%PDF- %PDF- Mini Shell
Mini Shell

Direktori : /lib/python3/dist-packages/certbot/_internal/__pycache__/
Current File : //lib/python3/dist-packages/certbot/_internal/__pycache__/main.cpython-312.pyc
�

M/�e�$���dZddlmZddlZddlZddlZddlZddlm	Z	ddlm
Z
ddlmZddlmZddlm
Z
dd	lmZdd
lmZddlmZddlmZddlZddlZddlZdd
lmZddlmZddlmZddlmZddlZddlmZddlm Z ddlmZddlm!Z!ddlm"Z"ddl#m$Z$ddl#m%Z%ddl#m&Z&ddl#mZddl#m'Z'ddl#m(Z(ddl#m)Z)ddl#m*Z*ddl#m+Z+ddl#m,Z,ddl#m-Z-ddl#m.Z.dd l/m0Z1ddl/m"Z2dd!l3m4Z5dd"l3m6Z7dd#l8m9Z9dd$l8m:Z:dd%l8m;Z;dd&l<m=Z>ddl<m"Z?dd'l@mAZAd(ZBej�eD�ZEd)ej�d*dfd+�ZG		dsd,ej�d)ej�d-ee
eId.eeId/ee-j�d*ee-j�fd0�ZKd)ej�d1e-j�d*eLfd2�ZMd)ej�d-eeId1e-j�d*eeIee-j�ffd3�ZNd)ej�d/e-j�d*eeIee-j�ffd4�ZOd)ej�d-e
eId*eeeIee-j�ffd5�ZPd)ej�d-e
eId.eId*eeLee-j�ffd6�ZQd)ej�d-e
eId.eId*eeeIee-j�ffd7�ZRed8�ZSd9eeSd:eeSd*ee
eSe
eSffd;�ZTd<eId=eeId*eIfd>�ZUd)ej�d?eeId.eId@eeId*df
dA�ZV	dtd)ej�dBee!j�dCeeId*ee
eIeIffdD�ZX	dud)ej�dEeej�d/ee-j�dFeLd*df
dG�ZZ	dtd)ej�dHeeIdIeeIdJeeId*df
dK�Z[d)ej�d*eLfdL�Z\d)ej�dHeeIdMeeIdIeeId*df
dN�Z]d)ej�d*ee$j�eej�ffdO�Z`d)ej�d*dfdP�Zad)ej�dQee!j�dBee!j�d*ej�fdR�Zcd)ej�dSe5j�d*eeIfdT�Zed)ej�dSe5j�d*eeIfdU�Zfd)ej�dSe5j�d*eeIfdV�Zgd)ej�dSe5j�d*eeIfdW�Zhd)ej�d/ee-j�d*eeIfdX�Zi	dtd)ej�d,ej�d-e
eId/ee-j�d*df
dY�Zjd)ej�dZe5j�d*eeIfd[�Zkd)ej�d*ej�fd\�Zld)ej�d*dfd]�Zmd)ej�dZe5j�d*dfd^�Znd)ej�dZe5j�d*eeIfd_�Zod)ej�dZe5j�d*dfd`�Zpd)ej�dSe5j�d*dfda�Zqd)ej�dSe5j�d*dfdb�Zrd)ej�dSe5j�d*dfdc�Zsd)ej�dSe5j�d*dfdd�Ztd)ej�dSe5j�d*eeIfde�Zud)ej�dZe5j�d*eeIfdf�Zvd)ej�d,ej�d*eeeIeeIeeIffdg�Zwd)ej�dZe5j�d/e-j�d*dfdh�Zxd)ej�dZe5j�d*dfdi�Zyd)ej�dSe5j�d*dfdj�Zzd)ej�d*dfdk�Z{dleIdmej�d*dfdn�Z}d)ej�dZe5j�d*dfdo�Z~ed)ej�d*e
ee1j�e1�jfddffdp��Z�dtdqee
eId*eeeIe�ffdr�Z�y)vzCertbot main entry point.�)�contextmanagerN)�cast)�	Generator)�IO)�Iterable)�List)�Optional)�Tuple)�TypeVar)�Union)�b64)�client)�errors)�messages)�
configuration)�crypto_util)�
interfaces)�util)�account)�cert_manager)�cli)�	constants)�eff)�hooks)�log)�renewal)�snap_config)�storage)�updater)�obj)�disco)�	selection)�
filesystem)�misc)�os)�ops)�enhancementsz?User chose to cancel the operation and may reinvoke the client.�config�returnc��|jdk7sJ�|js|jrytjt
jdd��y)z�Potentially suggest a donation to support Certbot.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :returns: `None`
    :rtype: None

    �renewNz�If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-leF��pause)�verb�staging�quietr�atexit_register�display_util�notification�r(s �8/usr/lib/python3/dist-packages/certbot/_internal/main.py� _suggest_donation_if_appropriater6?sH���;�;�'�!�!�!�
�~�~���������!�!�	K����	le_client�domains�certname�lineagec	��tj|�g}	|�rtjdj	|j
rdndt
j|xs|j�����tj||||�n�|�tjd��tjdj	|j
rdndt
j|����|j||�}|durtjd	��|�@tj||j�|j�|j!|�tj"||�|S#tj"||�wxYw)
a,Authenticate and enroll certificate.

    This method finds the relevant lineage, figures out what to do with it,
    then performs that action. Includes calls to hooks, various reports,
    checks, and requests for user input.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param domains: List of domain names to get a certificate. Defaults to `None`
    :type domains: `list` of `str`

    :param certname: Name of new certificate. Defaults to `None`
    :type certname: str

    :param lineage: Certificate lineage object. Defaults to `None`
    :type lineage: storage.RenewableCert

    :returns: the issued certificate or `None` if doing a dry run
    :rtype: storage.RenewableCert or None

    :raises errors.Error: if certificate could not be obtained

    �{action} for {domains}z-Simulating renewal of an existing certificatez Renewing an existing certificate��actionr9z5Domain list cannot be none if the lineage is not set.� Simulating a certificate request�Requesting a certificateFz!Certificate could not be obtained)r�pre_hookr2�notify�format�dry_run�internal_display_util�summarize_domain_list�namesr�
renew_certr�Error�obtain_and_enroll_certificate�deploy_hook�live_dir�extend�	post_hook)r8r(r9r:r;�renewed_domainss      r5�_get_and_save_certrQYs\��8
�N�N�6��!#�O�1���
���(�/�/��~�~�K�+M�1�G�G��Hb�SZ�S`�S`�Sb�c�0��
�
���v�w�	�7�C����l�l�#Z�[�[����(�/�/�AG���=�5�1�G�G��P�0��
� �=�=�g�x�P�G��%���l�l�#F�G�G��"��!�!�&�'�-�-�/�7�;K�;K�L��&�&�w�/�
�����0��N��	�����0�s�D?E0�0F�certc	��|jj�}|jj�}||k(ry|jd�xr|jd�}|s.t	j
d|�d|j�d|�d�dd	dd�
�ry|jd�r)tjd|j�d
|�d|�d���|j�|_y)a�
    This function ensures that the user will not implicitly migrate an existing key
    from one type to another in the situation where a certificate for that lineage
    already exist and they have not provided explicitly --key-type and --cert-name.
    :param config: Current configuration provided by the client
    :param cert: Matching certificate that could be renewed
    :returns: Whether a key type migration is going ahead.
    :rtype: `bool`
    F�key_typer:zAn z certificate named z7 already exists. Do you want to update its key type to �?zUpdate key typezKeep existing key type)�	yes_label�no_label�default�force_interactiveTz?Are you trying to change the key type of the certificate named z from z to zr? Please provide both --cert-name and --key-type on the command line to confirm the change you are trying to make.)
rT�upper�private_key_type�set_by_userr2�yesno�lineagenamerrJ�lower)r(rR�new_key_type�cur_key_type�is_confirmed_via_clis     r5�%_handle_unexpected_key_type_migrationrc�s����?�?�(�(�*�L��(�(�.�.�0�L��|�#��"�-�-�j�9�\�f�>P�>P�Q[�>\���|�1�1�

�l�^�.�t�/?�/?�.@�A"�".��q�	2�#�.F���	 �����*�%��l�l�M���� ��|�n�D���G&�
&�
�	
�#�(�(�*�F�O�r7c�J�t||�dj|j��}dj|jj
|dj|�tj��}|js&|jstj|dddd��rd	|fStjd
j|tjdjtj dd
�tj���t#j$t&��)aFigure out what to do if a previous cert had a subset of the names now requested

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param domains: List of domain names
    :type domains: `list` of `str`

    :param cert: Certificate object
    :type cert: storage.RenewableCert

    :returns: Tuple of (str action, cert_or_None) as per _find_lineage_for_domains_and_certname
              action can be: "newcert" | "renew" | "reinstall"
    :rtype: `tuple` of `str`

    �, a You have an existing certificate that contains a portion of the domains you requested (ref: {0}){br}{br}It contains these names: {1}{br}{br}You requested these names for the new certificate: {2}.{br}{br}Do you want to expand and replace this existing certificate with the new certificate?��br�Expand�Cancelz--expandT��cli_flagrYr+z�To obtain a new certificate that contains these names without replacing your existing certificate for {0}, you must use the --duplicate option.{br}{br}For example:{br}{br}{1} --duplicate {2}� �N)rc�joinrHrD�
configfile�filenamer%�linesep�expand�renew_by_defaultr2r]rCr�cli_command�sys�argvrrJ�USER_CANCELLED)r(r9rR�existing�questions     r5�_handle_subset_cert_requestrz�s���(*�&�$�7��y�y�����&�H�	0�

�f�T�_�_�
%�
%�
�
�Y�Y�w�
��
�
�
��

��}�}��/�/�<�3E�3E��(�H�z�T�4S���}�����	2�39�&���O�O�S�X�X�c�h�h�q�r�l�3��z�z�39�3
�	��,�,�~�
&�&r7c� �t||�}|j�sd|fS|stj||�rd|fS|jrd|fSdj|jjtj��}|jdk(rd}n|jdk(rd}d	g}tj||d
d��}|d
tjk(rtjd
��|dd
k(rd|fS|ddk(rd|fSt!d��)a�Figure out what to do if a lineage has the same names as a previously obtained one

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param lineage: Certificate lineage object
    :type lineage: storage.RenewableCert

    :returns: Tuple of (str action, cert_or_None) as per _find_lineage_for_domains_and_certname
              action can be: "newcert" | "renew" | "reinstall"
    :rtype: `tuple` of `str`

    �	reinstallr+z�You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.{br}(ref: {0}){br}{br}What would you like to do?rf�runz.Attempt to reinstall this existing certificate�certonlyz%Keep the existing certificate for nowzBRenew & replace the certificate (may be subject to CA rate limits)rT)rXrYz.Operation canceled. You may re-run the client.rmzThis is impossible)rc�ensure_deployedr�should_renewr|rDrorpr%rqr.r2�menu�CANCELrrJ�AssertionError)r(r;�is_key_type_changingry�keep_opt�choices�responses       r5�_handle_identical_cert_requestr��s6�� A���Q���"�"�$��G�#�#��w�3�3�F�G�D�����
����G�#�#�	;�
�f�W�
�
�
(�
(�R�Z�Z�f�8�	
��{�{�e��C��	���
�	"�:���S�U�G�� � ��7�,-��G�H���{�l�)�)�)��l�l�<�>�	>���{�a���G�#�#�	�!���	�����
�-�
.�.r7c��|jrytj||�\}}|�|�y|�t||�S|�
t	|||�Sy)aDetermine whether there are duplicated names and how to handle
    them (renew, reinstall, newcert, or raising an error to stop
    the client run if the user chooses to cancel the operation when
    prompted).

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param domains: List of domain names
    :type domains: `list` of `str`

    :returns: Two-element tuple containing desired new-certificate behavior as
              a string token ("reinstall", "renew", or "newcert"), plus either
              a RenewableCert instance or `None` if renewal shouldn't occur.
    :rtype: `tuple` of `str` and :class:`storage.RenewableCert` or `None`

    :raises errors.Error: If the user would like to rerun the client again.

    ��newcertN�NN)�	duplicater�find_duplicative_certsr�rz)r(r9�ident_names_cert�subset_names_certs    r5�_find_lineage_for_domainsr�/sh��2����*6�*M�*M�f�V]�*^�'��'���$5�$=���#�-�f�6F�G�G�	�	&�*�6�7�<M�N�N�r7c�d�t|||�\}}|dk(rtjd�|dk7|fS)abFinds an existing certificate object given domains and/or a certificate name.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param domains: List of domain names
    :type domains: `list` of `str`

    :param certname: Name of certificate
    :type certname: str

    :returns: Two-element tuple of a boolean that indicates if this function should be
              followed by a call to fetch a certificate from the server, and either a
              RenewableCert instance or None.
    :rtype: `tuple` of `bool` and :class:`storage.RenewableCert` or `None`

    r|z Keeping the existing certificate)�&_find_lineage_for_domains_and_certname�logger�info)r(r9r:r?r;s     r5�
_find_certr�Xs;��&=�V�W�h�W�O�F�G�
������6�7��k�!�G�+�+r7c�n�|st||�Stj||�}|ri|r[tj||�}|rCt	|�t	|�k7r,t||�t
||||j��d|fSt||�S|rytjdj|���)a�Find appropriate lineage based on given domains and/or certname.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param domains: List of domain names
    :type domains: `list` of `str`

    :param certname: Name of certificate
    :type certname: str

    :returns: Two-element tuple containing desired new-certificate behavior as
              a string token ("reinstall", "renew", or "newcert"), plus either
              a RenewableCert instance or None if renewal should not occur.

    :rtype: `tuple` of `str` and :class:`storage.RenewableCert` or `None`

    :raises errors.Error: If the user would like to rerun the client again.

    r+r�z}No certificate with name {0} found. Use -d to specify domains, or run certbot certificates to see possible certificate names.)r�r�lineage_for_certname�domains_for_certname�setrc�_ask_user_to_confirm_new_namesrHr�r�ConfigurationErrorrD)r(r9r:r;�computed_domainss     r5r�r�qs���.�(���9�9��/�/���A�G���+�@�@���R���C�(8�$9�S��\�$I�5�f�g�F�.�v�w��/6�}�}��@���'�'�-�f�g�>�>�	��
�
#�
#�%B�BH�&��BR�T�Tr7�T�after�beforec���tt|�t|�z
�}tt|�t|�z
�}|j�|j�||fS)zWGet lists of items removed from `before`
    and a lists of items added to `after`
    )�listr��sort)r�r��added�removeds    r5�_get_added_removedr��sN��
��U��c�&�k�)�*�E��3�v�;��U��+�,�G�	�J�J�L��L�L�N��'�>�r7�	character�stringsc�v�|sd}nddj|�z}|j|tj��S)z%Format list with given character
    z
{br}(None)z	{br}{ch} )�chrg)rnrDr%rq)r�r��	formatteds   r5�_format_listr��sC��� �	��+�"2�"2�7�";�;�	�����
�:�:���r7�new_domains�old_domainsc��|jryt||�\}}dj|td|�td|�tj
��}t
j|ddd�	�stjd
��y)aAsk user to confirm update cert certname to contain new_domains.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param new_domains: List of new domain names
    :type new_domains: `list` of `str`

    :param certname: Name of certificate
    :type certname: str

    :param old_domains: List of old domain names
    :type old_domains: `list` of `str`

    :returns: None
    :rtype: None

    :raises errors.ConfigurationError: if cert name and domains mismatch

    Nz�You are updating certificate {0} to include new domain(s): {1}{br}{br}You are also removing previously included domain(s): {2}{br}{br}Did you intend to make this change?�+�-rfzUpdate certificateriT�rXz2Specified mismatched certificate name and domains.)
�renew_with_new_domainsr�rDr�r%rqr2r]rr�)r(r�r:r�r�r��msgs       r5r�r��s���.�$�$��'��[�A�N�E�7�1�17����C��'��C��)��*�*�	28�2�����c�#7��4�P��'�'�(\�]�]�Qr7�	installerryc���d}|j}|jr
|j}n|rtj||�}|st	j
||�}|s|st
jd��||fS)aRetrieve domains and certname from config or user input.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param installer: Installer object
    :type installer: interfaces.Installer

    :param `str` question: Overriding default question to ask the user if asked
        to choose from domain names.

    :returns: Two-part tuple of domains and certname
    :rtype: `tuple` of list of `str` and `str`

    :raises errors.Error: Usage message, if parameters are not used correctly

    Nz�Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.)r:r9rr��display_ops�choose_namesrrJ)r(r�ryr9r:s     r5�_find_domains_or_certnamer��s{��(�G����H�
�~�~��.�.��
��3�3�F�H�E����*�*�9�h�?���8��l�l�K�L�	L��H��r7�
installer_err�new_or_renewed_certc�X�g}|rx|jdk(r-|jd|j�d|j�d��n<|jd|j�dtj�dt||����|rj|jr|jd�nLt|�r$|jd	tj�d
��n|js|jd�|sytjd
tjfD�cgc]0}tjj�r|js|nd��2c}\}}}t!||��t#j$d�t!|d��|D]}	t#j$d|	����|rt!�yycc}w)a�Displays post-run/certonly advice to the user about renewal and installation.

    The output varies by runtime configuration and any errors encountered during installation.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param installer_err: The installer/enhancement error encountered, if any.
    :type error: Optional[errors.Error]

    :param lineage: The resulting certificate lineage from the issuance, if any.
    :type lineage: Optional[storage.RenewableCert]

    :param bool new_or_renewed_cert: Whether the verb execution resulted in a certificate
                                     being saved (created or renewed).

    r~zMThe certificate was saved, but was not successfully loaded by the installer (z\) due to the installer failing to reload. After fixing the error shown below, try reloading z
 manually.zBThe certificate was saved, but could not be installed (installer: zM). After fixing the error shown below, try installing it again by running:
  z install --cert-name z�Certificates created using --csr will not be renewed automatically by Certbot. You will need to renew the certificate before it expires, by running the same Certbot command again.z�This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same z. command before the certificate's expiry date.z�The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.N�
�)�endzNEXT STEPS:z- )r.�appendr�rrt�!_cert_name_from_config_or_lineage�csr�_is_interactive_only_auth�preconfigured_renewalr�
ANSI_SGR_BOLD�ANSI_SGR_RESETru�stdout�isattyr0�printr2rC)
r(r�r;r��steps�c�bold_on�nl�bold_off�steps
          r5�_report_next_stepsr�	s���(�E���;�;�*�$��L�L���$�$�%�&E�EK�EU�EU�DV�V`�b�
�
�L�L�T��#�#�$�%"�"%�/�/�!2�2G�4�V�W�E�F�H�
���:�:��L�L�)�
*�'�v�
.��L�L��!�_�_�-�-[�]�
��-�-��L�L�J�
K���*.�);�);�T�4�CV�CV�(W�Y�#$�%(�J�J�$5�$5�$7����q�RT�T�Y��W�b�(�	�'�r�����
�&�	�(����)�����b���K�(�)��
����Ys�5F'�	cert_path�fullchain_path�key_pathc
�p�|jrtjd�y|r|sJd��d}|jr
t	|�sd}tjdj|t
j|�j�|rdj|�nd||jdk(rd	nd�
��y)a�Reports the creation of a new certificate to the user.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param cert_path: path to certificate
    :type cert_path: str

    :param fullchain_path: path to full chain
    :type fullchain_path: str

    :param key_path: path to private key, if available
    :type key_path: str

    :returns: `None`
    :rtype: None

    �The dry run was successful.N� No certificates saved to report.r�z_
Certbot has set up a scheduled task to automatically renew this certificate in the background.z�
Successfully received certificate.
Certificate is saved at: {cert_path}
{key_msg}This certificate expires on {expiry}.
These files will be updated when the certificate renews.{renewal_msg}{nl}zKey is saved at:         {}
r}r�)r��expiry�key_msg�renewal_msgr�)
rEr2rCr�r�rDr�notAfter�dater.)r(r�r�r�r�s     r5�_report_new_certr�Xs���(�~�~����9�:����K�)K�K�'��K�
�#�#�,E�f�,M�8�����
T�V\�U[�$��'�'�	�2�7�7�9�HP�3�:�:�8�D�VX�#��{�{�e�+�t��V\�V
�	r7c�<�|jdk(r
|j�yy)zP Whether the current authenticator params only support interactive renewal.
    �manualTF)�
authenticator�manual_auth_hookr4s r5r�r��s#�����x�'�F�,C�,C�,K��r7�
chain_pathc���|jrtjd�y|r|sJd��tj|�j�}tjdj
||||���y)a� --csr variant of _report_new_cert.

    Until --csr is overhauled (#8332) this is transitional function to report the creation
    of a new certificate using --csr.
    TODO: remove this function and just call _report_new_cert when --csr is overhauled.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param str cert_path: path to cert.pem

    :param str chain_path: path to chain.pem

    :param str fullchain_path: path to fullchain.pem

    r�Nr�z�
Successfully received certificate.
Certificate is saved at:            {cert_path}
Intermediate CA chain is saved at:  {chain_path}
Full certificate chain is saved at: {fullchain_path}
This certificate expires on {expiry}.)r�r�r�r�)rEr2rCrr�r�rD)r(r�r�r�r�s     r5�_csr_report_new_certr��su��$�~�~����9�:����K�)K�K�'�
�
!�
!�)�
,�
1�
1�
3�F����
0�28���J�)�&�28�2
�	r7c����dtddf�fd�}tj��}d}�j�|j�j�}n�|j	�}t|�dkDr/t
j|�}|stjd��|}nvt|�dk(r|d}nb�j�%�jst
j��_
	tj�||��\}}tj d	�|j2�_||fS#tj"$r�tjt$jf$r�}t&j)d
d��t%j*|�r3t-j.t1t$j|��}d
|��}nt|�}tjd|����d}~wwxYw)a�Determine which account to use.

    If ``config.account`` is ``None``, it will be updated based on the
    user input. Same for ``config.email``.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :returns: Account and optionally ACME client API (biproduct of new
        registration).
    :rtype: tuple of :class:`certbot._internal.account.Account` and :class:`acme.client.Client`

    :raises errors.Error: If unable to register an account with ACME server

    �terms_of_servicer)Nc����jrydj|�}tj|dd��}|st	j
d��y)NzpPlease read the Terms of Service at {0}. You must agree in order to register with the ACME server. Do you agree?z--agree-tosTrjz?Registration cannot proceed without accepting Terms of Service.)�tosrDr2r]rrJ)r�r��resultr(s   �r5�_tos_cbz#_determine_account.<locals>._tos_cb�sW����:�:��'�'-�v�.>�'?�	��#�#�C�-�SW�X����,�,�$�%�
%�r7rmzNo account has been chosen.r)�tos_cbzAccount registered.r�T)�exc_infoz#Error returned by the ACME server: z0Unable to register an account with ACME server. )�strr�AccountFileStorage�load�find_all�lenr��choose_accountrrJ�email�register_unsafely_without_email�	get_emailr�registerr2rC�MissingCommandlineFlag�
acme_messagesr��debug�
is_acme_errorrF�describe_acme_errorr�id)	r(r��account_storage�acme�acc�accounts�
potential_acc�err�err_msgs	`        r5�_determine_accountr�s����$
%�#�
%�$�
%��0�0��8�O�+/�D�
�~�~�!��"�"�6�>�>�2��"�+�+�-���x�=�1��'�6�6�x�@�M� ��l�l�#@�A�A��C�
��]�a�
��1�+�C��|�|�#�F�,R�,R�*�4�4�6���
R�"�O�O��O�G�=�	��T��#�#�$9�:��V�V�F�N���9����0�0�
���L�L�-�"5�"5�6�	
R����R�$��/� �.�.�s�3�3�G�G��]�0�0�#�6�8�G� C�G�9�M�G�!�#�h�G��l�l�F�w�i�P�R�R��	
R�s�"0D'�'6G$�BG�G$c����|j}|�d}tj|dddd��}|sy|jsJ�|jstj|�|_tjtjtj||j�dd��||j��	tj|�fd	�gd
�d��tj,|�y#tj$rtj!d��Yyt"$rD}d
}|j%|j&|j(�|�}tj*|��d}~wwxYw)a�Does the user want to delete their now-revoked certs? If run in non-interactive mode,
    deleting happens automatically.

    :param config: parsed command line arguments
    :type config: configuration.NamespaceConfig

    :returns: `None`
    :rtype: None

    :raises errors.Error: If anything goes wrong, including bad user input, if an overlapping
        archive dir is found for the specified lineage, etc ...
    Nz{Would you like to delete the certificate(s) you just revoked, along with all earlier and later versions of the certificate?zYes (recommended)�NoT)rVrWrYrX�utf-8��encoding�default_encodingc����S�N�)�x�archive_dirs �r5�<lambda>z(_delete_if_appropriate.<locals>.<lambda>s����r7c��|jSr)r�r
s r5rz(_delete_if_appropriate.<locals>.<lambda>s
���
�
�r7c��|jSr)r^rs r5rz(_delete_if_appropriate.<locals>.<lambda>s
��QR�Q^�Q^�r7zhNot deleting revoked certificates due to overlapping archive dirs. More than one certificate is using %sz_config.default_archive_dir: {0}, config.live_dir: {1}, archive_dir: {2},original exception: {3})�delete_after_revoker2r]r�r:r�cert_path_to_lineager�full_archive_path�	configobj�	ConfigObj�renewal_file_for_certname�match_and_check_overlapsr�OverlappingMatchFoundr��warning�	ExceptionrD�default_archive_dirrMrJ�delete)r(�attempt_deletionr��ers    @r5�_delete_if_appropriater!�sS����1�1����O��'�-�-�c�=P�[_�@D�d�T����������?�?�&�;�;�F�C����+�+�����1�1�&�&�/�/�J� �7�
<�
�F�O�O�	%�K�
 ��-�-�f�7L�6M�.E�G^�	`��������'�'�����?�@K�	M��� �)���j�j��3�3�V�_�_�k�ST�U���l�l�3����	 �s�9C-�-)E$�E$� ?E�E$r�c��|�%t|�\}}tjd|�nd\}}tj|||||��S)a�Initialize Let's Encrypt Client

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param authenticator: Acme authentication handler
    :type authenticator: Optional[interfaces.Authenticator]
    :param installer: Installer object
    :type installer: interfaces.Installer

    :returns: client: Client object
    :rtype: client.Client

    zPicked account: %rr��r�)rr�r�r�Client)r(r�r�r�r�s     r5�_init_le_clientr%-sG��$� �&�v�.�	��T����)�3�/��	��T��=�=���m�Y�T�J�Jr7�unused_pluginsc��tj|�}|j�}|sd|j�d�Sd}t	j
|ddd��}|syt
|�\}}tj||d	d	|�
�}|jstjd��|jj|j�tj|�}	|	j|j�t	jd�y	)
a:Deactivate account on server

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param unused_plugins: List of plugins (deprecated)
    :type unused_plugins: plugins_disco.PluginsRegistry

    :returns: `None` or a string indicating an error
    :rtype: None or str

    z+Could not find existing account for server �.zCAre you sure you would like to irrevocably deactivate your account?�
Deactivate�AbortT)rVrWrXzDeactivation aborted.Nr#�ACME client is not set.zAccount deactivated.)rr�r��serverr2r]rrr$r�rrJ�deactivate_registration�regrrrC)
r(r&r�r��prompt�wants_deactivater�r��	cb_client�
account_filess
          r5�
unregisterr3Is����0�0��8�O��'�'�)�H��<�V�]�]�O�1�M�M��F�#�)�)�&�L�SZ�26�8���&�"�6�*�I�C���
�
�f�c�4��D�A�I��>�>��l�l�4�5�5��N�N�*�*�3�8�8�4��.�.�v�6�M�������(����.�/�r7c�j�tj|�}|j�}|ryt|�y)a<Create accounts on the server.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param unused_plugins: List of plugins (deprecated)
    :type unused_plugins: plugins_disco.PluginsRegistry

    :returns: `None` or a string indicating an error
    :rtype: None or str

    zmThere is an existing account; registration of a duplicate account with this command is currently unsupported.N)rr�r�r)r(r&r�r�s    r5r�r�ts7�� �0�0��8�O��'�'�)�H����v��r7c��tj|�}|j�}|sd|j�d�S|j�'|j
st
jd��|_t|�\}}tj||dd|��}|jstjd��d}|jr+|jjd	�D�cgc]}d
|z��	}}|jj }	|jj#|jj%|jj&j%|�����|_|jj%|	�
�|_|j)|�|jst+j,d�yt/j0||�t+j,dj3|j��ycc}w)a<Modify accounts on the server.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param unused_plugins: List of plugins (deprecated)
    :type unused_plugins: plugins_disco.PluginsRegistry

    :returns: `None` or a string indicating an error
    :rtype: None or str

    �.Could not find an existing account for server r(NF)�optionalr#r+r�,�mailto:)�contact)�body)�urizFAny contact information associated with this account has been removed.z'Your e-mail address was updated to {0}.)rr�r�r,r�r�r�r�rrr$r�rrJ�splitr.r<�update_registration�updater;�update_regrr2rCr�prepare_subscriptionrD)
r(r&r�r�r�r�r1�acc_contactsr��
prev_regr_uris
          r5�update_accountrD�s��� �0�0��8�O��'�'�)�H��?��
�
��a�P�P�
�|�|��F�$J�$J�"�,�,�e�<���"�6�*�I�C���
�
�f�c�4��D�A�I��>�>��l�l�4�5�5�#%�L�
�|�|�7=�|�|�7I�7I�#�7N�O�e�	�E�)�O��O��H�H�L�L�M��~�~�1�1�#�(�(�/�/�
�X�X�]�]�
!�
!�,�
!�
7�3B�39�:�C�H�
�x�x���=��1�C�H�����$��<�<����B�	C��	� � ���-����E�L�L�V�\�\�Z�[���%Ps�G:c��tj|�}|j�}|sd|j�d�St	|�\}}tj||dd|��}|jstjd��|jj|j�}d|j�d�d|j��g}tj|jj!��j#�}	|j%d	|	���g}
|j&j(D](}|j+d
�s�|
j%|dd��*|j%dj-t/|
�d
kDrdndt/|
�dkDrdj1|
�nd��t3j4dj1|��y)a^Fetch account info from the ACME server and show it to the user.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param unused_plugins: List of plugins (deprecated)
    :type unused_plugins: plugins_disco.PluginsRegistry

    :returns: `None` or a string indicating an error
    :rtype: None or str

    r6r(Nr#r+zAccount details for server �:z  Account URL: z  Account Thumbprint: r9�z  Email contact{}: {}rm�sr�rre�noner�)rr�r�r,rrr$r�rrJ�query_registrationr.r<r
�	b64encode�key�
thumbprint�decoder�r;r:�
startswithrDr�rnr2rC)r(r&r�r�r�r�r1r.�outputrM�emailsr:s            r5�show_accountrR�s��� �0�0��8�O��'�'�)�H��?��
�
��a�P�P�"�6�*�I�C���
�
�f�c�4��D�A�I��>�>��l�l�4�5�5��>�>�,�,�S�X�X�6�D�+�F�M�M�?�!�<�����z�*�,�F����s�w�w�1�1�3�4�;�;�=�J�
�M�M�*�:�,�7�8�
�F��9�9�$�$�'�����i�(��M�M�'�!�"�+�&�'��M�M�)�0�0�#&�v�;��?�C��14�V��q��D�I�I�f�-�f�N�O�����	�	�&�)�*�r7c��|r|jS|jr|jS	tj|�}|S#tj
$rYywxYwr)r^r:rrrrJ)r(r;�	cert_names   r5r�r��sV����"�"�"�	�������
� �5�5�f�=�	�����<�<�
���
�s�?�A�Ac���|r|n|}|j�J�|j||j|j|j|j�|j||j�y)a�Install a cert

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param le_client: Client object
    :type le_client: client.Client

    :param domains: List of domains
    :type domains: `list` of `str`

    :param lineage: Certificate lineage object. Defaults to `None`
    :type lineage: storage.RenewableCert

    :returns: `None`
    :rtype: None

    N)r��deploy_certificater�r�r��enhance_config)r(r8r9r;�
path_providers     r5�
_install_certrY
sm��*FM�'�RX���"�"�.�.�.�
� � ��-�*@�*@�-�BY�BY�!.�!9�!9�=�;W�;W�Y�
���W�m�&>�&>�?r7�pluginsc�`�	tj||d�\}}|j
xr|j}|js%|s#d}tj|dd|��d|_tj||�stjd��|jrt|�}n*tj|�rtjd��|j
rB|jr6t!|�t#||�\}}t%|d|�	�}t'|||�ntjd
��tj|�r8tj(||j�}	tj*|	|||�y#tj$r}t	|�cYd}~Sd}~wwxYw)a'Install a previously obtained cert in a server.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param plugins: List of plugins
    :type plugins: plugins_disco.PluginsRegistry

    :returns: `None` or the error message
    :rtype: None or str

    �installNz,Which certificate would you like to install?F��allow_multiple�
custom_promptr�VOne ore more of the requested enhancements are not supported by the selected installerzLOne or more of the requested enhancements require --cert-name to be provided�r�r�z�Path to certificate or key was not defined. If your certificate is managed by Certbot, please use --cert-name to define which certificate you would like to install.)�plug_sel�choose_configurator_pluginsr�PluginSelectionErrorr�r�r�r:r�
get_certnamesr'�
are_supported�NotSupportedError�_populate_from_certname�
are_requestedr��_check_certificate_and_keyr�r%rYr��enable)
r(rZr��_r �custom_cert�certname_questionr9r8r;s
          r5r\r\'s���$��;�;�F�G�Y�W��	�1��?�?�7�v�'7�'7�K��?�?�;�J��&�4�4��I�e�+�-�-.�0����%�%�f�i�8��&�&�(U�V�	V�
���(��0��	�	#�	#�F�	+��'�'�)M�N�	N����6�+�+�"�6�*�.�v�y�A�
���#�F�$�)�T�	��f�i��1��'�'�)E�F�	F��!�!�&�)��3�3�F�F�O�O�L�����G�W�i��@���M�&�&���1�v�
���s�F�F-�
F(�"F-�(F-c�6�tj||j�}|s|S|js|j|_|js|j|_|j
s|j
|_|js|j|_|S)zfHelper function for install to populate missing config values from lineage
    defined by --cert-name.)rr�r:r�r�r�r�)r(r;s  r5rhrhds����/�/�����H�G���
��?�?�!�*�*������"�,�,������#�.�.���� � � '� 6� 6����Mr7c��tjjtj|j
��s.t
jdj|j
���tjjtj|j��s.t
jdj|j���y)Nz-Error while reading certificate from path {0}z-Error while reading private key from path {0})
r%�path�isfiler#�realpathr�rr�rDr�r4s r5rjrjvs���
�7�7�>�>�*�-�-�f�.>�.>�?�@��'�'�).�.4�f�V�5E�5E�.F�H�	H�
�7�7�>�>�*�-�-�f�o�o�>�?��'�'�).�.4�f�V�_�_�.E�G�	G�@r7c��tjd|j�|j�gn|j}|j�j|�}tjd|�t	j
tjd��}|js|js|t|��y|j|�tjd|�|js|t|��y|j�|j�}tjd|�|t|��y)z�List server software plugins.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param plugins: List of plugins
    :type plugins: plugins_disco.PluginsRegistry

    :returns: `None`
    :rtype: None

    zExpected interfaces: %sNzFiltered plugins: %rFr,zPrepared plugins: %s)r�r��ifaces�visible�	functools�partialr2r3�init�preparer��	available)r(rZru�filteredrCr{s      r5�plugins_cmdr}s����L�L�*�F�M�M�:��=�=�(�R�f�m�m�F���� �'�'��/�H�
�L�L�'��2�
�
�
�|�8�8��
F�F��;�;�v�~�~��s�8�}����M�M�&��
�L�L�'��2��>�>��s�8�}��������"�"�$�I�
�L�L�'��3�
�3�y�>�r7c�J��gd�}t�fd�|D��}tj��s=|s;d}tj	|t
j�tjd��	tj�|d�\}}tj�|�stjd��d}tj �dd	|�
�d�_tj$��j"�}	|	�tj&d���j(r|	}
n/d
}t+j,|	|�}
|
stj&d��tj.��j"�}|stj&d���j0s|j0�_|r,t3�d|��}
|
j5|
�j0d	��tj��rtj6||
|��y#tj$r}t|�cYd}~Sd}~wwxYw)a6Add security enhancements to existing configuration

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param plugins: List of plugins
    :type plugins: plugins_disco.PluginsRegistry

    :returns: `None` or a string indicating an error
    :rtype: None or str

    )�hsts�redirect�uir�staplec3�6�K�|]}t�|����y�wr)�getattr)�.0�enhr(s  �r5�	<genexpr>zenhance.<locals>.<genexpr>�s�����N��w�v�s�+�N�s�z|Please specify one or more enhancement types to configure. To list the available enhancement types, run:

%s --help enhance
z#No enhancements requested, exiting.�enhanceNr`zFWhich certificate would you like to use to enhance your configuration?Fr]rzBCould not find the list of domains for the given certificate name.zJWhich domain names would you like to enable the selected enhancements for?zAUser cancelled the domain selection. No domains defined, exiting.z:Could not find the lineage for the given certificate name.ra)�redirect_default)�anyr'rir��errorrrtr�MisconfigurationErrorrbrcrdr�rfrgrrer:r�rJ�noninteractive_moder��
choose_valuesr�r�r%rWrk)r(rZ�supported_enhancements�oldstyle_enhr�r�rlr rn�cert_domainsr9�domain_questionr;r8s`             r5r�r��s����C���N�7M�N�N�L��%�%�f�-�l�N�����S�#�/�/�*��*�*�+P�Q�Q���;�;�F�G�Y�W��	�1��%�%�f�i�8��&�&�(U�V�	V�/��"�0�0��	�%�'�)�)*�,�F�O� �4�4�V�V�_�_�M�L����l�l�_�`�`�
�!�!���8���+�+�L�/�J����,�,� 3�4�
4��/�/�����H�G���l�l�W�X�X����#�.�.����#�F�$�)�T�	�� � ��&�*;�*;�e� �T��!�!�&�)����G�W�i��@���I�&�&���1�v�
���s�-G:�:H"�
H�H"�H"c�\�tj|j|j||�y)aRollback server configuration changes made during install.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param plugins: List of plugins
    :type plugins: plugins_disco.PluginsRegistry

    :returns: `None`
    :rtype: None

    N)r�rollbackr��checkpoints)r(rZs  r5r�r��s"���O�O�F�$�$�f�&8�&8�&�'�Jr7c�b�tjdt�tj|�y)a�Update the certificate file family symlinks

    Use the information in the config file to make symlinks point to
    the correct archive directory.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param unused_plugins: List of plugins (deprecated)
    :type unused_plugins: plugins_disco.PluginsRegistry

    :returns: `None`
    :rtype: None

    z1update_symlinks is deprecated and will be removedN)�warnings�warn�PendingDeprecationWarningr�update_live_symlinks�r(r&s  r5�update_symlinksr��s"��"
�M�M�E�G`�a��%�%�f�-r7c�.�tj|�y)aZRename a certificate

    Use the information in the config file to rename an existing
    lineage.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param unused_plugins: List of plugins (deprecated)
    :type unused_plugins: plugins_disco.PluginsRegistry

    :returns: `None`
    :rtype: None

    N)r�rename_lineager�s  r5�renamer�
s��"����'r7c�.�tj|�y)aZDelete a certificate

    Use the information in the config file to delete an existing
    lineage.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param unused_plugins: List of plugins (deprecated)
    :type unused_plugins: plugins_disco.PluginsRegistry

    :returns: `None`
    :rtype: None

    N)rrr�s  r5rrs��"����r7c�.�tj|�y)a.Display information about certs configured with Certbot

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param unused_plugins: List of plugins (deprecated)
    :type unused_plugins: plugins_disco.PluginsRegistry

    :returns: `None`
    :rtype: None

    N)r�certificatesr�s  r5r�r�2s�����f�%r7c���dx|_|_|j��|jrtt	j
t	j||j�|�}|j|_|jr\|jd�sK|j|_n9|jr|jr!|jrtjd��|j��tjd|j|j�tj|j|j�t!|jd�5}t"j$j'|j)��}ddd�t+j,|�}nYtjd|j�t/|�\}}t+j,||j0|j2�}t!|jd�5}tj4|j)��d}ddd�tjd|j6�	|j9t#j:�|j6�t=|�tEjF|j�y#1swY��:xYw#1swY��xYw#t>j@$r}	tC|	�cYd}	~	Sd}	~	wwxYw)	aSRevoke a previously obtained certificate.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param unused_plugins: List of plugins (deprecated)
    :type unused_plugins: plugins_disco.PluginsRegistry

    :returns: `None` or string indicating error in case of error
    :rtype: None or str

    Nr,zCError! Exactly one of --cert-path or --cert-name must be specified!z$Revoking %s using certificate key %s�rbzRevoking %s using Account KeyrzReason code for revocation: %s)$r�r�r�r:r�
RenewableCertrr,r\rrJr�r�r�r�verify_cert_matches_priv_key�open�jose�JWKr��readr�acme_from_config_keyrrLr.�pyopenssl_load_certificate�reason�revoke�ComparableX509r!�acme_errors�ClientErrorr�r��success_revocation)
r(r&r;�frLr�r�rlrRr s
          r5r�r�Cs/��/3�2�F��v�+�
����F�O�O��'�'��-�-�f�f�o�o�F��P��"�,�,����>�>�&�"4�"4�X�">�#�N�N�F�M�
�
�
�&�"2�"2�v����l�l�`�a�a�
���"����;��%�%�v���	8��0�0��1A�1A�6�?�?�S�
�&�/�/�4�
(�	*�A��(�(�-�-�����)�C�	*��*�*�6�3�7�����4�f�6F�6F�G�#�F�+���Q��*�*�6�3�7�7�C�H�H�E��	
�f����	%�C���5�5�a�f�f�h�?��B��C�
�L�L�1�6�=�=�A�����D�'�'��-�v�}�}�=��v�&��"�"�6�#3�#3�4��%	*�	*��C�C���"�"���1�v�
���s6�.J1�'J>�:K
�1J;�>K�
K2�
K-�'K2�-K2c�8�	tj||d�\}}|j
r7|r5d|j
�vr#tjd|j�d���tj||�stjd��t|||�}t||�\}}t|||�\}}	|	}
|rt|||||	�}
|
r|
jnd}|
r|
j nd}|
r|
j"nd}
|rt%||||
�d}	t'||||
�tj(|�r|
rtj*|
|||�|	�|st-j.|�nt-j0|�t5|||
|��|r|�t7|�t9j:||j<�y#tj$r}t	|�cYd}~Sd}~wwxYw#tj2$r}|}Yd}~��d}~wwxYw#t5|||
|��|r|�wxYw)z�Obtain a certificate and install.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param plugins: List of plugins
    :type plugins: plugins_disco.PluginsRegistry

    :returns: `None`
    :rtype: None

    r}Nzstaple-ocspz_Must-Staple extension requested, but OCSP stapling is not supported by the selected installer (a�)

You can either:
 * remove the --must-staple option from the command line and obtain a certificate without the Must-Staple extension, or;
 * use the `certonly` subcommand and manually install the certificate into the  intended service (e.g. webserver). You must also then manually enable OCSP stapling, as it is required for certificates with the Must-Staple extension to function properly.
 * choose a different installer plugin (such as --nginx or --apache), if possible.r`�r�)rbrcrrdr��must_stapler�rgr�r'rfr%r�r�rQr�r�r�r�rYrirkr��success_installation�success_renewalrJr�r6r�handle_subscriptionr)r(rZr�r�r r8r9r:�should_get_certr;�new_lineager�r�r�r�s               r5r}r}zs0�� �#+�#G�#G��PW�Y^�#_� �	�=����i�M��Aa�Aa�Ac�,c��&�&�
� �*�*�+�,a�	
a�
�	
��%�%�f�i�8��&�&�(U�V�	V� ��
�y�A�I�1�&�)�D��G�X�)�&�'�8�D��O�W��K��(��F�G��g���*5��%�%�$�I�3>�[�/�/�D�N�'2�{�#�#��H�����N�H�E�-1�M� ��f�i��+�>��%�%�f�-�+�����W�i��H��?�/��,�,�W�5��'�'��0�	�6�=�+�/>�	@����$�V�,����F�I�$5�$5�6���A�&�&���1�v�
����j�<�<���
����	�6�=�+�/>�	@�����sH�F7�A,G"�7G�

G�G�G�"H�5G<�7H�<H�H�Hc	��|j\}}tj|j�}t	j
dj
|jrdndtj|����|j|�\}}|jr!tjd|j�y|j||tj j#|j�tj j#|j$�tj j#|j&��\}}}	|||	fS)a@Obtain a cert using a user-supplied CSR

    This works differently in the CSR case (for now) because we don't
    have the privkey, and therefore can't construct the files for a lineage.
    So we just save the cert & chain to disk :/

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param client: Client object
    :type client: client.Client

    :returns: `cert_path`, `chain_path` and `fullchain_path` as absolute
              paths to the actual files, or None for each if it's a dry-run.
    :rtype: `tuple` of `str`

    r=r@rAr>z*Dry run: skipping saving certificate to %s�NNN)�
actual_csrr�get_names_from_req�datar2rCrDrErFrG�obtain_certificate_from_csrr�r�r��save_certificater%rq�normpathr�r�)
r(r8r�rl�	csr_namesrR�chainr�r�r�s
          r5�_csr_get_and_save_certr��s
��(�
�
�F�C���.�.�s�x�x�8�I���� �'�'�9?���5�.�)�?�?�	�J�	(�	
���7�7��<�K�D�%�
�~�~����8�&�:J�:J�	L��,5�,F�,F��e�R�W�W�%�%�f�&6�&6�7�
������*�*�+�R�W�W�-=�-=�f�>S�>S�-T�-V�)�I�z�>��j�.�0�0r7c�P�tj||d�\}}t|||�}t|||��}|st	j
d��|rX|jsKtj|||�tjd|j�d��|j�yyy)a�Renew & save an existing cert. Do not install it.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param plugins: List of plugins
    :type plugins: plugins_disco.PluginsRegistry

    :param lineage: Certificate lineage object
    :type lineage: storage.RenewableCert

    :returns: `None`
    :rtype: None

    :raises errors.PluginSelectionError: MissingCommandlineFlag if supplied parameters do not pass

    r~)r;z>An existing certificate for the given name could not be found.z
Reloading z! server after certificate renewalN)
rbrcr%rQrrJrEr�run_renewal_deployerr2rCr��restart)r(rZr;r��authr8�renewed_lineages       r5rIrI�s���(�:�:�6�7�J�W�O�I�t����i�8�I�(��F�G�L�O���l�l�[�\�\������$�$�V�_�i�H����j��)9�)9�(:�:[�\�]�����	(�yr7c��tj||d�\}}t|||�}|jrdt	||�\}}}t||||�t
|dd|j��t|�tj||j�yt||�\}}	t|||	�\}
}|
stjdd��yt!||||	|�}d}|r?|r=|js1t"j%d|j&�	|j)�|r|j.nd}|r|j0nd}|r|j2nd}t5||||�t
||||
xr
|j��|r|�t|�tj||j�y#t*j,$r}
|
}Yd}
~
��d}
~
wwxYw)aAuthenticate & obtain cert, but do not install it.

    This implements the 'certonly' subcommand.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param plugins: List of plugins
    :type plugins: plugins_disco.PluginsRegistry

    :returns: `None`
    :rtype: None

    :raises errors.Error: If specified plugin could not be used

    r~Nr�z5Certificate not yet due for renewal; no action taken.Fr,z.Reloading %s server after certificate issuance)rbrcr%r�r�r�r�rEr6rr�rr�r�r2r3rQr�r�r�r�rrJr�r�r�r�)r(rZr�r�r8r�r�r�r9r:r�r;r�r r�s               r5r~r~s���&�:�:�6�7�J�W�O�I�t����i�8�I�
�z�z�0F�v�y�0Y�-�	�:�~��V�Y�
�N�K��6�4��v�~�~�CU�V�(��0�����	�(9�(9�:��1�&�)�D��G�X�)�&�'�8�D��O�W���!�!�"Y�+0�	2�� ��F�G�X�w�O�G�-1�M��9�V�^�^����D�f�FV�FV�W�	�����&-��!�!�$�I�/6�W�+�+�D�N�#*�w����H��V�Y���A��v�}�g�+:�+Q�6�>�>�?Q�S����$�V�,����F�I�$5�$5�6���|�|�	��M��	�s�F/�/G�G	�	Gc��g}g}	tj|�\}}tj||�y#tj||�wxYw)aRenew previously-obtained certificates.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param unused_plugins: List of plugins (deprecated)
    :type unused_plugins: plugins_disco.PluginsRegistry

    :returns: `None`
    :rtype: None

    N)r�handle_renewal_requestr�run_saved_post_hooks)r(r&rP�failed_domainss    r5r+r+XsJ��"$�O� "�N�D�*1�*H�*H��*P�'���
�"�"�?�N�C���"�"�?�N�C�s	�5�A
c���tj|jtj|j
�t
jd�5tj|jtj|j
�ddd�|j|j|jf}|D]#}tj||j
���%y#1swY�UxYw)z�Create or verify existence of config, work, and hook directories.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :returns: `None`
    :rtype: None

    �N)�strict)
r�set_up_core_dir�
config_dirr�CONFIG_DIRS_MODE�strict_permissionsr#�
temp_umask�work_dir�renewal_pre_hooks_dir�renewal_deploy_hooks_dir�renewal_post_hooks_dir�make_or_verify_dir)r(�	hook_dirs�hook_dirs   r5�make_or_verify_needed_dirsr�os���	����*�*�I�,F�,F��Ha�Ha�b�
�	�	�u�	%�e����V�_�_�i�.H�.H�&�Jc�Jc�d�e��-�-��0�0��.�.�1�I��L�������1J�1J�K�L�
e�e�s�:C�C&�renewal_file�orig_renewal_confc���	tj|dd��}|d}|d}||k(rd}nd}tj|�y#tj$rtjd|����wxYw)a@Reports the outcome of certificate renewal reconfiguration to the user.

    :param renewal_file: Path to the cert's renewal file
    :type renewal_file: str

    :param orig_renewal_conf: Loaded original renewal configuration
    :type orig_renewal_conf: configobj.ConfigObj

    :returns: `None`
    :rtype: None

    rr�error parsing �
renewalparamsz3
No changes were made to the renewal configuration.zT
Successfully updated configuration.
Changes will apply when the certificate renews.N)rr�ConfigObjErrorr�CertStorageErrorr2rC)r�r��final_renewal_conf�orig_renewal_params�final_renewal_params�success_messages      r5�_report_reconfigure_resultsr��s���-�&�0�0��7�W�F��,�O�<��-�o�>���2�2�P��N������(���#�#�-��%�%��\�N�+�-�	-�-�s�A�,A0c
�<�|jrtjd��|js#d}t	j
|dd|��d|_|j}	t
j||�}|jr,|js d	}tj|d
dd��|_
	tj|d
d
��}t!j"|�}	t%j&||�}|stjd��|d}
|j+d�r(|j,|
dk(r|j.�
|
d|_dD]7}t1||�|
j3|�k7s�"d}tj|��t5j6||d�\}}
t!j"|�}d|_d|_t=j>d|�tA||
|�}tC||||��|jE|�tG||�y#tj$rtjd|�d���wxYw#tj$rtjd|����wxYw#t($r$}	tjd|�d|�d|	�d���d}	~	wwxYw)a4Allow the user to set new configuration options for an existing certificate without
       forcing renewal. This can be used for things like authenticator, installer, and hooks,
       but not for the domains on the cert, since those are only saved in the cert.

    :param config: Configuration object
    :type config: configuration.NamespaceConfig

    :param plugins: List of plugins
    :type plugins: plugins_disco.PluginsRegistry

    :raises errors.Error: if the dry run fails
    :raises errors.ConfigurationError: if certificate could not be loaded

    akYou have specified domains, but this function cannot be used to modify the domains in a certificate. If you would like to do so, follow the instructions at https://certbot.org/change-cert-domain. Otherwise, remove the domains from the command to continue reconfiguring. You can specify which certificate you want on the command line with flag --cert-name instead.z0Which certificate would you like to reconfigure?�reconfigureFr]rz"An existing certificate with name zO could not be found. Run `certbot certificates` to list available certificates.aaYou are attempting to set a --deploy-hook. Would you like Certbot to run deploy hooks when it performs a dry run with the new settings? This will run all relevant deploy hooks, including directory hooks, unless --no-directory-hooks is set. This will use the current active certificate, and not the temporary test certificate acquired during the dry run.zRun deploy hookszDo not run deploy hooksr�rrr�zRenewal configuration file z (cert: z ) produced an unexpected error: r(Nz0Could not load certificate. See logs for errors.r�r,r)rr,a.Using reconfigure to change the ACME account or server is not supported. If you would like to do so, use renew with the --force-renewal flag instead of reconfigure. Note that doing so will count against any rate limits. For more information on this method, see https://certbot.org/renew-reconfigurationr~T)r:r;)$r9rr�r:rrerrr�rL�run_deploy_hooksr2r]rrr��copy�deepcopyr�reconstituterr\r,rr��getrbrcr�rEr�set_test_server_optionsr%rQ�save_new_config_valuesr�)r(rZrnr:r�r�r��lineage_config�renewal_candidater r��paramr�r��dry_run_lineage_configr8s                r5r�r��s���"�~�~��'�'�)J�K�	K��?�?�N��&�4�4��M�%�+�-�-.�0������H�T��8�8���J�����&�"9�"9�:��
#/�"4�"4�S�9K�%�u�#6���-�%�/�/��7�W�F���]�]�6�*�N�F�#�0�0���N����'�'�(Z�[�[�%�o�6�M��!�!�(�+��0E�0E��W_�I`�0`��"�"�*�!.�y�!9���'�1���>�5�)�]�->�->�u�-E�E�?�C�
�+�+�C�0�0�1��:�:�>�7�T^�_�O�I�t�"�]�]�>�:��
26��.�%)��"����
�/E�F�� 6��i�H�I�
�y�"8�8�!�#�
�,�,�^�<���.?�@��O�"�"�T��'�'�*L�X�J�WS�)S�T�	T�T��$�#�#�-��%�%��\�N�+�-�	-�-���F��'�'�*E�l�^�T��Z�?��s�!�)E�F�	F��F�s0�H�-H?�I.�-H<�?,I+�.	J�7J�Jc#�K�d}d}|jr7d|_ttjd�}tj|�}n^|jr$tjtj�}n.tjtj|j�}	|��|r|j�yy#|r|j�wwxYw�w)z�Creates a display object appropriate to the flags in the supplied config.

    :param config: Configuration object

    :returns: Display object

    NT�w)r0r�r�r%�devnull�display_obj�NoninteractiveDisplayrur��FileDisplayrY�close)r(�	displayerr�s   r5�make_displayerrs�����15�� �G�
�|�|�%)��"��r�z�z�3�'���5�5�g�>�	�	�	#�	#��5�5�c�j�j�A�	��+�+��J�J��0�0�2�	������M�M�O���7��M�M�O��s�B&C�)C�-C�C�C�cli_argsc��|stjdd}tj�tj
j
d�dk(rtj|�}tjj�}tjdtj�tjdtjd�tjd|�tjd	|�t!j"�t%j&||�}t!j(�	tj*|�t-|�t7|�5}t9j:|�|j3||�cddd�S#t.j0$r|j2t4k7r�Y�ewxYw#1swYyxYw)
z�Run Certbot.

    :param cli_args: command line to Certbot, defaults to ``sys.argv[1:]``
    :type cli_args: `list` of `str`

    :returns: value for `sys.exit` about the exit status of Certbot
    :rtype: `str` or `int` or `None`

    rmN�CERTBOT_SNAPPED�Truezcertbot version: %sz#Location of certbot entry point: %srz
Arguments: %rzDiscovered plugins: %r)rurvr�pre_arg_parse_setupr%�environr�r�prepare_env�
plugins_disco�PluginsRegistryr�r�r��certbot�__version__r$�prepare_virtual_consoler�prepare_and_parse_args�+raise_for_non_administrative_windows_rights�post_arg_parse_setupr�rrJ�funcr}rr��set_display)rrZr(rs    r5�mainr8s[����8�8�A�B�<������	�z�z�~�~�'�(�F�2��*�*�8�4���+�+�4�4�6�G�
�L�L�&��(;�(;�<�
�L�L�6������D�
�L�L��(�+�
�L�L�)�7�3�	� � �"��
'�
'���
:�F�	�4�4�6��� � ��(�"�6�*�
��	�,�9����	�*��{�{�6�7�+�,�,���<�<���;�;�+�%��&���
,�,�s�5 F� 'F>�'F;�:F;�>Gr�r)T)��__doc__�
contextlibrr�rw�logging.handlers�loggingru�typingrrrrrr	r
rrr�r�josepyr�r
r�r�acme_clientrr�rr�rrrrr�certbot._internalrrrrrrrrrrr�certbot._internal.displayr r�rF�certbot._internal.pluginsr!r
r"rb�certbot.compatr#r$r%�certbot.displayr&r�r2�certbot.pluginsr'rw�	getLogger�__name__r��NamespaceConfigr6r$r�r�rQ�boolrcrzr�r�r�r�r�r�r�r��	Installerr�rJr�r�r�r��Account�ClientV2rr!�
Authenticatorr%rr3r�rDrRr�rYr\rhrjr}r�r�r�r�rr�r�r}r�rIr~r+r�rr�r�r�r�r�intrrr7r5�<module>r+s
���&����
��������������&�&�*��!�����%�*�!�$�'�!�#�!�%�)�%�%�8�C�<�;�%���.�0�(�)��
��	�	�8�	$���]�-J�-J��t��6W[�BF�?�&�-�-�?��9V�9V�?� (��c�� 3�?�FN�s�m�?� (��)>�)>� ?�?�%�W�%:�%:�;�?�D,�-�2O�2O�,�07�0E�0E�,�JN�,�^-'�
�(E�(E�-'�)1�#��-'�&-�&;�&;�-'�&+�3���9N�9N�0O�+O�%P�-'�`2/�=�+H�+H�2/�,3�,A�,A�2/�(-�c�8�G�<Q�<Q�3R�.R�(S�2/�j&�m�&C�&C�&�d�SV�i�&�#(��#����AV�AV�8W�)W�#X�&�R,�}�4�4�,�t�C�y�,�TW�,��$���)>�)>� ?�?�@�,�2(T��-�-�(T�8<�S�	�(T��(T����
�x��8M�8M�/N� N�O�(T�V�C�L���h�q�k��8�A�;��5��a��RV�WX�RY�IY�CZ��
�C�
�(�3�-�
�C�
�$^�=�+H�+H�$^�08��
�$^�IL�$^�08��
�$^�BF�$^�R9=�(�m�&C�&C�(�)1�*�2F�2F�)G�(�(0��
�(�AF�t�C�y�RU�~�AV�(�Z48�L�}�<�<�L�X�V\�Vb�Vb�Mc�L� (��)>�)>� ?�L�,0�L�<@�L�`OS�*�]�:�:�*�x�PS�}�*�%-�c�]�*�>F�s�m�*�W[�*�Z�m�&C�&C����#��!>�!>�#�8�TW�=�#�%-�c�]�#�DL�S�M�#�VZ�#�LA�}�<�<�A�!�'�/�/�"*�;�+?�+?�"@�#A�B�A�H1 �=�#@�#@�1 �T�1 �hK�M�9�9�K�#+�J�,D�,D�#E�K�'�
�(<�(<�=�K�BH�-�-�K�8(�}�4�4�(�,�<�<�(�AI�#��(�V�]�2�2��*�:�:��?G��}��>3�=�8�8�3�#0�#@�#@�3�EM�c�]�3�l/��6�6�/�#0�#@�#@�/�EM�c�]�/�d�m�.K�.K��/7��8M�8M�/N��S[�\_�S`�� RV�@�-�7�7�@�F�M�M�@���9�@�/7��8M�8M�/N�@�Z^�@�::�M�1�1�:�"�2�2�:�7?��}�:�z�M�$A�$A��m�Fc�Fc��$G�}�'D�'D�G��G�#�
�5�5�#�&�6�6�#�;?�#�L=�M�1�1�=�"�2�2�=�7?��}�=�@
K�]�2�2�
K�]�=Z�=Z�
K�_c�
K� .�M�9�9�.�$1�$A�$A�.�FJ�.�*(�=�0�0�(�(�8�8�(�=A�(�( �=�0�0� �(�8�8� �=A� �(&��6�6�&�!.�!>�!>�&�CG�&�"4�=�0�0�4�(�8�8�4�=E�c�]�4�nR�
�-�-�R��.�.�R�3;�C�=�R�j%1�=�#@�#@�%1�&,�m�m�%1�8=�#�C�=�(�3�-��#��F�9H�%1�P �}�4�4� �}�?\�?\� ��-�-� �26� �F;7�]�2�2�;7�]�=Z�=Z�;7�_c�;7�|D�-�/�/�D�'�7�7�D�<@�D�.L�}�'D�'D�L��L�.)�c�)�i�FY�FY�)�^b�)�@oA�
�5�5�oA� �0�0�oA�59�oA�d��=�8�8��!�%��(I�(I�(3�(?�(?�)@�#A�BF��#M�N����>.,�8�D��I�&�.,�(�5��c��?�2K�.,r7
Zerion Mini Shell 1.0