h8ddlZddlZddlZddlZddlZddlmZddlmZm Z m Z m Z m Z ejjd aerdddddZnddd Zd Zd Zd Zd ZdZy)N)ANYWIN)Netdev atomic_move load_resourceruncmdwunlink PRTY_NO_CFSSL皙?)mv_re_trm_re_tmv_re_rrm_re_r)r rc t|jd5}|j}dddtjj |jj d}tjj|jsW||jk7rtd|jzt|jd5}|jdddt|jd5}|j}|jd}|jd}d }|d krt|d z|d krt|d z||kDrt|d z ddd t|jd5}|j} ddd k(r&d} |d| j|jdyy#1swYxYw#1swYxYw#1swY~xYw#1swYZxYw#YyxYw)a the default cert (and the entire TLS support) is only here to enable the crypto.subtle javascript API, which is necessary due to the webkit guys being massive memers (https://www.chromium.org/blink/webcrypto) i feel awful about this and so should they res/insecure.pemNzcert.pemz!certificate file does not exist: wbrbs PRIVATE KEY-s CERTIFICATE-z unsupported certificate format: rzno private key inside pemz no server certificate inside pemz1private key must appear before server certificatez>using default TLS certificate; https will be insecure: {}cert)rEreadospathjoincfgisfiler Exceptionopenwritefindformat) logargsf cert_insec cert_appdatabufo1o2m active_certts C/jellyfin/media/venv/lib/python3.12/site-packages/copyparty/cert.py ensure_certr/s tvv1 2aVVX 77<< J7L 77>>$)) $ 499 $?$))KL L $))T " a GGJ   dii  U!ffh XX& ' XX& ' . 6A ;;< < 6A BBC C 7A SST T  U $))T " #a&&(K # * $SA +Q / %3   U U # #   sHG  G:A.G&2G>G22G> GG#&G/2G;7G>>Hc tjjtjj|j|sdifSdd|g}t ||j\}}}|rdifSt j|}|d}tjtj|d}||fS#t$r,} | jtjk(rdifcYd} ~ Sd} ~ wdifcYSxYw)Nrzcfssl-certinfoz-cert)cwd not_afterz%Y-%m-%dT%H:%M:%SZ)rrexistsrcrt_dirrjsonloadscalendartimegmtimestrptimeOSErrorerrnoENOENT) r$fnacmdrcsoseinfzsexpiryexs r. _read_crtrG=sww~~bggll4<<<=b5L '2.Ddll3 B b5Ljjn  r3G!HIs{  88u|| # "u "u s+A B: %B:3AB:: C5!C*$C5* C5c|d!fd }t|dd}tj|jdzdzdzdzz|krydjt |j dz}djt |jdzdz}|j jd|j}|jjd \}}|||dd |t |d d |igd }tj|jd} dddd} t| jd| \} } } | rtdj| | dd} | jd} t| jd| |j \} } } | rtdj| | dt"j$j'|j d} t)||dzt*t-||dz|dzt*t)||dzt*ddd y#Y;xYw)"Nrcd||S)Nz cert-gen-camsgcr#s r.z_gen_ca..TsSQ7ca.pem<r {}m--crt-cn-)backdaterEpathlenalgosizeO)CNCAkeynamesutf-8rzcreating new ca ...zcfssl gencert -initca -)sinz failed to create ca-cert: {}, {}rzcfssljson -bare ca rcr1z#failed to translate ca-cert: {}, {}ca.key-key.pem.csrz new ca OKr)rGr9 crt_cdaysr"intcrt_backcrt_cncreplacecrt_cncrt_algsplitr5dumpsencoderrr4rrrr VFr)r#r$nlogrErVcnrYkszreqrccmdr@rArBbnames` r._gen_car}Ss 7D tX &q )F yy{T^^b(2-2S886A||C  234H \\#dnnr1B67 8F   j$++ 6B ""3'ID##v!Dc#h/)  C **S/  )C%q) #C RS1JBB :AA"bI1MM C ))G C RSdllCJBB =DDRLaPP GGLLt ,E efnb)ej(%&."= D%&."% Q   s ,H77H;cf d7fd }|jr|jjdng}|js*|ddD]"}|jdj |$|j s8|j D]%}|j|jdd'|jr|Dcgc] }|dvs| }}|js9|j|j|j|jdz|sdg}d|vsd |vr|jd t|Dcic]}|d c}j } t|d \}} d | vr tdtj|jdzdzdzdzz|kD} | r td|D]#}|| d vs tdj |t|j d5} | j#} dddt%|j&d5} | j#} ddd r|  k7ryddddj t)|j*dz}dj t)|jdzdz}dd||gddii}t%t,j.j1|j2dd 5} | j5t7j8|j;d!ddd|j<j?d"|j@}|jBjd#\}}|t)|d$d%|igd&}t7j8|j;d!}d'}|jd(dj1|zd#gz}tE|d)||j2*\}}}|rtd+j ||d,}|j;d!}tE|jd-||j2*\}}}|rtd.j ||t,j.j1|j2d/} tG||d0ztHtK||d1z|d0ztHtG||d2ztHt%t,j.j1|j2d3d5} | j#}dddt%|d0zd5} | j#}dddt%|d4zd5} | j#}dddt%|j&d 5} | j5zzddddd5d6ycc}wcc}w#1swYxYw#1swYxYw#t$r#}ddj |Yd}~d}~wwxYw#1swYxYw#YoxYw#1swYxYw#1swYxYw#1swYxYw#1swYxYw)8Nrcd||S)Nz cert-gen-srvrJrKs r.rNz_gen_srv..~sSa8rO,z*.{}/) localhost 127.0.0.1::1z.localrrrrzsrv.pemsanszno useable cert foundrQrRg?zold server-cert has expiredzdoes not have {}rrrzwill create new server-cert; {}zcreating server-cert ...rarSsigningdefault)rzkey enciphermentz server auth)rVrEusagesz cfssl.jsonrr`rTrUrXr[)r^r_zGcfssl gencert -config=cfssl.json -ca ca.pem -ca-key ca.key -profile=wwwz -hostname=rbrezfailed to create cert: {}, {}zcfssljson -bare srvrdz failed to translate cert: {}, {}srvrgrhrirPz.pemznew server-cert OKrjrk)&crt_nsrs crt_exactappendr"crt_noipkeyscrt_nolocrt_nohnnamelistrGrr9 crt_sdaysrrrrrrmrnrrrr4r r5rtrucrt_cnsrprqrrrr rvr)r#r$netdevsrwr_nipxrErCexpiredr%r&r,rFrVrrxrYryrzrcr{r?r@rArBr|rfskeyscrts` r._gen_srvr}s 8D&*kkDKK  c "rE >>q +A LLq) * + ==,,. +B LL#q) * + }}!PqQ.O%OPP == TYY TYY)*  eu~ [! &1!Q$&++- .EBi0   34 4))+ 3b 82 = CCfL 9: : >AF # 2 9 9! <== >466#5 6 "!J "$))T " #a&&(K # ;*4  *A.||C  234H \\#dnnr1B67 8F $ H  C bggll4<<6 =1  3&&w/01   j$++ 6B ""3'ID#c#h/) C **S/  )C SC 99;,%8#> >Dbct||>r2FGG C ))G C RSdllCJBB :AA"bIJJ GGLLu -E efnb)ej(%&."= D%&."% bggll4<<2D 9Q VVX efnd #qvvx efnd #qvvx dii "! t b !"$a(wQ' " " # # B F5<?1V>0V$V>V10V>4W-<W:0XXX/X'$V.)V>1V;6V>> W*W%%W*-W7:W?X XX$'X0c^|jry|jsts t||y t ||t |||y#t $r[}da|ddj|dt|ddtjk(r d}|d|dt||Yd}~yd}~wwxYw) NFrz%could not create TLS certificates: {}rr<rz~install cfssl if you want to fix this; https://github.com/cloudflare/cfssl/releases/latest (cfssl, cfssljson, cfssl-certinfo)ra) http_onlyno_crt HAVE_CFSSLr/r}rrr"getattrr<r=)r#r$rrFr-s r.gencertrs ~~ {{*C TdG$   F;BB2FJ 2w "ell 2QA 1 CsA B,AB''B,)r7r<r5rr9__init__rutilrrrrr environgetrrvr/rGr}rrrJrOr.rsj EE0 0  1 EB1 %B% V,' Tf)RrO