a á `5:ã@s dZddlZddlZddlZddlZddlZddlZddlmZddl Z ddl Z ddl Z ddl Z ddlmZddlmZddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZe e¡ZGd d„de ƒZ!Gdd„dej"ƒZ#Gdd„dej$ƒZ%Gdd„dej"ƒZ&dS)z!Creates ACME accounts for server.éN)Ú serialization)Úfields)Úmessages)Ú ClientBase)Úerrors)Ú interfaces)Úutil)Ú constants)Úos)Ú filesystemc@sHeZdZdZGdd„dejƒZd dd„Zedd„ƒZ d d „Z d d „Z dS)ÚAccountzáACME protocol registration. :ivar .RegistrationResource regr: Registration Resource :ivar .JWK key: Authorized Account Key :ivar .Meta: Account metadata :ivar str id: Globally unique account identifier. c@s2eZdZdZe d¡Ze d¡Z ejdddZ dS)z Account.MetaaÍAccount metadata :ivar datetime.datetime creation_dt: Creation date and time (UTC). :ivar str creation_host: FQDN of host, where account has been created. :ivar str register_to_eff: If not None, Certbot will register the provided email during the account registration. .. note:: ``creation_dt`` and ``creation_host`` are useful in cross-machine migration scenarios. Ú creation_dtÚ creation_hostÚregister_to_effT)Z omitemptyN) Ú__name__Ú __module__Ú __qualname__Ú__doc__Ú acme_fieldsZ RFC3339Fieldr ÚjoseÚFieldrr©rrú;/usr/lib/python3/dist-packages/certbot/_internal/account.pyÚMeta&s  rNcCs¢||_||_|dur<|jtjjtjdjddt  ¡ddn||_ z t   ¡}Wn t ynt jddd}Yn0| |jj ¡jtjjtjjd¡| ¡|_dS) N)Ztzr)Z microsecond)r rrÚmd5F)Zusedforsecurity)ÚencodingÚformat)ÚkeyÚregrrÚdatetimeZnowÚpytzZUTCÚreplaceÚsocketZgetfqdnÚmetaÚhashlibrÚ ValueErrorÚnewÚupdateZ public_keyZ public_bytesrZEncodingZPEMZ PublicFormatZSubjectPublicKeyInfoZ hexdigestÚid)Úselfrrr#ZhasherrrrÚ__init__6s&üüü  þzAccount.__init__cCs&d t |jj¡|jj|jdd…¡S)z3Short account identification string, useful for UI.z {1}@{0} ({2})Né)rÚ pyrfc3339Zgenerater#r rr(©r)rrrÚslugQs ÿÿz Account.slugcCsd |jj|j|j|j¡S)Nz<{0}({1}, {2}, {3})>)rÚ __class__rrr(r#r-rrrÚ__repr__WsÿzAccount.__repr__cCs0t||jƒo.|j|jko.|j|jko.|j|jkS©N)Ú isinstancer/rrr#)r)ÚotherrrrÚ__eq__[s  ÿ ÿ þzAccount.__eq__)N) rrrrrZJSONObjectWithFieldsrr*Úpropertyr.r0r4rrrrr s   r c@s2eZdZdZd dd„Zdd„Zdd„Zd d „ZdS) ÚAccountMemoryStoragezIn-memory account storage.NcCs|dur |ni|_dSr1)Úaccounts)r)Zinitial_accountsrrrr*dszAccountMemoryStorage.__init__cCstt |j¡ƒSr1)ÚlistÚsixZ itervaluesr7r-rrrÚfind_allgszAccountMemoryStorage.find_allcCs*|j|jvrt d|j¡||j|j<dS)NzOverwriting account: %s)r(r7ÚloggerÚdebug)r)ÚaccountÚclientrrrÚsavejs zAccountMemoryStorage.savecCs.z |j|WSty(t |¡‚Yn0dSr1)r7ÚKeyErrorrÚAccountNotFound©r)Ú account_idrrrÚloados  zAccountMemoryStorage.load)N)rrrrr*r:r?rDrrrrr6as  r6c@seZdZdZe d¡ZdS)Ú$RegistrationResourceWithNewAuthzrURIafA backwards-compatible RegistrationResource with a new-authz URI. Hack: Certbot versions pre-0.11.1 expect to load new_authzr_uri as part of the account. Because people sometimes switch between old and new versions, we will continue to write out this field for some time so older clients don't crash in that scenario. Únew_authzr_uriN)rrrrrrrFrrrrrEusrEc@sÔeZdZdZdd„Zdd„Zdd„Zedd „ƒZed d „ƒZ ed d „ƒZ dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd„Zdd„Zd d!„Zd"d#„Zd$d%„Zd&d'„Zd(d)„Zd*d+„Zd,d-„Zd.d/„Zd0S)1ÚAccountFileStoragezMAccounts file storage. :ivar .IConfig config: Client configuration cCs||_t |jd|jj¡dS©NiÀ)ÚconfigrÚmake_or_verify_dirÚ accounts_dirÚstrict_permissions)r)rIrrrr*†szAccountFileStorage.__init__cCs| ||jj¡Sr1)Ú!_account_dir_path_for_server_pathrIÚ server_pathrBrrrÚ_account_dir_pathŠsz$AccountFileStorage._account_dir_pathcCs|j |¡}tj ||¡Sr1)rIÚaccounts_dir_for_server_pathr ÚpathÚjoin)r)rCrNrKrrrrMs z4AccountFileStorage._account_dir_path_for_server_pathcCstj |d¡S)Nz regr.json©r rQrR©ÚclsÚaccount_dir_pathrrrÚ _regr_path‘szAccountFileStorage._regr_pathcCstj |d¡S)Nzprivate_key.jsonrSrTrrrÚ _key_path•szAccountFileStorage._key_pathcCstj |d¡S)Nz meta.jsonrSrTrrrÚ_metadata_path™sz!AccountFileStorage._metadata_pathc CsÐ|j |¡}zt |¡}Wnty0gYS0g}|D]>}z| | ||¡¡Wq:tjyvt j dddYq:0q:|sÌ|t j vrÌt j |}|  |¡}|rÈz| ||¡WntyÆgYS0|}|S)NzAccount loading problemT)Úexc_info)rIrPr ÚlistdirÚOSErrorÚappendÚ_load_for_server_pathrÚAccountStorageErrorr;r<r ÚLE_REUSE_SERVERSÚ_find_all_for_server_pathÚ_symlink_to_accounts_dir)r)rNrKZ candidatesr7rCÚprev_server_pathZ prev_accountsrrrras*       z,AccountFileStorage._find_all_for_server_pathcCs| |jj¡Sr1)rarIrNr-rrrr:¸szAccountFileStorage.find_allcCs(| ||¡}| ||¡}t ||¡dSr1)rMr Úsymlink)r)rcrNrCÚprev_account_dirZnew_account_dirrrrÚ_symlink_to_account_dir»s  z*AccountFileStorage._symlink_to_account_dircCsJ|j |¡}tj |¡r$t |¡n t |¡|j |¡}t ||¡dSr1)rIrPr rQÚislinkÚunlinkÚrmdirrd)r)rcrNrKrerrrrbÀs      z+AccountFileStorage._symlink_to_accounts_dirc Csz| ||¡}tj |¡s||tjvrntj|}| ||¡}|j |¡}t  |¡r^|  |||¡n |  ||¡|St   d|¡‚zÀt| |¡ƒ }tj | ¡¡}Wdƒn1s²0Yt| |¡ƒ } tj |  ¡¡} Wdƒn1sð0Yt| |¡ƒ } tj |  ¡¡} Wdƒn1s00YWn0tyl} zt  | ¡‚WYd} ~ n d} ~ 00t|| | ƒS)NúAccount at %s does not exist)rMr rQÚisdirr r`r^rIrPr[rfrbrrAÚopenrWrÚRegistrationResourceZ json_loadsÚreadrXrZJWKrYr rÚIOErrorr_)r)rCrNrVrcZprev_loaded_accountrKÚ regr_filerÚkey_filerÚ metadata_filer#Úerrorrrrr^És.        ÿ..4 z(AccountFileStorage._load_for_server_pathcCs| ||jj¡Sr1)r^rIrNrBrrrrDæszAccountFileStorage.loadc Cshz4| |¡}| ||¡| ||¡| |||¡Wn.tyb}zt |¡‚WYd}~n d}~00dS)zšCreate a new account. :param Account account: account to create :param ClientBase client: ACME client associated to the account N)Ú_prepareÚ_createÚ _update_metaÚ _update_regrrorr_©r)r=r>Údir_pathrsrrrr?és   zAccountFileStorage.savec CsPz| |¡}| |||¡Wn.tyJ}zt |¡‚WYd}~n d}~00dS)z¦Update the registration resource. :param Account account: account to update :param ClientBase client: ACME client associated to the account N)rtrwrorr_rxrrrÚ update_regrùs  zAccountFileStorage.update_regrc CsNz| |¡}| ||¡Wn.tyH}zt |¡‚WYd}~n d}~00dS)zVUpdate the meta resource. :param Account account: account to update N)rtrvrorr_)r)r=ryrsrrrÚ update_metas  zAccountFileStorage.update_metacCsT| |¡}tj |¡s$t d|¡‚| ||jj¡t  |jj ¡sP|  |jj¡dS)znDelete registration info from disk :param account_id: id of account which should be deleted rjN) rOr rQrkrrAÚ#_delete_account_dir_for_server_pathrIrNr[rKÚ$_delete_accounts_dir_for_server_path)r)rCrVrrrÚdeletes  ÿzAccountFileStorage.deletecCs(t |j|¡}| ||¡}t |¡dSr1)Ú functoolsÚpartialrMÚ!_delete_links_and_find_target_dirÚshutilZrmtree)r)rCrNÚ link_funcÚnonsymlinked_dirrrrr|%s z6AccountFileStorage._delete_account_dir_for_server_pathcCs"|jj}| ||¡}t |¡dSr1)rIrPrr ri)r)rNrƒr„rrrr}*s z7AccountFileStorage._delete_accounts_dir_for_server_pathc Csœ||ƒ}i}tjD]}||tj|<qd}|rrd}||vr*||}||ƒ}tj |¡r*t |¡|kr*d}|}|}q*tj |¡r˜t |¡} t |¡| }qr|S)a/Delete symlinks and return the nonsymlinked directory path. :param str server_path: file path based on server :param callable link_func: callable that returns possible links given a server_path :returns: the final, non-symlinked target :rtype: str TF)r r`r rQrgr Úreadlinkrh) r)rNrƒryZreused_serversÚkZpossible_next_linkZnext_server_pathZ next_dir_pathÚtargetrrrr/s&     z4AccountFileStorage._delete_links_and_find_target_dircCs"| |j¡}t |d|jj¡|SrH)rOr(rrJrIrL)r)r=rVrrrrtVs zAccountFileStorage._preparecCsJtj| |¡ddd }| |j ¡¡Wdƒn1s<0YdS)NÚwé)Úchmod)rZ safe_openrXÚwriterÚ json_dumps)r)r=ryrqrrrru\szAccountFileStorage._createcCszt| |¡dƒV}|j}t|jdƒr:t|jji|jd}ntj i|jd}|  |  ¡¡Wdƒn1sl0YdS)Nrˆz new-authz)rFÚbodyÚuri)rrŽ) rlrWrÚhasattrZ directoryrEZ new_authzrŽrrmr‹rŒ)r)r=Úacmeryrprrrrrwas ýþzAccountFileStorage._update_regrcCsDt| |¡dƒ }| |j ¡¡Wdƒn1s60YdS)Nrˆ)rlrYr‹r#rŒ)r)r=ryrrrrrrvtszAccountFileStorage._update_metaN)rrrrr*rOrMÚ classmethodrWrXrYrar:rfrbr^rDr?rzr{r~r|r}rrtrurwrvrrrrrG€s6     'rG)'rrrr$Zloggingr‚r"Zcryptography.hazmat.primitivesrZjosepyrr,r r9rrrrZ acme.clientrZcertbotrrrZcertbot._internalr Zcertbot.compatr r Z getLoggerrr;Úobjectr ZAccountStorager6rmrErGrrrrÚs2           E