%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/certbot/_internal/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/certbot/_internal/__pycache__/renewal.cpython-312.pyc

�

M/�e0f��*�dZddlZddlZddlZddlZddlZddlZddlZddlm	Z	ddlm
Z
ddlmZddlmZddlm
Z
ddlmZdd	lmZdd
lmZddlmZddlmZdd
lmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z ddlm!Z!ddlm"Z"ddlm#Z#ddl$m%Z&ddl'm(Z)ddl*m+Z+ddl,mZ-ej\e/�Z0gd�Z1ddgZ2gd�Z3e4ejje3e2e1d ��Z6d!ejnd"e8d#ee"jrfd$�Z:d!ejnd%e
e8e	fd#dfd&�Z;d!ejnd%e
e8e	fd#dfd'�Z<d!ejnd%e
e8e	fd#dfd(�Z=d%e
e8e	fd#e
e8e	ffd)�Z>d*e8d+eee8e8fd#ee8fd,�Z?d-e8d+e8d#e@fd.�ZAd-e8d+e8d#eBfd/�ZCd-e8d+e8d#ee8fd0�ZDd!ejnd1e"jrd#e@fd2�ZEd!ejnd1e"jrd3e8d#dfd4�ZFd!ejnd1e"jrd#dfd5�ZGd!ejnd6eee8d7ej�d1e"jrd#df
d8�ZId9ee8d:e8d#e8fd;�ZJd!ejnd<ee8d=ee8d>ee8d?ee8d#dfd@�ZKd!ejnd#eeLeLffdA�ZMdBe8d!ejnd#dfdC�ZNy)DzGFunctionality for autorenewal and associated juggling of configurations�N)�Any)�Dict)�Iterable)�List)�Mapping)�Optional)�Tuple)�Union)�default_backend)�ec)�rsa)�load_pem_private_key)�
configuration)�crypto_util)�errors)�util)�cli)�client)�	constants)�hooks)�storage)�updater)�obj)�disco)�os)�
config_dir�logs_dir�work_dir�
user_agent�server�account�
authenticator�	installer�
renew_hook�pre_hook�	post_hook�http01_address�preferred_chain�key_type�elliptic_curve�rsa_key_size�http01_port)�must_staple�allow_subset_of_names�	reuse_key�	autorenew)�pref_challs�config�	full_path�returnc��	tj||�}d|jvrt
j
d|�y|jd}d|vrt
j
d|�y|jd	d
�|d	<t|�}	t||�t||�	|j%�D�cgc]}t'j(|���c}|_|S#tjtf$rg}t
j
d|�t
j
dt|��t
jdtj��Yd}~yd}~wwxYw#t tj"f$rR}t
j
d|t|��t
jdtj��Yd}~yd}~wwxYwcc}w#tj,$r!}t
j
d||�Yd}~yd}~wwxYw)
a�Try to instantiate a RenewableCert, updating config with relevant items.

    This is specifically for use in renewal and enforces several checks
    and policies to ensure that we can try to proceed with the renewal
    request. The config argument is modified by including relevant options
    read from the renewal configuration file.

    :param configuration.NamespaceConfig config: configuration for the
        current lineage
    :param str full_path: Absolute path to the configuration file that
        defines this lineage

    :returns: the RenewableCert object or None if a fatal error occurred
    :rtype: `storage.RenewableCert` or NoneType

    z(Renewal configuration file %s is broken.zThe error was: %s
Skipping.�Traceback was:
%sN�
renewalparamsz<Renewal configuration file %s lacks renewalparams. Skipping.r"zJRenewal configuration file %s does not specify an authenticator. Skipping.r)r
zHAn error occurred while parsing %s. The error was %s. Skipping the file.z{Renewal configuration file %s references a certificate that contains an invalid domain name. The problem was: %s. Skipping.)r�
RenewableCertr�CertStorageError�IOError�logger�error�str�debug�	traceback�
format_excr�get�"_remove_deprecated_config_elements� restore_required_config_elements�_restore_plugin_configs�
ValueError�Error�namesr�enforce_domain_sanity�domains�ConfigurationError)r2r3�renewal_candidater<r7�ds      �;/usr/lib/python3/dist-packages/certbot/_internal/renewal.py�reconstituterN9s���$�#�1�1�)�V�D���/�=�=�=����2�3<�	>��%�3�3�O�D�M��m�+����5�6?�	A��!.� 1� 1�*�e� D�M�*��7�}�E�M��(���?���
�6��#4�#:�#:�#<�>���4�4�Q�7�>������Y
�#�#�W�-�����?��K����3�S��Z�@����)�9�+?�+?�+A�B���	��8
����%�����
!�"+�S��Z�	9�	���)�9�+?�+?�+A�B�����>���$�$�����,�-6��	?���	�s[�C�E�!G�3G
�G�E�2AE�E�G�5AG�G�
G�H�"G>�>Hr7c��d|vr|jd�s
|d|_d|vr2|jd�s |d}t|t�r|g}||_yyy)z�
    webroot_map is, uniquely, a dict, and the general-purpose configuration
    restoring logic is not able to correctly parse it from the serialized
    form.
    �webroot_map�webroot_pathN)�set_by_userrP�
isinstancer=rQ)r2r7�wps   rM�_restore_webroot_configrU|si���
�%�f�.@�.@��.O�*�=�9�����&�v�/A�/A�.�/Q�
�>�
*���b�#����B� ���	0R�&�c	���g}|ddk(r
t||�n|j|d�|jd��|j|d�t|�D]�}|j	dd�}|j�D]o\}}|j
|dz�s�|j|�r�-|dvrt||t|���Htj|�}t||||���q��y)aSets plugin specific values in config from renewalparams

    :param configuration.NamespaceConfig config: configuration for the
        current lineage
    :param configobj.Section renewalparams: Parameters from the renewal
        configuration file that defines this lineage

    r"�webrootr#N�-�_)�None�True�False)rU�appendrA�set�replace�items�
startswithrR�setattr�evalr�
argparse_type)r2r7�plugin_prefixes�
plugin_prefix�config_item�config_value�casts       rMrDrD�s���("$�O��_�%��2���
�6����}�_�=�>�����%�1����}�[�9�:��_�-�E�
�%�-�-�c�3�7�
�)6�)<�)<�)>�
	E�%�K���%�%�m�c�&9�:�6�CU�CU�Va�Cb� �#<�<��F�K��l�1C�D��,�,�[�9�D��F�K��l�1C�D�
	E�ErVc���i}tjdtfftttj
t��tttj
t��tttj
t���}|D]-\}}||vs�|j|�r�||||�}|||<�/|j�D]\}}t|||��y)aSets non-plugin specific values in config from renewalparams

    :param configuration.NamespaceConfig config: configuration for the
        current lineage
    :param configobj.Section renewalparams: parameters from the renewal
        configuration file that defines this lineage

    r1N)�	itertools�chain�_restore_pref_challs�zip�BOOL_CONFIG_ITEMS�repeat�
_restore_bool�INT_CONFIG_ITEMS�_restore_int�STR_CONFIG_ITEMS�_restore_strrRrarc)r2r7�updated_values�required_items�	item_name�restore_func�value�keys        rMrCrC�s����N��_�_�
�-�	.�0���y�/�/�
�>�?���i�.�.�|�<�=���i�.�.�|�<�=�	?�N�
$2�.��	�<��
�%�f�.@�.@��.K� ��M�)�,D�E�E�(-�N�9�%�.�%�*�*�,�$�
��U����U�#�$rVc�z�|j�D��cic]\}}|tjvr||��c}}Scc}}w)z�Removes deprecated config options from the parsed renewalparams.

    :param dict renewalparams: list of parsed renewalparams

    :returns: list of renewalparams with deprecated config options removed
    :rtype: dict

    )rar�DEPRECATED_OPTIONS)r7�option_name�vs   rMrBrB�sD��4A�3F�3F�3H�6�/��Q��c�4�4�4�
��N�6�6��6s�7�unused_namer{c�V�t|t�r|gn|}tj|�S)a�Restores preferred challenges from a renewal config file.

    If value is a `str`, it should be a single challenge type.

    :param str unused_name: option name
    :param value: option value
    :type value: `list` of `str` or `str`

    :returns: converted option value to be stored in the runtime config
    :rtype: `list` of `str`

    :raises errors.Error: if value can't be converted to a bool

    )rSr=r�parse_preferred_challenges)r�r{s  rMrnrn�s'��$"�%��-�U�G�5�E��)�)�%�0�0rV�namec�j�|j�}|dvrtjd|�d|����|dk(S)a#Restores a boolean key-value pair from a renewal config file.

    :param str name: option name
    :param str value: option value

    :returns: converted option value to be stored in the runtime config
    :rtype: bool

    :raises errors.Error: if value can't be converted to a bool

    )�true�falsezExpected True or False for z but found r�)�lowerrrF)r�r{�lowercase_values   rMrrrr�s@���k�k�m�O��/�/��l�l�8���k�%��Q�R�R��f�$�$rVc���|dk(r/|dk(r*tjd�tjd�S	t	|�S#t
$rt
jd|����wxYw)a#Restores an integer key-value pair from a renewal config file.

    :param str name: option name
    :param str value: option value

    :returns: converted option value to be stored in the runtime config
    :rtype: int

    :raises errors.Error: if value can't be converted to an int

    r,r[z!updating legacy http01_port valuezExpected a numeric value for )r;�infor�flag_default�intrErrF�r�r{s  rMrtrtsh���}���&�����7�8����
�.�.�C��5�z����C��l�l�:�4�&�A�B�B�C�s�
A�"A#c��|dk(rN|tjk(r;tjdtjd|�tjdS|dk(rdS|S)z�Restores a string key-value pair from a renewal config file.

    :param str name: option name
    :param str value: option value

    :returns: converted option value to be stored in the runtime config
    :rtype: str or None

    r z$Using server %s instead of legacy %sr[N)r�V1_URIr;r��CLI_DEFAULTSr�s  rMrvrvsZ��"�x��E�Y�%5�%5�5����:��*�*�8�4�e�	=��%�%�h�/�/��F�?�4�-��-rV�lineagec��|jrtjd�y|j�rtj	d�y|j
rtj	d�yt
jd�y)zDReturn true if any of the circumstances for automatic renewal apply.z+Auto-renewal forced with --force-renewal...Tz0Certificate is due for renewal, auto-renewing...zCCertificate not due for renewal, but simulating renewal for dry runz#Certificate not yet due for renewalF)�renew_by_defaultr;r>�should_autorenewr��dry_run�display_util�notify)r2r�s  rM�should_renewr�7s`��
������B�C�����!����F�G��
�~�~����Y�Z�����=�>�rV�original_serverc��tj|j�r[tj|�sE|js8dj	|j��}t
jd|�d���yyy)z9Do not renew a valid cert with one from a staging server!z, z^You've asked to renew/replace a seemingly valid certificate with a test certificate (domains: z@). We will not do that unless you use the --break-my-certs flag!N)r�
is_stagingr �break_my_certs�joinrGrrF)r2r�r�rGs    rM�_avoid_invalidating_lineager�Fsu�����v�}�}�%�����/��(�(��	�	�'�-�-�/�2���l�l�4�49�7�;@�@�A�A�)�0�&rVc�R�����jd�r
�jsy�js
�jsy�jry�jj	��d��fd�fd���fd�fd���fd�fg}|D](}|d	�s�tjd
|d�d���y)
z�Don't allow combining --reuse-key with any flags that would conflict
    with key reuse (--key-type, --rsa-key-size, --elliptic-curve), unless
    --new-key is also set.
    r/Nz
--key-typec�>����jj�k7S�N)�private_key_typer�)�ktr�s��rM�<lambda>z,_avoid_reuse_key_conflicts.<locals>.<lambda>ns����w�/�/�5�5�7�7�rVz--rsa-key-sizec�D���dk(xr�j�jk7S)Nr
)r+�r2r�r�s���rMr�z,_avoid_reuse_key_conflicts.<locals>.<lambda>ps!����u��L��!4�!4��8L�8L�!L�rVz--elliptic-curvec����dk(xrC�jxr5�jj��jj�k7S)N�ecdsa)r*r�r�s���rMr�z,_avoid_reuse_key_conflicts.<locals>.<lambda>rsH����w��Q�7�#9�#9�Q��&�&�,�,�.�'�2H�2H�2N�2N�2P�P�rV�zUnable to change the rz� of this certificate because --reuse-key is set. To stop reusing the private key, specify --no-reuse-key. To change the private key this one time and then reuse it in future, add --new-key.)rRr/�new_keyr)r�rrF)r2r��potential_conflicts�conflictr�s``  @rM�_avoid_reuse_key_conflictsr�Ss�������+�&�v�/?�/?�����V�%5�%5���~�~��	���	�	�	 �B�
�	7�	9�	�	L�	N�	�
Q�	R���(�"���8�A�;�=��,�,�'����}�5!�!�"�
"�"rVrI�	le_clientc�"�|jd}|jdtjd��}t	|||�t||�|s|j
�}|jrB|js6tjj|j�}t||�nd}|j||�\}}}}	|jr>t j#dtjj%|j&��n^|j)�}
|j+|
||j,||�|j/|j)��|j1�t3j4|||j6�y)zRenew a certificate lineage.r7r Nz(Dry run: skipping updating lineage at %s)rrArr�r�r�rGr/r�r�path�normpath�privkey�_update_renewal_params_from_key�obtain_certificater�r;r>�dirname�cert�latest_common_version�save_successor�pem�update_all_links_to�truncaterr$�live_dir)r2rIr�r��renewal_paramsr�r��new_cert�	new_chainrZ�
prior_versions           rM�
renew_certr�s6���*�*�?�;�N�$�(�(��3�3C�3C�H�3M�N�O�����A��v�w�/���-�-�/���������'�'�"�"�7�?�?�3��'���8���&/�&B�&B�7�G�&T�#�H�i��!�
�~�~����?������QX�Q]�Q]�A^�_��5�5�7�
����}�h����Y�PV�W��#�#�G�$A�$A�$C�D�����	���V�W�g�&6�&6�7rV�msgs�categoryc�B���fd�|D�}ddj|�zS)z:Format a results report for a category of renewal outcomesc3�.�K�|]}|�d��d����y�w)z (�)N�)�.0�mr�s  �rM�	<genexpr>zreport.<locals>.<genexpr>�s�����5�1�!�X�
&�5�s�z  z
  )r�)r�r��liness ` rM�reportr��s!���5��5�E��&�+�+�e�$�$�$rV�renew_successes�renew_failures�
renew_skipped�parse_failuresc��tj}tj}|dtj
���|jrdnd}|r|d�|t|d��|s;|s9|d|�d��|j�|j�|j��|d	�n�|r!|s|d
|�d��|t|d��n`|r|s|d
|�|t|d��n@|r>|r<|d|�d��|t|d�dz�|d|�|t|d��|r|d�|t|d��|tj
�y)a�
    Print a report to the terminal about the results of the renewal process.

    :param configuration.NamespaceConfiguration config: Configuration
    :param list renew_successes: list of fullchain paths which were renewed
    :param list renew_failures: list of fullchain paths which failed to be renewed
    :param list renew_skipped: list of messages to print about skipped certificates
    :param list parse_failures: list of renewal parameter paths which had errors
    �
zsimulated renewal�renewalz7The following certificates are not due for renewal yet:�skippedzNo zs were attempted.NzNo hooks were run.zCongratulations, all z
s succeeded: �successz@All %ss failed. The following certificates could not be renewed:�failurezThe following zs succeeded:zThe following %ss failed:zB
Additionally, the following renewal configurations were invalid: �	parsefail)r�r�r;r<�display_obj�
SIDE_FRAMEr�r�r%r$r&)r2r�r�r�r�r��notify_error�renewal_nouns        rM�_renew_describe_resultsr��sS���
 �
 �F��<�<�L�
�R��&�&�'�(�)�*0�.�.�&�i�L���H�I��v�m�Y�/�0��>���\�N�"3�4�5��O�O�'��!�!�-��1A�1A�1M��'�(�	���&�|�n�M�B�C��v�o�y�1�2�	���!�".�	0��V�N�I�6�7�	�O����~�\�:�;��v�o�y�1�D�8�9��0�,�?��V�N�I�6�7��� �	!��v�n�k�2�3�
�;�!�!�"rVc���t�fd��jD��rtjd���jr"tj��j�g}ntj��}g}g}g}g}g}g}tjj�xr�j}|D�]�}	tjd|	zd��tj��}
tj |	�}	t#|
|	�}	|s|j1|	��nL|j3�d	d
lm}t8j:j=�}t?|
|�r�|rCtAjBdd�}t&jEd
|�tGjH|�d}|jK|
||�|j1|jL�|jO|jQ��nbtSjT|jWd|jY���}|j1|jL�d|j[d����t]j^|
||����ta�||||�|s|r-tjtc|��dtc|��d���t&j+d�||fS#t$$r\}
t&j)d|	||
�t&j+dt-j.��|j1|	�Yd}
~
��sd}
~
wwxYw#t$$r�}
t&j)d||
�t&j+dt-j.��|r:|j1|jL�|jO|jQ��Yd}
~
��d}
~
wwxYw)z5Examine each lineage; renew if due and report resultsc3�:�K�|]}|�jv���y�wr�)rP)r��domainr2s  �rMr�z)handle_renewal_request.<locals>.<genexpr>�s�����
I��6��+�+�+�
I�s�afCurrently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.zProcessing F)�pausezTRenewal configuration file %s (cert: %s) produced an unexpected error: %s. Skipping.r6Nr)�mainr�i�z3Non-interactive renewal: random delay of %s secondsr�z expires on z%Y-%m-%dz-Failed to renew certificate %s with error: %sz renew failure(s), z parse failure(s)zno renewal failures)2�anyrIrrF�certnamer�renewal_file_for_certname�renewal_conf_files�sys�stdin�isatty�random_sleep_on_renewr��notification�copy�deepcopy�lineagename_for_filenamerN�	Exceptionr;r<r>r?r@r^�ensure_deployed�certbot._internalr��
plugins_disco�PluginsRegistry�find_allr��random�uniformr��time�sleepr��	fullchain�extendrGr�notAfter�versionr��strftimer�run_generic_updatersr��len)r2�
conf_filesr�r�r�r��renewed_domains�failed_domains�apply_random_sleep�renewal_file�lineage_config�lineagenamerK�er��plugins�
sleep_time�expirys`                 rM�handle_renewal_requestr�s\����
I�&�.�.�
I�I��l�l�P�Q�	Q�����7�7�����P�Q�
��/�/��7�
��O��N��M��N��O��N�!�Y�Y�-�-�/�/�P�F�4P�4P��"�<A���!�!�-�,�">�e�L����v�.���6�6�|�D��	� ,�^�\� J��+	A�$��%�%�l�3�!�1�1�3�2�'�7�7�@�@�B����0A�B�)�%+�^�^�A�v�%>�
����$Y�$.�0��
�
�:�.�-2�*��O�O�N�G�=N�O�#�*�*�+<�+F�+F�G�#�*�*�+<�+B�+B�+D�E�(�1�1�2C�2K�2K�� 1� G� G� I�3K�L�F�!�(�(�?P�?Z�?Z�)/����)D�*F�G��,�,�^�=N�-4�6��a<A�~�F�O�^�)�>�;����l�l��>�"�#�#6�s�>�7J�6K�K\�]�_�	_�
�L�L�&�'��^�,�,��C�	��L�L�I�'��a�
9�
�L�L�-�y�/C�/C�/E�F��!�!�,�/���
	��T�		A��L�L�?��Q�
�
�L�L�-�y�/C�/C�/E�F� ��%�%�&7�&A�&A�B��%�%�&7�&=�&=�&?�@���		A�s3�<K�	E!L.�	L+�AL&�&L+�.	N=�7A;N8�8N=�key_pathc��t|d�5}t|j�dt���}ddd�t	t
j�rd|_|j|_	yt	|tj�r#d|_|jj|_ytj d|�dt#|��d���#1swY��xYw)N�rb)�password�backendr
r�zKey at z is of an unsupported type: �.)�openr�readrrSr
�
RSAPrivateKeyr)�key_sizer+r�EllipticCurvePrivateKey�curver�r*rrF�type)rr2�file_hr|s    rMr�r�Bs���	
�h��	�\��"�6�;�;�=�4��IZ�[��\��#�s�(�(�)����!�l�l���	�C��3�3�	4�!��� #�	�	������l�l�W�X�J�.J�4�PS�9�+�UV�W�X�X�\�\�s�%C�C)O�__doc__r�rl�loggingr�r�r�r?�typingrrrrrrr	r
�cryptography.hazmat.backendsr�)cryptography.hazmat.primitives.asymmetricrr
�,cryptography.hazmat.primitives.serializationr�certbotrrrrr�rrrrrr�certbot._internal.displayrr��certbot._internal.pluginsrr��certbot.compatr�certbot.displayr��	getLogger�__name__r;rursrpr_rm�CONFIG_ITEMS�NamespaceConfigr=r8rNrUrDrCrBrn�boolrrr�rtrvr�r�r��Clientr�r�r��listrr�r�rVrM�<module>r,s���M����
�
�����������8�8�9�M�!����!�$�'�#�%�%�8�<��0�	��	�	�8�	$��E��#�M�2��"���?�9�?�?��'�)9�;K�M�N��@��6�6�@� �@�%-�g�.C�.C�%D�@�F!�M�$A�$A�!�+2�3��8�+<�!�AE�!�$)E�M�$A�$A�)E�+2�3��8�+<�)E�AE�)E�X$�]�-J�-J�$�4;�C��H�4E�$�JN�$�2
6�g�c�3�h�6G�
6�D�QT�VY�QY�N�
6�1�c�1�%��S�	�3��2G�1�D�QT�I�1�,%��%�C�%�D�%�$C�s�C�3�C�3�C�,.�s�.�3�.�8�C�=�.�2��6�6���AV�AV��[_��
A�
�(E�(E�
A�)0�)>�)>�
A�QT�
A�Y]�
A�)"�}�'D�'D�)"�(/�(=�(=�)"�BF�)"�X8�}�4�4�8�x��S�	�?R�8� �-�-�8�29�2G�2G�8�LP�8�:%��#��%�#�%�#�%�-#�M�$A�$A�-#�TX�Y\�T]�-#�,0��I�-#�FJ�3�i�-#�,0��I�-#�:>�-#�`m-�=�#@�#@�m-�U�4�QU�:�EV�m-�`
Y�c�
Y�=�;X�;X�
Y�]a�
YrV

Zerion Mini Shell 1.0