a }|gG@sdZddlZddlZddlZddlZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z dd l mZdd lmZdd lmZdd lmZeeZGd ddejZGdddZeddddZeedddZdS)z$Certbot user-supplied configuration.N)Any)Dict)List)Optional)parse)errors)util) constants)misc)osc@s8eZdZdZeZeZeZeZ eZ dS)ArgumentSourcez;Enum for describing where a configuration argument was set.N) __name__ __module__ __qualname____doc__enumautoZ COMMAND_LINEZ CONFIG_FILEDEFAULTZENV_VARRUNTIMErr9/usr/lib/python3.9/site-packages/certbot/configuration.pyr sr c@sxeZdZdZejddddZeee fddddZ ee d d d Z eee fd d dZeddddZeeeee fd ddZee dddZee ddddZeed ddZejeddddZeeed ddZejeddd dZeed d!d"Zejedd#d$d"Zeed d%d&Zejedd'd(d&Zeed d)d*Zejedd+d,d*Zee d d-d.Zeed d/d0Zeed d1d2Zeed d3d4Zeed d5d6Z eed d7d8Z!eed d9d:Z"ee d d;d<Z#eed d=d>Z$eed d?d@Z%eed dAdBZ&ee'ed dCdDZ(ee d dEdFZ)ee d dGdHZ*ee d dIdJZ+eeed dKdLZ,eed dMdNZ-eedOdPdQZ.eed dRdSZ/eed dTdUZ0eed dVdWZ1eed dXdYZ2eed dZd[Z3eed d\d]Z4eed d^d_Z5eed d`daZ6ee d dbdcZ7e ddddedfZ8dS)gNamespaceConfigaConfiguration wrapper around :class:`argparse.Namespace`. Please note that the following attributes are dynamically resolved using :attr:`~certbot.configuration.NamespaceConfig.work_dir` and relative paths defined in :py:mod:`certbot._internal.constants`: - `accounts_dir` - `in_progress_dir` - `temp_checkpoint_dir` And the following paths are dynamically resolved using :attr:`~certbot.configuration.NamespaceConfig.config_dir` and relative paths defined in :py:mod:`certbot._internal.constants`: - `default_archive_dir` - `live_dir` - `renewal_configs_dir` :ivar namespace: Namespace typically produced by :meth:`argparse.ArgumentParser.parse_args`. :type namespace: :class:`argparse.Namespace` N) namespacereturncCsv|t|d|t|ddt|ditj|jj|j_tj|jj|j_tj|jj|j_t |dS)Nr_argument_sources_previously_accessed_mutables) object __setattr__r pathabspathr config_dirwork_dirZlogs_dir_check_config_sanity)selfrrrr__init__>szNamespaceConfig.__init__)argument_sourcesrcCst|d|dS)al Associate the NamespaceConfig with a dictionary describing where each of its arguments came from, e.g. `{ 'email': ArgumentSource.CONFIG_FILE }`. This is necessary for making runtime evaluations on whether an argument was specified by the user or not (see `set_by_user`). For an example of how to build such a dictionary, see `certbot._internal.cli.helpful.HelpfulArgumentParser._build_sources_dict` :ivar argument_sources: dictionary of argument names to their :class:`ArgumentSource` :type argument_sources: :class:`Dict[str, ArgumentSource]` rN)rr)r#r%rrrset_argument_sourcesLsz$NamespaceConfig.set_argument_sources)varrc Csddlm}ddlm}ddlm}|jdur6td||vrBdS|dvrx||\}}|d krh|duS|d krx|duS||jvr|j|tj krt d |t ||d S| |gD]*}||rt d || |gd SqdS) ad Return True if a particular config variable has been set by the user (via CLI or config file) including if the user explicitly set it to the default, or if it was dynamically set at runtime. Returns False if the variable was assigned a default value. Raises an exception if `argument_sources` is not set. r)DEPRECATED_OPTIONS) VAR_MODIFIERS) selectionNzoNamespaceConfig.set_by_user called without an ArgumentSources dict. See NamespaceConfig.set_argument_sources().F) authenticator installerr+r,zVar %s=%s (set by user).T)Z#certbot._internal.cli.cli_constantsr(r)Zcertbot._internal.pluginsr*r% RuntimeErrorZcli_plugin_requestsr rloggerdebuggetattrget set_by_user)r#r'r(r)r*Zauthinstmodifierrrrr2^s2      zNamespaceConfig.set_by_user)rcCs t|jS)zQ Returns a dictionary mapping all argument names to their values )varsrr#rrrto_dictszNamespaceConfig.to_dict)namercCs,|jdur(tj|j|<||jvr(|j|=dS)a) If an argument_sources dict was set, overwrites an argument's source to be ArgumentSource.RUNTIME. Used when certbot sets an argument's values at runtime. This also clears the modified value from _previously_accessed_mutables since it is no longer needed. N)rr rr)r#r8rrr_mark_runtime_overrides   z&NamespaceConfig._mark_runtime_overridecCs<|jD]&\}}t|j|}||kr||q|jS)zPReturns _argument_sources after handling any changes to accessed mutable values.)rcopyitemsr0rr9r)r#r8Z prev_valueZ current_valuerrrr%s   z NamespaceConfig.argument_sourcescCsV|j}t|j|}|durR||vs0||tjkrR||jvrRt|sRt||j|<|SN) r%r0rr rr _is_immutabler:deepcopy)r#r8Z arg_sourcesvaluerrr __getattr__s zNamespaceConfig.__getattr__)r8r?rcCs||t|j||dSr<)r9setattrr)r#r8r?rrrrs zNamespaceConfig.__setattr__cCs|jjS)zACME Directory Resource URI.)rserverr6rrrrBszNamespaceConfig.server)server_rcCs|d||j_dS)NrB)r9rrB)r#rCrrrrBs cCs|jjS)zEmail used for registration and recovery contact. Use comma to register multiple emails, ex: u1@example.com,u2@example.com. (default: Ask). )remailr6rrrrDszNamespaceConfig.email)mailrcCs|d||j_dS)NrD)r9rrD)r#rErrrrDs cCs|jjS)zSize of the RSA key.)r rsa_key_sizer6rrrrFszNamespaceConfig.rsa_key_size)ksizercCs|d||j_dS)zSet the rsa_key_size propertyrFN)r9rrF)r#rGrrrrFs cCs|jjS)z`The SECG elliptic curve name to use. Please see RFC 8446 for supported values. )relliptic_curver6rrrrHszNamespaceConfig.elliptic_curve)ecurvercCs|d||j_dS)zSet the elliptic_curve propertyrHN)r9rrH)r#rIrrrrHs cCs|jjS)zhType of generated private key. Only *ONE* per invocation can be provided at this time. )rkey_typer6rrrrJszNamespaceConfig.key_type)ktypercCs|d||j_dS)zSet the key_type propertyrJN)r9rrJ)r#rKrrrrJs cCs|jjS)zAdds the OCSP Must-Staple extension to the certificate. Autoconfigures OCSP Stapling for supported setups (Apache version >= 2.3.3 ). )r must_stapler6rrrrLszNamespaceConfig.must_staplecCs|jjS)zConfiguration directory.)rr r6rrrr szNamespaceConfig.config_dircCs|jjS)zWorking directory.)rr!r6rrrr!szNamespaceConfig.work_dircCs ||jS)z2Directory where all account information is stored.)accounts_dir_for_server_path server_pathr6rrr accounts_dirszNamespaceConfig.accounts_dircCstj|jjtjS)z Configuration backups directory.)r rjoinrr!r Z BACKUP_DIRr6rrr backup_dirszNamespaceConfig.backup_dircCstj|jjtjS)z:Directory used before a permanent checkpoint is finalized.)r rrPrr!r ZIN_PROGRESS_DIRr6rrrin_progress_dirszNamespaceConfig.in_progress_dircCstj|jjtjS)zTemporary checkpoint directory.)r rrPrr!r ZTEMP_CHECKPOINT_DIRr6rrrtemp_checkpoint_dir"s z#NamespaceConfig.temp_checkpoint_dircCs|jjS)zDisable verification of the ACME server's certificate. The root certificates trusted by Certbot can be overriden by setting the REQUESTS_CA_BUNDLE environment variable. )r no_verify_sslr6rrrrT(szNamespaceConfig.no_verify_sslcCs|jjS)zPort used in the http-01 challenge. This only affects the port Certbot listens on. A conforming ACME server will still attempt to connect on port 80. )r http01_portr6rrrrU1szNamespaceConfig.http01_portcCs|jjS)z;The address the server listens to during http-01 challenge.)rhttp01_addressr6rrrrV:szNamespaceConfig.http01_addresscCs|jjS)zPort used to serve HTTPS. This affects which port Nginx will listen on after a LE certificate is installed. )r https_portr6rrrrW?szNamespaceConfig.https_portcCs|jjS)zuList of user specified preferred challenges. Sorted with the most preferred challenge listed first. )r pref_challsr6rrrrXHszNamespaceConfig.pref_challscCs|jjS)aAllow only a subset of names to be authorized to perform validations. When performing domain validation, do not consider it a failure if authorizations can not be obtained for a strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to succeed even if some domains no longer point at this system. )rallow_subset_of_namesr6rrrrYPs z%NamespaceConfig.allow_subset_of_namescCs|jjS)zEnable strict permissions checks. Require that all configuration files are owned by the current user; only needed if your config is somewhere unsafe like /tmp/. )rstrict_permissionsr6rrrrZ\sz"NamespaceConfig.strict_permissionscCs|jjS)zDisable renewal updates. If updates provided by installer enhancements when Certbot is being run with "renew" verb should be disabled. )rdisable_renew_updatesr6rrrr[esz%NamespaceConfig.disable_renew_updatescCs|jjS)zSet the preferred certificate chain. If the CA offers multiple certificate chains, prefer the chain whose topmost certificate was issued from this Subject Common Name. If no match, the default offered chain will be used. )rpreferred_chainr6rrrr\nszNamespaceConfig.preferred_chaincCs&t|jj}|j|jdtjjS)zFile path based on ``server``./) rurlparserrBnetlocrreplacer sep)r#parsedrrrrNxszNamespaceConfig.server_path)rNrcCs t|}tj|jjtj|S)z/Path to accounts directory based on server_path) r Z.underscores_for_unsupported_characters_in_pathr rrPrr r Z ACCOUNTS_DIR)r#rNrrrrM~s  z,NamespaceConfig.accounts_dir_for_server_pathcCstj|jjtjSr<)r rrPrr r Z ARCHIVE_DIRr6rrrdefault_archive_dirsz#NamespaceConfig.default_archive_dircCstj|jjtjSr<)r rrPrr r ZLIVE_DIRr6rrrlive_dirszNamespaceConfig.live_dircCstj|jjtjSr<)r rrPrr r ZRENEWAL_CONFIGS_DIRr6rrrrenewal_configs_dirs z#NamespaceConfig.renewal_configs_dircCstj|jjtjS)z>Path to directory with hooks to run with the renew subcommand.)r rrPrr r ZRENEWAL_HOOKS_DIRr6rrrrenewal_hooks_dirs z!NamespaceConfig.renewal_hooks_dircCstj|jtjS)z8Path to the pre-hook directory for the renew subcommand.)r rrPrfr ZRENEWAL_PRE_HOOKS_DIRr6rrrrenewal_pre_hooks_dirs z%NamespaceConfig.renewal_pre_hooks_dircCstj|jtjS)z;Path to the deploy-hook directory for the renew subcommand.)r rrPrfr ZRENEWAL_DEPLOY_HOOKS_DIRr6rrrrenewal_deploy_hooks_dirs z(NamespaceConfig.renewal_deploy_hooks_dircCstj|jtjS)z9Path to the post-hook directory for the renew subcommand.)r rrPrfr ZRENEWAL_POST_HOOKS_DIRr6rrrrenewal_post_hooks_dirs z&NamespaceConfig.renewal_post_hooks_dircCs|jjS)zuThis option specifies how long (in seconds) Certbot will wait for the server to issue a certificate. )rissuance_timeoutr6rrrrjsz NamespaceConfig.issuance_timeoutcCs|jjS)zThis option specifies whether Certbot should generate a new private key when replacing a certificate, even if reuse_key is set. )rnew_keyr6rrrrkszNamespaceConfig.new_key)_memorcCsHt|j}t||}t|dt|jt|dt|j|S)Nrr)r:r>rtyperrr%r)r#rlZnew_nsZ new_configrrr __deepcopy__s   zNamespaceConfig.__deepcopy__)9r rrrargparse Namespacer$rstrr r&boolr2rr7r9propertyrr%r@rrBsetterrDintrFrHrJrLr r!rOrQrRrSrTrUrVrWrrXrYrZr[r\rNrMrcrdrerfrgrhrirjrkrnrrrrr%s*   r)configrcCsF|j|jkrtd|j|jjdurB|jjD]}t|q2dS)zValidate command line options and display error message if requirements are not met. :param config: NamespaceConfig instance holding user configuration :type args: :class:`certbot.configuration.NamespaceConfig` z;Trying to run http-01 and https-port on the same port ({0})N) rUrWrZConfigurationErrorformatrZdomainsrZenforce_domain_sanity)rvdomainrrrr"s   r")r?rcCsLt|trtdd|DSttttttt fD]}t||r.dSq.|duS)zIs value of an immutable type?css|]}t|VqdSr<)r=).0Zsubvaluerrr z _is_immutable..TN) isinstancetupleallrufloatcomplexrqbytesrr frozenset)r?Zimmutable_typerrrr=s   r=)rror:rZloggingtypingrrrrZurllibrZcertbotrrZcertbot._internalr Zcertbot.compatr r Z getLoggerr r.Enumr rr"rrr=rrrrs,           "