a }|g29@sddZddlZddlZddlZddlZddlZddlZddlmZddlm Z ddlm Z ddlm Z ddlm Z ddlm Z dd lmZdd lmZddlZddlZddlZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddl m!Z!ddl"m#Z#ddl"m$Z$e%e&Z'GdddZ(Gdddej)Z*Gdddej)Z+dS)z!Creates ACME accounts for server.N)Any)Callable)cast)Dict)List)Mapping)Optional) serialization)fields)messages)ClientV2) configuration)errors) interfaces)util) constants) filesystem)osc@speZdZdZGdddejZdejej e dddddZ e e dd d Ze dd d Zeed ddZdS)AccountzACME protocol registration. :ivar .RegistrationResource regr: Registration Resource :ivar .JWK key: Authorized Account Key :ivar .Meta: Account metadata :ivar str id: Globally unique account identifier. c@sNeZdZUdZedZejed<e dZ e ed<e j dddZ e ed<dS)z Account.MetaaAccount metadata :ivar datetime.datetime creation_dt: Creation date and time (UTC). :ivar str creation_host: FQDN of host, where account has been created. :ivar str register_to_eff: If not None, Certbot will register the provided email during the account registration. .. note:: ``creation_dt`` and ``creation_host`` are useful in cross-machine migration scenarios. creation_dt creation_hostregister_to_effT)Z omitemptyN)__name__ __module__ __qualname____doc__ acme_fieldsZrfc3339rdatetime__annotations__joseZfieldrstrrr!r!=/usr/lib/python3.9/site-packages/certbot/_internal/account.pyMeta-s  r#N)regrkeymetareturnc Cs||_||_|dur<|jtjjtjdjddt ddn||_ z t }Wn4t yt jd ittttfddi}Yn0||jjjtjjtjjd||_dS) N)Ztzr)Z microsecond)rrrmd5ZusedforsecurityF)encodingformat)r()r%r$r#rZnowpytzZUTCreplacesocketZgetfqdnr&hashlibr( ValueErrornewrrr rupdateZ public_keyZ public_bytesr ZEncodingZPEMZ PublicFormatZSubjectPublicKeyInfoZ hexdigestid)selfr$r%r&Zhasherr!r!r"__init__=s&  (zAccount.__init__r'cCs&dt|jj|jj|jddS)z3Short account identification string, useful for UI.z {1}@{0} ({2})N)r* pyrfc3339Zgenerater&rrr2r3r!r!r"slug\s z Account.slugcCsd|jj|j|j|jS)Nz<{0}({1}, {2}, {3})>)r* __class__rr$r2r&r8r!r!r"__repr__bszAccount.__repr__)otherr'cCs0t||jo.|j|jko.|j|jko.|j|jkSN) isinstancer:r%r$r&)r3r<r!r!r"__eq__fs    zAccount.__eq__)N)rrrrrZJSONObjectWithFieldsr#r RegistrationResourceJWKrr4propertyr r9r;rboolr?r!r!r!r"r#s   rc@sbeZdZdZdeeeefddddZe edddZ ee dd d d Z eed d dZ dS)AccountMemoryStoragezIn-memory account storage.N)initial_accountsr'cCs|dur |ni|_dSr=)accounts)r3rEr!r!r"r4oszAccountMemoryStorage.__init__r5cCst|jSr=)listrFvaluesr8r!r!r"find_allrszAccountMemoryStorage.find_allaccountclientr'cCs*|j|jvrtd|j||j|j<dS)NzOverwriting account: %s)r2rFloggerdebug)r3rKrLr!r!r"saveus zAccountMemoryStorage.save account_idr'cCs.z |j|WSty(t|Yn0dSr=)rFKeyErrorrAccountNotFoundr3rQr!r!r"loadzs  zAccountMemoryStorage.load)N)rrrrrrr rr4rrIr rOrUr!r!r!r"rDls rDc@seZdZdZejddddZeedddZeeed d d Z e eed d dZ e eed ddZ e eed ddZ eeedddZeedddZeeeddddZeeddddZeeed dd Zeedd!d"Zeedd#d$d%Zedd&d'd(Zedd&d)d*Zeddd+d,Zeedd d-d.Zeddd/d0Zeeegefed1d2d3Zeed&d4d5Zeedd6d7d8Z eedd6d9d:Z!eedd6d;d<Z"dS)=AccountFileStoragezjAccounts file storage. :ivar certbot.configuration.NamespaceConfig config: Client configuration N)configr'cCs||_t|jd|jjdSNi)rWrmake_or_verify_dir accounts_dirstrict_permissions)r3rWr!r!r"r4szAccountFileStorage.__init__rPcCs|||jjSr=)!_account_dir_path_for_server_pathrW server_pathrTr!r!r"_account_dir_pathsz$AccountFileStorage._account_dir_path)rQr]r'cCs|j|}tj||Sr=)rWaccounts_dir_for_server_pathrpathjoin)r3rQr]rZr!r!r"r\s z4AccountFileStorage._account_dir_path_for_server_path)account_dir_pathr'cCstj|dS)Nz regr.jsonrr`raclsrbr!r!r" _regr_pathszAccountFileStorage._regr_pathcCstj|dS)Nzprivate_key.jsonrcrdr!r!r" _key_pathszAccountFileStorage._key_pathcCstj|dS)Nz meta.jsonrcrdr!r!r"_metadata_pathsz!AccountFileStorage._metadata_path)r]r'c Cs|j|}zt|}Wnty0gYS0g}|D]>}z||||Wq:tjyvt j dddYq:0q:|s|t j vrt j |}| |}|rz|||WntygYS0|}|S)NzAccount loading problemT)exc_info)rWr_rlistdirOSErrorappend_load_for_server_pathrAccountStorageErrorrMrNrLE_REUSE_SERVERS_find_all_for_server_path_symlink_to_accounts_dir)r3r]rZZ candidatesrFrQprev_server_pathZ prev_accountsr!r!r"rps*       z,AccountFileStorage._find_all_for_server_pathr5cCs||jjSr=)rprWr]r8r!r!r"rIszAccountFileStorage.find_all)rrr]rQr'cCs(|||}|||}t||dSr=)r\rsymlink)r3rrr]rQprev_account_dirZnew_account_dirr!r!r"_symlink_to_account_dirs  z*AccountFileStorage._symlink_to_account_dir)rrr]r'cCsJ|j|}tj|r$t|n t||j|}t||dSr=)rWr_rr`islinkunlinkrmdirrs)r3rrr]rZrtr!r!r"rqs      z+AccountFileStorage._symlink_to_accounts_dirc Cs~|||}tj|s|tjvrntj|}|||}|j|}t |r^| |||n | |||St d|dzt|| }tj|}Wdn1s0Yt|| } tj| } Wdn1s0Yt|| } tj| } Wdn1s40YWn0typ} zt | WYd} ~ n d} ~ 00t|| | S)N Account at  does not exist)r\rr`isdirrrormrWr_rjrurqrrSopenrfr r@Z json_loadsreadrgrrArhrr#rkrn)r3rQr]rbrrZprev_loaded_accountrZ regr_filer$key_filer% metadata_filer&errorr!r!r"rms*        ..4 z(AccountFileStorage._load_for_server_pathcCs|||jjSr=)rmrWr]rTr!r!r"rUszAccountFileStorage.loadrJc Csfz2||}|||||||||Wn.ty`}zt|WYd}~n d}~00dS)zCreate a new account. :param Account account: account to create :param ClientV2 client: ACME client associated to the account N)_prepare_create _update_meta _update_regrrkrrn)r3rKrLdir_pathrr!r!r"rOs   zAccountFileStorage.save)rKr'c CsNz||}|||Wn.tyH}zt|WYd}~n d}~00dS)z^Update the registration resource. :param Account account: account to update N)rrrkrrnr3rKrrr!r!r" update_regrs  zAccountFileStorage.update_regrc CsNz||}|||Wn.tyH}zt|WYd}~n d}~00dS)zVUpdate the meta resource. :param Account account: account to update N)rrrkrrnrr!r!r" update_metas  zAccountFileStorage.update_metacCsX||}tj|s(td|d|||jjt |jj sT| |jjdS)znDelete registration info from disk :param account_id: id of account which should be deleted ryrzN) r^rr`r{rrS#_delete_account_dir_for_server_pathrWr]rjrZ$_delete_accounts_dir_for_server_path)r3rQrbr!r!r"deletes   zAccountFileStorage.deletecCs(t|j|}|||}t|dSr=) functoolspartialr\!_delete_links_and_find_target_dirshutilrmtree)r3rQr] link_funcnonsymlinked_dirr!r!r"r!s z6AccountFileStorage._delete_account_dir_for_server_pathcCs"|jj}|||}t|dSr=)rWr_rrrx)r3r]rrr!r!r"r&s z7AccountFileStorage._delete_accounts_dir_for_server_path)r]rr'c Cs||}i}tjD]\}}|||<qd}|rtd}||vr,||}||} tj| r,t| |kr,d}|}| }q,tj|rt|} t|| }qt|S)a/Delete symlinks and return the nonsymlinked directory path. :param str server_path: file path based on server :param callable link_func: callable that returns possible links given a server_path :returns: the final, non-symlinked target :rtype: str TF) rroitemsrr`rvrreadlinkrw) r3r]rrZreused_serverskvZpossible_next_linkZnext_server_pathZ next_dir_pathtargetr!r!r"r+s&     z4AccountFileStorage._delete_links_and_find_target_dircCs"||j}t|d|jj|SrX)r^r2rrYrWr[)r3rKrbr!r!r"rSs zAccountFileStorage._prepare)rKrr'cCsJtj||ddd }||jWdn1s<0YdS)Nw)chmod)rZ safe_openrgwriter% json_dumps)r3rKrrr!r!r"rXszAccountFileStorage._createcCsTt||d0}tji|jjd}||Wdn1sF0YdS)Nr)bodyuri)r|rfr r@r$rrr)r3rKrr~r$r!r!r"r\s zAccountFileStorage._update_regrcCsDt||d }||jWdn1s60YdS)Nr)r|rhrr&r)r3rKrrr!r!r"rcszAccountFileStorage._update_meta)#rrrrr ZNamespaceConfigr4r r^r\ classmethodrfrgrhrrrprIrurqrmrUr rOrrrrrrrrrrrr!r!r!r"rVs>     (rV),rrrr.Zloggingrr-typingrrrrrrrZcryptography.hazmat.primitivesr Zjosepyrr7r+Zacmer rr Z acme.clientr Zcertbotr rrrZcertbot._internalrZcertbot.compatrrZ getLoggerrrMrZAccountStoragerDrVr!r!r!r"s>                   I