M/e 8UdZddlZddlmZddlmZddlmZddlmZddlmZddlmZdd lm Z dd l m Z dd l m Z dd l mZgd Z de j deeeefddffdZde j defdZde j de e j*defdZde e j.deede e j*de j ddf dZdedddfdZGddeej6Zdddej:d d!d"gd d#ed$d%d&d' gZeeeefed(<y))z(New interface style Certbot enhancementsN)Any)Callable)Dict) Generator)Iterable)List)Optional) configuration) interfaces) constants)redirectzensure-http-headerz ocsp-staplingconfigreturnc#JKtD]}t||ds|yw)z Generator to yield the enabled new style enhancements. :param config: Configuration. :type config: certbot.configuration.NamespaceConfig cli_destN)_INDEXgetattr)renhs >/usr/lib/python3/dist-packages/certbot/plugins/enhancements.pyenabled_enhancementsrs* 63z? +Is##c*tt|S)z Checks if one or more of the requested enhancements are those of the new enhancement interfaces. :param config: Configuration. :type config: certbot.configuration.NamespaceConfig )anyr)rs r are_requestedr(s #F+ ,, installercFt|D]}t||dryy)ai Checks that all of the requested enhancements are supported by the installer. :param config: Configuration. :type config: certbot.configuration.NamespaceConfig :param installer: Installer object :type installer: interfaces.Installer :returns: If all the requested enhancements are supported by the installer :rtype: bool classFT)r isinstance)rrrs r are_supportedr3s.$F+)S\2 rlineagedomainscV|r't|D]}t||d||yy)a Run enable method for each requested enhancement that is supported. :param lineage: Certificate lineage object :type lineage: certbot.interfaces.RenewableCert :param domains: List of domains in certificate to enhance :type domains: str :param installer: Installer object :type installer: interfaces.Installer :param config: Configuration. :type config: certbot.configuration.NamespaceConfig enable_functionN)rr)r r!rrrs renabler$Hs;$'/ IC 6GIs#45 6w H Iradd).Nc ZtD]"}||d|d|d|d|d|d$y) z Populates the command line flags for certbot._internal.cli.HelpfulParser :param add: Add function of certbot._internal.cli.HelpfulParser :type add: func cli_groupscli_flag cli_actionrcli_flag_defaultcli_help)actiondestdefaulthelpN)r)r%rs r populate_clir0_sE" C s:s<7HZ#.@*AZ ""rc eZdZdZej dejdededdfdZ ej dejdededdfdZ ej de ejd e e dededdf d Zy) AutoHSTSEnhancementa; Enhancement interface that installer plugins can implement in order to provide functionality that configures the software to have a 'Strict-Transport-Security' with initially low max-age value that will increase over time. The plugins implementing new style enhancements are responsible of handling the saving of configuration checkpoints as well as calling possible restarts of managed software themselves. For update_autohsts method, the installer may have to call prepare() to finalize the plugin initialization. Methods: enable_autohsts is called when the header is initially installed using a low max-age value. update_autohsts is called every time when Certbot is run using 'renew' verb. The max-age value should be increased over time using this method. deploy_autohsts is called for every lineage that has had its certificate renewed. A long HSTS max-age value should be set here, as we should be confident that the user is able to automatically renew their certificates. r argskwargsrNcy)a Gets called for each lineage every time Certbot is run with 'renew' verb. Implementation of this method should increase the max-age value. :param lineage: Certificate lineage object :type lineage: certbot.interfaces.RenewableCert .. note:: prepare() method inherited from `interfaces.Plugin` might need to be called manually within implementation of this interface method to finalize the plugin initialization. Nselfr r3r4s rupdate_autohstsz#AutoHSTSEnhancement.update_autohstsrcy)a Gets called for a lineage when its certificate is successfully renewed. Long max-age value should be set in implementation of this method. :param lineage: Certificate lineage object :type lineage: certbot.interfaces.RenewableCert Nr6r7s rdeploy_autohstsz#AutoHSTSEnhancement.deploy_autohstsr:rr!cy)a Enables the AutoHSTS enhancement, installing Strict-Transport-Security header with a low initial value to be increased over the subsequent runs of Certbot renew. :param lineage: Certificate lineage object :type lineage: certbot.interfaces.RenewableCert :param domains: List of domains in certificate to enhance :type domains: `list` of `str` Nr6)r8r r!r3r4s renable_autohstsz#AutoHSTSEnhancement.enable_autohstsr:r)__name__ __module__ __qualname____doc__abcabstractmethodr RenewableCertrr9r<r rstrr>r6rrr2r2ls2   z'?'?    WZ  _c      z'?'?  WZ _c     x 0H0H'I  T\]`Ta  "  .1  6:    rr2) metaclassAutoHSTSzUGradually increasing max-age value for HTTP Strict Transport Security security headerz --auto-hsts auto_hstssecurityenhance store_truer9r<r>) namer+r(r*r'rr)rupdater_functiondeployer_functionr#r) rBrCtypingrrrrrrr certbotr r certbot._internalr ENHANCEMENTSNamespaceConfigrFrboolr InstallerrrEr$r0objectABCMetar2 CLI_DEFAULTSr__annotations__r6rrr[sz. !'B  -- 2;DcNDRV