%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/certbot/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/certbot/__pycache__/crypto_util.cpython-312.pyc

�

M/�e`���dZddlZddlZddlZddlZddlmZddlmZddlmZddlm	Z	ddlm
Z
ddlmZdd	lmZdd
l
mZddlmZddlmZdd
lmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z ddl!m"Z"ddl!m#Z#ddl!m$Z$ddl%Z%ddl&m'Z'ddl&m(Z(ddl)Z)ddl*m+Z,ddl-m.Z.ddl-m/Z/ddl-m0Z0ddl1m2Z2erddl3m4Z4dd l5m6Z6dd!l7m8Z8dd"l9m:Z:ejve<�Z=			dhd#e>d$ee?d%e?d&e?d'e?d(e@d)e0j�fd*�ZB	did+e0j�d,eee?e	e?fd-ee?d.e@d(e@d)e0j�fd/�ZDd0eEd)e@fd1�ZFd0eEd+eEd)e@fd2�ZGd3e?d4eEd)e
e>e0j�ee?ffd5�ZH		djd6e>d%e?d&ee?d)eEfd7�ZId+ee?eEfd)e@fd8�ZJd9e/j�d)dfd:�ZLd9e/j�d)dfd;�ZMd<eed=d>ee d?d@fdAeEdBeEdCej�d)df
dD�ZOdEe?dFe?d)dfdG�ZPd9e/j�d)dfdH�ZQd4eEd)e
e'j�e>ffdI�ZSe'j�fdJeEdKee>eEgee'j�e'j�ffdLe>d)ee'j�e'j�ffdM�ZVe'j�fdJeEdKee>eEgee'j�e'j�ffdLe>d)ee?fdN�ZWe'j�fdOeEdLe>d)ee?fdP�ZXdQeEdKee>eEgee'j�e'j�ffdLe>d)ee?fdR�ZYdSee'j�e'j�fd)ee?fdT�ZZe'j�fdOeEdLe>d)ee?fdU�Z[e'j�fd0eEdLe>d)ee?fdV�Z\e'j�fdWeee'j�ee%j�fdXe>d)eEfdY�Z^dEe?d)ejfdZ�Z_dEe?d)ejfd[�Z`dEe?d\ee'j�geeEfd)ejfd]�Zad^e?d)e?fd_�Zbej�d`ej��Zedae?d)e
e?e?ffdb�ZfdEe?d)e>fdc�Zg	dkddee?dee?dfe@d)e?fdg�Zhy)lz�Certbot client crypto utility functions.

.. todo:: Make the transition to use PSS rather than PKCS1_v1_5 when the server
    is capable of handling the signatures.

�N)�Callable)�List)�Optional)�Set)�Tuple)�
TYPE_CHECKING)�Union)�x509)�InvalidSignature)�UnsupportedAlgorithm)�default_backend)�hashes)�ec)�DSAPublicKey)�ECDSA)�EllipticCurvePublicKey)�PKCS1v15)�RSAPublicKey)�Encoding)�NoEncryption)�
PrivateFormat)�crypto)�SSL)�crypto_util)�errors)�
interfaces)�util)�os)�Ed448PublicKey)�Ed25519PublicKey)�
X448PublicKey)�X25519PublicKey�key_size�key_dir�key_type�elliptic_curve�keyname�strict_permissions�returnc�D�	t||xsd|��}d}|r�t
j|d|�t
jtjj||�d	d
�\}	}|	5|	j|�ddd�|dk(rtjd||�ntjd
||�t
j||�S#t$r=}tjdd��tj	dt|��|�d}~wwxYw#1swY��xYw)a$Initializes and saves a privkey.

    Inits key and saves it in PEM format on the filesystem.

    .. note:: keyname is the attempted filename, it may be different if a file
        already exists at the path.

    :param int key_size: key size in bits if key size is rsa.
    :param str key_dir: Optional key save directory.
    :param str key_type: Key Type [rsa, ecdsa]
    :param str elliptic_curve: Name of the elliptic curve if key type is ecdsa.
    :param str keyname: Filename of key
    :param bool strict_permissions: If true and key_dir exists, an exception is raised if
        the directory doesn't have 0700 permissions or isn't owned by the current user.

    :returns: Key
    :rtype: :class:`certbot.util.Key`

    :raises ValueError: If unable to generate the key given key_size.

    �	secp256r1)�bitsr&r%�T��exc_infoz&Encountered error while making key: %sNi�i��wb�rsaz Generating RSA key (%d bits): %sz"Generating ECDSA key (%d bits): %s)�make_key�
ValueError�logger�debug�error�strr�make_or_verify_dir�unique_filer�path�join�write�Key)
r#r$r%r&r'r(�key_pem�err�key_path�key_fs
          �5/usr/lib/python3/dist-packages/certbot/crypto_util.py�generate_keyrC8s���0���.�*G�K�RZ�
���H�������0B�C��*�*��G�G�L�L��'�*�E�4�9���x�
�	!��K�K�� �	!��u���L�L�;�X�x�P��L�L�=�x��R��8�8�H�g�&�&��%�����R�$��'����=�s�3�x�H��	����	!�	!�s#�C
�)D�
	D�8D�D�D�privkey�namesr:�must_staplec��tj|j||��}d}|r�tj|d|�tj
tjj|d�dd�\}}|5|j|�ddd�tjd|�tj||d�S#1swY�6xYw)	aCInitialize a CSR with the given private key.

    :param privkey: Key to include in the CSR
    :type privkey: :class:`certbot.util.Key`
    :param set names: `str` names to include in the CSR
    :param str path: Optional certificate save directory.
    :param bool must_staple: If true, include the TLS Feature extension "OCSP Must-Staple"
    :param bool strict_permissions: If true and path exists, an exception is raised if
        the directory doesn't have 0755 permissions or isn't owned by the current user.

    :returns: CSR
    :rtype: :class:`certbot.util.CSR`

    )rFNi�zcsr-certbot.pemi�r0zCreating CSR: %s�pem)
�acme_crypto_util�make_csrrHrr8r9rr:r;r<r4r5�CSR)rDrEr:rFr(�csr_pem�csr_filename�csr_fs        rB�generate_csrrOis��� �'�'����U��5�G��L������e�-?�@�"�.�.��G�G�L�L��0�1�5�$�@���|�
�	!��K�K�� �	!����'��6��8�8�L�'�5�1�1�		!�	!�s�8B?�?C�csrc���	tjtj|�}|j|j	��S#tj
$rtjdd��YywxYw)z�Validate CSR.

    Check if `csr` is a valid CSR for the given domains.

    :param bytes csr: CSR in PEM.

    :returns: Validity of CSR.
    :rtype: bool

    r-Tr.F)r�load_certificate_request�FILETYPE_PEM�verify�
get_pubkey�Errorr4r5)rP�reqs  rB�	valid_csrrX�s^����-�-�����&���z�z�#�.�.�*�+�+���<�<�����R�$��'���s�AA�*A2�1A2c��tjtj|�}tjtj|�}	|j	|�S#tj
$rtjdd��YywxYw)z�Does private key correspond to the subject public key in the CSR?

    :param bytes csr: CSR in PEM.
    :param bytes privkey: Private key file contents (PEM)

    :returns: Correspondence of private key to CSR subject public key.
    :rtype: bool

    r-Tr.F)rrRrS�load_privatekeyrTrVr4r5)rPrDrW�pkeys    rB�csr_matches_pubkeyr\�sq���
)�
)����S�"�C��!�!�&�"5�"5�w�?�D���z�z�$�����<�<�����R�$��'���s�
A�*B�B�csrfile�datac��tj}tj}	|tj|�}t|�}tj||�}|tj||d��|fS#tj$rI	|||�}n;#tj$r%tjdj
|���wxYwY��wxYw)a1Import a CSR file, which can be either PEM or DER.

    :param str csrfile: CSR filename
    :param bytes data: contents of the CSR file

    :returns: (`crypto.FILETYPE_PEM`,
               util.CSR object representing the CSR,
               list of domains requested in the CSR)
    :rtype: tuple

    zFailed to parse CSR file: {0}rH)�filer^�form)rrSrR�
FILETYPE_ASN1rVr�format�"_get_names_from_loaded_cert_or_req�dump_certificate_requestrrK)r]r^�PEM�loadrP�domains�data_pems       rB�import_csr_filerj�s����
�
�C��*�*�D�P��6�'�'��.��1��5�G��.�.�s�C�8�H�����g�H�5�A�7�J�J���<�<�P�	P��s�D�/�C���|�|�	P��,�,�>�E�E�g�N�O�O�	P��
�P�s)�A5�5C�		B�C�8C�C�Cr,c�4�|dk(r_|dkr$tjdj|���tj�}|jtj|��n5|dk(�r|stjd��	|j�}|dvr]tt|j��}|stjd|����tj|�t���}n$tjd	j|���	|jt j"t$j&t)���}tj*tj,|�}n$tjdj|���tj.tj,|�S#t$r%tjd	j|���t$r$}|tjt|���d
}~wwxYw)
a�Generate PEM encoded RSA|EC key.

    :param int bits: Number of bits if key_type=rsa. At least 2048 for RSA.
    :param str key_type: The type of key to generate, but be rsa or ecdsa
    :param str elliptic_curve: The elliptic curve to use.

    :returns: new RSA or ECDSA key in PEM form with specified number of bits
              or of type ec_curve when key_type ecdsa is used.
    :rtype: str
    r1�zUnsupported RSA key length: {}�ecdsaz3When key_type == ecdsa, elliptic_curve must be set.)�	SECP256R1�	SECP384R1�	SECP521R1zInvalid curve type: )�curve�backendzUnsupported elliptic curve: {}N)�encodingrc�encryption_algorithmz0Invalid key_type specified: {}.  Use [rsa|ecdsa])rrVrcr�PKeyrC�TYPE_RSA�upper�getattrr�generate_private_keyr
�	TypeErrorrr7�
private_bytesrrfr�TraditionalOpenSSLrrZrS�dump_privatekey)	r,r%r&�key�namerq�_key�e�_key_pems	         rBr2r2�s����5���$�;��,�,�?�F�F�t�L�M�M��k�k�m��������$�/�	�W�	���,�,�T�U�U�	.�!�'�'�)�D��>�>���N�$8�$8�$:�;��� �,�,�)=�n�=M�'N�O�O��.�.��'�+�-���
�l�l�#C�#J�#J�>�#Z�[�[���%�%��\�\� �3�3�!-��&�
��
�$�$�V�%8�%8�(�C���l�l�M�T�T�U]�^�_�_��!�!�&�"5�"5�s�;�;���	X��,�,�?�F�F�~�V�W�W�#�	.�����c�!�f�-�-��	.�s�BF>�>5H�3H�Hc��	tjtj|�j�S#ttj
f$rYywxYw)z�Is valid RSA private key?

    :param privkey: Private key file contents in PEM

    :returns: Validity of private key.
    :rtype: bool

    F)rrZrS�checkrzrV)rDs rB�
valid_privkeyr�sG����%�%�����*�*/�%�'�	2���v�|�|�$����s�14�A�A�renewable_certc�p�t|�t|�t|j|j�y)a�For checking that your certs were not corrupted on disk.

    Several things are checked:
        1. Signature verification for the cert.
        2. That fullchain matches cert and chain when concatenated.
        3. Check that the private key matches the certificate.

    :param renewable_cert: cert to verify
    :type renewable_cert: certbot.interfaces.RenewableCert

    :raises errors.Error: If verification fails.
    N)�verify_renewable_cert_sig�verify_fullchain�verify_cert_matches_priv_key�	cert_pathr@)r�s rB�verify_renewable_certr�s*���n�-��^�$� ��!9�!9�>�;R�;R�S�c��	t|jd�5}tj|j	�t��}ddd�t|jd�5}tj|j	�t��}ddd�j�}jsJ�t||j|j|j�y#1swY��xYw#1swY�`xYw#tttf$rK}dj|j|�}t j#|�t%j&|��d}~wwxYw)z�Verifies the signature of a RenewableCert object.

    :param renewable_cert: cert to verify
    :type renewable_cert: certbot.interfaces.RenewableCert

    :raises errors.Error: If signature verification fails.
    �rbNzbverifying the signature of the certificate located at {0} has failed.                 Details: {1})�open�
chain_pathr
�load_pem_x509_certificate�readr
r��
public_key�signature_hash_algorithm�verify_signed_payload�	signature�tbs_certificate_bytes�IOErrorr3rrcr4�	exceptionrrV)r��
chain_file�chain�	cert_file�cert�pkr��	error_strs        rBr�r�%s%��
&�
�.�+�+�T�
2�	Y�j��2�2�:�?�?�3D�o�FW�X�E�	Y�
�.�*�*�D�
1�	W�Y��1�1�)�.�.�2B�O�DU�V�D�	W�
�
�
�
���,�,�,�,��b�$�.�.�$�2L�2L� $� =� =�	?�
	Y�	Y��	W�	W��
�Z�!1�2�&��$�f�^�%=�%=�q�A�	�����#��l�l�9�%�%��	&�sH�C;�-C#�C;�#-C/�AC;�#C,�(C;�/C8�4C;�;E�AE�Er�r rr"r!r��payloadr�c���t|t�r|j||t�|�yt|t�r|j||t|��yt
jd��)a�Check the signature of a payload.

    :param RSAPublicKey/EllipticCurvePublicKey public_key: the public_key to check signature
    :param bytes signature: the signature bytes
    :param bytes payload: the payload bytes
    :param hashes.HashAlgorithm signature_hash_algorithm: algorithm used to hash the payload

    :raises InvalidSignature: If signature verification fails.
    :raises errors.Error: If public key type is not supported
    zUnsupported public key type.N)�
isinstancerrTrrrrrV)r�r�r�r�s    rBr�r�=sb���*�l�+�����w��
�,D�	
�
�J� 6�	7�����w��&>� ?�	
��l�l�9�:�:r�r�r@c�l�	tjtj�}|j|�|j	|�|j�y#ttjf$rB}dj|||�}tj|�tj|��d}~wwxYw)z� Verifies that the private key and cert match.

    :param str cert_path: path to a cert in PEM format
    :param str key_path: path to a private key file

    :raises errors.Error: If they don't match.
    z�verifying the certificate located at {0} matches the                 private key located at {1} has failed.                 Details: {2}N)r�Context�
SSLv23_METHOD�use_certificate_file�use_privatekey_file�check_privatekeyr�rVrcr4r�r)r�r@�contextr�r�s     rBr�r�Xs���&��+�+�c�/�/�0���$�$�Y�/��#�#�H�-�� � �"���S�Y�Y��&��$�f�Y� �!�%�	�	����#��l�l�9�%�%��
&�s�AA�B3�1=B.�.B3c��	t|j�5}|j�}ddd�t|j�5}|j�}ddd�t|j�5}|j�}ddd�zk7r2d}|j|j�}tj|��y#1swY��xYw#1swY�~xYw#1swY�\xYw#t$r@}dj|�}tj|�tj|��d}~wtj$r}|�d}~wwxYw)z� Verifies that fullchain is indeed cert concatenated with chain.

    :param renewable_cert: cert to verify
    :type renewable_cert: certbot.interfaces.RenewableCert

    :raises errors.Error: If cert and chain do not combine to fullchain.
    Nz.fullchain does not match cert + chain for {0}!z8reading one of cert, chain, or fullchain has failed: {0})r�r�r�r��fullchain_pathrc�lineagenamerrVr�r4r�)	r�r�r�r�r��fullchain_file�	fullchainr�r�s	         rBr�r�ns(���
�.�+�+�
,�	&�
��O�O�%�E�	&�
�.�*�*�
+�	$�y��>�>�#�D�	$�
�.�/�/�
0�	.�N�&�+�+�-�I�	.��5�L�Y�&�H�I�!�(�(��)C�)C�D�I��,�,�y�)�)�'�
	&�	&��	$�	$��	.�	.���&�N�U�U�VW�X�	�����#��l�l�9�%�%���<�<������sj�C+�C�C+�C�C+�3C�AC+�C�C+�C�C+�C(�$C+�+	E�4;D/�/E�E�Ec�Z�g}tjtjfD]}	tj||�|fcSt
jdjdjd�|D�����#tj$r}|j|�Yd}~��d}~wwxYw)z:Load PEM/DER certificate.

    :raises errors.Error:

    NzUnable to load: {0}�,c3�2K�|]}t|����y�w�N)r7)�.0r6s  rB�	<genexpr>z-pyopenssl_load_certificate.<locals>.<genexpr>�s����=0���E�
�=0�s�)	rrSrb�load_certificaterV�appendrrcr;)r^�openssl_errors�	file_typer6s    rB�pyopenssl_load_certificater��s����N��)�)�6�+?�+?�@�)�	�	)��*�*�9�d�;�Y�F�F�)�
�,�,�,�3�3�C�H�H�=0� .�=0�50�1�2�2���|�|�	)��!�!�%�(�(��	)�s�A<�<B*�B%�%B*�cert_or_req_str�	load_func�typc��	|||�S#tj$r<}tjdd��tj	dt|���d}~wwxYw)Nr-Tr.z6Encountered error while loading certificate or csr: %s)rrVr4r5r6r7)r�r�r�r?s    rB�_load_cert_or_reqr��sO�����o�.�.���<�<�����R�$��'����M�s�SV�x�X�
���s��A�7A�Ac�B�tjt|||��Sr�)rI�_pyopenssl_cert_or_req_sanr�)r�r�r�s   rB�_get_sans_from_cert_or_reqr��s&��
�6�6�7H���C�8)�*�*r�r�c�8�t|tj|�S)z�Get a list of Subject Alternative Names from a certificate.

    :param str cert: Certificate (encoded).
    :param typ: `crypto.FILETYPE_PEM` or `crypto.FILETYPE_ASN1`

    :returns: A list of Subject Alternative Names.
    :rtype: list

    )r�rr��r�r�s  rB�get_sans_from_certr��s��&��f�%�%�s�,�,r��cert_or_reqc�2�t|||�}t|�Sr�)r�rd)r�r�r��loaded_cert_or_reqs    rB�_get_names_from_cert_or_reqr��s��+�;�	�3�G��-�.@�A�Ar�r�c�,�tj|�Sr�)rI� _pyopenssl_cert_or_req_all_names)r�s rBrdrd�s���<�<�=O�P�Pr�c�8�t|tj|�S)z�Get a list of domains from a cert, including the CN if it is set.

    :param str cert: Certificate (encoded).
    :param typ: `crypto.FILETYPE_PEM` or `crypto.FILETYPE_ASN1`

    :returns: A list of domain names.
    :rtype: list

    )r�rr�r�s  rB�get_names_from_certr��s��'��f�%�%�s�,�,r�c�8�t|tj|�S)z�Get a list of domains from a CSR, including the CN if it is set.

    :param str csr: CSR (encoded).
    :param typ: `crypto.FILETYPE_PEM` or `crypto.FILETYPE_ASN1`
    :returns: A list of domain names.
    :rtype: list

    )r�rrR)rPr�s  rB�get_names_from_reqr��s��'�s�F�,K�,K�S�Q�Qr�r��filetypec�.�tj||�S)z�Dump certificate chain into a bundle.

    :param list chain: List of `crypto.X509` (or wrapped in
        :class:`josepy.util.ComparableX509`).

    )rI�dump_pyopenssl_chain)r�r�s  rBr�r��s���0�0���A�Ar�c�J�t|tjj�S)z�When does the cert at cert_path start being valid?

    :param str cert_path: path to a cert in PEM format

    :returns: the notBefore value from the cert at cert_path
    :rtype: :class:`datetime.datetime`

    )�_notAfterBeforer�X509�
get_notBefore�r�s rB�	notBeforer��s���9�f�k�k�&?�&?�@�@r�c�J�t|tjj�S)z�When does the cert at cert_path stop being valid?

    :param str cert_path: path to a cert in PEM format

    :returns: the notAfter value from the cert at cert_path
    :rtype: :class:`datetime.datetime`

    )r�rr��get_notAfterr�s rB�notAfterr��s���9�f�k�k�&>�&>�?�?r��methodc
��t|d�5}tjtj|j	��}ddd�|�}|stjd��|ddd|ddd|ddd	|dd
d|d
dd|ddg}d
j|�}|jd�}tj|�S#1swY�~xYw)aPInternal helper function for finding notbefore/notafter.

    :param str cert_path: path to a cert in PEM format
    :param function method: one of ``crypto.X509.get_notBefore``
        or ``crypto.X509.get_notAfter``

    :returns: the notBefore or notAfter value from the cert at cert_path
    :rtype: :class:`datetime.datetime`

    r�Nz>Error while invoking timestamp method, None has been returned.r��-���T�
�:�r��ascii)r�rr�rSr�rrVr;�decode�	pyrfc3339�parse)r�r��fr
�	timestamp�reformatted_timestamp�timestamp_bytes�
timestamp_strs        rBr�r�
s���
�i��	�F�!��&�&�v�':�':�A�F�F�H�E��F��t��I���l�l�[�\�\�&�q��^�T�9�Q�q�>�4�&�q��^�T�9�Q�r�?�D�&�r�"�-�t�Y�r�s�^�E���h�h�4�5�O�#�*�*�7�3�M��?�?�=�)�)�F�F�s�3B=�=C�filenamec��tj�}t|d�5}|j|j	�jd��ddd�|j
�S#1swY|j
�SxYw)aNCompute a sha256sum of a file.

    NB: In given file, platform specific newlines characters will be converted
    into their equivalent unicode counterparts before calculating the hash.

    :param str filename: path to the file whose hash will be computed

    :returns: sha256 digest of the file in hexadecimal
    :rtype: str
    �rzUTF-8N)�hashlib�sha256r��updater��encode�	hexdigest)r�r��file_ds   rB�	sha256sumr�&sg���^�^�
�F�	
�h��	�5���
�
�f�k�k�m�*�*�7�3�4�5������5������s�/A(�(Bs@-----BEGIN CERTIFICATE-----
?
.+?
?
-----END CERTIFICATE-----
?
�
fullchain_pemc
��tj|j��}t|�dkrt	j
d��|D�cgc]V}t
jtjt
jtj|��j���X}}|ddj|dd�fScc}w)aSplit fullchain_pem into cert_pem and chain_pem

    :param str fullchain_pem: concatenated cert + chain

    :returns: tuple of string cert_pem and chain_pem
    :rtype: tuple

    :raises errors.Error: If there are less than 2 certificates in the chain.

    �zPfailed to parse fullchain into cert and chain: less than 2 certificates in chainrr-�N)�CERT_PEM_REGEX�findallr��lenrrVr�dump_certificaterSr�r�r;)r��certsr��certs_normalizeds    rB�cert_and_chain_from_fullchainrAs���
�"�"�=�#7�#7�#9�:�E�
�5�z�A�~��l�l�?�@�	@�RW�X�IM��/�/��0C�0C����� 3� 3�T�:�<�<B�F�H�E�X��X�
�Q�����)9�!�"�)=�!>�?�?��	Xs�ACc���t|d�5}tjtj|j	��}ddd�j
�S#1swY�xYw)z�Retrieve the serial number of a certificate from certificate path

    :param str cert_path: path to a cert in PEM format

    :returns: serial number of the certificate
    :rtype: int
    r�N)r�rr�rSr��get_serial_number)r�r�r
s   rB�get_serial_from_certr]sX��
�i��	�F�!��&�&�v�':�':�A�F�F�H�E��F�!�4�!�!�#�#�F�F�s�3A�A"�
fullchains�	issuer_cn�warn_on_no_matchc�j�|D]�}tj|j��}tj|dt��}|jjtjj�}|s�}|dj|k(s��|cS|rtjd|�|dS)a'Chooses the first certificate chain from fullchains whose topmost
    intermediate has an Issuer Common Name matching issuer_cn (in other words
    the first chain which chains to a root whose name matches issuer_cn).

    :param fullchains: The list of fullchains in PEM chain format.
    :type fullchains: `list` of `str`
    :param `str` issuer_cn: The exact Subject Common Name to match against any
        issuer in the certificate chain.

    :returns: The best-matching fullchain, PEM-encoded, or the first if none match.
    :rtype: `str`
    ���rz�Certbot has been configured to prefer certificate chains with issuer '%s', but no chain from the CA matched this issuer. Using the default certificate chain instead.)
r�r�r�r
r�r
�issuer�get_attributes_for_oid�NameOID�COMMON_NAME�valuer4�warning)rrr	r�r�top_cert�
top_issuer_cns       rB�find_chain_with_issuerrks�������&�&�u�|�|�~�6���1�1�%��)�_�=N�O�� ���>�>�t�|�|�?W�?W�X�
��]�1�-�3�3�y�@��L������=�>G�	I��a�=�r�)r1r+zkey-certbot.pemT)FT)rlr1N)F)i�__doc__�datetimer��logging�re�typingrrrrrrr	�cryptographyr
�cryptography.exceptionsrr�cryptography.hazmat.backendsr
�cryptography.hazmat.primitivesr�)cryptography.hazmat.primitives.asymmetricr�-cryptography.hazmat.primitives.asymmetric.dsar�,cryptography.hazmat.primitives.asymmetric.ecrr�1cryptography.hazmat.primitives.asymmetric.paddingr�-cryptography.hazmat.primitives.asymmetric.rsar�,cryptography.hazmat.primitives.serializationrrr�josepy�OpenSSLrrr��acmerrI�certbotrrr�certbot.compatr�/cryptography.hazmat.primitives.asymmetric.ed448r�1cryptography.hazmat.primitives.asymmetric.ed25519r �.cryptography.hazmat.primitives.asymmetric.x448r!�0cryptography.hazmat.primitives.asymmetric.x25519r"�	getLogger�__name__r4�intr7�boolr=rCrKrO�bytesrXr\rjr2r��
RenewableCertr�r��
HashAlgorithmr�r�r�r�r�rS�X509Reqr�r�r�r�rdr�r��ComparableX509r�r�r�r�r��compile�DOTALLr�rrr�r�rB�<module>r9s�������	������ ���4�8�8�1�8�F�>�O�F�F�A�E�F�
����0������N�R�L�P�	��	�	�8�	$��
IN�CT�,0�.'�3�.'��#��.'�#�.'�!$�.'�=@�.'�%)�.'�59�X�X�.'�dHL�2�$�(�(�2�5��c��C��H�1D�+E�2�X�VY�]�2�"�2�@D�2�PT�PX�PX�2�J�5��T��(�E��E��d��(K�S�K��K�%��T�X�X�t�C�y�8P�2Q�K�:05�-1�-<�3�-<��-<�%�c�]�-<�6;�-<�`
�5��e��,�
��
� T�*�*B�*B�T�t�T�$&�j�.F�.F�&�4�&�0;�e�L�:L�N^�,B�L�,=��-O�'P�;�&+�;�6;�;�5;�4H�4H�	;�NR�	;�6&�C�&�3�&�4�&�,�Z�%=�%=��$��62�U�2�u�V�[�[�#�5E�/F�2�("(�!4�!4��u��!)�3��,��f�k�k�6�>�>�>Y�8Z�*Z�![����9>�v�{�{�F�N�N�?Z�9[��+1�*=�*=�*��*�*2�C��<��v�{�{�GM�~�~�HV�BW�4W�+X�*�%(�*�CG�s�)�*�06�/B�/B�,�U�,��,�t�C�y�,�B�U�B�+3�S�%�L�%����HN���IW�CX�5X�,Y�B�&)�B�.2�#�Y�B�Q�5����f�n�n�A\�;]�Q�,0��I�Q�17�0C�0C�,�e�,�#�,��S�	�,�/5�.A�.A�	R�E�	R��	R�d�3�i�	R�*0�)<�)<�
B��d�6�;�;�&7��f�>S�>S�9T�&T� U�
B�#&�
B�AF�
B�	A��	A��!2�!2�	A�	@��	@�� 1� 1�	@�*�s�*�$�f�k�k�]�H�U�O�%C�D�*�IQ�IZ�IZ�*�8�����$������I�I���@��@��s�C�x��@�8$�C�$�C�$�5:��t�C�y��S��-1��>A�r�

Zerion Mini Shell 1.0