%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/modules/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/modules/acme.pyc

�
���^c@@s1dZddlmZmZmZddlZddlZddlZddlZ	ej
e�Ze	j
jjdddddg�Zd	Zd
�Zd�Zd�Zdd
�Zdddeddddddddddddddd�Zd�Zd�Zd�Zd�Zdd�Zdd�ZdS(uo
ACME / Let's Encrypt module
===========================

.. versionadded: 2016.3

This module currently looks for certbot script in the $PATH as
- certbot,
- lestsencrypt,
- certbot-auto,
- letsencrypt-auto
eventually falls back to /opt/letsencrypt/letsencrypt-auto

.. note::

    Installation & configuration of the Let's Encrypt client can for example be done using
    https://github.com/saltstack-formulas/letsencrypt-formula

.. warning::

    Be sure to set at least accept-tos = True in cli.ini!

Most parameters will fall back to cli.ini defaults if None is given.

DNS plugins
-----------

This module currently supports the CloudFlare certbot DNS plugin.  The DNS
plugin credentials file needs to be passed in using the
``dns_plugin_credentials`` argument.

Make sure the appropriate certbot plugin for the wanted DNS provider is
installed before using this module.

i(tabsolute_importtprint_functiontunicode_literalsNucertbotuletsencryptucertbot-autouletsencrypt-autou!/opt/letsencrypt/letsencrypt-autou/etc/letsencrypt/live/cC@stdk	dfS(u6
    Only work when letsencrypt-auto is installed
    uKThe ACME execution module cannot be loaded: letsencrypt-auto not installed.N(tLEAtNone(((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pyt__virtual__6scC@stjjt|dj|��S(u;
    Return expected path of a Let's Encrypt live cert
    u{0}.pem(tostpathtjointLE_LIVEtformat(tnamet	cert_type((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pyt
_cert_file=scC@s|t|d�}dtkr2td|�d}n:dj|�}dj|�}ttd|dd��}tjj|�S(	uV
    Return the expiry date of a cert

    :return datetime object of expiry date
    ucertu
tls.cert_infou	not_afteru$openssl x509 -in {0} -noout -enddateu&date --date="$({0} | cut -d= -f2)" +%su	cmd.shelltoutput_logleveluquiet(R
t__salt__R
tfloattdatetimet
fromtimestamp(Rt	cert_filetexpirytopenssl_cmdtstrptime_sux_cmd((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pyt_expiresDscC@s5t|�}|dk	r1|tjd|�}n|S(u�
    Date before a certificate should be renewed

    :param name: Common Name of the certificate (DNS name of certificate)
    :param window: days before expiry date to renew
    :return datetime object of first renewal date
    tdaysN(RRRt	timedelta(RtwindowR((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pyt	_renew_byYsurootu0640cC@s.tdddg}dg}t|d�}td|�sStjd|�t}n5t||�r�tjd|�|jd	�t}n|r�|jd
j	|��n|r�|jdj	|��n|r�|r�itd6d
d6S|jd�n|r/|jd�|tk	r�|jdj	|��q�ni||kr�|dkrm|jd�|jdj	|��q�itd6dj	|�d6Sn
|jd�|r�|jdj	|��n|r�|jdj	|��n|jdj	|��|d0k	r"x'|D]}|jdj	|��q�Wn|rA|jdj	|��n|
r`|jdj	|
��n|r|jdj	|��n|r�|jdj	|��n|r�|jdj	|��ntddj|��}|d d!krvd"|d#krQ|jd$�tddj|��}|d d!krsitd6d%j	||d#�d6Sqvitd6d%j	||d#�d6Snd&|d'kr�d(j	|�}d0}n3|r�d)j	|�}t}nd*j	|�}t}i|d6t|�d+6id,6|d6}td-t|d.�|||	|
d/t�\}}|S(1u�
    Obtain/renew a certificate from an ACME CA, probably Let's Encrypt.

    :param name: Common Name of the certificate (DNS name of certificate)
    :param aliases: subjectAltNames (Additional DNS names on certificate)
    :param email: e-mail address for interaction with ACME provider
    :param webroot: True or a full path to use to use webroot. Otherwise use standalone mode
    :param test_cert: Request a certificate from the Happy Hacker Fake CA (mutually exclusive with 'server')
    :param renew: True/'force' to force a renewal, or a window of renewal before expiry in days
    :param keysize: RSA key bits
    :param server: API endpoint to talk to
    :param owner: owner of the private key file
    :param group: group of the private key file
    :param mode: mode of the private key file
    :param certname: Name of the certificate to save
    :param preferred_challenges: A sorted, comma delimited list of the preferred
                                 challenge to use during authorization with the
                                 most preferred challenge listed first.
    :param tls_sni_01_port: Port used during tls-sni-01 challenge. This only affects
                            the port Certbot listens on. A conforming ACME server
                            will still attempt to connect on port 443.
    :param tls_sni_01_address: The address the server listens to during tls-sni-01
                               challenge.
    :param http_01_port: Port used in the http-01 challenge. This only affects
                         the port Certbot listens on. A conforming ACME server
                         will still attempt to connect on port 80.
    :param https_01_address: The address the server listens to during http-01 challenge.
    :param dns_plugin: Name of a DNS plugin to use (currently only 'cloudflare')
    :param dns_plugin_credentials: Path to the credentials file if required by the specified DNS plugin
    :return: dict with 'result' True/False/None, 'comment' and certificate's expiry date ('not_after')

    CLI example:

    .. code-block:: bash

        salt 'gitlab.example.com' acme.cert dev.example.com "[gitlab.example.com]" test_cert=True renew=14 webroot=/opt/gitlab/embedded/service/gitlab-rails/public
    ucertonlyu--non-interactiveu--agree-tosu
cloudflareucertufile.file_existsu#Certificate %s does not exist (yet)uCertificate %s will be renewedu--renew-by-defaultu--server {0}u--cert-name {0}uresultu(Use either server or test_cert, not bothucommentu--test-certu--authenticator webrootu--webroot-path {0}u--dns-cloudflareu --dns-cloudflare-credentials {0}u!DNS plugin '{0}' is not supportedu--authenticator standaloneu--email {0}u--rsa-key-size {0}u
--domains {0}u--preferred-challenges {}u--tls-sni-01-port {}u--tls-sni-01-address {}u--http-01-port {}u--http-01-address {}ucmd.run_allu uretcodeiuexpandustderru--expandu(Certificate {0} renewal failed with:
{1}uno action takenustdoutuCertificate {0} unchangeduCertificate {0} reneweduCertificate {0} obtainedu	not_afteruchangesufile.check_permsuprivkeytfollow_symlinksN(
RR
RtlogtdebugtFalset
needs_renewaltappendtTrueR
RRtexpires(Rtaliasestemailtwebroott	test_certtrenewtkeysizetservertownertgrouptmodetcertnametpreferred_challengesttls_sni_01_portttls_sni_01_addressthttp_01_portthttp_01_addresst
dns_plugintdns_plugin_credentialstcmdtsupported_dns_pluginsRtdnstrestcommenttresulttrett_((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pytcerths�9		
	




%%		(cC@stdt�dS(u�
    Return a list of active certificates

    CLI example:

    .. code-block:: bash

        salt 'vhost.example.com' acme.certs
    ufile.readdiri(RR	(((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pytcerts�s
cC@sft|d�}dtkrCtd|�}|dj�|d<|Sdj|�}td|dd�S(u
    Return information about a certificate

    .. note::
        Will output tls.cert_info if that's available, or OpenSSL text if not

    :param name: CommonName of cert

    CLI example:

    .. code-block:: bash

        salt 'gitlab.example.com' acme.info dev.example.com
    ucertu
tls.cert_infou
extensionsu!openssl x509 -in {0} -noout -textucmd.runRuquiet(R
RtkeysR
(RRt	cert_infoR((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pytinfoscC@st|�j�S(u�
    The expiry date of a certificate in ISO format

    :param name: CommonName of cert

    CLI example:

    .. code-block:: bash

        salt 'gitlab.example.com' acme.expires dev.example.com
    (Rt	isoformat(R((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pyR#$scC@stdt|d��S(u
    Test if a certificate is in the Let's Encrypt Live directory

    :param name: CommonName of cert

    Code example:

    .. code-block:: python

        if __salt__['acme.has']('dev.example.com'):
            log.info('That is one nice certificate you have there!')
    ufile.file_existsucert(RR
(R((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pythas3s
cC@st||�j�S(u�
    Date in ISO format when a certificate should first be renewed

    :param name: CommonName of cert
    :param window: number of days before expiry when renewal should take place
    (RRC(RR((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pytrenew_byCscC@sA|dk	r%|ddtfkr%tSt||�tjj�kS(u�
    Check if a certificate needs renewal

    :param name: CommonName of cert
    :param window: Window in days to renew earlier or True/force to just return True

    Code example:

    .. code-block:: python

        if __salt__['acme.needs_renewal']('dev.example.com'):
            __salt__['acme.cert']('dev.example.com', **kwargs)
        else:
            log.info('Your certificate is still good')
    uforceuForceN(RR"RRttoday(RR((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pyR Ms!(t__doc__t
__future__RRRtloggingRRtsalt.utils.pathtsaltt	getLoggert__name__RtutilsRt	which_binRR	RR
RRRRR>R?RBR#RDRER (((s5/usr/lib/python2.7/site-packages/salt/modules/acme.pyt<module>$sL			�	
			

Zerion Mini Shell 1.0