Skip to content

Comments

[WIP] RFC 9540 support#530

Closed
nothingmuch wants to merge 4 commits intopayjoin:masterfrom
nothingmuch:rfc-9540
Closed

[WIP] RFC 9540 support#530
nothingmuch wants to merge 4 commits intopayjoin:masterfrom
nothingmuch:rfc-9540

Conversation

@nothingmuch
Copy link
Collaborator

@nothingmuch nothingmuch commented Feb 5, 2025
edited
Loading

This is a draft PR for previewing the changes required for RFC 9540 support, and should be split into two smaller ones:

  1. introducing the changes to the directory (2nd commit)
  2. updating the ohttp-relay dependency and making use of the functionality dependent on Implement RFC 9540 ohttp-relay#47

Although the changes to support this are very simple, because of the lack of use of the ohttp relay in the e2e tests, I had both a false positive and a false negative (i.e. I thought it was implemented correctly when it wasn't, then I thought it was implemented incorrectly when it was), so still not feeling confident about these changes.

As a result of this confusion I have been working on using rcgen to generate a self signed certificate, as in the ohttp-relay tests, so that the _danger-local-https feature can be removed, and the e2e test doesn't bypass the relay but is truly end to end, but i'm not sure how to expose such functionality without making the ohttp relay significantly more complex both in code and in CLI api, so ideas on how to do this are welcome.

The best idea I've got so far is to implement a custom root certificate store that manually adds the webpki roots and optionally a CLI specified root certificate, and gate the additional CLI argument with _test-utils flag, that's still a lot of boilerplate, but feature gating is additive.

@nothingmuch
Bubble errors writing encapsulated OHTTP requests
b8ed036
@nothingmuch
Serve .well-known/ohttp-gateway as per RFC 9540
fd8f5d1 
The gateway is available via POST on /.well-known/ohttp-gateway

OHTTP key configuration is available via GET on the same path. In this
case the `Accept: application/ohttp-keys` is not required or even
checked.
@nothingmuch
[remove me] remove pre RFC 9540 endpoints for testing purposes
88d8a77
@nothingmuch
[WIP] use RFC 9540 functionality
aa301e6 
This commit is incomplete since it does not update ohttp-relay (but has
been tested locally with an overridden version, including removing the
backwards compatible behavior of serving the gateway on / and keys on
/ohttp-keys to ensure tests still pass)
@coveralls
Copy link
Collaborator

coveralls commented Feb 5, 2025

Pull Request Test Coverage Report for Build 13168014686

Details

  • 9 of 10 (90.0%) changed or added relevant lines in 4 files are covered.
  • 2 unchanged lines in 1 file lost coverage.
  • Overall coverage decreased (-0.02%) to 79.06%
Changes Missing Coverage Covered Lines Changed/Added Lines %
payjoin/src/io.rs 1 2 50.0%
Files with Coverage Reduction New Missed Lines %
payjoin/src/send/mod.rs 2 93.91%
Totals Coverage Status
Change from base Build 13161838713: -0.02%
Covered Lines: 3768
Relevant Lines: 4766
💛 - Coveralls

@nothingmuch nothingmuch mentioned this pull request Feb 6, 2025
Merged
@DanGould
Copy link
Contributor

DanGould commented Feb 22, 2025

This intended to put ohttp-relay cargo update in here and utilizing the e2e test but that will be a new PR

@DanGould DanGould closed this Feb 22, 2025
@DanGould DanGould mentioned this pull request Feb 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nothingmuch @coveralls @DanGould