3 Ú¯aå+ã@s¢dZddlZddlZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd lmZdd lmZGd d „d ƒZeddœdd„ZdS)z$Certbot user-supplied configuration.éN)ÚAny)ÚList)ÚOptional)Úparse)Úerrors)Úutil)Ú constants)Úmisc)Úosc@seZdZdZejddœdd„Zeedœdd„Z eedd œd d „Z e ed œd d„ƒZ e j eddœdd„ƒZ e eed œdd„ƒZej eddœdd„ƒZe ed œdd„ƒZej eddœdd„ƒZe ed œdd„ƒZej eddœdd„ƒZe ed œdd„ƒZej eddœd d„ƒZe ed œd!d"„ƒZe ed œd#d$„ƒZe ed œd%d&„ƒZe ed œd'd(„ƒZe ed œd)d*„ƒZe ed œd+d,„ƒZe ed œd-d.„ƒZe ed œd/d0„ƒZe ed œd1d2„ƒZe ed œd3d4„ƒZe ed œd5d6„ƒZe ed œd7d8„ƒZ e ed œd9d:„ƒZ!e e"ed œd;d<„ƒZ#e ed œd=d>„ƒZ$e ed œd?d@„ƒZ%e ed œdAdB„ƒZ&e eed œdCdD„ƒZ'e ed œdEdF„ƒZ(eedGœdHdI„Z)e ed œdJdK„ƒZ*e ed œdLdM„ƒZ+e ed œdNdO„ƒZ,e ed œdPdQ„ƒZ-e ed œdRdS„ƒZ.e ed œdTdU„ƒZ/e ed œdVdW„ƒZ0e ed œdXdY„ƒZ1eddZœd[d\„Z2dS)]ÚNamespaceConfiga4Configuration wrapper around :class:`argparse.Namespace`. Please note that the following attributes are dynamically resolved using :attr:`~certbot.configuration.NamespaceConfig.work_dir` and relative paths defined in :py:mod:`certbot._internal.constants`: - `accounts_dir` - `csr_dir` - `in_progress_dir` - `key_dir` - `temp_checkpoint_dir` And the following paths are dynamically resolved using :attr:`~certbot.configuration.NamespaceConfig.config_dir` and relative paths defined in :py:mod:`certbot._internal.constants`: - `default_archive_dir` - `live_dir` - `renewal_configs_dir` :ivar namespace: Namespace typically produced by :meth:`argparse.ArgumentParser.parse_args`. :type namespace: :class:`argparse.Namespace` N)Ú namespaceÚreturncCsZ|tj|d|ƒtjj|jjƒ|j_tjj|jjƒ|j_tjj|jjƒ|j_t |ƒdS)Nr ) ÚobjectÚ __setattr__r ÚpathÚabspathr Ú config_dirÚwork_dirZlogs_dirÚ_check_config_sanity)Úselfr ©rú#/usr/lib/python3.6/configuration.pyÚ__init__+s zNamespaceConfig.__init__)Únamer cCs t|j|ƒS)N)Úgetattrr )rrrrrÚ __getattr__9szNamespaceConfig.__getattr__)rÚvaluer cCst|j||ƒdS)N)Úsetattrr )rrrrrrr<szNamespaceConfig.__setattr__)r cCs|jjS)zACME Directory Resource URI.)r Úserver)rrrrr?szNamespaceConfig.server)Úserver_r cCs ||j_dS)N)r r)rrrrrrDscCs|jjS)z¥Email used for registration and recovery contact. Use comma to register multiple emails, ex: u1@example.com,u2@example.com. (default: Ask). )r Úemail)rrrrr HszNamespaceConfig.email)Úmailr cCs ||j_dS)N)r r )rr!rrrr QscCs|jjS)zSize of the RSA key.)r Ú rsa_key_size)rrrrr"UszNamespaceConfig.rsa_key_size)Úksizer cCs ||j_dS)zSet the rsa_key_size propertyN)r r")rr#rrrr"ZscCs|jjS)z`The SECG elliptic curve name to use. Please see RFC 8446 for supported values. )r Úelliptic_curve)rrrrr$_szNamespaceConfig.elliptic_curve)Úecurver cCs ||j_dS)zSet the elliptic_curve propertyN)r r$)rr%rrrr$gscCs|jjS)zhType of generated private key. Only *ONE* per invocation can be provided at this time. )r Úkey_type)rrrrr&lszNamespaceConfig.key_type)Úktyper cCs ||j_dS)zSet the key_type propertyN)r r&)rr'rrrr&tscCs|jjS)zŸAdds the OCSP Must Staple extension to the certificate. Autoconfigures OCSP Stapling for supported setups (Apache version >= 2.3.3 ). )r Ú must_staple)rrrrr(yszNamespaceConfig.must_staplecCs|jjS)zConfiguration directory.)r r)rrrrr‚szNamespaceConfig.config_dircCs|jjS)zWorking directory.)r r)rrrrr‡szNamespaceConfig.work_dircCs |j|jƒS)z2Directory where all account information is stored.)Úaccounts_dir_for_server_pathÚ server_path)rrrrÚ accounts_dirŒszNamespaceConfig.accounts_dircCstjj|jjtjƒS)z Configuration backups directory.)r rÚjoinr rrZ BACKUP_DIR)rrrrÚ backup_dir‘szNamespaceConfig.backup_dircCstjj|jjtjƒS)zBDirectory where new Certificate Signing Requests (CSRs) are saved.)r rr,r rrZCSR_DIR)rrrrÚcsr_dir–szNamespaceConfig.csr_dircCstjj|jjtjƒS)z:Directory used before a permanent checkpoint is finalized.)r rr,r rrZIN_PROGRESS_DIR)rrrrÚin_progress_dir›szNamespaceConfig.in_progress_dircCstjj|jjtjƒS)z Keys storage.)r rr,r rrZKEY_DIR)rrrrÚkey_dir szNamespaceConfig.key_dircCstjj|jjtjƒS)zTemporary checkpoint directory.)r rr,r rrZTEMP_CHECKPOINT_DIR)rrrrÚtemp_checkpoint_dir¥sz#NamespaceConfig.temp_checkpoint_dircCs|jjS)z6Disable verification of the ACME server's certificate.)r Ú no_verify_ssl)rrrrr2«szNamespaceConfig.no_verify_sslcCs|jjS)z¯Port used in the http-01 challenge. This only affects the port Certbot listens on. A conforming ACME server will still attempt to connect on port 80. )r Ú http01_port)rrrrr3°szNamespaceConfig.http01_portcCs|jjS)z;The address the server listens to during http-01 challenge.)r Úhttp01_address)rrrrr4¹szNamespaceConfig.http01_addresscCs|jjS)z…Port used to serve HTTPS. This affects which port Nginx will listen on after a LE certificate is installed. )r Ú https_port)rrrrr5¾szNamespaceConfig.https_portcCs|jjS)zuList of user specified preferred challenges. Sorted with the most preferred challenge listed first. )r Ú pref_challs)rrrrr6ÇszNamespaceConfig.pref_challscCs|jjS)a‰Allow only a subset of names to be authorized to perform validations. When performing domain validation, do not consider it a failure if authorizations can not be obtained for a strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to succeed even if some domains no longer point at this system. )r Úallow_subset_of_names)rrrrr7Ïs z%NamespaceConfig.allow_subset_of_namescCs|jjS)zºEnable strict permissions checks. Require that all configuration files are owned by the current user; only needed if your config is somewhere unsafe like /tmp/. )r Ústrict_permissions)rrrrr8Ûsz"NamespaceConfig.strict_permissionscCs|jjS)z Disable renewal updates. If updates provided by installer enhancements when Certbot is being run with "renew" verb should be disabled. )r Údisable_renew_updates)rrrrr9äsz%NamespaceConfig.disable_renew_updatescCs|jjS)zþSet the preferred certificate chain. If the CA offers multiple certificate chains, prefer the chain whose topmost certificate was issued from this Subject Common Name. If no match, the default offered chain will be used. )r Úpreferred_chain)rrrrr:íszNamespaceConfig.preferred_chaincCs&tj|jjƒ}|j|jjdtjjƒS)zFile path based on ``server``.ú/) rZurlparser rZnetlocrÚreplacer Úsep)rZparsedrrrr*÷szNamespaceConfig.server_path)r*r cCs tj|ƒ}tjj|jjtj|ƒS)z/Path to accounts directory based on server_path) r Z.underscores_for_unsupported_characters_in_pathr rr,r rrZ ACCOUNTS_DIR)rr*rrrr)ýs z,NamespaceConfig.accounts_dir_for_server_pathcCstjj|jjtjƒS)N)r rr,r rrZ ARCHIVE_DIR)rrrrÚdefault_archive_dirsz#NamespaceConfig.default_archive_dircCstjj|jjtjƒS)N)r rr,r rrZLIVE_DIR)rrrrÚlive_dirszNamespaceConfig.live_dircCstjj|jjtjƒS)N)r rr,r rrZRENEWAL_CONFIGS_DIR)rrrrÚrenewal_configs_dir sz#NamespaceConfig.renewal_configs_dircCstjj|jjtjƒS)z>Path to directory with hooks to run with the renew subcommand.)r rr,r rrZRENEWAL_HOOKS_DIR)rrrrÚrenewal_hooks_dirs z!NamespaceConfig.renewal_hooks_dircCstjj|jtjƒS)z8Path to the pre-hook directory for the renew subcommand.)r rr,rArZRENEWAL_PRE_HOOKS_DIR)rrrrÚrenewal_pre_hooks_dirs z%NamespaceConfig.renewal_pre_hooks_dircCstjj|jtjƒS)z;Path to the deploy-hook directory for the renew subcommand.)r rr,rArZRENEWAL_DEPLOY_HOOKS_DIR)rrrrÚrenewal_deploy_hooks_dirs z(NamespaceConfig.renewal_deploy_hooks_dircCstjj|jtjƒS)z9Path to the post-hook directory for the renew subcommand.)r rr,rArZRENEWAL_POST_HOOKS_DIR)rrrrÚrenewal_post_hooks_dir"s z&NamespaceConfig.renewal_post_hooks_dircCs|jjS)zuThis option specifies how long (in seconds) Certbot will wait for the server to issue a certificate. )r Úissuance_timeout)rrrrrE(sz NamespaceConfig.issuance_timeout)Ú_memor cCstj|jƒ}t|ƒ|ƒS)N)ÚcopyÚdeepcopyr Útype)rrFZnew_nsrrrÚ __deepcopy__1s zNamespaceConfig.__deepcopy__)3Ú__name__Ú __module__Ú __qualname__Ú__doc__ÚargparseZ NamespacerÚstrrrrÚpropertyrÚsetterrr Úintr"r$r&Úboolr(rrr+r-r.r/r0r1r2r3r4r5rr6r7r8r9r:r*r)r>r?r@rArBrCrDrErJrrrrr s   r )Úconfigr cCsJ|j|jkrtjdj|jƒƒ‚|jjdk rFx|jjD]}tj|ƒq4WdS)zåValidate command line options and display error message if requirements are not met. :param config: NamespaceConfig instance holding user configuration :type args: :class:`certbot.configuration.NamespaceConfig` z;Trying to run http-01 and https-port on the same port ({0})N) r3r5rZConfigurationErrorÚformatr ZdomainsrZenforce_domain_sanity)rUZdomainrrrr8s   r)rNrOrGZtypingrrrZurllibrZcertbotrrZcertbot._internalrZcertbot.compatr r r rrrrrÚs         *