From bff5db953e1a17afc26644486abb94092f56242c Mon Sep 17 00:00:00 2001 From: Richard Barnes Date: Tue, 13 Jan 2015 13:39:20 +0000 Subject: [PATCH 1/3] Change name anvil -> boulder --- README.md | 21 ++++++++------ amqp-rpc.go | 2 +- anvil-start/main.go | 60 +++++++++++++++++++-------------------- anvil_test.go | 2 +- certificate-authority.go | 2 +- interfaces.go | 2 +- objects.go | 10 +++---- registration-authority.go | 2 +- rpc-wrappers.go | 2 +- storage-authority.go | 2 +- util.go | 2 +- validation-authority.go | 2 +- web-front-end.go | 2 +- 13 files changed, 57 insertions(+), 54 deletions(-) diff --git a/README.md b/README.md index 0165010c8..c624a0f55 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -Anvil - An ACME CA -================== +Boulder - An ACME CA +==================== This is an initial implementation of an ACME-based CA. The [ACME protocol](https://github.com/letsencrypt/acme-spec/) allows the CA to automatically verify that an applicant for a certificate actually controls an identifier, and allows a domain holder to issue and revoke certificates for his domains. @@ -8,10 +8,10 @@ Quickstart ---------- ``` -> go get github.com/letsencrypt/anvil -> go build github.com/letsencrypt/anvil/anvil-start -> ./anvil-start monolithic # without AMQP -> ./anvil-start monolithic-amqp # with AMQP +> go get github.com/letsencrypt/boulder +> go build github.com/letsencrypt/boulder/boulder-start +> ./boulder-start monolithic # without AMQP +> ./boulder-start monolithic-amqp # with AMQP ``` @@ -49,7 +49,7 @@ client <-checks-> VA ---+ ``` -In Anvil, these components are represented by Go interfaces. This allows us to have two operational modes: Consolidated and distributed. In consolidated mode, the objects representing the different components interact directly, through function calls. In distributed mode, each component runs in a separate process (possibly on a separate machine), and sees the other components' methods by way of a messaging layer. +In Boulder, these components are represented by Go interfaces. This allows us to have two operational modes: Consolidated and distributed. In consolidated mode, the objects representing the different components interact directly, through function calls. In distributed mode, each component runs in a separate process (possibly on a separate machine), and sees the other components' methods by way of a messaging layer. Internally, the logic of the system is based around two types of objects, authorizations and certificates, mapping directly to the resources of the same name in ACME. @@ -57,7 +57,7 @@ Requests from ACME clients result in new objects and changes objects. The Stora Objects are also passed from one component to another on change events. For example, when a client provides a successful response to a validation challenge, it results in a change to the corresponding validation object. The Validation Authority forward the new validation object to the Storage Authority for storage, and to the Registration Authority for any updates to a related Authorization object. -Anvil supports distributed operation using AMQP as a message bus (e.g., via RabbitMQ). For components that you want to be remote, it is necessary to instantiate a "client" and "server" for that component. The client implements the component's Go interface, while the server has the actual logic for the component. More details in `amqp-rpc.go`. +Boulder supports distributed operation using AMQP as a message bus (e.g., via RabbitMQ). For components that you want to be remote, it is necessary to instantiate a "client" and "server" for that component. The client implements the component's Go interface, while the server has the actual logic for the component. More details in `amqp-rpc.go`. Files ----- @@ -72,7 +72,7 @@ Files * `rpc-wrappers.go` - RPC wrappers for the various component type * `objects.go` - Objects that are passed between components * `util.go` - Miscellaneous utility methods -* `anvil_test.go` - Unit tests +* `boulder_test.go` - Unit tests Dependencies: @@ -146,6 +146,9 @@ WebFE -> Client: revocation TODO ---- +* Switch to go-jose for JOSE processing +* Use CFSSL for the CA + * Ensure that distributed mode works with multiple processes * Add message signing and verification to the AMQP message layer * Add monitoring / syslog diff --git a/amqp-rpc.go b/amqp-rpc.go index 7ce077fa7..255d49cdc 100644 --- a/amqp-rpc.go +++ b/amqp-rpc.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package boulder import ( "errors" diff --git a/anvil-start/main.go b/anvil-start/main.go index 04f356547..9623efd80 100644 --- a/anvil-start/main.go +++ b/anvil-start/main.go @@ -8,7 +8,7 @@ package main import ( "fmt" "github.com/codegangsta/cli" - "github.com/letsencrypt/anvil" + "github.com/letsencrypt/boulder" "github.com/streadway/amqp" "net/http" "os" @@ -22,7 +22,7 @@ func failOnError(err error, msg string) { } } -// This is the same as amqpConnect in anvil, but with even +// This is the same as amqpConnect in boulder, but with even // more aggressive error dropping func amqpChannel(url string) (ch *amqp.Channel) { conn, err := amqp.Dial(url) @@ -34,7 +34,7 @@ func amqpChannel(url string) (ch *amqp.Channel) { } // Start the server and wait around -func runForever(server *anvil.AmqpRpcServer) { +func runForever(server *boulder.AmqpRpcServer) { forever := make(chan bool) server.Start() fmt.Fprintf(os.Stderr, "Server running...\n") @@ -43,8 +43,8 @@ func runForever(server *anvil.AmqpRpcServer) { func main() { app := cli.NewApp() - app.Name = "anvil-start" - app.Usage = "Command-line utility to start Anvil's servers in stand-alone mode" + app.Name = "boulder-start" + app.Usage = "Command-line utility to start Boulder's servers in stand-alone mode" app.Version = "0.0.0" // Server URL hard-coded for now @@ -66,11 +66,11 @@ func main() { Usage: "Start the CA in monolithic mode, without using AMQP", Action: func(c *cli.Context) { // Create the components - wfe := anvil.NewWebFrontEndImpl() - sa := anvil.NewSimpleStorageAuthorityImpl() - ra := anvil.NewRegistrationAuthorityImpl() - va := anvil.NewValidationAuthorityImpl() - ca, err := anvil.NewCertificateAuthorityImpl() + wfe := boulder.NewWebFrontEndImpl() + sa := boulder.NewSimpleStorageAuthorityImpl() + ra := boulder.NewRegistrationAuthorityImpl() + va := boulder.NewValidationAuthorityImpl() + ca, err := boulder.NewCertificateAuthorityImpl() failOnError(err, "Unable to create CA") // Wire them up @@ -105,25 +105,25 @@ func main() { ch := amqpChannel(amqpServerURL) // Create AMQP-RPC clients for CA, VA, RA, SA - cac, err := anvil.NewCertificateAuthorityClient("CA.client", "CA.server", ch) + cac, err := boulder.NewCertificateAuthorityClient("CA.client", "CA.server", ch) failOnError(err, "Failed to create CA client") - vac, err := anvil.NewValidationAuthorityClient("VA.client", "VA.server", ch) + vac, err := boulder.NewValidationAuthorityClient("VA.client", "VA.server", ch) failOnError(err, "Failed to create VA client") - rac, err := anvil.NewRegistrationAuthorityClient("RA.client", "RA.server", ch) + rac, err := boulder.NewRegistrationAuthorityClient("RA.client", "RA.server", ch) failOnError(err, "Failed to create RA client") - sac, err := anvil.NewStorageAuthorityClient("SA.client", "SA.server", ch) + sac, err := boulder.NewStorageAuthorityClient("SA.client", "SA.server", ch) failOnError(err, "Failed to create SA client") // ... and corresponding servers // (We need this order so that we can give the servers // references to the clients) - cas, err := anvil.NewCertificateAuthorityServer("CA.server", ch) + cas, err := boulder.NewCertificateAuthorityServer("CA.server", ch) failOnError(err, "Failed to create CA server") - vas, err := anvil.NewValidationAuthorityServer("VA.server", ch, &rac) + vas, err := boulder.NewValidationAuthorityServer("VA.server", ch, &rac) failOnError(err, "Failed to create VA server") - ras, err := anvil.NewRegistrationAuthorityServer("RA.server", ch, &vac, &cac, &sac) + ras, err := boulder.NewRegistrationAuthorityServer("RA.server", ch, &vac, &cac, &sac) failOnError(err, "Failed to create RA server") - sas := anvil.NewStorageAuthorityServer("SA.server", ch) + sas := boulder.NewStorageAuthorityServer("SA.server", ch) // Start the servers cas.Start() @@ -132,7 +132,7 @@ func main() { sas.Start() // Wire up the front end (wrappers are already wired) - wfe := anvil.NewWebFrontEndImpl() + wfe := boulder.NewWebFrontEndImpl() wfe.RA = &rac wfe.SA = &sac @@ -159,14 +159,14 @@ func main() { // Create necessary clients ch := amqpChannel(amqpServerURL) - rac, err := anvil.NewRegistrationAuthorityClient("RA.client", "RA.server", ch) + rac, err := boulder.NewRegistrationAuthorityClient("RA.client", "RA.server", ch) failOnError(err, "Unable to create RA client") - sac, err := anvil.NewStorageAuthorityClient("SA.client", "SA.server", ch) + sac, err := boulder.NewStorageAuthorityClient("SA.client", "SA.server", ch) failOnError(err, "Unable to create SA client") // Create the front-end and wire in its resources - wfe := anvil.NewWebFrontEndImpl() + wfe := boulder.NewWebFrontEndImpl() wfe.RA = &rac wfe.SA = &sac @@ -191,7 +191,7 @@ func main() { Action: func(c *cli.Context) { ch := amqpChannel(amqpServerURL) - cas, err := anvil.NewCertificateAuthorityServer("CA.server", ch) + cas, err := boulder.NewCertificateAuthorityServer("CA.server", ch) failOnError(err, "Unable to create CA server") runForever(cas) }, @@ -202,7 +202,7 @@ func main() { Action: func(c *cli.Context) { ch := amqpChannel(amqpServerURL) - sas := anvil.NewStorageAuthorityServer("SA.server", ch) + sas := boulder.NewStorageAuthorityServer("SA.server", ch) runForever(sas) }, }, @@ -212,10 +212,10 @@ func main() { Action: func(c *cli.Context) { ch := amqpChannel(amqpServerURL) - rac, err := anvil.NewRegistrationAuthorityClient("RA.client", "RA.server", ch) + rac, err := boulder.NewRegistrationAuthorityClient("RA.client", "RA.server", ch) failOnError(err, "Unable to create RA client") - vas, err := anvil.NewValidationAuthorityServer("VA.server", ch, &rac) + vas, err := boulder.NewValidationAuthorityServer("VA.server", ch, &rac) failOnError(err, "Unable to create VA server") runForever(vas) }, @@ -227,16 +227,16 @@ func main() { // TODO ch := amqpChannel(amqpServerURL) - vac, err := anvil.NewValidationAuthorityClient("VA.client", "VA.server", ch) + vac, err := boulder.NewValidationAuthorityClient("VA.client", "VA.server", ch) failOnError(err, "Unable to create VA client") - cac, err := anvil.NewCertificateAuthorityClient("CA.client", "CA.server", ch) + cac, err := boulder.NewCertificateAuthorityClient("CA.client", "CA.server", ch) failOnError(err, "Unable to create CA client") - sac, err := anvil.NewStorageAuthorityClient("SA.client", "SA.server", ch) + sac, err := boulder.NewStorageAuthorityClient("SA.client", "SA.server", ch) failOnError(err, "Unable to create SA client") - ras, err := anvil.NewRegistrationAuthorityServer("RA.server", ch, &vac, &cac, &sac) + ras, err := boulder.NewRegistrationAuthorityServer("RA.server", ch, &vac, &cac, &sac) failOnError(err, "Unable to create RA server") runForever(ras) }, diff --git a/anvil_test.go b/anvil_test.go index e74dd40b2..d8975119c 100644 --- a/anvil_test.go +++ b/anvil_test.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package boulder import () diff --git a/certificate-authority.go b/certificate-authority.go index 141111e1c..4d278aead 100644 --- a/certificate-authority.go +++ b/certificate-authority.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package bouler import ( "crypto/rand" diff --git a/interfaces.go b/interfaces.go index deee83410..bd68dd82c 100644 --- a/interfaces.go +++ b/interfaces.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package boulder import ( "crypto/x509" diff --git a/objects.go b/objects.go index 577f88afd..8446f8429 100644 --- a/objects.go +++ b/objects.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package boulder import ( "crypto/x509" @@ -39,7 +39,7 @@ const ( // An AcmeIdentifier encodes an identifier that can // be validated by ACME. The protocol allows for different // types of identifier to be supported (DNS names, IP -// addresses, etc.), but currently anvil only supports +// addresses, etc.), but currently we only support // domain names. type AcmeIdentifier struct { Type IdentifierType `json:"type"` // The type of identifier being encoded @@ -132,7 +132,7 @@ func (ch Challenge) MergeResponse(resp Challenge) Challenge { // on the wire (e.g., ID) must be made empty before marshaling. type Authorization struct { // An identifier for this authorization, unique across - // authorizations and certificates within this anvil instance. + // authorizations and certificates within this instance. ID string `json:"id,omitempty"` // The identifier for which authorization is being given @@ -164,11 +164,11 @@ type Authorization struct { Contact []AcmeURL `json:"contact,omitempty"` } -// Certificate objects are entirely internal to Anvil. The only +// Certificate objects are entirely internal to the server. The only // thing exposed on the wire is the certificate itself. type Certificate struct { // An identifier for this authorization, unique across - // authorizations and certificates within this anvil instance. + // authorizations and certificates within this instance. ID string // The certificate itself diff --git a/registration-authority.go b/registration-authority.go index 920afd241..6e88de7dd 100644 --- a/registration-authority.go +++ b/registration-authority.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package boulder import ( "crypto/sha256" diff --git a/rpc-wrappers.go b/rpc-wrappers.go index 456fe5435..0d49d109b 100644 --- a/rpc-wrappers.go +++ b/rpc-wrappers.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package boulder import ( "crypto/x509" diff --git a/storage-authority.go b/storage-authority.go index 418fb019a..43e04fb83 100644 --- a/storage-authority.go +++ b/storage-authority.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package boulder import ( "fmt" diff --git a/util.go b/util.go index 3ec87a051..b5e2b952b 100644 --- a/util.go +++ b/util.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package boulder import ( "crypto" diff --git a/validation-authority.go b/validation-authority.go index 74b1300ee..8b198f56e 100644 --- a/validation-authority.go +++ b/validation-authority.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package boulder import ( "bytes" diff --git a/web-front-end.go b/web-front-end.go index 9070ca308..b25809ca0 100644 --- a/web-front-end.go +++ b/web-front-end.go @@ -3,7 +3,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package anvil +package boulder import ( "encoding/json" From a6242b9c1a87c9b85408125311960ff1600c15b8 Mon Sep 17 00:00:00 2001 From: Richard Barnes Date: Tue, 13 Jan 2015 17:23:16 -0500 Subject: [PATCH 2/3] Remove some spurious notes --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index c624a0f55..2e9d66270 100644 --- a/README.md +++ b/README.md @@ -146,9 +146,6 @@ WebFE -> Client: revocation TODO ---- -* Switch to go-jose for JOSE processing -* Use CFSSL for the CA - * Ensure that distributed mode works with multiple processes * Add message signing and verification to the AMQP message layer * Add monitoring / syslog From 5ca3881f06ff3c6aae24458f6a3ed0aa9afb655c Mon Sep 17 00:00:00 2001 From: Richard Barnes Date: Tue, 13 Jan 2015 17:27:01 -0500 Subject: [PATCH 3/3] Renaming files --- {anvil-start => boulder-start}/main.go | 0 anvil_test.go => boulder_test.go | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {anvil-start => boulder-start}/main.go (100%) rename anvil_test.go => boulder_test.go (100%) diff --git a/anvil-start/main.go b/boulder-start/main.go similarity index 100% rename from anvil-start/main.go rename to boulder-start/main.go diff --git a/anvil_test.go b/boulder_test.go similarity index 100% rename from anvil_test.go rename to boulder_test.go