Spade
Mini Shell
| Directory:~$ /proc/self/root/usr/lib/python2.7/site-packages/certbot/_internal/ |
| [Home] [System Details] [Kill Me] |
�
���_c@s�dZddlmZddlZddlZddlZddlZddlZddl Z
ddl
Z
ddl
mZddlmZmZmZmZmZddlZddlmZddlmZddlmZddlmZdd lmZdd
lm
Z
dd
lm
Z
dd
lm
Z
dd
lm Z ddlm Z
ddlm!Z!ddlm"Z"ddlm#Z#ddlm$Z$ddlm%Z%ddlm&Z&ddlm'Z'ddlm(Z(ddl)m*Z+ddl)m,Z-ddl.m/Z/ddl.m0Z0ddl.m1Z1dd
l2m3Z4ddl2mZ5dd
l6m7Z7d
Z8ej9e:�Z;d �Z<d
�Z=dddd!�Z?d"�Z@d#�ZAd$�ZBd%�ZCd&�ZDd'�ZEd(�ZFd)�ZGd*�ZHdd+�ZIdd,�ZJd-�ZKd.�ZLd/�ZMd0�ZNd1�ZOd2�ZPdd3�ZQd4�ZRd5�ZSd6�ZTd7�ZUd8�ZVd9�ZWd:�ZXd;�ZYd<�ZZd=�Z[d>�Z\d?�Z]d@�Z^dA�Z_dB�Z`dC�ZadD�ZbdE�ZcddF�ZddS(GsCertbot
main entry
point.i����(tprint_functionN(terrors(tUniontIterabletOptionaltListtTuple(t
crypto_util(t
interfaces(tutil(taccount(t
cert_manager(tcli(tclient(t
configuration(t constants(teff(thooks(tlog(trenewal(treporter(t
snap_config(tstorage(tupdater(tdisco(t selection(t
filesystem(tmisc(tos(tops(t
enhancementss?User chose to cancel the
operation and may reinvoke the
client.cCs?|jr
dStjjtj�}d}|j||j�dS(s�Potentially
suggest a donation to support Certbot.
:param config: Configuration object
:type config: interfaces.IConfig
:returns: `None`
:rtype: None
Ns�If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
(tstagingtzopet componentt
getUtilityRt IReportert
add_messaget
LOW_PRIORITY(tconfigt
reporter_utiltmsg((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
_suggest_donation_if_appropriate3s
cCs2tjjtj�}|jd|jdt�dS(s�Reports on
successful dry run
:param config: Configuration object
:type config: interfaces.IConfig
:returns: `None`
:rtype: None
sThe dry run was successful.ton_crashN(R
R!R"RR#R$t
HIGH_PRIORITYtFalse(R&R'((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_report_successful_dry_runGs
cCs
tj|�z�|d k rxtjdjd|jr:dnddtj|pU|j����t j
||||�n�tjdjd|jr�dnddtj|���|j
||�}|t
kr�t
jd��n|d k r
tj||j�|j�nWd tj|�X|S(
s!Authenticate and enroll certificate.
This method finds the relevant lineage, figures out what to do with it,
then performs that action. Includes calls to hooks, various reports,
checks, and requests for user input.
:param config: Configuration object
:type config: interfaces.IConfig
:param domains: List of domain names to get a certificate. Defaults to
`None`
:type domains: `list` of `str`
:param certname: Name of new certificate. Defaults to `None`
:type certname: str
:param lineage: Certificate lineage object. Defaults to `None`
:type lineage: storage.RenewableCert
:returns: the issued certificate or `None` if doing a dry run
:rtype: storage.RenewableCert or None
:raises errors.Error: if certificate could not be obtained
s{action} for {domains}tactions-Simulating renewal of an existing
certificates Renewing an existing certificatetdomainss Simulating a
certificate requestsRequesting a certificates!Certificate could not be
obtainedN(Rtpre_hooktNonet
display_utiltnotifytformattdry_runtsummarize_domain_listtnamesRt
renew_certt
obtain_and_enroll_certificateR,RtErrort
deploy_hooktlive_dirt post_hook(t le_clientR&R/tcertnametlineage((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_get_and_save_certWs(
#cCs�tjd�
s
tjd�
r}|jj�}|jj�}||kr}d}|j|j||�}tj|��q}ndS(s|
This function ensures that the user will not implicitly migrate an
existing key
from one type to another in the situation where a certificate for that
lineage
already exist and they have not provided explicitly --key-type and
--cert-name.
:param config: Current configuration provided by the client
:param cert: Matching certificate that could be renewed
tkey_typeR?s�Are you trying to change the key type of the
certificate named {0} from {1} to {2}? Please provide both --cert-name and
--key-type on the command line confirm the change you are trying to
make.N( R
t
set_by_cliRBtuppertprivate_key_typeR4t
lineagenameRR:(R&tcertt
new_key_typet
cur_key_typeR(((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt%_handle_unexpected_key_type_migration�s
c
Cs�t||�dj|j��}dj|jj|dj|�dtj�}|js�|j s�t
j
j
t
j�j|dddddt�r�d |fStjd
j|tjd
d
jtjd
�dtj��tjt��dS(s�Figure
out what to do if a previous cert had a subset of the names now requested
:param config: Configuration object
:type config: interfaces.IConfig
:param domains: List of domain names
:type domains: `list` of `str`
:param cert: Certificate object
:type cert: storage.RenewableCert
:returns: Tuple of (str action, cert_or_None) as per
_find_lineage_for_domains_and_certname
action can be: "newcert" | "renew" |
"reinstall"
:rtype: `tuple` of `str`
s, s You have an existing certificate that contains a portion of the
domains you requested (ref: {0}){br}{br}It contains these names:
{1}{br}{br}You requested these names for the new certificate:
{2}.{br}{br}Do you want to expand and replace this existing certificate
with the new
certificate?tbrtExpandtCanceltcli_flags--expandtforce_interactivetrenews�To
obtain a new certificate that contains these names without replacing your
existing certificate for {0}, you must use the --duplicate
option.{br}{br}For example:{br}{br}{1} --duplicate {2}it
iN(RJtjoinR7R4t
configfiletfilenameR
tlineseptexpandtrenew_by_defaultR
R!R"RtIDisplaytyesnotTrueR2R3tsystargvRR:tUSER_CANCELLED(R&R/RGtexistingtquestion((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_handle_subset_cert_request�s$
cCsHt||�|j�s#d|fStj||�r?d|fS|jrRd|fSdj|jjdtj �}|j
dkr�d}n|j
dkr�d}n|d g}t
j
j
tj�}|j||d
d
d
t�}|d
tjkrtjd
��n|dd
kr
d|fS|ddkr8d|fStd��dS(s�Figure
out what to do if a lineage has the same names as a previously obtained one
:param config: Configuration object
:type config: interfaces.IConfig
:param lineage: Certificate lineage object
:type lineage: storage.RenewableCert
:returns: Tuple of (str action, cert_or_None) as per
_find_lineage_for_domains_and_certname
action can be: "newcert" | "renew" |
"reinstall"
:rtype: `tuple` of `str`
t reinstallRPs�You have an existing certificate that has exactly the
same domains or certificate name you requested and isn't close to
expiry.{br}(ref: {0}){br}{br}What would you like to do?RKtruns.Attempt to
reinstall this existing certificatetcertonlys%Keep the existing
certificate for nowsBRenew & replace the certificate (may be subject to
CA rate limits)tdefaultiROs.Operation canceled. You may re-run the
client.isThis is
impossibleN(RJtensure_deployedRt
should_renewRaR4RSRTR
RUtverbR
R!R"RRXtmenuRZR2tCANCELRR:tAssertionError(R&R@R_tkeep_opttchoicestdisplaytresponse((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
_handle_identical_cert_request�s4
cCsz|jr
dStj||�\}}|dkrA|dkrAdS|dk rZt||�S|dk rvt|||�SdS(s�Determine
whether there are duplicated names and how to handle
them (renew, reinstall, newcert, or raising an error to stop
the client run if the user chooses to cancel the operation when
prompted).
:param config: Configuration object
:type config: interfaces.IConfig
:param domains: List of domain names
:type domains: `list` of `str`
:returns: Two-element tuple containing desired new-certificate behavior
as
a string token ("reinstall", "renew", or
"newcert"), plus either
a RenewableCert instance or `None` if renewal shouldn't
occur.
:rtype: `tuple` of `str` and :class:`storage.RenewableCert` or `None`
:raises errors.Error: If the user would like to rerun the client again.
tnewcertN(RpN(RpN(NN(t duplicateR1R
tfind_duplicative_certsRoR`(R&R/tident_names_certtsubset_names_cert((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_find_lineage_for_domainss
cCsDt|||�\}}|dkr4tjd�n|dk|fS(sWFinds
an existing certificate object given domains and/or a certificate name.
:param config: Configuration object
:type config: interfaces.IConfig
:param domains: List of domain names
:type domains: `list` of `str`
:param certname: Name of certificate
:type certname: str
:returns: Two-element tuple of a boolean that indicates if this
function should be
followed by a call to fetch a certificate from the server,
and either a
RenewableCert instance or None.
:rtype: `tuple` of `bool` and :class:`storage.RenewableCert` or `None`
Ras Keeping the existing
certificate(t&_find_lineage_for_domains_and_certnametloggertinfo(R&R/R?R.R@((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
_find_cert:s
cCs�|st||�Stj||�}|r�|r�ttj||��t|�kr�t||�t||||j��d|fSnt||�S|r�dSt
j
dj
|���dS(s�Find appropriate lineage based on given
domains and/or certname.
:param config: Configuration object
:type config: interfaces.IConfig
:param domains: List of domain names
:type domains: `list` of `str`
:param certname: Name of certificate
:type certname: str
:returns: Two-element tuple containing desired new-certificate behavior
as
a string token ("reinstall", "renew", or
"newcert"), plus either
a RenewableCert instance or None if renewal should not occur.
:rtype: `tuple` of `str` and :class:`storage.RenewableCert` or `None`
:raises errors.Error: If the user would like to rerun the client again.
RPRps}No certificate with name {0} found. Use -d to specify domains, or
run certbot certificates to see possible certificate
names.N(snewcertN(
RuR
tlineage_for_certnametsettdomains_for_certnameRJt
_ask_user_to_confirm_new_namesR7RoR1RtConfigurationErrorR4(R&R/R?R@((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyRvRs
$
cCsVtt|�t|��}tt|�t|��}|j�|j�||fS(sWGet
lists of items removed from `before`
and a lists of items added to `after`
(tlistR{tsort(taftertbeforetaddedtremoved((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_get_added_removed}s
cCs;|sd}nddj|�}|jd|dtj�S(s%Format list with
given character
s
{br}(None)s {br}{ch}
tchRK(RRR4R
RU(t charactertstringst formatted((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
_format_list�s
cCs�|jr
dSt||�\}}dj|td|�td|�dtj�}tjjt j
�}|j
|dddt
�s�t
jd ��ndS(
s�Ask user to confirm update cert certname to contain new_domains.
:param config: Configuration object
:type config: interfaces.IConfig
:param new_domains: List of new domain names
:type new_domains: `list` of `str`
:param certname: Name of certificate
:type certname: str
:param old_domains: List of old domain names
:type old_domains: `list` of `str`
:returns: None
:rtype: None
:raises errors.ConfigurationError: if cert name and domains mismatch
Ns�You are updating certificate {0} to include new domain(s):
{1}{br}{br}You are also removing previously included domain(s):
{2}{br}{br}Did you intend to make this change?t+t-RKsUpdate
certificateRMRds2Specified mismatched certificate name and
domains.(trenew_with_new_domainsR�R4R�R
RUR
R!R"RRXRYRZRR~(R&t
new_domainsR?t
old_domainsR�R�R(tobj((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR}�s
cCs�d}|j}|jr$|j}n|r?tj||�}n|sZtj||�}n|
rz|
rztjd��n||fS(s Retrieve
domains and certname from config or user input.
:param config: Configuration object
:type config: interfaces.IConfig
:param installer: Installer object
:type installer: interfaces.IInstaller
:param `str` question: Overriding default question to ask the user if
asked
to choose from domain names.
:returns: Two-part tuple of domains and certname
:rtype: `tuple` of list of `str` and `str`
:raises errors.Error: Usage message, if parameters are not used
correctly
s�Please specify --domains, or --installer that will help in domain
names autodiscovery, or --cert-name for an existing certificate
name.N( R1R?R/R
R|t
display_opst
choose_namesRR:(R&t installerR_R/R?((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_find_domains_or_certname�s
c Cs�|jrt|�dStj|�j�}tjjtj �}|j
dkrVdnd}|rzdj
|dt
j
�nd}dj
|||tj|dt
j
�}|j||j�dS(sDReports
the creation of a new certificate to the user.
:param cert_path: path to certificate
:type cert_path: str
:param fullchain_path: path to full chain
:type fullchain_path: str
:param key_path: path to private key, if available
:type key_path: str
:returns: `None`
:rtype: None
NRbs with the "certonly" optionts+Your key file has been
saved at:{br}{0}{br}RKsCongratulations! Your certificate and chain have
been saved at:{br}{0}{br}{1}Your certificate will expire on {2}. To obtain
a new or tweaked version of this certificate in the future, simply run {3}
again{4}. To non-interactively renew *all* of your certificates, run
"{3} renew"(R5R-RtnotAftertdateR
R!R"RR#RgR4R
RUR
t
cli_commandR$tMEDIUM_PRIORITY( R&t cert_pathtfullchain_pathtkey_pathtexpiryR't
verbswitchtprivkey_statementR(((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_report_new_cert�s
$
csV�fd�}tj��}d }�jd k rH|j�j�}n�|j�}t|�dkrxtj|�}n�t|�dkr�|d}n��jd kr��j
r�tj
��_ny/t
j
�|d|�\}}t
jd�WnLtjk
r
�n6tjk
r?tjddt�tjd��nX|j�_||fS(
s�Determine which account to use.
If ``config.account`` is ``None``, it will be updated based on the
user input. Same for ``config.email``.
:param config: Configuration object
:type config: interfaces.IConfig
:returns: Account and optionally ACME client API (biproduct of new
registration).
:rtype: tuple of :class:`certbot._internal.account.Account` and
:class:`acme.client.Client`
:raises errors.Error: If unable to register an account with ACME server
csh�jr
tSdj|�}tjjtj�}|j|dddt�}|sdt j
d��ndS(NspPlease read the Terms of Service at {0}. You must agree
in order to register with the ACME server. Do you
agree?RNs
--agree-tosROs?Registration cannot proceed without accepting
Terms of Service.(
ttosRZR4R
R!R"RRXRYRR:R1(tterms_of_serviceR(R�tresult(R&(s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_tos_cb
s
iittos_cbsAccount
registered.R�texc_infos.Unable to register an account with ACME
serverN(R
tAccountFileStorageR1tloadtfind_alltlenR�tchoose_accounttemailt register_unsafely_without_emailt get_emailR
tregisterR2R3RtMissingCommandlineFlagR:RwtdebugRZtid(R&R�taccount_storagetacmetacctaccounts((R&s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_determine_account
s0
c
s\tjjtj�}|j}|dkrZd}|j|dddddtdt�}n|sddS|j s�t
j
|�|_ nt
j
tjt
j||j ��||j ��y,t
j|�fd �gd
�d
��Wnjtjk
rtjd
��dStk
rJ}d
}|j|j|j�|�}tj|��nXt
j|�dS(s�Does the user want to delete their now-revoked certs? If
run in non-interactive mode,
deleting happens automatically.
:param config: parsed command line arguments
:type config: interfaces.IConfig
:returns: `None`
:rtype: None
:raises errors.Error: If anything goes wrong, including bad user input,
if an overlapping
archive dir is found for the specified lineage, etc ...
s{Would you like to delete the certificate(s) you just revoked, along
with all earlier and later versions of the certificate?t yes_labelsYes
(recommended)tno_labeltNoRORdNcs�S(N((tx(t
archive_dir(s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt<lambda>lscSs|jS(N(R�(R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�mscSs|S(N((R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�msshNot
deleting revoked certificates due to overlapping archive dirs. More than
one certificate is using %ss_config.default_archive_dir: {0},
config.live_dir: {1}, archive_dir: {2},original exception: {3}(
R
R!R"RRXtdelete_after_revokeR1RYRZR?R
tcert_path_to_lineageRtfull_archive_patht configobjt ConfigObjtrenewal_file_for_certnametmatch_and_check_overlapsRtOverlappingMatchFoundRwtwarningt ExceptionR4tdefault_archive_dirR<R:tdelete(R&Rmtattempt_deletionR(te((R�s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_delete_if_appropriateGs2
cCsY|dk r1t|�\}}tjd|�n
d\}}tj||||d|�S(sxInitialize
Let's Encrypt Client
:param config: Configuration object
:type config: interfaces.IConfig
:param authenticator: Acme authentication handler
:type authenticator: Optional[interfaces.IAuthenticator]
:param installer: Installer object
:type installer: interfaces.IInstaller
:returns: client: Client object
:rtype: client.Client
sPicked account:
%rR�N(NN(R1R�RwR�R
tClient(R&t
authenticatorR�R�R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_init_le_client{s
c
Cs�tj|�}|j�}|s%dStjjtj�j}d}||dddddt �}|skdSt
|�\}}t
j
||d
d
d |�} | jj|j�tj|�}
|
j|j�tjd
�d
S(
s�Deactivate account on server
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
s.Could not find existing account to deactivate.sCAre you sure you
would like to irrevocably deactivate your account?R�t
DeactivateR�tAbortRdsDeactivation aborted.R�sAccount
deactivated.N(R
R�R�R
R!R"RRXRYRZR�R
R�R1R�tdeactivate_registrationtregrR�R2R3(
R&tunused_pluginsR�R�RYtprompttwants_deactivateR�R�t cb_clientt
account_files((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
unregister�s"
cCs3tj|�}|j�}|r%dSt|�dS(s$Create
accounts on the server.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None` or a string indicating and error
:rtype: None or str
smThere is an existing account; registration of a duplicate account
with this command is currently unsupported.N(R
R�R�R�R1(R&R�R�R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR��s
c
Csttj|�}|j�}|s%dS|jd
krV|j
rVtjdt�|_nt |�\}}t
j
||d
d
d|�}d
}|jr�g|jj
d�D]}d|^q�}n|j
j} |jj|j
jd|j
jjd|���|_
|j
jd| �|_
|j||j�|jsGtjd �n)tj||�tjd
j|j��d
S(
s$Modify accounts on the server.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None` or a string indicating and error
:rtype: None or str
s-Could not find an existing account to
update.toptionalR�t,smailto:tbodytcontactturisFAny contact
information associated with this account has been removed.s'Your
e-mail address was updated to {0}.N((R
R�R�R�R1R�R�R�R,R�R
R�tsplitR�R�R�tupdate_registrationtupdateR�t
update_regrR2R3Rtprepare_subscriptionR4(
R&R�R�R�R�R�R�t
acc_contactsR�t
prev_regr_uri((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pytupdate_account�s*
,
! cCsN|r
|n|}|j||j|j|j|j�|j||j�dS(s�Install
a cert
:param config: Configuration object
:type config: interfaces.IConfig
:param le_client: Client object
:type le_client: client.Client
:param domains: List of domains
:type domains: `list` of `str`
:param lineage: Certificate lineage object. Defaults to `None`
:type lineage: storage.RenewableCert
:returns: `None`
:rtype: None
N(tdeploy_certificateR�R�t
chain_pathR�tenhance_config(R&R>R/R@t
path_provider((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
_install_certsc
Cs�y tj||d�\}}Wn
tjk
r>}t|�SX|joN|j}|j
r�|
r�d}tj |ddt
d|�d|_nt
j
||�s�tj
d��n|jr�t|�}n!t
j|�r�tjd��n|jrI|jrIt|�t||�\}}t|dd
d |�}t|||�ntjd
��t
j|�r�tj||j�} t
j| |||�nd
S(
s�Install a
previously obtained cert in a server.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
tinstalls,Which certificate would you like to
install?tallow_multiplet
custom_promptisVOne ore more of the requested
enhancements are not supported by the selected installersLOne or more of
the requested enhancements require --cert-name to be
providedR�R�s�Path to certificate or key was not defined. If your
certificate is managed by Certbot, please use --cert-name to define which
certificate you would like to
install.N(tplug_seltchoose_configurator_pluginsRtPluginSelectionErrortstrR�R�R?R
t
get_certnamesR,R
t
are_supportedtNotSupportedErrort_populate_from_certnamet
are_requestedR~t_check_certificate_and_keyR�R�R1R�Rztenable(
R&tpluginsR�t_R�t
custom_certtcertname_questionR/R>R@((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�)s4
cCs�tj||j�}|s |S|js:|j|j_n|jsU|j|j_n|jsp|j|j_n|js�|j|j_n|S(sfHelper
function for install to populate missing config values from lineage
defined by
--cert-name.(R
RzR?R�t namespaceR�R�R�(R&R@((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�ds cCs|tjjtj|j��s<tjdj|j���ntjjtj|j ��sxtjdj|j ���ndS(Ns-Error
while reading certificate from path {0}s-Error while reading private key
from path {0}(
R
tpathtisfileRtrealpathR�RR~R4R�(R&((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�us
cCs(tjd|j�|jdkr(gn|j}|j�j|�}tjd|�tjtjj t
j
�j
dt
�}|j
r�|j
r�|t|��dS|j|�|j|�}tjd|�|js�|t|��dS|j�|j�}tjd|�|t|��dS(s�List
server software plugins.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
sExpected interfaces: %ssFiltered plugins: %rtpauseNsVerified
plugins: %rsPrepared plugins:
%s(RwR�tifacesR1tvisiblet functoolstpartialR
R!R"RRXt
notificationR,tinittprepareR�tverifyt available(R&R�RtfilteredR3tverifiedR
((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
plugins_cmd|s&
cs�ddddg}t�fd�|D��}tj��
rt|
rtd}tj|tjd�tjd��ny t j
�|d �\}}Wn
tj
k
r�}t
|�SXtj
�|�s�tjd
��nd
}tj�d d
td
|�d�_tj��j�} �jr)| }
n0d}
tj| |
�}
|
sYtjd��ntj��j�}
�js�|
j�_n|r�t�ddd|�}
|
j
|
�jdt�ntj��r�tj
|
|
|��ndS(s�Add security enhancements to existing configuration
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
thststredirecttuirtstaplec3s
|]}t�|�VqdS(N(tgetattr(t.0tenh(R&(s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pys <genexpr>�ss|Please
specify one or more enhancement types to configure. To list the available
enhancement types, run:
%s --help enhance
is#No enhancements requested, exiting.tenhancesVOne ore more of the
requested enhancements are not supported by the selected installersFWhich
certificate would you like to use to enhance your
configuration?R�R�sJWhich domain names would you like to enable the
selected enhancements for?sAUser cancelled the domain selection. No domains
defined,
exiting.R�R�tredirect_defaultN(
tanyR
R�RwR�R[R\RtMisconfigurationErrorR�R�R�R�R�R�R
R�R,R?R|tnoninteractive_modeR�t
choose_valuesR:RzR�R�R1R�R�(R&R�tsupported_enhancementst
oldstyle_enhR(R�R�R�R�t
cert_domainsR/tdomain_questionR@R>((R&s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�s@
cCs
tj|j|j||�dS(s�Rollback server configuration changes made during
install.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
N(R
trollbackR�t
checkpoints(R&R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR
�s
cCstj|�dS(srUpdate the certificate file family
symlinks
Use the information in the config file to make symlinks point to
the correct archive directory.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
N(R
tupdate_live_symlinks(R&R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pytupdate_symlinks�scCstj|�dS(sARename
a certificate
Use the information in the config file to rename an existing
lineage.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
N(R
trename_lineage(R&R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pytrename�scCstj|�dS(sADelete
a certificate
Use the information in the config file to delete an existing
lineage.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
N(R
R�(R&R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR�scCstj|�dS(sDisplay
information about certs configured with Certbot
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
N(R
t
certificates(R&R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR&$s
cCs�d|_|_|jdkrC|jrCtj||j�|_n.|j
s_|jrq|jrqtjd��n|j dk r�t
j
d|jd|j d�t
j
|jd|j d�tjj|j d�}tj||�}nDt
j
d|jd�t|�\}}tj||j|j�}t
j|jd�d}t
j
d|j�y*|jtj|�|j�t|�Wn
tj
k
r�}t
|�SXt
j |jd�dS(s:Revoke a previously obtained
certificate.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None` or string indicating error in case of error
:rtype: None or str
sCError! Exactly one of --cert-path or --cert-name must be
specified!s$Revoking %s using certificate key %siis
Revoking %s using
Account Keys
Reason code for revocation: %sN(
R1R�R�R�R?Rtcert_path_for_cert_nameRR:R�RwR�Rt
verify_cert_matches_priv_keytjosetJWKR�R
tacme_from_config_keyR�tkeyR�tpyopenssl_load_certificatetreasontrevoketComparableX509R�t
acme_errorst
ClientErrorR�R�tsuccess_revocation(R&R�R,R�R�R�RGR�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR/5s.
cCs�y tj||d�\}}Wn
tjk
r>}t|�SXtj||�sctjd��nt|||�}t ||�\}}t
|||�\}} | }
|r�t
||||| �}
n|
r�|
j
nd}
|
r�|
jnd}
|
r|
jnd}
|r$t||
|
|
�nt||||
�tj|�re|
retj|
|||�n| dksx|
r�tj|�n
tj|�t|�tj||j�dS(s�Obtain
a certificate and install.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
RbsVOne ore more of the requested enhancements are not supported by the
selected
installerN(R�R�RR�R�R
R�R�R�R�RyRAR�R1R�R�R�R�R�R�R�tsuccess_installationtsuccess_renewalR)Rthandle_subscriptionR
(R&R�R�R�R�R>R/R?tshould_get_certR@t
new_lineageR�R�R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyRbbs6
cCs�|j\}}|j|�\}}|jrDtjd|j�dS|j||tj j
|j�tj j
|j
�tj j
|j
��\}}}||fS(s�Obtain a cert using a user-supplied CSR
This works differently in the CSR case (for now) because we don't
have the privkey, and therefore can't construct the files for a
lineage.
So we just save the cert & chain to disk :/
:param config: Configuration object
:type config: interfaces.IConfig
:param client: Client object
:type client: client.Client
:returns: `cert_path` and `fullchain_path` as absolute paths to the
actual files
:rtype: `tuple` of `str`
s*Dry run: skipping saving certificate to %sN(NN(
t
actual_csrtobtain_certificate_from_csrR5RwR�R�R1tsave_certificateR
R�tnormpathR�R�(R&R>tcsrR�RGtchainR�R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt_csr_get_and_save_cert�s
3c Cs�y tj||d�\}}Wn)tjk
rJ}tjd|��nXt|||�}t||d|�}tj j
t
j
�j
}|dkr�|dj|j�dt�n?tj|||�|j�|dj|j|j�dt�dS(s�Renew
& save an existing cert. Do not install it.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:param lineage: Certificate lineage object
:type lineage: storage.RenewableCert
:returns: `None`
:rtype: None
:raises errors.PluginSelectionError: MissingCommandlineFlag if supplied
parameters do not pass
Rcs'Could not choose appropriate plugin: %sR@s9new certificate
deployed without reload, fullchain is {0}RsDnew certificate deployed with
reload of {0} server; fullchain is {1}N(R�R�RR�RwRxR�RAR
R!R"RRXRR1R4t fullchainR,Rtrun_renewal_deployertrestartR�( R&R�R@R�tauthR�R>trenewed_lineageR3((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyR8�s
cCs�y tj||d�\}}Wn)tjk
rJ}tjd|��nXt|||�}|jr�t||�\}}t |||�t
|�t
j
||j
�dSt||�\}} t||| �\}
}
|
s
tjjtj�j}
|
ddt�dSt|||| |
�}
|
r2|
jnd}|
rG|
jnd}|
r\|
jnd}
t ||||
�t
|�t
j
||j
�dS(sfAuthenticate & obtain cert, but do not
install it.
This implements the 'certonly' subcommand.
:param config: Configuration object
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:returns: `None`
:rtype: None
:raises errors.Error: If specified plugin could not be used
Rcs'Could not choose appropriate plugin: %sNs5Certificate not yet
due for renewal; no action
taken.R(
R�R�RR�RwRxR�R=R?R�R)RR6R
R�RyR
R!R"RRXRR,RAR�R1R�R�(R&R�R�RCR�R>R�R�R/R?R7R@R3R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyRc�s2
cCs#ztj|�Wdtj�XdS(sRenew previously-obtained
certificates.
:param config: Configuration object
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:returns: `None`
:rtype: None
N(Rthandle_renewal_requestRtrun_saved_post_hooks(R&R�((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyRPs
cCs{tj|jtj|j�tj|jtj|j�|j|j|j f}x$|D]
}tj
|d|j�qWWdS(s�Create or verify existence of config, work, and
hook directories.
:param config: Configuration object
:type config: interfaces.IConfig
:returns: `None`
:rtype: None
tstrictN(
R tset_up_core_dirt
config_dirRtCONFIG_DIRS_MODEtstrict_permissionstwork_dirtrenewal_pre_hooks_dirtrenewal_deploy_hooks_dirtrenewal_post_hooks_dirtmake_or_verify_dir(R&t hook_dirsthook_dir((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pytmake_or_verify_needed_dirs+s
cCsz|jr0t|_tjttjd��}n6|jrNtjtj �}ntj
tj |j
�}t
j
j|�dS(s�Set the displayer
:param config: Configuration object
:type config: interfaces.IConfig
:returns: `None`
:rtype: None
twN(tquietRZRR2tNoninteractiveDisplaytopenR
tdevnullR[tstdoutt
FileDisplayROR
R!tprovideUtility(R&t displayer((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt
set_displayer?s
cCs�|stjd }ntj�tjjd�dkrJtj|�}nt j
j
�}t
j
dtj�t
j
dtjd�t
j
d|�t
j
d|�tj||�}tj|�}tjj|�tj�ytj|�t|�Wn)tj
k
r$|j
t
kr%�q%nXtj dd krKt j!d
t"�nt#|�t$j%|�}tjj|�t&j'|j(�|j
||�S(
s�Run
Certbot.
:param cli_args: command line to Certbot, defaults to ``sys.argv[1:]``
:type cli_args: `list` of `str`
:returns: value for `sys.exit` about the exit status of Certbot
:rtype: `str` or `int` or `None`
itCERTBOT_SNAPPEDRZscertbot version: %ss#Location of certbot entry
point: %sis
Arguments: %rsDiscovered plugins: %risdPython 2 support will
be dropped in the next release of Certbot. Please upgrade your Python
version.()R[R\Rtpre_arg_parse_setupR
tenvirontgetRt
prepare_envt
plugins_discotPluginsRegistryR�RwR�tcertbott
__version__R
tprepare_and_parse_argsRtNamespaceConfigR
R!R[Rt+raise_for_non_administrative_windows_rightstpost_arg_parse_setupRSRR:tfuncRt
version_infotwarningstwarntPendingDeprecationWarningR]RtReporterR tatexit_registertprint_messages(tcli_argsR�targsR&treport((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pytmainUs:
(et__doc__t
__future__RRtlogging.handlerstloggingR[RmR�tjosepyR)tzope.componentR
R�RR1tacme.magic_typingRRRRRReRRR tcertbot._internalR
R
R
R
RRRRRRRRRRtcertbot._internal.pluginsRRcRR�tcertbot.compatRRR
tcertbot.displayR
R�R2tcertbot.pluginsR
R]t getLoggert__name__RwR)R-R1RARJR`RoRuRyRvR�R�R}R�R�R�R�R�R�R�R�R�R�R�R�RRR
R#R%R�R&R/RbR?R8RcRPRSR]Rv(((s:/usr/lib/python2.7/site-packages/certbot/_internal/main.pyt<module>s�
(
; 3 7 ( +
&
)
* ; 4 (
2
; ' ; - :
+ 4