????
Your IP : 3.145.196.175
3
�گa�g� @s&�dZd�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m�Z��d�d�l�m�Z��d�d�l�m�Z��d�d�l�m Z �d�d�l�m
Z
�d�d�l�m�Z��d�d l�m�Z��d�d�l
Z
d�d
l�m�Z��d�d�l�m�Z��d�d�l�m�Z��d�d
l�m�Z��d�d�l�m�Z��d�d�l�m�Z��d�d�l�m�Z��d�d�l�m�Z��d�d�l�m�Z��d�d�l�m�Z��d�d�l m!Z!�d�d�l"m#Z#�d�d�l"m$Z$�d�d�l"m%Z%�d�d�l&Z&d�d�l'm(Z(�d�d�l'm)Z)�d�d�l*Z*d�d�l+Z,d�d�l-m.Z/�d�d�l0m1Z1�d�d�l0m2Z2�d�d�l0m3Z3�d�d�l4m5Z5�e���r�d�d�l6m7Z7�d�d l8m9Z9�e�j:e;��Z<d~e=e>e>e>e>e?e3j@d%��d&d'��ZAde=e>e>e>e>e3j@d(��d)d*��ZBd�e3j@e�e�e>�e e>�f��e>e?e?e3jCd,��d-d.��ZDe3j@e e>�e>e3jCd/��d0d1��ZEeFe?d2��d3d4��ZGeFeFe?d5��d6d7��ZHe>eFe
e=e3jCe�e>�f��d8��d9d:��ZId�e=e>e�e>�eFd<��d=d>��ZJe>e?d?��d@dA��ZKe2jLd�dB��dCdD��ZMe2jLd�dB��dEdF��ZNe�e�dGdHe�e!f��eFeFe�jOd�dI��dJdK��ZPe>e>d�dL��dMdN��ZQe2jLd�dB��dOdP��ZReFe
e(jSe=f��dQ��dRdS��ZTe(jUf�eFe�e=eFg�e�e(jSe(jVf��f��e=e�e(jSe(jVf��dT��dUdV��ZWe(jUf�eFe�e=eFg�e�e(jSe(jVf��f��e=e�e>�dT��dWdX��ZXe(jUf�eFe=e�e>�dY��dZd[��ZYeFe�e=eFg�e�e(jSe(jVf��f��e=e�e>�d\��d]d^��ZZe�e(jSe(jVf��e�e>�d_��d`da��Z[e(jUf�eFe=e�e>�dY��dbdc��Z\e(jUf�eFe=e�e>�dd��dedf��Z]e(jUf�e�e�e(jS�e�e&j^�f��e=eFdg��dhdi��Z_e>e�j�dj��dkdl��Z`e>e�j�dj��dmdn��Zae>e�e(jSg�e�eF�f��e�j�do��dpdq��Zbe>e>dr��dsdt��Zce�jddue�je��Zfe>e
e>e>f��dv��dwdx��Zge>e=dj��dydz��Zhd�e�e>�e>e?e>d{��d|d}��Zid�S)�z�Certbot client crypto utility functions.
.. todo:: Make the transition to use PSS rather than PKCS1_v1_5 when the server
is capable of handling the signatures.
�N)���Callable)���List)���Optional)���Set)���Tuple)��
TYPE_CHECKING)���Union)���x509)���InvalidSignature)���UnsupportedAlgorithm)���default_backend)���hashes)���ec)���DSAPublicKey)���ECDSA)���EllipticCurvePublicKey)���PKCS1v15)���RSAPublicKey)���Encoding)���NoEncryption)��
PrivateFormat)���crypto)���SSL)���crypto_util)���errors)��
interfaces)���util)���os)���Ed448PublicKey)���Ed25519PublicKey��rsa� secp256r1��key-certbot.pemT)���key_size��key_dir��key_type��elliptic_curve��keyname��strict_permissions��returnc�
�Cs�y�t||�p�d�|�d���}�WnD�t�k
rZ�}��z(t�j�d�d�d����t�j�d�t�|������|���WYd�d�}�~�Xn�Xt�j�|�d�|����t�j�t j
j�|�|���d d
��\�}�} |����|�j�|����Wd�QRX|�d�k�r�t�j�d�|| ���n�t�j�d
|| ���t�j
| |���S)�a��Initializes and saves a privkey.
Inits key and saves it in PEM format on the filesystem.
.. note:: keyname is the attempted filename, it may be different if a file
already exists at the path.
:param int key_size: key size in bits if key size is rsa.
:param str key_dir: Key save directory.
:param str key_type: Key Type [rsa, ecdsa]
:param str elliptic_curve: Name of the elliptic curve if key type is ecdsa.
:param str keyname: Filename of key
:param bool strict_permissions: If true and key_dir exists, an exception is raised if
the directory doesn't have 0700 permissions or isn't owned by the current user.
:returns: Key
:rtype: :class:`certbot.util.Key`
:raises ValueError: If unable to generate the key given key_size.
r!)���bitsr&r%�T)���exc_infoz&Encountered error while making key: %sNi��i����wbr z Generating RSA key (%d bits): %sz"Generating ECDSA key (%d bits): %s)���make_key�
ValueError��logger��debug��error��strr���make_or_verify_dir��unique_filer���path��join��write��Key)
r#r$r%r&r'r(Z�key_pem��errZ�key_f��key_path�r<�!/usr/lib/python3.6/crypto_util.py��generate_key8s �������������������������������r>)�r#r$r%r&r'r)c���Cs0tj�d�t����t�j�j�t�j���}�t�||�|�|�|�|�j d���S)�a��Initializes and saves a privkey.
Inits key and saves it in PEM format on the filesystem.
.. note:: keyname is the attempted filename, it may be different if a file
already exists at the path.
.. deprecated:: 1.16.0
Use :func:`generate_key` instead.
:param int key_size: key size in bits if key size is rsa.
:param str key_dir: Key save directory.
:param str key_type: Key Type [rsa, ecdsa]
:param str elliptic_curve: Name of the elliptic curve if key type is ecdsa.
:param str keyname: Filename of key
:returns: Key
:rtype: :class:`certbot.util.Key`
:raises ValueError: If unable to generate the key given key_size.
zecertbot.crypto_util.init_save_key is deprecated, please use certbot.crypto_util.generate_key instead.)�r%r&r'r()
��warnings��warn��DeprecationWarning��zope� component�
getUtilityr���IConfigr>r()�r#r$r%r&r'��configr<r<r=�
init_save_keyhs
�������
�rGF)���privkey��namesr6��must_stapler(r)c���Csptj�|j�|�|�d���}�t�j�|�d�|����t�j�t�j�j�|�d���d�d���\�}�}�|����|�j |����Wd�QRXt
j�d�|����t�j�|�|�d���S) a:�Initialize a CSR with the given private key.
:param privkey: Key to include in the CSR
:type privkey: :class:`certbot.util.Key`
:param set names: `str` names to include in the CSR
:param str path: Certificate save directory.
:param bool must_staple: If true, include the TLS Feature extension "OCSP Must Staple"
:param bool strict_permissions: If true and path exists, an exception is raised if
the directory doesn't have 0755 permissions or isn't owned by the current user.
:returns: CSR
:rtype: :class:`certbot.util.CSR`
)�rJi��z�csr-certbot.pemi��r-Nz�Creating CSR: %s��pem)
��acme_crypto_utilZ�make_csrrKr�r4r5r�r6r7r8r0r1��CSR)�rHrIr6rJr(Z�csr_pemZ�csr_fZ�csr_filenamer<r<r=��generate_csr�s������������������rN)�rHrIr6r)c���Cs0tj�d�t����t�j�j�t�j���}�t�||�|�|�j |�j
d���S)�aw�Initialize a CSR with the given private key.
.. deprecated:: 1.16.0
Use :func:`generate_csr` instead.
:param privkey: Key to include in the CSR
:type privkey: :class:`certbot.util.Key`
:param set names: `str` names to include in the CSR
:param str path: Certificate save directory.
:returns: CSR
:rtype: :class:`certbot.util.CSR`
zecertbot.crypto_util.init_save_csr is deprecated, please use certbot.crypto_util.generate_csr instead.)�rJr()�r?r@rArBrCrDr�rErNrJr()�rHrIr6rFr<r<r=�
init_save_csr�s
���������rO)���csrr)c���CsFy�tj�tj�|��}�|�j�|�j����S�tj�k
r@���t�j�d�d�d����d�SXd�S)�z�Validate CSR.
Check if `csr` is a valid CSR for the given domains.
:param bytes csr: CSR in PEM.
:returns: Validity of CSR.
:rtype: bool
r+T)�r,FN)�r���load_certificate_request��FILETYPE_PEM��verifyZ
get_pubkey��Errorr0r1)�rP��reqr<r<r=� valid_csr�s������
�������rV)�rPrHr)c���CsPtj�tj�|��}�tj�tj�|���}�y
|�j�|���S�tj�k
rJ���t�j�d�d�d����d�SXd�S)�z�Does private key correspond to the subject public key in the CSR?
:param bytes csr: CSR in PEM.
:param bytes privkey: Private key file contents (PEM)
:returns: Correspondence of private key to CSR subject public key.
:rtype: bool
r+T)�r,FN)�r�rQrR��load_privatekeyrSrTr0r1)�rPrHrUZ�pkeyr<r<r=��csr_matches_pubkey�s�
��
�����
�����rX)���csrfile��datar)c���Cs�tj�}�tj�}�y�|�tj�|���}�WnL�tj�k
rh���y�|�|�|���}�Wn&�tj�k
rb���t�j�d�j�|������Yn�XYn�Xt�|���}�tj�|�|���}�|�t j
||�d�d���|�f�S)�a1�Import a CSR file, which can be either PEM or DER.
:param str csrfile: CSR filename
:param bytes data: contents of the CSR file
:returns: (`crypto.FILETYPE_PEM`,
util.CSR object representing the CSR,
list of domains requested in the CSR)
:rtype: tuple
z�Failed to parse CSR file: {0}rK)���filerZZ�form)�r�rRrQ�
FILETYPE_ASN1rTr���format�"_get_names_from_loaded_cert_or_reqZ�dump_certificate_requestr�rM)�rYrZ��PEM��loadrPZ�domainsZ�data_pemr<r<r=��import_csr_file�s������������������������ra��)�r*r%r&r)c���Cs.�|�d�k�r8|d�kr tj�d�j�|������t�j��}�|�j�t�j�|���n�|�d�k���r�|�sPtj�d�����yD|�j��}�|�d�k�r�t�j t
t�|�j��d ���t��d
��}�n�tj�d�j�|�������WnT�t�k
r����tj�d�j�|�������Yn2�t
k
r��}��z�|�tj�t�|�������WYd d }�~�Xn�X|�j�t�j�t�j�t��d���}�t�j�t�j�|���}�n�tj�d
j�|�������t�j�t�j�|���S)�a��Generate PEM encoded RSA|EC key.
:param int bits: Number of bits if key_type=rsa. At least 1024 for RSA.
:param str key_type: The type of key to generate, but be rsa or ecdsa
:param str elliptic_curve: The elliptic curve to use.
:returns: new RSA or ECDSA key in PEM form with specified number of bits
or of type ec_curve when key_type ecdsa is used.
:rtype: str
r i�z�Unsupported RSA key length: {}Z�ecdsaz3When key_type == ecdsa, elliptic_curve must be set.� SECP256R1� SECP384R1� SECP521R1N)�Z�curveZ�backendz�Unsupported elliptic curve: {})���encodingr]Z�encryption_algorithmz0Invalid key_type specified: {}. Use [rsa|ecdsa])�rcrdre)�r�rTr]r�Z�PKeyr>Z�TYPE_RSA��upperr�Z�generate_private_key��getattrr�� TypeErrorr�r3Z
private_bytesr�r_r�Z�TraditionalOpenSSLr�rWrRZ�dump_privatekey)�r*r%r&��key��nameZ�_key��eZ�_key_pemr<r<r=r.
�s4�����������
���
���������������������"�������
�����r.)�rHr)c���Cs2y�tj�tj�|��j��S�t�tj�f�k
r,���d�SXd�S)�z�Is valid RSA private key?
:param str privkey: Private key file contents in PEM
:returns: Validity of private key.
:rtype: bool
FN)�r�rWrRZ�checkrirT)�rHr<r<r=�
valid_privkey>�s
��������rm)���renewable_certr)c���Cs"t|���t�|���t�|j�|j����d�S)�a��For checking that your certs were not corrupted on disk.
Several things are checked:
1. Signature verification for the cert.
2. That fullchain matches cert and chain when concatenated.
3. Check that the private key matches the certificate.
:param renewable_cert: cert to verify
:type renewable_cert: certbot.interfaces.RenewableCert
:raises errors.Error: If verification fails.
N)���verify_renewable_cert_sig��verify_fullchain��verify_cert_matches_priv_key� cert_pathr;)�rnr<r<r=��verify_renewable_certN�s�
����rsc���Cs�ytt|j�d�����}�t�j�|�j��t����}�Wd�QRXt|j�d�����}�t�j�|�j��t����}�Wd�QRX|�j��}�t�|�|�j |�j
|�j����WnJ�t�t
t�f�k
r��}��z(d�j�|j�|���}�t�j�|����t�j�|�����WYd�d�}�~�Xn�Xd�S)�z�Verifies the signature of a RenewableCert object.
:param renewable_cert: cert to verify
:type renewable_cert: certbot.interfaces.RenewableCert
:raises errors.Error: If signature verification fails.
��rbNzbverifying the signature of the certificate located at {0} has failed. Details: {1})���open�
chain_pathr ��load_pem_x509_certificate��readr�rr�
public_key��verify_signed_payload� signatureZ�tbs_certificate_bytes��signature_hash_algorithm��IOErrorr/r
r]r0� exceptionr�rT)�rn�
chain_file��chain� cert_file��certZ�pkrl� error_strr<r<r=ro`�s����������������������
�ror�r�)�ryr{��payloadr|r)c���CsJt|t���r�|j�|�|�t��|����n(t|t���r<|j�|�|�t�|������n
t�j�d�����d�S)�a��Check the signature of a payload.
:param RSAPublicKey/EllipticCurvePublicKey public_key: the public_key to check signature
:param bytes signature: the signature bytes
:param bytes payload: the payload bytes
:param hashes.HashAlgorithm signature_hash_algorithm: algorithm used to hash the payload
:raises InvalidSignature: If signature verification fails.
:raises errors.Error: If public key type is not supported
z�Unsupported public key type.N)��
isinstancer�rSr�r�r�r�rT)�ryr{r�r|r<r<r=rzw�s��
�����
�����rz)�rrr;r)c���Cs|y,tj�tj���}�|�j�|���|�j�|����|�j���WnJ�t�tj�f�k
rv�}��z(d�j�||�|���}�t j
|����t�j�|�����WYd�d�}�~�Xn�Xd�S)�z� Verifies that the private key and cert match.
:param str cert_path: path to a cert in PEM format
:param str key_path: path to a private key file
:raises errors.Error: If they don't match.
z�verifying the certificate located at {0} matches the private key located at {1} has failed. Details: {2}N)�r�Z�ContextZ
SSLv23_METHODZ�use_certificate_fileZ�use_privatekey_fileZ�check_privatekeyr}rTr]r0r~r�)�rrr;��contextrlr�r<r<r=rq��s������
�
���������
�rqc� �Cs�y�t|j�����}�|�j��}�Wd�QRXt|j�����}�|�j��}�Wd�QRXt|j�����}�|�j��}�Wd�QRX|�|��|�k�r�d�}�|�j�|j���}�t�j�|�����Wnf�t k
r��}��z$d�j�|���}�t
j�|����t�j�|�����WYd�d�}�~�Xn(�t�j�k
r��}��z
|���WYd�d�}�~�Xn�Xd�S)�z� Verifies that fullchain is indeed cert concatenated with chain.
:param renewable_cert: cert to verify
:type renewable_cert: certbot.interfaces.RenewableCert
:raises errors.Error: If cert and chain do not combine to fullchain.
Nz.fullchain does not match cert + chain for {0}!z8reading one of cert, chain, or fullchain has failed: {0})�rurvrxrrZ�fullchain_pathr]Z�lineagenamer�rTr}r0r~) rnrr�r�r�Z�fullchain_fileZ fullchainr�rlr<r<r=rp��s"�������������������������
�
�����rp)�rZr)c���Cs~g}�xTtj�tj�f�D]D}�y�tj�|�|��|�f�S�tj�k
rT�}��z�|�j�|����WYd�d�}�~�Xq�Xq�Wt�j�d�j�d�j�d�d��|�D����������d�S)�z:Load PEM/DER certificate.
:raises errors.Error:
Nz�Unable to load: {0}��,c���ss�|]�}�t|���V�q�dS)�N)�r3)���.0r2r<r<r=� <genexpr>��s��z-pyopenssl_load_certificate.<locals>.<genexpr>) r�rRr\��load_certificaterT��appendr�r]r7)�rZZ�openssl_errorsZ file_typer2r<r<r=��pyopenssl_load_certificate��s������������ ���r�)���cert_or_req_str� load_func��typr)c���CsTy
|�|�|��S�tj�k
rN�}��z&t�j�d�d�d����t�j�d�t�|�������WYdd}�~�Xn�XdS)�Nr+T)�r,z6Encountered error while loading certificate or csr: %s)�r�rTr0r1r2r3)�r�r�r�r:r<r<r=��_load_cert_or_req��s����
�������r�c���Cs�tj�t�||�|�����S)�N)�rLZ�_pyopenssl_cert_or_req_sanr�)�r�r�r�r<r<r=��_get_sans_from_cert_or_req��s����r�)�r�r�r)c���Cs�t|t�j�|���S)�z�Get a list of Subject Alternative Names from a certificate.
:param str cert: Certificate (encoded).
:param typ: `crypto.FILETYPE_PEM` or `crypto.FILETYPE_ASN1`
:returns: A list of Subject Alternative Names.
:rtype: list
)�r�r�r�)�r�r�r<r<r=��get_sans_from_cert��s�
��r�)���cert_or_reqr�r�r)c���Cs�t||�|���}�t�|���S)�N)�r�r^)�r�r�r���loaded_cert_or_reqr<r<r=��_get_names_from_cert_or_req��s����r�)�r�r)c���Cs
tj�|��S)�N)�rLZ _pyopenssl_cert_or_req_all_names)�r�r<r<r=r^��s��r^c���Cs�t|t�j�|���S)�z�Get a list of domains from a cert, including the CN if it is set.
:param str cert: Certificate (encoded).
:param typ: `crypto.FILETYPE_PEM` or `crypto.FILETYPE_ASN1`
:returns: A list of domain names.
:rtype: list
)�r�r�r�)�r�r�r<r<r=��get_names_from_cert��s�
��r�)�rPr�r)c���Cs�t|t�j�|���S)�z�Get a list of domains from a CSR, including the CN if it is set.
:param str csr: CSR (encoded).
:param typ: `crypto.FILETYPE_PEM` or `crypto.FILETYPE_ASN1`
:returns: A list of domain names.
:rtype: list
)�r�r�rQ)�rPr�r<r<r=��get_names_from_req��s� r�)�r���filetyper)c���Cs�tj�||���S)�z�Dump certificate chain into a bundle.
:param list chain: List of `crypto.X509` (or wrapped in
:class:`josepy.util.ComparableX509`).
)�rL��dump_pyopenssl_chain)�r�r�r<r<r=r���s�
r�)�rrr)c���Cs�t|t�j�j���S)�z�When does the cert at cert_path start being valid?
:param str cert_path: path to a cert in PEM format
:returns: the notBefore value from the cert at cert_path
:rtype: :class:`datetime.datetime`
)���_notAfterBeforer���X509Z
get_notBefore)�rrr<r<r=� notBefore+�s� r�c���Cs�t|t�j�j���S)�z�When does the cert at cert_path stop being valid?
:param str cert_path: path to a cert in PEM format
:returns: the notAfter value from the cert at cert_path
:rtype: :class:`datetime.datetime`
)�r�r�r�Z�get_notAfter)�rrr<r<r=��notAfter7�s� r�)�rr��methodr)c���Cs�t|d�����}�t�j�t�j�|�j����}�Wd�QRX|�|���}�|�s>t�j�d�����|�d�d����d�|�d�d����d�|�d�d����d |�d�d
���d�|�d
d����d�|�d�d����g�}�d
j�|���}�|�j�d���}�t j
|���S)�aP�Internal helper function for finding notbefore/notafter.
:param str cert_path: path to a cert in PEM format
:param function method: one of ``crypto.X509.get_notBefore``
or ``crypto.X509.get_notAfter``
:returns: the notBefore or notAfter value from the cert at cert_path
:rtype: :class:`datetime.datetime`
rtNz>Error while invoking timestamp method, None has been returned.r�����-������T�
��:�����ascii)�rur�r�rRrxr�rTr7��decode� pyrfc3339��parse)�rrr���fr Z timestampZ�reformatted_timestampZ�timestamp_bytesZ
timestamp_strr<r<r=r�C�s�
��������
�������
�
�r�)���filenamer)c��
Cs:tj��}�t�|d�����}�|�j�|�j��j�d������Wd�QRX|�j��S)�aN�Compute a sha256sum of a file.
NB: In given file, platform specific newlines characters will be converted
into their equivalent unicode counterparts before calculating the hash.
:param str filename: path to the file whose hash will be computed
:returns: sha256 digest of the file in hexadecimal
:rtype: str
��rz�UTF-8N)���hashlib��sha256ru��updaterx��encodeZ hexdigest)�r�r�Z�file_dr<r<r=� sha256sum_�s��������r�s@-----BEGIN CERTIFICATE-----
?
.+?
?
-----END CERTIFICATE-----
?
)��
fullchain_pemr)c���CsLtj�|j����}�t�|���d�kr$t�j�d
����d�d��|�D��}�|�d��d�j�|�d�d �����f�S)�a��Split fullchain_pem into cert_pem and chain_pem
:param str fullchain_pem: concatenated cert + chain
:returns: tuple of string cert_pem and chain_pem
:rtype: tuple
:raises errors.Error: If there are less than 2 certificates in the chain.
��z/failed to parse fullchain into cert and chain: z!less than 2 certificates in chainc���Ss(g|] }�tj�tj�tj�tj�|�����j����q�Sr<)�r�Z�dump_certificaterRr�r�)�r�r�r<r<r=�
<listcomp>��s���z1cert_and_chain_from_fullchain.<locals>.<listcomp>r�r+��NzPfailed to parse fullchain into cert and chain: less than 2 certificates in chain)���CERT_PEM_REGEX��findallr���lenr�rTr7)�r���certsZ�certs_normalizedr<r<r=��cert_and_chain_from_fullchainz�s��������������r�c��
Cs0t|d�����}�t�j�t�j�|�j����}�Wd�QRX|�j��S)�z�Retrieve the serial number of a certificate from certificate path
:param str cert_path: path to a cert in PEM format
:returns: serial number of the certificate
:rtype: int
rtN)�rur�r�rRrxZ�get_serial_number)�rrr�r r<r<r=��get_serial_from_cert��s� ����r�)��
fullchains� issuer_cn��warn_on_no_matchr)c���CslxR|D]J}�tj�|�j����}�t�j�|�d��t����}�|�j�j�t�j�j ��}�|�r�|�d��j
|�k�r�|�Sq�W|�rdt�j�d�|����|d��S)�a'�Chooses the first certificate chain from fullchains whose topmost
intermediate has an Issuer Common Name matching issuer_cn (in other words
the first chain which chains to a root whose name matches issuer_cn).
:param fullchains: The list of fullchains in PEM chain format.
:type fullchains: `list` of `str`
:param `str` issuer_cn: The exact Subject Common Name to match against any
issuer in the certificate chain.
:returns: The best-matching fullchain, PEM-encoded, or the first if none match.
:rtype: `str`
r�r�z�Certbot has been configured to prefer certificate chains with issuer '%s', but no chain from the CA matched this issuer. Using the default certificate chain instead.���)
r�r�r�r rwr�Z�issuerZ�get_attributes_for_oidZ�NameOIDZ�COMMON_NAME��valuer0Z�warning)�r�r�r�r�r�Z�top_certZ
top_issuer_cnr<r<r=��find_chain_with_issuer��s��
�����������������r�)�r r!r"T)�r r!r")�FT)�rbr N)�F)j��__doc__Z�datetimer�Z�logging��reZ�typingr�r�r�r�r�r�r�r?Z�cryptographyr Z�cryptography.exceptionsr
r�Z�cryptography.hazmat.backendsr�Z�cryptography.hazmat.primitivesr
Z)cryptography.hazmat.primitives.asymmetricr�Z-cryptography.hazmat.primitives.asymmetric.dsar�Z,cryptography.hazmat.primitives.asymmetric.ecr�r�Z1cryptography.hazmat.primitives.asymmetric.paddingr�Z-cryptography.hazmat.primitives.asymmetric.rsar�Z,cryptography.hazmat.primitives.serializationr�r�r�Z�josepyZ�OpenSSLr�r�r�Z�zope.componentrBZ�acmer�rLZ�certbotr�r�r�Z�certbot.compatr�Z/cryptography.hazmat.primitives.asymmetric.ed448r�Z1cryptography.hazmat.primitives.asymmetric.ed25519r�Z getLogger��__name__r0��intr3��boolr9r>rGrMrNrO��bytesrVrXrar.rmZ
RenewableCertrsroZ
HashAlgorithmrzrqrpr�r�rRZ�X509Reqr�r�r�r�r^r�r�Z�ComparableX509r�r�r�r�r���compile��DOTALLr�r�r�r�r<r<r<r=��<module>�s���������������������������������������������������������������������������������
����.���!.�������"���0��������������������>�6������������������
,�������"�������������