U ÝÁ] <ã@s:dZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z ddl m Z ddl mZddl mZdd l mZdd lmZdd lmZe e¡Zd d „Zd d„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Z dd„Z!dd „Z"d.d"d#„Z#d/d$d%„Z$d&d'„Z%d(d)„Z&d*d+„Z'd,d-„Z(dS)0z Tools for managing certificates.éN)ÚList)Ú crypto_util)Úerrors)Ú interfaces)Úocsp)Ústorage)Úutil)ÚoscCs$t |¡D]}tj||ddq dS)a`Update the certificate file family symlinks to use archive_dir. Use the information in the config file to make symlinks point to the correct archive directory. .. note:: This assumes that the installation is using a Reverter object. :param config: Configuration. :type config: :class:`certbot.configuration.NamespaceConfig` T)Zupdate_symlinksN)rÚrenewal_conf_filesÚ RenewableCert)ÚconfigÚ renewal_file©rú6/usr/lib/python3/dist-packages/certbot/cert_manager.pyÚupdate_live_symlinkss rcCsžtj tj¡}t|dƒd}|j}|sX|jd |¡ddd\}}|t j ksN|sXt   d¡‚t ||ƒ}|svt  d |¡¡‚t |||¡|jd  ||¡d d d S) z—Rename the specified lineage to the new name. :param config: Configuration. :type config: :class:`certbot.configuration.NamespaceConfig` Úrenamerz&Enter the new name for certificate {0}z--updated-cert-nameT)ÚflagÚforce_interactiveúUser ended interaction.z,No existing certificate with name {0} found.z Successfully renamed {0} to {1}.F©ÚpauseN)ÚzopeÚ componentÚ getUtilityrÚIDisplayÚ get_certnamesÚ new_certnameÚinputÚformatÚ display_utilÚOKrÚErrorÚlineage_for_certnameZConfigurationErrorrZrename_renewal_configÚ notification)r ÚdispÚcertnamerÚcodeÚlineagerrrÚrename_lineage*s.þ   ÿÿÿr(c Cs˜g}g}t |¡D]t}z$t ||¡}t |¡| |¡Wqtk r„}z,t d||¡t  dt   ¡¡| |¡W5d}~XYqXqt |||ƒdS)z Display information about certs configured with Certbot :param config: Configuration. :type config: :class:`certbot.configuration.NamespaceConfig` zIRenewal configuration file %s produced an unexpected error: %s. Skipping.úTraceback was: %sN) rr r rZverify_renewable_certÚappendÚ ExceptionÚloggerZwarningÚdebugÚ tracebackÚ format_excÚ_describe_certs)r Ú parsed_certsÚparse_failuresr Zrenewal_candidateÚerrrÚ certificatesEs  ÿr4cCsJt|ddd}|D]2}t ||¡tj tj¡}|jd  |¡ddqdS)z;Delete Certbot files associated with a certificate lineage.ÚdeleteT)Úallow_multiplez.Deleted all files relating to certificate {0}.FrN) rrZ delete_filesrrrrrr#r)r Ú certnamesr%r$rrrr5[s ÿÿr5c CsŠ|j}tj|ddzt ||¡}Wntjk r<YdSXzt ||¡WStjtfk r„t   d|¡t   dt   ¡¡YdSXdS)z)Find a lineage object with name certname.éí©ÚmodeNzRenewal conf file %s is broken.r)) Úrenewal_configs_dirrÚmake_or_verify_dirrZrenewal_file_for_certnamerÚCertStorageErrorr ÚIOErrorr,r-r.r/)Ú cli_configr%Ú configs_dirr rrrr"hs r"cCst||ƒ}|r| ¡SdS)z0Find the domains in the cert with name certname.N)r"Únames)r r%r'rrrÚdomains_for_certnamexs rBcs‡fdd„}t||dƒS)a~Find existing certs that match the given domain names. This function searches for certificates whose domains are equal to the `domains` parameter and certificates whose domains are a subset of the domains in the `domains` parameter. If multiple certificates are found whose names are a subset of `domains`, the one whose names are the largest subset of `domains` is returned. If multiple certificates' domains are an exact match or equally sized subsets, which matching certificates are returned is undefined. :param config: Configuration. :type config: :class:`certbot.configuration.NamespaceConfig` :param domains: List of domain names :type domains: `list` of `str` :returns: lineages representing the identically matching cert and the largest subset if they exist :rtype: `tuple` of `storage.RenewableCert` or `None` csb|\}}t| ¡ƒ}|tˆƒkr&|}n4| tˆƒ¡rZ|dkrB|}nt|ƒt| ¡ƒkrZ|}||fS)zsReturn cert as identical_names_cert if it matches, or subset_names_cert if it matches as subset N)ÚsetrAÚissubsetÚlen)Úcandidate_lineageÚrvZidentical_names_certZsubset_names_certZcandidate_names©ÚdomainsrrÚupdate_certs_for_domain_matches”s  z?find_duplicative_certs..update_certs_for_domain_matches)NN)Ú_search_lineages)r rIrJrrHrÚfind_duplicative_certs}s rLcs,|j‰‡‡fdd„t ˆ¡Dƒ}|r(|SdS)aJ In order to match things like: /etc/letsencrypt/archive/example.com/chain1.pem. Anonymous functions which call this function are eventually passed (in a list) to `match_and_check_overlaps` to help specify the acceptable_matches. :param `.storage.RenewableCert` candidate_lineage: Lineage whose archive dir is to be searched. :param str filetype: main file name prefix e.g. "fullchain" or "chain". :returns: Files in candidate_lineage's archive dir that match the provided filetype. :rtype: list of str or None cs,g|]$}t d ˆ¡|¡rtj ˆ|¡‘qS)z {0}[0-9]*.pem)ÚreÚmatchrr ÚpathÚjoin)Ú.0Úf©Ú archive_dirÚfiletyperrÚ ¸sÿz"_archive_files..N)rTr Úlistdir)rFrUÚpatternrrSrÚ_archive_files©s rYcCsdd„dd„dd„dd„gS)zª Generates the list that's passed to match_and_check_overlaps. Is its own function to make unit testing easier. :returns: list of functions :rtype: list cSs|jS©N)Zfullchain_path©ÚxrrrÚÅóz%_acceptable_matches..cSs|jSrZ©Ú cert_pathr[rrrr]År^cSs t|dƒS)NÚcert©rYr[rrrr]Ær^cSs t|dƒS)NÚ fullchainrbr[rrrr]Ær^rrrrrÚ_acceptable_matches¾s ÿrdcs(tƒ}tˆ|‡fdd„dd„ƒ}|dS)a“ If config.cert_path is defined, try to find an appropriate value for config.certname. :param `configuration.NamespaceConfig` cli_config: parsed command line arguments :returns: a lineage name :rtype: str :raises `errors.Error`: If the specified cert path can't be matched to a lineage name. :raises `errors.OverlappingMatchFound`: If the matched lineage's archive is shared. cs ˆjdS)Nrr_r[©r?rrr]Õr^z&cert_path_to_lineage..cSs|jSrZ)Ú lineagenamer[rrrr]Õr^r)rdÚmatch_and_check_overlaps)r?Úacceptable_matchesrNrrerÚcert_path_to_lineageÈs  ÿricsV‡‡fdd„}t||g|ƒ}|s8t d |jd¡¡‚nt|ƒdkrNt ¡‚n|SdS)a Searches through all lineages for a match, and checks for duplicates. If a duplicate is found, an error is raised, as performing operations on lineages that have their properties incorrectly duplicated elsewhere is probably a bad idea. :param `configuration.NamespaceConfig` cli_config: parsed command line arguments :param list acceptable_matches: a list of functions that specify acceptable matches :param function match_func: specifies what to match :param function rv_func: specifies what to return cs`‡fdd„|Dƒ}g}|D]"}t|tƒr2||7}q| |¡qˆˆƒ}||kr\| ˆˆƒ¡|S)z1Returns a list of matches using _search_lineages.csg|] }|ˆƒ‘qSrr)rQÚfunc©rFrrrVåszBmatch_and_check_overlaps..find_matches..)Ú isinstanceÚlistr*)rFZ return_valuerhZacceptable_matches_rvÚitemrN©Ú match_funcÚrv_funcrkrÚ find_matchesãs   z.match_and_check_overlaps..find_matchesz!No match found for cert-path {0}!réN)rKrr!rr`rEZOverlappingMatchFound)r?rhrprqrrZmatchedrrorrgØs   rgFc Cs*g}t ¡}|jr&|j|jkr&|s&dS|jrDt|jƒ | ¡¡sDdStj   t j   ¡¡}g}|j rj| d¡|j|kr€| d¡n| |¡r”| d¡|r¨dd |¡}nB|j|}|jdkrÂd}n(|jdkrÞd  |jd ¡}n d  |j¡}d  |j|¡} | d  |jd | ¡¡| |j|j¡¡d |¡S)zJ Returns a human readable description of info about a RenewableCert objectÚZ TEST_CERTZEXPIREDZREVOKEDz INVALID: z, rsz VALID: 1 dayzVALID: {0} hour(s)izVALID: {0} daysz {0} ({1})zq Certificate Name: {0} Domains: {1} Expiry Date: {2} Certificate Path: {3} Private Key Path: {4}ú )rZRevocationCheckerr%rfrIrCrDrAÚpytzZUTCZfromutcÚdatetimeZutcnowZ is_test_certr*Z target_expiryZ ocsp_revokedrPZdaysrZsecondsrcZprivkey) r raZskip_filter_checksÚcertinfoZcheckerZnowZreasonsZstatusZdiffZ valid_stringrrrÚhuman_readable_cert_infoùs>          ÷ ryc Csè|j}|r|g}nÒtj tj¡}t |¡}dd„|Dƒ}|sFt  d¡‚|rŠ|sZd  |¡} n|} |j | |ddd\} }| t j krät  d¡‚nZ|sšd   |¡} n|} |j| |ddd\} } | t j ksÐ| td t|ƒƒkrÚt  d¡‚|| g}|S) z9Get certname from flag, interactively, or error out. cSsg|]}t |¡‘qSr)rZlineagename_for_filename)rQÚnamerrrrV-sz!get_certnames..zNo existing certificates found.z+Which certificate(s) would you like to {0}?z --cert-nameT)Zcli_flagrrz(Which certificate would you like to {0}?r)r%rrrrrrr rr!rZ checklistrr ZmenuÚrangerE) r Zverbr6Z custom_promptr%r7r$Ú filenamesÚchoicesÚpromptr&Úindexrrrr$sB   ÿ    ÿ   rcCsdd dd„|Dƒ¡S)zFFormat a results report for a category of single-line renewal outcomesz z css|]}t|ƒVqdSrZ)Ústr)rQÚmsgrrrÚ Msz _report_lines..)rP)ZmsgsrrrÚ _report_linesKsrƒcCs(g}|D]}| t||ƒ¡qd |¡S)z)Format a results report for a parsed certÚ )r*ryrP)r r1rxrarrrÚ_report_human_readableOsr…cCsg}|j}|s|s|dƒnL|rP|js,|jr0dnd}|d |¡ƒ|t||ƒƒ|rh|dƒ|t|ƒƒtj t j ¡}|j d  |¡dddd S) z/Print information about the certs we know aboutzNo certs found.z matching rtzFound the following {0}certs:z3 The following renewal configurations were invalid:r„F)rZwrapN) r*r%rIrr…rƒrrrrrr#rP)r r1r2ÚoutZnotifyrNr$rrrr0Vs  r0c Gsˆ|j}tj|dd|}t |¡D]`}zt ||¡}Wn:tjtfk rpt   d|¡t   dt   ¡¡Yq"YnX|||f|žŽ}q"|S)aâIterate func over unbroken lineages, allowing custom return conditions. Allows flexible customization of return values, including multiple return values and complex checks. :param `configuration.NamespaceConfig` cli_config: parsed command line arguments :param function func: function used while searching over lineages :param initial_rv: initial return value of the function (any type) :returns: Whatever was specified by `func` if a match is found. r8r9z)Renewal conf file %s is broken. Skipping.r)) r;rr<rr r rr=r>r,r-r.r/)r?rjZ initial_rvÚargsr@rGr rFrrrrKks   rK)F)FN))Ú__doc__rwZloggingrMr.rvZzope.componentrZacme.magic_typingrZcertbotrrrrrrZcertbot.compatr Zcertbot.displayrZ getLoggerÚ__name__r,rr(r4r5r"rBrLrYrdrirgryrrƒr…r0rKrrrrÚsB           , ! + '