Implement cache import/export (includes auto-generated config files)

[adobeDan]

Summary

• Implement import and export of requests/responses for use with an external forwarder
• Rework of cache internals to support use of external database files
• Adds transactional saves of requests and responses to cache (fixes Storing requests and responses is not transactional #16)
• Includes commits from PR Auto-create configuration files with prompting #14 to auto-create configuration files
• Updates all dependencies to latest minor or patch releases
• Update all submodules to use eyre for error reporting

Testing Steps for auto-creation of config files (#13)

• Invoke the proxy in an empty directory.
• A default configuration file will be auto-created.
• A configuration interview will be done based on the default configuration.
• The default file will be updated with the results of the interview.

Testing steps for import/export and external forwarding (#10)

• Get a package for Photoshop that uses https://frl-proxy.brotsky.net:8843 as its proxy address
• Configure your proxy to run at 127.0.0.1:8443 with SSL and add an entry to your hosts file mapping 127.0.01 to frl-proxy.brotsky.net. Use the attached pkcs certificate file (password test) for your testing. Use the defaults for proxy database file (frl-proxy.cache) and proxy log file (frl-proxy.log), and set the log destination to file. Use any logging level you want.
• Install 2 different releases (this year and last year) of Photoshop, and install the FRL proxy license package.
• Run your proxy in store mode with frl-proxy start --mode store
• Launch both versions of Photoshop. Both will complain that they cannot verify subscription status.
• Quit your proxy.
• Export the unanswered requests with frl-proxy export frl-proxy.forward. It will report exporting 2 requests.
• Move the frl-proxy.cache file to frl-proxy.stored
• Move the frl-proxy.forward file to frl-proxy.cache
• Run your proxy in forward mode with frl-proxy start --mode forward. It will automatically stop.
• Move the frl-proxy.cache file to frl-proxy.forward
• Move the frl-proxy.stored file to frl-proxy.cache
• Import the forwarded data with frl-proxy import frl-proxy.forward. It will report importing 2 request/response pairs.
• Run your proxy in store mode with frl-proxy start --mode store.
• Launch both versions of Photoshop. Both will license.
• Stop your proxy.
• Remove the frl-proxy.forward file.
• Run the adobe-licensing-toolkit -l to verify your activated licenses. The output should look something like this, with the NpdId coming from the license file of your installation:

$ adobe-licensing-toolkit -l
Adobe Licensing Toolkit (1.1.0.98)
License Details

NpdId          : ODU0YjU5OGQtOTE1Ni00NDZiLWFlZDYtMGQ1ZGM2ZmVhZDBi (*)
AppId          : Bridge1
DeploymentMode : FRL_ONLINE

NpdId          : ODU0YjU5OGQtOTE1Ni00NDZiLWFlZDYtMGQ1ZGM2ZmVhZDBi (*)
AppId          : Photoshop1
DeploymentMode : FRL_ONLINE
(*) indicates currently active(used) license
Operation Successfully Completed

• Run the proxy in store mode with frl-proxy start --mode store
• Deactivate the Photoshop license with adobe-licensing-toolkit -t -n your-npdId-from-above. It will fail.
• Stop your proxy.
• Export the unanswered requests with frl-proxy export frl-proxy.forward. It will report exporting 1 request.
• Move the frl-proxy.cache file to frl-proxy.stored
• Move the frl-proxy.forward file to frl-proxy.cache
• Run your proxy in forward mode with frl-proxy start --mode forward. It will automatically stop.
• Move the frl-proxy.cache file to frl-proxy.forward
• Move the frl-proxy.stored file to frl-proxy.cache
• Import the forwarded data with frl-proxy import frl-proxy.forward. It will report importing 1 request/response pair.
• Clear the Photoshop license from your credential store.
• Run your proxy in store mode with frl-proxy start --mode store.
• Launch both versions of Photoshop. Both will complain that they cannot verify subscription status.
• Stop your proxy.

NOTE: Once you have successfully activated Photoshop, it's not quite enough to deactivate it to repeat the tests. You also have to remove the cached license from the credential store. The license will have a key that is a base 64 encoded form of the app ID and the certificate generation it uses. You can use the adobe-license-decoder utility to show you what that base64 ID is, because it's the first part of the OperatingConfig name of the license file.

Related Issues and PRs

Fixes #9
Fixes #10
Fixes #12
Fixes #13
Fixes #16
Supersedes #14
Supersedes #15

[adobeDan]

@adorton-adobe This PR supersedes the other two I had opened waiting for review. It includes all of their changes, so I am going to close them. Just focus the review on this one, which hopefully takes us all the way to v1.0.

[adorton-adobe]

Sounds good. I'll take a look. Once we get this merged, I will do a 1.0.0rc1 release while I work on updating the docs.

[adorton-adobe]

The config init workflow breaks when I use the shift key (e.g. when typing : for the host port). Seems to be related to this:

console-rs/console#83

Not sure what we can do until that crate gets an update. I'll be sure to mention this issue in the docs. It should be fine since 0.0.0.0:8443 is a reasonable default and the user can edit the config directly after generating it.

[adobeDan]

I am also happy to update the host parsing to understand any delimiter between the host and port (e.g., space, hyphen, or other non-shifted delimiters :). We could also specify host and port in separate config entries, which actually would allow to (for example) specify one port for use with SSL and another for use with non-SSL which would help make the --ssl mode flag more useful. I've submitted this as enhancement request #18.

[adorton-adobe]

Sounds good

[adorton-adobe]

This is also a factor in other options (file paths, remote host), but I don't think that will be too much of an issue.

[adobeDan]

Here is the cert file needed for testing: frl-proxy.pkcs.zip.

[adobeDan]

I notice that console-rs/console#83 has a comment that says this problem is due to the windows-console-colors feature. Have you tried explicitly loading the crate with that feature disabled? Maybe that would trump the default features used by dialoguer?

[adorton-adobe]

After I import the forward file, the -shm and -wal files are still present in my working directory, which I believe might mean we aren't closing the database connection when importing. I'll check the code.

-a----         2/17/2021   5:22 PM          32768 frl-proxy.forward-shm
-a----         2/17/2021   5:22 PM              0 frl-proxy.forward-wal

[adobeDan]

I just checked the code and we definitely close the database we're importing from. But I am noticing the same behavior. Here is the reference article from SQLite about those files. Having read it very carefully, and followed this link, I now believe that those files are left because I am opening the import database in read-only mode. I have made the change to open the import database read-write and that does fix the problem.

[adorton-adobe]

Looks great - I just have a few suggested tweaks.

One other thing to note is when testing cached deactivation, import/export reported importing/exporting 4 requests. 3 of those are my prior activations (Photoshop, Bridge, Acrobat). Should those have been cleared from the cache when I activated those licenses? The rest of the cached deactivation workflow worked as expected - those licenses are inactive.

[adobeDan]

Terrific, thanks @adorton-adobe. I understand and am great with all your suggestions and will implement them today or tomorrow.

WRT your question about the number of request/response pairs: what you saw is expected and correct. When operating in forward mode, the proxy replays all the stored requests/responses in order and stores the results without processing them. Then, during the import of the forwarding database, the results are "replayed" as if they had just come in to a live proxy. So first the two activation requests are processed and stored (waiting for the clients to come back and find them) and then the deactivation response is processed: it is this processing which removes the already received activation responses (and doesn't store the deactivation response because those are never replayed to clients). So once the import has finished, any clients who come back and request an activation response will not find one, so the client side matches the server side.

[adobeDan]

@adorton-adobe On the older PR you mentioned that you wanted to change the configuration file suffix back to toml. Do you want me to make that change here? Do we want to dismiss with the frl- prefix and just go with a naming convention like proxy-conf.toml, proxy-cache.sqlite, proxy-cert.pfx and so on? (I want to change the cert file suffix to pfx anyway because that's the 3-letter convention for pkcs12 format.). That way the file types are transparent.

[adorton-adobe]

I think it's totally fine to keep the frl prefix, since the proxy is designed to work with FRL Online packages. I suggested the switch back to toml for technical reasons - it'll help ensure proper syntax highlighting. We can change it here or in another PR/commit, doesn't really matter to me.

[adobeDan]

RIght, I understood why you wanted to change it to toml, and I guess I'm saying I think that really applies to all of the filenames: I think it's way better to use file extensions to reflect the content type of the file and embed the function of the file in the name. Also, the reason to take out the frl- prefix is to separate the files from the executable itself, so that it's safer to delete files without accidentally deleting the executable. I've been working with this setup:

frl-proxy[.exe] (executable)
proxy-cache.sqlite
proxy-cert.pfx
proxy-conf.toml
proxy-log.log

and it looks great. I'd like to check it in, if you're OK with that.

[adorton-adobe]

Looks good. Once you push those changes, I think we can merge.

[adobeDan]

OK, changes pushed. Please approve and merge once it finishes building.