M/eJ*dZddlZddlZddlZddlZddlmZddlmZddlmZddlm Z ddl m Z ddl Z ddl mZdd l mZdd lmZdd lmZdd lmZej*eZGd dej0ZGddZdeddfdZdedefdZy)z$Certbot user-supplied configuration.N)Any)Dict)List)Optional)parse)errors)util) constants)misc)osceZdZdZej Z ej Z ej Z ej Z ej Z y)ArgumentSourcez;Enum for describing where a configuration argument was set.N) __name__ __module__ __qualname____doc__enumauto COMMAND_LINE CONFIG_FILEDEFAULTENV_VARRUNTIME7/usr/lib/python3/dist-packages/certbot/configuration.pyrrsUE499;L4$))+K6diikGNdiikG;diikG0rrceZdZdZdej ddfdZdeee fddfdZ dede fd Z deee ffd Zd eddfd Zedeeee ffd Zd ede fdZd ede ddfdZedefdZej,deddfdZedeefdZej,deddfdZedefdZej,deddfdZedefdZej,deddfdZedefdZej,deddfdZede fd Zedefd!Zedefd"Zedefd#Zedefd$Z edefd%Z!edefd&Z"edefd'Z#edefd(Z$ede fd)Z%edefd*Z&edefd+Z'edefd,Z(ede)efd-Z*ede fd.Z+ede fd/Z,ede fd0Z-edeefd1Z.edefd2Z/d3edefd4Z0edefd5Z1edefd6Z2edefd7Z3edefd8Z4edefd9Z5edefd:Z6edefd;Z7edefd<Z8ede fd=Z9d>e ddfd?Z:y)@NamespaceConfiga4Configuration wrapper around :class:`argparse.Namespace`. Please note that the following attributes are dynamically resolved using :attr:`~certbot.configuration.NamespaceConfig.work_dir` and relative paths defined in :py:mod:`certbot._internal.constants`: - `accounts_dir` - `csr_dir` - `in_progress_dir` - `key_dir` - `temp_checkpoint_dir` And the following paths are dynamically resolved using :attr:`~certbot.configuration.NamespaceConfig.config_dir` and relative paths defined in :py:mod:`certbot._internal.constants`: - `default_archive_dir` - `live_dir` - `renewal_configs_dir` :ivar namespace: Namespace typically produced by :meth:`argparse.ArgumentParser.parse_args`. :type namespace: :class:`argparse.Namespace` namespacereturnNc4|tj|d|tj|ddtj|ditjj |j j |j _tjj |j j|j _tjj |j j|j _t|y)Nr_argument_sources_previously_accessed_mutables) object __setattr__r pathabspathr config_dirwork_dirlogs_dir_check_config_sanity)selfrs r__init__zNamespaceConfig.__init__As 4i84!4d;4!@"E$&GGOODNN4M4M$N!"$''//$..2I2I"J"$''//$..2I2I"J T"rargument_sourcesc2tj|d|y)al Associate the NamespaceConfig with a dictionary describing where each of its arguments came from, e.g. `{ 'email': ArgumentSource.CONFIG_FILE }`. This is necessary for making runtime evaluations on whether an argument was specified by the user or not (see `set_by_user`). For an example of how to build such a dictionary, see `certbot._internal.cli.helpful.HelpfulArgumentParser._build_sources_dict` :ivar argument_sources: dictionary of argument names to their :class:`ArgumentSource` :type argument_sources: :class:`Dict[str, ArgumentSource]` r"N)r$r%)r,r.s rset_argument_sourcesz$NamespaceConfig.set_argument_sourcesOs 4!46FGrvarc ddlm}ddlm}ddlm}|j t d||vry|dvr&|j|\}}|d k(r|duS|d k(r|duS||j vrB|j |tjk7r"tjd |t||y |j|gD]<}|j|stjd ||j|gy y) ad Return True if a particular config variable has been set by the user (via CLI or config file) including if the user explicitly set it to the default, or if it was dynamically set at runtime. Returns False if the variable was assigned a default value. Raises an exception if `argument_sources` is not set. r)DEPRECATED_OPTIONS) VAR_MODIFIERS) selectionNzoNamespaceConfig.set_by_user called without an ArgumentSources dict. See NamespaceConfig.set_argument_sources().F) authenticator installerr6r7zVar %s=%s (set by user).T)#certbot._internal.cli.cli_constantsr3r4certbot._internal.pluginsr5r. RuntimeErrorcli_plugin_requestsrrloggerdebuggetattrget set_by_user)r,r1r3r4r5authinstmodifiers rr@zNamespaceConfig.set_by_useras KE7  (>? ? $ $ 0 0"66trrJr")r,rH prev_value current_values rr.z NamespaceConfig.argument_sourcessd!% B B G G I O O Q 2 D*#DNND9M *++D1 2%%%rc|j}t|j|}|U||vs||tjk7r;||j vr-t |s"tj||j |<|SN) r.r>rrrr# _is_immutablerLdeepcopy)r,rH arg_sourcesvalues r __getattr__zNamespaceConfig.__getattr__su++ -  ";&+d*;~?U?U*U tAAA-X]J^?C}}U?SD66t< rrUcT|j|t|j||yrQ)rJsetattrr)r,rHrUs rr%zNamespaceConfig.__setattr__s  ##D)e,rc.|jjS)zACME Directory Resource URI.)rserverrFs rrZzNamespaceConfig.servers~~$$$rserver_cH|jd||j_y)NrZ)rJrrZ)r,r[s rrZzNamespaceConfig.servers ##H- 'rc.|jjS)zEmail used for registration and recovery contact. Use comma to register multiple emails, ex: u1@example.com,u2@example.com. (default: Ask). )remailrFs rr^zNamespaceConfig.emails~~###rmailcH|jd||j_y)Nr^)rJrr^)r,r_s rr^zNamespaceConfig.emails ##G,#rc.|jjS)zSize of the RSA key.)r rsa_key_sizerFs rrbzNamespaceConfig.rsa_key_sizes~~***rksizecH|jd||j_y)zSet the rsa_key_size propertyrbN)rJrrb)r,rcs rrbzNamespaceConfig.rsa_key_sizes ##N3&+#rc.|jjS)z`The SECG elliptic curve name to use. Please see RFC 8446 for supported values. )relliptic_curverFs rrfzNamespaceConfig.elliptic_curves ~~,,,recurvecH|jd||j_y)zSet the elliptic_curve propertyrfN)rJrrf)r,rgs rrfzNamespaceConfig.elliptic_curves ##$45(.%rc.|jjS)zhType of generated private key. Only *ONE* per invocation can be provided at this time. )rkey_typerFs rrjzNamespaceConfig.key_types ~~&&&rktypecH|jd||j_y)zSet the key_type propertyrjN)rJrrj)r,rks rrjzNamespaceConfig.key_types ##J/"'rc.|jjS)zAdds the OCSP Must-Staple extension to the certificate. Autoconfigures OCSP Stapling for supported setups (Apache version >= 2.3.3 ). )r must_staplerFs rrnzNamespaceConfig.must_staple~~)))rc.|jjS)zConfiguration directory.)rr(rFs rr(zNamespaceConfig.config_dir s~~(((rc.|jjS)zWorking directory.)rr)rFs rr)zNamespaceConfig.work_dirs~~&&&rc8|j|jS)z2Directory where all account information is stored.)accounts_dir_for_server_path server_pathrFs r accounts_dirzNamespaceConfig.accounts_dirs001A1ABBrctjj|jjt j S)z Configuration backups directory.)r r&joinrr)r BACKUP_DIRrFs r backup_dirzNamespaceConfig.backup_dirs)ww||DNN33Y5I5IJJrctjdttjj |j jtjS)zBDirectory where new Certificate Signing Requests (CSRs) are saved.z[NamespaceConfig.csr_dir is deprecated and will be removed in an upcoming release of Certbot) warningswarnDeprecationWarningr r&rwrr(r CSR_DIRrFs rcsr_dirzNamespaceConfig.csr_dir >  +,> @ww||DNN55y7H7HIIrctjj|jjt j S)z:Directory used before a permanent checkpoint is finalized.)r r&rwrr)r IN_PROGRESS_DIRrFs rin_progress_dirzNamespaceConfig.in_progress_dir's)ww||DNN33Y5N5NOOrctjdttjj |j jtjS)z Keys storage.z[NamespaceConfig.key_dir is deprecated and will be removed in an upcoming release of Certbot) r{r|r}r r&rwrr(r KEY_DIRrFs rkey_dirzNamespaceConfig.key_dir,rrctjj|jjt j S)zTemporary checkpoint directory.)r r&rwrr)r TEMP_CHECKPOINT_DIRrFs rtemp_checkpoint_dirz#NamespaceConfig.temp_checkpoint_dir3s0ww|| NN # #Y%B%BD Drc.|jjS)zDisable verification of the ACME server's certificate. The root certificates trusted by Certbot can be overriden by setting the REQUESTS_CA_BUNDLE environment variable. )r no_verify_sslrFs rrzNamespaceConfig.no_verify_ssl9s~~+++rc.|jjS)zPort used in the http-01 challenge. This only affects the port Certbot listens on. A conforming ACME server will still attempt to connect on port 80. )r http01_portrFs rrzNamespaceConfig.http01_portBrorc.|jjS)z;The address the server listens to during http-01 challenge.)rhttp01_addressrFs rrzNamespaceConfig.http01_addressKs~~,,,rc.|jjS)zPort used to serve HTTPS. This affects which port Nginx will listen on after a LE certificate is installed. )r https_portrFs rrzNamespaceConfig.https_portPs~~(((rc.|jjS)zuList of user specified preferred challenges. Sorted with the most preferred challenge listed first. )r pref_challsrFs rrzNamespaceConfig.pref_challsYs ~~)))rc.|jjS)aAllow only a subset of names to be authorized to perform validations. When performing domain validation, do not consider it a failure if authorizations can not be obtained for a strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to succeed even if some domains no longer point at this system. )rallow_subset_of_namesrFs rrz%NamespaceConfig.allow_subset_of_namesas~~333rc.|jjS)zEnable strict permissions checks. Require that all configuration files are owned by the current user; only needed if your config is somewhere unsafe like /tmp/. )rstrict_permissionsrFs rrz"NamespaceConfig.strict_permissionsms~~000rc.|jjS)zDisable renewal updates. If updates provided by installer enhancements when Certbot is being run with "renew" verb should be disabled. )rdisable_renew_updatesrFs rrz%NamespaceConfig.disable_renew_updatesvs~~333rc.|jjS)zSet the preferred certificate chain. If the CA offers multiple certificate chains, prefer the chain whose topmost certificate was issued from this Subject Common Name. If no match, the default offered chain will be used. )rpreferred_chainrFs rrzNamespaceConfig.preferred_chains~~---rctj|jj}|j|j zj dtj jS)zFile path based on ``server``./) rurlparserrZnetlocr&replacer sep)r,parseds rrtzNamespaceConfig.server_pathsD 5 56  +44S"''++FFrrtctj|}tjj |j j tj|S)z/Path to accounts directory based on server_path) r .underscores_for_unsupported_characters_in_pathr r&rwrr(r ACCOUNTS_DIR)r,rts rrsz,NamespaceConfig.accounts_dir_for_server_paths@II+V ww|| NN % %y'='={L Lrctjj|jjt j SrQ)r r&rwrr(r ARCHIVE_DIRrFs rdefault_archive_dirz#NamespaceConfig.default_archive_dirs'ww||DNN55y7L7LMMrctjj|jjt j SrQ)r r&rwrr(r LIVE_DIRrFs rlive_dirzNamespaceConfig.live_dirs'ww||DNN55y7I7IJJrctjj|jjt j SrQ)r r&rwrr(r RENEWAL_CONFIGS_DIRrFs rrenewal_configs_dirz#NamespaceConfig.renewal_configs_dirs.ww|| NN % %y'D'DF Frctjj|jjt j S)z>Path to directory with hooks to run with the renew subcommand.)r r&rwrr(r RENEWAL_HOOKS_DIRrFs rrenewal_hooks_dirz!NamespaceConfig.renewal_hooks_dirs.ww||DNN55%779 9rcrtjj|jtj S)z8Path to the pre-hook directory for the renew subcommand.)r r&rwrr RENEWAL_PRE_HOOKS_DIRrFs rrenewal_pre_hooks_dirz%NamespaceConfig.renewal_pre_hooks_dirs*ww||D22%;;= =rcrtjj|jtj S)z;Path to the deploy-hook directory for the renew subcommand.)r r&rwrr RENEWAL_DEPLOY_HOOKS_DIRrFs rrenewal_deploy_hooks_dirz(NamespaceConfig.renewal_deploy_hooks_dirs,ww||D22%>>@ @rcrtjj|jtj S)z9Path to the post-hook directory for the renew subcommand.)r r&rwrr RENEWAL_POST_HOOKS_DIRrFs rrenewal_post_hooks_dirz&NamespaceConfig.renewal_post_hooks_dirs*ww||D22%<<> >rc.|jjS)zuThis option specifies how long (in seconds) Certbot will wait for the server to issue a certificate. )rissuance_timeoutrFs rrz NamespaceConfig.issuance_timeouts ~~...rc.|jjS)zThis option specifies whether Certbot should generate a new private key when replacing a certificate, even if reuse_key is set. )rnew_keyrFs rrzNamespaceConfig.new_keys ~~%%%r_memoc6tj|j}t||}tj |dtj|j tj |dtj|j|S)Nr"r#)rLrSrtyper$r%r.r#)r,rnew_ns new_configs r __deepcopy__zNamespaceConfig.__deepcopy__srt~~.T$Z' :':DMM$J_J_<`a:'F==)K)KL Nr);rrrrargparse Namespacer-rstrrr0boolr@rrGrJpropertyrr.rVr%rZsetterr^intrbrfrjrnr(r)ruryrrrrrrrrrrrrrrrtrsrrrrrrrrrrrrrrr&sg4 #("4"4 # #HT#~:M5NHSWH$(s(t(T$c3h$ =3 =4 = &(4^0C+D"E & &&   --C-D-%%% ]](c(d(($x}$$ \\$#$$$$+c++,#,$,, ---/S/T// '#''__(c(d(( *T**)C))'#''CcCCKCKKJJJ PPPJJJ DSDD ,t,,*S**---)C))*T#Y** 4t 4 41D114t44.#..GSGG LLL NSNNK#KKFSFF9399 =s== @#@@ >>> /#// &&&#*;rrconfigr c |j|jk(r.tjdj |j|j j 1|j j D]}tj|yy)zValidate command line options and display error message if requirements are not met. :param config: NamespaceConfig instance holding user configuration :type args: :class:`certbot.configuration.NamespaceConfig` z;Trying to run http-01 and https-port on the same port ({0})N) rrrConfigurationErrorformatrdomainsr enforce_domain_sanity)rdomains rr+r+sV...'' %%+VF,=,=%>@ @ +&&.. /F  & &v . /,rrUct|trtd|DSttt t tttfD]}t||sy|duS)zIs value of an immutable type?c32K|]}t|ywrQ)rR).0subvalues r z _is_immutable..sAx=*AsTN) isinstancetupleallrfloatcomplexrbytesr frozenset)rUimmutable_types rrRrRsT%A5AAAwUD)M e^ , D=r)rrrLrloggingtypingrrrrurllibrr{certbotrr certbot._internalr certbot.compatr r getLoggerrr<Enumrrr+rrRrrrrs* '   8 $ 1TYY 1ll^ //T/*   r