From 2bcb374edeffc2f2408f578a7e2fcc7068a66a95 Mon Sep 17 00:00:00 2001 From: vixentael Date: Thu, 3 May 2018 12:35:31 +0300 Subject: [PATCH] rename `acraproxy` -> `acra-connector` (#168) * rename `acraproxy` -> `acra-connector` * fix according reviews --- .circleci/integration.sh | 8 +- README.md | 16 +- benchmarks/write/write.go | 2 +- .../acra-connector.go} | 36 ++-- cmd/acra_configui/acra_configui.go | 36 ++-- cmd/acra_genkeys/acra_genkeys.go | 8 +- cmd/acraserver/acraserver.go | 14 +- cmd/acraserver/client_commands_session.go | 8 +- cmd/acraserver/client_session.go | 14 +- cmd/acraserver/config.go | 46 ++--- cmd/acraserver/listener.go | 2 +- cmd/constants.go | 34 ++-- configs/acra-connector.yaml | 72 +++++++ configs/acra_configui.yaml | 4 +- configs/acra_genkeys.yaml | 4 +- configs/acraproxy.yaml | 8 +- configs/acraserver.yaml | 6 +- configs/regenerate.sh | 2 +- decryptor/mysql/decryptor_test.go | 2 +- decryptor/mysql/response_proxy.go | 20 +- ....pgsql-nossl-server-ssession-connector.yml | 2 +- ...ssl-server-ssession-connector_zonemode.yml | 2 +- ...mpose.pgsql-nossl-server-ssl-connector.yml | 2 +- ...ql-nossl-server-ssl-connector_zonemode.yml | 2 +- ...compose.pgsql-ssl-server-ssl-connector.yml | 2 +- examples/python/example_with_zone.py | 4 +- examples/python/example_without_zone.py | 4 +- ...roxy_keystore.go => connector_keystore.go} | 12 +- keystore/filenames.go | 2 +- keystore/keystore.go | 2 +- keystore/server_keystore.go | 4 +- keystore/server_keystore_test.go | 10 +- logging/event_codes.go | 16 +- tests/test.py | 182 +++++++++--------- zone/zone_id_matcher_test.go | 2 +- 35 files changed, 331 insertions(+), 259 deletions(-) rename cmd/{acraproxy/acraproxy.go => acra-connector/acra-connector.go} (88%) create mode 100644 configs/acra-connector.yaml rename keystore/{proxy_keystore.go => connector_keystore.go} (56%) diff --git a/.circleci/integration.sh b/.circleci/integration.sh index b41c8fd7c..2194393fc 100755 --- a/.circleci/integration.sh +++ b/.circleci/integration.sh @@ -1,15 +1,15 @@ #!/usr/bin/env bash export TEST_ACRA_PORT=6000 -export TEST_PROXY_PORT=7000 -export TEST_PROXY_COMMAND_PORT=8000 +export TEST_CONNECTOR_PORT=7000 +export TEST_CONNECTOR_COMMAND_PORT=8000 cd $HOME/project for version in $VERSIONS; do echo "-------------------- Testing Go version $version" export TEST_ACRA_PORT=$(expr ${TEST_ACRA_PORT} + 1); - export TEST_PROXY_PORT=$(expr ${TEST_PROXY_PORT} + 1); - export TEST_PROXY_COMMAND_PORT=$(expr ${TEST_PROXY_COMMAND_PORT} + 1); + export TEST_CONNECTOR_PORT=$(expr ${TEST_CONNECTOR_PORT} + 1); + export TEST_CONNECTOR_COMMAND_PORT=$(expr ${TEST_CONNECTOR_COMMAND_PORT} + 1); export GOROOT=$HOME/go_root_$version/go; export PATH=$GOROOT/bin/:$PATH; export GOPATH=$HOME/go_path_$version; diff --git a/README.md b/README.md index 0adf0803e..e48105e30 100644 --- a/README.md +++ b/README.md @@ -73,27 +73,27 @@ Acra relies on our cryptographic library [Themis](https://www.github.com/cossack After successfully deploying and integrating Acra into your application, follow the 4 steps below: -* Your app talks to **AcraProxy**, local daemon, via PostgreSQL/MySQL driver. **AcraProxy** emulates your normal PostgreSQL/MySQL database, forwards all the requests to **AcraServer** over a secure channel, and expects a plaintext output back. -* Then **AcraProxy** forwards it over the initial database connection to the application. It is connected to **AcraServer** via [Secure Session](https://github.com/cossacklabs/themis/wiki/Secure-Session-cryptosystem) or TLS, which ensures that the plaintext goes over a protected channel. It is highly desirable to run **AcraProxy** via a separate user to compartmentalise it from the client-facing code. +* Your app talks to **AcraConnector**, local daemon, via PostgreSQL/MySQL driver. **AcraConnector** emulates your normal PostgreSQL/MySQL database, forwards all the requests to **AcraServer** over a secure channel, and expects a plaintext output back. +* Then **AcraConnector** forwards it over the initial database connection to the application. It is connected to **AcraServer** via [Secure Session](https://github.com/cossacklabs/themis/wiki/Secure-Session-cryptosystem) or TLS, which ensures that the plaintext goes over a protected channel. It is highly desirable to run **AcraConnector** via a separate user to compartmentalise it from the client-facing code. * **AcraServer** is the core entity that provides decryption services for all the encrypted envelopes that come from the database, and then re-packs database answers for the application. **AcraCensor** is part of AcraServer that allows customising the firewall rules for all the requests coming to the MySQL database. * To write the protected data to the database, you can use **AcraWriter library**, which generates AcraStructs and helps you integrate it as a type into your ORM or database management code. You will need Acra's public key to do that. AcraStructs generated by AcraWriter are not readable by it — only the server has the right keys to decrypt it. -* You can connect to both **AcraProxy** and the database directly when you don't need encrypted reads/writes. However, increased performance might cost you some design elegance (which is sometimes perfectly fine when it's a conscious decision). +* You can connect to both **AcraConnector** and the database directly when you don't need encrypted reads/writes. However, increased performance might cost you some design elegance (which is sometimes perfectly fine when it's a conscious decision). To better understand the architecture and data flow, please refer to [Architecture and data flow](https://github.com/cossacklabs/acra/wiki/Architecture-and-data-flow) section in the official documentation. The typical workflow looks like this: - The app encrypts some data using AcraWriter, generating AcraStruct with AcraServer public key, and updates the database. -- The app sends SQL request through AcraProxy, which forwards it to AcraServer. +- The app sends SQL request through AcraConnector, which forwards it to AcraServer. - AcraServer passes each query through AcraCensor, which can be configured to blacklist or whitelist some queries. AcraServer forwards the allowed queries to the database. AcraCensor can currently be only enabled for MySQL databases. -- Upon receiving the answer, AcraServer tries to detect encrypted envelopes (AcraStructs). If it succeeds, AcraServer decrypts payload and replaces them with plaintext answer, which is then returned to AcraProxy over a secure channel. -- AcraProxy then provides an answer to the application, as if no complex security instrumentation was ever present within the system. +- Upon receiving the answer, AcraServer tries to detect encrypted envelopes (AcraStructs). If it succeeds, AcraServer decrypts payload and replaces them with plaintext answer, which is then returned to AcraConnector over a secure channel. +- AcraConnector then provides an answer to the application, as if no complex security instrumentation was ever present within the system. ## 4 steps to start * Read the [Quick start guide](https://github.com/cossacklabs/acra/wiki/Quick-start-guide) to launch all the components. We provide different ways of installing Acra: using Docker, downloading binaries, building from source. -* [Deploy AcraServer](https://github.com/cossacklabs/acra/wiki/Quick-start-guide) binaries in a separate virtual machine (or [try it in a docker container](https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker)). [Generate keys](https://github.com/cossacklabs/acra/wiki/Key-Management), put AcraServer public key into both clients (AcraProxy and AcraWriter, see next). -* Deploy [AcraProxy](https://github.com/cossacklabs/acra/wiki/AcraProxy-and-AcraWriter#acraproxy) on each server where you need to read sensitive data. Generate proxy keys, provide a public key to AcraServer. Point your database access code to AcraProxy, access it as your normal database installation. +* [Deploy AcraServer](https://github.com/cossacklabs/acra/wiki/Quick-start-guide) binaries in a separate virtual machine (or [try it in a docker container](https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker)). [Generate keys](https://github.com/cossacklabs/acra/wiki/Key-Management), put AcraServer public key into both clients (AcraConnector and AcraWriter, see next). +* Deploy [AcraConnector](https://github.com/cossacklabs/acra/wiki/AcraProxy-and-AcraWriter#acraproxy) on each server where you need to read sensitive data. Generate acra-connector keys, provide a public key to AcraServer. Point your database access code to AcraConnector, access it as your normal database installation. * Integrate [AcraWriter](https://github.com/cossacklabs/acra/wiki/AcraProxy-and-AcraWriter#acrawriter) into your code where you need to store sensitive data, supply AcraWriter with proper server key. ## Additionally diff --git a/benchmarks/write/write.go b/benchmarks/write/write.go index 0c6938cb5..2c84584e4 100644 --- a/benchmarks/write/write.go +++ b/benchmarks/write/write.go @@ -43,7 +43,7 @@ func CheckOneKey() { panic(err) } if !exists { - fmt.Printf("Create keypair for acraproxy and for acraserver that will be used in onekey test. Key %v not exists\n", key) + fmt.Printf("Create keypair for AcraConnector and for AcraServer that will be used in onekey test. Key %v not exists\n", key) os.Exit(1) } } diff --git a/cmd/acraproxy/acraproxy.go b/cmd/acra-connector/acra-connector.go similarity index 88% rename from cmd/acraproxy/acraproxy.go rename to cmd/acra-connector/acra-connector.go index 2b7969233..2d63d9f39 100644 --- a/cmd/acraproxy/acraproxy.go +++ b/cmd/acra-connector/acra-connector.go @@ -37,13 +37,13 @@ import ( ) // DEFAULT_CONFIG_PATH relative path to config which will be parsed as default -var SERVICE_NAME = "acraproxy" +var SERVICE_NAME = "acra-connector" var DEFAULT_CONFIG_PATH = utils.GetConfigPathByName(SERVICE_NAME) func checkDependencies() error { for _, toolName := range []string{"netstat", "awk"} { if _, err := exec.LookPath(toolName); os.IsNotExist(err) { - return fmt.Errorf("AcraProxy need \"%v\" tool", toolName) + return fmt.Errorf("AcraConnector need \"%v\" tool", toolName) } } return nil @@ -124,7 +124,7 @@ func handleClientConnection(config *Config, connection net.Conn) { log.Debugln("Connection closed") } else { log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCantStartConnection). - Errorln("Proxy error") + Errorln("Connector error") } return } @@ -153,18 +153,18 @@ func main() { acraPort := flag.Int("acra_port", cmd.DEFAULT_ACRA_PORT, "Port of acra daemon") acraId := flag.String("acra_id", "acra_server", "Expected id from acraserver for Secure Session") verbose := flag.Bool("v", false, "Log to stderr") - port := flag.Int("port", cmd.DEFAULT_PROXY_PORT, "Port fo acraproxy") - commandsPort := flag.Int("command_port", cmd.DEFAULT_PROXY_API_PORT, "Port for acraproxy http api") + port := flag.Int("port", cmd.DEFAULT_CONNECTOR_PORT, "Port fo acra-connector") + commandsPort := flag.Int("command_port", cmd.DEFAULT_CONNECTOR_API_PORT, "Port for acra-connector http api") enableHTTPApi := flag.Bool("enable_http_api", false, "Enable HTTP API") disableUserCheck := flag.Bool("disable_user_check", false, "Disable checking that connections from app running from another user") - useTls := flag.Bool("tls", false, "Use tls to encrypt transport between acraserver and acraproxy/client") + useTls := flag.Bool("tls", false, "Use tls to encrypt transport between acraserver and acra-connector/client") tlsCA := flag.String("tls_ca", "", "Path to root certificate") tlsKey := flag.String("tls_key", "", "Path to tls client's key") tlsCert := flag.String("tls_cert", "", "Path to tls client's certificate") tlsSNI := flag.String("tls_sni", "", "Expected Server Name (SNI)") - noEncryption := flag.Bool("no_encryption", false, "Use raw transport (tcp/unix socket) between acraserver and acraproxy/client (don't use this flag if you not connect to database with ssl/tls") - connectionString := flag.String("connection_string", network.BuildConnectionString(cmd.DEFAULT_PROXY_CONNECTION_PROTOCOL, cmd.DEFAULT_PROXY_HOST, cmd.DEFAULT_PROXY_PORT, ""), "Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket") - connectionAPIString := flag.String("connection_api_string", network.BuildConnectionString(cmd.DEFAULT_PROXY_CONNECTION_PROTOCOL, cmd.DEFAULT_PROXY_HOST, cmd.DEFAULT_PROXY_API_PORT, ""), "Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket") + noEncryption := flag.Bool("no_encryption", false, "Use raw transport (tcp/unix socket) between acraserver and acra-connector/client (don't use this flag if you not connect to database with ssl/tls") + connectionString := flag.String("connection_string", network.BuildConnectionString(cmd.DEFAULT_CONNECTOR_CONNECTION_PROTOCOL, cmd.DEFAULT_CONNECTOR_HOST, cmd.DEFAULT_CONNECTOR_PORT, ""), "Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket") + connectionAPIString := flag.String("connection_api_string", network.BuildConnectionString(cmd.DEFAULT_CONNECTOR_CONNECTION_PROTOCOL, cmd.DEFAULT_CONNECTOR_HOST, cmd.DEFAULT_CONNECTOR_API_PORT, ""), "Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket") acraConnectionString := flag.String("acra_connection_string", "", "Connection string to Acra server like tcp://x.x.x.x:yyyy or unix:///path/to/socket") acraApiConnectionString := flag.String("acra_api_connection_string", "", "Connection string to Acra's API like tcp://x.x.x.x:yyyy or unix:///path/to/socket") @@ -184,11 +184,11 @@ func main() { os.Exit(1) } - if *port != cmd.DEFAULT_PROXY_PORT { - *connectionString = network.BuildConnectionString(cmd.DEFAULT_PROXY_CONNECTION_PROTOCOL, cmd.DEFAULT_PROXY_HOST, *port, "") + if *port != cmd.DEFAULT_CONNECTOR_PORT { + *connectionString = network.BuildConnectionString(cmd.DEFAULT_CONNECTOR_CONNECTION_PROTOCOL, cmd.DEFAULT_CONNECTOR_HOST, *port, "") } - if *commandsPort != cmd.DEFAULT_PROXY_API_PORT { - *connectionAPIString = network.BuildConnectionString(cmd.DEFAULT_PROXY_CONNECTION_PROTOCOL, cmd.DEFAULT_PROXY_HOST, *commandsPort, "") + if *commandsPort != cmd.DEFAULT_CONNECTOR_API_PORT { + *connectionAPIString = network.BuildConnectionString(cmd.DEFAULT_CONNECTOR_CONNECTION_PROTOCOL, cmd.DEFAULT_CONNECTOR_HOST, *commandsPort, "") } if *acraHost == "" && *acraConnectionString == "" { @@ -218,12 +218,12 @@ func main() { exists, err := utils.FileExists(clientPrivateKey) if !exists { log.WithField(logging.FieldKeyEventCode, logging.EventCodeErrorWrongConfiguration). - Errorf("Configuration error: acraproxy private key %s doesn't exists", clientPrivateKey) + Errorf("Configuration error: acra-connector private key %s doesn't exists", clientPrivateKey) os.Exit(1) } if err != nil { log.WithField(logging.FieldKeyEventCode, logging.EventCodeErrorWrongConfiguration). - Errorf("Configuration error: can't check is exists acraproxy private key %v, got error - %v", clientPrivateKey, err) + Errorf("Configuration error: can't check is exists acra-connector private key %v, got error - %v", clientPrivateKey, err) os.Exit(1) } exists, err = utils.FileExists(serverPublicKey) @@ -258,7 +258,7 @@ func main() { log.WithError(err).Errorln("can't init scell encryptor") os.Exit(1) } - keyStore, err := keystore.NewProxyFileSystemKeyStore(*keysDir, []byte(*clientId), scellEncryptor) + keyStore, err := keystore.NewConnectorFileSystemKeyStore(*keysDir, []byte(*clientId), scellEncryptor) if err != nil { log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCantInitKeyStore). Errorln("Can't initialize keystore") @@ -353,9 +353,9 @@ func main() { } // unix socket and value == '@' if len(connection.RemoteAddr().String()) == 1 { - log.Infof("Got new connection to acraproxy: %v", connection.LocalAddr()) + log.Infof("Got new connection to acra-connector: %v", connection.LocalAddr()) } else { - log.Infof("Got new connection to acraproxy: %v", connection.RemoteAddr()) + log.Infof("Got new connection to acra-connector: %v", connection.RemoteAddr()) } go handleClientConnection(config, connection) } diff --git a/cmd/acra_configui/acra_configui.go b/cmd/acra_configui/acra_configui.go index 449bc5780..229e6e91f 100644 --- a/cmd/acra_configui/acra_configui.go +++ b/cmd/acra_configui/acra_configui.go @@ -106,15 +106,15 @@ type configParamsYAML struct { var outConfigParams configParamsYAML type ConfigAcraServer struct { - ProxyHost string `json:"host"` - ProxyPort int `json:"port"` - DbHost string `json:"db_host"` - DbPort int `json:"db_port"` - ProxyCommandsPort int `json:"commands_port"` - Debug bool `json:"debug"` - ScriptOnPoison string `json:"poisonscript"` - StopOnPoison bool `json:"poisonshutdown"` - WithZone bool `json:"zonemode"` + ConnectorHost string `json:"host"` + ConnectorPort int `json:"port"` + DbHost string `json:"db_host"` + DbPort int `json:"db_port"` + ConnectorCommandsPort int `json:"commands_port"` + Debug bool `json:"debug"` + ScriptOnPoison string `json:"poisonscript"` + StopOnPoison bool `json:"poisonshutdown"` + WithZone bool `json:"zonemode"` } func SubmitSettings(w http.ResponseWriter, r *http.Request) { @@ -139,13 +139,13 @@ func SubmitSettings(w http.ResponseWriter, r *http.Request) { var zonemode, _ = strconv.ParseBool(r.Form.Get("zonemode")) var poisonshutdown, _ = strconv.ParseBool(r.Form.Get("poisonshutdown")) config := ConfigAcraServer{ - DbHost: r.Form.Get("db_host"), - DbPort: db_port, - ProxyCommandsPort: commands_port, - Debug: debug, - ScriptOnPoison: r.Form.Get("poisonscript"), - StopOnPoison: poisonshutdown, - WithZone: zonemode, + DbHost: r.Form.Get("db_host"), + DbPort: db_port, + ConnectorCommandsPort: commands_port, + Debug: debug, + ScriptOnPoison: r.Form.Get("poisonscript"), + StopOnPoison: poisonshutdown, + WithZone: zonemode, } jsonToServer, err := json.Marshal(config) if err != nil { @@ -373,8 +373,8 @@ func main() { loggingFormat := flag.String("logging_format", "plaintext", "Logging format: plaintext, json or CEF") logging.CustomizeLogging(*loggingFormat, SERVICE_NAME) log.Infof("Starting service") - acraHost = flag.String("acra_host", "localhost", "Host for Acraserver HTTP endpoint or proxy") - acraPort = flag.Int("acra_port", cmd.DEFAULT_PROXY_API_PORT, "Port for Acraserver HTTP endpoint or proxy") + acraHost = flag.String("acra_host", "localhost", "Host for Acraserver HTTP endpoint or AcraConnector") + acraPort = flag.Int("acra_port", cmd.DEFAULT_CONNECTOR_API_PORT, "Port for Acraserver HTTP endpoint or AcraConnector") staticPath = flag.String("static_path", cmd.DEFAULT_ACRA_CONFIGUI_STATIC, "Path to static content") debug = flag.Bool("d", false, "Turn on debug logging") authMode = flag.String("auth_mode", cmd.DEFAULT_ACRA_CONFIGUI_AUTH_MODE, "Mode for basic auth. Possible values: auth_on|auth_off_local|auth_off") diff --git a/cmd/acra_genkeys/acra_genkeys.go b/cmd/acra_genkeys/acra_genkeys.go index 4b8b5fa58..a1b6fe5ca 100644 --- a/cmd/acra_genkeys/acra_genkeys.go +++ b/cmd/acra_genkeys/acra_genkeys.go @@ -29,7 +29,7 @@ var DEFAULT_CONFIG_PATH = utils.GetConfigPathByName("acra_genkeys") func main() { clientId := flag.String("client_id", "client", "Client id") - acraproxy := flag.Bool("acraproxy", false, "Create keypair for acraproxy only") + acraConnector := flag.Bool("acra-connector", false, "Create keypair for acra-connector only") acraserver := flag.Bool("acraserver", false, "Create keypair for acraserver only") dataKeys := flag.Bool("storage", false, "Create keypair for data encryption/decryption") basicauth := flag.Bool("basicauth", false, "Create symmetric key for acra_configui's basic auth db") @@ -82,8 +82,8 @@ func main() { panic(err) } - if *acraproxy { - err = store.GenerateProxyKeys([]byte(*clientId)) + if *acraConnector { + err = store.GenerateConnectorKeys([]byte(*clientId)) if err != nil { panic(err) } @@ -103,7 +103,7 @@ func main() { panic(err) } } else { - err = store.GenerateProxyKeys([]byte(*clientId)) + err = store.GenerateConnectorKeys([]byte(*clientId)) if err != nil { panic(err) } diff --git a/cmd/acraserver/acraserver.go b/cmd/acraserver/acraserver.go index 517c3178c..b52d50399 100644 --- a/cmd/acraserver/acraserver.go +++ b/cmd/acraserver/acraserver.go @@ -88,13 +88,13 @@ func main() { withZone := flag.Bool("zonemode", false, "Turn on zone mode") enableHTTPApi := flag.Bool("enable_http_api", false, "Enable HTTP API") - useTls := flag.Bool("tls", false, "Use tls to encrypt transport between acraserver and acraproxy/client") + useTls := flag.Bool("tls", false, "Use tls to encrypt transport between acraserver and acra-connector/client") tlsKey := flag.String("tls_key", "", "Path to tls server key") tlsCert := flag.String("tls_cert", "", "Path to tls server certificate") tlsCA := flag.String("tls_ca", "", "Path to root certificate") tlsSNI := flag.String("tls_sni", "", "Expected Server Name (SNI)") - noEncryption := flag.Bool("no_encryption", false, "Use raw transport (tcp/unix socket) between acraserver and acraproxy/client (don't use this flag if you not connect to database with ssl/tls") - clientId := flag.String("client_id", "", "Expected client id of acraproxy in mode without encryption") + noEncryption := flag.Bool("no_encryption", false, "Use raw transport (tcp/unix socket) between acraserver and acra-connector/client (don't use this flag if you not connect to database with ssl/tls") + clientId := flag.String("client_id", "", "Expected client id of acra-connector in mode without encryption") acraConnectionString := flag.String("connection_string", network.BuildConnectionString(cmd.DEFAULT_ACRA_CONNECTION_PROTOCOL, cmd.DEFAULT_ACRA_HOST, cmd.DEFAULT_ACRA_PORT, ""), "Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket") acraAPIConnectionString := flag.String("connection_api_string", network.BuildConnectionString(cmd.DEFAULT_ACRA_CONNECTION_PROTOCOL, cmd.DEFAULT_ACRA_HOST, cmd.DEFAULT_ACRA_API_PORT, ""), "Connection string for api like tcp://x.x.x.x:yyyy or unix:///path/to/socket") authPath = flag.String("auth_keys", cmd.DEFAULT_ACRA_AUTH_PATH, "Path to basic auth passwords. To add user, use: `./acra_genauth --set --user --pwd `") @@ -161,9 +161,9 @@ func main() { config.SetWithZone(*withZone) config.SetDBHost(*dbHost) config.SetDBPort(*dbPort) - config.SetProxyHost(*host) - config.SetProxyPort(*port) - config.SetProxyCommandsPort(*commandsPort) + config.SetConnectorHost(*host) + config.SetConnectorPort(*port) + config.SetConnectorCommandsPort(*commandsPort) config.SetKeysDir(*keysDir) config.SetServerId([]byte(*serverId)) config.SetAcraConnectionString(*acraConnectionString) @@ -226,7 +226,7 @@ func main() { } else if *noEncryption { if *clientId == "" && !*withZone { log.WithField(logging.FieldKeyEventCode, logging.EventCodeErrorTransportConfiguration). - Errorln("Configuration error: without zone mode and without encryption you must set which will be used to connect from acraproxy to acraserver") + Errorln("Configuration error: without zone mode and without encryption you must set which will be used to connect from acra-connector to acraserver") os.Exit(1) } log.Infof("Selecting transport: use raw transport wrapper") diff --git a/cmd/acraserver/client_commands_session.go b/cmd/acraserver/client_commands_session.go index 0e5595c41..8f3822645 100644 --- a/cmd/acraserver/client_commands_session.go +++ b/cmd/acraserver/client_commands_session.go @@ -57,11 +57,11 @@ func (clientSession *ClientCommandsSession) ConnectToDb() error { } func (clientSession *ClientCommandsSession) close() { - log.Debugln("Close acraproxy connection") + log.Debugln("Close acra-connector connection") err := clientSession.connection.Close() if err != nil { log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCantCloseConnection). - Errorln("Error during closing connection to acraproxy") + Errorln("Error during closing connection to acra-connector") } log.Debugln("All connections closed") } @@ -145,7 +145,7 @@ func (clientSession *ClientCommandsSession) HandleSession() { // set config values flag.Set("db_host", configFromUI.DbHost) flag.Set("db_port", fmt.Sprintf("%v", configFromUI.DbPort)) - flag.Set("commands_port", fmt.Sprintf("%v", configFromUI.ProxyCommandsPort)) + flag.Set("commands_port", fmt.Sprintf("%v", configFromUI.ConnectorCommandsPort)) flag.Set("d", fmt.Sprintf("%v", configFromUI.Debug)) flag.Set("poisonscript", fmt.Sprintf("%v", configFromUI.ScriptOnPoison)) flag.Set("poisonshutdown", fmt.Sprintf("%v", configFromUI.StopOnPoison)) @@ -165,7 +165,7 @@ func (clientSession *ClientCommandsSession) HandleSession() { _, err = clientSession.connection.Write([]byte(response)) if err != nil { - log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorGeneral).Errorln("Can't send data with secure session to acraproxy") + log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorGeneral).Errorln("Can't send data with secure session to acra-connector") return } clientSession.close() diff --git a/cmd/acraserver/client_session.go b/cmd/acraserver/client_session.go index 8d25d4910..27d651407 100644 --- a/cmd/acraserver/client_session.go +++ b/cmd/acraserver/client_session.go @@ -51,12 +51,12 @@ func (clientSession *ClientSession) ConnectToDb() error { } func (clientSession *ClientSession) close() { - log.Debugln("Close acraproxy connection") + log.Debugln("Close acra-connector connection") err := clientSession.connection.Close() if err != nil { log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCantCloseConnectionToService). - Errorln("Error with closing connection to acraproxy") + Errorln("Error with closing connection to acra-connector") } log.Debugln("Close db connection") err = clientSession.connectionToDb.Close() @@ -67,7 +67,7 @@ func (clientSession *ClientSession) close() { log.Debugln("All connections closed") } -/* proxy connections from client to db and decrypt responses from db to client +/* acra-connector connections from client to db and decrypt responses from db to client if any error occurred than end processing */ func (clientSession *ClientSession) HandleClientConnection(decryptorImpl base.Decryptor) { @@ -80,11 +80,11 @@ func (clientSession *ClientSession) HandleClientConnection(decryptorImpl base.De log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCantConnectToDB). Errorln("Can't connect to db") - log.Debugln("Close connection with acraproxy") + log.Debugln("Close connection with acra-connector") err = clientSession.connection.Close() if err != nil { log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCantCloseConnectionToService). - Errorln("Error with closing connection to acraproxy") + Errorln("Error with closing connection to acra-connector") } return } @@ -97,8 +97,8 @@ func (clientSession *ClientSession) HandleClientConnection(decryptorImpl base.De Errorln("Can't initialize mysql handler") return } - go handler.ClientToDbProxy(innerErrorChannel) - go handler.DbToClientProxy(innerErrorChannel) + go handler.ClientToDbConnector(innerErrorChannel) + go handler.DbToClientConnector(innerErrorChannel) } else { log.Debugln("PostgreSQL connection") go network.Proxy(clientSession.connection, clientSession.connectionToDb, innerErrorChannel) diff --git a/cmd/acraserver/config.go b/cmd/acraserver/config.go index f9b189572..40b35fa4a 100644 --- a/cmd/acraserver/config.go +++ b/cmd/acraserver/config.go @@ -29,12 +29,12 @@ const ( ) type Config struct { - proxyCommandsPort int + connectorCommandsPort int byteaFormat int8 dbPort int - proxyPort int + connectorPort int dbHost string - proxyHost string + connectorHost string keysDir string scriptOnPoison string stopOnPoison bool @@ -56,13 +56,13 @@ type Config struct { } type UIEditableConfig struct { - DbHost string `json:"db_host"` - DbPort int `json:"db_port"` - ProxyCommandsPort int `json:"commands_port"` - Debug bool `json:"debug"` - ScriptOnPoison string `json:"poisonscript"` - StopOnPoison bool `json:"poisonshutdown"` - WithZone bool `json:"zonemode"` + DbHost string `json:"db_host"` + DbPort int `json:"db_port"` + ConnectorCommandsPort int `json:"commands_port"` + Debug bool `json:"debug"` + ScriptOnPoison string `json:"poisonscript"` + StopOnPoison bool `json:"poisonshutdown"` + WithZone bool `json:"zonemode"` } func NewConfig() *Config { @@ -166,25 +166,25 @@ func (config *Config) SetEnableHTTPApi(api bool) { func (config *Config) GetEnableHTTPApi() bool { return config.withAPI } -func (config *Config) GetProxyHost() string { - return config.proxyHost +func (config *Config) GetConnectorHost() string { + return config.connectorHost } -func (config *Config) SetProxyHost(host string) error { - config.proxyHost = host +func (config *Config) SetConnectorHost(host string) error { + config.connectorHost = host return nil } -func (config *Config) GetProxyPort() int { - return config.proxyPort +func (config *Config) GetConnectorPort() int { + return config.connectorPort } -func (config *Config) GetProxyCommandsPort() int { - return config.proxyCommandsPort +func (config *Config) GetConnectorCommandsPort() int { + return config.connectorCommandsPort } -func (config *Config) SetProxyPort(port int) error { - config.proxyPort = port +func (config *Config) SetConnectorPort(port int) error { + config.connectorPort = port return nil } -func (config *Config) SetProxyCommandsPort(port int) error { - config.proxyCommandsPort = port +func (config *Config) SetConnectorCommandsPort(port int) error { + config.connectorCommandsPort = port return nil } func (config *Config) GetDBHost() string { @@ -242,7 +242,7 @@ func (config *Config) ToJson() ([]byte, error) { var s UIEditableConfig s.DbHost = config.GetDBHost() s.DbPort = config.GetDBPort() - s.ProxyCommandsPort = config.GetProxyCommandsPort() + s.ConnectorCommandsPort = config.GetConnectorCommandsPort() s.Debug = config.GetDebug() s.ScriptOnPoison = config.GetScriptOnPoison() s.StopOnPoison = config.GetStopOnPoison() diff --git a/cmd/acraserver/listener.go b/cmd/acraserver/listener.go index e3fbff156..6ece4372c 100644 --- a/cmd/acraserver/listener.go +++ b/cmd/acraserver/listener.go @@ -138,7 +138,7 @@ func (server *SServer) handleConnection(connection net.Conn) { wrappedConnection, clientId, err := server.config.ConnectionWrapper.WrapServer(connection) if err != nil { log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCantWrapConnection). - Errorln("Can't wrap connection from acraproxy") + Errorln("Can't wrap connection from acra-connector") if closeErr := connection.Close(); closeErr != nil { log.WithError(closeErr).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCantCloseConnection). Errorln("Can't close connection") diff --git a/cmd/constants.go b/cmd/constants.go index 6ad450181..51d3d1f60 100644 --- a/cmd/constants.go +++ b/cmd/constants.go @@ -1,21 +1,21 @@ package cmd const ( - DEFAULT_PROXY_PORT = 9494 - DEFAULT_PROXY_API_PORT = 9191 - DEFAULT_PROXY_CONNECTION_PROTOCOL = "tcp" - DEFAULT_PROXY_HOST = "127.0.0.1" - DEFAULT_ACRA_HOST = "0.0.0.0" - DEFAULT_ACRA_PORT = 9393 - DEFAULT_ACRA_API_PORT = 9090 - DEFAULT_ACRA_AUTH_PATH = "configs/auth.keys" - DEFAULT_ACRA_CONNECTION_PROTOCOL = "tcp" - DEFAULT_ACRA_CONFIGUI_HOST = "127.0.0.1" - DEFAULT_ACRA_CONFIGUI_PORT = 8000 - DEFAULT_ACRA_CONFIGUI_STATIC = "cmd/acra_configui/static" - DEFAULT_ACRA_CONFIGUI_AUTH_MODE = "auth_on" - ACRA_CONFIGUI_AUTH_ARGON2_LENGTH = 32 - ACRA_CONFIGUI_AUTH_ARGON2_MEMORY = 8 * 1024 - ACRA_CONFIGUI_AUTH_ARGON2_TIME = 3 - ACRA_CONFIGUI_AUTH_ARGON2_THREADS = 2 + DEFAULT_CONNECTOR_PORT = 9494 + DEFAULT_CONNECTOR_API_PORT = 9191 + DEFAULT_CONNECTOR_CONNECTION_PROTOCOL = "tcp" + DEFAULT_CONNECTOR_HOST = "127.0.0.1" + DEFAULT_ACRA_HOST = "0.0.0.0" + DEFAULT_ACRA_PORT = 9393 + DEFAULT_ACRA_API_PORT = 9090 + DEFAULT_ACRA_AUTH_PATH = "configs/auth.keys" + DEFAULT_ACRA_CONNECTION_PROTOCOL = "tcp" + DEFAULT_ACRA_CONFIGUI_HOST = "127.0.0.1" + DEFAULT_ACRA_CONFIGUI_PORT = 8000 + DEFAULT_ACRA_CONFIGUI_STATIC = "cmd/acra_configui/static" + DEFAULT_ACRA_CONFIGUI_AUTH_MODE = "auth_on" + ACRA_CONFIGUI_AUTH_ARGON2_LENGTH = 32 + ACRA_CONFIGUI_AUTH_ARGON2_MEMORY = 8 * 1024 + ACRA_CONFIGUI_AUTH_ARGON2_TIME = 3 + ACRA_CONFIGUI_AUTH_ARGON2_THREADS = 2 ) diff --git a/configs/acra-connector.yaml b/configs/acra-connector.yaml new file mode 100644 index 000000000..0d85f292e --- /dev/null +++ b/configs/acra-connector.yaml @@ -0,0 +1,72 @@ +# Connection string to Acra's API like tcp://x.x.x.x:yyyy or unix:///path/to/socket +acra_api_connection_string: + +# Port of acra http api +acra_commands_port: 9090 + +# Connection string to Acra server like tcp://x.x.x.x:yyyy or unix:///path/to/socket +acra_connection_string: + +# IP or domain to acra daemon +acra_host: + +# Expected id from acraserver for Secure Session +acra_id: acra_server + +# Port of acra daemon +acra_port: 9393 + +# Client id +client_id: + +# Port for acra-connector http api +command_port: 9191 + +# path to config +config: + +# Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket +connection_api_string: tcp://127.0.0.1:9191/ + +# Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket +connection_string: tcp://127.0.0.1:9494/ + +# Disable checking that connections from app running from another user +disable_user_check: false + +# dump config +dumpconfig: false + +# Enable HTTP API +enable_http_api: false + +# Folder from which will be loaded keys +keys_dir: .acrakeys + +# Logging format: plaintext, json or CEF +logging_format: plaintext + +# Use raw transport (tcp/unix socket) between acraserver and acra-connector/client (don't use this flag if you not connect to database with ssl/tls +no_encryption: false + +# Port fo acra-connector +port: 9494 + +# Use tls to encrypt transport between acraserver and acra-connector/client +tls: false + +# Path to root certificate +tls_ca: + +# Path to tls client's certificate +tls_cert: + +# Path to tls client's key +tls_key: + +# Expected Server Name (SNI) +tls_sni: + +# Log to stderr +v: false + diff --git a/configs/acra_configui.yaml b/configs/acra_configui.yaml index df4f7206c..03b338488 100644 --- a/configs/acra_configui.yaml +++ b/configs/acra_configui.yaml @@ -1,7 +1,7 @@ -# Host for Acraserver HTTP endpoint or proxy +# Host for Acraserver HTTP endpoint or AcraConnector acra_host: localhost -# Port for Acraserver HTTP endpoint or proxy +# Port for Acraserver HTTP endpoint or AcraConnector acra_port: 9191 # Mode for basic auth. Possible values: auth_on|auth_off_local|auth_off diff --git a/configs/acra_genkeys.yaml b/configs/acra_genkeys.yaml index a2f4dd7d5..c9c70316e 100644 --- a/configs/acra_genkeys.yaml +++ b/configs/acra_genkeys.yaml @@ -1,5 +1,5 @@ -# Create keypair for acraproxy only -acraproxy: false +# Create keypair for acra-connector only +acra-connector: false # Create keypair for acraserver only acraserver: false diff --git a/configs/acraproxy.yaml b/configs/acraproxy.yaml index 4215d5982..0d85f292e 100644 --- a/configs/acraproxy.yaml +++ b/configs/acraproxy.yaml @@ -19,7 +19,7 @@ acra_port: 9393 # Client id client_id: -# Port for acraproxy http api +# Port for acra-connector http api command_port: 9191 # path to config @@ -46,13 +46,13 @@ keys_dir: .acrakeys # Logging format: plaintext, json or CEF logging_format: plaintext -# Use raw transport (tcp/unix socket) between acraserver and acraproxy/client (don't use this flag if you not connect to database with ssl/tls +# Use raw transport (tcp/unix socket) between acraserver and acra-connector/client (don't use this flag if you not connect to database with ssl/tls no_encryption: false -# Port fo acraproxy +# Port fo acra-connector port: 9494 -# Use tls to encrypt transport between acraserver and acraproxy/client +# Use tls to encrypt transport between acraserver and acra-connector/client tls: false # Path to root certificate diff --git a/configs/acraserver.yaml b/configs/acraserver.yaml index d0526bd1c..6304303ac 100644 --- a/configs/acraserver.yaml +++ b/configs/acraserver.yaml @@ -4,7 +4,7 @@ auth_keys: configs/auth.keys # Path to acracensor configuration file censor_config: -# Expected client id of acraproxy in mode without encryption +# Expected client id of acra-connector in mode without encryption client_id: # Time that acraserver will wait (in seconds) on restart before closing all connections @@ -61,7 +61,7 @@ logging_format: plaintext # Handle MySQL connections mysql: false -# Use raw transport (tcp/unix socket) between acraserver and acraproxy/client (don't use this flag if you not connect to database with ssl/tls +# Use raw transport (tcp/unix socket) between acraserver and acra-connector/client (don't use this flag if you not connect to database with ssl/tls no_encryption: false # Execute script on detecting poison record @@ -79,7 +79,7 @@ postgresql: false # Id that will be sent in secure session server_id: acra_server -# Use tls to encrypt transport between acraserver and acraproxy/client +# Use tls to encrypt transport between acraserver and acra-connector/client tls: false # Path to root certificate diff --git a/configs/regenerate.sh b/configs/regenerate.sh index d8b31d310..65b66ad67 100755 --- a/configs/regenerate.sh +++ b/configs/regenerate.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash go run ./cmd/acraserver/*.go --dumpconfig -go run ./cmd/acraproxy/*.go --dumpconfig +go run ./cmd/acra-connector/*.go --dumpconfig go run ./cmd/acra_addzone/*.go --dumpconfig go run ./cmd/acra_configui/*.go --dumpconfig go run ./cmd/acra_rollback/*.go --dumpconfig diff --git a/decryptor/mysql/decryptor_test.go b/decryptor/mysql/decryptor_test.go index 0a868e62a..f4ad6a022 100644 --- a/decryptor/mysql/decryptor_test.go +++ b/decryptor/mysql/decryptor_test.go @@ -39,7 +39,7 @@ func (keystore *testKeystore) GetServerDecryptionPrivateKey(id []byte) (*keys.Pr func (keystore *testKeystore) GenerateZoneKey() ([]byte, []byte, error) { return nil, nil, nil } -func (keystore *testKeystore) GenerateProxyKeys(id []byte) error { +func (keystore *testKeystore) GenerateConnectorKeys(id []byte) error { return nil } func (keystore *testKeystore) GenerateServerKeys(id []byte) error { diff --git a/decryptor/mysql/response_proxy.go b/decryptor/mysql/response_proxy.go index 85538bdd8..ffe0b4e85 100644 --- a/decryptor/mysql/response_proxy.go +++ b/decryptor/mysql/response_proxy.go @@ -161,14 +161,14 @@ func (handler *MysqlHandler) getResponseHandler() ResponseHandler { return handler.responseHandler } -func (handler *MysqlHandler) ClientToDbProxy(errCh chan<- error) { +func (handler *MysqlHandler) ClientToDbConnector(errCh chan<- error) { clientLog := log.WithField("proxy", "client") clientLog.Debugln("Start proxy client's requests") firstPacket := true for { packet, err := ReadPacket(handler.clientConnection) if err != nil { - log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseProxyCantReadFromClient). + log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseConnectorCantReadFromClient). Debugln("Can't read packet from client") errCh <- err return @@ -187,7 +187,7 @@ func (handler *MysqlHandler) ClientToDbProxy(errCh chan<- error) { errPacket := NewQueryInterruptedError(handler.clientProtocol41) packet.SetData(errPacket) if _, err := handler.clientConnection.Write(packet.Dump()); err != nil { - log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseProxyCantWriteToClient). + log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseConnectorCantWriteToClient). Errorln("Can't write response with error to client") } errCh <- network.ErrEmptyTLSConfig @@ -247,7 +247,7 @@ func (handler *MysqlHandler) ClientToDbProxy(errCh chan<- error) { errPacket := NewQueryInterruptedError(handler.clientProtocol41) packet.SetData(errPacket) if _, err := handler.clientConnection.Write(packet.Dump()); err != nil { - log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseProxyCantWriteToClient). + log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseConnectorCantWriteToClient). Errorln("Can't write response with error to client") } continue @@ -261,7 +261,7 @@ func (handler *MysqlHandler) ClientToDbProxy(errCh chan<- error) { clientLog.Debugf("Command %d not supported now", cmd) } if _, err := handler.dbConnection.Write(inOutput); err != nil { - clientLog.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseProxyCantWriteToDB). + clientLog.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseConnectorCantWriteToDB). Debugln("Can't write send packet to db") errCh <- err return @@ -431,7 +431,7 @@ func (handler *MysqlHandler) QueryResponseHandler(packet *MysqlPacket, dbConnect log.WithField("column_index", i).Debugln("read column description") fieldPacket, err := ReadPacket(dbConnection) if err != nil { - log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseProxyCantProcessColumn). + log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseConnectorCantProcessColumn). Errorln("Can't read packet with column description") return err } @@ -483,7 +483,7 @@ func (handler *MysqlHandler) QueryResponseHandler(packet *MysqlPacket, dbConnect newData, err := handler.processTextDataRow(fieldDataPacket.GetData(), fields) if err != nil { - dataLog.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseProxyCantProcessRow). + dataLog.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseConnectorCantProcessRow). Debugln("Can't process text data row") return err } @@ -499,7 +499,7 @@ func (handler *MysqlHandler) QueryResponseHandler(packet *MysqlPacket, dbConnect log.Debugln("proxy output") for _, dumper := range output { if _, err := clientConnection.Write(dumper.Dump()); err != nil { - log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseProxyCantWriteToClient). + log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseConnectorCantWriteToClient). Errorln("can't proxy output") return err } @@ -509,7 +509,7 @@ func (handler *MysqlHandler) QueryResponseHandler(packet *MysqlPacket, dbConnect return nil } -func (handler *MysqlHandler) DbToClientProxy(errCh chan<- error) { +func (handler *MysqlHandler) DbToClientConnector(errCh chan<- error) { serverLog := log.WithField("proxy", "server") serverLog.Debugln("Start proxy db responses") firstPacket := true @@ -551,7 +551,7 @@ func (handler *MysqlHandler) DbToClientProxy(errCh chan<- error) { err = responseHandler(packet, handler.dbConnection, handler.clientConnection) if err != nil { handler.resetQueryHandler() - log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseProxyCantWriteToServer). + log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorResponseConnectorCantWriteToServer). Errorln("Error in responseHandler") errCh <- err return diff --git a/docker/docker-compose.pgsql-nossl-server-ssession-connector.yml b/docker/docker-compose.pgsql-nossl-server-ssession-connector.yml index 6d588d705..903b7051c 100644 --- a/docker/docker-compose.pgsql-nossl-server-ssession-connector.yml +++ b/docker/docker-compose.pgsql-nossl-server-ssession-connector.yml @@ -37,7 +37,7 @@ services: - ./.acrakeys:/keys command: >- --client_id=${ACRA_CLIENT_ID:-testclientid} - --acraproxy + --acra-connector --output=/keys/acra-connector --output_public=/keys/acra-server # Create keys: diff --git a/docker/docker-compose.pgsql-nossl-server-ssession-connector_zonemode.yml b/docker/docker-compose.pgsql-nossl-server-ssession-connector_zonemode.yml index f0375fdfd..4bc65d22f 100644 --- a/docker/docker-compose.pgsql-nossl-server-ssession-connector_zonemode.yml +++ b/docker/docker-compose.pgsql-nossl-server-ssession-connector_zonemode.yml @@ -37,7 +37,7 @@ services: - ./.acrakeys:/keys command: >- --client_id=${ACRA_CLIENT_ID:-testclientid} - --acraproxy + --acra-connector --output=/keys/acra-connector --output_public=/keys/acra-server # Create keys: diff --git a/docker/docker-compose.pgsql-nossl-server-ssl-connector.yml b/docker/docker-compose.pgsql-nossl-server-ssl-connector.yml index 91f063cdb..0e7d7a092 100644 --- a/docker/docker-compose.pgsql-nossl-server-ssl-connector.yml +++ b/docker/docker-compose.pgsql-nossl-server-ssl-connector.yml @@ -37,7 +37,7 @@ services: - ./.acrakeys:/keys command: >- --client_id=${ACRA_CLIENT_ID:-testclientid} - --acraproxy + --acra-connector --output=/keys/acra-connector --output_public=/keys/acra-server # Create keys: diff --git a/docker/docker-compose.pgsql-nossl-server-ssl-connector_zonemode.yml b/docker/docker-compose.pgsql-nossl-server-ssl-connector_zonemode.yml index 4497d23d3..2112c5087 100644 --- a/docker/docker-compose.pgsql-nossl-server-ssl-connector_zonemode.yml +++ b/docker/docker-compose.pgsql-nossl-server-ssl-connector_zonemode.yml @@ -37,7 +37,7 @@ services: - ./.acrakeys:/keys command: >- --client_id=${ACRA_CLIENT_ID:-testclientid} - --acraproxy + --acra-connector --output=/keys/acra-connector --output_public=/keys/acra-server # Create keys: diff --git a/docker/docker-compose.pgsql-ssl-server-ssl-connector.yml b/docker/docker-compose.pgsql-ssl-server-ssl-connector.yml index 2257d1505..071fee293 100644 --- a/docker/docker-compose.pgsql-ssl-server-ssl-connector.yml +++ b/docker/docker-compose.pgsql-ssl-server-ssl-connector.yml @@ -37,7 +37,7 @@ services: - ./.acrakeys:/keys command: >- --client_id=${ACRA_CLIENT_ID:-testclientid} - --acraproxy + --acra-connector --output=/keys/acra-connector --output_public=/keys/acra-server # Create keys: diff --git a/examples/python/example_with_zone.py b/examples/python/example_with_zone.py index 12e6c452e..91fc64cf0 100644 --- a/examples/python/example_with_zone.py +++ b/examples/python/example_with_zone.py @@ -44,8 +44,8 @@ def get_zone(): parser.add_argument('--zone_id', type=str, default='', help='zone id for fetching data') parser.add_argument('--db_user', type=str, default='test', help='db user to connect') parser.add_argument('--db_password', type=str, default='test', help='db password to connect') - parser.add_argument('--port', type=int, default=5433, help='port of acraproxy to connect') - parser.add_argument('--host', type=str, default='localhost', help='host of acraproxy to connect') + parser.add_argument('--port', type=int, default=5433, help='port of acra-connector to connect') + parser.add_argument('--host', type=str, default='localhost', help='host of acra-connector to connect') parser.add_argument('--data', type=str, help='data to save in ascii. default random data') parser.add_argument('--print', action='store_true', help='just print data', default=False) parser.add_argument('-v', '--verbose', dest='verbose', action='store_true', help='verbose', default=False) diff --git a/examples/python/example_without_zone.py b/examples/python/example_without_zone.py index 515935050..0e00a9e5f 100644 --- a/examples/python/example_without_zone.py +++ b/examples/python/example_without_zone.py @@ -55,8 +55,8 @@ def process_result_value(self, value, dialect): parser.add_argument('--public_key', type=str, help='path to acraserver public key (for example .acrakeys/_server.pub)') parser.add_argument('--db_user', type=str, default='test', help='db user to connect') parser.add_argument('--db_password', type=str, default='test', help='db password to connect') - parser.add_argument('--port', type=int, default=5433, help='port of acraproxy to connect') - parser.add_argument('--host', type=str, default='localhost', help='host of acraproxy to connect') + parser.add_argument('--port', type=int, default=5433, help='port of acra-connector to connect') + parser.add_argument('--host', type=str, default='localhost', help='host of acra-connector to connect') parser.add_argument('--data', type=str, help='data to save in ascii. default random data') parser.add_argument('--print', action='store_true', help='just print data', default=False) args = parser.parse_args() diff --git a/keystore/proxy_keystore.go b/keystore/connector_keystore.go similarity index 56% rename from keystore/proxy_keystore.go rename to keystore/connector_keystore.go index d2d6a8d97..29f084b78 100644 --- a/keystore/proxy_keystore.go +++ b/keystore/connector_keystore.go @@ -6,18 +6,18 @@ import ( "path/filepath" ) -type ProxyFileSystemKeyStore struct { +type ConnectorFileSystemKeyStore struct { directory string clientId []byte encryptor KeyEncryptor } -func NewProxyFileSystemKeyStore(directory string, clientId []byte, encryptor KeyEncryptor) (*ProxyFileSystemKeyStore, error) { - return &ProxyFileSystemKeyStore{directory: directory, clientId: clientId, encryptor: encryptor}, nil +func NewConnectorFileSystemKeyStore(directory string, clientId []byte, encryptor KeyEncryptor) (*ConnectorFileSystemKeyStore, error) { + return &ConnectorFileSystemKeyStore{directory: directory, clientId: clientId, encryptor: encryptor}, nil } -func (store *ProxyFileSystemKeyStore) GetPrivateKey(id []byte) (*keys.PrivateKey, error) { - keyData, err := ioutil.ReadFile(filepath.Join(store.directory, getProxyKeyFilename(id))) +func (store *ConnectorFileSystemKeyStore) GetPrivateKey(id []byte) (*keys.PrivateKey, error) { + keyData, err := ioutil.ReadFile(filepath.Join(store.directory, getConnectorKeyFilename(id))) if err != nil { return nil, err } @@ -28,7 +28,7 @@ func (store *ProxyFileSystemKeyStore) GetPrivateKey(id []byte) (*keys.PrivateKey } } -func (store *ProxyFileSystemKeyStore) GetPeerPublicKey(id []byte) (*keys.PublicKey, error) { +func (store *ConnectorFileSystemKeyStore) GetPeerPublicKey(id []byte) (*keys.PublicKey, error) { key, err := ioutil.ReadFile(filepath.Join(store.directory, getPublicKeyFilename([]byte(getServerKeyFilename(store.clientId))))) if err != nil { return nil, err diff --git a/keystore/filenames.go b/keystore/filenames.go index 1dbe1c70a..2351b49d4 100644 --- a/keystore/filenames.go +++ b/keystore/filenames.go @@ -46,6 +46,6 @@ func getServerDecryptionKeyFilename(id []byte) string { return fmt.Sprintf("%s_storage", string(id)) } -func getProxyKeyFilename(id []byte) string { +func getConnectorKeyFilename(id []byte) string { return string(id) } diff --git a/keystore/keystore.go b/keystore/keystore.go index 60179fe65..c0deb5a9d 100644 --- a/keystore/keystore.go +++ b/keystore/keystore.go @@ -128,7 +128,7 @@ type KeyStore interface { // return id, public key, error GenerateZoneKey() ([]byte, []byte, error) - GenerateProxyKeys(id []byte) error + GenerateConnectorKeys(id []byte) error GenerateServerKeys(id []byte) error // generate key pair for data encryption/decryption GenerateDataEncryptionKeys(id []byte) error diff --git a/keystore/server_keystore.go b/keystore/server_keystore.go index 22d118597..bf1b95aab 100644 --- a/keystore/server_keystore.go +++ b/keystore/server_keystore.go @@ -251,11 +251,11 @@ func (store *FilesystemKeyStore) GetServerDecryptionPrivateKey(id []byte) (*keys return privateKey, nil } -func (store *FilesystemKeyStore) GenerateProxyKeys(id []byte) error { +func (store *FilesystemKeyStore) GenerateConnectorKeys(id []byte) error { if !ValidateId(id) { return ErrInvalidClientId } - filename := getProxyKeyFilename(id) + filename := getConnectorKeyFilename(id) _, err := store.generateKeyPair(filename, id) if err != nil { diff --git a/keystore/server_keystore_test.go b/keystore/server_keystore_test.go index 1de5ae707..e3cc041cc 100644 --- a/keystore/server_keystore_test.go +++ b/keystore/server_keystore_test.go @@ -123,15 +123,15 @@ func testGenerateServerKeys(store *FilesystemKeyStore, t *testing.T) { } } -func testGenerateProxyKeys(store *FilesystemKeyStore, t *testing.T) { +func testGenerateConnectorKeys(store *FilesystemKeyStore, t *testing.T) { testId := []byte("test id") - err := store.GenerateProxyKeys(testId) + err := store.GenerateConnectorKeys(testId) if err != nil { t.Fatal(err) } expectedPaths := []string{ - getProxyKeyFilename(testId), - fmt.Sprintf("%s.pub", getProxyKeyFilename(testId)), + getConnectorKeyFilename(testId), + fmt.Sprintf("%s.pub", getConnectorKeyFilename(testId)), } for _, name := range expectedPaths { absPath := store.getPrivateKeyFilePath(name) @@ -193,7 +193,7 @@ func TestFilesystemKeyStore(t *testing.T) { for _, store := range []*FilesystemKeyStore{generalStore, splitKeysStore} { testGeneral(store, t) testGeneratingDataEncryptionKeys(store, t) - testGenerateProxyKeys(store, t) + testGenerateConnectorKeys(store, t) testGenerateServerKeys(store, t) testReset(store, t) } diff --git a/logging/event_codes.go b/logging/event_codes.go index 8b54c29c8..373bbd957 100644 --- a/logging/event_codes.go +++ b/logging/event_codes.go @@ -56,14 +56,14 @@ const ( EventCodeErrorCensorQueryIsNotAllowed = 560 EventCodeErrorCensorSetupError = 561 - // response proxy - EventCodeErrorResponseProxyCantWriteToDB = 570 - EventCodeErrorResponseProxyCantReadFromClient = 571 - EventCodeErrorResponseProxyCantWriteToClient = 572 - EventCodeErrorResponseProxyCantReadFromServer = 573 - EventCodeErrorResponseProxyCantWriteToServer = 574 - EventCodeErrorResponseProxyCantProcessColumn = 575 - EventCodeErrorResponseProxyCantProcessRow = 576 + // response connector + EventCodeErrorResponseConnectorCantWriteToDB = 570 + EventCodeErrorResponseConnectorCantReadFromClient = 571 + EventCodeErrorResponseConnectorCantWriteToClient = 572 + EventCodeErrorResponseConnectorCantReadFromServer = 573 + EventCodeErrorResponseConnectorCantWriteToServer = 574 + EventCodeErrorResponseConnectorCantProcessColumn = 575 + EventCodeErrorResponseConnectorCantProcessRow = 576 // decryptor EventCodeErrorCantInitDecryptor = 580 diff --git a/tests/test.py b/tests/test.py index b7ad066c8..c7de3a1be 100644 --- a/tests/test.py +++ b/tests/test.py @@ -174,7 +174,7 @@ def create_client_keypair(name, only_server=False, only_client=False): if only_server: args.append('-acraserver') elif only_client: - args.append('-acraproxy') + args.append('-acra-connector') return subprocess.call(args, cwd=os.getcwd(), timeout=PROCESS_CALL_TIMEOUT) def manage_basic_auth_user(action, user_name, user_password): @@ -232,7 +232,7 @@ def get_postgresql_tcp_connection_string(port, dbname): def get_acra_unix_connection_string(port): return "unix://{}".format("{}/unix_socket_{}".format(PG_UNIX_HOST, port)) -def get_proxy_connection_string(port): +def get_connector_connection_string(port): if TEST_MYSQL: connection_string = get_postgresql_tcp_connection_string(port, '') url = urlparse(connection_string) @@ -262,7 +262,7 @@ def acra_api_connection_string(port): BINARIES = [ - Binary(name='acraproxy', from_version=DEFAULT_VERSION, + Binary(name='acra-connector', from_version=DEFAULT_VERSION, build_args=DEFAULT_BUILD_ARGS), # compile with Test=true to disable golang tls client server verification Binary(name='acraserver', from_version=DEFAULT_VERSION, @@ -369,9 +369,9 @@ class BaseTestCase(unittest.TestCase): DB_PORT = os.environ.get('TEST_DB_PORT', 5432) DEBUG_LOG = os.environ.get('DEBUG_LOG', True) - PROXY_PORT_1 = int(os.environ.get('TEST_PROXY_PORT', 9595)) - PROXY_PORT_2 = PROXY_PORT_1 + 200 - PROXY_COMMAND_PORT_1 = int(os.environ.get('TEST_PROXY_COMMAND_PORT', 9696)) + CONNECTOR_PORT_1 = int(os.environ.get('TEST_CONNECTOR_PORT', 9595)) + CONNECTOR_PORT_2 = CONNECTOR_PORT_1 + 200 + CONNECTOR_COMMAND_PORT_1 = int(os.environ.get('TEST_CONNECTOR_COMMAND_PORT', 9696)) CONFIG_UI_HTTP_PORT = int(os.environ.get('TEST_CONFIG_UI_HTTP_PORT', CONFIG_UI_HTTP_PORT)) # for debugging with manually runned acra server EXTERNAL_ACRA = False @@ -393,9 +393,9 @@ class BaseTestCase(unittest.TestCase): TEST_DATA_LOG = False TLS_ON = False maxDiff = None - # hack to simplify handling errors on forks and don't check `if hasattr(self, 'proxy_1')` - proxy_1 = ProcessStub() - proxy_2 = ProcessStub() + # hack to simplify handling errors on forks and don't check `if hasattr(self, 'connector_1')` + connector_1 = ProcessStub() + connector_2 = ProcessStub() acra = ProcessStub() def checkSkip(self): @@ -416,12 +416,12 @@ def fork(self, func): def wait_acra_connection(self, *args, **kwargs): return wait_unix_socket(*args, **kwargs) - def fork_configui(self, proxy_port: int, http_port: int): + def fork_configui(self, connector_port: int, http_port: int): args = [ './acra_configui', '-port={}'.format(http_port), '-acra_host=127.0.0.1', - '-acra_port={}'.format(proxy_port), + '-acra_port={}'.format(connector_port), '-static_path={}'.format(CONFIG_UI_STATIC_PATH) ] if self.DEBUG_LOG: @@ -430,29 +430,29 @@ def fork_configui(self, proxy_port: int, http_port: int): return process - def fork_proxy(self, proxy_port: int, acra_port: int, client_id: str, commands_port: int=None, zone_mode: bool=False, check_connection: bool=True): + def fork_connector(self, connector_port: int, acra_port: int, client_id: str, commands_port: int=None, zone_mode: bool=False, check_connection: bool=True): acra_connection = self.get_acra_connection_string(acra_port) acra_api_connection = self.get_acra_api_connection_string(acra_port) - proxy_connection = self.get_proxy_connection_string(proxy_port) + connector_connection = self.get_connector_connection_string(connector_port) if zone_mode: # because standard library can send http requests only through tcp and cannot through unix socket - proxy_api_connection = "tcp://127.0.0.1:{}".format(commands_port) + connector_api_connection = "tcp://127.0.0.1:{}".format(commands_port) else: # now it's no matter, so just +100 - proxy_api_connection = self.get_proxy_api_connection_string(commands_port if commands_port else proxy_port + 100) + connector_api_connection = self.get_connector_api_connection_string(commands_port if commands_port else connector_port + 100) - for path in [socket_path_from_connection_string(proxy_connection), socket_path_from_connection_string(proxy_api_connection)]: + for path in [socket_path_from_connection_string(connector_connection), socket_path_from_connection_string(connector_api_connection)]: try: os.remove(path) except: pass args = [ - './acraproxy', + './acra-connector', '-acra_connection_string={}'.format(acra_connection), '-acra_api_connection_string={}'.format(acra_api_connection), '-client_id={}'.format(client_id), - '-connection_string={}'.format(proxy_connection), - '-connection_api_string={}'.format(proxy_api_connection), + '-connection_string={}'.format(connector_connection), + '-connection_api_string={}'.format(connector_api_connection), '-disable_user_check=true' ] if self.DEBUG_LOG: @@ -469,9 +469,9 @@ def fork_proxy(self, proxy_port: int, acra_port: int, client_id: str, commands_p if check_connection: try: if TEST_MYSQL: - wait_connection(proxy_port) + wait_connection(connector_port) else: - wait_unix_socket(socket_path_from_connection_string(proxy_connection)) + wait_unix_socket(socket_path_from_connection_string(connector_connection)) except: stop_process(process) raise @@ -487,15 +487,15 @@ def get_acra_api_connection_string(self, port=None): port = self.ACRA_PORT return acra_api_connection_string(port) - def get_proxy_connection_string(self, port=None): + def get_connector_connection_string(self, port=None): if not port: - port = self.PROXY_PORT_1 - return get_proxy_connection_string(port) + port = self.CONNECTOR_PORT_1 + return get_connector_connection_string(port) - def get_proxy_api_connection_string(self, port=None): + def get_connector_api_connection_string(self, port=None): if not port: - port = self.PROXY_COMMAND_PORT_1 - return get_proxy_connection_string(port) + port = self.CONNECTOR_COMMAND_PORT_1 + return get_connector_connection_string(port) def get_config_ui_connection_url(self): return 'http://{}:{}'.format('localhost', CONFIG_UI_HTTP_PORT) @@ -559,16 +559,16 @@ def fork_acra(self, popen_kwargs: dict=None, **acra_kwargs: dict): def setUp(self): self.checkSkip() try: - self.proxy_1 = self.fork_proxy(self.PROXY_PORT_1, self.ACRA_PORT, 'keypair1') - self.proxy_2 = self.fork_proxy(self.PROXY_PORT_2, self.ACRA_PORT, 'keypair2') + self.connector_1 = self.fork_connector(self.CONNECTOR_PORT_1, self.ACRA_PORT, 'keypair1') + self.connector_2 = self.fork_connector(self.CONNECTOR_PORT_2, self.ACRA_PORT, 'keypair2') if not self.EXTERNAL_ACRA: self.acra = self.fork_acra() self.engine1 = sa.create_engine( - get_unix_connection_string(self.PROXY_PORT_1, self.DB_NAME), connect_args=get_connect_args(port=self.PROXY_PORT_1)) + get_unix_connection_string(self.CONNECTOR_PORT_1, self.DB_NAME), connect_args=get_connect_args(port=self.CONNECTOR_PORT_1)) self.engine2 = sa.create_engine( get_unix_connection_string( - self.PROXY_PORT_2, self.DB_NAME), connect_args=get_connect_args(port=self.PROXY_PORT_2)) + self.CONNECTOR_PORT_2, self.DB_NAME), connect_args=get_connect_args(port=self.CONNECTOR_PORT_2)) self.engine_raw = sa.create_engine( '{}://{}:{}/{}'.format(DB_DRIVER, self.DB_HOST, self.DB_PORT, self.DB_NAME), connect_args=connect_args) @@ -600,8 +600,8 @@ def setUp(self): raise def tearDown(self): - processes = [getattr(self, 'proxy_1', ProcessStub()), - getattr(self, 'proxy_2', ProcessStub()), + processes = [getattr(self, 'connector_1', ProcessStub()), + getattr(self, 'connector_2', ProcessStub()), getattr(self, 'acra', ProcessStub())] stop_process(processes) try: @@ -647,9 +647,9 @@ def log(self, acra_key_name, data, expected): class HexFormatTest(BaseTestCase): - def testProxyRead(self): - """test decrypting with correct acraproxy and not decrypting with - incorrect acraproxy or using direct connection to db""" + def testConnectorRead(self): + """test decrypting with correct acra-connector and not decrypting with + incorrect acra-connector or using direct connection to db""" keyname = 'keypair1_storage' with open('.acrakeys/{}.pub'.format(keyname), 'rb') as f: server_public1 = f.read() @@ -734,7 +734,7 @@ def testReadAcrastructInAcrastruct(self): class ZoneHexFormatTest(BaseTestCase): ZONE = True - def testProxyRead(self): + def testConnectorRead(self): data = self.get_random_data() zone_public = b64decode(zones[0]['public_key'].encode('ascii')) acra_struct = create_acrastruct( @@ -753,7 +753,7 @@ def testProxyRead(self): row = result.fetchone() self.assertEqual(row['data'], row['raw_data'].encode('utf-8')) - # without zone in another proxy, in the same proxy and without any proxy + # without zone in another connector, in the same connector and without any connector for engine in self.engines: result = engine.execute( sa.select([test_table]) @@ -850,8 +850,8 @@ def close(self): def setUp(self): self.checkSkip() try: - self.proxy_1 = self.fork_proxy( - self.PROXY_PORT_1, self.ACRA_PORT, 'keypair1') + self.connector_1 = self.fork_connector( + self.CONNECTOR_PORT_1, self.ACRA_PORT, 'keypair1') if not self.EXTERNAL_ACRA: self.acra = self.fork_acra() except: @@ -864,10 +864,10 @@ def get_connection(self): try: if TEST_MYSQL: return TestConnectionClosing.mysql_closing( - pymysql.connect(**get_connect_args(port=self.PROXY_PORT_1))) + pymysql.connect(**get_connect_args(port=self.CONNECTOR_PORT_1))) else: return TestConnectionClosing.mysql_closing(psycopg2.connect( - host=PG_UNIX_HOST, **get_connect_args(port=self.PROXY_PORT_1))) + host=PG_UNIX_HOST, **get_connect_args(port=self.CONNECTOR_PORT_1))) except: count -= 1 if count == 0: @@ -876,8 +876,8 @@ def get_connection(self): def tearDown(self): procs = [] - if hasattr(self, 'proxy_1'): - procs.append(self.proxy_1) + if hasattr(self, 'connector_1'): + procs.append(self.connector_1) if not self.EXTERNAL_ACRA and hasattr(self, 'acra'): procs.append(self.acra) stop_process(procs) @@ -1004,14 +1004,14 @@ def testClosingConnectionsWithDB(self): class TestKeyNonExistence(BaseTestCase): # 0.05 empirical selected - PROXY_STARTUP_DELAY = 0.05 + CONNECTOR_STARTUP_DELAY = 0.05 def setUp(self): self.checkSkip() try: if not self.EXTERNAL_ACRA: self.acra = self.fork_acra() - self.dsn = get_connect_args(port=self.PROXY_PORT_1, host=PG_UNIX_HOST) + self.dsn = get_connect_args(port=self.CONNECTOR_PORT_1, host=PG_UNIX_HOST) except: self.tearDown() raise @@ -1023,50 +1023,50 @@ def tearDown(self): def delete_key(self, filename): os.remove('.acrakeys{sep}{name}'.format(sep=os.path.sep, name=filename)) - def test_without_acraproxy_public(self): - """acraserver without acraproxy public key should drop connection - from acraproxy than acraproxy should drop connection from psycopg2""" - keyname = 'without_acraproxy_public_test' + def test_without_acraconnector_public(self): + """acraserver without acra-connector public key should drop connection + from acra-connector than acra-connector should drop connection from psycopg2""" + keyname = 'without_acra-connector_public_test' result = create_client_keypair(keyname) if result != 0: self.fail("can't create keypairs") self.delete_key(keyname + '.pub') connection = None try: - self.proxy = self.fork_proxy( - self.PROXY_PORT_1, self.ACRA_PORT, keyname) - self.assertIsNone(self.proxy.poll()) + self.connector = self.fork_connector( + self.CONNECTOR_PORT_1, self.ACRA_PORT, keyname) + self.assertIsNone(self.connector.poll()) with self.assertRaises(psycopg2.OperationalError) as exc: connection = psycopg2.connect(**self.dsn) finally: - stop_process(self.proxy) + stop_process(self.connector) if connection: connection.close() - def test_without_acraproxy_private(self): - """acraproxy shouldn't start without private key""" - keyname = 'without_acraproxy_private_test' + def test_without_acraconnector_private(self): + """acra-connector shouldn't start without private key""" + keyname = 'without_acra-connector_private_test' result = create_client_keypair(keyname) if result != 0: self.fail("can't create keypairs") self.delete_key(keyname) try: - self.proxy = self.fork_proxy( - self.PROXY_PORT_1, self.ACRA_PORT, keyname, + self.connector = self.fork_connector( + self.CONNECTOR_PORT_1, self.ACRA_PORT, keyname, check_connection=False) - # time for start up proxy and validation file existence. - time.sleep(self.PROXY_STARTUP_DELAY) - self.assertEqual(self.proxy.poll(), 1) + # time for start up connector and validation file existence. + time.sleep(self.CONNECTOR_STARTUP_DELAY) + self.assertEqual(self.connector.poll(), 1) finally: try: - stop_process(self.proxy) + stop_process(self.connector) except OSError: # pid not found pass def test_without_acraserver_private(self): """acraserver without private key should drop connection - from acraproxy than acraproxy should drop connection from psycopg2""" + from acra-connector than acra-connector should drop connection from psycopg2""" keyname = 'without_acraserver_private_test' result = create_client_keypair(keyname) if result != 0: @@ -1074,33 +1074,33 @@ def test_without_acraserver_private(self): self.delete_key(keyname + '_server') connection = None try: - self.proxy = self.fork_proxy( - self.PROXY_PORT_1, self.ACRA_PORT, keyname) - self.assertIsNone(self.proxy.poll()) + self.connector = self.fork_connector( + self.CONNECTOR_PORT_1, self.ACRA_PORT, keyname) + self.assertIsNone(self.connector.poll()) with self.assertRaises(psycopg2.OperationalError): connection = psycopg2.connect(**self.dsn) finally: - stop_process(self.proxy) + stop_process(self.connector) if connection: connection.close() def test_without_acraserver_public(self): - """acraproxy shouldn't start without acraserver public key""" + """acra-connector shouldn't start without acraserver public key""" keyname = 'without_acraserver_public_test' result = create_client_keypair(keyname) if result != 0: self.fail("can't create keypairs") self.delete_key(keyname + '_server.pub') try: - self.proxy = self.fork_proxy( - self.PROXY_PORT_1, self.ACRA_PORT, keyname, + self.connector = self.fork_connector( + self.CONNECTOR_PORT_1, self.ACRA_PORT, keyname, check_connection=False) - # time for start up proxy and validation file existence. - time.sleep(self.PROXY_STARTUP_DELAY) - self.assertEqual(self.proxy.poll(), 1) + # time for start up connector and validation file existence. + time.sleep(self.CONNECTOR_STARTUP_DELAY) + self.assertEqual(self.connector.poll(), 1) finally: try: - stop_process(self.proxy) + stop_process(self.connector) except OSError: # pid not found pass @@ -1345,16 +1345,16 @@ def setUp(self): try: self.key_name = 'clearing_keypair' create_client_keypair(self.key_name) - self.proxy_1 = self.fork_proxy( - self.PROXY_PORT_1, self.ACRA_PORT, self.key_name, self.PROXY_COMMAND_PORT_1, + self.connector_1 = self.fork_connector( + self.CONNECTOR_PORT_1, self.ACRA_PORT, self.key_name, self.CONNECTOR_COMMAND_PORT_1, zone_mode=True) if not self.EXTERNAL_ACRA: self.acra = self.fork_acra( zonemode='true', enable_http_api='true') self.engine1 = sa.create_engine( - get_unix_connection_string(self.PROXY_PORT_1, self.DB_NAME), - connect_args=get_connect_args(port=self.PROXY_PORT_1)) + get_unix_connection_string(self.CONNECTOR_PORT_1, self.DB_NAME), + connect_args=get_connect_args(port=self.CONNECTOR_PORT_1)) self.engine_raw = sa.create_engine( '{}://{}:{}/{}'.format(DB_DRIVER, self.DB_HOST, self.DB_PORT, self.DB_NAME), @@ -1370,8 +1370,8 @@ def setUp(self): def tearDown(self): processes = [] - if hasattr(self, 'proxy_1'): - processes.append(self.proxy_1) + if hasattr(self, 'connector_1'): + processes.append(self.connector_1) if not self.EXTERNAL_ACRA and hasattr(self, 'acra'): processes.append(self.acra) @@ -1389,7 +1389,7 @@ def test_clearing(self): # execute any query for loading key by acra result = self.engine1.execute(sa.select([1]).limit(1)) result.fetchone() - with urlopen('http://127.0.0.1:{}/resetKeyStorage'.format(self.PROXY_COMMAND_PORT_1)) as response: + with urlopen('http://127.0.0.1:{}/resetKeyStorage'.format(self.CONNECTOR_COMMAND_PORT_1)) as response: self.assertEqual(response.status, 200) # delete key for excluding reloading from FS os.remove('.acrakeys/{}.pub'.format(self.key_name)) @@ -1636,10 +1636,10 @@ def testUIGenAuth(self): class TestAcraConfigUIWeb(BaseTestCase): def setUp(self): try: - self.proxy_1 = self.fork_proxy( - self.PROXY_PORT_1, self.ACRA_PORT, 'keypair1', zone_mode=True, commands_port=self.PROXY_COMMAND_PORT_1) + self.connector_1 = self.fork_connector( + self.CONNECTOR_PORT_1, self.ACRA_PORT, 'keypair1', zone_mode=True, commands_port=self.CONNECTOR_COMMAND_PORT_1) self.acra = self.fork_acra(zonemode='true', enable_http_api='true') - self.configui = self.fork_configui(proxy_port=self.PROXY_COMMAND_PORT_1, http_port=self.CONFIG_UI_HTTP_PORT) + self.configui = self.fork_configui(connector_port=self.CONNECTOR_COMMAND_PORT_1, http_port=self.CONFIG_UI_HTTP_PORT) except Exception: self.tearDown() raise @@ -1733,7 +1733,7 @@ def testConnectionCloseOnTls(self): def setUp(self): self.checkSkip() - """don't fork proxy, connect directly to acra, use sslmode=require in connections and tcp protocol on acra side + """don't fork connector, connect directly to acra, use sslmode=require in connections and tcp protocol on acra side because postgresql support tls only over tcp """ try: @@ -1806,23 +1806,23 @@ class SSLPostgresqlConnectionWithZoneTest(SSLPostgresqlMixin, ZoneHexFormatTest) pass -class TLSBetweenProxyAndServerMixin(object): +class TLSBetweenConnectorAndServerMixin(object): TLS_ON = True def fork_acra(self, popen_kwargs: dict=None, **acra_kwargs: dict): return self._fork_acra({'client_id': 'keypair1'}, popen_kwargs) def setUp(self): - super(TLSBetweenProxyAndServerMixin, self).setUp() + super(TLSBetweenConnectorAndServerMixin, self).setUp() # acra works with one client id and no matter from which proxy connection come self.engine2.dispose() self.engine2 = self.engine_raw -class TLSBetweenProxyAndServerTest(TLSBetweenProxyAndServerMixin, HexFormatTest): +class TLSBetweenConnectorAndServerTest(TLSBetweenConnectorAndServerMixin, HexFormatTest): pass -class TLSBetweenProxyAndServerWithZonesTest(TLSBetweenProxyAndServerMixin, ZoneHexFormatTest): +class TLSBetweenConnectorAndServerWithZonesTest(TLSBetweenConnectorAndServerMixin, ZoneHexFormatTest): pass @@ -1839,7 +1839,7 @@ def get_ssl_engine(self): def setUp(self): self.checkSkip() - """don't fork proxy, connect directly to acra, use ssl for connections and tcp protocol on acra side + """don't fork connector, connect directly to acra, use ssl for connections and tcp protocol on acra side because postgresql support tls only over tcp """ try: diff --git a/zone/zone_id_matcher_test.go b/zone/zone_id_matcher_test.go index acf55c538..a3882b6e4 100644 --- a/zone/zone_id_matcher_test.go +++ b/zone/zone_id_matcher_test.go @@ -42,7 +42,7 @@ func (storage *TestKeyStore) GetPrivateKey(id []byte) (*keys.PrivateKey, error) func (storage *TestKeyStore) GenerateZoneKey() ([]byte, []byte, error) { return []byte{}, []byte{}, nil } func (storage *TestKeyStore) Reset() {} -func (storage *TestKeyStore) GenerateProxyKeys(id []byte) error { return nil } +func (storage *TestKeyStore) GenerateConnectorKeys(id []byte) error { return nil } func (storage *TestKeyStore) GenerateServerKeys(id []byte) error { return nil } func (storage *TestKeyStore) GenerateDataEncryptionKeys(id []byte) error { return nil } func (storage *TestKeyStore) GetServerDecryptionPrivateKey(id []byte) (*keys.PrivateKey, error) {