Spade
Mini Shell
| Directory:~$ /proc/self/root/lib/python2.7/site-packages/certbot/_internal/ |
| [Home] [System Details] [Kill Me] |
�
���_c@s�dZddlmZddlZddlZddlZddlZddlZddl Z
ddl
Z
ddl
mZddlmZmZmZmZmZddlZddlmZddlmZddlmZddlmZdd lmZdd
lm
Z
dd
lm
Z
dd
lm
Z
dd
lm Z ddlm Z
ddlm!Z!ddlm"Z"ddlm#Z#ddlm$Z$ddlm%Z%ddlm&Z&ddlm'Z'ddlm(Z(ddl)m*Z+ddl)m,Z-ddl.m/Z/ddl.m0Z0ddl.m1Z1dd
l2m3Z4ddl2mZ5dd
l6m7Z7d
Z8ej9e:�Z;d �Z<d
�Z=dddd!�Z?d"�Z@d#�ZAd$�ZBd%�ZCd&�ZDd'�ZEd(�ZFd)�ZGd*�ZHdd+�ZIdd,�ZJd-�ZKd.�ZLd/�ZMd0�ZNd1�ZOd2�ZPdd3�ZQd4�ZRd5�ZSd6�ZTd7�ZUd8�ZVd9�ZWd:�ZXd;�ZYd<�ZZd=�Z[d>�Z\d?�Z]d@�Z^dA�Z_dB�Z`dC�ZadD�ZbdE�ZcddF�ZddS(GsCertbot
main entry
point.i����(tprint_functionN(terrors(tUniontIterabletOptionaltListtTuple(t
crypto_util(t
interfaces(tutil(taccount(t
cert_manager(tcli(tclient(t
configuration(t constants(teff(thooks(tlog(trenewal(treporter(t
snap_config(tstorage(tupdater(tdisco(t selection(t
filesystem(tmisc(tos(tops(t
enhancementss?User chose to cancel the
operation and may reinvoke the
client.cCsT|jdkst�|jr"dStjjtj�}d}|j||j �dS(s�Potentially
suggest a donation to support Certbot.
:param config: Configuration object
:type config: interfaces.IConfig
:returns: `None`
:rtype: None
trenewNs�If you like Certbot, please consider supporting our work
by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
(
tverbtAssertionErrortstagingtzopet componentt
getUtilityRt IReportert
add_messaget
LOW_PRIORITY(tconfigt
reporter_utiltmsg((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
_suggest_donation_if_appropriate3s
cCsGtjjtj�}|jdks*t�|jd|jdt �dS(s�Reports
on successful dry run
:param config: Configuration object
:type config: interfaces.IConfig
:returns: `None`
:rtype: None
R sThe dry run was successful.ton_crashN(
R#R$R%RR&R
R!R't
HIGH_PRIORITYtFalse(R)R*((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_report_successful_dry_runGs
cCs2tj|�z|d k rxtjdjd|jr:dnddtj|pU|j����t j
||||�n�|d k s�t
�tjdjd|jr�dnddtj|���|j
||�}|t
kr�tjd��n|d k r
tj||j�|j�nWd tj|�X|S(
s!Authenticate and enroll certificate.
This method finds the relevant lineage, figures out what to do with it,
then performs that action. Includes calls to hooks, various reports,
checks, and requests for user input.
:param config: Configuration object
:type config: interfaces.IConfig
:param domains: List of domain names to get a certificate. Defaults to
`None`
:type domains: `list` of `str`
:param certname: Name of new certificate. Defaults to `None`
:type certname: str
:param lineage: Certificate lineage object. Defaults to `None`
:type lineage: storage.RenewableCert
:returns: the issued certificate or `None` if doing a dry run
:rtype: storage.RenewableCert or None
:raises errors.Error: if certificate could not be obtained
s{action} for {domains}tactions-Simulating renewal of an existing
certificates Renewing an existing certificatetdomainss Simulating a
certificate requestsRequesting a certificates!Certificate could not be
obtainedN(Rtpre_hooktNonet
display_utiltnotifytformattdry_runtsummarize_domain_listtnamesRt
renew_certR!t
obtain_and_enroll_certificateR/RtErrort
deploy_hooktlive_dirt post_hook(t le_clientR)R2tcertnametlineage((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_get_and_save_certWs*
#cCs�tjd�
s
tjd�
r}|jj�}|jj�}||kr}d}|j|j||�}tj|��q}ndS(s|
This function ensures that the user will not implicitly migrate an
existing key
from one type to another in the situation where a certificate for that
lineage
already exist and they have not provided explicitly --key-type and
--cert-name.
:param config: Current configuration provided by the client
:param cert: Matching certificate that could be renewed
tkey_typeRBs�Are you trying to change the key type of the
certificate named {0} from {1} to {2}? Please provide both --cert-name and
--key-type on the command line confirm the change you are trying to
make.N( R
t
set_by_cliREtuppertprivate_key_typeR7t
lineagenameRR=(R)tcertt
new_key_typet
cur_key_typeR+((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt%_handle_unexpected_key_type_migration�s
c
Cs�t||�dj|j��}dj|jj|dj|�dtj�}|js�|j s�t
j
j
t
j�j|dddddt�r�d |fStjd
j|tjd
d
jtjd
�dtj��tjt��dS(s�Figure
out what to do if a previous cert had a subset of the names now requested
:param config: Configuration object
:type config: interfaces.IConfig
:param domains: List of domain names
:type domains: `list` of `str`
:param cert: Certificate object
:type cert: storage.RenewableCert
:returns: Tuple of (str action, cert_or_None) as per
_find_lineage_for_domains_and_certname
action can be: "newcert" | "renew" |
"reinstall"
:rtype: `tuple` of `str`
s, s You have an existing certificate that contains a portion of the
domains you requested (ref: {0}){br}{br}It contains these names:
{1}{br}{br}You requested these names for the new certificate:
{2}.{br}{br}Do you want to expand and replace this existing certificate
with the new
certificate?tbrtExpandtCanceltcli_flags--expandtforce_interactiveR s�To
obtain a new certificate that contains these names without replacing your
existing certificate for {0}, you must use the --duplicate
option.{br}{br}For example:{br}{br}{1} --duplicate {2}it
iN(RMtjoinR:R7t
configfiletfilenameR
tlineseptexpandtrenew_by_defaultR#R$R%RtIDisplaytyesnotTrueR5R6tsystargvRR=tUSER_CANCELLED(R)R2RJtexistingtquestion((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_handle_subset_cert_request�s$
cCsHt||�|j�s#d|fStj||�r?d|fS|jrRd|fSdj|jjdtj �}|j
dkr�d}n|j
dkr�d}n|d g}t
j
j
tj�}|j||d
d
d
t�}|d
tjkrtjd
��n|dd
kr
d|fS|ddkr8d|fStd��dS(s�Figure
out what to do if a lineage has the same names as a previously obtained one
:param config: Configuration object
:type config: interfaces.IConfig
:param lineage: Certificate lineage object
:type lineage: storage.RenewableCert
:returns: Tuple of (str action, cert_or_None) as per
_find_lineage_for_domains_and_certname
action can be: "newcert" | "renew" |
"reinstall"
:rtype: `tuple` of `str`
t reinstallR s�You have an existing certificate that has exactly the
same domains or certificate name you requested and isn't close to
expiry.{br}(ref: {0}){br}{br}What would you like to do?RNtruns.Attempt to
reinstall this existing certificatetcertonlys%Keep the existing
certificate for nowsBRenew & replace the certificate (may be subject to
CA rate limits)tdefaultiRRs.Operation canceled. You may re-run the
client.isThis is
impossibleN(RMtensure_deployedRt
should_renewRcR7RURVR
RWR
R#R$R%RRZtmenuR\R5tCANCELRR=R!(R)RCRatkeep_opttchoicestdisplaytresponse((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
_handle_identical_cert_request�s4
cCsz|jr
dStj||�\}}|dkrA|dkrAdS|dk rZt||�S|dk rvt|||�SdS(s�Determine
whether there are duplicated names and how to handle
them (renew, reinstall, newcert, or raising an error to stop
the client run if the user chooses to cancel the operation when
prompted).
:param config: Configuration object
:type config: interfaces.IConfig
:param domains: List of domain names
:type domains: `list` of `str`
:returns: Two-element tuple containing desired new-certificate behavior
as
a string token ("reinstall", "renew", or
"newcert"), plus either
a RenewableCert instance or `None` if renewal shouldn't
occur.
:rtype: `tuple` of `str` and :class:`storage.RenewableCert` or `None`
:raises errors.Error: If the user would like to rerun the client again.
tnewcertN(RpN(RpN(NN(t duplicateR4R
tfind_duplicative_certsRoRb(R)R2tident_names_certtsubset_names_cert((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_find_lineage_for_domainss
cCsDt|||�\}}|dkr4tjd�n|dk|fS(sWFinds
an existing certificate object given domains and/or a certificate name.
:param config: Configuration object
:type config: interfaces.IConfig
:param domains: List of domain names
:type domains: `list` of `str`
:param certname: Name of certificate
:type certname: str
:returns: Two-element tuple of a boolean that indicates if this
function should be
followed by a call to fetch a certificate from the server,
and either a
RenewableCert instance or None.
:rtype: `tuple` of `bool` and :class:`storage.RenewableCert` or `None`
Rcs Keeping the existing
certificate(t&_find_lineage_for_domains_and_certnametloggertinfo(R)R2RBR1RC((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
_find_cert:s
cCs�|st||�Stj||�}|r�|r�ttj||��t|�kr�t||�t||||j��d|fSnt||�S|r�dSt
j
dj
|���dS(s�Find appropriate lineage based on given
domains and/or certname.
:param config: Configuration object
:type config: interfaces.IConfig
:param domains: List of domain names
:type domains: `list` of `str`
:param certname: Name of certificate
:type certname: str
:returns: Two-element tuple containing desired new-certificate behavior
as
a string token ("reinstall", "renew", or
"newcert"), plus either
a RenewableCert instance or None if renewal should not occur.
:rtype: `tuple` of `str` and :class:`storage.RenewableCert` or `None`
:raises errors.Error: If the user would like to rerun the client again.
R Rps}No certificate with name {0} found. Use -d to specify domains, or
run certbot certificates to see possible certificate
names.N(snewcertN(
RuR
tlineage_for_certnametsettdomains_for_certnameRMt
_ask_user_to_confirm_new_namesR:RoR4RtConfigurationErrorR7(R)R2RBRC((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyRvRs
$
cCsVtt|�t|��}tt|�t|��}|j�|j�||fS(sWGet
lists of items removed from `before`
and a lists of items added to `after`
(tlistR{tsort(taftertbeforetaddedtremoved((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_get_added_removed}s
cCs;|sd}nddj|�}|jd|dtj�S(s%Format list with
given character
s
{br}(None)s {br}{ch}
tchRN(RTR7R
RW(t charactertstringst formatted((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
_format_list�s
cCs�|jr
dSt||�\}}dj|td|�td|�dtj�}tjjt j
�}|j
|dddt
�s�t
jd ��ndS(
s�Ask user to confirm update cert certname to contain new_domains.
:param config: Configuration object
:type config: interfaces.IConfig
:param new_domains: List of new domain names
:type new_domains: `list` of `str`
:param certname: Name of certificate
:type certname: str
:param old_domains: List of old domain names
:type old_domains: `list` of `str`
:returns: None
:rtype: None
:raises errors.ConfigurationError: if cert name and domains mismatch
Ns�You are updating certificate {0} to include new domain(s):
{1}{br}{br}You are also removing previously included domain(s):
{2}{br}{br}Did you intend to make this change?t+t-RNsUpdate
certificateRPRfs2Specified mismatched certificate name and
domains.(trenew_with_new_domainsR�R7R�R
RWR#R$R%RRZR[R\RR~(R)t
new_domainsRBt
old_domainsR�R�R+tobj((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR}�s
cCs�d}|j}|jr$|j}n|r?tj||�}n|sZtj||�}n|
rz|
rztjd��n||fS(s Retrieve
domains and certname from config or user input.
:param config: Configuration object
:type config: interfaces.IConfig
:param installer: Installer object
:type installer: interfaces.IInstaller
:param `str` question: Overriding default question to ask the user if
asked
to choose from domain names.
:returns: Two-part tuple of domains and certname
:rtype: `tuple` of list of `str` and `str`
:raises errors.Error: Usage message, if parameters are not used
correctly
s�Please specify --domains, or --installer that will help in domain
names autodiscovery, or --cert-name for an existing certificate
name.N( R4RBR2R
R|t
display_opst
choose_namesRR=(R)t installerRaR2RB((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_find_domains_or_certname�s
c Cs�|jrt|�dS|r#|s/td��tj|�j�}tjjt j
�}|j
dkrndnd}|r�dj
|dt
j�nd}dj
|||tj|dt
j�}|j||j�dS( sDReports
the creation of a new certificate to the user.
:param cert_path: path to certificate
:type cert_path: str
:param fullchain_path: path to full chain
:type fullchain_path: str
:param key_path: path to private key, if available
:type key_path: str
:returns: `None`
:rtype: None
Ns No certificates saved to report.Rds with the "certonly"
optionts+Your key file has been saved at:{br}{0}{br}RNsCongratulations!
Your certificate and chain have been saved at:{br}{0}{br}{1}Your
certificate will expire on {2}. To obtain a new or tweaked version of this
certificate in the future, simply run {3} again{4}. To non-interactively
renew *all* of your certificates, run "{3}
renew"(R8R0R!RtnotAftertdateR#R$R%RR&R
R7R
RWR
t
cli_commandR'tMEDIUM_PRIORITY( R)t cert_pathtfullchain_pathtkey_pathtexpiryR*t
verbswitchtprivkey_statementR+((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_report_new_cert�s
$
csV�fd�}tj��}d }�jd k rH|j�j�}n�|j�}t|�dkrxtj|�}n�t|�dkr�|d}n��jd kr��j
r�tj
��_ny/t
j
�|d|�\}}t
jd�WnLtjk
r
�n6tjk
r?tjddt�tjd��nX|j�_||fS(
s�Determine which account to use.
If ``config.account`` is ``None``, it will be updated based on the
user input. Same for ``config.email``.
:param config: Configuration object
:type config: interfaces.IConfig
:returns: Account and optionally ACME client API (biproduct of new
registration).
:rtype: tuple of :class:`certbot._internal.account.Account` and
:class:`acme.client.Client`
:raises errors.Error: If unable to register an account with ACME server
csh�jr
tSdj|�}tjjtj�}|j|dddt�}|sdt j
d��ndS(NspPlease read the Terms of Service at {0}. You must agree
in order to register with the ACME server. Do you
agree?RQs
--agree-tosRRs?Registration cannot proceed without accepting
Terms of
Service.(
ttosR\R7R#R$R%RRZR[RR=R4(tterms_of_serviceR+R�tresult(R)(s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_tos_cb
s
iittos_cbsAccount
registered.R�texc_infos.Unable to register an account with ACME
serverN(R
tAccountFileStorageR4tloadtfind_alltlenR�tchoose_accounttemailt register_unsafely_without_emailt get_emailR
tregisterR5R6RtMissingCommandlineFlagR=RwtdebugR\tid(R)R�taccount_storagetacmetacctaccounts((R)s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_determine_account
s0
c
sktjjtj�}|j}|dkrZd}|j|dddddtdt�}n|sddS|j sst
�|j
s�t
j
|�|_
ntjtjtj||j
��||j
��y,t
j|�fd �gd
�d
��Wnjtjk
rtjd
��dStk
rY}d
}|j|j|j�|�}tj
|��nXt
j
|�dS(s�Does
the user want to delete their now-revoked certs? If run in non-interactive
mode,
deleting happens automatically.
:param config: parsed command line arguments
:type config: interfaces.IConfig
:returns: `None`
:rtype: None
:raises errors.Error: If anything goes wrong, including bad user input,
if an overlapping
archive dir is found for the specified lineage, etc ...
s{Would you like to delete the certificate(s) you just revoked, along
with all earlier and later versions of the certificate?t yes_labelsYes
(recommended)tno_labeltNoRRRfNcs�S(N((tx(t
archive_dir(s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt<lambda>lscSs|jS(N(R�(R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�mscSs|S(N((R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�msshNot
deleting revoked certificates due to overlapping archive dirs. More than
one certificate is using %ss_config.default_archive_dir: {0},
config.live_dir: {1}, archive_dir: {2},original exception:
{3}(
R#R$R%RRZtdelete_after_revokeR4R[R\R�R!RBR
tcert_path_to_lineageRtfull_archive_patht configobjt ConfigObjtrenewal_file_for_certnametmatch_and_check_overlapsRtOverlappingMatchFoundRwtwarningt ExceptionR7tdefault_archive_dirR?R=tdelete(R)Rmtattempt_deletionR+te((R�s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_delete_if_appropriateGs4
cCsY|dk r1t|�\}}tjd|�n
d\}}tj||||d|�S(sxInitialize
Let's Encrypt Client
:param config: Configuration object
:type config: interfaces.IConfig
:param authenticator: Acme authentication handler
:type authenticator: Optional[interfaces.IAuthenticator]
:param installer: Installer object
:type installer: interfaces.IInstaller
:returns: client: Client object
:rtype: client.Client
sPicked account:
%rR�N(NN(R4R�RwR�R
tClient(R)t
authenticatorR�R�R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_init_le_client{s
c
Cs�tj|�}|j�}|s%dStjjtj�j}d}||dddddt �}|skdSt
|�\}}t
j
||d
d
d |�} | jj|j�tj|�}
|
j|j�tjd
�d
S(
s�Deactivate account on server
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
s.Could not find existing account to deactivate.sCAre you sure you
would like to irrevocably deactivate your account?R�t
DeactivateR�tAbortRfsDeactivation aborted.R�sAccount
deactivated.N(R
R�R�R#R$R%RRZR[R\R�R
R�R4R�tdeactivate_registrationtregrR�R5R6(
R)tunused_pluginsR�R�R[tprompttwants_deactivateR�R�t cb_clientt
account_files((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
unregister�s"
cCs3tj|�}|j�}|r%dSt|�dS(s$Create
accounts on the server.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None` or a string indicating and error
:rtype: None or str
smThere is an existing account; registration of a duplicate account
with this command is currently unsupported.N(R
R�R�R�R4(R)R�R�R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR��s
c
Csttj|�}|j�}|s%dS|jd
krV|j
rVtjdt�|_nt |�\}}t
j
||d
d
d|�}d
}|jr�g|jj
d�D]}d|^q�}n|j
j} |jj|j
jd|j
jjd|���|_
|j
jd| �|_
|j||j�|jsGtjd �n)tj||�tjd
j|j��d
S(
s$Modify accounts on the server.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None` or a string indicating and error
:rtype: None or str
s-Could not find an existing account to
update.toptionalR�t,smailto:tbodytcontactturisFAny contact
information associated with this account has been removed.s'Your
e-mail address was updated to {0}.N((R
R�R�R�R4R�R�R�R/R�R
R�tsplitR�R�R�tupdate_registrationtupdateR�t
update_regrR5R6Rtprepare_subscriptionR7(
R)R�R�R�R�R�R�t
acc_contactsR�t
prev_regr_uri((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pytupdate_account�s*
,
! cCsc|r
|n|}|jdk s't�|j||j|j|j|j�|j||j�dS(s�Install
a cert
:param config: Configuration object
:type config: interfaces.IConfig
:param le_client: Client object
:type le_client: client.Client
:param domains: List of domains
:type domains: `list` of `str`
:param lineage: Certificate lineage object. Defaults to `None`
:type lineage: storage.RenewableCert
:returns: `None`
:rtype: None
N(R�R4R!tdeploy_certificateR�t
chain_pathR�tenhance_config(R)RAR2RCt
path_provider((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
_install_certs
c
Cs�y tj||d�\}}Wn
tjk
r>}t|�SX|joN|j}|j
r�|
r�d}tj |ddt
d|�d|_nt
j
||�s�tj
d��n|jr�t|�}n!t
j|�r�tjd��n|jrI|jrIt|�t||�\}}t|dd
d |�}t|||�ntjd
��t
j|�r�tj||j�} t
j| |||�nd
S(
s�Install a
previously obtained cert in a server.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
tinstalls,Which certificate would you like to
install?tallow_multiplet
custom_promptisVOne ore more of the requested
enhancements are not supported by the selected installersLOne or more of
the requested enhancements require --cert-name to be
providedR�R�s�Path to certificate or key was not defined. If your
certificate is managed by Certbot, please use --cert-name to define which
certificate you would like to
install.N(tplug_seltchoose_configurator_pluginsRtPluginSelectionErrortstrR�R�RBR
t
get_certnamesR/R
t
are_supportedtNotSupportedErrort_populate_from_certnamet
are_requestedR~t_check_certificate_and_keyR�R�R4R�Rztenable(
R)tpluginsR�t_R�t
custom_certtcertname_questionR2RARC((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�)s4
cCs�tj||j�}|s |S|js:|j|j_n|jsU|j|j_n|jsp|j|j_n|js�|j|j_n|S(sfHelper
function for install to populate missing config values from lineage
defined by
--cert-name.(R
RzRBR�t namespaceR�R�R�(R)RC((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�ds cCs|tjjtj|j��s<tjdj|j���ntjjtj|j ��sxtjdj|j ���ndS(Ns-Error
while reading certificate from path {0}s-Error while reading private key
from path {0}(
R
tpathtisfileRtrealpathR�RR~R7R�(R)((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�us
cCs(tjd|j�|jdkr(gn|j}|j�j|�}tjd|�tjtjj t
j
�j
dt
�}|j
r�|j
r�|t|��dS|j|�|j|�}tjd|�|js�|t|��dS|j�|j�}tjd|�|t|��dS(s�List
server software plugins.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
sExpected interfaces: %ssFiltered plugins: %rtpauseNsVerified
plugins: %rsPrepared plugins:
%s(RwR�tifacesR4tvisiblet functoolstpartialR#R$R%RRZt
notificationR/tinittprepareR�tverifyt available(R)R�RtfilteredR6tverifiedR
((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
plugins_cmd|s&
cs�ddddg}t�fd�|D��}tj��
rt|
rtd}tj|tjd�tjd��ny t j
�|d �\}}Wn
tj
k
r�}t
|�SXtj
�|�s�tjd
��nd
}tj�d d
td
|�d�_tj��j�} �jr)| }
n0d}
tj| |
�}
|
sYtjd��ntj��j�}
�js�|
j�_n|r�t�ddd|�}
|
j
|
�jdt�ntj��r�tj
|
|
|��ndS(s�Add security enhancements to existing configuration
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
thststredirecttuirtstaplec3s
|]}t�|�VqdS(N(tgetattr(t.0tenh(R)(s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pys <genexpr>�ss|Please
specify one or more enhancement types to configure. To list the available
enhancement types, run:
%s --help enhance
is#No enhancements requested, exiting.tenhancesVOne ore more of the
requested enhancements are not supported by the selected installersFWhich
certificate would you like to use to enhance your
configuration?R�R�sJWhich domain names would you like to enable the
selected enhancements for?sAUser cancelled the domain selection. No domains
defined,
exiting.R�R�tredirect_defaultN(
tanyR
R�RwR�R]R^RtMisconfigurationErrorR�R�R�R�R�R�R
R�R/RBR|tnoninteractive_modeR�t
choose_valuesR=RzR�R�R4R�R�(R)R�tsupported_enhancementst
oldstyle_enhR+R�R�R�R�t
cert_domainsR2tdomain_questionRCRA((R)s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�s@
cCs
tj|j|j||�dS(s�Rollback server configuration changes made during
install.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
N(R
trollbackR�t
checkpoints(R)R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR
�s
cCstj|�dS(srUpdate the certificate file family
symlinks
Use the information in the config file to make symlinks point to
the correct archive directory.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
N(R
tupdate_live_symlinks(R)R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pytupdate_symlinks�scCstj|�dS(sARename
a certificate
Use the information in the config file to rename an existing
lineage.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
N(R
trename_lineage(R)R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pytrename�scCstj|�dS(sADelete
a certificate
Use the information in the config file to delete an existing
lineage.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
N(R
R�(R)R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�scCstj|�dS(sDisplay
information about certs configured with Certbot
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
N(R
t
certificates(R)R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR&$s
cCs�d|_|_|jdkrC|jrCtj||j�|_n.|j
s_|jrq|jrqtjd��n|j dk r�t
j
d|jd|j d�t
j
|jd|j d�tjj|j d�}tj||�}nDt
j
d|jd�t|�\}}tj||j|j�}t
j|jd�d}t
j
d|j�y*|jtj|�|j�t|�Wn
tj
k
r�}t
|�SXt
j |jd�dS(s:Revoke a previously obtained
certificate.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None` or string indicating error in case of error
:rtype: None or str
sCError! Exactly one of --cert-path or --cert-name must be
specified!s$Revoking %s using certificate key %siis
Revoking %s using
Account Keys
Reason code for revocation: %sN(
R4R�R�R�RBRtcert_path_for_cert_nameRR=R�RwR�Rt
verify_cert_matches_priv_keytjosetJWKR�R
tacme_from_config_keyR�tkeyR�tpyopenssl_load_certificatetreasontrevoketComparableX509R�t
acme_errorst
ClientErrorR�R�tsuccess_revocation(R)R�R,R�R�R�RJR�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR/5s.
cCs�y tj||d�\}}Wn
tjk
r>}t|�SXtj||�sctjd��nt|||�}t ||�\}}t
|||�\}} | }
|r�t
||||| �}
n|
r�|
j
nd}
|
r�|
jnd}
|
r|
jnd}
|r$t||
|
|
�nt||||
�tj|�re|
retj|
|||�n| dksx|
r�tj|�n
tj|�t|�tj||j�dS(s�Obtain
a certificate and install.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
RdsVOne ore more of the requested enhancements are not supported by the
selected
installerN(R�R�RR�R�R
R�R�R�R�RyRDR�R4R�R�R�R�R�R�R�tsuccess_installationtsuccess_renewalR,Rthandle_subscriptionR
(R)R�R�R�R�RAR2RBtshould_get_certRCt
new_lineageR�R�R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyRdbs6
cCs�|j\}}|j|�\}}|jrDtjd|j�dS|j||tj j
|j�tj j
|j
�tj j
|j
��\}}}||fS(s�Obtain a cert using a user-supplied CSR
This works differently in the CSR case (for now) because we don't
have the privkey, and therefore can't construct the files for a
lineage.
So we just save the cert & chain to disk :/
:param config: Configuration object
:type config: interfaces.IConfig
:param client: Client object
:type client: client.Client
:returns: `cert_path` and `fullchain_path` as absolute paths to the
actual files
:rtype: `tuple` of `str`
s*Dry run: skipping saving certificate to %sN(NN(
t
actual_csrtobtain_certificate_from_csrR8RwR�R�R4tsave_certificateR
R�tnormpathR�R�(R)RAtcsrR�RJtchainR�R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_csr_get_and_save_cert�s
3c Cs�y tj||d�\}}Wn)tjk
rJ}tjd|��nXt|||�}t||d|�}tj j
t
j
�j
}|dkr�|dj|j�dt�n?tj|||�|j�|dj|j|j�dt�dS(s�Renew
& save an existing cert. Do not install it.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:param lineage: Certificate lineage object
:type lineage: storage.RenewableCert
:returns: `None`
:rtype: None
:raises errors.PluginSelectionError: MissingCommandlineFlag if supplied
parameters do not pass
Res'Could not choose appropriate plugin: %sRCs9new certificate
deployed without reload, fullchain is {0}RsDnew certificate deployed with
reload of {0} server; fullchain is
{1}N(R�R�RR�RwRxR�RDR#R$R%RRZRR4R7t fullchainR/Rtrun_renewal_deployertrestartR�( R)R�RCR�tauthR�RAtrenewed_lineageR6((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR;�s
cCs�y tj||d�\}}Wn)tjk
rJ}tjd|��nXt|||�}|jr�t||�\}}t |||�t
|�t
j
||j
�dSt||�\}} t||| �\}
}
|
s
tjjtj�j}
|
ddt�dSt|||| |
�}
|
r2|
jnd}|
rG|
jnd}|
r\|
jnd}
t ||||
�t
|�t
j
||j
�dS(sfAuthenticate & obtain cert, but do not
install it.
This implements the 'certonly' subcommand.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
:raises errors.Error: If specified plugin could not be used
Res'Could not choose appropriate plugin: %sNs5Certificate not yet
due for renewal; no action
taken.R(
R�R�RR�RwRxR�R=R?R�R,RR6R
R�RyR#R$R%RRZRR/RDR�R4R�R�(R)R�R�RCR�RAR�R�R2RBR7RCR6R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyRe�s2
cCs#ztj|�Wdtj�XdS(sRenew previously-obtained
certificates.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
N(Rthandle_renewal_requestRtrun_saved_post_hooks(R)R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR s
cCs{tj|jtj|j�tj|jtj|j�|j|j|j f}x$|D]
}tj
|d|j�qWWdS(s�Create or verify existence of config, work, and
hook directories.
:param config: Configuration object
:type config: interfaces.IConfig
:returns: `None`
:rtype: None
tstrictN(
R tset_up_core_dirt
config_dirRtCONFIG_DIRS_MODEtstrict_permissionstwork_dirtrenewal_pre_hooks_dirtrenewal_deploy_hooks_dirtrenewal_post_hooks_dirtmake_or_verify_dir(R)t hook_dirsthook_dir((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pytmake_or_verify_needed_dirs+s
cCsz|jr0t|_tjttjd��}n6|jrNtjtj �}ntj
tj |j
�}t
j
j|�dS(s�Set the displayer
:param config: Configuration object
:type config: interfaces.IConfig
:returns: `None`
:rtype: None
twN(tquietR\RR5tNoninteractiveDisplaytopenR
tdevnullR]tstdoutt
FileDisplayRRR#R$tprovideUtility(R)t displayer((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
set_displayer?s
cCs�|stjd }ntj�tjjd�dkrJtj|�}nt j
j
�}t
j
dtj�t
j
dtjd�t
j
d|�t
j
d|�tj||�}tj|�}tjj|�tj�ytj|�t|�Wn)tj
k
r$|j
t
kr%�q%nXtj dd krKt j!d
t"�nt#|�t$j%|�}tjj|�t&j'|j(�|j
||�S(
s�Run
Certbot.
:param cli_args: command line to Certbot, defaults to ``sys.argv[1:]``
:type cli_args: `list` of `str`
:returns: value for `sys.exit` about the exit status of Certbot
:rtype: `str` or `int` or `None`
itCERTBOT_SNAPPEDR\scertbot version: %ss#Location of certbot entry
point: %sis
Arguments: %rsDiscovered plugins: %risdPython 2 support will
be dropped in the next release of Certbot. Please upgrade your Python
version.()R]R^Rtpre_arg_parse_setupR
tenvirontgetRt
prepare_envt
plugins_discotPluginsRegistryR�RwR�tcertbott
__version__R
tprepare_and_parse_argsRtNamespaceConfigR#R$R[Rt+raise_for_non_administrative_windows_rightstpost_arg_parse_setupRSRR=tfuncRt
version_infotwarningstwarntPendingDeprecationWarningR]RtReporterR tatexit_registertprint_messages(tcli_argsR�targsR)treport((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pytmainUs:
(et__doc__t
__future__RRtlogging.handlerstloggingR]RmR�tjosepyR)tzope.componentR#R�RR1tacme.magic_typingRRRRRReRRR tcertbot._internalR
R
R
R
RRRRRRRRRRtcertbot._internal.pluginsRRcRR�tcertbot.compatRRR
tcertbot.displayR
R�R5tcertbot.pluginsR
R_t getLoggert__name__RwR,R0R4RDRMRbRoRuRyRvR�R�R}R�R�R�R�R�R�R�R�R�R�R�R�RRR
R#R%R�R&R/RdR?R;ReR RSR]Rv(((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt<module>s�
(
; 3 7 ( +
&
)
* ; 4 (
2
; ' ; - :
+ 4