a

}|�g�)�@s�
UdZd
dl
Z
d
dlmZ
d
dlmZ
d
dlmZ
d
dlmZ
d
dlmZ
d
dlm	Z	
d
d	lm
Z

d
d
lmZ
d
dlm
Z

d
dlmZ
d
d
lmZ
d
d	lm
Z
e
�e�
Zejdd�dd�Zeeed�dd�Zeedd�dd�Zejdd�dd�Ze�Zeeed<edd�dd�Z ejeedd�dd�Z!gZ"eeed <edd�d!d"�Z#eeeedd#�d$d%�Z$ejeeedd&�d'd(�Z%ejeeedd&�d)d*�Z&eeeee'e'dd+�d,d-�Z(d4eeeeeefed.�d/d0�Z)eeed1�d2d3�Z*dS)5z;Facilities for implementing hooks that call shell commands.�N)
�Dict)
�List)
�Optional)
�Set)
�
configuration)
�errors)
�util)
�
filesystem)
�misc)
�os)
�ops)�config�returnc

Cs4t|j
d
�
t|jd�
t|jd�
t|jd�
dS)z#Check hook commands are executable.ZpreZpostZdeploy�renewN)�
validate_hook�pre_hook�	post_hook�deploy_hook�
renew_hook)
r
�r�;/usr/lib/python3.9/site-packages/certbot/_internal/hooks.py�validate_hookss


r)�	shell_cmdrc

Cs.t�
|�
s"t�|�

t�
|�
s"d
Stj�|�
S)z�Extract the program run by a shell command.

    :param str shell_cmd: command to be executed

    :returns: basename of command or None if the command isn't found
    :rtype: str or None

    N)rZ
exe_exists�	plug_utilZpath_surgeryr�path�basename)
rrrr�_progs
	





r)r�	hook_namercCsj|rf|�d
d�d}t
|�
sftjd}tj�|�
rD|�d|
�d�}nd|
�d|�d|�d	�}t�|�
�
d
S)
z�Check that a command provided as a hook is plausibly executable.

    :raises .errors.HookCommandNotFound: if the command is not found
    N�
r
�PATHz-hook command z exists, but is not executable.zUnable to find z in the PATH.
(PATH is z0)
See also the --disable-hook-validation option.)�splitrr�environr�existsrZHookCommandNotFound)rr�cmdr�msgrrrr.s






��rc
Cs>|jd
kr(|j
r(t|j�
D]}
t|
�

q|j}|r:t|�

dS)a�
Run pre-hooks if they exist and haven't already been run.

    When Certbot is running with the renew subcommand, this function
    runs any hooks found in the config.renewal_pre_hooks_dir (if they
    have not already been run) followed by any pre-hook in the config.
    If hooks in config.renewal_pre_hooks_dir are run and the pre-hook in
    the config is a path to one of these scripts, it is not run twice.

    :param configuration.NamespaceConfig config: Certbot settings

    rN)�verb�directory_hooks�
list_hooksZrenewal_pre_hooks_dir�_run_pre_hook_if_necessaryr)r
�hookr#rrrrBs




r�executed_pre_hooks)�commandrc

Cs.|tvrt
�d
|�
ntd|�
t�|�

dS)z�Run the specified pre-hook if we haven't already.

    If we've already run this exact command before, a message is logged
    saying the pre-hook was skipped.

    :param str command: pre-hook to be run

    z*Pre-hook command already run, skipping: %szpre-hookN)r*�logger�info�	_run_hook�add�
r+rrrr(Zs	


r()r
�renewed_domainsrcCs�|j}|j
d
kr<|jr.t|j�
D]}t|�

q |r~t|�

nB|r~d�|
�
}t|�
dkrlt�	d�

|dd�}t
d||dd��
dS)	a�Run post-hooks if defined.

    This function also registers any executables found in
    config.renewal_post_hooks_dir to be run when Certbot is used with
    the renew subcommand.

    If the verb is renew, we delay executing any post-hooks until
    :func:`run_saved_post_hooks` is called. In this case, this function
    registers all hooks found in config.renewal_post_hooks_dir to be
    called followed by any post-hook in the config. If the post-hook in
    the config is a path to an executable in the post-hook directory, it
    is not scheduled to be run twice.

    :param configuration.NamespaceConfig config: Certbot settings

    r�
 i}z?Limiting RENEWED_DOMAINS environment variable to 32k charactersN�	post-hook���RENEWED_DOMAINSZFAILED_DOMAINS)rr%r&r'Zrenewal_post_hooks_dir�_run_eventually�join�lenr,�warningr.)r
r1r#r)�renewed_domains_strrrrrjs&














��r�
post_hooksc

Cs|tv
rt�
|�

d
S)z�Registers a post-hook to be run eventually.

    All commands given to this function will be run exactly once in the
    order they were given when :func:`run_saved_post_hooks` is called.

    :param str command: post-hook to register to be run

    N)r<�appendr0rrrr7�s	
r7)r1�failed_domainsrcCsxd
�|�
}d
�|
�
}t
|�
dkr6t�d�

|dd�}t
|�
dkrXt�d�

|dd�}tD]}td|||d��
q\dS)zGRun any post hooks that were saved up in the course of the 'renew' verbr2i�>z?Limiting RENEWED_DOMAINS environment variable to 16k charactersNz>Limiting FAILED_DOMAINS environment variable to 16k charactersr3r5)r8r9r,r:r<r.)r1r>r;Zfailed_domains_strr#rrr�run_saved_post_hooks�s 












��r?)r
�domains�lineage_pathrcCs |jrt
|j|
||j|j�
d
S)a
Run post-issuance hook if defined.

    :param configuration.NamespaceConfig config: Certbot settings
    :param domains: domains in the obtained certificate
    :type domains: `list` of `str`
    :param str lineage_path: live directory path for the new cert

    N)r�_run_deploy_hook�dry_run�run_deploy_hooks)r
r@rArrrr�s



�rcCstt�}|j
r:t|j�
D]"}t||
||j|j�
|�|�

q|jrp|j|vrZt	�
d
|j�
nt|j|
||j|j�
dS)a]Run post-renewal hooks.

    This function runs any hooks found in
    config.renewal_deploy_hooks_dir followed by any renew-hook in the
    config. If the renew-hook in the config is a path to a script in
    config.renewal_deploy_hooks_dir, it is not run twice.

    If Certbot is doing a dry run, no hooks are run and messages are
    logged saying that they were skipped.

    :param configuration.NamespaceConfig config: Certbot settings
    :param domains: domains in the obtained certificate
    :type domains: `list` of `str`
    :param str lineage_path: live directory path for the new cert

    z0Skipping deploy-hook '%s' as it was already run.N)�setr&r'Zrenewal_deploy_hooks_dirrBrCrDr/rr,r-)r
r@rAZexecuted_dir_hooksr)rrrr�s







�

�r)r+r@rArCrDrcCs@|r|st�
d
|�
dSd�|
�
tjd<|tjd<td|�
dS)atRun the specified deploy-hook (if not doing a dry run).

    If dry_run is True, command is not run and a message is logged
    saying that it was skipped. If dry_run is False, the hook is run
    after setting the appropriate environment variables.

    :param str command: command to run as a deploy-hook
    :param domains: domains in the obtained certificate
    :type domains: `list` of `str`
    :param str lineage_path: live directory path for the new cert
    :param bool dry_run: True iff Certbot is doing a dry run
    :param bool run_deploy_hooks: True if deploy hooks should run despite Certbot doing a dry run

    z)Dry run: skipping deploy hook command: %sNr2r6ZRENEWED_LINEAGEzdeploy-hook)r,r-r8rr!r.)r+r@rArCrDrrrrB�s

�


rB)�cmd_namer�	extra_envrcCsHt�
�}|�|pi�

tj||
|d
�\}}}t�d|�d�|||�
|S)aH
Run a hook command.

    :param str cmd_name: the user facing name of the hook being run
    :param shell_cmd: shell command to execute
    :type shell_cmd: `list` of `str` or `str`
    :param dict extra_env: extra environment variables to set
    :type extra_env: `dict` of `str` to `str`

    :returns: stderr if there was any)
�envzHook '�
')rZenv_no_snap_for_external_calls�updater
Zexecute_command_status�display_opsZreport_executed_command)rFrrGrH�
returncode�err�outrrrr.
s



�
r.)�dir_pathrc
s.�f
d
d�t�
��
D�
}
dd�|
D�
}t|�
S)z�List paths to all hooks found in dir_path in sorted order.

    :param str dir_path: directory to search

    :returns: `list` of `str`
    :rtype: sorted list of absolute paths to executables in dir_path

    c
3s|]}
tj
��|
�V
qdS)
N)rrr8)�.0�
f�
rOrr�	<genexpr>+
�zlist_hooks.<locals>.<genexpr>c
Ss$g|]}
t�
|
�
r|
�d�
s|
�qS)
�
~)r	Z
is_executable�endswith)rPrrrr�
<listcomp>,
rTzlist_hooks.<locals>.<listcomp>)r�listdir�sorted)rOZallpathsZhooksrrRrr'"
s	

r')
N)+�__doc__Zlogging�typingrrrrZcertbotrrrZcertbot.compatr	r
rZcertbot.displayrrKZcertbot.pluginsrZ	getLogger�__name__r,ZNamespaceConfigr�strrrrrEr*�__annotations__r(rr<r7r?rr�boolrBr.r'rrrr�<module>
sL













�2


�

�!
�"