HOME

Mini Shell 1.0 Redirecting to https://devs.lapieza.net/iniciar-sesion Redirecting to https://devs.lapieza.net/iniciar-sesion.
DIR: /proc/1784574/root/usr/lib/python3/dist-packages/certbot/__pycache__/
Current File : //proc/1784574/root/usr/lib/python3/dist-packages/certbot/__pycache__/crypto_util.cpython-311.pyc
�

E��cg_��<�dZddlZddlZddlZddlZddlmZddlmZddlmZddlm	Z	ddlm
Z
ddlmZdd	lmZdd
l
mZddlmZddlmZdd
lmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z ddl!m"Z"ddl!m#Z#ddl!m$Z$ddl%Z%ddl&m'Z'ddl&m(Z(ddl)Z)ddl*m+Z,ddl-m.Z.ddl-m/Z/ddl-m0Z0ddl1m2Z2erddl3m4Z4dd l5m6Z6ej7e8��Z9			djd%e:d&e;d'e;d(e;d)e;d*e<d+e0j=fd,�Z>	dkd.e0j=d/eee;e	e;fd0e;d1e<d*e<d+e0j?fd2�Z@d3eAd+e<fd4�ZBd3eAd.eAd+e<fd5�ZCd6e;d7eAd+e
e:e0j?ee;ffd8�ZD		dld:e:d'e;d(ee;d+eAfd;�ZEd.e;d+e<fd<�ZFd=e/jGd+dfd>�ZHd=e/jGd+dfd?�ZId@eedAdBee fdCeAdDeAdEejJd+df
dF�ZKdGe;dHe;d+dfdI�ZLd=e/jGd+dfdJ�ZMd7eAd+e
e'jNe:ffdK�ZOe'jPfdLeAdMee:eAgee'jNe'jQffdNe:d+ee'jNe'jQffdO�ZRe'jPfdLeAdMee:eAgee'jNe'jQffdNe:d+ee;fdP�ZSe'jPfdQeAdNe:d+ee;fdR�ZTdSeAdMee:eAgee'jNe'jQffdNe:d+ee;fdT�ZUdUee'jNe'jQfd+ee;fdV�ZVe'jPfdQeAdNe:d+ee;fdW�ZWe'jPfd3eAdNe:d+ee;fdX�ZXe'jPfdYeee'jNee%jYfdZe:d+eAfd[�ZZdGe;d+ejfd\�Z[dGe;d+ejfd]�Z\dGe;d^ee'jNgeeAfd+ejfd_�Z]d`e;d+e;fda�Z^ej_dbej`��Zadce;d+e
e;e;ffdd�ZbdGe;d+e:fde�Zc	dmdfee;dge;dhe<d+e;fdi�ZddS)nz�Certbot client crypto utility functions.

.. todo:: Make the transition to use PSS rather than PKCS1_v1_5 when the server
    is capable of handling the signatures.

�N)�Callable)�List)�Optional)�Set)�Tuple)�
TYPE_CHECKING)�Union)�x509)�InvalidSignature)�UnsupportedAlgorithm)�default_backend)�hashes)�ec)�DSAPublicKey)�ECDSA)�EllipticCurvePublicKey)�PKCS1v15)�RSAPublicKey)�Encoding)�NoEncryption)�
PrivateFormat)�crypto)�SSL)�crypto_util)�errors)�
interfaces)�util)�os)�Ed448PublicKey)�Ed25519PublicKey�rsa�	secp256r1�key-certbot.pemT�key_size�key_dir�key_type�elliptic_curve�keyname�strict_permissions�returnc�~�	t||pd|���}nX#t$rK}t�dd���t�dt|����|�d}~wwxYwt
j|d|��t
jtj
�||��d	d
��\}}	|5|�|��ddd��n#1swxYwY|dkrt�d||	��nt�d
||	��t
j
|	|��S)aInitializes and saves a privkey.

    Inits key and saves it in PEM format on the filesystem.

    .. note:: keyname is the attempted filename, it may be different if a file
        already exists at the path.

    :param int key_size: key size in bits if key size is rsa.
    :param str key_dir: Key save directory.
    :param str key_type: Key Type [rsa, ecdsa]
    :param str elliptic_curve: Name of the elliptic curve if key type is ecdsa.
    :param str keyname: Filename of key
    :param bool strict_permissions: If true and key_dir exists, an exception is raised if
        the directory doesn't have 0700 permissions or isn't owned by the current user.

    :returns: Key
    :rtype: :class:`certbot.util.Key`

    :raises ValueError: If unable to generate the key given key_size.

    r")�bitsr'r&�T��exc_infoz&Encountered error while making key: %sNi�i��wbr!z Generating RSA key (%d bits): %sz"Generating ECDSA key (%d bits): %s)�make_key�
ValueError�logger�debug�error�strr�make_or_verify_dir�unique_filer�path�join�write�Key)
r$r%r&r'r(r)�key_pem�err�key_f�key_paths
          �5/usr/lib/python3/dist-packages/certbot/crypto_util.py�generate_keyrB6s���0���.�*G�K�RZ�
�
�
�����������R�$��'�'�'����=�s�3�x�x�H�H�H��	���������	��G�U�,>�?�?�?��&�
����W�g�&�&��t�5�5�O�E�8�	���
���G�����������������������5������7��8�L�L�L�L����9�8�X�N�N�N��8�H�g�&�&�&s'��
A,�AA'�'A,�>C � C$�'C$F�privkey�namesr9�must_staplec��tj|j||���}tj|d|��tjtj�|d��dd��\}}|5|�	|��ddd��n#1swxYwYt�d|��tj||d��S)	a:Initialize a CSR with the given private key.

    :param privkey: Key to include in the CSR
    :type privkey: :class:`certbot.util.Key`
    :param set names: `str` names to include in the CSR
    :param str path: Certificate save directory.
    :param bool must_staple: If true, include the TLS Feature extension "OCSP Must-Staple"
    :param bool strict_permissions: If true and path exists, an exception is raised if
        the directory doesn't have 0755 permissions or isn't owned by the current user.

    :returns: CSR
    :rtype: :class:`certbot.util.CSR`

    )rEi�zcsr-certbot.pemi�r0NzCreating CSR: %s�pem)
�acme_crypto_util�make_csrrGrr7r8rr9r:r;r3r4�CSR)rCrDr9rEr)�csr_pem�csr_f�csr_filenames        rA�generate_csrrNes�� �'���U��5�5�5�G�	��D�%�);�<�<�<��*�
����T�,�-�-�u�d�<�<��E�<�	���
���G����������������������
�L�L�#�\�2�2�2��8�L�'�5�1�1�1s�,B�B�B�csrc���	tjtj|��}|�|�����S#tj$r t�dd���YdSwxYw)z�Validate CSR.

    Check if `csr` is a valid CSR for the given domains.

    :param bytes csr: CSR in PEM.

    :returns: Validity of CSR.
    :rtype: bool

    r-Tr.F)r�load_certificate_request�FILETYPE_PEM�verify�
get_pubkey�Errorr3r4)rO�reqs  rA�	valid_csrrW�sw����-����&�&���z�z�#�.�.�*�*�+�+�+���<�������R�$��'�'�'��u�u����s�AA�+A7�6A7c��tjtj|��}tjtj|��}	|�|��S#tj$r t�dd���YdSwxYw)z�Does private key correspond to the subject public key in the CSR?

    :param bytes csr: CSR in PEM.
    :param bytes privkey: Private key file contents (PEM)

    :returns: Correspondence of private key to CSR subject public key.
    :rtype: bool

    r-Tr.F)rrQrR�load_privatekeyrSrUr3r4)rOrCrV�pkeys    rA�csr_matches_pubkeyr[�s����
)���S�"�"�C��!�&�"5�w�?�?�D���z�z�$������<�������R�$��'�'�'��u�u����s�A�+B�B�csrfile�datac��tj}tj}	|tj|��}n]#tj$rK	|||��}n:#tj$r(tjd�|�����wxYwYnwxYwt|��}tj||��}|tj
||d���|fS)a1Import a CSR file, which can be either PEM or DER.

    :param str csrfile: CSR filename
    :param bytes data: contents of the CSR file

    :returns: (`crypto.FILETYPE_PEM`,
               util.CSR object representing the CSR,
               list of domains requested in the CSR)
    :rtype: tuple

    zFailed to parse CSR file: {0}rG)�filer]�form)rrRrQ�
FILETYPE_ASN1rUr�format�"_get_names_from_loaded_cert_or_req�dump_certificate_requestrrJ)r\r]�PEM�loadrO�domains�data_pems       rA�import_csr_fileri�s����
�C��*�D�P��d�6�'��.�.�����<�P�P�P�	P��$�s�D�/�/�C�C���|�	P�	P�	P��,�>�E�E�g�N�N�O�O�O�	P����
�C�P����1��5�5�G��.�s�C�8�8�H����g�H�5�A�A�A�7�J�Js'�1�B�A�
B�7B�B�
B�r,c�h�|dkrb|dkr'tjd�|�����tj��}|�tj|���n�|dk�r~|stjd���	|���}|dvrktt|�����}|stjd|�����tj
|��t�����}n'tjd	�|�����nd#t$r(tjd	�|�����t$r'}|tjt|�����d
}~wwxYw|�t jt$jt)�����}tjtj|��}n'tjd�|�����tjtj|��S)
a�Generate PEM encoded RSA|EC key.

    :param int bits: Number of bits if key_type=rsa. At least 1024 for RSA.
    :param str key_type: The type of key to generate, but be rsa or ecdsa
    :param str elliptic_curve: The elliptic curve to use.

    :returns: new RSA or ECDSA key in PEM form with specified number of bits
              or of type ec_curve when key_type ecdsa is used.
    :rtype: str
    r!rjzUnsupported RSA key length: {}�ecdsaz3When key_type == ecdsa, elliptic_curve must be set.)�	SECP256R1�	SECP384R1�	SECP521R1zInvalid curve type: )�curve�backendzUnsupported elliptic curve: {}N)�encodingrb�encryption_algorithmz0Invalid key_type specified: {}.  Use [rsa|ecdsa])rrUrbr�PKeyrB�TYPE_RSA�upper�getattrr�generate_private_keyr
�	TypeErrorrr6�
private_bytesrrer�TraditionalOpenSSLrrYrR�dump_privatekey)	r,r&r'�key�namerp�_key�e�_key_pems	         rAr1r1�s���5����$�;�;��,�?�F�F�t�L�L�M�M�M��k�m�m�������$�/�/�/�/�	�W�	�	��	V��,�T�U�U�U�	.�!�'�'�)�)�D��>�>�>���N�$8�$8�$:�$:�;�;���P� �,�'N�n�'N�'N�O�O�O��.��%�'�'�+�-�-������
�l�#C�#J�#J�>�#Z�#Z�[�[�[����	X�	X�	X��,�?�F�F�~�V�V�W�W�W�#�	.�	.�	.����c�!�f�f�-�-�-�����	.�����%�%��\� �3�!-���&�
�
��
�$�V�%8�(�C�C����l�M�T�T�U]�^�^�_�_�_��!�&�"5�s�;�;�;s�B*D2�2:F�,"F�Fc��	tjtj|�����S#ttjf$rYdSwxYw)z�Is valid RSA private key?

    :param str privkey: Private key file contents in PEM

    :returns: Validity of private key.
    :rtype: bool

    F)rrYrR�checkryrU)rCs rA�
valid_privkeyr�sV����%����*�*�*/�%�'�'�	2���v�|�$�����u�u����s�03�A
�A
�renewable_certc�v�t|��t|��t|j|j��dS)a�For checking that your certs were not corrupted on disk.

    Several things are checked:
        1. Signature verification for the cert.
        2. That fullchain matches cert and chain when concatenated.
        3. Check that the private key matches the certificate.

    :param renewable_cert: cert to verify
    :type renewable_cert: certbot.interfaces.RenewableCert

    :raises errors.Error: If verification fails.
    N)�verify_renewable_cert_sig�verify_fullchain�verify_cert_matches_priv_key�	cert_pathr@)r�s rA�verify_renewable_certr�s<���n�-�-�-��^�$�$�$� ��!9�>�;R�S�S�S�S�S�c���	t|jd��5}tj|���t����}ddd��n#1swxYwYt|jd��5}tj|���t����}ddd��n#1swxYwY|���}t||j	|j
|j��dS#tttf$rN}d�|j|��}t �|��t%j|���d}~wwxYw)z�Verifies the signature of a RenewableCert object.

    :param renewable_cert: cert to verify
    :type renewable_cert: certbot.interfaces.RenewableCert

    :raises errors.Error: If signature verification fails.
    �rbNzbverifying the signature of the certificate located at {0} has failed.                 Details: {1})�open�
chain_pathr
�load_pem_x509_certificate�readr
r��
public_key�verify_signed_payload�	signature�tbs_certificate_bytes�signature_hash_algorithm�IOErrorr2rrbr3�	exceptionrrU)r��
chain_file�chain�	cert_file�cert�pkr��	error_strs        rAr�r�#s���&�
�.�+�T�
2�
2�	Y�j��2�:�?�?�3D�3D�o�FW�FW�X�X�E�	Y�	Y�	Y�	Y�	Y�	Y�	Y�	Y�	Y�	Y�	Y����	Y�	Y�	Y�	Y�
�.�*�D�
1�
1�	W�Y��1�)�.�.�2B�2B�O�DU�DU�V�V�D�	W�	W�	W�	W�	W�	W�	W�	W�	W�	W�	W����	W�	W�	W�	W�
�
�
�
�
���b�$�.�$�2L� $� =�	?�	?�	?�	?�	?���Z�!1�2�&�&�&��$�f�^�%=�q�A�A�	�����#�#�#��l�9�%�%�%�����	&���s_�C9�4A�C9�A�C9�A�C9�74B7�+C9�7B;�;C9�>B;�?8C9�9E�A	E�Er�r rr��payloadr�c��t|t��r&|�||t��|��dSt|t��r&|�||t|����dSt
jd���)a�Check the signature of a payload.

    :param RSAPublicKey/EllipticCurvePublicKey public_key: the public_key to check signature
    :param bytes signature: the signature bytes
    :param bytes payload: the payload bytes
    :param hashes.HashAlgorithm signature_hash_algorithm: algorithm used to hash the payload

    :raises InvalidSignature: If signature verification fails.
    :raises errors.Error: If public key type is not supported
    zUnsupported public key type.N)�
isinstancerrSrrrrrU)r�r�r�r�s    rAr�r�:s����*�l�+�+�	;�����w��
�
�,D�	
�	
�	
�	
�	
�
�J� 6�	7�	7�;�����w��&>� ?� ?�	
�	
�	
�	
�	
��l�9�:�:�:r�r�r@c��	tjtj��}|�|��|�|��|���dS#ttjf$rJ}d�|||��}t�
|��tj|���d}~wwxYw)z� Verifies that the private key and cert match.

    :param str cert_path: path to a cert in PEM format
    :param str key_path: path to a private key file

    :raises errors.Error: If they don't match.
    z�verifying the certificate located at {0} matches the                 private key located at {1} has failed.                 Details: {2}N)r�Context�
SSLv23_METHOD�use_certificate_file�use_privatekey_file�check_privatekeyr�rUrbr3r�r)r�r@�contextr�r�s     rAr�r�Ts���&��+�c�/�0�0���$�$�Y�/�/�/��#�#�H�-�-�-�� � �"�"�"�"�"���S�Y��&�&�&��$�f�Y� �!�%�%�	�	����#�#�#��l�9�%�%�%�����
&���s�AA � C�6AB;�;Cc���	t|j��5}|���}ddd��n#1swxYwYt|j��5}|���}ddd��n#1swxYwYt|j��5}|���}ddd��n#1swxYwY||z|kr0d}|�|j��}tj|���dS#t$rH}d�|��}t�|��tj|���d}~wtj$r}|�d}~wwxYw)z� Verifies that fullchain is indeed cert concatenated with chain.

    :param renewable_cert: cert to verify
    :type renewable_cert: certbot.interfaces.RenewableCert

    :raises errors.Error: If cert and chain do not combine to fullchain.
    Nz.fullchain does not match cert + chain for {0}!z8reading one of cert, chain, or fullchain has failed: {0})r�r�r�r��fullchain_pathrb�lineagenamerrUr�r3r�)	r�r�r�r�r��fullchain_file�	fullchainr�r�s	         rAr�r�js���
�.�+�
,�
,�	&�
��O�O�%�%�E�	&�	&�	&�	&�	&�	&�	&�	&�	&�	&�	&����	&�	&�	&�	&�
�.�*�
+�
+�	$�y��>�>�#�#�D�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$����	$�	$�	$�	$�
�.�/�
0�
0�	.�N�&�+�+�-�-�I�	.�	.�	.�	.�	.�	.�	.�	.�	.�	.�	.����	.�	.�	.�	.��5�L�Y�&�&�H�I�!�(�(��)C�D�D�I��,�y�)�)�)�'�&���&�&�&�N�U�U�VW�X�X�	�����#�#�#��l�9�%�%�%������<�������������s��C=�7�C=�;�C=�;�C=�A7�+C=�7A;�;C=�>A;�?C=�B7�+C=�7B;�;C=�>B;�?<C=�=
E#�AE
�
E#�E�E#c�X�g}tjtjfD]L}	tj||��|fcS#tj$r}|�|��Yd}~�Ed}~wwxYwt
jd�d�d�|D���������)z:Load PEM/DER certificate.

    :raises errors.Error:

    NzUnable to load: {0}�,c3�4K�|]}t|��V��dS�N)r6)�.0r5s  rA�	<genexpr>z-pyopenssl_load_certificate.<locals>.<genexpr>�s9����=0�=0���E�
�
�=0�=0�=0�=0�=0�=0r�)	rrRra�load_certificaterU�appendrrbr:)r]�openssl_errors�	file_typer5s    rA�pyopenssl_load_certificater��s����N��)�6�+?�@�)�)�	�	)��*�9�d�;�;�Y�F�F�F�F���|�	)�	)�	)��!�!�%�(�(�(�(�(�(�(�(�����	)����
�,�,�3�3�C�H�H�=0�=0� .�=0�=0�=0�50�50�1�1�2�2�2s�7�A%�A � A%�cert_or_req_str�	load_func�typc���	|||��S#tj$rJ}t�dd���t�dt|�����d}~wwxYw)Nr-Tr.z6Encountered error while loading certificate or csr: %s)rrUr3r4r5r6)r�r�r�r>s    rA�_load_cert_or_reqr��so����y��o�.�.�.���<�������R�$��'�'�'����M�s�SV�x�x�X�X�X�
��������s��A'�AA"�"A'c�H�tjt|||����Sr�)rH�_pyopenssl_cert_or_req_sanr�)r�r�r�s   rA�_get_sans_from_cert_or_reqr��s-��
�6�7H���C�8)�8)�*�*�*r�r�c�8�t|tj|��S)z�Get a list of Subject Alternative Names from a certificate.

    :param str cert: Certificate (encoded).
    :param typ: `crypto.FILETYPE_PEM` or `crypto.FILETYPE_ASN1`

    :returns: A list of Subject Alternative Names.
    :rtype: list

    )r�rr��r�r�s  rA�get_sans_from_certr��s ��&��f�%�s�,�,�,r��cert_or_reqc�B�t|||��}t|��Sr�)r�rc)r�r�r��loaded_cert_or_reqs    rA�_get_names_from_cert_or_reqr��s%��+�;�	�3�G�G��-�.@�A�A�Ar�r�c�*�tj|��Sr�)rH� _pyopenssl_cert_or_req_all_names)r�s rArcrc�s���<�=O�P�P�Pr�c�8�t|tj|��S)z�Get a list of domains from a cert, including the CN if it is set.

    :param str cert: Certificate (encoded).
    :param typ: `crypto.FILETYPE_PEM` or `crypto.FILETYPE_ASN1`

    :returns: A list of domain names.
    :rtype: list

    )r�rr�r�s  rA�get_names_from_certr��s ��'��f�%�s�,�,�,r�c�8�t|tj|��S)z�Get a list of domains from a CSR, including the CN if it is set.

    :param str csr: CSR (encoded).
    :param typ: `crypto.FILETYPE_PEM` or `crypto.FILETYPE_ASN1`
    :returns: A list of domain names.
    :rtype: list

    )r�rrQ)rOr�s  rA�get_names_from_reqr��s��'�s�F�,K�S�Q�Q�Qr�r��filetypec�,�tj||��S)z�Dump certificate chain into a bundle.

    :param list chain: List of `crypto.X509` (or wrapped in
        :class:`josepy.util.ComparableX509`).

    )rH�dump_pyopenssl_chain)r�r�s  rAr�r��s���0���A�A�Ar�c�@�t|tjj��S)z�When does the cert at cert_path start being valid?

    :param str cert_path: path to a cert in PEM format

    :returns: the notBefore value from the cert at cert_path
    :rtype: :class:`datetime.datetime`

    )�_notAfterBeforer�X509�
get_notBefore�r�s rA�	notBeforer��s���9�f�k�&?�@�@�@r�c�@�t|tjj��S)z�When does the cert at cert_path stop being valid?

    :param str cert_path: path to a cert in PEM format

    :returns: the notAfter value from the cert at cert_path
    :rtype: :class:`datetime.datetime`

    )r�rr��get_notAfterr�s rA�notAfterr��s���9�f�k�&>�?�?�?r��methodc
���t|d��5}tjtj|�����}ddd��n#1swxYwY||��}|stjd���|dd�d|dd�d|dd�d	|dd
�d|d
d�d|dd�g}d
�|��}|�d��}tj
|��S)aPInternal helper function for finding notbefore/notafter.

    :param str cert_path: path to a cert in PEM format
    :param function method: one of ``crypto.X509.get_notBefore``
        or ``crypto.X509.get_notAfter``

    :returns: the notBefore or notAfter value from the cert at cert_path
    :rtype: :class:`datetime.datetime`

    r�Nz>Error while invoking timestamp method, None has been returned.r��-���T�
�:�r��ascii)r�rr�rRr�rrUr:�decode�	pyrfc3339�parse)r�r��fr
�	timestamp�reformatted_timestamp�timestamp_bytes�
timestamp_strs        rAr�r�sF��
�i��	�	�F�!��&�v�':�A�F�F�H�H�E�E��F�F�F�F�F�F�F�F�F�F�F����F�F�F�F���t���I��]��l�[�\�\�\�&�q��s�^�T�9�Q�q�S�>�4�&�q��s�^�T�9�Q�r�T�?�D�&�r�"�u�-�t�Y�r�s�s�^�E���h�h�4�5�5�O�#�*�*�7�3�3�M��?�=�)�)�)��2A�A�A�filenamec��tj��}t|d��5}|�|����d����ddd��n#1swxYwY|���S)aNCompute a sha256sum of a file.

    NB: In given file, platform specific newlines characters will be converted
    into their equivalent unicode counterparts before calculating the hash.

    :param str filename: path to the file whose hash will be computed

    :returns: sha256 digest of the file in hexadecimal
    :rtype: str
    �rzUTF-8N)�hashlib�sha256r��updater��encode�	hexdigest)r�r��file_ds   rA�	sha256sumr�"s����^�
�
�F�	
�h��	�	�5���
�
�f�k�k�m�m�*�*�7�3�3�4�4�4�5�5�5�5�5�5�5�5�5�5�5����5�5�5�5������s�;A+�+A/�2A/s@-----BEGIN CERTIFICATE-----
?
.+?
?
-----END CERTIFICATE-----
?
�
fullchain_pemc�
�t�|�����}t|��dkrt	jd���d�|D��}|dd�|dd���fS)aSplit fullchain_pem into cert_pem and chain_pem

    :param str fullchain_pem: concatenated cert + chain

    :returns: tuple of string cert_pem and chain_pem
    :rtype: tuple

    :raises errors.Error: If there are less than 2 certificates in the chain.

    �zPfailed to parse fullchain into cert and chain: less than 2 certificates in chainc	��g|]P}tjtjtjtj|���������QS�)r�dump_certificaterRr�r�)r�r�s  rA�
<listcomp>z1cert_and_chain_from_fullchain.<locals>.<listcomp>Rs\��X�X�X�IM��/��0C���� 3�T�:�:�<�<�<B�F�H�H�X�X�Xr�rr-�N)�CERT_PEM_REGEX�findallr��lenrrUr:)r��certs�certs_normalizeds   rA�cert_and_chain_from_fullchainr=s���
�"�"�=�#7�#7�#9�#9�:�:�E�
�5�z�z�A�~�~��l�?�@�@�	@�
X�X�QV�X�X�X��
�Q�����)9�!�"�"�)=�!>�!>�?�?r�c���t|d��5}tjtj|�����}ddd��n#1swxYwY|j��S)z�Retrieve the serial number of a certificate from certificate path

    :param str cert_path: path to a cert in PEM format

    :returns: serial number of the certificate
    :rtype: int
    r�N)r�rr�rRr��get_serial_number)r�r�r
s   rA�get_serial_from_certr	Ys���
�i��	�	�F�!��&�v�':�A�F�F�H�H�E�E��F�F�F�F�F�F�F�F�F�F�F����F�F�F�F�!�4�!�#�#�#r��
fullchains�	issuer_cn�warn_on_no_matchc�|�|D]�}t�|�����}tj|dt����}|j�tjj	��}|r|dj
|kr|cS��|rt�d|��|dS)a'Chooses the first certificate chain from fullchains whose topmost
    intermediate has an Issuer Common Name matching issuer_cn (in other words
    the first chain which chains to a root whose name matches issuer_cn).

    :param fullchains: The list of fullchains in PEM chain format.
    :type fullchains: `list` of `str`
    :param `str` issuer_cn: The exact Subject Common Name to match against any
        issuer in the certificate chain.

    :returns: The best-matching fullchain, PEM-encoded, or the first if none match.
    :rtype: `str`
    ���rz�Certbot has been configured to prefer certificate chains with issuer '%s', but no chain from the CA matched this issuer. Using the default certificate chain instead.)
rrr�r
r�r
�issuer�get_attributes_for_oid�NameOID�COMMON_NAME�valuer3�warning)r
rrr�r�top_cert�
top_issuer_cns       rA�find_chain_with_issuerrgs��������&�&�u�|�|�~�~�6�6���1�%��)�_�=N�=N�O�O�� ��>�>�t�|�?W�X�X�
��	�]�1�-�3�y�@�@��L�L�L���I����=�>G�	I�	I�	I��a�=�r�)r!r"r#T)FT)rjr!N)F)e�__doc__�datetimer��logging�re�typingrrrrrrr	�cryptographyr
�cryptography.exceptionsrr�cryptography.hazmat.backendsr
�cryptography.hazmat.primitivesr�)cryptography.hazmat.primitives.asymmetricr�-cryptography.hazmat.primitives.asymmetric.dsar�,cryptography.hazmat.primitives.asymmetric.ecrr�1cryptography.hazmat.primitives.asymmetric.paddingr�-cryptography.hazmat.primitives.asymmetric.rsar�,cryptography.hazmat.primitives.serializationrrr�josepy�OpenSSLrrr��acmerrH�certbotrrr�certbot.compatr�/cryptography.hazmat.primitives.asymmetric.ed448r�1cryptography.hazmat.primitives.asymmetric.ed25519r �	getLogger�__name__r3�intr6�boolr<rBrJrN�bytesrWr[rir1r��
RenewableCertr�r��
HashAlgorithmr�r�r�r�r�rR�X509Reqr�r�r�r�rcr�r��ComparableX509r�r�r�r�r��compile�DOTALLrrr	rr�r�rA�<module>r9sm	����������������	�	�	�	������������������������������� � � � � � �������������4�4�4�4�4�4�8�8�8�8�8�8�8�8�8�8�8�8�1�1�1�1�1�1�8�8�8�8�8�8�F�F�F�F�F�F�>�>�>�>�>�>�O�O�O�O�O�O�F�F�F�F�F�F�F�F�F�F�F�F�A�A�A�A�A�A�E�E�E�E�E�E�F�F�F�F�F�F�
�
�
�
�����������������0�0�0�0�0�0��������������������������S�N�N�N�N�N�N�R�R�R�R�R�R�	��	�8�	$�	$��
?D�CT�,0�,'�,'�3�,'��,'��,'�!$�,'�=@�,'�%)�,'�59�X�,'�,'�,'�,'�`HL�2�2�$�(�2�5��c��C��H�1D�+E�2�S�2�"�2�@D�2�PT�PX�2�2�2�2�F�5��T�����(�E��E��d�����(K�S�K��K�%��T�X�t�C�y�8P�2Q�K�K�K�K�:05�-1�1<�1<�3�1<��1<�%�c�]�1<�6;�1<�1<�1<�1<�h
�3�
�4�
�
�
�
� T�*�*B�T�t�T�T�T�T�$&�j�.F�&�4�&�&�&�&�.;�e�L�:L�N^�,B�L�-Q�'R�;�%*�;�5:�;�5;�4H�;�NR�;�;�;�;�4&�C�&�3�&�4�&�&�&�&�,�Z�%=��$�����62�U�2�u�V�[�#�5E�/F�2�2�2�2�("(�!4���u��!)�3��,��f�k�6�>�>Y�8Z�*Z�![����9>�v�{�F�N�?Z�9[�����+1�*=�*�*��*�*2�C��<��v�{�GM�~�HV�BW�4W�+X�*�%(�*�CG�s�)�*�*�*�*�06�/B�,�,�U�,��,�t�C�y�,�,�,�,�B�U�B�+3�S�%�L�%���HN��IW�CX�5X�,Y�B�&)�B�.2�#�Y�B�B�B�B�Q�5���f�n�A\�;]�Q�,0��I�Q�Q�Q�Q�17�0C�,�,�e�,�#�,��S�	�,�,�,�,�/5�.A�	R�	R�E�	R��	R�d�3�i�	R�	R�	R�	R�*0�)<�
B�
B��d�6�;�&7��f�>S�9T�&T� U�
B�#&�
B�AF�
B�
B�
B�
B�	A��	A��!2�	A�	A�	A�	A�	@��	@�� 1�	@�	@�	@�	@�*�s�*�$�f�k�]�H�U�O�%C�D�*�IQ�IZ�*�*�*�*�8��������$�����I����@��@��s�C�x��@�@�@�@�8$�C�$�C�$�$�$�$�5:���t�C�y��S��-1��>A������r�