Directory:~$ /proc/self/root/usr/lib/python2.7/site-packages/certbot/_internal/

Upload File

[Home] [System Details] [Kill Me]

�
���_c@s�
dZd
dl
Z
d
dlZd
dlZd
dlZd
dlZd
dlZd
dlm	Z	
d
dl
mZ
d
dl
mZ
d
dl
m
Z

d
dl
mZ
d
dl
mZ
d
d	lmZ
d
d
lmZ
d
dlmZ
eje�
Zd�Zd�Zd
�Zd�Zd�Zd�Zd�Zd�Z
d�Z!d�Z"d�Z#e$d�
Z%e$dd�Z'd�Z(d�Z)d�Z*d�Z+dS(s
Tools for managing
certificates.i����N(
tList(
tcrypto_util(
terrors(
t
interfaces(
tocsp(
tutil(
tstorage(
tosc
Cs4x-tj
|�
D]}
tj|
|d
t�

qWdS(sj
Update
the certificate file family symlinks to use archive_dir.

    Use the information in the config file to make symlinks point to
    the correct archive directory.

    .. note:: This assumes that the installation is using a Reverter
object.

    :param config: Configuration.
    :type config: :class:`certbot._internal.configuration.NamespaceConfig`

   
tupdate_symlinksN(Rtrenewal_conf_filest
RenewableCerttTrue(tconfigtrenewal_file((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytupdate_live_symlinkss
c
Cs�tj
jtj�
}
t|d
�d}|j}|s�|
jdj|�
dddt	�
\}}|t
jksw|r�tj
d�
�
q�nt||�}|s�tjdj|�
�
�
ntj|||�
|
jd	j||�d
t�


dS(s�Rename the specified lineage to the new name.

    :param config: Configuration.
    :type config: :class:`certbot._internal.configuration.NamespaceConfig`

    trenameis&Enter the new name for certificate
{0}tflags--updated-cert-nametforce_interactivesUser ended
interaction.s,No existing certificate with name {0} found.s Successfully
renamed {0} to {1}.tpauseN(tzopet	componentt
getUtilityRtIDisplayt
get_certnamestnew_certnametinputtformatRtdisplay_utiltOKRtErrortlineage_for_certnametConfigurationErrorRtrename_renewal_configtnotificationtFalse(RtdisptcertnameRtcodetlineage((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytrename_lineage)s
	











c
Cs�g}
g}x�tj
|�
D]�}y0tj||�}tj|�

|
j|�

Wqtk
r�
}
tjd
||�
tj	dt
j��
|j|�

qXqWt||
|�
dS(s�Display information about
certs configured with Certbot

    :param config: Configuration.
    :type config: :class:`certbot._internal.configuration.NamespaceConfig`
    sIRenewal configuration file %s produced an unexpected error: %s.
Skipping.sTraceback was:
%sN(
RR	R
R
tverify_renewable_certtappendt	Exceptiontloggertwarningtdebugt	tracebackt
format_exct_describe_certs(Rtparsed_certstparse_failuresR
trenewal_candidatet
e((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytcertificatesEs








	



c
Cs�t|d
dt
�
}
tjjtj�
}dg
}x|
D]}|jd|�

q:W|jd�

|jdj	|�
dt
�

s�t
jd�

d	Sx4|
D],}tj
||�
tjd
j|�
�

q�Wd	S(s;Delete Certbot files associated with a certificate
lineage.tdeletetallow_multiples8The following certificate(s) are selected
for deletion:
s  * s:
Are you sure you want to delete the above certificate(s)?s

tdefaults$Deletion of certificate(s) canceled.Ns.Deleted all files
relating to certificate
{0}.(RRRRRRRR)tyesnotjoinR+tinfoRtdelete_filesRtnotifyR(Rt	certnamesR#tmsgR$((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyR6\s

	













cCs�|j}t
j|d
d�


ytj||
�}Wntjk
rI


dSXytj||�SWnAtjt	fk
r�


t
jd|�
t
jdtj
��
dSXdS(s)Find a lineage object with name
certname.tmodei�
sRenewal conf file %s is broken.sTraceback was:
%sN(trenewal_configs_dirRtmake_or_verify_dirRtrenewal_file_for_certnameRtCertStorageErrortNoneR
tIOErrorR+R-R.R/(t
cli_configR$tconfigs_dirR
((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRps	









cCs#t||
�}|r|j
�Sd
S(s0Find
the domains in the cert with name
certname.N(RtnamesRE(RR$R&((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytdomains_for_certname�s
cs�f
d
�}t||d�S(s�Find
existing certs that match the given domain names.

    This function searches for certificates whose domains are equal to
    the `domains` parameter and certificates whose domains are a subset
    of the domains in the `domains` parameter. If multiple certificates
    are found whose names are a subset of `domains`, the one whose names
    are the largest subset of `domains` is returned.

    If multiple certificates' domains are an exact match or equally
    sized subsets, which matching certificates are returned is
    undefined.

    :param config: Configuration.
    :type config: :class:`certbot._internal.configuration.NamespaceConfig`
    :param domains: List of domain names
    :type domains: `list` of `str`

    :returns: lineages representing the identically matching cert and the
        largest subset if they exist
    :rtype: `tuple` of `storage.RenewableCert` or `None`

   
cs�|
\}}t|j
��
}|t��
kr9|}nT|jt��
�
r�|d
krc|}q�t|�
t|j
��
kr�|}q�n||fS(ssReturn
cert as identical_names_cert if it matches,
           or subset_names_cert if it matches as subset
       
N(tsetRItissubsetREtlen(tcandidate_lineagetrvtidentical_names_certtsubset_names_certtcandidate_names(
tdomains(sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytupdate_certs_for_domain_matches�s


	

	


N(NN(t_search_lineagesRE(RRSRT((
RSsB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytfind_duplicative_certs�scCsc|j}gt
j|�
D]6}tjd
j|
�
|�rt
jj||�^q}|r_|SdS(sJ
In order to match things like:
        /etc/letsencrypt/archive/example.com/chain1.pem.

        Anonymous functions which call this function are eventually passed
(in a list) to
        `match_and_check_overlaps` to help specify the acceptable_matches.

        :param `.storage.RenewableCert` candidate_lineage: Lineage whose
archive dir is to
            be searched.
        :param str filetype: main file name prefix e.g.
"fullchain" or "chain".

        :returns: Files in candidate_lineage's archive dir that match
the provided filetype.
        :rtype: list of str or None
   
s
{0}[0-9]*.pemN(	tarchive_dirRtlistdirtretmatchRtpathR:RE(RNtfiletypeRWt
ftpattern((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt_archive_files�s	

6


cCsd
�d�d�d�gS(s�
Generates the list that's passed to match_and_check_overlaps. Is its
own function to
    make unit testing easier.

    :returns: list of functions
    :rtype: list
   
c


Ss|jS(
N(
tfullchain_path(
t
x((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt<lambda>�sc


Ss|jS(
N(
t	cert_path(
Ra((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRb�sc

Ss
t|d
�S(Ntcert(
R_(
Ra((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRb�sc

Ss
t|d
�S(Nt	fullchain(
R_(
Ra((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRb�s((((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt_acceptable_matches�s
c
s2t�}
t
�|
�f
d
�d��}|dS(s�

If config.cert_path is defined, try to find an appropriate value for
config.certname.

    :param `configuration.NamespaceConfig` cli_config: parsed command line
arguments

    :returns: a lineage name
    :rtype: str

    :raises `errors.Error`: If the specified cert path can't be
matched to a lineage name.
    :raises `errors.OverlappingMatchFound`: If the matched lineage's
archive is shared.
   
c

s�jd
S(Ni(
Rc(
Ra(
RG(sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRb�sc


Ss|jS(
N(
tlineagename(
Ra((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRb�si(Rftmatch_and_check_overlaps(RGtacceptable_matchesRZ((
RGsB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytcert_path_to_lineage�s	
	

cst��
fd
�}t||g|
�}|sOt
jdj|jd�
�
�
n!t|�
dkrpt
j��
n|S(s
Searches through all lineages for a match, and checks for duplicates.
    If a duplicate is found, an error is raised, as performing operations
on lineages
    that have their properties incorrectly duplicated elsewhere is probably
a bad idea.

    :param `configuration.NamespaceConfig` cli_config: parsed command line
arguments
    :param list acceptable_matches: a list of functions that specify
acceptable matches
    :param function match_func: specifies what to match
    :param function rv_func: specifies what to return

   
cs�g|D]}||�
^q}g}x7|D]/}t|t
�rN||7}q,|j|�

q,W�|�
}||kr�|
j�
|�
�

n|
S(
s1Returns
a list of matches using _search_lineages.(t
isinstancetlistR)(RNtreturn_valueRitfunctacceptable_matches_rvtitemRZ(t
match_functrv_func(sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytfind_matches�s









s!No
match found for cert-path
{0}!ii
(RURRRRcRMtOverlappingMatchFound(RGRiRqRrRstmatched((RqRrsB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRh�s

"


cCs�
g}tj
�}|jr8|
j|jkr8|r8d
S|jrdt|j�
j|
j��
rdd
Stj	j
tjj��
}g}|
j
r�|jd�

n|
j|k
r�|jd�

n|j|
�
r�|jd�

n|r�ddj|�
}n_|
j|}|jdkr
d}n:|jdkrE
d	j|jd
�
}ndj|j�
}dj|
j|�}	ttj|
j�
d
�}
|jdj|
j|
|
jdj|
j��
|	|
j|
j��

d
j|�
S(sJ Returns a human
readable description of info about a RenewableCert
objecttt	TEST_CERTtEXPIREDtREVOKEDs	INVALID: s, i
sVALID: 1 daysVALID:
{0} hour(s)isVALID: {0} dayss	{0} ({1})Ras�  Certificate Name: {}
    Serial Number: {}
    Key Type: {}
    Domains: {}
    Expiry Date: {}
    Certificate Path: {}
    Private Key Path: {}t

(RtRevocationCheckerR$RgRSRKRLRItpytztUTCtfromutctdatetimetutcnowtis_test_certR)t
target_expirytocsp_revokedR:tdaysRtsecondsR
tget_serial_from_certRctprivate_key_typeRetprivkey(RRdtskip_filter_checkstcertinfotcheckertnowtreasonststatustdifftvalid_stringtserial((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pythuman_readable_cert_info
sB
"

(


	








	











c
Cst
|j}|r|g
}nU
t
jjtj�
}tj|�
}g|D]}tj|�
^qF}	|	syt	j
d
�
�
n|r�|s�dj|
�
}
n|}
|j|
|	dddt
�\}}|tjkrp
t	j
d�
�
qp
n�|s�dj|
�
}
n|}
|j|
|	dddt
�\}}|tjksQ
|tdt|	�
�krc
t	j
d�
�
n|	|g
}|S(	s9Get certname from flag, interactively, or error
out.
    sNo existing certificates found.s+Which certificate(s) would you like
to {0}?tcli_flags--cert-nameRsUser ended interaction.s(Which
certificate would you like to
{0}?i(R$RRRRRRR	tlineagename_for_filenameRRRt	checklistRRRtmenutrangeRM(
RtverbR7t
custom_promptR$R>R#t	filenamestnametchoicestpromptR%tindex((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyR8
s2	



"










*



c

Csd
djd�|D�
�
S(sFFormat
a results report for a category of single-line renewal outcomess  s
 
c
ss|]}
t|
�
V
qdS(
N(
tstr(t.0R?((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pys	<genexpr>b
s(
R:(
tmsgs((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt
_report_lines`
scCs:g}x$|
D]}|jt
||��

q
Wd
j|�
S(s)Format
a results report for a parsed certs

(R)R�R:(RR1R�Rd((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt_report_human_readablee
s



cCs�g}|j}|
r*|r*|d
�

np|
rw|j
sB|jrHdnd}|dj|�
�

|t||
��

n|r�|d�

|t|�
�

ntjjt	j
�
}|jdj|�
dt
dt
�

d	S(
s/Print information about the certs we know aboutsNo certificates
found.s	matching RvsFound the following {0}certs:s3
The following renewal configurations were invalid:s

RtwrapN(R)R$RSRR�R�RRRRRR!R:R"(RR1R2toutR=RZR#((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyR0m
s	








cGs�|j}t
j|d
d�


|}x�tj|�
D]t}ytj||�}WnCtjtfk
r�


t	j
d|�
t	j
dtj��
q2n
X|
|||�}q2W|S(s�
Iterate func over unbroken
lineages, allowing custom return conditions.

    Allows flexible customization of return values, including multiple
    return values and complex checks.

    :param `configuration.NamespaceConfig` cli_config: parsed command line
arguments
    :param function func: function used while searching over lineages
    :param initial_rv: initial return value of the function (any type)

    :returns: Whatever was specified by `func` if a match is found.
    R@i�
s)Renewal conf file %s is broken. Skipping.sTraceback was:
%s(
RARRBRR	R
RRDRFR+R-R.R/(RGRnt
initial_rvtargsRHROR
RN((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRU�
s	








(,t__doc__RtloggingRYR.R|tzope.componentRtacme.magic_typingRtcertbotR
RRRRtcertbot._internalRtcertbot.compatRtcertbot.displayRt	getLoggert__name__R+RR'R5R6RRJRVR_RfRjRhR"R�RERR�R�R0RU(((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt<module>
sB












							-				!1(