"""Tests for certbot_nginx._internal.http_01"""
import unittest

import josepy as jose
try:
    import mock
except ImportError: # pragma: no cover
    from unittest import mock # type: ignore


            

Reported by Pylint.

              except ImportError: # pragma: no cover
    from unittest import mock # type: ignore

from acme import challenges
from certbot import achallenges
from certbot.tests import acme_util
from certbot.tests import util as test_util
from certbot_nginx._internal.obj import Addr
import test_util as util

            

Reported by Pylint.

                  from unittest import mock # type: ignore

from acme import challenges
from certbot import achallenges
from certbot.tests import acme_util
from certbot.tests import util as test_util
from certbot_nginx._internal.obj import Addr
import test_util as util


            

Reported by Pylint.

              
from acme import challenges
from certbot import achallenges
from certbot.tests import acme_util
from certbot.tests import util as test_util
from certbot_nginx._internal.obj import Addr
import test_util as util

AUTH_KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))

            

Reported by Pylint.

              from acme import challenges
from certbot import achallenges
from certbot.tests import acme_util
from certbot.tests import util as test_util
from certbot_nginx._internal.obj import Addr
import test_util as util

AUTH_KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))


            

Reported by Pylint.

              from certbot import achallenges
from certbot.tests import acme_util
from certbot.tests import util as test_util
from certbot_nginx._internal.obj import Addr
import test_util as util

AUTH_KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))



            

Reported by Pylint.

                      config = self.get_nginx_configurator(
            self.config_path, self.config_dir, self.work_dir, self.logs_dir)

        from certbot_nginx._internal import http_01
        self.http01 = http_01.NginxHttp01(config)

    def test_perform0(self):
        responses = self.http01.perform()
        self.assertEqual([], responses)

            

Reported by Pylint.

                      config = self.get_nginx_configurator(
            self.config_path, self.config_dir, self.work_dir, self.logs_dir)

        from certbot_nginx._internal import http_01
        self.http01 = http_01.NginxHttp01(config)

    def test_perform0(self):
        responses = self.http01.perform()
        self.assertEqual([], responses)

            

Reported by Pylint.

                      from certbot_nginx._internal import http_01
        self.http01 = http_01.NginxHttp01(config)

    def test_perform0(self):
        responses = self.http01.perform()
        self.assertEqual([], responses)

    @mock.patch("certbot_nginx._internal.configurator.NginxConfigurator.save")
    def test_perform1(self, mock_save):

            

Reported by Pylint.

                      self.assertEqual([], responses)

    @mock.patch("certbot_nginx._internal.configurator.NginxConfigurator.save")
    def test_perform1(self, mock_save):
        self.http01.add_chall(self.achalls[0])
        response = self.achalls[0].response(self.account_key)

        responses = self.http01.perform()


            

Reported by Pylint.

              import re
import sys

import sphinx

here = os.path.abspath(os.path.dirname(__file__))

# read version number (and other metadata) from package init
init_fn = os.path.join(here, '..', 'certbot', '__init__.py')

            

Reported by Pylint.

              # on_rtd is whether we are on readthedocs.org
on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
if not on_rtd:  # only import and set the theme if we're building docs locally
    import sphinx_rtd_theme
    html_theme = 'sphinx_rtd_theme'
    html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
# otherwise, readthedocs.org uses their theme by default, so no need to specify it

# Theme options are theme-specific and customize the look and feel of a theme

            

Reported by Pylint.

              # -*- coding: utf-8 -*-
#
# Certbot documentation build configuration file, created by
# sphinx-quickstart on Sun Nov 23 20:35:21 2014.
#
# This file is execfile()d with the current directory set to its
# containing dir.
#
# Note that not all possible configuration values are present in this

            

Reported by Pylint.

              # -- General configuration ------------------------------------------------

# If your documentation needs a minimal Sphinx version, state it here.
needs_sphinx = '1.2'

# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [

            

Reported by Pylint.

              if sphinx.version_info >= (1, 6):
    extensions.append('sphinx.ext.imgconverter')

autodoc_member_order = 'bysource'
autodoc_default_flags = ['show-inheritance']

# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']


            

Reported by Pylint.

              templates_path = ['_templates']

# The suffix of source filenames.
source_suffix = '.rst'

# The encoding of source files.
#source_encoding = 'utf-8-sig'

# The master toctree document.

            

Reported by Pylint.

              #source_encoding = 'utf-8-sig'

# The master toctree document.
master_doc = 'index'

# General information about the project.
project = u'Certbot'
# this is now overridden by the footer.html template
#copyright = u'2014-2018 - The Certbot software and documentation are licensed under the Apache 2.0 license as described at https://eff.org/cb-license.'

            

Reported by Pylint.

              master_doc = 'index'

# General information about the project.
project = u'Certbot'
# this is now overridden by the footer.html template
#copyright = u'2014-2018 - The Certbot software and documentation are licensed under the Apache 2.0 license as described at https://eff.org/cb-license.'

# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the

            

Reported by Pylint.

              # General information about the project.
project = u'Certbot'
# this is now overridden by the footer.html template
#copyright = u'2014-2018 - The Certbot software and documentation are licensed under the Apache 2.0 license as described at https://eff.org/cb-license.'

# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#

            

Reported by Pylint.

              # built documents.
#
# The short X.Y version.
version = '.'.join(meta['version'].split('.')[:2])
# The full version, including alpha/beta/rc tags.
release = meta['version']

# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.

            

Reported by Pylint.

              except ImportError: # pragma: no cover
    from unittest import mock # type: ignore

from certbot import errors
from certbot.compat import filesystem
from certbot.compat import os
from certbot_apache._internal import obj
from certbot_apache._internal import override_fedora
import util

            

Reported by Pylint.

                  from unittest import mock # type: ignore

from certbot import errors
from certbot.compat import filesystem
from certbot.compat import os
from certbot_apache._internal import obj
from certbot_apache._internal import override_fedora
import util


            

Reported by Pylint.

              
from certbot import errors
from certbot.compat import filesystem
from certbot.compat import os
from certbot_apache._internal import obj
from certbot_apache._internal import override_fedora
import util



            

Reported by Pylint.

              from certbot import errors
from certbot.compat import filesystem
from certbot.compat import os
from certbot_apache._internal import obj
from certbot_apache._internal import override_fedora
import util


def get_vh_truth(temp_dir, config_name):

            

Reported by Pylint.

              from certbot.compat import filesystem
from certbot.compat import os
from certbot_apache._internal import obj
from certbot_apache._internal import override_fedora
import util


def get_vh_truth(temp_dir, config_name):
    """Return the ground truth for the specified directory."""

            

Reported by Pylint.

                      temp_dir, config_name, "httpd/conf.d")

    aug_pre = "/files" + prefix
    # TODO: eventually, these tests should have a dedicated configuration instead
    #  of reusing the ones from centos_test
    vh_truth = [
        obj.VirtualHost(
            os.path.join(prefix, "centos.example.com.conf"),
            os.path.join(aug_pre, "centos.example.com.conf/VirtualHost"),

            

Reported by Pylint.

              class FedoraRestartTest(util.ApacheTest):
    """Tests for Fedora specific self-signed certificate override"""

    # TODO: eventually, these tests should have a dedicated configuration instead
    #  of reusing the ones from centos_test
    def setUp(self):  # pylint: disable=arguments-differ
        test_dir = "centos7_apache/apache"
        config_root = "centos7_apache/apache/httpd"
        vhost_root = "centos7_apache/apache/httpd/conf.d"

            

Reported by Pylint.

                      self.assertIsInstance(self.config, override_fedora.FedoraConfigurator)
        self.config.config_test()

    def test_fedora_restart_error(self):
        c_test = "certbot_apache._internal.configurator.ApacheConfigurator.config_test"
        with mock.patch(c_test) as mock_test:
            # First call raises error, second doesn't
            mock_test.side_effect = [errors.MisconfigurationError, '']
            with mock.patch("certbot.util.run_script") as mock_run:

            

Reported by Pylint.

                              self.assertRaises(errors.MisconfigurationError,
                                  self._run_fedora_test)

    def test_fedora_restart(self):
        c_test = "certbot_apache._internal.configurator.ApacheConfigurator.config_test"
        with mock.patch(c_test) as mock_test:
            with mock.patch("certbot.util.run_script") as mock_run:
                # First call raises error, second doesn't
                mock_test.side_effect = [errors.MisconfigurationError, '']

            

Reported by Pylint.

                      self.vh_truth = get_vh_truth(
            self.temp_dir, "centos7_apache/apache")

    def test_get_parser(self):
        self.assertIsInstance(self.config.parser, override_fedora.FedoraParser)

    @mock.patch("certbot_apache._internal.apache_util._get_runtime_cfg")
    def test_opportunistic_httpd_runtime_parsing(self, mock_get):
        define_val = (

            

Reported by Pylint.

              from requests.exceptions import HTTPError
from requests.exceptions import RequestException

from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.tests import util as test_util

DOMAIN_NOT_FOUND = Exception('No domain found')

            

Reported by Pylint.

              from requests.exceptions import RequestException

from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.tests import util as test_util

DOMAIN_NOT_FOUND = Exception('No domain found')
GENERIC_ERROR = RequestException

            

Reported by Pylint.

              
from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.tests import util as test_util

DOMAIN_NOT_FOUND = Exception('No domain found')
GENERIC_ERROR = RequestException
LOGIN_ERROR = HTTPError('400 Client Error: ...')

            

Reported by Pylint.

              from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.tests import util as test_util

DOMAIN_NOT_FOUND = Exception('No domain found')
GENERIC_ERROR = RequestException
LOGIN_ERROR = HTTPError('400 Client Error: ...')


            

Reported by Pylint.

                  def setUp(self):
        super().setUp()

        from certbot_dns_cloudxns._internal.dns_cloudxns import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        dns_test_common.write({"cloudxns_api_key": API_KEY, "cloudxns_secret_key": SECRET}, path)

        self.config = mock.MagicMock(cloudxns_credentials=path,

            

Reported by Pylint.

              class CloudXNSLexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLexiconClientTest):

    def setUp(self):
        from certbot_dns_cloudxns._internal.dns_cloudxns import _CloudXNSLexiconClient

        self.client = _CloudXNSLexiconClient(API_KEY, SECRET, 0)

        self.provider_mock = mock.MagicMock()
        self.client.provider = self.provider_mock

            

Reported by Pylint.

              from certbot.tests import util as test_util

DOMAIN_NOT_FOUND = Exception('No domain found')
GENERIC_ERROR = RequestException
LOGIN_ERROR = HTTPError('400 Client Error: ...')

API_KEY = 'foo'
SECRET = 'bar'


            

Reported by Pylint.

              LOGIN_ERROR = HTTPError('400 Client Error: ...')

API_KEY = 'foo'
SECRET = 'bar'


class AuthenticatorTest(test_util.TempDirTestCase,
                        dns_test_common_lexicon.BaseLexiconAuthenticatorTest):


            

Reported by Bandit.

              SECRET = 'bar'


class AuthenticatorTest(test_util.TempDirTestCase,
                        dns_test_common_lexicon.BaseLexiconAuthenticatorTest):

    def setUp(self):
        super().setUp()


            

Reported by Pylint.

              SECRET = 'bar'


class AuthenticatorTest(test_util.TempDirTestCase,
                        dns_test_common_lexicon.BaseLexiconAuthenticatorTest):

    def setUp(self):
        super().setUp()


            

Reported by Pylint.

              from typing import List
from typing import Optional

import CloudFlare

from certbot import errors
from certbot.plugins import dns_common
from certbot.plugins.dns_common import CredentialsConfiguration


            

Reported by Pylint.

              
import CloudFlare

from certbot import errors
from certbot.plugins import dns_common
from certbot.plugins.dns_common import CredentialsConfiguration

logger = logging.getLogger(__name__)


            

Reported by Pylint.

              import CloudFlare

from certbot import errors
from certbot.plugins import dns_common
from certbot.plugins.dns_common import CredentialsConfiguration

logger = logging.getLogger(__name__)

ACCOUNT_URL = 'https://dash.cloudflare.com/?to=/:account/profile/api-tokens'

            

Reported by Pylint.

              
from certbot import errors
from certbot.plugins import dns_common
from certbot.plugins.dns_common import CredentialsConfiguration

logger = logging.getLogger(__name__)

ACCOUNT_URL = 'https://dash.cloudflare.com/?to=/:account/profile/api-tokens'


            

Reported by Pylint.

                      self.credentials: Optional[CredentialsConfiguration] = None

    @classmethod
    def add_parser_arguments(cls, add):  # pylint: disable=arguments-differ
        super().add_parser_arguments(add)
        add('credentials', help='Cloudflare credentials INI file.')

    def more_info(self):  # pylint: disable=missing-function-docstring
        return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \

            

Reported by Pylint.

                      super().add_parser_arguments(add)
        add('credentials', help='Cloudflare credentials INI file.')

    def more_info(self):  # pylint: disable=missing-function-docstring
        return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \
               'the Cloudflare API.'

    def _validate_credentials(self, credentials):
        token = credentials.conf('api-token')

            

Reported by Pylint.

                      return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \
               'the Cloudflare API.'

    def _validate_credentials(self, credentials):
        token = credentials.conf('api-token')
        email = credentials.conf('email')
        key = credentials.conf('api-key')
        if token:
            if email or key:

            

Reported by Pylint.

                  """

    def __init__(self, email, api_key):
        self.cf = CloudFlare.CloudFlare(email, api_key)

    def add_txt_record(self, domain, record_name, record_content, record_ttl):
        """
        Add a TXT record using the supplied information.


            

Reported by Pylint.

                      try:
            logger.debug('Attempting to add record to zone %s: %s', zone_id, data)
            self.cf.zones.dns_records.post(zone_id, data=data)  # zones | pylint: disable=no-member
        except CloudFlare.exceptions.CloudFlareAPIError as e:
            code = int(e)
            hint = None

            if code == 1009:
                hint = 'Does your API token have "Zone:DNS:Edit" permissions?'

            

Reported by Pylint.

              
        try:
            zone_id = self._find_zone_id(domain)
        except errors.PluginError as e:
            logger.debug('Encountered error finding zone_id during deletion: %s', e)
            return

        if zone_id:
            record_id = self._find_txt_record_id(zone_id, record_name, record_content)

            

Reported by Pylint.

                  from unittest import mock # type: ignore
from requests.exceptions import HTTPError

from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.plugins.dns_test_common import DOMAIN
from certbot.tests import util as test_util


            

Reported by Pylint.

              from requests.exceptions import HTTPError

from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.plugins.dns_test_common import DOMAIN
from certbot.tests import util as test_util

API_KEY = 'foo'

            

Reported by Pylint.

              
from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.plugins.dns_test_common import DOMAIN
from certbot.tests import util as test_util

API_KEY = 'foo'
SECRET_KEY = 'bar'

            

Reported by Pylint.

              from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.plugins.dns_test_common import DOMAIN
from certbot.tests import util as test_util

API_KEY = 'foo'
SECRET_KEY = 'bar'


            

Reported by Pylint.

              from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.plugins.dns_test_common import DOMAIN
from certbot.tests import util as test_util

API_KEY = 'foo'
SECRET_KEY = 'bar'



            

Reported by Pylint.

                  def setUp(self):
        super().setUp()

        from certbot_dns_dnsmadeeasy._internal.dns_dnsmadeeasy import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        dns_test_common.write({"dnsmadeeasy_api_key": API_KEY,
                               "dnsmadeeasy_secret_key": SECRET_KEY},
                              path)

            

Reported by Pylint.

                  LOGIN_ERROR = HTTPError('403 Client Error: Forbidden for url: {0}.'.format(DOMAIN))

    def setUp(self):
        from certbot_dns_dnsmadeeasy._internal.dns_dnsmadeeasy import _DNSMadeEasyLexiconClient

        self.client = _DNSMadeEasyLexiconClient(API_KEY, SECRET_KEY, 0)

        self.provider_mock = mock.MagicMock()
        self.client.provider = self.provider_mock

            

Reported by Pylint.

              from certbot.tests import util as test_util

API_KEY = 'foo'
SECRET_KEY = 'bar'


class AuthenticatorTest(test_util.TempDirTestCase,
                        dns_test_common_lexicon.BaseLexiconAuthenticatorTest):


            

Reported by Bandit.

              SECRET_KEY = 'bar'


class AuthenticatorTest(test_util.TempDirTestCase,
                        dns_test_common_lexicon.BaseLexiconAuthenticatorTest):

    def setUp(self):
        super().setUp()


            

Reported by Pylint.

              SECRET_KEY = 'bar'


class AuthenticatorTest(test_util.TempDirTestCase,
                        dns_test_common_lexicon.BaseLexiconAuthenticatorTest):

    def setUp(self):
        super().setUp()


            

Reported by Pylint.

              from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.serialization import load_pem_private_key
import zope.component

from certbot import configuration
from certbot import crypto_util
from certbot import errors
from certbot import interfaces

            

Reported by Pylint.

              from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.serialization import load_pem_private_key
import zope.component

from certbot import configuration
from certbot import crypto_util
from certbot import errors
from certbot import interfaces

            

Reported by Pylint.

                          else:
                # This call is done only for retro-compatibility purposes.
                # TODO: Remove this call once zope dependencies are removed from Certbot.
                zope.component.provideUtility(lineage_config, interfaces.IConfig)
                renewal_candidate.ensure_deployed()
                from certbot._internal import main
                plugins = plugins_disco.PluginsRegistry.find_all()
                if should_renew(lineage_config, renewal_candidate):
                    # Apply random sleep upon first renewal if needed

            

Reported by Pylint.

              
    """
    # Now use parser to get plugin-prefixed items with correct types
    # XXX: the current approach of extracting only prefixed items
    #      related to the actually-used installer and authenticator
    #      works as long as plugins don't need to read plugin-specific
    #      variables set by someone else (e.g., assuming Apache
    #      configurator doesn't need to read webroot_ variables).
    # Note: if a parameter that used to be defined in the parser is no

            

Reported by Pylint.

                              if config_value in ("None", "True", "False"):
                    # bool("False") == True
                    # pylint: disable=eval-used
                    setattr(config, config_item, eval(config_value))
                else:
                    cast = cli.argparse_type(config_item)
                    setattr(config, config_item, cast(config_value))



            

Reported by Bandit.

                  try:
        return int(value)
    except ValueError:
        raise errors.Error("Expected a numeric value for {0}".format(name))


def _restore_str(name, value):
    """Restores a string key-value pair from a renewal config file.


            

Reported by Pylint.

                      logger.debug("Dry run: skipping updating lineage at %s", os.path.dirname(lineage.cert))
    else:
        prior_version = lineage.latest_common_version()
        # TODO: Check return value of save_successor
        lineage.save_successor(prior_version, new_cert, new_key.pem, new_chain, config)
        lineage.update_all_links_to(lineage.latest_common_version())

    hooks.renew_hook(config, domains, lineage.live_dir)


            

Reported by Pylint.

                              parse_failures.append(renewal_file)
            else:
                # This call is done only for retro-compatibility purposes.
                # TODO: Remove this call once zope dependencies are removed from Certbot.
                zope.component.provideUtility(lineage_config, interfaces.IConfig)
                renewal_candidate.ensure_deployed()
                from certbot._internal import main
                plugins = plugins_disco.PluginsRegistry.find_all()
                if should_renew(lineage_config, renewal_candidate):

            

Reported by Pylint.

                  # To understand why webroot_path and webroot_map processing are not mutually exclusive,
    # see https://github.com/certbot/certbot/pull/7095
    if "webroot_path" in renewalparams and not cli.set_by_cli("webroot_path"):
        wp = renewalparams["webroot_path"]
        if isinstance(wp, str):  # prior to 0.1.0, webroot_path was a string
            wp = [wp]
        config.webroot_path = wp



            

Reported by Pylint.

                  if "webroot_path" in renewalparams and not cli.set_by_cli("webroot_path"):
        wp = renewalparams["webroot_path"]
        if isinstance(wp, str):  # prior to 0.1.0, webroot_path was a string
            wp = [wp]
        config.webroot_path = wp


def _restore_plugin_configs(config, renewalparams):
    """Sets plugin specific values in config from renewalparams

            

Reported by Pylint.

              import json
import logging

from googleapiclient import discovery
from googleapiclient import errors as googleapiclient_errors
import httplib2
from oauth2client.service_account import ServiceAccountCredentials

from certbot import errors

            

Reported by Pylint.

              import logging

from googleapiclient import discovery
from googleapiclient import errors as googleapiclient_errors
import httplib2
from oauth2client.service_account import ServiceAccountCredentials

from certbot import errors
from certbot.plugins import dns_common

            

Reported by Pylint.

              from googleapiclient import discovery
from googleapiclient import errors as googleapiclient_errors
import httplib2
from oauth2client.service_account import ServiceAccountCredentials

from certbot import errors
from certbot.plugins import dns_common

logger = logging.getLogger(__name__)

            

Reported by Pylint.

              import httplib2
from oauth2client.service_account import ServiceAccountCredentials

from certbot import errors
from certbot.plugins import dns_common

logger = logging.getLogger(__name__)

ACCT_URL = 'https://developers.google.com/identity/protocols/OAuth2ServiceAccount#creatinganaccount'

            

Reported by Pylint.

              from oauth2client.service_account import ServiceAccountCredentials

from certbot import errors
from certbot.plugins import dns_common

logger = logging.getLogger(__name__)

ACCT_URL = 'https://developers.google.com/identity/protocols/OAuth2ServiceAccount#creatinganaccount'
PERMISSIONS_URL = 'https://cloud.google.com/dns/access-control#permissions_and_roles'

            

Reported by Pylint.

                              # we won't use the result but know we're not on GCP when an exception is thrown
                _GoogleClient.get_project_id()
            except (ValueError, httplib2.ServerNotFoundError):
                raise errors.PluginError('Unable to get Google Cloud Metadata and no credentials'
                                         ' specified. Automatic credential lookup is only '
                                         'available on Google Cloud Platform. Please configure'
                                         ' credentials using --dns-google-credentials <file>')
        else:
            self._configure_file('credentials',

            

Reported by Pylint.

                  ttl = 60

    @classmethod
    def add_parser_arguments(cls, add):  # pylint: disable=arguments-differ
        super().add_parser_arguments(add, default_propagation_seconds=60)
        add('credentials',
            help=('Path to Google Cloud DNS service account JSON file. (See {0} for' +
                  'information about creating a service account and {1} for information about the' +
                  'required permissions.)').format(ACCT_URL, PERMISSIONS_URL),

            

Reported by Pylint.

                                'required permissions.)').format(ACCT_URL, PERMISSIONS_URL),
            default=None)

    def more_info(self): # pylint: disable=missing-function-docstring
        return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \
               'the Google Cloud DNS API.'

    def _setup_credentials(self):
        if self.conf('credentials') is None:

            

Reported by Pylint.

                              credentials = ServiceAccountCredentials.from_json_keyfile_name(account_json, scopes)
                with open(account_json) as account:
                    self.project_id = json.load(account)['project_id']
            except Exception as e:
                raise errors.PluginError(
                    "Error parsing credentials file '{}': {}".format(account_json, e))
        else:
            credentials = None
            self.project_id = self.get_project_id()

            

Reported by Pylint.

                              request = changes.get(project=self.project_id, managedZone=zone_id, changeId=change)
                response = request.execute()
                status = response['status']
        except googleapiclient_errors.Error as e:
            logger.error('Encountered error adding TXT record: %s', e)
            raise errors.PluginError('Error communicating with the Google Cloud DNS API: {0}'
                                     .format(e))

    def del_txt_record(self, domain, record_name, record_content, record_ttl):

            

Reported by Pylint.

              
    key = load_pem_private_key(data=privkey1, password=None, backend=default_backend())

    assert isinstance(key, EllipticCurvePrivateKey)
    assert isinstance(key.curve, curve)


def assert_rsa_key(key):
    """

            

Reported by Bandit.

                  key = load_pem_private_key(data=privkey1, password=None, backend=default_backend())

    assert isinstance(key, EllipticCurvePrivateKey)
    assert isinstance(key.curve, curve)


def assert_rsa_key(key):
    """
    Asserts that the key at the given path is an RSA key.

            

Reported by Bandit.

                      privkey1 = file.read()

    key = load_pem_private_key(data=privkey1, password=None, backend=default_backend())
    assert isinstance(key, RSAPrivateKey)


def assert_hook_execution(probe_path, probe_content):
    """
    Assert that a certbot hook has been executed

            

Reported by Bandit.

                      data = file.read()

    lines = [line.strip() for line in data.splitlines()]
    assert probe_content in lines


def assert_saved_renew_hook(config_dir, lineage):
    """
    Assert that the renew hook configuration of a lineage has been saved.

            

Reported by Bandit.

                  :param lineage: lineage domain name
    """
    with open(os.path.join(config_dir, 'renewal', '{0}.conf'.format(lineage))) as file_h:
        assert 'renew_hook' in file_h.read()


def assert_cert_count_for_lineage(config_dir, lineage, count):
    """
    Assert the number of certificates generated for a lineage.

            

Reported by Bandit.

                  archive_dir = os.path.join(config_dir, 'archive')
    lineage_dir = os.path.join(archive_dir, lineage)
    certs = [file for file in os.listdir(lineage_dir) if file.startswith('cert')]
    assert len(certs) == count


def assert_equals_group_permissions(file1, file2):
    """
    Assert that two files have the same permissions for group owner.

            

Reported by Bandit.

                      mode_file1 = os.stat(file1).st_mode & 0o070
        mode_file2 = os.stat(file2).st_mode & 0o070

        assert mode_file1 == mode_file2


def assert_equals_world_read_permissions(file1, file2):
    """
    Assert that two files have the same read permissions for everyone.

            

Reported by Bandit.

                      })
        mode_file2 = mode_file2 & ntsecuritycon.FILE_GENERIC_READ

    assert mode_file1 == mode_file2


def assert_equals_group_owner(file1, file2):
    """
    Assert that two files have the same group owner.

            

Reported by Bandit.

                      group_owner_file1 = grp.getgrgid(os.stat(file1).st_gid)[0]
        group_owner_file2 = grp.getgrgid(os.stat(file2).st_gid)[0]

        assert group_owner_file1 == group_owner_file2


def assert_world_no_permissions(file):
    """
    Assert that the given file is not world-readable.

            

Reported by Bandit.

                  """
    if POSIX_MODE:
        mode_file_all = os.stat(file).st_mode & 0o007
        assert mode_file_all == 0
    else:
        security = win32security.GetFileSecurity(file, win32security.DACL_SECURITY_INFORMATION)
        dacl = security.GetSecurityDescriptorDacl()
        mode = dacl.GetEffectiveRightsFromAcl({
            'TrusteeForm': win32security.TRUSTEE_IS_SID,

            

Reported by Bandit.

                  from unittest import mock # type: ignore
from requests.exceptions import HTTPError

from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.tests import util as test_util

EMAIL = 'fake@example.com'

            

Reported by Pylint.

              from requests.exceptions import HTTPError

from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.tests import util as test_util

EMAIL = 'fake@example.com'
TOKEN = 'foo'

            

Reported by Pylint.

              
from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.tests import util as test_util

EMAIL = 'fake@example.com'
TOKEN = 'foo'


            

Reported by Pylint.

              from certbot.compat import os
from certbot.plugins import dns_test_common
from certbot.plugins import dns_test_common_lexicon
from certbot.tests import util as test_util

EMAIL = 'fake@example.com'
TOKEN = 'foo'



            

Reported by Pylint.

                  def setUp(self):
        super().setUp()

        from certbot_dns_luadns._internal.dns_luadns import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        dns_test_common.write({"luadns_email": EMAIL, "luadns_token": TOKEN}, path)

        self.config = mock.MagicMock(luadns_credentials=path,

            

Reported by Pylint.

                  LOGIN_ERROR = HTTPError("401 Client Error: Unauthorized for url: ...")

    def setUp(self):
        from certbot_dns_luadns._internal.dns_luadns import _LuaDNSLexiconClient

        self.client = _LuaDNSLexiconClient(EMAIL, TOKEN, 0)

        self.provider_mock = mock.MagicMock()
        self.client.provider = self.provider_mock

            

Reported by Pylint.

              from certbot.tests import util as test_util

EMAIL = 'fake@example.com'
TOKEN = 'foo'


class AuthenticatorTest(test_util.TempDirTestCase,
                        dns_test_common_lexicon.BaseLexiconAuthenticatorTest):


            

Reported by Bandit.

              TOKEN = 'foo'


class AuthenticatorTest(test_util.TempDirTestCase,
                        dns_test_common_lexicon.BaseLexiconAuthenticatorTest):

    def setUp(self):
        super().setUp()


            

Reported by Pylint.

              TOKEN = 'foo'


class AuthenticatorTest(test_util.TempDirTestCase,
                        dns_test_common_lexicon.BaseLexiconAuthenticatorTest):

    def setUp(self):
        super().setUp()


            

Reported by Pylint.

              class AuthenticatorTest(test_util.TempDirTestCase,
                        dns_test_common_lexicon.BaseLexiconAuthenticatorTest):

    def setUp(self):
        super().setUp()

        from certbot_dns_luadns._internal.dns_luadns import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')

            

Reported by Pylint.