M/eH dZddlZddlZddlZddlZddlmZddlmZddlmZddlm Z ddlm Z ddlm Z dd lm Z dd lm Z ddlZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZej6eZdej<ddfdZdej<ddfdZ dej<ddfdZ!dej<ddfdZ"dej<de#de ejHfdZ%dej<de#de e e#fdZ&dej<de e#de e ejHe ejHffdZ'dejHde#de e e#fd Z(de e eejHge#feejHge e e#fffd!Z)dej<de#fd"Z*dej<d#ee eejHge#feejHge e e#ffd$eejHge#fd%eejHge#fde e#f d&Z+ d:dej<d'ejHd(e,de e#fd)Z- d;dej<d*e#d+e,d,e e#de e#f d-Z.d.ee#de#fd/Z/dej<d0eejHde#fd1Z0dej<d0eejHd2ee#ddfd3Z1e d4Z2dej<d5ed6e2fd7e2d8ede2f d9Z3y)JA O LL-y/C/C/E F  ! !, / /  0sy ) z;Delete Certbot files associated with a certificate lineage.deleteT)allow_multiplez8The following certificate(s) are selected for deletion: z * aP WARNING: Before continuing, ensure that the listed certificates are not being used by any installed server software (e.g. Apache, nginx, mail servers). Deleting a certificate that is still being used will cause the server software to stop working. See https://certbot.org/deleting-certs for information on deleting certificates safely.z: Are you sure you want to delete the above certificate(s)? )defaultz$Deletion of certificate(s) canceled.Nz.Deleted all files relating to certificate {0}.) r!r3r#yesnojoinr5infor delete_filesnotifyr%)r certnamesmsgr,s rrArAbsfhtDI F GC& 6H$%&JJ b JJLM   diind ; :;/VX.L#VH- //r cli_configr,c|j}tj|d tj||} tj||S#t j $rYywxYw#t j tf$rAtjd|tjdtjYywxYw)z)Find a lineage object with name certname.modeNzRenewal conf file %s is broken.r1) renewal_configs_dirrmake_or_verify_dirrrenewal_file_for_certnamer CertStorageErrorrIOErrorr5r7r8r9)rLr, configs_dirrs rr(r(|s00KKe488XN $$\:>>  " "  # #W - 6 E )9+?+?+ABs#AA+A('A(+ACCcBt||}|r|jSdS)z0Find the domains in the cert with name certname.N)r(names)rr,r.s rdomains_for_certnamerYs##684G%7==?/4/rdomainsc "dtjdtttjttjfdtttjttjfffd }d}t |||S)aFind existing certs that match the given domain names. This function searches for certificates whose domains are equal to the `domains` parameter and certificates whose domains are a subset of the domains in the `domains` parameter. If multiple certificates are found whose names are a subset of `domains`, the one whose names are the largest subset of `domains` is returned. If multiple certificates' domains are an exact match or equally sized subsets, which matching certificates are returned is undefined. :param config: Configuration. :type config: :class:`certbot._internal.configuration.NamespaceConfig` :param domains: List of domain names :type domains: `list` of `str` :returns: lineages representing the identically matching cert and the largest subset if they exist :rtype: `tuple` of `storage.RenewableCert` or `None` candidate_lineagervrc|\}}t|j}|tk(r|}||fS|jtr/||}||fSt|t|jkDr|}||fS)zsReturn cert as identical_names_cert if it matches, or subset_names_cert if it matches as subset )setrXissubsetlen)r\r]identical_names_certsubset_names_certcandidate_namesrZs rupdate_certs_for_domain_matchesz?find_duplicative_certs..update_certs_for_domain_matchess35///5578 c'l *#4 %&788 % %c'l 3!($5!%&788_%,=,C,C,E(FF$5!$&788r)NN)rrrr_search_lineages)rrZreinits ` rfind_duplicative_certsrhs297;P;P9,1(7;P;P2Q2:7;P;P2Q3R-S9.38Gz%_acceptable_matches..s a&&rc|jSru cert_pathrws rryz%_acceptable_matches..s !++rct|dS)Ncertrrrws rryz%_acceptable_matches..s nQ/rct|dS)N fullchainrrws rryz%_acceptable_matches..s >![;Yrrrr_acceptable_matchesrs '(= /1Y [[rcFt}t|fdd}|dS)a If config.cert_path is defined, try to find an appropriate value for config.certname. :param `configuration.NamespaceConfig` cli_config: parsed command line arguments :returns: a lineage name :rtype: str :raises `errors.Error`: If the specified cert path can't be matched to a lineage name. :raises `errors.OverlappingMatchFound`: If the matched lineage's archive is shared. cjSrur{)rxrLs rryz&cert_path_to_lineage..s z/C/Crc|jSru) lineagenamerws rryz&cert_path_to_lineage..s q}}rr)rmatch_and_check_overlaps)rLacceptable_matchesrns` rcert_path_to_lineagers--. $Z1C%CE\ ^E 8Orr match_funcrv_funcc dtjdttdtt t tjgtft tjgtttffdttffd }t||g|}|s#tjd|jdt|dkDrtj|S) a Searches through all lineages for a match, and checks for duplicates. If a duplicate is found, an error is raised, as performing operations on lineages that have their properties incorrectly duplicated elsewhere is probably a bad idea. :param `configuration.NamespaceConfig` cli_config: parsed command line arguments :param list acceptable_matches: a list of functions that specify acceptable matches :param function match_func: specifies what to match :param function rv_func: specifies what to return r\ return_valuerrc|Dcgc] }|| }}g}|D],}t|tr||z }|s|j|.|}||vr|j ||Scc}w)z1Returns a list of matches using _search_lineages.) isinstancelistr3) r\rrfuncacceptable_matches_resolvedacceptable_matches_rvitemrnrrs r find_matchesz.match_and_check_overlaps..find_matches s L^&^4t,='>&^#&^+-/ 3D$%%-%%,,T2  3 ,- ) )   (9 : ;'_sA/zNo match found for cert-path !)rrrstrrr rrrfr r'r|raOverlappingMatchFound)rLrrrrmatcheds `` rrrs (=(=TRUY)1%!7#8#8"93">?!7#8#8"98DI;N"NOP3Q*RW[[^V_"**lBHZ[G ll::;O;O:PPQRSS W **,, Nrr~skip_filter_checkscrg}tj}|jr|j|jk7r|sy|jr3t |jj |jsytjjtj}g}|jr|jd|j|kr|jdn"|j|r|jd|rddj!|z}nT|j|z }|j"dk(rd}n3|j"dkrd |j$d zd }nd |j"d }d j'|j|} t't)j*|j,d} |jd|jd| d|j.ddj!|jd| d|j0d|j2dj!|S)zJ Returns a human readable description of info about a RenewableCert objectN TEST_CERTEXPIREDREVOKEDz INVALID: z, rz VALID: 1 dayzVALID: iz hour(s)z daysz {0} ({1})rxz Certificate Name: z Serial Number: z Key Type: z Domains:  z Expiry Date: z Certificate Path: z Private Key Path: )rRevocationCheckerr,rrZr_r`rXdatetimenowpytzUTC is_test_certr3 target_expiry ocsp_revokedrFdayssecondsr%r get_serial_from_certr|private_key_typerprivkey) rr~rcertinfocheckerrreasonsstatusdiff valid_stringserials rhuman_readable_cert_infor&sH$$&G 4++v>GY ~~c&..1::4::<H      )CG {# S y!   d #y!tyy11!!C' 99>#F YY]t||t34H=Ftyyk/F%%d&8&8&AL K44T^^Dc JF OO*4+;+;*<=**02%%)%:%:$;<$$'HHTZZ\$:#;<((4~6--1^^,<=--1\\N <= 778 rverbrB custom_promptc||j}|r|g}|Stj|}|Dcgc]}tj|}}|st j d|r\|sdj |} n|} tj| |dd\} }| tjk7rt j d|S|sdj |} n|} tj| |dd\} } | tjk7s| tdt|vrt j d|| g}|Scc}w) z4Get certname from flag, interactively, or error out.zNo existing certificates found.z+Which certificate(s) would you like to {0}?z --cert-nameT)cli_flagrrz(Which certificate would you like to {0}?r) r,rrlineagename_for_filenamer r'r%r# checklistr&menurangera) rrrBrr,rJ filenamesnamechoicespromptr-indexs rr!r!Qs?HJ 6 3..v6 FOPd733D9PP,,@A A  FMMdS&*44-4QOD)|&ll#<== !CJJ4P&&++-4QKD%|&%uQG 7M*Mll#<== (I 1QsD9msgsc8ddjd|DzS)zFFormat a results report for a category of single-line renewal outcomesz z c32K|]}t|ywru)r).0rKs r z _report_lines..zs73c#h7s)rF)rs r _report_linesrxs &++7$77 77rr;cvg}|D]"}t||}||j|$dj|S)z)Format a results report for a parsed certrC)rr3rF)rr;rr~ cert_infos r_report_human_readabler}sGH',VT:  OOI &' 99X rr<cLg}|j}|s |s |dnb|rE|js |jrdnd}|dj||t |||r|d|t |t jdj|ddy ) z/Print information about the certs we know aboutzNo certificates found.z matching rzFound the following {0}certs:z3 The following renewal configurations were invalid:rCF)r wrapN) r3r,rZr%rrr#r+rF)rr;r<outrIrns rr:r:sC ZZF '( #)??fnnK"E 299%@ A )&,? @   =0 1diinEFrTr. initial_rvargsc|j}tj|d|}tj|D]#} tj ||}|||g|}%|S#t jtf$rAtjd|tjdtjYwxYw)aIterate func over unbroken lineages, allowing custom return conditions. Allows flexible customization of return values, including multiple return values and complex checks. :param `configuration.NamespaceConfig` cli_config: parsed command line arguments :param function func: function used while searching over lineages :param initial_rv: initial return value of the function (any type) :returns: Whatever was specified by `func` if a match is found. rNrOz)Renewal conf file %s is broken. Skipping.r1) rQrrRrrrr rTrUr5r7r8r9)rLrrrrVr]rr\s rrfrfs00KKe4 B22:>0   ' 5 5lJ O  #R /$ /0 I ''1  LLDl S LL-y/C/C/E F  sA##AB=<B=)F)FN)4__doc__rloggingrmr8typingrrrrrrr r rcertbotr r r rrcertbot._internalrcertbot.compatrcertbot.displayr# getLogger__name__r5NamespaceConfigrr/r?rArrr(rYrhrrrrrboolrr!rrr:rrfrrrrs&  !%0   8 $ J!>!> J4 J O=88OTO4:66:4:./=00/T/4]%B%B#&+3G4I4I+J$0!>!>0#&0+3DI+>02K=#@#@2K$(I2K27AVAV8W8@AVAV8W9X3Y2Kjg&;&;sxX\]`XaOb, [T%'2G2G1H#1M(N(0'2G2G1H(SWX[S\J]1](^)_#`a []%B%Bs"&)F)F&19%!)7+@+@*A3*F!G!)7+@+@*A8DQTICV*V!W"X;Y2Z&*273H3H2I32N)O & '/0E0E/F/K&L & RVVYQZ &T9>(]%B%B('J_J_(15(BJ3-(V\a15 -77 s TX !)# :>s) N8 8#8 =#@#@)1'2G2G)HMPGM99G"*7+@+@"AG$,SMG6:G. CL!>!>hsTUvFV!"+.34r