3 گa?@svdZddlZddlZddlZddlZddlZddlZddlmZddlm Z ddlm Z ddlm Z ddlm Z ddlm Z dd lmZdd lmZddlZddlZddlZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddl m!Z!ddl"m#Z#ddl"m$Z$ej%e&Z'GdddZ(Gdddej)Z*Gdddej+Z,Gdddej)Z-dS)z!Creates ACME accounts for server.N)Any)Callable)cast)Dict)List)Mapping)Optional) serialization)fields)messages) ClientBase) configuration)errors) interfaces)util) constants) filesystem)osc@speZdZdZGdddejZdejej e dddddZ e e dd d Ze dd d Zeed ddZdS)AccountzACME protocol registration. :ivar .RegistrationResource regr: Registration Resource :ivar .JWK key: Authorized Account Key :ivar .Meta: Account metadata :ivar str id: Globally unique account identifier. c@s2eZdZdZejdZejdZ ejdddZ dS)z Account.MetaaAccount metadata :ivar datetime.datetime creation_dt: Creation date and time (UTC). :ivar str creation_host: FQDN of host, where account has been created. :ivar str register_to_eff: If not None, Certbot will register the provided email during the account registration. .. note:: ``creation_dt`` and ``creation_host`` are useful in cross-machine migration scenarios. creation_dt creation_hostregister_to_effT)Z omitemptyN) __name__ __module__ __qualname____doc__ acme_fieldsZ RFC3339FieldrjoseFieldrrrr/usr/lib/python3.6/account.pyMeta-s   r!N)regrkeymetareturnc Cs||_||_|dkr<|jtjjtjdjddtj ddn||_ y t j }Wn2t k rt jd ttttfddi}YnX|j|jjjjtjjtjjd|j|_dS) N)Ztzr)Z microsecond)rrrmd5ZusedforsecurityF)encodingformat)r&)r#r"r!datetimeZnowpytzZUTCreplacesocketZgetfqdnr$hashlibr& ValueErrornewrrstrrupdateZ public_keyZ public_bytesr ZEncodingZPEMZ PublicFormatZSubjectPublicKeyInfoZ hexdigestid)selfr"r#r$Zhasherrrr __init__=s6 $zAccount.__init__)r%cCs&djtj|jj|jj|jddS)z3Short account identification string, useful for UI.z {1}@{0} ({2})N)r( pyrfc3339Zgenerater$rrr2)r3rrr slug\sz Account.slugcCsdj|jj|j|j|jS)Nz<{0}({1}, {2}, {3})>)r( __class__rr"r2r$)r3rrr __repr__bszAccount.__repr__)otherr%cCs0t||jo.|j|jko.|j|jko.|j|jkS)N) isinstancer8r#r"r$)r3r:rrr __eq__fs zAccount.__eq__)N)rrrrrZJSONObjectWithFieldsr!r RegistrationResourceJWKrr4propertyr0r7r9rboolr<rrrr r#src@s^eZdZdZdeeefddddZeedddZ ee dd d d Z eed d dZ dS)AccountMemoryStoragezIn-memory account storage.N)initial_accountsr%cCs|dk r |ni|_dS)N)accounts)r3rBrrr r4oszAccountMemoryStorage.__init__)r%cCst|jjS)N)listrCvalues)r3rrr find_allrszAccountMemoryStorage.find_all)accountclientr%cCs*|j|jkrtjd|j||j|j<dS)NzOverwriting account: %s)r2rCloggerdebug)r3rGrHrrr saveus zAccountMemoryStorage.save) account_idr%c Cs.y |j|Stk r(tj|YnXdS)N)rCKeyErrorrAccountNotFound)r3rLrrr loadzs zAccountMemoryStorage.load)N) rrrrrr0rr4rrFr rKrOrrrr rAls rAc@seZdZdZejdZdS)$RegistrationResourceWithNewAuthzrURIafA backwards-compatible RegistrationResource with a new-authz URI. Hack: Certbot versions pre-0.11.1 expect to load new_authzr_uri as part of the account. Because people sometimes switch between old and new versions, we will continue to write out this field for some time so older clients don't crash in that scenario. new_authzr_uriN)rrrrrrrQrrrr rPsrPc@seZdZdZejddddZeedddZeeed d d Z e eed d dZ e eed ddZ e eed ddZ eeedddZeedddZeeeddddZeeddddZeeed dd Zeedd!d"Zeedd#d$d%Zeedd#d&d'Zedd(d)d*Zeddd+d,Zeedd d-d.Zeddd/d0Zeeegefed1d2d3Zeed(d4d5Zeedd6d7d8Z eeedd9d:d;Z!eedd6dAccountFileStoragezjAccounts file storage. :ivar certbot.configuration.NamespaceConfig config: Client configuration N)configr%cCs||_tj|jd|jjdS)Ni)rSrmake_or_verify_dir accounts_dirstrict_permissions)r3rSrrr r4szAccountFileStorage.__init__)rLr%cCs|j||jjS)N)!_account_dir_path_for_server_pathrS server_path)r3rLrrr _account_dir_pathsz$AccountFileStorage._account_dir_path)rLrXr%cCs|jj|}tjj||S)N)rSaccounts_dir_for_server_pathrpathjoin)r3rLrXrUrrr rWs z4AccountFileStorage._account_dir_path_for_server_path)account_dir_pathr%cCstjj|dS)Nz regr.json)rr[r\)clsr]rrr _regr_pathszAccountFileStorage._regr_pathcCstjj|dS)Nzprivate_key.json)rr[r\)r^r]rrr _key_pathszAccountFileStorage._key_pathcCstjj|dS)Nz meta.json)rr[r\)r^r]rrr _metadata_pathsz!AccountFileStorage._metadata_path)rXr%cCs|jj|}ytj|}Wntk r.gSXg}xH|D]@}y|j|j||Wq:tjk rxt j dddYq:Xq:W| r|t j krt j |}|j |}|ry|j||Wntk rgSX|}|S)NzAccount loading problemT)exc_info)rSrZrlistdirOSErrorappend_load_for_server_pathrAccountStorageErrorrIrJrLE_REUSE_SERVERS_find_all_for_server_path_symlink_to_accounts_dir)r3rXrUZ candidatesrCrLprev_server_pathZ prev_accountsrrr ris*    z,AccountFileStorage._find_all_for_server_path)r%cCs|j|jjS)N)rirSrX)r3rrr rFszAccountFileStorage.find_all)rkrXrLr%cCs(|j||}|j||}tj||dS)N)rWrsymlink)r3rkrXrLprev_account_dirZnew_account_dirrrr _symlink_to_account_dirs  z*AccountFileStorage._symlink_to_account_dir)rkrXr%cCsJ|jj|}tjj|r$tj|n tj||jj|}tj||dS)N)rSrZrr[islinkunlinkrmdirrl)r3rkrXrUrmrrr rjs      z+AccountFileStorage._symlink_to_accounts_dircCsR|j||}tjj|s||tjkrntj|}|j||}|jj|}tj |r^|j |||n |j |||St j d|yt|j|}ttjtjj|j}WdQRXt|j|} ttjtjj| j} WdQRXt|j|} ttjtjj| j} WdQRXWn.tk rD} zt j| WYdd} ~ XnXt|| | S)NzAccount at %s does not exist)rWrr[isdirrrhrfrSrZrcrnrjrrNopenr_rr r=Z json_loadsreadr`rr>rarr!IOErrorrg)r3rLrXr]rkZprev_loaded_accountrU regr_filer"key_filer# metadata_filer$errorrrr rfs.         "&z(AccountFileStorage._load_for_server_pathcCs|j||jjS)N)rfrSrX)r3rLrrr rOszAccountFileStorage.load)rGrHr%cCsfy4|j|}|j|||j|||j|||Wn,tk r`}ztj|WYdd}~XnXdS)zCreate a new account. :param Account account: account to create :param ClientBase client: ACME client associated to the account N)_prepare_create _update_meta _update_regrrurrg)r3rGrHdir_pathryrrr rKs   zAccountFileStorage.savecCsNy|j|}|j|||Wn,tk rH}ztj|WYdd}~XnXdS)zUpdate the registration resource. :param Account account: account to update :param ClientBase client: ACME client associated to the account N)rzr}rurrg)r3rGrHr~ryrrr update_regrs  zAccountFileStorage.update_regr)rGr%cCsLy|j|}|j||Wn,tk rF}ztj|WYdd}~XnXdS)zVUpdate the meta resource. :param Account account: account to update N)rzr|rurrg)r3rGr~ryrrr update_metas  zAccountFileStorage.update_metacCsT|j|}tjj|s$tjd||j||jjtj |jj sP|j |jjdS)znDelete registration info from disk :param account_id: id of account which should be deleted zAccount at %s does not existN) rYrr[rrrrN#_delete_account_dir_for_server_pathrSrXrcrU$_delete_accounts_dir_for_server_path)r3rLr]rrr delete!s   zAccountFileStorage.deletecCs(tj|j|}|j||}tj|dS)N) functoolspartialrW!_delete_links_and_find_target_dirshutilZrmtree)r3rLrX link_funcnonsymlinked_dirrrr r2s z6AccountFileStorage._delete_account_dir_for_server_pathcCs"|jj}|j||}tj|dS)N)rSrZrrrq)r3rXrrrrr r7s z7AccountFileStorage._delete_accounts_dir_for_server_path)rXrr%c Cs||}i}xtjjD]\}}|||<qWd}xJ|rzd}||kr2||}||} tjj| r2tj| |kr2d}|}| }q2Wx(tjj|rtj|} tj|| }q~W|S)a/Delete symlinks and return the nonsymlinked directory path. :param str server_path: file path based on server :param callable link_func: callable that returns possible links given a server_path :returns: the final, non-symlinked target :rtype: str TF) rrhitemsrr[rorreadlinkrp) r3rXrr~Zreused_serverskvZpossible_next_linkZnext_server_pathZ next_dir_pathtargetrrr r<s&    z4AccountFileStorage._delete_links_and_find_target_dircCs"|j|j}tj|d|jj|S)Ni)rYr2rrTrSrV)r3rGr]rrr rzds zAccountFileStorage._prepare)rGr~r%c Cs6tj|j|ddd}|j|jjWdQRXdS)Nw)chmod)rZ safe_openr`writer# json_dumps)r3rGr~rwrrr r{iszAccountFileStorage._create)rGacmer~r%c Csft|j|dL}|j}t|jdr:t|jji|jd}ntj i|jd}|j |j WdQRXdS)Nrz new-authz)rQbodyuri)rr) rsr_r"hasattrZ directoryrPZ new_authzrr r=rr)r3rGrr~rvr"rrr r}ms   zAccountFileStorage._update_regrc Cs0t|j|d}|j|jjWdQRXdS)Nr)rsrarr$r)r3rGr~rxrrr r|szAccountFileStorage._update_meta)#rrrrr ZNamespaceConfigr4r0rYrW classmethodr_r`rarrrirFrnrjrfrOr rKrrrrrrrrzr{r}r|rrrr rRs: !  'rR).rr)rr-Zloggingrr,ZtypingrrrrrrrZcryptography.hazmat.primitivesr Zjosepyrr6r*rr rr Z acme.clientr Zcertbotr rrrZcertbot._internalrZcertbot.compatrrZ getLoggerrrIrZAccountStoragerAr=rPrRrrrr s@                   I