�

N�hxC�
��dZd
dl
mZ
d
dl
mZ
d
dlZd
dlZd
dlZd
dlZd
dl	Z	d
dl
Z
d
dlmZ
d
dlm
Z

d
dlmZ
d
dlmZ
d
d	lmZ
d
d
lmZ
d
dlmZ
d
dlmZ
d
d
lmZ
d
dlmZ
d
dlmZ
d
dlmZ
d
dlmZ
d
dlmZ
d
dlmZ
d
dlm Z!
d
dlm"Z#
d
dl$m%Z%
ejLe'�
Z(de)de)fd�Z*de)de)fd�Z+ejXd�
Z-ejXdej\�Z/Gd�de#e��Z"Gd �d!e!e"e��Z Gd"�d#e ej`e��Z1ed$d%�&�Z2Gd'�d%�Z3Gd(�d)�Z4d*e)d+e)d,e)d-ee)ddf
d.�Z5d/e)d0e)de6e)e)e)ffd1�Z7y)2zPlugin common functions.�)
�ABCMeta)
�abstractmethodN)
�Any)
�Callable)
�Iterable)
�Optional)
�TypeVar)
�
challenges)
�achallenges)
�
configuration)
�crypto_util)
�errors)
�
interfaces)
�reverter)
�	constants)
�
filesystem)
�os)
�	Installer)
�Plugin)
�
PluginStorage�name�returnc
��|d
zS)�9ArgumentParser options namespace (prefix of all options).�
-��
rs
 ��/build/snapcraft-certbot-c9561b03ef7f16aa90eb6754ca5f17a1/parts/certbot/install/lib/python3.12/site-packages/certbot/plugins/common.py�option_namespacer!s���#�:��c
�,�|j
d
d�dzS)�;ArgumentParser dest namespace (prefix of all destinations).r�
_)
�replacers
 r�dest_namespacer%&s���<�<��S�!�C�'�'r zX(^127\.0\.0\.1)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)z3^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*[a-z]+$c�&
��eZ
dZd
Zdej
deddf�f
d�Zee	de
dddfd	���Zed
ejdeddfd��Zedefd��Zdedefd
�Zedefd��Zdedefd�Zdedefd�Zdeej0defd�Z�x
ZS)rzGeneric plugin.�configrrNc�B�
�t�|�|
|�
|
|_||_y�
N)�super�__init__r'r)�selfr'r�	__class__s   �rr+zPlugin.__init__5s ���
�����&������	r �add).Nc��y
)z�Add plugin arguments to the CLI argument parser.

        :param callable add: Function that proxies calls to
            `argparse.ArgumentParser.add_argument` prepending options
            with unique plugin name prefix.

        Nr)�clsr.s  r�add_parser_argumentszPlugin.add_parser_arguments:s�r �parserc�^�
��d
tdtdtddf��
fd�}|j|�
S)zkInject parser options.

        See `~.certbot.interfaces.Plugin.inject_parser_options` for docs.

        �arg_name_no_prefix�args�kwargsrNc
�d���jd
jt��
|�g
|
�
�i|�
�

y)Nz--{0}{1})�add_argument�formatr)r4r5r6rr2s   ��rr.z)Plugin.inject_parser_options.<locals>.addMs:����F����!�!�"2�4�"8�:L�M�
!��
!��
!r )�strrr1)r0r2rr.s `` r�inject_parser_optionszPlugin.inject_parser_optionsEs7���	!�C�	!��	!�s�	!�t�	!��'�'��,�,r c
�,�t
|j�
S)
r)rr�
r,s
 rrzPlugin.option_namespaceSs�� ��	�	�*�*r c� �|j|
zS)
z'Option name (include plugin namespace).)
r)r,rs  r�option_namezPlugin.option_nameXs���$�$�t�+�+r c
�,�t
|j�
S)
r")r%rr=s
 rr%zPlugin.dest_namespace\s���d�i�i�(�(r �varc�@�|j|
jd
d�zS)z.Find a destination for given variable ``var``.rr#)r%r$�r,rAs  r�destzPlugin.destas ���"�"�S�[�[��c�%:�:�:r c�L�t
|j|j|
�
�S)
z0Find a configuration value for variable ``var``.)�getattrr'rDrCs  r�confzPlugin.confgs���t�{�{�D�I�I�c�N�3�3r �failed_achallsc��d
j
t|
D�chc]}|j��c}�
�
}dj|j|��Sc
c}w)a9Human-readable string to help the user troubleshoot the authenticator.

        Shown to the user if one or more of the attempted challenges were not a success.

        Should describe, in simple language, what the authenticator tried to do, what went
        wrong and what the user should try as their "next steps".

        TODO: auth_hint belongs in Authenticator but can't be added until the next major
        version of Certbot. For now, it lives in .Plugin and auth_handler will only call it
        on authenticators that subclass .Plugin. For now, inherit from `.Plugin` to implement
        and/or override the method.

        :param list failed_achalls: List of one or more failed challenges
                                    (:class:`achallenges.AnnotatedChallenge` subclasses).

        :rtype str:
        z and z�The Certificate Authority couldn't externally verify that the {name} plugin completed the required {challs} challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet.)r�challs)�join�sorted�typr9r)r,rH�achallrJs    r�	auth_hintzPlugin.auth_hintksK��(���f�~�%N�V�f�j�j�%N�O�P��\
���T�Y�Y�v��6�	8��&O
s�A)�__name__�
__module__�__qualname__�__doc__r�NamespaceConfigr:r+�classmethodrrr1�argparse�ArgumentParserr;�propertyrr?r%rDrrG�listr�AnnotatedChallengerO�
__classcell__�
r-s
@rrr2s
�����}�<�<��C��D��
���x�	�':��t������-�8�+B�+B�-�#�-�RV�-��-��+�#�+��+�,��,��,��)��)��)�;��;��;�4��4��4�8��[�-K�-K�(L�8�QT�8r r)
�	metaclassc	���eZ
dZd
Zdededdf�f
d�Z	ddeeded	eddfd
�Z	deddfd�Z
dd
�Zdd�Zdde
ddfd�Zedefd��Zedefd��Zdd�Z�x
ZS)rz�An installer base class with reverter and ssl_dhparam methods defined.

    Installer plugins do not have to inherit from this class.

    r5r6rNc
��
�t
�|�|
i|�
�

t|j|j�|_t
j|j�
|_yr))r*r+rr'r�storager�Reverter)r,r5r6r-s   �rr+zInstaller.__init__�sA���
���$�)�&�)�$�T�[�[�$�)�)�<��� �)�)�$�+�+�6��
r �
save_files�
save_notes�	temporaryc���|r|jj}n|jj}	||
|�
y
#tj$r#}tj
t
|�
�
�
d
}~w
wxYw
)a�
Add files to a checkpoint.

        :param set save_files: set of filepaths to save
        :param str save_notes: notes about changes during the save
        :param bool temporary: True if the files should be added to a
            temporary checkpoint rather than a permanent one. This is
            usually used for changes that will soon be reverted.

        :raises .errors.PluginError: when unable to add to checkpoint

        N)r�add_to_temp_checkpoint�add_to_checkpointr�
ReverterError�PluginErrorr:)r,rbrcrd�checkpoint_func�errs      rrgzInstaller.add_to_checkpoint�s_���"�m�m�B�B�O�"�m�m�=�=�O�	/��J�
�3���#�#�
	/��$�$�S��X�.�.��
	/�s�	;�A1�A,�,A1�titlec��	|jj|
�

y
#tj$r#}tjt|�
�
�
d
}~w
wxYw
)z�Timestamp and save changes made through the reverter.

        :param str title: Title describing checkpoint

        :raises .errors.PluginError: when an error occurs

        N)r�finalize_checkpointrrhrir:)r,rlrks   rrnzInstaller.finalize_checkpoint�sD��	/��M�M�-�-�e�4���#�#�
	/��$�$�S��X�.�.��
	/����A�A�Ac
��	|jj�
y
#tj$r#}
tjt|
�
�
�
d
}
~
w
wxYw
)z�Revert all previously modified files.

        Reverts all modified files that have not been saved as a checkpoint

        :raises .errors.PluginError: If unable to recover the configuration

        N)r�recovery_routinerrhrir:�r,rks  rrqzInstaller.recovery_routine�sB��	/��M�M�*�*�,���#�#�
	/��$�$�S��X�.�.��
	/����A�A�Ac
��	|jj�
y
#tj$r#}
tjt|
�
�
�
d
}
~
w
wxYw
)zkRollback temporary checkpoint.

        :raises .errors.PluginError: when unable to revert config

        N)r�revert_temporary_configrrhrir:rrs  rruz!Installer.revert_temporary_config�sB��	/��M�M�1�1�3���#�#�
	/��$�$�S��X�.�.��
	/�rs�rollbackc��	|jj|
�

y
#tj$r#}tjt|�
�
�
d
}~w
wxYw
)z�Rollback saved checkpoints.

        :param int rollback: Number of checkpoints to revert

        :raises .errors.PluginError: If there is a problem with the input or
            the function is unable to correctly revert the configuration

        N)r�rollback_checkpointsrrhrir:)r,rvrks   rrxzInstaller.rollback_checkpoints�sD��	/��M�M�.�.�x�8���#�#�
	/��$�$�S��X�.�.��
	/�roc
��tjj|jjt
j�S)
z(Full absolute path to ssl_dhparams file.)r�pathrKr'�
config_dirr�SSL_DHPARAMS_DESTr=s
 r�ssl_dhparamszInstaller.ssl_dhparams�s)���w�w�|�|�D�K�K�2�2�I�4O�4O�P�Pr c
��tjj|jjt
j�S)
z:Full absolute path to digest of updated ssl_dhparams file.)rrzrKr'r{r�UPDATED_SSL_DHPARAMS_DIGESTr=s
 r�updated_ssl_dhparams_digestz%Installer.updated_ssl_dhparams_digest�s)���w�w�|�|�D�K�K�2�2�I�4Y�4Y�Z�Zr c
��t
|j|jtjtj
�
y
)zJCopy Certbot's ssl_dhparams file into the system's config dir if required.N)�install_version_controlled_filer}r�r�SSL_DHPARAMS_SRC�ALL_SSL_DHPARAMS_HASHESr=s
 r�install_ssl_dhparamszInstaller.install_ssl_dhparams�s.��'�����,�,��&�&��-�-�		/r �
F�rN)
�
)rPrQrRrSrr+�setr:�boolrgrnrqru�intrxrXr}r�r�r[r\s
@rrr�s�����
7�c�7�S�7�T�7�-2�/�C��H�/�#�/�%)�/�6:�/�./��/��/�/�	/�/�S�/��/��Q
�c�Q
��Q
��[
�S�[
��[
�/r rc
��eZ
dZd
Zy)�Configuratorzt
    A plugin that extends certbot.plugins.common.Installer
    and implements certbot.interfaces.Authenticator
    N)rPrQrRrSrr rr�r��s��r r��GenericAddr�Addr)
�boundc���eZ
dZd
Zddeeefdefd�Zede	e
dede
fd��Zdefd	�Zdeeeffd
�Z
dedefd�Zdefd
�Zdefd�Zdefd�Zde
dede
fd�Zdedeefd�Zdefd�Zdedeefd�Zy)r�z�Represents an virtual host address.

    :param str addr: addr part of vhost address
    :param str port: port number or \*, or ""

    �tup�ipv6c� �|
|_||_
yr))r�r�)r,r�r�s   rr+z
Addr.__init__�s�������	r r0�str_addrrc��|
j
d
�
rK|
jd�
}|
d|dz}d}t|
�
|dzkDr|
|dzdk(r|
|dzd}|||fd�	�S|
jd�
}||d
|df�
S)zInitialize Addr from string.�
[�
]Nr����
:T)
r�r)�
startswith�rfind�len�	partition)r0r��endIndex�host�portr�s      r�
fromstringzAddr.fromstring
s������s�#��~�~�c�*�H��M�X�
�\�*�D��D��8�}�x�!�|�+���A��0F�#�0M���1��
�.����d�|�$�/�/��$�$�S�)�C���A���A��'�(�(r c
�\�|jd
rd|jzS|jdS)Nr�z%s:%sr�
r�r=s
 r�__str__zAddr.__str__
s*���8�8�A�;��T�X�X�%�%��x�x�
�{�r c
�p�|jr|j�|jd
fS|jS)z5Normalized representation of addr/port tuple
        r�)r��get_ipv6_explodedr�r=s
 r�normalized_tuplezAddr.normalized_tuple
s0���9�9��)�)�+�T�X�X�a�[�8�8��x�x�r �otherc�r�t
|
|j�r!|j�|
j�k(Sy
)NF)�
isinstancer-r�)r,r�s  r�__eq__zAddr.__eq__
s2���e�T�^�^�,��(�(�*�e�.D�.D�.F�F�F�r c
�,�t
|j�
Sr))�hashr�r=s
 r�__hash__z
Addr.__hash__&
s���D�H�H�~�r c
� �|jd
S)z Return addr part of Addr object.rr�r=s
 r�get_addrz
Addr.get_addr)
����x�x�
�{�r c
� �|jd
S)zReturn port.r�r�r=s
 r�get_portz
Addr.get_port-
r�r r,r�c�X�|j
|jd
|
f|j�S)z6Return new address object with same addr and new port.r)r-r�r�)r,r�s  r�get_addr_objzAddr.get_addr_obj1
s$���~�~�t�x�x�
�{�D�1�4�9�9�=�=r �addrc�h�|
j
d
�
}
|
jd�
}
|j|
�
S)z7Return IPv6 address in normalized form, helper functionr�r�)�lstrip�rstrip�
_explode_ipv6)r,r�s  r�_normalize_ipv6zAddr._normalize_ipv65
s/���{�{�3����{�{�3����!�!�$�'�'r c
�v�|jr-d
j|j|jd�
�
Sy)zReturn IPv6 in normalized formr�rr�)r�rKr�r�r=s
 rr�zAddr.get_ipv6_exploded;
s.���9�9��8�8�D�0�0����!��=�>�>�r c�B
�gd
�
}|
j
d�
}t|�
t|�
kDr|dt|�
}d}t|�
D]T\}}|sd}�t|�
dkDr|jd�
}|st	|�
||<�;t	|�
||t|�
z
<�V|S)z#Explode IPv6 address for comparison)�
0r�r�r�r�r�r�r�r�rFTr�r�)�splitr��	enumerater�r:)r,r��result�	addr_list�
append_to_end�
i�blocks       rr�zAddr._explode_ipv6A
s���9���J�J�s�O�	��y�>�C��K�'�!�!�C��K�0�I��
�!�)�,�
	6�H�A�u��!%�
���5�z�A�~����S�)�� ���J��q�	�,/�u�:��q��Y��'�(�
	6��
r Nr�)rPrQrRrS�tupler:r�r+rU�typer�r�r�r�rr�r�r�r�r�r�rYr�r�r�rr rr�r��s�����E�#�s�(�O��4���)��[�)�)�S�)�[�)��)����
�%��S��/���C��D��
�#�
��#���#��>�;�>�c�>�k�>�(�C�(�D��I�(��3���#��$�s�)�r c�t�eZ
dZd
Zdefd�Z	d
dejdee	ddfd�Z
deejfd	�Zy)�ChallengePerformerav
Abstract base for challenge performers.

    :ivar configurator: Authenticator and installer plugin
    :ivar achalls: Annotated challenges
    :vartype achalls: `list` of `.KeyAuthorizationAnnotatedChallenge`
    :ivar indices: Holds the indices of challenges from a larger array
        so the user of the class doesn't have to.
    :vartype indices: `list` of `int`

    �configuratorc�.�|
|_g|_
g|_yr))r��achalls�indices)r,r�s  rr+zChallengePerformer.__init__f
s��(���MO���"$��r NrN�idxrc�v�|jj|
�

|�|jj|�

y
y
)z�Store challenge to be performed when perform() is called.

        :param .KeyAuthorizationAnnotatedChallenge achall: Annotated
            challenge.
        :param int idx: index to challenge in a larger array

        N)r��appendr�)r,rNr�s   r�	add_challzChallengePerformer.add_challk
s2��	
�����F�#��?��L�L����$�r c
��t
��
)
z�Perform all added challenges.

        :returns: challenge responses
        :rtype: `list` of `acme.challenges.KeyAuthorizationChallengeResponse`


        )
�NotImplementedErrorr=s
 r�performzChallengePerformer.performx
s
��"�#�#r r))rPrQrRrSr�r+r�"KeyAuthorizationAnnotatedChallengerr�r�rYr
�!KeyAuthorizationChallengeResponser�rr rr�r�Z
sU��	�%�\�%�(,�%�� N� N�%���}�%�04�%�$��j�J�J�K�$r r��	dest_path�digest_path�src_path�
all_hashesc��
��
���	�t
j��
�	d�	�
fd��d���fd�}tjj	��
s|�
y
t
j��
}|�	k(r
y
||vr|�
y
tjj	�
�
r+t�
d�5}|j
�}d
d
d
�
�	k(r
y
��
tjd����
y
#1s
w
Y

�/xYw
)a�
Copy a file into an active location (likely the system's config dir) if required.

       :param str dest_path: destination path for version controlled file
       :param str digest_path: path to save a digest of the file in
       :param str src_path: path to version controlled file found in distribution
       :param list all_hashes: hashes of every released version of the file
    Nc�j��t
�d
�5}|j�
�

ddd�
y#1s
w
Y

yxYw
)N�
w)�open�write)�file_h�current_hashr�s ��r�_write_current_hashz<install_version_controlled_file.<locals>._write_current_hash�
s0���
�+�s�
#�
	'�v��L�L��&�
	'�
	'�
	'�s�)�2c�@��t
j��
�
��
yr))�shutil�copyfile)r�r�r�s���r�_install_current_filez>install_version_controlled_file.<locals>._install_current_file�
s�������)�,��r �
rzh%s has been manually modified; updated file saved to %s. We recommend updating %s for security purposes.r�)	r
�	sha256sumrrz�isfiler��read�logger�warning)
r�r�r�r�r��active_file_digest�
f�saved_digestr�r�s
```     @@rr�r��
s�����(�(��2�L�'��
�7�7�>�>�)�$����%�.�.�y�9���\�)���Z�'����7�7�>�>�+�&��k�3�'�

(�1� �v�v�x��

(��|�+��	�����
K
��x��	,�

(�

(�s�#C"�"C+�test_dir�pkgc��d
tdtfd�}|d�
}|d�
}|d�
}tj|tj�
tj|tj�
tj|tj�
t
jj|
�
jd�
j|�
}t
jj|�
5}tj|tjj||�d�	�
d
d
d
�
|||fS#1s
w
Y

�xYw
)z5Setup the directories necessary for the configurator.�prefixrc
�R�t
jtj|�
�
S)
a�
Return the real path of a temp directory with the specified prefix

        Some plugins rely on real paths of symlinks for working correctly. For
        example, certbot-apache uses real paths of configuration files to tell
        a virtual host from another. On systems where TMP itself is a symbolic
        link, (ex: OS X) such plugins will be confused. This function prevents
        such a case.
        )r�realpath�tempfile�mkdtemp)
r�s
 r�expanded_tempdirz#dir_setup.<locals>.expanded_tempdir�
s ���"�"�8�#3�#3�F�#;�<�<r �tempr'�work�testdataT)
�symlinksN)r:r�chmodr�CONFIG_DIRS_MODE�	importlib�	resources�files�joinpath�as_filer��copytreerrzrK)r�r�r��temp_dirr{�work_dir�test_dir_refrzs        r�	dir_setupr

�
s
��	=��	=��	=� ��'�H�!�(�+�J���'�H����X�y�9�9�:����Z��!;�!;�<����X�y�9�9�:��&�&�,�,�S�1�:�:�:�F�O�O�PX�Y�L�	�	�	�	$�	$�\�	2�C
�d�����"�'�'�,�,�x��2�T�
	C
�C
��Z��)�)�	C
�C
�s�17D5�5D>)8rS�abcrrrV�importlib.resourcesr

�logging�rer�r��typingrrrrr	�acmer
�certbotrrr
rrr�certbot._internalr�certbot.compatrr�certbot.interfacesr�AbstractInstallerr�AbstractPlugin�certbot.plugins.storager�	getLoggerrPr�r:rr%�compile�private_ips_regex�
IGNORECASE�hostname_regex�
Authenticatorr�r�r�r�r�r�r

rr r�<module>r

sx
�


�������	�
���������!�����'�%��=�7�1�	��	�	�8�	$��
�3�
�3�
�

(��
(��
(�
�B�J�J�
7�8������:�B�M�M�
K
��Q

8�^�w�Q

8�he

/�!�6�W�e

/�P
�9�j�6�6�'�
��m�6�2��_

�_

�D&
$�&
$�R
,
,�s�,
,��,
,�PS�,
,�08��
�,
,�BF�,
,�f

*��
*�#�
*�%��S�#�
�*>�
*r