File: //usr/lib/python3.6/site-packages/certbot/_internal/__pycache__/renewal.cpython-36.pyc
3
�گa�\�������������������@���sv���d�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m Z ��d�d�l�m
Z
��d�d�l�m�Z���d�d�l�m�Z���d�d�l�m
Z
��d�d�l�m�Z���d�d l�m�Z���d�d
l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d
l�m�Z���d�d�l�Z�d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m Z ��d�d�l�m!Z!��d�d�l�m"Z"��d�d�l�m#Z#��d�d�l�m$Z$��d�d�l�m%Z%��d�d�l&m'Z(��d�d�l)m*Z+��d�d�l,m-Z-��d�d�l.m�Z/��e�j0e1��Z2d�d�d�d�d d!d"d#d$d%d&d'd(d)d*g�Z3d+d,g�Z4d-d.d/d0g�Z5e6e�j7e5e4e3d^����Z8e�j9e:e�e$j;��d2��d3d4��Z<e�j9e
e:e f���d�d5��d6d7��Z=e�j9e
e:e f���d�d5��d8d9��Z>e�j9e
e:e f���d�d5��d:d;��Z?e
e:e f���e
e:e f���d<��d=d>��Z@e:e�e�e:��e:f���e�e:��d?��d@dA��ZAe:e:eBdB��dCdD��ZCe:e:eDdB��dEdF��ZEe:e:e�e:��dB��dGdH��ZFe�j9e$j;eBdI��dJdK��ZGe�j9e$j;e:d�dL��dMdN��ZHe�j9e�e�e:����e!jIe$j;d�dO��dPdQ��ZJe�e:��e:e:dR��dSdT��ZKe�j9e�e:��e�e:��e�e:��e�e:��d�dU��dVdW��ZLe�j9d�dX��dYdZ��ZMe:e�j9d�d[��d\d]��ZNd�S�)_zGFunctionality for autorenewal and associated juggling of configurations�����N)���Any)���Dict)���Iterable)���List)���Mapping)���Optional)���Union)���default_backend)���ec)���rsa)���load_pem_private_key)��
configuration)���crypto_util)���errors)��
interfaces)���util)���cli)���client)�� constants)���hooks)���storage)���updater)���obj)���disco)���osZ
config_dirZ�logs_dirZ�work_dirZ
user_agent��serverZ�account�
authenticator� installer�
renew_hook��pre_hook� post_hookZ�http01_addressZ�preferred_chain��key_type��elliptic_curve��rsa_key_size��http01_portZ�must_stapleZ�allow_subset_of_names� reuse_keyZ autorenew��pref_challs)���config� full_path��returnc������������,���C���s\���y�t�j�|�|���}�W�nR��t�j�t�f�k
rb��}���z0t�j�d�|�����t�j�d�t�|�������t�j�d�t j
������d�S�d�}�~�X�n�X�d�|�j�k�r~t�j�d�|�����d�S�|�j�d���}�d�|�k�r�t�j�d�|�����d�S�t�|���}�y�t
|�|�����t�|�|�����W�nJ��t�t�j�f�k
��r
��}���z&t�j�d |�t�|�������t�j�d�t j
������d�S�d�}�~�X�n�X�y�d
d���|�j���D���|�_�W�n2��t�j�k
��rV��}���z�t�j�d�|�|�����d�S�d�}�~�X�n�X�|�S�)
a����Try to instantiate a RenewableCert, updating config with relevant items.
This is specifically for use in renewal and enforces several checks
and policies to ensure that we can try to proceed with the renewal
request. The config argument is modified by including relevant options
read from the renewal configuration file.
:param configuration.NamespaceConfig config: configuration for the
current lineage
:param str full_path: Absolute path to the configuration file that
defines this lineage
:returns: the RenewableCert object or None if a fatal error occurred
:rtype: `storage.RenewableCert` or NoneType
z(Renewal configuration file %s is broken.z�The error was: %s
Skipping.z�Traceback was:
%sN�
renewalparamsz<Renewal configuration file %s lacks renewalparams. Skipping.r����zJRenewal configuration file %s does not specify an authenticator. Skipping.zHAn error occurred while parsing %s. The error was %s. Skipping the file.c����������������S���s����g�|�]�}�t�j�|�����q�S���)�r����Z�enforce_domain_sanity)���.0��dr+���r+�����/usr/lib/python3.6/renewal.py�
<listcomp>j���s������z!_reconstitute.<locals>.<listcomp>z{Renewal configuration file %s references a certificate that contains an invalid domain name. The problem was: %s. Skipping.)�r�����
RenewableCertr����Z�CertStorageError��IOError��logger��error��str��debug� traceback�
format_excr
����"_remove_deprecated_config_elements� restore_required_config_elements��_restore_plugin_configs�
ValueError��Error��names��domainsZ�ConfigurationError)�r'���r(�����renewal_candidater3���r*���r+���r+���r.����
_reconstitute:���sD�������������������
�������
�������������
�����������������������������r@���)�r'���r*���r)���c����������������C���sT���d�|�k�r�t�j�d�����r�|�d���|�_�d�|�k�rPt�j�d�����rP|�d���}�t�|�t���rJ|�g�}�|�|�_�d�S�)�z�
webroot_map is, uniquely, a dict, and the general-purpose configuration
restoring logic is not able to correctly parse it from the serialized
form.
��webroot_map��webroot_pathN)�r�����
set_by_clirA����
isinstancer4���rB���)�r'���r*���Z�wpr+���r+���r.�����_restore_webroot_configu���s��������
�����
���rE���c����������������C���s����g�}�|�d���d�k�r�t�|�|�����n�|�j�|�d�������|�j�d���d�k rF|�j�|�d�������x�t�|���D�]t}�|�j�d�d���}�xb|�j���D�]V\�}�}�|�j�|�d�����rjt�j�|�����rj|�d
k�r�t |�|�t
|�������qjt�j�|���}�t |�|�|�|�������qjW�qPW�d�S�)�a����Sets plugin specific values in config from renewalparams
:param configuration.NamespaceConfig config: configuration for the
current lineage
:param configobj.Section renewalparams: Parameters from the renewal
configuration file that defines this lineage
r����Z�webrootr����N��-��_��None��True��False)�rH���rI���rJ���)�rE�����append��get��set��replace��items�
startswithr����rC�����setattr��evalZ
argparse_type)�r'���r*���Z�plugin_prefixesZ
plugin_prefixZ�config_itemZ�config_value��castr+���r+���r.���r:�������s������������������������������
�r:���c����������������C���s����t�j�d�t�f�f�t�t�t�j�t�����t�t�t�j�t�����t�t t�j�t
������}�x@|�D�]8\�}�}�|�|�k�r@t�j�|�����r@|�|�|�|�����}�t
|�j�|�|�����q@W�d�S�)�a����Sets non-plugin specific values in config from renewalparams
:param configuration.NamespaceConfig config: configuration for the
current lineage
:param configobj.Section renewalparams: parameters from the renewal
configuration file that defines this lineage
r&���N)�� itertools��chain��_restore_pref_challs��zip��BOOL_CONFIG_ITEMS��repeat�
_restore_bool��INT_CONFIG_ITEMS��_restore_int��STR_CONFIG_ITEMS��_restore_strr����rC���rQ���� namespace)�r'���r*���Z�required_itemsZ item_nameZ�restore_func��valuer+���r+���r.���r9�������s����������������������r9���)�r*���r)���c����������������C���s����d�d���|�j���D���S�)�z�Removes deprecated config options from the parsed renewalparams.
:param dict renewalparams: list of parsed renewalparams
:returns: list of renewalparams with deprecated config options removed
:rtype: dict
c����������������S���s ���i�|�]�\�}�}�|�t�j�k�r�|�|���q�S�r+���)�r����Z�DEPRECATED_OPTIONS)�r,���Z�option_name��vr+���r+���r.����
<dictcomp>����s��������z6_remove_deprecated_config_elements.<locals>.<dictcomp>)�rO���)�r*���r+���r+���r.���r8�������s����� r8���)���unused_namer`���r)���c����������������C���s����t�|�t���r�|�g�n�|�}�t�j�|���S�)�a����Restores preferred challenges from a renewal config file.
If value is a `str`, it should be a single challenge type.
:param str unused_name: option name
:param value: option value
:type value: `list` of `str` or `str`
:returns: converted option value to be stored in the runtime config
:rtype: `list` of `str`
:raises errors.Error: if value can't be converted to a bool
)�rD���r4���r����Z�parse_preferred_challenges)�rc���r`���r+���r+���r.���rV�������s��������rV���)���namer`���r)���c����������������C���s*���|�j���}�|�d�k�r"t�j�d�j�|�|�������|�d�k�S�)�a#���Restores a boolean key-value pair from a renewal config file.
:param str name: option name
:param str value: option value
:returns: converted option value to be stored in the runtime config
:rtype: bool
:raises errors.Error: if value can't be converted to a bool
��true��falsez,Expected True or False for {0} but found {1})�re���rf���)���lowerr����r<�����format)�rd���r`���Z�lowercase_valuer+���r+���r.���rZ�������s
�������������rZ���c����������������C���sV���|�d�k�r$|�d�k�r$t�j�d�����t�j�d���S�y�t�|���S���t�k
rP������t�j�d�j�|�������Y�n�X�d�S�)�a#���Restores an integer key-value pair from a renewal config file.
:param str name: option name
:param str value: option value
:returns: converted option value to be stored in the runtime config
:rtype: int
:raises errors.Error: if value can't be converted to an int
r$���rH���z!updating legacy http01_port valuez Expected a numeric value for {0}N) r2�����infor������flag_default��intr;���r����r<���rh���)�rd���r`���r+���r+���r.���r\�������s��������
�
�������r\���c����������������C���s@���|�d�k�r0|�t�j�k�r0t�j�d�t�j�d���|�����t�j�d���S�|�d�k�r<d�S�|�S�)�z�Restores a string key-value pair from a renewal config file.
:param str name: option name
:param str value: option value
:returns: converted option value to be stored in the runtime config
:rtype: str or None
r����z$Using server %s instead of legacy %srH���N)�r����Z�V1_URIr2���ri���Z�CLI_DEFAULTS)�rd���r`���r+���r+���r.���r^�������s
�����������
�r^���)�r'�����lineager)���c����������������C���sL���|�j�r�t�j�d�����d�S�|�j���r*t�j�d�����d�S�|�j�r>t�j�d�����d�S�t�j�d�����d�S�)�zDReturn true if any of the circumstances for automatic renewal apply.z+Auto-renewal forced with --force-renewal...Tz0Certificate is due for renewal, auto-renewing...zCCertificate not due for renewal, but simulating renewal for dry runz#Certificate not yet due for renewalF)�Z�renew_by_defaultr2���r5���Z�should_autorenewri�����dry_run��display_util��notify)�r'���rl���r+���r+���r.�����should_renew.���s��������
�����
�����
���
�rp���)�r'���rl�����original_serverr)���c����������������C���s>���t�j�|�j���r:t�j�|���s:|�j�s:d�j�|�j�����}�t�j�d�j�|�������d�S�)�z9Do not renew a valid cert with one from a staging server!z�, z�You've asked to renew/replace a seemingly valid certificate with a test certificate (domains: {0}). We will not do that unless you use the --break-my-certs flag!N) r����Z
is_stagingr����Z�break_my_certs��joinr=���r����r<���rh���)�r'���rl���rq���r=���r+���r+���r.�����_avoid_invalidating_lineage=���s��������
���������rs���)�r'���r>���� le_clientrl���r)���c����������������C���s����|�j�d���}�|�j�d�t�j�d�����}�t�|�|�|�����|�s4|�j���}�|�j�rTt�j�j |�j
��}�t�|�|�����n�d�}�|�j�|�|���\�}�}�}�} |�j
r�t�j�d�t�j�j�|�j�������n*|�j���}
|�j�|
|�|�j�|�|�����|�j�|�j�������t�j�|�|�|�j�����d�S�)�z�Renew a certificate lineage.r*���r����Nz(Dry run: skipping updating lineage at %s)�r
���rL���r����rj���rs���r=���r%���r������path��normpathZ�privkey��_update_renewal_params_from_keyZ�obtain_certificaterm���r2���r5�����dirname��cert��latest_common_versionZ�save_successorZ�pemZ�update_all_links_tor����r����Z�live_dir)�r'���r>���rt���rl���Z�renewal_paramsrq���Z�new_keyZ�new_certZ new_chainrG���Z
prior_versionr+���r+���r.����
renew_certJ���s �����
�����������������������������r{���)���msgs��categoryr)���c��������������������s �����f�d�d���|�D���}�d�d�j�|�����S�)�z:Format a results report for a category of renewal outcomesc����������������3���s����|�]�}�d�|���f���V���q�d�S�)�z�%s (%s)Nr+���)�r,�����m)�r}���r+���r.���� <genexpr>g���s������z�report.<locals>.<genexpr>z� z�
)�rr���)�r|���r}�����linesr+���)�r}���r.�����reporte���s��������r����)�r'�����renew_successes��renew_failures�
renew_skipped��parse_failuresr)���c����������������C���sD���t�j�}�t�j�}�|�d�j�t�j�������|�j�r&d�n�d�}�|�rD|�d�����|�t�|�d�������|���r�|���r�|�d�j�|�d�������|�j d�k s~|�j
d�k s~|�j�d�k r�|�d ����n�|�r�|���r�|�d
j�|�d�������|�t�|�d�������nh|�r�|���r�|�d�|�����|�t�|�d
������nD|�o�|���r�|�d�j�|�d�������|�t�|�d���d�������|�d�|�����|�t�|�d
������|���r6|�d�����|�t�|�d�������|�t�j�����d�S�)�a����
Print a report to the terminal about the results of the renewal process.
:param configuration.NamespaceConfiguration config: Configuration
:param list renew_successes: list of fullchain paths which were renewed
:param list renew_failures: list of fullchain paths which failed to be renewed
:param list renew_skipped: list of messages to print about skipped certificates
:param list parse_failures: list of renewal parameter paths which had errors
z�
{}z�simulated renewal��renewalz7The following certificates are not due for renewal yet:Z�skippedz�No {renewal}s were attempted.)�r����Nz�No hooks were run.z+Congratulations, all {renewal}s succeeded: ��successz@All %ss failed. The following certificates could not be renewed:Z�failurez#The following {renewal}s succeeded:��
z�The following %ss failed:zB
Additionally, the following renewal configurations were invalid: Z parsefail)�rn���ro���r2���r3���rh�����display_objZ
SIDE_FRAMErm���r����r����r����r ���)�r'���r����r����r����r����ro���Z�notify_errorZ�renewal_nounr+���r+���r.�����_renew_describe_resultsk���s8�����������������������
���
�
�����
�������
�����
���������r����)�r'���r)���c��������������������sl���t���f�d�d�����j�D�����r"t�j�d�������j�r:t�j�����j���g�}�n
t�j�����}�g�}�g�}�g�}�g�}�t�j j
����od��j�}���x�|�D���]�}�t�j
d�|���d�d�����t�j�����}�t�j�|���} y�t�|�|���}
W�nN��t�k
r���}���z2t�j�d�|�| |�����t�j�d�t�j�������|�j�|�����wnW�Y�d d }�~�X�n�X�y�|
��s�|�j�|�����n�t�j�j�|�t�j�����|
j�����d
d�l�m }���t!j"j#��}
t$|�|
����r�|���rrt%j&d�d���}�t�j'd�|�����t(j)|�����d�}�|�j*|�|
|
����|�j�|
j+����n0t,j-|
j.d�|
j/������}�|�j�d�|
j+|�j0d���f�������t1j2|�|
|
����W�qn��t�k
��r"��}���z6t�j�d�| |�����t�j�d�t�j�������|
��r�|�j�|
j+����W�Y�d d }�~�X�qnX�qnW�t3��|�|�|�|�����|���sD|���r^t�j�d�j4t5|���t5|���������t�j�d�����d S�)�z5Examine each lineage; renew if due and report resultsc����������������3���s����|�]�}�|���j�k�V���q�d�S�)�N)�rA���)�r,���Z�domain)�r'���r+���r.���r�������s������z)handle_renewal_request.<locals>.<genexpr>af���Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.z�Processing F)���pausezTRenewal configuration file %s (cert: %s) produced an unexpected error: %s. Skipping.z�Traceback was:
%sNr����)���main������<��������z3Non-interactive renewal: random delay of %s secondsry���z�%s expires on %sz�%Y-%m-%dz-Failed to renew certificate %s with error: %sz*{0} renew failure(s), {1} parse failure(s)z�no renewal failuresi����)6��anyr>���r����r<���Z�certnamer����Z�renewal_file_for_certnameZ�renewal_conf_files��sys��stdin��isattyZ�random_sleep_on_renewrn���Z�notification��copy��deepcopyZ�lineagename_for_filenamer@���� Exceptionr2���r3���r5���r6���r7���rK�����zopeZ componentZ�provideUtilityr����Z�IConfigZ�ensure_deployed��certbot._internalr�����
plugins_discoZ�PluginsRegistryZ�find_allrp�����randomZ�uniformri�����timeZ�sleepr{���Z fullchainr����Z�notAfter��versionrz���Z�strftimer����Z�run_generic_updatersr����rh�����len)�r'���Z
conf_filesr����r����r����r����Z�apply_random_sleepZ�renewal_fileZ�lineage_configZ�lineagenamer?�����er����Z�pluginsZ
sleep_timeZ�expiryr+���)�r'���r.�����handle_renewal_request����sr�������
�����
���������������
�
���������
���
���������������
�����������
�����������
�����
�������������"�����������r����)���key_pathr'���r)���c����������������C���s~���t�|�d�����}�t�|�j���d�t���d���}�W�d�Q�R�X�t�|�t�j���rFd�|�_�|�j�|�_ n4t�|�t
j���rdd�|�_�|�j�j
|�_�n�t�j�d�j�|�t�|���������d�S�)�N��rb)�Z�passwordZ�backendr����Z�ecdsaz*Key at {0} is of an unsupported type: {1}.)���openr������readr ���rD���r����Z
RSAPrivateKeyr!���Z�key_sizer#���r
���Z�EllipticCurvePrivateKeyZ�curverd���r"���r����r<���rh�����type)�r����r'���Z�file_h��keyr+���r+���r.���rw�������s��������������
�������rw���)�r&���)O��__doc__r����rT���Z�loggingr����r����r����r6���Z�typingr����r����r����r����r����r����r����Z�cryptography.hazmat.backendsr ���Z)cryptography.hazmat.primitives.asymmetricr
���r����Z,cryptography.hazmat.primitives.serializationr����Z�zope.componentr����Z�certbotr
���r����r����r����r����r����r����r����r����r����r����r����Z�certbot._internal.displayr����r����Z�certbot._internal.pluginsr����r����Z�certbot.compatr����Z�certbot.displayrn���Z getLogger��__name__r2���r]���r[���rX���rM���rU���Z�CONFIG_ITEMSZ�NamespaceConfigr4���r0���r@���rE���r:���r9���r8���rV�����boolrZ���rk���r\���r^���rp���rs���Z�Clientr{���r����r����r����rw���r+���r+���r+���r.�����<module>����s��������������������������������������������������������������������������
�������
��������������:�������+����
"�������������������
����.�l