diff --git a/docs/proposed/http-storage-node-protocol.rst b/docs/proposed/http-storage-node-protocol.rst index 2ceb3c03a..a6f0e2c36 100644 --- a/docs/proposed/http-storage-node-protocol.rst +++ b/docs/proposed/http-storage-node-protocol.rst @@ -35,10 +35,10 @@ Glossary (the storage service is an example of such an object) NURL - a self-authenticating URL-like string almost exactly like a fURL but without being tied to Foolscap + a self-authenticating URL-like string almost exactly like a NURL but without being tied to Foolscap swissnum - a short random string which is part of a fURL and which acts as a shared secret to authorize clients to use a storage service + a short random string which is part of a fURL/NURL and which acts as a shared secret to authorize clients to use a storage service lease state associated with a share informing a storage server of the duration of storage desired by a client @@ -211,15 +211,15 @@ To further clarify, consider this example. Alice operates a storage node. Alice generates a key pair and secures it properly. Alice generates a self-signed storage node certificate with the key pair. -Alice's storage node announces (to an introducer) a fURL containing (among other information) the SPKI hash. +Alice's storage node announces (to an introducer) a NURL containing (among other information) the SPKI hash. Imagine the SPKI hash is ``i5xb...``. -This results in a fURL of ``pb://i5xb...@example.com:443/g3m5...#v=1``. +This results in a NURL of ``pb://i5xb...@example.com:443/g3m5...#v=1``. Bob creates a client node pointed at the same introducer. Bob's client node receives the announcement from Alice's storage node (indirected through the introducer). -Bob's client node recognizes the fURL as referring to an HTTP-dialect server due to the ``v=1`` fragment. -Bob's client node can now perform a TLS handshake with a server at the address in the fURL location hints +Bob's client node recognizes the NURL as referring to an HTTP-dialect server due to the ``v=1`` fragment. +Bob's client node can now perform a TLS handshake with a server at the address in the NURL location hints (``example.com:443`` in this example). Following the above described validation procedures, Bob's client node can determine whether it has reached Alice's storage node or not. @@ -230,7 +230,7 @@ Additionally, by continuing to interact using TLS, Bob's client and Alice's storage node are assured of both **message authentication** and **message confidentiality**. -Bob's client further inspects the fURL for the *swissnum*. +Bob's client further inspects the NURL for the *swissnum*. When Bob's client issues HTTP requests to Alice's storage node it includes the *swissnum* in its requests. **Storage authorization** has been achieved. @@ -266,8 +266,8 @@ Generation of a new certificate allows for certain non-optimal conditions to be * The ``commonName`` of ``newpb_thingy`` may be changed to a more descriptive value. * A ``notValidAfter`` field with a timestamp in the past may be updated. -Storage nodes will announce a new fURL for this new HTTP-based server. -This fURL will be announced alongside their existing Foolscap-based server's fURL. +Storage nodes will announce a new NURL for this new HTTP-based server. +This NURL will be announced alongside their existing Foolscap-based server's fURL. Such an announcement will resemble this:: { @@ -312,7 +312,7 @@ The follow sequence of events is likely: #. The client uses the information in its cache to open a Foolscap connection to the storage server. Ideally, -the client would not rely on an update from the introducer to give it the GBS fURL for the updated storage server. +the client would not rely on an update from the introducer to give it the GBS NURL for the updated storage server. Therefore, when an updated client connects to a storage server using Foolscap, it should request the server's version information. diff --git a/src/allmydata/storage/http_client.py b/src/allmydata/storage/http_client.py index c0371ffa5..06b9b1145 100644 --- a/src/allmydata/storage/http_client.py +++ b/src/allmydata/storage/http_client.py @@ -155,24 +155,24 @@ class StorageClient(object): self, url, swissnum, treq=treq ): # type: (DecodedURL, bytes, Union[treq,StubTreq,HTTPClient]) -> None """ - The URL is a HTTPS URL ("https://..."). To construct from a furl, use - ``StorageClient.from_furl()``. + The URL is a HTTPS URL ("https://..."). To construct from a NURL, use + ``StorageClient.from_nurl()``. """ self._base_url = url self._swissnum = swissnum self._treq = treq @classmethod - def from_furl(cls, furl: DecodedURL, persistent: bool = True) -> "StorageClient": + def from_nurl(cls, nurl: DecodedURL, persistent: bool = True) -> "StorageClient": """ - Create a ``StorageClient`` for the given furl. + Create a ``StorageClient`` for the given NURL. ``persistent`` indicates whether to use persistent HTTP connections. """ - assert furl.fragment == "v=1" - assert furl.scheme == "pb" - swissnum = furl.path[0].encode("ascii") - certificate_hash = furl.user.encode("ascii") + assert nurl.fragment == "v=1" + assert nurl.scheme == "pb" + swissnum = nurl.path[0].encode("ascii") + certificate_hash = nurl.user.encode("ascii") treq_client = HTTPClient( Agent( @@ -182,7 +182,7 @@ class StorageClient(object): ) ) - https_url = DecodedURL().replace(scheme="https", host=furl.host, port=furl.port) + https_url = DecodedURL().replace(scheme="https", host=nurl.host, port=nurl.port) return cls(https_url, swissnum, treq_client) def relative_url(self, path): diff --git a/src/allmydata/storage/http_server.py b/src/allmydata/storage/http_server.py index 59728e1d3..0374797c6 100644 --- a/src/allmydata/storage/http_server.py +++ b/src/allmydata/storage/http_server.py @@ -528,7 +528,7 @@ def listen_tls( interface: Optional[str], ) -> Deferred[Tuple[DecodedURL, IListeningPort]]: """ - Start a HTTPS storage server on the given port, return the fURL and the + Start a HTTPS storage server on the given port, return the NURL and the listening port. The hostname is the external IP or hostname clients will connect to; it @@ -546,9 +546,9 @@ def listen_tls( endpoint_string += ":interface={}".format(quoteStringArgument(interface)) endpoint = serverFromString(reactor, endpoint_string) - def build_furl(listening_port: IListeningPort) -> DecodedURL: - furl = DecodedURL().replace( - fragment="v=1", # how we know this furl is HTTP-based + def build_nurl(listening_port: IListeningPort) -> DecodedURL: + nurl = DecodedURL().replace( + fragment="v=1", # how we know this NURL is HTTP-based (i.e. not Foolscap) host=hostname, port=listening_port.getHost().port, path=(str(server._swissnum, "ascii"),), @@ -560,8 +560,8 @@ def listen_tls( ), scheme="pb", ) - return furl + return nurl return endpoint.listen(Site(server.get_resource())).addCallback( - lambda listening_port: (build_furl(listening_port), listening_port) + lambda listening_port: (build_nurl(listening_port), listening_port) ) diff --git a/src/allmydata/test/test_istorageserver.py b/src/allmydata/test/test_istorageserver.py index 272e63764..7c5e64042 100644 --- a/src/allmydata/test/test_istorageserver.py +++ b/src/allmydata/test/test_istorageserver.py @@ -1073,7 +1073,7 @@ class _HTTPMixin(_SharedMixin): # Listen on randomly assigned port, using self-signed cert we generated # manually: certs_dir = Path(__file__).parent / "certs" - furl, listening_port = yield listen_tls( + nurl, listening_port = yield listen_tls( reactor, http_storage_server, "127.0.0.1", @@ -1088,7 +1088,7 @@ class _HTTPMixin(_SharedMixin): # state across tests: returnValue( _HTTPStorageServer.from_http_client( - StorageClient.from_furl(furl, persistent=False) + StorageClient.from_nurl(nurl, persistent=False) ) ) diff --git a/src/allmydata/test/test_storage_https.py b/src/allmydata/test/test_storage_https.py index 19f469990..f4242ae0c 100644 --- a/src/allmydata/test/test_storage_https.py +++ b/src/allmydata/test/test_storage_https.py @@ -29,8 +29,8 @@ from ..storage.http_common import get_spki_hash from ..storage.http_client import _StorageClientHTTPSPolicy -class HTTPSFurlTests(SyncTestCase): - """Tests for HTTPS furls.""" +class HTTPSNurlTests(SyncTestCase): + """Tests for HTTPS NURLs.""" def test_spki_hash(self): """The output of ``get_spki_hash()`` matches the semantics of RFC 7469.