U ]6@sdZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddlmZddlmZddlmZddlmZddlmZddlmZdd lmZdd lmZeeZGd d d eZd dZ Gdddej!Z"Gdddej#Z$Gdddej!Z%dS)z!Creates ACME accounts for server.N) serialization)fields)messages) constants)errors) interfaces)util)osc@sHeZdZdZGdddejZd ddZeddZ d d Z d d Z dS)AccountzACME protocol registration. :ivar .RegistrationResource regr: Registration Resource :ivar .JWK key: Authorized Account Key :ivar .Meta: Account metadata :ivar str id: Globally unique account identifier. c@s$eZdZdZedZedZ dS)z Account.Metaa+Account metadata :ivar datetime.datetime creation_dt: Creation date and time (UTC). :ivar str creation_host: FQDN of host, where account has been created. .. note:: ``creation_dt`` and ``creation_host`` are useful in cross-machine migration scenarios. creation_dt creation_hostN) __name__ __module__ __qualname____doc__ acme_fieldsZ RFC3339Fieldr joseFieldr rr1/usr/lib/python3/dist-packages/certbot/account.pyMeta&s rNcCsn||_||_|dkr:|jtjjtjdjddt dn||_ t |jj jtjjtjjd|_dS)N)Ztzr)Z microsecond)r r )encodingformat)keyregrrdatetimeZnowpytzZUTCreplacesocketZgetfqdnmetahashlibZmd5Z public_keyZ public_bytesrZEncodingZPEMZ PublicFormatZSubjectPublicKeyInfoZ hexdigestid)selfrrrrrr__init__3s& zAccount.__init__cCs&dt|jj|jj|jddS)z3Short account identification string, useful for UI.z {1}@{0} ({2})N)r pyrfc3339Zgeneraterr r r!r"rrrslugGs  z Account.slugcCsd|jj|j|j|jS)Nz<{0}({1}, {2}, {3})>)r __class__r rr!rr&rrr__repr__Ms zAccount.__repr__cCs0t||jo.|j|jko.|j|jko.|j|jkSN) isinstancer(rrr)r"otherrrr__eq__Qs    zAccount.__eq__)N) r rrrrZJSONObjectWithFieldsrr#propertyr'r)r-rrrrr s   r cCs4tjtj}|dkrdS|d|j|jdS)z.Informs the user about their new ACME account.Na Your account credentials have been saved in your Certbot configuration directory at {0}. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.) zopeZ componentZ queryUtilityrZ IReporterZ add_messagerZ config_dirZMEDIUM_PRIORITY)configZreporterrrrreport_new_accountWsr1c@s2eZdZdZd ddZddZddZd d ZdS) AccountMemoryStoragezIn-memory account storage.NcCs|dk r |ni|_dSr*)accounts)r"Zinitial_accountsrrrr#iszAccountMemoryStorage.__init__cCstt|jSr*)listsixZ itervaluesr3r&rrrfind_alllszAccountMemoryStorage.find_allcCs*|j|jkrtd|j||j|j<dS)NzOverwriting account: %s)r!r3loggerdebugr"accountZclientrrrsaveos zAccountMemoryStorage.savecCs0z |j|WStk r*t|YnXdSr*)r3KeyErrorrAccountNotFoundr" account_idrrrloadts zAccountMemoryStorage.load)N)r rrrr#r6r;r@rrrrr2fs  r2c@seZdZdZedZdS)$RegistrationResourceWithNewAuthzrURIafA backwards-compatible RegistrationResource with a new-authz URI. Hack: Certbot versions pre-0.11.1 expect to load new_authzr_uri as part of the account. Because people sometimes switch between old and new versions, we will continue to write out this field for some time so older clients don't crash in that scenario. new_authzr_uriN)r rrrrrrBrrrrrAzsrAc@seZdZdZddZddZddZedd Zed d Z ed d Z ddZ ddZ ddZ ddZddZddZddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(S))AccountFileStoragezMAccounts file storage. :ivar .IConfig config: Client configuration cCs||_t|jd|jjdS)N)r0rmake_or_verify_dir accounts_dirstrict_permissions)r"r0rrrr#szAccountFileStorage.__init__cCs|||jjSr*)!_account_dir_path_for_server_pathr0 server_pathr>rrr_account_dir_pathsz$AccountFileStorage._account_dir_pathcCs|j|}tj||Sr*)r0accounts_dir_for_server_pathr pathjoin)r"r?rIrFrrrrHs z4AccountFileStorage._account_dir_path_for_server_pathcCstj|dS)Nz regr.jsonr rLrMclsaccount_dir_pathrrr _regr_pathszAccountFileStorage._regr_pathcCstj|dS)Nzprivate_key.jsonrNrOrrr _key_pathszAccountFileStorage._key_pathcCstj|dS)Nz meta.jsonrNrOrrr_metadata_pathsz!AccountFileStorage._metadata_pathc Cs|j|}zt|}Wntk r2gYSXg}|D]@}z||||Wq<tjk rzt j dddYqrrrr@szAccountFileStorage.loadcCs|j||dddS)NF regr_only_saver9rrrr;szAccountFileStorage.savecCs|j||dddS)zmSave the registration resource. :param Account account: account whose regr should be saved TroNrq)r"r:acmerrr save_regrszAccountFileStorage.save_regrcCsT||}tj|s$td||||jjt |jj sP| |jjdS)znDelete registration info from disk :param account_id: id of account which should be deleted reN) rJr rLrfrr=#_delete_account_dir_for_server_pathr0rIrVrF$_delete_accounts_dir_for_server_path)r"r?rQrrrdeletes  zAccountFileStorage.deletecCs(t|j|}|||}t|dSr*) functoolspartialrH!_delete_links_and_find_target_dirshutilZrmtree)r"r?rI link_funcnonsymlinked_dirrrrru s z6AccountFileStorage._delete_account_dir_for_server_pathcCs"|jj}|||}t|dSr*)r0rKrzr rd)r"rIr|r}rrrrvs z7AccountFileStorage._delete_accounts_dir_for_server_pathc Cs||}i}tjD]}||tj|<qd}|rrd}||kr*||}||}tj|r*t||kr*d}|}|}q*tj|rt|} t|| }qr|S)a/Delete symlinks and return the nonsymlinked directory path. :param str server_path: file path based on server :param callable link_func: callable that returns possible links given a server_path :returns: the final, non-symlinked target :rtype: str TF)rr[r rLrbreadlinkrc) r"rIr|Zdir_pathZreused_serverskZpossible_next_linkZnext_server_pathZ next_dir_pathtargetrrrrzs&     z4AccountFileStorage._delete_links_and_find_target_dirc Cs||j}t|d|jjzt||dL}|j}t |j drZt |j j i|j d}ntji|j d}||W5QRX|stj||ddd}||jW5QRXt||d}||jW5QRXWn.tk r} zt| W5d} ~ XYnXdS)NrDwz new-authz)rBbodyuri)rr)chmod)rJr!rrEr0rGrgrRrhasattrZ directoryrAZ new_authzrrrhwriteZ json_dumpsZ safe_openrSrrTrrjrrZ) r"r:rsrprQrkrrlrmrnrrrrr<s@   zAccountFileStorage._saveN)r rrrr#rJrH classmethodrRrSrTr\r6rar]rYr@r;rtrwrurvrzrrrrrrrCs.    'rC)&rrrxr Zloggingr{rZjosepyrr%rr5Zzope.componentr/Zcryptography.hazmat.primitivesrrsrrrZcertbotrrrrZcertbot.compatr Z getLoggerr r7objectr r1ZAccountStorager2rhrArCrrrrs2         ;