File: //proc/self/root/lib/python3/dist-packages/certbot/configuration.py
"""Certbot user-supplied configuration."""
import argparse
import copy
import enum
import logging
from typing import Any
from typing import Dict
from typing import List
from typing import Optional
from urllib import parse
import warnings
from certbot import errors
from certbot import util
from certbot._internal import constants
from certbot.compat import misc
from certbot.compat import os
logger = logging.getLogger(__name__)
class ArgumentSource(enum.Enum):
    """Enum for describing where a configuration argument was set."""
    COMMAND_LINE = enum.auto()
    """Argument was specified on the command line"""
    CONFIG_FILE = enum.auto()
    """Argument was specified in a .ini config file"""
    DEFAULT = enum.auto()
    """Argument was not set by the user, and was assigned its default value"""
    ENV_VAR = enum.auto()
    """Argument was specified in an environment variable"""
    RUNTIME = enum.auto()
    """Argument was set at runtime by certbot"""
class NamespaceConfig:
    """Configuration wrapper around :class:`argparse.Namespace`.
    Please note that the following attributes are dynamically resolved using
    :attr:`~certbot.configuration.NamespaceConfig.work_dir` and relative
    paths defined in :py:mod:`certbot._internal.constants`:
      - `accounts_dir`
      - `csr_dir`
      - `in_progress_dir`
      - `key_dir`
      - `temp_checkpoint_dir`
    And the following paths are dynamically resolved using
    :attr:`~certbot.configuration.NamespaceConfig.config_dir` and relative
    paths defined in :py:mod:`certbot._internal.constants`:
      - `default_archive_dir`
      - `live_dir`
      - `renewal_configs_dir`
    :ivar namespace: Namespace typically produced by
        :meth:`argparse.ArgumentParser.parse_args`.
    :type namespace: :class:`argparse.Namespace`
    """
    def __init__(self, namespace: argparse.Namespace) -> None:
        self.namespace: argparse.Namespace
        # Avoid recursion loop because of the delegation defined in __setattr__
        object.__setattr__(self, 'namespace', namespace)
        object.__setattr__(self, '_argument_sources', None)
        object.__setattr__(self, '_previously_accessed_mutables', {})
        self.namespace.config_dir = os.path.abspath(self.namespace.config_dir)
        self.namespace.work_dir = os.path.abspath(self.namespace.work_dir)
        self.namespace.logs_dir = os.path.abspath(self.namespace.logs_dir)
        # Check command line parameters sanity, and error out in case of problem.
        _check_config_sanity(self)
    def set_argument_sources(self, argument_sources: Dict[str, ArgumentSource]) -> None:
        """
        Associate the NamespaceConfig with a dictionary describing where each of
        its arguments came from, e.g. `{ 'email': ArgumentSource.CONFIG_FILE }`.
        This is necessary for making runtime evaluations on whether an argument
        was specified by the user or not (see `set_by_user`).
        For an example of how to build such a dictionary, see
        `certbot._internal.cli.helpful.HelpfulArgumentParser._build_sources_dict`
        :ivar argument_sources: dictionary of argument names to their :class:`ArgumentSource`
        :type argument_sources: :class:`Dict[str, ArgumentSource]`
        """
        # Avoid recursion loop because of the delegation defined in __setattr__
        object.__setattr__(self, '_argument_sources', argument_sources)
    def set_by_user(self, var: str) -> bool:
        """
        Return True if a particular config variable has been set by the user
        (via CLI or config file) including if the user explicitly set it to the
        default, or if it was dynamically set at runtime.  Returns False if the
        variable was assigned a default value.
        Raises an exception if `argument_sources` is not set.
        """
        from certbot._internal.cli.cli_constants import DEPRECATED_OPTIONS
        from certbot._internal.cli.cli_constants import VAR_MODIFIERS
        from certbot._internal.plugins import selection
        if self.argument_sources is None:
            raise RuntimeError(
                "NamespaceConfig.set_by_user called without an ArgumentSources dict. "
                "See NamespaceConfig.set_argument_sources().")
        # We should probably never actually hit this code. But if we do,
        # a deprecated option has logically never been set by the CLI.
        if var in DEPRECATED_OPTIONS:
            return False
        if var in ['authenticator', 'installer']:
            auth, inst = selection.cli_plugin_requests(self)
            if var == 'authenticator':
                return auth is not None
            if var == 'installer':
                return inst is not None
        if var in self.argument_sources and self.argument_sources[var] != ArgumentSource.DEFAULT:
            logger.debug("Var %s=%s (set by user).", var, getattr(self, var))
            return True
        for modifier in VAR_MODIFIERS.get(var, []):
            if self.set_by_user(modifier):
                logger.debug("Var %s=%s (set by user).",
                    var, VAR_MODIFIERS.get(var, []))
                return True
        return False
    def to_dict(self) -> Dict[str, Any]:
        """
        Returns a dictionary mapping all argument names to their values
        """
        return vars(self.namespace)
    def _mark_runtime_override(self, name: str) -> None:
        """
        If an argument_sources dict was set, overwrites an argument's source to
        be ArgumentSource.RUNTIME. Used when certbot sets an argument's values
        at runtime. This also clears the modified value from
        _previously_accessed_mutables since it is no longer needed.
        """
        if self._argument_sources is not None:
            self._argument_sources[name] = ArgumentSource.RUNTIME
            if name in self._previously_accessed_mutables:
                del self._previously_accessed_mutables[name]
    @property
    def argument_sources(self) -> Optional[Dict[str, ArgumentSource]]:
        """Returns _argument_sources after handling any changes to accessed mutable values."""
        # We keep values in _previously_accessed_mutables until we've detected a modification to try
        # to provide up-to-date information when argument_sources is accessed. Once a mutable object
        # has been accessed, it can be modified at any time if a reference to it was kept somewhere
        # else.
        # We copy _previously_accessed_mutables because _mark_runtime_override modifies it.
        for name, prev_value in self._previously_accessed_mutables.copy().items():
            current_value = getattr(self.namespace, name)
            if current_value != prev_value:
                self._mark_runtime_override(name)
        return self._argument_sources
    # Delegate any attribute not explicitly defined to the underlying namespace object.
    #
    # If any mutable namespace attributes are explicitly defined in the future, you'll probably want
    # to take an approach like the one used in __getattr__ and the argument_sources property.
    def __getattr__(self, name: str) -> Any:
        arg_sources = self.argument_sources
        value = getattr(self.namespace, name)
        if arg_sources is not None:
            # If the requested attribute was already modified at runtime, we don't need to track any
            # future changes.
            if name not in arg_sources or arg_sources[name] != ArgumentSource.RUNTIME:
                # If name is already in _previously_accessed_mutables, we don't need to make a copy
                # of it again. If its value was changed, this would have been caught while preparing
                # the return value of the property self.argument_sources accessed earlier in this
                # function.
                if name not in self._previously_accessed_mutables and not _is_immutable(value):
                    self._previously_accessed_mutables[name] = copy.deepcopy(value)
        return value
    def __setattr__(self, name: str, value: Any) -> None:
        self._mark_runtime_override(name)
        setattr(self.namespace, name, value)
    @property
    def server(self) -> str:
        """ACME Directory Resource URI."""
        return self.namespace.server
    @server.setter
    def server(self, server_: str) -> None:
        self._mark_runtime_override('server')
        self.namespace.server = server_
    @property
    def email(self) -> Optional[str]:
        """Email used for registration and recovery contact.
        Use comma to register multiple emails,
        ex: u1@example.com,u2@example.com. (default: Ask).
        """
        return self.namespace.email
    @email.setter
    def email(self, mail: str) -> None:
        self._mark_runtime_override('email')
        self.namespace.email = mail
    @property
    def rsa_key_size(self) -> int:
        """Size of the RSA key."""
        return self.namespace.rsa_key_size
    @rsa_key_size.setter
    def rsa_key_size(self, ksize: int) -> None:
        """Set the rsa_key_size property"""
        self._mark_runtime_override('rsa_key_size')
        self.namespace.rsa_key_size = ksize
    @property
    def elliptic_curve(self) -> str:
        """The SECG elliptic curve name to use.
        Please see RFC 8446 for supported values.
        """
        return self.namespace.elliptic_curve
    @elliptic_curve.setter
    def elliptic_curve(self, ecurve: str) -> None:
        """Set the elliptic_curve property"""
        self._mark_runtime_override('elliptic_curve')
        self.namespace.elliptic_curve = ecurve
    @property
    def key_type(self) -> str:
        """Type of generated private key.
        Only *ONE* per invocation can be provided at this time.
        """
        return self.namespace.key_type
    @key_type.setter
    def key_type(self, ktype: str) -> None:
        """Set the key_type property"""
        self._mark_runtime_override('key_type')
        self.namespace.key_type = ktype
    @property
    def must_staple(self) -> bool:
        """Adds the OCSP Must-Staple extension to the certificate.
        Autoconfigures OCSP Stapling for supported setups
        (Apache version >= 2.3.3 ).
        """
        return self.namespace.must_staple
    @property
    def config_dir(self) -> str:
        """Configuration directory."""
        return self.namespace.config_dir
    @property
    def work_dir(self) -> str:
        """Working directory."""
        return self.namespace.work_dir
    @property
    def accounts_dir(self) -> str:
        """Directory where all account information is stored."""
        return self.accounts_dir_for_server_path(self.server_path)
    @property
    def backup_dir(self) -> str:
        """Configuration backups directory."""
        return os.path.join(self.namespace.work_dir, constants.BACKUP_DIR)
    @property
    def csr_dir(self) -> str:
        """Directory where new Certificate Signing Requests (CSRs) are saved."""
        warnings.warn("NamespaceConfig.csr_dir is deprecated and will be removed in an upcoming "
                      "release of Certbot", DeprecationWarning)
        return os.path.join(self.namespace.config_dir, constants.CSR_DIR)
    @property
    def in_progress_dir(self) -> str:
        """Directory used before a permanent checkpoint is finalized."""
        return os.path.join(self.namespace.work_dir, constants.IN_PROGRESS_DIR)
    @property
    def key_dir(self) -> str:
        """Keys storage."""
        warnings.warn("NamespaceConfig.key_dir is deprecated and will be removed in an upcoming "
                      "release of Certbot", DeprecationWarning)
        return os.path.join(self.namespace.config_dir, constants.KEY_DIR)
    @property
    def temp_checkpoint_dir(self) -> str:
        """Temporary checkpoint directory."""
        return os.path.join(
            self.namespace.work_dir, constants.TEMP_CHECKPOINT_DIR)
    @property
    def no_verify_ssl(self) -> bool:
        """Disable verification of the ACME server's certificate.
        The root certificates trusted by Certbot can be overriden by setting the
        REQUESTS_CA_BUNDLE environment variable.
        """
        return self.namespace.no_verify_ssl
    @property
    def http01_port(self) -> int:
        """Port used in the http-01 challenge.
        This only affects the port Certbot listens on.
        A conforming ACME server will still attempt to connect on port 80.
        """
        return self.namespace.http01_port
    @property
    def http01_address(self) -> str:
        """The address the server listens to during http-01 challenge."""
        return self.namespace.http01_address
    @property
    def https_port(self) -> int:
        """Port used to serve HTTPS.
        This affects which port Nginx will listen on after a LE certificate
        is installed.
        """
        return self.namespace.https_port
    @property
    def pref_challs(self) -> List[str]:
        """List of user specified preferred challenges.
        Sorted with the most preferred challenge listed first.
        """
        return self.namespace.pref_challs
    @property
    def allow_subset_of_names(self) -> bool:
        """Allow only a subset of names to be authorized to perform validations.
        When performing domain validation, do not consider it a failure
        if authorizations can not be obtained for a strict subset of
        the requested domains. This may be useful for allowing renewals for
        multiple domains to succeed even if some domains no longer point
        at this system.
        """
        return self.namespace.allow_subset_of_names
    @property
    def strict_permissions(self) -> bool:
        """Enable strict permissions checks.
        Require that all configuration files are owned by the current
        user; only needed if your config is somewhere unsafe like /tmp/.
        """
        return self.namespace.strict_permissions
    @property
    def disable_renew_updates(self) -> bool:
        """Disable renewal updates.
        If updates provided by installer enhancements when Certbot is being run
        with \"renew\" verb should be disabled.
        """
        return self.namespace.disable_renew_updates
    @property
    def preferred_chain(self) -> Optional[str]:
        """Set the preferred certificate chain.
        If the CA offers multiple certificate chains, prefer the chain whose
        topmost certificate was issued from this Subject Common Name.
        If no match, the default offered chain will be used.
        """
        return self.namespace.preferred_chain
    @property
    def server_path(self) -> str:
        """File path based on ``server``."""
        parsed = parse.urlparse(self.namespace.server)
        return (parsed.netloc + parsed.path).replace('/', os.path.sep)
    def accounts_dir_for_server_path(self, server_path: str) -> str:
        """Path to accounts directory based on server_path"""
        server_path = misc.underscores_for_unsupported_characters_in_path(server_path)
        return os.path.join(
            self.namespace.config_dir, constants.ACCOUNTS_DIR, server_path)
    @property
    def default_archive_dir(self) -> str:  # pylint: disable=missing-function-docstring
        return os.path.join(self.namespace.config_dir, constants.ARCHIVE_DIR)
    @property
    def live_dir(self) -> str:  # pylint: disable=missing-function-docstring
        return os.path.join(self.namespace.config_dir, constants.LIVE_DIR)
    @property
    def renewal_configs_dir(self) -> str:  # pylint: disable=missing-function-docstring
        return os.path.join(
            self.namespace.config_dir, constants.RENEWAL_CONFIGS_DIR)
    @property
    def renewal_hooks_dir(self) -> str:
        """Path to directory with hooks to run with the renew subcommand."""
        return os.path.join(self.namespace.config_dir,
                            constants.RENEWAL_HOOKS_DIR)
    @property
    def renewal_pre_hooks_dir(self) -> str:
        """Path to the pre-hook directory for the renew subcommand."""
        return os.path.join(self.renewal_hooks_dir,
                            constants.RENEWAL_PRE_HOOKS_DIR)
    @property
    def renewal_deploy_hooks_dir(self) -> str:
        """Path to the deploy-hook directory for the renew subcommand."""
        return os.path.join(self.renewal_hooks_dir,
                            constants.RENEWAL_DEPLOY_HOOKS_DIR)
    @property
    def renewal_post_hooks_dir(self) -> str:
        """Path to the post-hook directory for the renew subcommand."""
        return os.path.join(self.renewal_hooks_dir,
                            constants.RENEWAL_POST_HOOKS_DIR)
    @property
    def issuance_timeout(self) -> int:
        """This option specifies how long (in seconds) Certbot will wait
        for the server to issue a certificate.
        """
        return self.namespace.issuance_timeout
    @property
    def new_key(self) -> bool:
        """This option specifies whether Certbot should generate a new private
        key when replacing a certificate, even if reuse_key is set.
        """
        return self.namespace.new_key
    # Magic methods
    def __deepcopy__(self, _memo: Any) -> 'NamespaceConfig':
        # Work around https://bugs.python.org/issue1515 for py26 tests :( :(
        new_ns = copy.deepcopy(self.namespace)
        new_config = type(self)(new_ns)
        # Avoid recursion loop because of the delegation defined in __setattr__
        object.__setattr__(new_config, '_argument_sources', copy.deepcopy(self.argument_sources))
        object.__setattr__(new_config, '_previously_accessed_mutables',
                           copy.deepcopy(self._previously_accessed_mutables))
        return new_config
def _check_config_sanity(config: NamespaceConfig) -> None:
    """Validate command line options and display error message if
    requirements are not met.
    :param config: NamespaceConfig instance holding user configuration
    :type args: :class:`certbot.configuration.NamespaceConfig`
    """
    # Port check
    if config.http01_port == config.https_port:
        raise errors.ConfigurationError(
            "Trying to run http-01 and https-port "
            "on the same port ({0})".format(config.https_port))
    # Domain checks
    if config.namespace.domains is not None:
        for domain in config.namespace.domains:
            # This may be redundant, but let's be paranoid
            util.enforce_domain_sanity(domain)
def _is_immutable(value: Any) -> bool:
    """Is value of an immutable type?"""
    if isinstance(value, tuple):
        # tuples are only immutable if all contained values are immutable.
        return all(_is_immutable(subvalue) for subvalue in value)
    for immutable_type in (int, float, complex, str, bytes, bool, frozenset,):
        if isinstance(value, immutable_type):
            return True
    # The last case we consider here is None which is also immutable.
    return value is None