|
Server : Apache/2.4.41 (Ubuntu) System : Linux vmi1525618.contaboserver.net 5.4.0-105-generic #119-Ubuntu SMP Mon Mar 7 18:49:24 UTC 2022 x86_64 User : www-data ( 33) PHP Version : 8.2.12 Disable Function : NONE Directory : /lib/python3/dist-packages/certbot/__pycache__/ |
Upload File : |
U
����e�_�S�������������������
���@���s���d�Z�ddlmZ�ddlZddlZddlZddlZddlZddlZddl Z ddl
Z
ddl
Z
ddl
Z
ddlmZ�ddlmZ�ddlmZ�ddlmZ�ddlmZ�dd lmZ�dd
lmZ�dd
lmZ�dd
lmZ�dd
lmZ�ddlmZ�ddl
m
Z
�e� e �Z!ddddddddddddg
Z"d
d
gZ#d
d d d!gZ$e%e�&e$e#e"d"��Z'd#d$��Z(d%d&��Z)d'd(��Z*d)d*��Z+d+d,��Z,d-d.��Z-d/d0��Z.d1d2��Z/d3d4��Z0d5d6��Z1d7d8��Z2d9d:��Z3d;d<��Z4d=d>��Z5dS�)?zGFunctionality for autorenewal and associated juggling of configurations�����)�print_functionN)�List)�cli)� constants)�
crypto_util)�errors)�hooks)�
interfaces)�storage)�updater)�util)�os)�discoZ
config_dirZlogs_dirZwork_dirZ
user_agent�serverZaccount�
authenticator� installer�
renew_hook�pre_hook� post_hookZhttp01_addressZ
rsa_key_size�
http01_portZ
must_stapleZallow_subset_of_names� reuse_keyZ autorenew)�
pref_challsc��������������
���C���sX��zt��||��}W�nF�tjtfk
rV���tjddd��t�d|��t�dt� ����Y�dS�X�d|j
krrt�d|��dS�|j
d�}d |kr�t�d
|��dS�zt
|�|��t
|�|��W�nR�t
tjfk
��r��}�z,t�d
|t|���t�dt� ����W�Y��dS�d}~X�Y�nX�zd
d
��|���D��|�_W�n:�tjk
�rR�}�zt�d||��W�Y��dS�d}~X�Y�nX�|S�)a���Try to instantiate a RenewableCert, updating config with relevant items.
This is specifically for use in renewal and enforces several checks
and policies to ensure that we can try to proceed with the renewal
request. The config argument is modified by including relevant options
read from the renewal configuration file.
:param configuration.NamespaceConfig config: configuration for the
current lineage
:param str full_path: Absolute path to the configuration file that
defines this lineage
:returns: the RenewableCert object or None if a fatal error occurred
:rtype: `storage.RenewableCert` or NoneType
��T)�exc_infoz2Renewal configuration file %s is broken. Skipping.�Traceback was:
%sN�
renewalparamsz<Renewal configuration file %s lacks renewalparams. Skipping.r���zJRenewal configuration file %s does not specify an authenticator. Skipping.zHAn error occurred while parsing %s. The error was %s. Skipping the file.c�����������������S���s���g�|�]}t��|��qS���)r
���Zenforce_domain_sanity)�.0�dr
���r
����1/usr/lib/python3/dist-packages/certbot/renewal.py�
<listcomp>]���s����z!_reconstitute.<locals>.<listcomp>ztRenewal configuration file %s references a cert that contains an invalid domain name. The problem was: %s. Skipping.)r
���Z
RenewableCertr���ZCertStorageError�IOError�logger�warning�debug� traceback�
format_exc�
configuration� restore_required_config_elements�_restore_plugin_configs�
ValueError�Error�str�names�domainsZConfigurationError)�config� full_path�renewal_candidater����errorr
���r
���r ����
_reconstitute/���sP����
�
�
���
��r3���c�����������������C���sR���d|kr
t��d�s
|d�|�_d|krNt��d�sN|d�}t|tj�rH|g}||�_dS�)z�
webroot_map is, uniquely, a dict, and the general-purpose configuration
restoring logic is not able to correctly parse it from the serialized
form.
�
webroot_map�
webroot_pathN)r����
set_by_clir4����
isinstance�six�
string_typesr5���)r/���r���Zwpr
���r
���r ����_restore_webroot_configh���s����
r:���c�����������������C���s����g�}|d�dkr
t�|�|��n|�|d���|�d�dk rF|�|d���t|�D�]p}|�dd�}t�|�D�]T\}}|�|d��rht� |�sh|dkr�t
|�|t
|���qht�
|�}t
|�|||���qhqNdS�)a��Sets plugin specific values in config from renewalparams
:param configuration.NamespaceConfig config: configuration for the
current lineage
:param configobj.Section renewalparams: Parameters from the renewal
configuration file that defines this lineage
r���Zwebrootr���N�-�_)�None�True�False)
r:����append�get�set�replacer8���Z iteritems�
startswithr���r6����setattr�evalZ
argparse_type)r/���r���Zplugin_prefixesZ
plugin_prefixZ
config_itemZ
config_value�castr
���r
���r ���r)���y���s
����
r)���c��������������
���C���s����t��dtfftj�tt��t��tj�t t��t
��tj�t
t��t
���}|D�]4\}}||krJt
�|�sJ||||��}t|�||��qJdS�)a ��Sets non-plugin specific values in config from renewalparams
:param configuration.NamespaceConfig config: configuration for the
current lineage
:param configobj.Section renewalparams: parameters from the renewal
configuration file that defines this lineage
r���N)� itertools�chain�_restore_pref_challsr8���Zmoves�zip�BOOL_CONFIG_ITEMS�repeat�
_restore_bool�INT_CONFIG_ITEMS�
_restore_int�STR_CONFIG_ITEMS�
_restore_strr���r6���rE���)r/���r���Zrequired_itemsZ item_nameZ
restore_func�valuer
���r
���r ���r(�������s����
�
r(���c�����������������C���s ���t�|tj�r|gn|}t�|�S�)a���Restores preferred challenges from a renewal config file.
If value is a `str`, it should be a single challenge type.
:param str unused_name: option name
:param value: option value
:type value: `list` of `str` or `str`
:returns: converted option value to be stored in the runtime config
:rtype: `list` of `str`
:raises errors.Error: if value can't be converted to an bool
)r7���r8���r9���r���Zparse_preferred_challenges)Z
unused_namerS���r
���r
���r ���rJ�������s����rJ���c�����������������C���s*���|����}|dkr"t�d�|�|���|dkS�)a%��Restores an boolean key-value pair from a renewal config file.
:param str name: option name
:param str value: option value
:returns: converted option value to be stored in the runtime config
:rtype: bool
:raises errors.Error: if value can't be converted to an bool
)�trueZfalsez,Expected True or False for {0} but found {1}rT���)�lowerr���r+����format)�namerS���Zlowercase_valuer
���r
���r ���rN�������s
����
�rN���c�����������������C���sX���|�dkr$|dkr$t��d��t�d�S�z
t|�W�S��tk
rR���t�d�|����Y�nX�dS�)a#��Restores an integer key-value pair from a renewal config file.
:param str name: option name
:param str value: option value
:returns: converted option value to be stored in the runtime config
:rtype: int
:raises errors.Error: if value can't be converted to an int
r���r=���z!updating legacy http01_port valuez Expected a numeric value for {0}N) r"����infor����
flag_default�intr*���r���r+���rV����rW���rS���r
���r
���r ���rP�������s����
rP���c�����������������C���s@���|�dkr0|t�jkr0t�dt�jd�|��t�jd�S�|dkr<dS�|S�)z�Restores an string key-value pair from a renewal config file.
:param str name: option name
:param str value: option value
:returns: converted option value to be stored in the runtime config
:rtype: str or None
r���z$Using server %s instead of legacy %sr=���N)r���ZV1_URIr"���rX���Z
CLI_DEFAULTSr[���r
���r
���r ���rR�������s������
rR���c�����������������C���sL���|�j�rt�d��dS�|���r*t�d��dS�|�jr>t�d��dS�t�d��dS�)zDReturn true if any of the circumstances for automatic renewal apply.z+Auto-renewal forced with --force-renewal...Tz)Cert is due for renewal, auto-renewing...z<Cert not due for renewal, but simulating renewal for dry runz
Cert not yet due for renewalF)Zrenew_by_defaultr"���r$���Zshould_autorenewrX����dry_run)r/����lineager
���r
���r ����
should_renew��s����
r^���c�������������� ���C���s����t�|j��}|���}W�5�Q�R�X�tj�tjj|�}dt|����� ��k}t
�
|�j
�r�t
�
|�r^|r�|�j
s�d�|����}t�d�|���dS�)z9Do not renew a valid cert with one from a staging server!Zfakez, z�You've asked to renew/replace a seemingly valid certificate with a test certificate (domains: {0}). We will not do that unless you use the --break-my-certs flag!N)�open�cert�read�OpenSSLZcryptoZload_certificateZ
FILETYPE_PEM�reprZ
get_issuerrU���r
���Z
is_stagingr���Zbreak_my_certs�joinr-���r���r+���rV���)r/���r]����original_serverZthe_file�contentsZ
latest_certZ now_validr-���r
���r
���r ����_avoid_invalidating_lineage ��s ����
��
��rg���c�����������
������C���s����|j�d�}|�dt�d��}t|�||��|s4|���}|�jrHtj� |j
�nd}|�
||�\}}}} |�j
r~t
�dtj�|j���n*|���}
|�|
||j||���|�|�����t�|�||j��dS�)z
Renew a certificate lineage.r���r���Nz(Dry run: skipping updating lineage at %s)r'���rA���r���rY���rg���r-���r���r
����path�normpathZprivkeyZobtain_certificater\���r"���r$����dirnamer`����latest_common_versionZsave_successorZpemZupdate_all_links_tor���r���Zlive_dir)
r/���r.���Z le_clientr]���Zrenewal_paramsre���Znew_keyZnew_certZ new_chainr<���Z
prior_versionr
���r
���r ����
renew_cert6��s
����
�rl���c��������������������s �����fdd�|�D��}dd��|��S�)z:Format a results report for a category of renewal outcomesc�����������������3���s���|�]}d�|��f�V��qdS�)z%s (%s)Nr
���)r
����m��categoryr
���r ���� <genexpr>O��s�����zreport.<locals>.<genexpr>z z
)rd���)Zmsgsro����linesr
���rn���r ����reportM��s����rr���c��������������������s\��g�}|j���tj�tj�}��fdd�}|�jr:��d����d����d��|r\��d����t|d���|s�|s���d��|�jd�k s�|�j d�k s�|�j
d�k r���d ��n||r�|s���d
����t|d
���n\|r�|s�|d
��|t|d
���n<|�r|�r��d����t|d
�d���|d��|t|d
���|�r,��d����t|d���|�j�rD��d����d��|j
d�
|�dd��d�S�)Nc��������������������s�����t�|����t�|���dS�)zNotify and log errors.N)r,���r"���r2���)�err�Znotifyr
���r ����
notify_errorY��s����
z-_renew_describe_results.<locals>.notify_errorz;** DRY RUN: simulating 'certbot renew' close to cert expiryz>** (The test certificates below have not been saved.)r���z0The following certs are not due for renewal yet:ZskippedzNo renewals were attempted.zNo hooks were run.zOCongratulations, all renewals succeeded. The following certs have been renewed:ZsuccesszFAll renewal attempts failed. The following certs could not be renewed:Zfailurez.The following certs were successfully renewed:�
z)The following certs could not be renewed:zB
Additionally, the following renewal configurations were invalid: Z parsefailz>** (The test certificates above have not been saved.)F)Zwrap)
r@����zope� component�
getUtilityr ����IDisplayr\���rr���r���r���r����
notificationrd���)r/����renew_successes�renew_failures�
renew_skipped�parse_failures�out�dispru���r
���rt���r ����_renew_describe_resultsR��sJ����
��
r����c��������������
������sz��t���fdd���jD���r"t�d����jr:t�����j�g}n
t����}g�}g�}g�}g�}tj �
��
�od��j
}|D��]�}t
j
�tj�}|jd|�dd��t����} t�|�}
zt| |�}
W�nV�tk
�r�}
�z6t�d||
|
��t�dt�����|�
|��W�Y��qjW�5�d }
~
X�Y�nX�z�|
d k�r"|�
|��n�t
j
�
| ��|
�
���d
d
l m }
�t!j"�#��}t$| |
��r�|�r�t%�&d
d
�}t�'d|��t(�)|��d}|
�*| ||
��|�
|
j+��n0t,�-|
�.d|
�/����}|�
d|
j+|�0d�f���t1�2| |
|��W�qj�tk
�r0�}
�z0t�d|
||
��t�dt�����|�
|
j+��W�5�d }
~
X�Y�qjX�qjt3��||||��|�sP|�rlt�d�4t5|�t5|����n
t�d��d S�)z5Examine each lineage; renew if due and report resultsc�����������������3���s���|�]}|��j�kV��qd�S�)N)r4���)r
���Zdomain�r/���r
���r ���rp������s�����z)handle_renewal_request.<locals>.<genexpr>af��Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.z
Processing F)�pausezTRenewal configuration file %s (cert: %s) produced an unexpected error: %s. Skipping.r���Nr���)�main����i���z3Non-interactive renewal: random delay of %s secondsr`���z%s expires on %sz%Y-%m-%dzQAttempting to renew cert (%s) from %s produced an unexpected error: %s. Skipping.z*{0} renew failure(s), {1} parse failure(s)zno renewal failures)6�anyr.���r���r+���Zcertnamer
���Zrenewal_file_for_certnameZrenewal_conf_files�sys�stdin�isattyZrandom_sleep_on_renewrw���rx���ry���r ���rz���r{����copy�deepcopyZlineagename_for_filenamer3���� Exceptionr"���r#���r$���r%���r&���r@���ZprovideUtilityZensure_deployed�certbotr�����
plugins_discoZPluginsRegistryZfind_allr^����randomZuniformrX����time�sleeprl���Z fullchainr���ZnotAfter�versionrk����strftimer
���Zrun_generic_updatersr����rV����len)r/���Z
conf_filesr|���r}���r~���r���Zapply_random_sleepZ
renewal_filer����Zlineage_configZ
lineagenamer1����er����ZpluginsZ
sleep_timeZexpiryr
���r����r ����handle_renewal_request���s�����
���
�
��
���� ��
��r����)6�__doc__Z
__future__r���r����rH���Zloggingr����r����r����r%���rb���r8���Zzope.componentrw���Zacme.magic_typingr���r����r���r���r���r���r���r ���r
���r
���r
���Zcertbot.compatr
���Zcertbot.pluginsr���r����Z getLogger�__name__r"���rQ���rO���rL���rB���rI���Z
CONFIG_ITEMSr3���r:���r)���r(���rJ���rN���rP���rR���r^���rg���rl���rr���r����r����r
���r
���r
���r ����<module>���st���
������������9+2