o 6a(@sdZddlZddlmZddlmZddlmZddlmZddlm Z ddl m Z dd l m Z dd l mZGd d d Zd dZdS)z$Certbot user-supplied configuration.N)List)Optional)parse)errors)util) constants)misc)osc@sfeZdZdZddZddZddZedefd d Z ede efd d Z ede fd dZ e jde ddfddZ edefddZejdeddfddZedefddZejdeddfddZedefddZedefddZedefddZed d!Zed"d#Zed$d%Zed&d'Zed(d)Zed*d+Zedefd,d-Zede fd.d/Zedefd0d1Zede fd2d3Zedeefd4d5Z edefd6d7Z!edefd8d9Z"edefd:d;Z#ede efdd?Z%d@dAZ&edBdCZ'edDdEZ(edFdGZ)edHdIZ*edJdKZ+edLdMZ,edNdOZ-dPdQZ.dS)RNamespaceConfiga4Configuration wrapper around :class:`argparse.Namespace`. Please note that the following attributes are dynamically resolved using :attr:`~certbot.configuration.NamespaceConfig.work_dir` and relative paths defined in :py:mod:`certbot._internal.constants`: - `accounts_dir` - `csr_dir` - `in_progress_dir` - `key_dir` - `temp_checkpoint_dir` And the following paths are dynamically resolved using :attr:`~certbot.configuration.NamespaceConfig.config_dir` and relative paths defined in :py:mod:`certbot._internal.constants`: - `default_archive_dir` - `live_dir` - `renewal_configs_dir` :ivar namespace: Namespace typically produced by :meth:`argparse.ArgumentParser.parse_args`. :type namespace: :class:`argparse.Namespace` cCsVt|d|tj|jj|j_tj|jj|j_tj|jj|j_t |dS)N namespace) object __setattr__r pathabspathr config_dirwork_dirlogs_dir_check_config_sanity)selfr r7/usr/lib/python3/dist-packages/certbot/configuration.py__init__)s  zNamespaceConfig.__init__cCs t|j|SN)getattrr )rnamerrr __getattr__5s zNamespaceConfig.__getattr__cCst|j||dSr)setattrr )rrvaluerrrr 8szNamespaceConfig.__setattr__returncC|jjS)zACME Directory Resource URI.)r serverrrrrr ;zNamespaceConfig.servercCr)zEmail used for registration and recovery contact. Use comma to register multiple emails, ex: u1@example.com,u2@example.com. (default: Ask). )r emailr!rrrr#@zNamespaceConfig.emailcCr)zSize of the RSA key.r rsa_key_sizer!rrrr&Ir"zNamespaceConfig.rsa_key_sizeksizeNcC ||j_dS)zSet the rsa_key_size propertyNr%)rr'rrrr&N cCr)z`The SECG elliptic curve name to use. Please see RFC 8446 for supported values. r elliptic_curver!rrrr+SzNamespaceConfig.elliptic_curveecurvecCr()zSet the elliptic_curve propertyNr*)rr-rrrr+[r)cCr)zhType of generated private key. Only *ONE* per invocation can be provided at this time. r key_typer!rrrr/`r,zNamespaceConfig.key_typektypecCr()zSet the key_type propertyNr.)rr0rrrr/hr)cCr)zAdds the OCSP Must Staple extension to the certificate. Autoconfigures OCSP Stapling for supported setups (Apache version >= 2.3.3 ). )r must_stapler!rrrr1mr$zNamespaceConfig.must_staplecCr)zConfiguration directory.)r rr!rrrrvr"zNamespaceConfig.config_dircCr)zWorking directory.)r rr!rrrr{r"zNamespaceConfig.work_dircCs ||jS)z2Directory where all account information is stored.)accounts_dir_for_server_path server_pathr!rrr accounts_dirr)zNamespaceConfig.accounts_dircCtj|jjtjS)z Configuration backups directory.)r rjoinr rr BACKUP_DIRr!rrr backup_dirzNamespaceConfig.backup_dircCr5)zBDirectory where new Certificate Signing Requests (CSRs) are saved.)r rr6r rrCSR_DIRr!rrrcsr_dirr9zNamespaceConfig.csr_dircCr5)z:Directory used before a permanent checkpoint is finalized.)r rr6r rrIN_PROGRESS_DIRr!rrrin_progress_dirr9zNamespaceConfig.in_progress_dircCr5)z Keys storage.)r rr6r rrKEY_DIRr!rrrkey_dirr9zNamespaceConfig.key_dircCr5)zTemporary checkpoint directory.)r rr6r rrTEMP_CHECKPOINT_DIRr!rrrtemp_checkpoint_dirs z#NamespaceConfig.temp_checkpoint_dircCr)z6Disable verification of the ACME server's certificate.)r no_verify_sslr!rrrrBr"zNamespaceConfig.no_verify_sslcCr)zPort used in the http-01 challenge. This only affects the port Certbot listens on. A conforming ACME server will still attempt to connect on port 80. )r http01_portr!rrrrCr$zNamespaceConfig.http01_portcCr)z;The address the server listens to during http-01 challenge.)r http01_addressr!rrrrDr"zNamespaceConfig.http01_addresscCr)zPort used to serve HTTPS. This affects which port Nginx will listen on after a LE certificate is installed. )r https_portr!rrrrEr$zNamespaceConfig.https_portcCr)zuList of user specified preferred challenges. Sorted with the most preferred challenge listed first. )r pref_challsr!rrrrFr,zNamespaceConfig.pref_challscCr)aAllow only a subset of names to be authorized to perform validations. When performing domain validation, do not consider it a failure if authorizations can not be obtained for a strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to succeed even if some domains no longer point at this system. )r allow_subset_of_namesr!rrrrGs z%NamespaceConfig.allow_subset_of_namescCr)zEnable strict permissions checks. Require that all configuration files are owned by the current user; only needed if your config is somewhere unsafe like /tmp/. )r strict_permissionsr!rrrrHr$z"NamespaceConfig.strict_permissionscCr)zDisable renewal updates. If updates provided by installer enhancements when Certbot is being run with "renew" verb should be disabled. )r disable_renew_updatesr!rrrrIr$z%NamespaceConfig.disable_renew_updatescCr)zSet the preferred certificate chain. If the CA offers multiple certificate chains, prefer the chain whose topmost certificate was issued from this Subject Common Name. If no match, the default offered chain will be used. )r preferred_chainr!rrrrJszNamespaceConfig.preferred_chaincCs&t|jj}|j|jdtjjS)zFile path based on ``server``./) rurlparser r netlocrreplacer sep)rparsedrrrr3szNamespaceConfig.server_pathcCs t|}tj|jjtj|S)z/Path to accounts directory based on server_path) r.underscores_for_unsupported_characters_in_pathr rr6r rr ACCOUNTS_DIR)rr3rrrr2s  z,NamespaceConfig.accounts_dir_for_server_pathcCr5r)r rr6r rr ARCHIVE_DIRr!rrrdefault_archive_dirz#NamespaceConfig.default_archive_dircCr5r)r rr6r rrLIVE_DIRr!rrrlive_dirrUzNamespaceConfig.live_dircCr5r)r rr6r rrRENEWAL_CONFIGS_DIRr!rrrrenewal_configs_dirs z#NamespaceConfig.renewal_configs_dircCr5)z>Path to directory with hooks to run with the renew subcommand.)r rr6r rrRENEWAL_HOOKS_DIRr!rrrrenewal_hooks_dirs z!NamespaceConfig.renewal_hooks_dircCtj|jtjS)z8Path to the pre-hook directory for the renew subcommand.)r rr6r[rRENEWAL_PRE_HOOKS_DIRr!rrrrenewal_pre_hooks_dir  z%NamespaceConfig.renewal_pre_hooks_dircCr\)z;Path to the deploy-hook directory for the renew subcommand.)r rr6r[rRENEWAL_DEPLOY_HOOKS_DIRr!rrrrenewal_deploy_hooks_dirr_z(NamespaceConfig.renewal_deploy_hooks_dircCr\)z9Path to the post-hook directory for the renew subcommand.)r rr6r[rRENEWAL_POST_HOOKS_DIRr!rrrrenewal_post_hooks_dirr_z&NamespaceConfig.renewal_post_hooks_dircCst|j}t||Sr)copydeepcopyr type)r_memonew_nsrrr __deepcopy__s  zNamespaceConfig.__deepcopy__)/__name__ __module__ __qualname____doc__rrr propertystrr rr#intr&setterr+r/boolr1rrr4r8r;r=r?rArBrCrDrErrFrGrHrIrJr3r2rTrWrYr[r^rarcrirrrrr s                 r cCsJ|j|jkrtd|j|jjdur!|jjD] }t|qdSdS)zValidate command line options and display error message if requirements are not met. :param config: NamespaceConfig instance holding user configuration :type args: :class:`certbot.configuration.NamespaceConfig` z;Trying to run http-01 and https-port on the same port ({0})N) rCrErConfigurationErrorformatr domainsrenforce_domain_sanity)configdomainrrrr%s    r)rmrdtypingrrurllibrcertbotrrcertbot._internalrcertbot.compatrr r rrrrrs