�������r^���z&cert_path_to_lineage.<locals>.<lambda>c�����������������S���s���|�j�S�rZ���)�
lineagenamer[���r���r���r���r]�������r^���r���)rd����match_and_check_overlaps)r?����acceptable_matchesrN���r���re���r����cert_path_to_lineage����s
����
��ri���c��������������������sV������fdd�}t�|�|g�|�}|s8t�d�|�jd����nt|�dkrNt����n|S�dS�)a�� Searches through all lineages for a match, and checks for duplicates.
If a duplicate is found, an error is raised, as performing operations on lineages
that have their properties incorrectly duplicated elsewhere is probably a bad idea.
:param `configuration.NamespaceConfig` cli_config: parsed command line arguments
:param list acceptable_matches: a list of functions that specify acceptable matches
:param function match_func: specifies what to match
:param function rv_func: specifies what to return
c��������������������s`�����fdd�|D��}g�}|D�]"}t�|t�r2||7�}q|�|��q����}||kr\|�������|S�)z1Returns a list of matches using _search_lineages.c��������������������s���g�|�]
}|����qS�r���r���)rQ����func�rF���r���r���rV�������s�����zBmatch_and_check_overlaps.<locals>.find_matches.<locals>.<listcomp>)�
isinstance�listr*���)rF���Z
return_valuerh���Zacceptable_matches_rv�itemrN�����
match_func�rv_funcrk���r����
find_matches����s����
z.match_and_check_overlaps.<locals>.find_matchesz!No match found for cert-path {0}!r�������N)rK���r���r!���r
���r`���rE���ZOverlappingMatchFound)r?���rh���rp���rq���rr���Zmatchedr���ro���r���rg�������s����
rg���Fc�����������
��� ���C���s*��g�}t����}|�jr&|j|�jkr&|s&dS�|�jrDt|�j��|����sDdS�tj �
t
j
�
���}g�}|j
rj|�d��|j|kr�|�d��n|�|�r�|�d��|r�dd�|��}nB|j|�}|jdkr�d}n(|jdk�r�d �|jd
��}n
d
�|j�}d
�|j|�} |�d
�|jd�|����| |j|j���d�|�S�)zJ Returns a human readable description of info about a RenewableCert object��Z TEST_CERTZEXPIREDZREVOKEDz INVALID: z, rs���z
VALID: 1 dayzVALID: {0} hour(s)i��zVALID: {0} daysz {0} ({1})zq Certificate Name: {0}
Domains: {1}
Expiry Date: {2}
Certificate Path: {3}
Private Key Path: {4}� )r���ZRevocationCheckerr%���rf���rI���rC���rD���rA����pytzZUTCZfromutc�datetimeZutcnowZ
is_test_certr*���Z
target_expiryZ
ocsp_revokedrP���Zdaysr
���Zsecondsrc���Zprivkey)
r
���ra���Zskip_filter_checks�certinfoZcheckerZnowZreasonsZstatusZdiffZ
valid_stringr���r���r����human_readable_cert_info����s>����
�
ry���c�����������
������C���s����|�j�}|r|g}n�tj�tj�}t�|��}dd��|D��}|sFt� d��|r�|sZd�
|�} n|} |j
| |ddd�\}
}|
t
j
kr�t� d��nZ|s�d �
|�} n|} |j| |ddd�\}
}
|
t
j
ks�|
td
t|��kr�t� d��||
�g}|S�)
z9Get certname from flag, interactively, or error out.
c�����������������S���s���g�|�]}t��|��qS�r���)r���Zlineagename_for_filename)rQ����namer���r���r���rV���-��s�����z!get_certnames.<locals>.<listcomp>z No existing certificates found.z+Which certificate(s) would you like to {0}?z
--cert-nameT)Zcli_flagr���r���z(Which certificate would you like to {0}?r���)r%���r���r���r���r���r���r���r
���r���r!���r
���Z checklistr ���r ���Zmenu�rangerE���)
r
���Zverbr6���Z
custom_promptr%���r7���r$���� filenames�choices�promptr&����indexr���r���r���r���$��sB����
����
����
r���c�����������������C���s���dd��dd��|�D����S�)zFFormat a results report for a category of single-line renewal outcomesz z
c�����������������s���s���|�]}t�|�V��qd�S�rZ���)�str)rQ����msgr���r���r���� <genexpr>M��s�����z _report_lines.<locals>.<genexpr>)rP���)Zmsgsr���r���r����
_report_linesK��s����r����c�����������������C���s(���g�}|D�]}|��t|�|���qd�|�S�)z)Format a results report for a parsed cert�
)r*���ry���rP���)r
���r1���rx���ra���r���r���r����_report_human_readableO��s����r����c�����������������C���s����g�}|j�}|s
|s
|d��nL|rP|�js,|�jr0dnd}|d�|���|t|�|���|rh|d��|t|���tj�t j
�}|j
d�
|�ddd��d S�)
z/Print information about the certs we know aboutzNo certs found.z matching rt���z
Found the following {0}certs:z3
The following renewal configurations were invalid:r����F)r���ZwrapN)
r*���r%���rI���r
���r����r����r���r���r���r���r���r#���rP���)r
���r1���r2����outZnotifyrN���r$���r���r���r���r0���V��s����
r0���c��������������
���G���s����|�j�}tj|dd��|}t�|��D�]`}zt�||��}W�n:�tjtfk
rp���t �
d|��t �
dt
�
����Y�q"Y�nX�|||f|���}q"|S�)a���Iterate func over unbroken lineages, allowing custom return conditions.
Allows flexible customization of return values, including multiple
return values and complex checks.
:param `configuration.NamespaceConfig` cli_config: parsed command line arguments
:param function func: function used while searching over lineages
:param initial_rv: initial return value of the function (any type)
:returns: Whatever was specified by `func` if a match is found.
r8���r9���z)Renewal conf file %s is broken. Skipping.r)���)
r;���r���r<���r���r
���r
���r���r=���r>���r,���r-���r.���r/���)r?���rj���Z
initial_rv�argsr@���rG���r
���rF���r���r���r���rK���k��s����
rK���)F)FN))�__doc__rw���ZloggingrM���r.���rv���Zzope.componentr���Zacme.magic_typingr���Zcertbotr���r���r���r���r���r���Zcertbot.compatr ���Zcertbot.displayr ���Z getLogger�__name__r,���r���r(���r4���r5���r"���rB���rL���rY���rd���ri���rg���ry���r���r����r����r0���rK���r���r���r���r����<module>���sB���
,
!
+
'