Spade
Mini Shell
| Directory:~$ /proc/self/root/usr/lib/python2.7/site-packages/certbot/_internal/ |
| [Home] [System Details] [Kill Me] |
�
���_c@s�dZddlmZddlZddlZddlZddlZddlZddlZddl Z ddl
m
Z
ddl
m
Z
mZddlmZddlZddlZddlZddlmZddlmZdd lmZdd
lmZ
dd
lm
Z
dd
lm
Z
dd
lmZdd
l m Z
ddl m!Z!ddl m"Z"ddl m#Z#ddl m$Z$ddl m%Z%ddl&m'Z(ddl)m*Z*ej+e,�Z-dddddddd
d
d
d d
d!d"d#gZ.d$d%gZ/d&d'd(d)gZ0e1ej2e0e/e.d:��Z3d+�Z4d,�Z5d-�Z6d.�Z7d/�Z8d0�Z9d1�Z:d2�Z;d3�Z<d4�Z=d5�Z>d6�Z?d7�Z@d8�ZAd9�ZBdS(;sGFunctionality
for autorenewal and associated juggling of
configurationsi����(tprint_functionN(tdefault_backend(tectrsa(tload_pem_private_key(tList(tOptional(t
crypto_util(tutil(terrors(t
interfaces(tcli(tclient(t constants(thooks(tstorage(tupdater(tdisco(tost
config_dirtlogs_dirtwork_dirt
user_agenttservertaccountt
authenticatort installert
renew_hooktpre_hookt post_hookthttp01_addresstpreferred_chaintkey_typetelliptic_curvet
rsa_key_sizet
http01_portt
must_stapletallow_subset_of_namest reuse_keyt autorenewt
pref_challscCs�ytj||�}WnTtjtfk
rltjddt�tjd|�tjdt j
��d
SXd|j
kr�tjd|�d
S|j
d}d|kr�tjd|�d
Sy
t
||�t||�WnLttjfk
r)}tjd |t|��tjdt j
��d
SXy/g|j�D]}tj|�^q:|_Wn*tjk
r�}tjd
||�d
SX|S(
s�Try to instantiate a RenewableCert, updating config
with relevant items.
This is specifically for use in renewal and enforces several checks
and policies to ensure that we can try to proceed with the renewal
request. The config argument is modified by including relevant options
read from the renewal configuration file.
:param configuration.NamespaceConfig config: configuration for the
current lineage
:param str full_path: Absolute path to the configuration file that
defines this lineage
:returns: the RenewableCert object or None if a fatal error occurred
:rtype: `storage.RenewableCert` or NoneType
ttexc_infos2Renewal configuration file %s is broken.
Skipping.sTraceback was:
%st
renewalparamss<Renewal configuration file %s lacks renewalparams.
Skipping.RsJRenewal configuration file %s does not specify an
authenticator. Skipping.sHAn error occurred while parsing %s. The error was
%s. Skipping the file.s{Renewal configuration file %s references a
certificate that contains an invalid domain name. The problem was: %s.
Skipping.N(Rt
RenewableCertR tCertStorageErrortIOErrortloggertwarningtTruetdebugt tracebackt
format_exctNonet
configurationt
restore_required_config_elementst_restore_plugin_configst
ValueErrortErrortstrtnamesRtenforce_domain_sanitytdomainstConfigurationError(tconfigt full_pathtrenewal_candidateR+terrortd((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyt
_reconstitute5sB
,
cCs�d|kr,tjd�
r,|d|_nd|kr|tjd�
r||d}t|tj�rp|g}n||_ndS(s�
webroot_map is, uniquely, a dict, and the general-purpose configuration
restoring logic is not able to correctly parse it from the serialized
form.
t
webroot_mapt
webroot_pathN(R
t
set_by_cliRFt
isinstancetsixt
string_typesRG(R@R+twp((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyt_restore_webroot_configns
cCs
g}|ddkr&t||�n|j|d�|jd�d k r`|j|d�nx�t|�D]�}|jdd�}x�tj|�D]|\}}|j|d�r�t j
|�
r�|d
kr�t
||t
|��qt j
|�}t
||||��q�q�WqmWd S(
sSets
plugin specific values in config from renewalparams
:param configuration.NamespaceConfig config: configuration for the
current lineage
:param configobj.Section renewalparams: Parameters from the renewal
configuration file that defines this lineage
RtwebrootRt-t_R5R1tFalseN(sNonesTruesFalse(RMtappendtgetR5tsettreplaceRJt iteritemst
startswithR
RHtsetattrtevalt
argparse_type(R@R+tplugin_prefixest
plugin_prefixt
config_itemt
config_valuetcast((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyR8s
#
cCs�tjdtfftjjttjt��tjjt tjt
��tjjt
tjt
���}xV|D]N\}}||krpt
j|�
rp||||�}t|||�qpqpWdS(s Sets
non-plugin specific values in config from renewalparams
:param configuration.NamespaceConfig config: configuration for the
current lineage
:param configobj.Section renewalparams: parameters from the renewal
configuration file that defines this lineage
R(N(t itertoolstchaint_restore_pref_challsRJtmovestziptBOOL_CONFIG_ITEMStrepeatt
_restore_booltINT_CONFIG_ITEMSt
_restore_inttSTR_CONFIG_ITEMSt
_restore_strR
RHRX(R@R+trequired_itemst item_namet
restore_functvalue((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyR7�s
!
cCs.t|tj�r|gn|}tj|�S(s�Restores
preferred challenges from a renewal config file.
If value is a `str`, it should be a single challenge type.
:param str unused_name: option name
:param value: option value
:type value: `list` of `str` or `str`
:returns: converted option value to be stored in the runtime config
:rtype: `list` of `str`
:raises errors.Error: if value can't be converted to a bool
(RIRJRKR
tparse_preferred_challenges(t
unused_nameRo((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyRb�s!cCs@|j�}|dkr6tjdj||���n|dkS(s#Restores
a boolean key-value pair from a renewal config file.
:param str name: option name
:param str value: option value
:returns: converted option value to be stored in the runtime config
:rtype: bool
:raises errors.Error: if value can't be converted to a bool
ttruetfalses,Expected True or False for {0} but found
{1}(RrRs(tlowerR R:tformat(tnameRotlowercase_value((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyRg�s
cCsp|dkr2|dkr2tjd�tjd�Syt|�SWn)tk
rktjdj|���nXdS(s#Restores an integer key-value pair
from a renewal config file.
:param str name: option name
:param str value: option value
:returns: converted option value to be stored in the runtime config
:rtype: int
:raises errors.Error: if value can't be converted to an int
R#R5s!updating legacy http01_port values Expected a numeric value for
{0}N( R/tinfoR
t
flag_defaulttintR9R R:Ru(RvRo((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyRi�s
cCsT|dkr@|tjkr@tjdtjd|�tjdS|dkrPdS|S(s�Restores
a string key-value pair from a renewal config file.
:param str name: option name
:param str value: option value
:returns: converted option value to be stored in the runtime config
:rtype: str or None
Rs$Using server %s instead of legacy
%sR5N(R
tV1_URIR/Rxt
CLI_DEFAULTSR5(RvRo((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyRk�s
cCsb|jrtjd�tS|j�r7tjd�tS|jrQtjd�tStjd�tS(sDReturn
true if any of the circumstances for automatic renewal apply.s+Auto-renewal
forced with --force-renewal...s)Cert is due for renewal,
auto-renewing...s<Cert not due for renewal, but simulating renewal for
dry runs
Cert not yet due for
renewal(trenew_by_defaultR/R2R1tshould_autorenewRxtdry_runRQ(R@tlineage((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyt
should_renews
cCs�t|j��}|j�}WdQXtjjtjj|�}dt|j��j �k}t
j
|j
�r�t
j
|�
s�|r�|j
s�dj|j��}tjdj|���q�q�ndS(s9Do
not renew a valid cert with one from a staging server!Ntfakes,
s�You've asked to renew/replace a seemingly valid certificate with a
test certificate (domains: {0}). We will not do that unless you use the
--break-my-certs
flag!(topentcerttreadtOpenSSLtcryptotload_certificatet
FILETYPE_PEMtreprt
get_issuerRtRt
is_stagingRtbreak_my_certstjoinR<R R:Ru(R@R�toriginal_servertthe_filetcontentst
latest_certt now_validR<((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyt_avoid_invalidating_lineage&s
c
Cs |jd}|jdtjd��}t|||�|sM|j�}n|jr{tjj |j
�}t
||�nd}|j
||�\}}}} |jr�tjdtjj|j��n;|j�}
|j|
||j||�|j|j��tj|||j�dS(s
Renew a certificate
lineage.R+Rs(Dry run: skipping updating lineage at
%sN(R6RSR
RyR�R<R&Rtpathtnormpathtprivkeyt _update_renewal_params_from_keyR5tobtain_certificateRR/R2tdirnameR�tlatest_common_versiontsave_successortpemtupdate_all_links_toRRtlive_dir(
R@R>t le_clientR�trenewal_paramsR�tnew_keytnew_certt new_chainRPt
prior_version((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyt
renew_cert<s
"
cs'�fd�|D�}ddj|�S(s:Format
a results report for a category of renewal
outcomesc3s |]}d|�fVqdS(s%s
(%s)N((t.0tm(tcategory(s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pys <genexpr>Yss
s
(R�(tmsgsR�tlines((R�s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pytreportWscCs�tj}tj}|djtj��|jr7dnd}|rc|d�|t|d��n|
r�|
r�|djd|��|jdk s�|j
dk s�|j
dk r�|d�q�n�|r�|
r�|djd|��|t|d ��n�|r-|
r-|d
|�|t|d
��n\|r�|r�|d
jd|��|t|d �d
�|d|�|t|d
��n|r�|d�|t|d��n|tj�dS(s�
Print a report to the terminal about the results of the renewal
process.
:param interfaces.IConfig config: Configuration
:param list renew_successes: list of fullchain paths which were renewed
:param list renew_failures: list of fullchain paths which failed to be
renewed
:param list renew_skipped: list of messages to print about skipped
certificates
:param list parse_failures: list of renewal parameter paths which had
erorrs
s
{}ssimulated renewaltrenewals7The following certificates are not due for
renewal yet:tskippeds
No {renewal}s were attempted.sNo hooks were
run.s+Congratulations, all {renewal}s succeeded: tsuccesss@All %ss failed.
The following certificates could not be renewed:tfailures#The following
{renewal}s succeeded:s
sThe following %ss failed:sB
Additionally, the following renewal configurations were invalid:
t parsefailN(
t
display_utiltnotifyR/RCRut
SIDE_FRAMERR�R
R5RR
(R@trenew_successestrenew_failurest
renew_skippedtparse_failuresR�t
notify_errort
renewal_noun((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyt_renew_describe_results]s8
cs$t�fd��jD��r1tjd��n�jrUtj��j�g}ntj��}g}g}g}g}tj j
�
o��j
}x/|D]'}t
j
jtj�}|jd|dt�tj��} tj|�}
yt| |�}
WnOtk
rP}
tjd||
|
�tjdtj
��|j
|�q�nXy#|
dkrp|j
|�nt
j
j | �|
j
�ddl!m"}
t#j$j%�}t&| |
�r
|r�t'j(d d�}tj)d
|�t*j+|�t}n|
j,| ||
�|j
|
j-�nDt.j/|
j0d
|
j1���}|j
d|
j-|j2d�f�t3j4| |
|�Wq�tk
r�}
tj5d|
|
�tjdtj
��|j
|
j-�q�Xq�Wt6�||||�|s�|rtjdj7t8|�t8|����ntjd�dS(s5Examine
each lineage; renew if due and report
resultsc3s
|]}|�jkVqdS(N(RF(R�tdomain(R@(s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pys <genexpr>�ssfCurrently,
the renew verb is capable of either renewing all installed certificates
that are due to be renewed or renewing a single certificate specified by
its name. If you would like to renew specific certificates by their
domains, use the certonly command instead. The renew verb may provide other
options for selecting certificates to renew in the future.s
Processing
tpausesTRenewal configuration file %s (cert: %s) produced an unexpected
error: %s. Skipping.sTraceback was:
%si����(tmainii<is3Non-interactive renewal: random delay of
%s secondsR�s%s expires on %ss%Y-%m-%ds-Failed to renew certificate %s
with error: %ss*{0} renew failure(s), {1} parse failure(s)sno renewal
failuresNi�(9tanyR>R R:tcertnameRtrenewal_file_for_certnametrenewal_conf_filestsyststdintisattytrandom_sleep_on_renewtzopet componentt
getUtilityR
tIDisplayt
notificationRQtcopytdeepcopytlineagename_for_filenameREt ExceptionR/R0R2R3R4RRR5tprovideUtilitytensure_deployedtcertbot._internalR�t
plugins_discotPluginsRegistrytfind_allR�trandomtuniformRxttimetsleepR�t fullchainRtnotAftertversionR�tstrftimeRtrun_generic_updatersRCR�Rutlen(R@t
conf_filesR�R�R�R�tapply_random_sleept
renewal_filetdisptlineage_configt
lineagenameRBteR�tpluginst
sleep_timetexpiry((R@s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pythandle_renewal_request�sr
c
Cs�t|d��(}t|j�dddt��}WdQXt|tj�rcd|_|j |_
nNt|t
j
�r�d|_|j
j|_n!tjdj|t|����dS(NtrbtpasswordtbackendRtecdsas*Key
at {0} is of an unsupported type: {1}.(R�RR�R5RRIRt
RSAPrivateKeyR
tkey_sizeR"RtEllipticCurvePrivateKeytcurveRvR!R R:Ruttype(tkey_pathR@tfile_htkey((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyR��s' (s
pref_challs(Ct__doc__t
__future__RR�R`tloggingR�R�R�R3t
cryptography.hazmat.backendsRt)cryptography.hazmat.primitives.asymmetricRRt,cryptography.hazmat.primitives.serializationRR�RJtzope.componentR�tacme.magic_typingRRtcertbotRtcertbot.displayRR�R R
R�R
R
R
RRRtcertbot._internal.pluginsRR�tcertbot.compatRt getLoggert__name__R/RjRhReRTRat
CONFIG_ITEMSRERMR8R7RbRgRiRkR�R�R�R�R�R�R�(((s=/usr/lib/python2.7/site-packages/certbot/_internal/renewal.pyt<module>sl
9 + 0 k