ó Á£ô_c@s“dZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z ddl m Z ddl mZddl mZdd lmZdd lmZddlmZejeƒZd „Zd „Zd „Zd„Zd„Zd„Zd„Zd„Z d„Z!d„Z"d„Z#e$d„Z%e$dd„Z'd„Z(d„Z)d„Z*d„Z+dS(s Tools for managing certificates.iÿÿÿÿN(tList(t crypto_util(terrors(t interfaces(tocsp(tutil(tstorage(toscCs4x-tj|ƒD]}tj||dtƒqWdS(sjUpdate the certificate file family symlinks to use archive_dir. Use the information in the config file to make symlinks point to the correct archive directory. .. note:: This assumes that the installation is using a Reverter object. :param config: Configuration. :type config: :class:`certbot._internal.configuration.NamespaceConfig` tupdate_symlinksN(Rtrenewal_conf_filest RenewableCerttTrue(tconfigt renewal_file((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytupdate_live_symlinkss cCsòtjjtjƒ}t|dƒd}|j}|sŒ|jdj|ƒdddt ƒ\}}|t j ksw| rŒt j dƒ‚qŒnt||ƒ}|s¼t jdj|ƒƒ‚ntj|||ƒ|jd j||ƒd tƒd S( s¡Rename the specified lineage to the new name. :param config: Configuration. :type config: :class:`certbot._internal.configuration.NamespaceConfig` trenameis&Enter the new name for certificate {0}tflags--updated-cert-nametforce_interactivesUser ended interaction.s,No existing certificate with name {0} found.s Successfully renamed {0} to {1}.tpauseN(tzopet componentt getUtilityRtIDisplayt get_certnamest new_certnametinputtformatR t display_utiltOKRtErrortlineage_for_certnametConfigurationErrorRtrename_renewal_configt notificationtFalse(R tdisptcertnameRtcodetlineage((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytrename_lineage)s    cCs¶g}g}x“tj|ƒD]‚}y0tj||ƒ}tj|ƒ|j|ƒWqtk r}tjd||ƒtj dt j ƒƒ|j|ƒqXqWt |||ƒdS(sªDisplay information about certs configured with Certbot :param config: Configuration. :type config: :class:`certbot._internal.configuration.NamespaceConfig` sIRenewal configuration file %s produced an unexpected error: %s. Skipping.sTraceback was: %sN( RR R Rtverify_renewable_certtappendt Exceptiontloggertwarningtdebugt tracebackt format_exct_describe_certs(R t parsed_certstparse_failuresR trenewal_candidatete((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt certificatesEs   cCsÌt|ddtƒ}tjjtjƒ}dg}x|D]}|jd|ƒq:W|jdƒ|jdj |ƒdtƒs‘t j dƒd Sx4|D],}t j ||ƒtjd j|ƒƒq˜Wd S( s;Delete Certbot files associated with a certificate lineage.tdeletetallow_multiples8The following certificate(s) are selected for deletion: s * s: Are you sure you want to delete the above certificate(s)?s tdefaults$Deletion of certificate(s) canceled.Ns.Deleted all files relating to certificate {0}.(RR RRRRRR)tyesnotjoinR+tinfoRt delete_filesRtnotifyR(R t certnamesR#tmsgR$((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyR6\s      cCs¦|j}tj|ddƒytj||ƒ}Wntjk rIdSXytj||ƒSWnAtjt fk r¡t j d|ƒt j dt j ƒƒdSXdS(s)Find a lineage object with name certname.tmodeiísRenewal conf file %s is broken.sTraceback was: %sN(trenewal_configs_dirRtmake_or_verify_dirRtrenewal_file_for_certnameRtCertStorageErrortNoneR tIOErrorR+R-R.R/(t cli_configR$t configs_dirR ((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRps cCs#t||ƒ}|r|jƒSdS(s0Find the domains in the cert with name certname.N(RtnamesRE(R R$R&((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytdomains_for_certnamescs‡fd†}t||dƒS(sˆFind existing certs that match the given domain names. This function searches for certificates whose domains are equal to the `domains` parameter and certificates whose domains are a subset of the domains in the `domains` parameter. If multiple certificates are found whose names are a subset of `domains`, the one whose names are the largest subset of `domains` is returned. If multiple certificates' domains are an exact match or equally sized subsets, which matching certificates are returned is undefined. :param config: Configuration. :type config: :class:`certbot._internal.configuration.NamespaceConfig` :param domains: List of domain names :type domains: `list` of `str` :returns: lineages representing the identically matching cert and the largest subset if they exist :rtype: `tuple` of `storage.RenewableCert` or `None` cs—|\}}t|jƒƒ}|tˆƒkr9|}nT|jtˆƒƒr|dkrc|}qt|ƒt|jƒƒkr|}qn||fS(ssReturn cert as identical_names_cert if it matches, or subset_names_cert if it matches as subset N(tsetRItissubsetREtlen(tcandidate_lineagetrvtidentical_names_certtsubset_names_certtcandidate_names(tdomains(sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytupdate_certs_for_domain_matchesžs     N(NN(t_search_lineagesRE(R RSRT((RSsB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytfind_duplicative_certs‡scCsc|j}gtj|ƒD]6}tjdj|ƒ|ƒrtjj||ƒ^q}|r_|SdS(sJ In order to match things like: /etc/letsencrypt/archive/example.com/chain1.pem. Anonymous functions which call this function are eventually passed (in a list) to `match_and_check_overlaps` to help specify the acceptable_matches. :param `.storage.RenewableCert` candidate_lineage: Lineage whose archive dir is to be searched. :param str filetype: main file name prefix e.g. "fullchain" or "chain". :returns: Files in candidate_lineage's archive dir that match the provided filetype. :rtype: list of str or None s {0}[0-9]*.pemN( t archive_dirRtlistdirtretmatchRtpathR:RE(RNtfiletypeRWtftpattern((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt_archive_files´s  6cCsd„d„d„d„gS(sª Generates the list that's passed to match_and_check_overlaps. Is its own function to make unit testing easier. :returns: list of functions :rtype: list cSs|jS(N(tfullchain_path(tx((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytÑscSs|jS(N(t cert_path(Ra((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRbÑscSs t|dƒS(Ntcert(R_(Ra((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRbÒscSs t|dƒS(Nt fullchain(R_(Ra((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRbÒs((((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt_acceptable_matchesÊs cs2tƒ}tˆ|‡fd†d„ƒ}|dS(s“ If config.cert_path is defined, try to find an appropriate value for config.certname. :param `configuration.NamespaceConfig` cli_config: parsed command line arguments :returns: a lineage name :rtype: str :raises `errors.Error`: If the specified cert path can't be matched to a lineage name. :raises `errors.OverlappingMatchFound`: If the matched lineage's archive is shared. cs ˆjdS(Ni(Rc(Ra(RG(sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRbâscSs|jS(N(t lineagename(Ra((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRbâsi(Rftmatch_and_check_overlaps(RGtacceptable_matchesRZ((RGsB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytcert_path_to_lineageÕs  cst‡‡fd†}t||g|ƒ}|sOtjdj|jdƒƒ‚n!t|ƒdkrptjƒ‚n|S(s Searches through all lineages for a match, and checks for duplicates. If a duplicate is found, an error is raised, as performing operations on lineages that have their properties incorrectly duplicated elsewhere is probably a bad idea. :param `configuration.NamespaceConfig` cli_config: parsed command line arguments :param list acceptable_matches: a list of functions that specify acceptable matches :param function match_func: specifies what to match :param function rv_func: specifies what to return cs‘g|D]}||ƒ^q}g}x7|D]/}t|tƒrN||7}q,|j|ƒq,Wˆ|ƒ}||kr|jˆ|ƒƒn|S(s1Returns a list of matches using _search_lineages.(t isinstancetlistR)(RNt return_valueRitfunctacceptable_matches_rvtitemRZ(t match_functrv_func(sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt find_matchesñs    s!No match found for cert-path {0}!ii(RURRRRcRMtOverlappingMatchFound(RGRiRqRrRstmatched((RqRrsB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRhæs "c Cs×g}tjƒ}|jr8|j|jkr8| r8dS|jrdt|jƒj|jƒƒ rddStj j t j j ƒƒ}g}|j rž|jdƒn|j|kr½|jdƒn|j|ƒrÜ|jdƒn|røddj|ƒ}n_|j|}|jdkrd}n:|jdkrEd j|jd ƒ}nd j|jƒ}d j|j|ƒ} ttj|jƒd ƒ} |jdj|j| |jdj|jƒƒ| |j|jƒƒdj|ƒS(sJ Returns a human readable description of info about a RenewableCert objecttt TEST_CERTtEXPIREDtREVOKEDs INVALID: s, is VALID: 1 daysVALID: {0} hour(s)isVALID: {0} dayss {0} ({1})Ras“ Certificate Name: {} Serial Number: {} Key Type: {} Domains: {} Expiry Date: {} Certificate Path: {} Private Key Path: {}t (RtRevocationCheckerR$RgRSRKRLRItpytztUTCtfromutctdatetimetutcnowt is_test_certR)t target_expiryt ocsp_revokedR:tdaysRtsecondsRtget_serial_from_certRctprivate_key_typeRetprivkey( R Rdtskip_filter_checkstcertinfotcheckertnowtreasonststatustdifft valid_stringtserial((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pythuman_readable_cert_infosB "(     c Cst|j}|r|g}nUtjjtjƒ}tj|ƒ}g|D]}tj|ƒ^qF} | syt j dƒ‚n|rå|s—dj |ƒ} n|} |j | | dddt ƒ\} }| tjkrpt j dƒ‚qpn‹|sýdj |ƒ} n|} |j| | dddt ƒ\} } | tjksQ| tdt| ƒƒkrct j dƒ‚n| | g}|S( s9Get certname from flag, interactively, or error out. sNo existing certificates found.s+Which certificate(s) would you like to {0}?tcli_flags --cert-nameRsUser ended interaction.s(Which certificate would you like to {0}?i(R$RRRRRRR tlineagename_for_filenameRRRt checklistR RRtmenutrangeRM( R tverbR7t custom_promptR$R>R#t filenamestnametchoicestpromptR%tindex((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyR8s2  "* cCsddjd„|DƒƒS(sFFormat a results report for a category of single-line renewal outcomess s css|]}t|ƒVqdS(N(tstr(t.0R?((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pys bs(R:(tmsgs((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt _report_lines`scCs:g}x$|D]}|jt||ƒƒq Wdj|ƒS(s)Format a results report for a parsed certs (R)R’R:(R R1RŠRd((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyt_report_human_readablees cCsÕg}|j}| r*| r*|dƒnp|rw|jsB|jrHdnd}|dj|ƒƒ|t||ƒƒn|rš|dƒ|t|ƒƒntjjt j ƒ}|j dj |ƒdt dt ƒd S( s/Print information about the certs we know aboutsNo certificates found.s matching RvsFound the following {0}certs:s3 The following renewal configurations were invalid:s RtwrapN(R)R$RSRR£R¢RRRRRR!R:R"(R R1R2toutR=RZR#((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyR0ms   cGs®|j}tj|ddƒ|}x…tj|ƒD]t}ytj||ƒ}WnCtjtfk r“t j d|ƒt j dt j ƒƒq2nX||||Œ}q2W|S(sâIterate func over unbroken lineages, allowing custom return conditions. Allows flexible customization of return values, including multiple return values and complex checks. :param `configuration.NamespaceConfig` cli_config: parsed command line arguments :param function func: function used while searching over lineages :param initial_rv: initial return value of the function (any type) :returns: Whatever was specified by `func` if a match is found. R@iís)Renewal conf file %s is broken. Skipping.sTraceback was: %s( RARRBRR R RRDRFR+R-R.R/(RGRnt initial_rvtargsRHROR RN((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pyRUƒs (,t__doc__RtloggingRYR.R|tzope.componentRtacme.magic_typingRtcertbotRRRRRtcertbot._internalRtcertbot.compatRtcertbot.displayRt getLoggert__name__R+RR'R5R6RRJRVR_RfRjRhR"R’RERR¢R£R0RU(((sB/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.pytsB             -   ! 1(