Your IP : 216.73.216.172


Current Path : /lib/python3/dist-packages/certbot/plugins/__pycache__/
Upload File :
Current File : //lib/python3/dist-packages/certbot/plugins/__pycache__/common.cpython-38.pyc

U

�]�J�@s�dZddlZddlZddlZddlZddlZddlZddlZddlZddl	Z
ddlmZ
ddlmZddlmZddlmZddlmZddlmZdd	lmZdd
lmZddlmZddlmZddlmZdd
lmZe�e�Zdd�Zdd�Z e�!d�Z"e�!dej#�Z$e
j%�&ej'�Gdd�de(��Z)Gdd�de)�Z*Gdd�de(�Z+Gdd�de(�Z,Gdd�de,�Z-dd�Z.d d!�Z/Gd"d#�d#e(�Z0e0ej1e�ej1e<dS)$zPlugin common functions.�N)�util)�List)�achallenges)�	constants)�crypto_util)�errors)�
interfaces)�reverter)�os)�
filesystem)�
PluginStoragecCs|dS)�9ArgumentParser options namespace (prefix of all options).�-���namerr�8/usr/lib/python3/dist-packages/certbot/plugins/common.py�option_namespacesrcCs|�dd�dS)�;ArgumentParser dest namespace (prefix of all destinations).r�_)�replacerrrr�dest_namespace$srzX(^127\.0\.0\.1)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)z3^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*[a-z]+$c@sbeZdZdZdd�Zejdd��Zedd��Z	e
dd	��Zd
d�Ze
dd
��Z
dd�Zdd�ZdS)�PluginzGeneric plugin.cCs||_||_dS�N)�configr)�selfrrrrr�__init__5szPlugin.__init__cCsdS)a�Add plugin arguments to the CLI argument parser.

        NOTE: If some of your flags interact with others, you can
        use cli.report_config_interaction to register this to ensure
        values are correctly saved/overridable during renewal.

        :param callable add: Function that proxies calls to
            `argparse.ArgumentParser.add_argument` prepending options
            with unique plugin name prefix.

        Nr)�cls�addrrr�add_parser_arguments9szPlugin.add_parser_argumentscs��fdd�}|�|�S)zYInject parser options.

        See `~.IPlugin.inject_parser_options` for docs.

        cs�jd�t��|�f|�|�S)Nz--{0}{1})�add_argument�formatr)Zarg_name_no_prefix�args�kwargs�r�parserrrrOs���z)Plugin.inject_parser_options.<locals>.add)r)rr%rrrr$r�inject_parser_optionsGszPlugin.inject_parser_optionscCs
t|j�S)r
)rr�rrrrrVszPlugin.option_namespacecCs
|j|S)z'Option name (include plugin namespace).)r)rrrrr�option_name[szPlugin.option_namecCs
t|j�S)r)rrr'rrrr_szPlugin.dest_namespacecCs|j|�dd�S)z.Find a destination for given variable ``var``.rr)rr�r�varrrr�destdszPlugin.destcCst|j|�|��S)z0Find a configuration value for variable ``var``.)�getattrrr+r)rrr�confjszPlugin.confN)�__name__�
__module__�__qualname__�__doc__r�	jose_util�abstractclassmethodr�classmethodr&�propertyrr(rr+r-rrrrr/s




rcsteZdZdZ�fdd�Zddd�Zdd�Zd	d
�Zdd�Zddd�Z	dd�Z
edd��Zedd��Z
dd�Z�ZS)�	Installerz�An installer base class with reverter and ssl_dhparam methods defined.

    Installer plugins do not have to inherit from this class.

    cs4tt|�j||�t|j|j�|_t�|j�|_dSr)	�superr6rrrrZstorager	ZReverter)rr"r#��	__class__rrruszInstaller.__init__Fc
Cs\|r|jj}n|jj}z|||�Wn2tjk
rV}zt�t|���W5d}~XYnXdS)a�Add files to a checkpoint.

        :param set save_files: set of filepaths to save
        :param str save_notes: notes about changes during the save
        :param bool temporary: True if the files should be added to a
            temporary checkpoint rather than a permanent one. This is
            usually used for changes that will soon be reverted.

        :raises .errors.PluginError: when unable to add to checkpoint

        N)r	Zadd_to_temp_checkpoint�add_to_checkpointr�
ReverterError�PluginError�str)rZ
save_filesZ
save_notesZ	temporaryZcheckpoint_func�errrrrr:zs
zInstaller.add_to_checkpointc
CsHz|j�|�Wn2tjk
rB}zt�t|���W5d}~XYnXdS)z�Timestamp and save changes made through the reverter.

        :param str title: Title describing checkpoint

        :raises .errors.PluginError: when an error occurs

        N)r	�finalize_checkpointrr;r<r=)r�titler>rrrr?�szInstaller.finalize_checkpointc
CsFz|j��Wn2tjk
r@}zt�t|���W5d}~XYnXdS)z�Revert all previously modified files.

        Reverts all modified files that have not been saved as a checkpoint

        :raises .errors.PluginError: If unable to recover the configuration

        N)r	�recovery_routinerr;r<r=�rr>rrrrA�szInstaller.recovery_routinec
CsFz|j��Wn2tjk
r@}zt�t|���W5d}~XYnXdS)zkRollback temporary checkpoint.

        :raises .errors.PluginError: when unable to revert config

        N)r	�revert_temporary_configrr;r<r=rBrrrrC�sz!Installer.revert_temporary_config�c
CsHz|j�|�Wn2tjk
rB}zt�t|���W5d}~XYnXdS)z�Rollback saved checkpoints.

        :param int rollback: Number of checkpoints to revert

        :raises .errors.PluginError: If there is a problem with the input or
            the function is unable to correctly revert the configuration

        N)r	�rollback_checkpointsrr;r<r=)rZrollbackr>rrrrE�s	zInstaller.rollback_checkpointscCsxtjdtdd�t���Vt�ddt�z|j��Wn2tjk
rh}zt�	t
|���W5d}~XYnXW5QRXdS)z�Show all of the configuration changes that have taken place.

        :raises .errors.PluginError: If there is a problem while processing
            the checkpoints directories.

        z�The view_config_changes method is no longer part of Certbot's plugin interface, has been deprecated, and will be removed in a future release.���
stacklevel�ignorez.*view_config_changesN)�warnings�warn�DeprecationWarning�catch_warnings�filterwarningsr	�view_config_changesrr;r<r=rBrrrrO�s�
zInstaller.view_config_changescCstj�|jjtj�S)z(Full absolute path to ssl_dhparams file.)r
�path�joinr�
config_dirrZSSL_DHPARAMS_DESTr'rrr�ssl_dhparams�szInstaller.ssl_dhparamscCstj�|jjtj�S)z:Full absolute path to digest of updated ssl_dhparams file.)r
rPrQrrRrZUPDATED_SSL_DHPARAMS_DIGESTr'rrr�updated_ssl_dhparams_digest�sz%Installer.updated_ssl_dhparams_digestcCst|j|jtjtj�S)zJCopy Certbot's ssl_dhparams file into the system's config dir if required.)�install_version_controlled_filerSrTrZSSL_DHPARAMS_SRCZALL_SSL_DHPARAMS_HASHESr'rrr�install_ssl_dhparams�s�zInstaller.install_ssl_dhparams)F)rD)r.r/r0r1rr:r?rArCrErOr5rSrTrV�
__classcell__rrr8rr6os





r6c@sveZdZdZddd�Zedd��Zdd�Zd	d
�Zdd�Z	d
d�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�ZdS)�Addrz�Represents an virtual host address.

    :param str addr: addr part of vhost address
    :param str port: port number or \*, or ""

    FcCs||_||_dSr)�tup�ipv6)rrYrZrrrr�sz
Addr.__init__cCs�|�d�rh|�d�}|d|d�}d}t|�|dkrX||ddkrX||dd�}|||fdd	�S|�d�}||d
|df�SdS)zInitialize Addr from string.�[�]NrD�rF�:T)rZr)�
startswith�rfind�len�	partition)rZstr_addrZendIndexZhost�portrYrrr�
fromstring�s

 
zAddr.fromstringcCs|jdrd|jS|jdS)NrDz%s:%sr�rYr'rrr�__str__s

zAddr.__str__cCs|jr|��|jdfS|jS)z5Normalized representation of addr/port tuple
        rD)rZ�get_ipv6_explodedrYr'rrr�normalized_tuple	szAddr.normalized_tuplecCs t||j�r|��|��kSdS)NF)�
isinstancer9rh)r�otherrrr�__eq__szAddr.__eq__cCs
t|j�Sr)�hashrYr'rrr�__hash__sz
Addr.__hash__cCs
|jdS)z Return addr part of Addr object.rrer'rrr�get_addrsz
Addr.get_addrcCs
|jdS)zReturn port.rDrer'rrr�get_portsz
Addr.get_portcCs|�|jd|f|j�S)z6Return new address object with same addr and new port.r)r9rYrZ)rrcrrr�get_addr_obj#szAddr.get_addr_objcCs|�d�}|�d�}|�|�S)z7Return IPv6 address in normalized form, helper functionr[r\)�lstrip�rstrip�
_explode_ipv6)r�addrrrr�_normalize_ipv6's

zAddr._normalize_ipv6cCs |jrd�|�|jd��SdS)zReturn IPv6 in normalized formr^rr])rZrQrurYr'rrrrg-szAddr.get_ipv6_explodedcCs�ddddddddg}|�d�}t|�t|�kr>|dt|��}d}t|�D]P\}}|s^d}qJnt|�dkrt|�d�}|s�t|�||<qJt|�||t|�<qJ|S)z#Explode IPv6 address for comparison�0r^rFTrD)�splitra�	enumeraterqr=)rrt�resultZ	addr_listZ
append_to_end�i�blockrrrrs3s

zAddr._explode_ipv6N)F)r.r/r0r1rr4rdrfrhrkrmrnrorprurgrsrrrrrX�s

rXc@s*eZdZdZdd�Zd	dd�Zdd�ZdS)
�ChallengePerformeravAbstract base for challenge performers.

    :ivar configurator: Authenticator and installer plugin
    :ivar achalls: Annotated challenges
    :vartype achalls: `list` of `.KeyAuthorizationAnnotatedChallenge`
    :ivar indices: Holds the indices of challenges from a larger array
        so the user of the class doesn't have to.
    :vartype indices: `list` of `int`

    cCs||_g|_g|_dSr)�configurator�achalls�indices�rr}rrrrXszChallengePerformer.__init__NcCs$|j�|�|dk	r |j�|�dS)z�Store challenge to be performed when perform() is called.

        :param .KeyAuthorizationAnnotatedChallenge achall: Annotated
            challenge.
        :param int idx: index to challenge in a larger array

        N)r~�appendr)r�achall�idxrrr�	add_chall]szChallengePerformer.add_challcCs
t��dS)z�Perform all added challenges.

        :returns: challenge responses
        :rtype: `list` of `acme.challenges.KeyAuthorizationChallengeResponse`


        N)�NotImplementedErrorr'rrr�performiszChallengePerformer.perform)N)r.r/r0r1rr�r�rrrrr|Ls
r|csBeZdZdZ�fdd�Zdd�Zdd�Zdd	�Zd
dd�Z�Z	S)�TLSSNI01z1Abstract base for TLS-SNI-01 challenge performerscs(tt|��|�tj�|jjd�|_dS)Nz!le_tls_sni_01_cert_challenge.conf)	r7r�rr
rPrQrrRZchallenge_confr�r8rrrxs
�zTLSSNI01.__init__cCs tj�|jjj|j�d�d�S)z�Returns standardized name for challenge certificate.

        :param .KeyAuthorizationAnnotatedChallenge achall: Annotated
            tls-sni-01 challenge.

        :returns: certificate file name
        :rtype: str

        �tokenz.crt�r
rPrQr}r�work_dirZchall�encode�rr�rrr�
get_cert_path~s
�zTLSSNI01.get_cert_pathcCs tj�|jjj|j�d�d�S)z'Get standardized path to challenge key.r�z.pemr�r�rrr�get_key_path�s�zTLSSNI01.get_key_pathcCs|�|j�j�d�S)z.Returns z_domain (SNI) name for the challenge.zutf-8)�responseZaccount_keyZz_domain�decoder�rrr�get_z_domain�szTLSSNI01.get_z_domainNc	Cs�|�|�}|�|�}|jj�d|�|jj�d|�|j|d�\}\}}tj�tjj	|�}tj�
tjj	|�}	t|d��}
|
�|�W5QRXt
j|ddd��}|�|	�W5QRX|S)z-Generate and write out challenge certificate.T)�cert_key�wb�)�chmod)r�r�r}r	Zregister_file_creationZresponse_and_validation�OpenSSLZcryptoZdump_certificateZFILETYPE_PEMZdump_privatekey�open�writerZ	safe_open)rr�r�Z	cert_pathZkey_pathr�Zcert�keyZcert_pemZkey_pemZ
cert_chall_fdZkey_filerrr�_setup_challenge_cert�s(

���zTLSSNI01._setup_challenge_cert)N)
r.r/r0r1rr�r�r�r�rWrrr8rr�ts
r�c	s�t������fdd�����fdd�}tj���s>|�dSt���}|�krTdS||krd|�nLtj���r�t�d��}|��}W5QRX|�kr�dS��t�d����dS)a�Copy a file into an active location (likely the system's config dir) if required.

       :param str dest_path: destination path for version controlled file
       :param str digest_path: path to save a digest of the file in
       :param str src_path: path to version controlled file found in distribution
       :param list all_hashes: hashes of every released version of the file
    c	s$t�d��}|���W5QRXdS)N�w)r�r�)�f)�current_hash�digest_pathrr�_write_current_hash�sz<install_version_controlled_file.<locals>._write_current_hashcst������dSr)�shutilZcopyfiler)r��	dest_path�src_pathrr�_install_current_file�sz>install_version_controlled_file.<locals>._install_current_fileN�rzh%s has been manually modified; updated file saved to %s. We recommend updating %s for security purposes.)	rZ	sha256sumr
rP�isfiler��read�loggerZwarning)r�r�r�Z
all_hashesr�Zactive_file_digestr�Zsaved_digestr)r�r�r�r�r�rrU�s,

�rUcCs�dd�}|d�}|d�}|d�}t�|tj�t�|tj�t�|tj�t�|tj�d|��}t	j
|tj�||�dd�|||fS)	z5Setup the directories necessary for the configurator.cSst�t�|��S)a�Return the real path of a temp directory with the specified prefix

        Some plugins rely on real paths of symlinks for working correctly. For
        example, certbot-apache uses real paths of configuration files to tell
        a virtual host from another. On systems where TMP itself is a symbolic
        link, (ex: OS X) such plugins will be confused. This function prevents
        such a case.
        )r�realpath�tempfileZmkdtemp)�prefixrrr�expanded_tempdir�s	z#dir_setup.<locals>.expanded_tempdirZtemprZworkZtestdataT)Zsymlinks)rr�rZCONFIG_DIRS_MODE�
pkg_resourcesZresource_filenamer
rPrQr�Zcopytree)Ztest_dir�pkgr�Ztemp_dirrRr�Ztest_configsrrr�	dir_setup�s"��r�c@s8eZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�ZdS)
�_TLSSNI01DeprecationModulez�
    Internal class delegating to a module, and displaying warnings when
    attributes related to TLS-SNI-01 are accessed.
    cCs||jd<dS�N�_module)�__dict__)r�modulerrrrsz#_TLSSNI01DeprecationModule.__init__cCs$|dkrtjdtdd�t|j|�S)Nr�z0TLSSNI01 is deprecated and will be removed soon.rFrG)rJrKrLr,r��r�attrrrr�__getattr__s�z&_TLSSNI01DeprecationModule.__getattr__cCst|j||�dSr)�setattrr�)rr��valuerrr�__setattr__sz&_TLSSNI01DeprecationModule.__setattr__cCst|j|�dSr)�delattrr�r�rrr�__delattr__sz&_TLSSNI01DeprecationModule.__delattr__cCsdgt|j�Sr�)�dirr�r'rrr�__dir__sz"_TLSSNI01DeprecationModule.__dir__N)	r.r/r0r1rr�r�r�r�rrrrr�sr�)2r1Zlogging�rer��sysr�rJr�r�Zzope.interface�zopeZjosepyrr2Zacme.magic_typingrZcertbotrrrrrr	Zcertbot.compatr
rZcertbot.plugins.storagerZ	getLoggerr.r�rr�compileZprivate_ips_regex�
IGNORECASEZhostname_regexZ	interfaceZimplementerZIPlugin�objectrr6rXr|r�rUr�r��modulesrrrr�<module>sR
��?{b(92!