fetch ohttp keys through CONNECT tunnel

[DanGould]

Previously we were supplying the OHTTP Gateway's Key Configuration OhttpKeys manually with configuration.

Now that the Rust ohttp-relay supports fetching it via https-in-https CONNECT tunnel, we can fetch it from the server while revealing our IP address only to an ohttp relay.

While ureq and reqwest advertise https-in-https CONNECT functionality, in practice neither properly tunnels TLS in TLS, though I'm trying to change this. For this reason this version uses https-in-http CONNECT which still gets an authenticated response from the gateway (payjoin directory)

Now we only e2e test v1 payjoin cli, and this is complex behavior we probably want to test for which means standing up an ohttp-relay, payjoin directory, and provisioning https certs for them in testing.

refactored and built on #198

• handle errors
• test
• suppress warnings

Regarding Configuration

This PR makes it possible to provide an optional default ohttp-keys config to override fetching one.

In the future, ohttp-keys may be cached per-directory and only refreshed when they fail.

[DanGould]

While the feature seems to be able to work in production as-is, fetching keys via relay is not yet included in integration tests. The Proxy agent does not support the danger_local_https feature either.

[jbesraa]

why this need to be async?

[DanGould]

Whoops nice catch. It doesn't.

I actually think the Enrolled struct has all of the information necessary to construct a Uri and should become available from one of its methods.

[jbesraa]

I feel that get_ohttp_keys, fetch_ohttp_keys and normalize_proxy_url should be part of the payjoin crate.
the fetch.. could require the http client the user is using as input.

[DanGould]

I agree that there should be library code for fetching ohttp keys, however, the strong typing is already part of payjoin::OhttpKeys::decode(bytes). That leaves the i/o. Since payjoin is a no-IO crate, this makes the functionality, including normalize_proxy_url as candidates for a payjoin-io crate. normalize_proxy_url is a hack for a strange ureq bug I'm hoping can be fixed. I'm happy to begin work on the new crate but would prefer to leave that to a new PR. It would be simple to create a dependency on a local payjoin-io crate as a follow up.

get_ohttp_keys is an app method that takes config as input, so I'm not sure that can be included in a common library.

[jbesraa]

I saw this tokio::select! few times already and always get confused about it. can please explain whats the motivation of using it in this kind of scenarios?

[DanGould]

Select is a way to call concurrent async methods without starting new tasks. It's less boilerplate than tasks when multiple async calls, like multiple servers, need to run in e.g. tests. It also cancels all of the functions as soon as one of them returns.

https://tokio.rs/tokio/tutorial/select

[jbesraa]

the content-type is quite important in payjoin world, maybe we should consider add RequestContentType enum to the main crate with the available options. I believe these are text/plain and message/ohttp-req.

[DanGould]

I see two ergonomic TODOs in this comment

1. define header key/value constants so these can't be misinterpreted during implementation
2. include headers in req from which to set them rather than set them manually

Beyond these TODOs, these are exactly the confusing implementation details that a payjoin-io crate could abstract.

edit: since these are ergonomic in nature and don't affect the logic of the fetch I'd rather leave them to another PR

[DanGould]

@jbesraa wonderful review. You raised some great points which I've addressed. It's looking like the time for the IO crate to be developed is upon us.

[jbesraa]

We should document the properties here, probably for a different PR

[jbesraa]

We should document the properties here, probably for a different PR

[jbesraa]

We should document the properties here, probably for a different PR

[DanGould]

@jbesraa I'm leaving a note as to why that hasn't been merged yet. Thanks for all the reviews.

I'd like to merge, but not without that danger-local-https feature support and basic tests. In order to do that testing I've been working on #207 to refactor tests to run payjoin-directory as a library but that ran into MSRV issues. I may have been able to make a hack to get MSRV to 1.63.0 with sqlx but it seemed better to use the same time to kill two birds with one stone by switching to redis in #210. Our tests are getting seriously robust now.

[DanGould]

This PR now tests the CONNECT bootstrap mechanism by introducing an ohttp_relay dependency integration and duplicating the fetch mechanism found in payjoin-cli. @jbesraa Assuming you agree with the implementation, the duplicate code should make a great starting point for #211. The tests appear not to pass in CI because of a DNS issue I will try to fix in the morning. They seem to pass in my local environment.

[DanGould]

Testing the networking between local environment and CI has been frustrating. This branch seems to pass v2 tests: https://github.com/DanGould/rust-payjoin/tree/fetch-ohttp-keys-ci

but making requests to 0.0.0.0 seems to work exclusively in ci but to localhost exclusively in local v2 tests. There are even some discrepancies between rust versions: the first time v2 tests ran on that commit, test_bad_ohttp_keys failed, but the second run passed. Confusing. Perhaps there is some sort of race in addition to what appears to be a discrepancy in DNS resolution.

[DanGould]

The most recent test suggests that ohttp-relay is resolving localhost to ipv6 [::1]:$PORT which the directory server is not listening for. Aha!

[DanGould]

@jbesraa I took your feedback into account and e2e tested the results. Our test framework is way better after this as a side effect.