x[h" UdZddlZddlZddlmZmZmZddlmZddl m Z ddl m Z ddl mZejeZddd d d gd Zd d dddgd dddddgd dddddgd ddddd gd dd dddgd dZdD] Zedee< dD] Zedee< gdZdeed d!gd"Ze ed#<d$Zd%Zd&Zd'Zd(Zd)Zd*ed+e d,ed-ed.df d/Z y)0zCA Certs: Add ca certificates.N) lifecyclesubputil)Cloud)Config) MetaSchema) PER_INSTANCEz!/usr/local/share/ca-certificates/z#cloud-init-ca-cert-{cert_index}.crtz/etc/ca-certificates.confzupdate-ca-certificates) ca_cert_pathca_cert_local_pathca_cert_filenameca_cert_configca_cert_update_cmdz/etc/ssl/certs/z#cloud-init-ca-cert-{cert_index}.pemz+/etc/ca-certificates/conf.d/cloud-init.confzupdate-ca-bundlez/etc/pki/ca-trust/z/usr/share/pki/ca-trust-source/z+anchors/cloud-init-ca-cert-{cert_index}.crtzupdate-ca-trustz/etc/pki/trust/z/usr/share/pki/trust/z/etc/pki/tls/certs/zrehash_ca_certificates.sh)aoscfedorarhelopensusephoton)opensuse-microosopensuse-tumbleweed opensuse-leapsle_hpc sle-microslesr) almalinux cloudlinuxr)rrralpinedebianrrrrrrrrrubuntur cc_ca_certsca_certsca-certs)iddistros frequencyactivate_by_schema_keysmetactj|t}tjj |d|d|d<|S)zReturn a distro-specific ca_certs config dictionary @param distro_name: String providing the distro class name. @returns: Dict of distro configurations for ca_cert. r r ca_cert_full_path)DISTRO_OVERRIDESgetDEFAULT_CONFIGospathjoin) distro_namecfgs >/usr/lib/python3/dist-packages/cloudinit/config/cc_ca_certs.py_distro_ca_certs_configsr2jsF   {N ;C!ww|| !3'9#: C Jc8tj|ddy)z Updates the CA certificate cache on the current machine. @param distro_cfg: A hash providing _distro_ca_certs_configs function. rF)captureN)r distro_cfgs r1update_ca_certsr8ws  IIj-.>r3c|syt|dD]=\}}t|}|dj|}tj||d?y)a- Adds certificates to the system. To actually apply the new certificates you must also call the appropriate distro-specific utility such as L{update_ca_certs}. @param distro_cfg: A hash providing _distro_ca_certs_configs function. @param certs: A list of certificate strings. Nr() cert_indexi)mode) enumeratestrformatr write_file)r7certsr;ccert_file_contentscert_file_names r1 add_ca_certsrEsb "5!,H A V#$78??!@  (:G Hr3c|dvr t|y|dvr*t||dvrd}tjd|yyy)a. Disables all default trusted CA certificates. For Alpine, Debian and Ubuntu to actually apply the changes you must also call L{update_ca_certs}. @param distro_name: String providing the distro class name. @param distro_cfg: A hash providing _distro_ca_certs_configs function. )rr)rrrr)rrz8ca-certificates ca-certificates/trust_new_crts select no)zdebconf-set-selections-)dataN)remove_default_ca_certsdisable_system_ca_certsr)r/r7 debconf_sels r1disable_default_ca_certsrLsR(( + > > + . .O  II5K H / ?r3c|d}|rtjj|syd}d}tj|jrt j |}g}|jD]b}||k(rd}|j||dk(s|ddvr|j|:|s|j|d}|jd |zdt j|d j|d zd yy) z For every entry in the CA_CERT_CONFIG file prefix the entry with a "!" in order to disable it. @param distro_cfg: A hash providing _distro_ca_certs_configs function. r Nz;# Modified by cloud-init to deselect certs due to user-dataFTr)#!rP wb)omode) r,r-existsstatst_sizerload_text_file splitlinesappendr@r.)r7ca_cert_cfg_fnheader_comment added_headerorig out_lineslines r1rJrJs 01N !? FL ww~&&"">2 OO% -D~%#   &tAw*4  &#$$^4#'L  t, -  DIIi047t 'r3c|dytjdtj|dtj|dy)z Removes all default trusted CA certificates from the system. @param distro_cfg: A hash providing _distro_ca_certs_configs function. r NzDeleting system CA certificatesr )LOGdebugrdelete_dir_contentsr6s r1rIrIsF .!)II/0Z78Z(<=>r3namer0cloudargsreturncd|vrtjdddnd|vrtjd|yd|vrd|vrtj d |j d|j d}t |jj}d |vrtjd dd |j d |j d dr5tjdt|jj|d|vrCtj|d}|r+tjdt|t||tjdt|y)au Call to handle ca_cert sections in cloud-config file. @param name: The module name "ca_cert" from cloud.cfg @param cfg: A nested dict containing the entire cloud config contents. @param cloud: The L{CloudInit} object in use. @param log: Pre-initialized Python logger object to use for logging. @param args: Any module arguments from cloud.cfg r!zKey 'ca-certs'z22.1zUse 'ca_certs' instead.) deprecateddeprecated_version extra_messager zlistrur3r1rs % ++!#.+g!==134 */AG12  -?I01 -?I01  *5I78 ./A:; ;$L