@libp2p/webrtc 5.2.9-fc5122110 → 5.2.10

package/dist/src/private-to-public/transport.js

@@ -1,20 +1,37 @@
-import { serviceCapabilities, transportSymbol } from '@libp2p/interface';
+import { generateKeyPair, privateKeyToCryptoKeyPair } from '@libp2p/crypto/keys';
+import { InvalidParametersError, NotFoundError, NotStartedError, TypedEventEmitter, serviceCapabilities, transportSymbol } from '@libp2p/interface';
 import { peerIdFromString } from '@libp2p/peer-id';
 import { WebRTCDirect } from '@multiformats/multiaddr-matcher';
+import { BasicConstraintsExtension, X509Certificate, X509CertificateGenerator } from '@peculiar/x509';
+import { Key } from 'interface-datastore';
+import { base64url } from 'multiformats/bases/base64';
+import { sha256 } from 'multiformats/hashes/sha2';
 import { raceSignal } from 'race-signal';
+import { equals as uint8ArrayEquals } from 'uint8arrays/equals';
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string';
+import { DEFAULT_CERTIFICATE_DATASTORE_KEY, DEFAULT_CERTIFICATE_LIFESPAN, DEFAULT_CERTIFICATE_PRIVATE_KEY_NAME, DEFAULT_CERTIFICATE_RENEWAL_THRESHOLD } from '../constants.js';
 import { genUfrag } from '../util.js';
 import { WebRTCDirectListener } from './listener.js';
 import { connect } from './utils/connect.js';
 import { createDialerRTCPeerConnection } from './utils/get-rtcpeerconnection.js';
+import { formatAsPem } from './utils/pem.js';
 export class WebRTCDirectTransport {
     log;
     metrics;
     components;
     init;
+    certificate;
+    privateKey;
+    emitter;
+    renewCertificateTask;
     constructor(components, init = {}) {
         this.log = components.logger.forComponent('libp2p:webrtc-direct');
         this.components = components;
         this.init = init;
+        this.emitter = new TypedEventEmitter();
+        if (init.certificateLifespan != null && init.certificateRenewalThreshold != null && init.certificateRenewalThreshold >= init.certificateLifespan) {
+            throw new InvalidParametersError('Certificate renewal threshold must be less than certificate lifespan');
+        }
         if (components.metrics != null) {
             this.metrics = {
                 dialerEvents: components.metrics.registerCounterGroup('libp2p_webrtc-direct_dialer_events_total', {
@@ -29,6 +46,15 @@ export class WebRTCDirectTransport {
     [serviceCapabilities] = [
         '@libp2p/transport'
     ];
+    async start() {
+        this.certificate = await this.getCertificate();
+    }
+    async stop() {
+        if (this.renewCertificateTask != null) {
+            clearTimeout(this.renewCertificateTask);
+        }
+        this.certificate = undefined;
+    }
     /**
      * Dial a given multiaddr
      */
@@ -41,9 +67,14 @@ export class WebRTCDirectTransport {
      * Create transport listeners no supported by browsers
      */
     createListener(options) {
+        if (this.certificate == null) {
+            throw new NotStartedError();
+        }
         return new WebRTCDirectListener(this.components, {
             ...this.init,
-            ...options
+            ...options,
+            certificate: this.certificate,
+            emitter: this.emitter
         });
     }
     /**
@@ -93,5 +124,153 @@ export class WebRTCDirectTransport {
             throw err;
         }
     }
+    async getCertificate(forceRenew) {
+        if (isTransportCertificate(this.init.certificate)) {
+            this.log('using provided TLS certificate');
+            return this.init.certificate;
+        }
+        const privateKey = await this.loadOrCreatePrivateKey();
+        const { pem, certhash } = await this.loadOrCreateCertificate(privateKey, forceRenew);
+        return {
+            privateKey: await formatAsPem(privateKey),
+            pem,
+            certhash
+        };
+    }
+    async loadOrCreatePrivateKey() {
+        if (this.privateKey != null) {
+            return this.privateKey;
+        }
+        const keychainName = this.init.certificateKeychainName ?? DEFAULT_CERTIFICATE_PRIVATE_KEY_NAME;
+        const keychain = this.getKeychain();
+        try {
+            if (keychain == null) {
+                this.log('no keychain configured - not checking for stored private key');
+                throw new NotFoundError();
+            }
+            this.log.trace('checking for stored private key');
+            this.privateKey = await keychain.exportKey(keychainName);
+        }
+        catch (err) {
+            if (err.name !== 'NotFoundError') {
+                throw err;
+            }
+            this.log.trace('generating private key');
+            this.privateKey = await generateKeyPair('ECDSA', 'P-256');
+            if (keychain != null) {
+                this.log.trace('storing private key');
+                await keychain.importKey(keychainName, this.privateKey);
+            }
+            else {
+                this.log('no keychain configured - not storing private key');
+            }
+        }
+        return this.privateKey;
+    }
+    async loadOrCreateCertificate(privateKey, forceRenew) {
+        if (this.certificate != null && forceRenew !== true) {
+            return this.certificate;
+        }
+        let cert;
+        const dsKey = new Key(this.init.certificateDatastoreKey ?? DEFAULT_CERTIFICATE_DATASTORE_KEY);
+        const keyPair = await privateKeyToCryptoKeyPair(privateKey);
+        try {
+            if (forceRenew === true) {
+                this.log.trace('forcing renewal of TLS certificate');
+                throw new NotFoundError();
+            }
+            this.log.trace('checking for stored TLS certificate');
+            cert = await this.loadCertificate(dsKey, keyPair);
+        }
+        catch (err) {
+            if (err.name !== 'NotFoundError') {
+                throw err;
+            }
+            this.log.trace('generating new TLS certificate');
+            cert = await this.createCertificate(dsKey, keyPair);
+        }
+        // set timeout to renew certificate
+        let renewTime = (cert.notAfter.getTime() - (this.init.certificateRenewalThreshold ?? DEFAULT_CERTIFICATE_RENEWAL_THRESHOLD)) - Date.now();
+        if (renewTime < 0) {
+            renewTime = 100;
+        }
+        this.log('will renew TLS certificate after %d ms', renewTime);
+        this.renewCertificateTask = setTimeout(() => {
+            this.log('renewing TLS certificate');
+            this.getCertificate(true)
+                .then(cert => {
+                this.certificate = cert;
+                this.emitter.safeDispatchEvent('certificate:renew', {
+                    detail: cert
+                });
+            })
+                .catch(err => {
+                this.log.error('could not renew certificate - %e', err);
+            });
+        }, renewTime);
+        return {
+            pem: cert.toString('pem'),
+            certhash: base64url.encode((await sha256.digest(new Uint8Array(cert.rawData))).bytes)
+        };
+    }
+    async loadCertificate(dsKey, keyPair) {
+        const buf = await this.components.datastore.get(dsKey);
+        const cert = new X509Certificate(buf);
+        // check expiry date
+        const expiryTime = cert.notAfter.getTime() - (this.init.certificateRenewalThreshold ?? DEFAULT_CERTIFICATE_RENEWAL_THRESHOLD);
+        if (Date.now() > expiryTime) {
+            this.log('stored TLS certificate has expired');
+            // act as if no certificate was present
+            throw new NotFoundError();
+        }
+        this.log('loaded certificate, expires in %d ms', expiryTime);
+        // check public keys match
+        const exportedCertKey = await cert.publicKey.export(crypto);
+        const rawCertKey = await crypto.subtle.exportKey('raw', exportedCertKey);
+        const rawKeyPairKey = await crypto.subtle.exportKey('raw', keyPair.publicKey);
+        if (!uint8ArrayEquals(new Uint8Array(rawCertKey, 0, rawCertKey.byteLength), new Uint8Array(rawKeyPairKey, 0, rawKeyPairKey.byteLength))) {
+            this.log('stored TLS certificate public key did not match public key from private key');
+            throw new NotFoundError();
+        }
+        this.log('loaded certificate, expiry time is %o', expiryTime);
+        return cert;
+    }
+    async createCertificate(dsKey, keyPair) {
+        const notBefore = new Date();
+        const notAfter = new Date(Date.now() + (this.init.certificateLifespan ?? DEFAULT_CERTIFICATE_LIFESPAN));
+        // have to set ms to 0 to work around https://github.com/PeculiarVentures/x509/issues/73
+        notBefore.setMilliseconds(0);
+        notAfter.setMilliseconds(0);
+        const cert = await X509CertificateGenerator.createSelfSigned({
+            serialNumber: (BigInt(Math.random().toString().replace('.', '')) * 100000n).toString(16),
+            name: 'CN=example.com, C=US, L=CA, O=example, ST=CA',
+            notBefore,
+            notAfter,
+            keys: keyPair,
+            extensions: [
+                new BasicConstraintsExtension(false, undefined, true)
+            ]
+        }, crypto);
+        if (this.getKeychain() != null) {
+            this.log.trace('storing TLS certificate');
+            await this.components.datastore.put(dsKey, uint8ArrayFromString(cert.toString('pem')));
+        }
+        else {
+            this.log('no keychain is configured so not storing TLS certificate since the private key will not be reused');
+        }
+        return cert;
+    }
+    getKeychain() {
+        try {
+            return this.components.keychain;
+        }
+        catch { }
+    }
+}
+function isTransportCertificate(obj) {
+    if (obj == null) {
+        return false;
+    }
+    return typeof obj.privateKey === 'string' && typeof obj.pem === 'string' && typeof obj.certhash === 'string';
 }
 //# sourceMappingURL=transport.js.map

package/dist/src/private-to-public/transport.js.map

@@ -1 +1 @@
-{"version":3,"file":"transport.js","sourceRoot":"","sources":["../../../src/private-to-public/transport.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAA;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AACrC,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAA;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AAC5C,OAAO,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAA;AAkChF,MAAM,OAAO,qBAAqB;IACf,GAAG,CAAQ;IACX,OAAO,CAAgB;IACvB,UAAU,CAAiC;IAC3C,IAAI,CAA2B;IAEhD,YAAa,UAA2C,EAAE,OAAkC,EAAE;QAC5F,IAAI,CAAC,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAA;QACjE,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAEhB,IAAI,UAAU,CAAC,OAAO,IAAI,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,GAAG;gBACb,YAAY,EAAE,UAAU,CAAC,OAAO,CAAC,oBAAoB,CAAC,0CAA0C,EAAE;oBAChG,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,kDAAkD;iBACzD,CAAC;aACH,CAAA;QACH,CAAC;IACH,CAAC;IAEQ,CAAC,eAAe,CAAC,GAAG,IAAI,CAAA;IAExB,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,uBAAuB,CAAA;IAE9C,CAAC,mBAAmB,CAAC,GAAa;QACzC,mBAAmB;KACpB,CAAA;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAE,EAAa,EAAE,OAA+C;QACxE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC,CAAA;QAChD,IAAI,CAAC,GAAG,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAA;QACnC,OAAO,OAAO,CAAA;IAChB,CAAC;IAED;;OAEG;IACH,cAAc,CAAE,OAA8B;QAC5C,OAAO,IAAI,oBAAoB,CAAC,IAAI,CAAC,UAAU,EAAE;YAC/C,GAAG,IAAI,CAAC,IAAI;YACZ,GAAG,OAAO;SACX,CAAC,CAAA;IACJ,CAAC;IAED;;OAEG;IACH,YAAY,CAAE,UAAuB;QACnC,OAAO,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,CAAA;IACnD,CAAC;IAED;;OAEG;IACH,UAAU,CAAE,UAAuB;QACjC,OAAO,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAA;IACtC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAE,EAAa,EAAE,OAA+C;QAC5E,yEAAyE;QACzE,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,CAAA;QAE/B,IAAI,WAA+B,CAAA;QACnC,MAAM,gBAAgB,GAAG,EAAE,CAAC,SAAS,EAAE,CAAA;QACvC,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAC7B,WAAW,GAAG,gBAAgB,CAAC,gBAAgB,CAAC,CAAA;QAClD,CAAC;QAED,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAA;QAExB,+FAA+F;QAC/F,MAAM,cAAc,GAAG,MAAM,6BAA6B,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAA;QAErM,IAAI,CAAC;YACH,OAAO,MAAM,UAAU,CAAC,OAAO,CAAC,cAAc,EAAE,KAAK,EAAE;gBACrD,IAAI,EAAE,QAAQ;gBACd,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;gBAC9B,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO;gBAChC,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,YAAY;gBAClC,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,UAAU,EAAE,EAAE;gBACd,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;gBAClC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;gBAC9B,YAAY,EAAE,WAAW;gBACzB,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;aACvC,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,cAAc,CAAC,KAAK,EAAE,CAAA;YACtB,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"transport.js","sourceRoot":"","sources":["../../../src/private-to-public/transport.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAAE,sBAAsB,EAAE,aAAa,EAAE,eAAe,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnJ,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAA;AAC9D,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAA;AACrG,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAA;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,MAAM,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAC/D,OAAO,EAAE,UAAU,IAAI,oBAAoB,EAAE,MAAM,yBAAyB,CAAA;AAC5E,OAAO,EAAE,iCAAiC,EAAE,4BAA4B,EAAE,oCAAoC,EAAE,qCAAqC,EAAE,MAAM,iBAAiB,CAAA;AAC9K,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AACrC,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAA;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AAC5C,OAAO,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAA;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AA0F5C,MAAM,OAAO,qBAAqB;IACf,GAAG,CAAQ;IACX,OAAO,CAAgB;IACvB,UAAU,CAAiC;IAC3C,IAAI,CAA2B;IACxC,WAAW,CAAuB;IAClC,UAAU,CAAa;IACd,OAAO,CAA0D;IAC1E,oBAAoB,CAAgC;IAE5D,YAAa,UAA2C,EAAE,OAAkC,EAAE;QAC5F,IAAI,CAAC,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAA;QACjE,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAChB,IAAI,CAAC,OAAO,GAAG,IAAI,iBAAiB,EAAE,CAAA;QAEtC,IAAI,IAAI,CAAC,mBAAmB,IAAI,IAAI,IAAI,IAAI,CAAC,2BAA2B,IAAI,IAAI,IAAI,IAAI,CAAC,2BAA2B,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACjJ,MAAM,IAAI,sBAAsB,CAAC,sEAAsE,CAAC,CAAA;QAC1G,CAAC;QAED,IAAI,UAAU,CAAC,OAAO,IAAI,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,GAAG;gBACb,YAAY,EAAE,UAAU,CAAC,OAAO,CAAC,oBAAoB,CAAC,0CAA0C,EAAE;oBAChG,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,kDAAkD;iBACzD,CAAC;aACH,CAAA;QACH,CAAC;IACH,CAAC;IAEQ,CAAC,eAAe,CAAC,GAAG,IAAI,CAAA;IAExB,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,uBAAuB,CAAA;IAE9C,CAAC,mBAAmB,CAAC,GAAa;QACzC,mBAAmB;KACpB,CAAA;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,oBAAoB,IAAI,IAAI,EAAE,CAAC;YACtC,YAAY,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;QACzC,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,SAAS,CAAA;IAC9B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAE,EAAa,EAAE,OAA+C;QACxE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC,CAAA;QAChD,IAAI,CAAC,GAAG,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAA;QACnC,OAAO,OAAO,CAAA;IAChB,CAAC;IAED;;OAEG;IACH,cAAc,CAAE,OAA8B;QAC5C,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,EAAE,CAAC;YAC7B,MAAM,IAAI,eAAe,EAAE,CAAA;QAC7B,CAAC;QAED,OAAO,IAAI,oBAAoB,CAAC,IAAI,CAAC,UAAU,EAAE;YAC/C,GAAG,IAAI,CAAC,IAAI;YACZ,GAAG,OAAO;YACV,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAA;IACJ,CAAC;IAED;;OAEG;IACH,YAAY,CAAE,UAAuB;QACnC,OAAO,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,CAAA;IACnD,CAAC;IAED;;OAEG;IACH,UAAU,CAAE,UAAuB;QACjC,OAAO,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAA;IACtC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAE,EAAa,EAAE,OAA+C;QAC5E,yEAAyE;QACzE,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,CAAA;QAE/B,IAAI,WAA+B,CAAA;QACnC,MAAM,gBAAgB,GAAG,EAAE,CAAC,SAAS,EAAE,CAAA;QACvC,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAC7B,WAAW,GAAG,gBAAgB,CAAC,gBAAgB,CAAC,CAAA;QAClD,CAAC;QAED,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAA;QAExB,+FAA+F;QAC/F,MAAM,cAAc,GAAG,MAAM,6BAA6B,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAA;QAErM,IAAI,CAAC;YACH,OAAO,MAAM,UAAU,CAAC,OAAO,CAAC,cAAc,EAAE,KAAK,EAAE;gBACrD,IAAI,EAAE,QAAQ;gBACd,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;gBAC9B,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO;gBAChC,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,YAAY;gBAClC,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,UAAU,EAAE,EAAE;gBACd,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;gBAClC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;gBAC9B,YAAY,EAAE,WAAW;gBACzB,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;aACvC,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,cAAc,CAAC,KAAK,EAAE,CAAA;YACtB,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,cAAc,CAAE,UAAoB;QAChD,IAAI,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClD,IAAI,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAA;YAC1C,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAA;QAC9B,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,sBAAsB,EAAE,CAAA;QACtD,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAA;QAEpF,OAAO;YACL,UAAU,EAAE,MAAM,WAAW,CAAC,UAAU,CAAC;YACzC,GAAG;YACH,QAAQ;SACT,CAAA;IACH,CAAC;IAEO,KAAK,CAAC,sBAAsB;QAClC,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,UAAU,CAAA;QACxB,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,uBAAuB,IAAI,oCAAoC,CAAA;QAC9F,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAA;QAEnC,IAAI,CAAC;YACH,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAA;gBACxE,MAAM,IAAI,aAAa,EAAE,CAAA;YAC3B,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAA;YACjD,IAAI,CAAC,UAAU,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;QAC1D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;gBACjC,MAAM,GAAG,CAAA;YACX,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAA;YACxC,IAAI,CAAC,UAAU,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;YAEzD,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAA;gBACrC,MAAM,QAAQ,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;YACzD,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,UAAU,CAAA;IACxB,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAE,UAAsB,EAAE,UAAoB;QACjF,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC,WAAW,CAAA;QACzB,CAAC;QAED,IAAI,IAAqB,CAAA;QACzB,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,IAAI,iCAAiC,CAAC,CAAA;QAC7F,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC,UAAU,CAAC,CAAA;QAE3D,IAAI,CAAC;YACH,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;gBACxB,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAA;gBACpD,MAAM,IAAI,aAAa,EAAE,CAAA;YAC3B,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAA;YACrD,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QACnD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;gBACjC,MAAM,GAAG,CAAA;YACX,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;YAChD,IAAI,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QACrD,CAAC;QAED,mCAAmC;QACnC,IAAI,SAAS,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,IAAI,qCAAqC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEzI,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAClB,SAAS,GAAG,GAAG,CAAA;QACjB,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,wCAAwC,EAAE,SAAS,CAAC,CAAA;QAE7D,IAAI,CAAC,oBAAoB,GAAG,UAAU,CAAC,GAAG,EAAE;YAC1C,IAAI,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAA;YACpC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;iBACtB,IAAI,CAAC,IAAI,CAAC,EAAE;gBACX,IAAI,CAAC,WAAW,GAAG,IAAI,CAAA;gBACvB,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,mBAAmB,EAAE;oBAClD,MAAM,EAAE,IAAI;iBACb,CAAC,CAAA;YACJ,CAAC,CAAC;iBACD,KAAK,CAAC,GAAG,CAAC,EAAE;gBACX,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAA;YACzD,CAAC,CAAC,CAAA;QACN,CAAC,EAAE,SAAS,CAAC,CAAA;QAEb,OAAO;YACL,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YACzB,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;SACtF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,eAAe,CAAE,KAAU,EAAE,OAAsB;QACvD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACtD,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,GAAG,CAAC,CAAA;QAErC,oBAAoB;QACpB,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,IAAI,qCAAqC,CAAC,CAAA;QAE7H,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAA;YAC9C,uCAAuC;YACvC,MAAM,IAAI,aAAa,EAAE,CAAA;QAC3B,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,sCAAsC,EAAE,UAAU,CAAC,CAAA;QAE5D,0BAA0B;QAC1B,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QAC3D,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,eAAe,CAAC,CAAA;QACxE,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;QAE7E,IAAI,CAAC,gBAAgB,CACnB,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,EACpD,IAAI,UAAU,CAAC,aAAa,EAAE,CAAC,EAAE,aAAa,CAAC,UAAU,CAAC,CAC3D,EAAE,CAAC;YACF,IAAI,CAAC,GAAG,CAAC,6EAA6E,CAAC,CAAA;YACvF,MAAM,IAAI,aAAa,EAAE,CAAA;QAC3B,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,uCAAuC,EAAE,UAAU,CAAC,CAAA;QAE7D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAE,KAAU,EAAE,OAAsB;QACzD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAA;QAC5B,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,IAAI,4BAA4B,CAAC,CAAC,CAAA;QAEvG,wFAAwF;QACxF,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC,CAAA;QAC5B,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,CAAA;QAE3B,MAAM,IAAI,GAAG,MAAM,wBAAwB,CAAC,gBAAgB,CAAC;YAC3D,YAAY,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxF,IAAI,EAAE,8CAA8C;YACpD,SAAS;YACT,QAAQ;YACR,IAAI,EAAE,OAAO;YACb,UAAU,EAAE;gBACV,IAAI,yBAAyB,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC;aACtD;SACF,EAAE,MAAM,CAAC,CAAA;QAEV,IAAI,IAAI,CAAC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAA;YACzC,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACxF,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,mGAAmG,CAAC,CAAA;QAC/G,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;IAEO,WAAW;QACjB,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAA;QACjC,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;CACF;AAED,SAAS,sBAAsB,CAAE,GAAS;IACxC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAChB,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAA;AAC9G,CAAC"}

package/dist/src/private-to-public/utils/pem.d.ts

@@ -0,0 +1,6 @@
+/// <reference types="node" />
+/// <reference types="node" />
+import type { PrivateKey } from '@libp2p/interface';
+export declare function toBuffer(uint8Array: Uint8Array): Buffer;
+export declare function formatAsPem(privateKey: PrivateKey): Promise<string>;
+//# sourceMappingURL=pem.d.ts.map

package/dist/src/private-to-public/utils/pem.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pem.d.ts","sourceRoot":"","sources":["../../../../src/private-to-public/utils/pem.ts"],"names":[],"mappings":";;AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAEnD,wBAAgB,QAAQ,CAAE,UAAU,EAAE,UAAU,GAAG,MAAM,CAExD;AAED,wBAAsB,WAAW,CAAE,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAS1E"}

package/dist/src/private-to-public/utils/pem.js

@@ -0,0 +1,15 @@
+import { privateKeyToCryptoKeyPair } from '@libp2p/crypto/keys';
+import { toString as uint8ArrayToString } from 'uint8arrays/to-string';
+export function toBuffer(uint8Array) {
+    return Buffer.from(uint8Array.buffer, uint8Array.byteOffset, uint8Array.byteLength);
+}
+export async function formatAsPem(privateKey) {
+    const keyPair = await privateKeyToCryptoKeyPair(privateKey);
+    const exported = await crypto.subtle.exportKey('pkcs8', keyPair.privateKey);
+    return [
+        '-----BEGIN PRIVATE KEY-----',
+        ...uint8ArrayToString(new Uint8Array(exported), 'base64pad').split(/(.{64})/).filter(Boolean),
+        '-----END PRIVATE KEY-----'
+    ].join('\n');
+}
+//# sourceMappingURL=pem.js.map

package/dist/src/private-to-public/utils/pem.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pem.js","sourceRoot":"","sources":["../../../../src/private-to-public/utils/pem.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAA;AAC/D,OAAO,EAAE,QAAQ,IAAI,kBAAkB,EAAE,MAAM,uBAAuB,CAAA;AAGtE,MAAM,UAAU,QAAQ,CAAE,UAAsB;IAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC,CAAA;AACrF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAE,UAAsB;IACvD,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC,UAAU,CAAC,CAAA;IAC3D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAA;IAE3E,OAAO;QACL,6BAA6B;QAC7B,GAAG,kBAAkB,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;QAC7F,2BAA2B;KAC5B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACd,CAAC"}

package/dist/typedoc-urls.json

@@ -0,0 +1,14 @@
+{
+  "DataChannelOptions": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_webrtc.DataChannelOptions.html",
+  ".:DataChannelOptions": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_webrtc.DataChannelOptions.html",
+  "TransportCertificate": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_webrtc.TransportCertificate.html",
+  ".:TransportCertificate": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_webrtc.TransportCertificate.html",
+  "WebRTCDirectTransportComponents": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_webrtc.WebRTCDirectTransportComponents.html",
+  "WebRTCTransportComponents": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_webrtc.WebRTCTransportComponents.html",
+  "WebRTCTransportDirectInit": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_webrtc.WebRTCTransportDirectInit.html",
+  "WebRTCTransportInit": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_webrtc.WebRTCTransportInit.html",
+  "webRTC": "https://libp2p.github.io/js-libp2p/functions/_libp2p_webrtc.webRTC.html",
+  ".:webRTC": "https://libp2p.github.io/js-libp2p/functions/_libp2p_webrtc.webRTC.html",
+  "webRTCDirect": "https://libp2p.github.io/js-libp2p/functions/_libp2p_webrtc.webRTCDirect.html",
+  ".:webRTCDirect": "https://libp2p.github.io/js-libp2p/functions/_libp2p_webrtc.webRTCDirect.html"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@libp2p/webrtc",
-  "version": "5.2.9-fc5122110",
+  "version": "5.2.10",
   "description": "A libp2p transport using WebRTC connections",
   "license": "Apache-2.0 OR MIT",
   "homepage": "https://github.com/libp2p/js-libp2p/tree/main/packages/transport-webrtc#readme",
@@ -54,10 +54,12 @@
     "@chainsafe/is-ip": "^2.0.2",
     "@chainsafe/libp2p-noise": "^16.0.0",
     "@ipshipyard/node-datachannel": "^0.26.4",
-    "@libp2p/interface": "2.7.0-fc5122110",
-    "@libp2p/interface-internal": "2.3.9-fc5122110",
-    "@libp2p/peer-id": "5.1.0-fc5122110",
-    "@libp2p/utils": "6.6.0-fc5122110",
+    "@libp2p/crypto": "^5.1.0",
+    "@libp2p/interface": "^2.8.0",
+    "@libp2p/interface-internal": "^2.3.10",
+    "@libp2p/keychain": "^5.2.0",
+    "@libp2p/peer-id": "^5.1.1",
+    "@libp2p/utils": "^6.6.1",
     "@multiformats/multiaddr": "^12.4.0",
     "@multiformats/multiaddr-matcher": "^1.6.0",
     "@peculiar/webcrypto": "^1.5.0",
@@ -65,6 +67,7 @@
     "any-signal": "^4.1.1",
     "detect-browser": "^5.3.0",
     "get-port": "^7.1.0",
+    "interface-datastore": "^8.3.1",
     "it-length-prefixed": "^10.0.1",
     "it-protobuf-stream": "^2.0.1",
     "it-pushable": "^3.2.3",
@@ -83,11 +86,11 @@
     "uint8arrays": "^5.1.0"
   },
   "devDependencies": {
-    "@libp2p/crypto": "5.0.15-fc5122110",
-    "@libp2p/interface-compliance-tests": "6.4.2-fc5122110",
-    "@libp2p/logger": "5.1.13-fc5122110",
+    "@libp2p/interface-compliance-tests": "^6.4.3",
+    "@libp2p/logger": "^5.1.14",
     "@types/sinon": "^17.0.3",
     "aegir": "^45.1.1",
+    "datastore-core": "^10.0.2",
     "delay": "^6.0.0",
     "it-length": "^3.0.6",
     "it-pair": "^2.0.6",

package/src/constants.ts

@@ -110,3 +110,28 @@ export const MUXER_PROTOCOL = '/webrtc'
  * The protocol used for the signalling stream protocol
  */
 export const SIGNALING_PROTOCOL = '/webrtc-signaling/0.0.1'
+
+/**
+ * Used to store generated certificates in the datastore
+ */
+export const DEFAULT_CERTIFICATE_DATASTORE_KEY = '/libp2p/webrtc-direct/certificate'
+
+/**
+ * Used to store the certificate private key in the keychain
+ */
+export const DEFAULT_CERTIFICATE_PRIVATE_KEY_NAME = 'webrtc-direct-certificate-private-key'
+
+/**
+ * The default type of certificate private key
+ */
+export const DEFAULT_CERTIFICATE_PRIVATE_KEY_TYPE = 'ECDSA'
+
+/**
+ * How long the certificate is valid for
+ */
+export const DEFAULT_CERTIFICATE_LIFESPAN = 1_209_600_000
+
+/**
+ * Renew the certificate this long before it expires
+ */
+export const DEFAULT_CERTIFICATE_RENEWAL_THRESHOLD = 86_400_000

package/src/index.ts

@@ -206,6 +206,60 @@
  *   }
  * )
  * ```
+ *
+ * ## WebRTC Direct certificate hashes
+ *
+ * WebRTC Direct listeners publish the hash of their TLS certificate as part of
+ * the listening multiaddr.
+ *
+ * By default these certificates are generated at start up using an ephemeral
+ * keypair that only exists while the node is running.
+ *
+ * This means that the certificate hashes change when the node is restarted,
+ * which can be undesirable if multiaddrs are intended to be long lived (e.g.
+ * if the node is used as a network bootstrapper).
+ *
+ * To reuse the same certificate and keypair, configure a persistent datastore
+ * and the [@libp2p/keychain](https://www.npmjs.com/package/@libp2p/keychain)
+ * service as part of your service map:
+ *
+ * @example Reuse TLS certificates after restart
+ *
+ * ```ts
+ * import { LevelDatastore } from 'datastore-level'
+ * import { webRTCDirect } from '@libp2p/webrtc'
+ * import { keychain } from '@libp2p/keychain'
+ * import { createLibp2p } from 'libp2p'
+ *
+ * // store data on disk between restarts
+ * const datastore = new LevelDatastore('/path/to/store')
+ *
+ * const listener = await createLibp2p({
+ *   addresses: {
+ *     listen: [
+ *       '/ip4/0.0.0.0/udp/0/webrtc-direct'
+ *     ]
+ *   },
+ *   datastore,
+ *   transports: [
+ *     webRTCDirect()
+ *   ],
+ *   services: {
+ *     keychain: keychain()
+ *   }
+ * })
+ *
+ * await listener.start()
+ *
+ * console.info(listener.getMultiaddrs())
+ * // /ip4/...../udp/../webrtc-direct/certhash/foo
+ *
+ * await listener.stop()
+ * await listener.start()
+ *
+ * console.info(listener.getMultiaddrs())
+ * // /ip4/...../udp/../webrtc-direct/certhash/foo
+ * ```
  */
 
 import { WebRTCTransport } from './private-to-private/transport.js'

package/src/private-to-public/listener.ts

@@ -3,37 +3,38 @@ import { InvalidParametersError, TypedEventEmitter } from '@libp2p/interface'
 import { getThinWaistAddresses } from '@libp2p/utils/get-thin-waist-addresses'
 import { multiaddr, fromStringTuples } from '@multiformats/multiaddr'
 import { WebRTCDirect } from '@multiformats/multiaddr-matcher'
-import { Crypto } from '@peculiar/webcrypto'
 import getPort from 'get-port'
 import pWaitFor from 'p-wait-for'
 import { CODEC_CERTHASH, CODEC_WEBRTC_DIRECT } from '../constants.js'
 import { connect } from './utils/connect.js'
-import { generateTransportCertificate } from './utils/generate-certificates.js'
 import { createDialerRTCPeerConnection } from './utils/get-rtcpeerconnection.js'
 import { stunListener } from './utils/stun-listener.js'
 import type { DataChannelOptions, TransportCertificate } from '../index.js'
+import type { WebRTCDirectTransportCertificateEvents } from './transport.js'
 import type { DirectRTCPeerConnection } from './utils/get-rtcpeerconnection.js'
 import type { StunServer } from './utils/stun-listener.js'
-import type { PeerId, ListenerEvents, Listener, Upgrader, ComponentLogger, Logger, CounterGroup, Metrics, PrivateKey } from '@libp2p/interface'
+import type { PeerId, ListenerEvents, Listener, Upgrader, ComponentLogger, Logger, CounterGroup, Metrics, PrivateKey, TypedEventTarget } from '@libp2p/interface'
+import type { Keychain } from '@libp2p/keychain'
 import type { Multiaddr } from '@multiformats/multiaddr'
-
-const crypto = new Crypto()
+import type { Datastore } from 'interface-datastore'
 
 export interface WebRTCDirectListenerComponents {
   peerId: PeerId
   privateKey: PrivateKey
   logger: ComponentLogger
   upgrader: Upgrader
+  keychain?: Keychain
+  datastore: Datastore
   metrics?: Metrics
 }
 
 export interface WebRTCDirectListenerInit {
   upgrader: Upgrader
-  certificates?: TransportCertificate[]
+  certificate: TransportCertificate
   maxInboundStreams?: number
   dataChannel?: DataChannelOptions
   rtcConfiguration?: RTCConfiguration | (() => RTCConfiguration | Promise<RTCConfiguration>)
-  useLibjuice?: boolean
+  emitter: TypedEventTarget<WebRTCDirectTransportCertificateEvents>
 }
 
 export interface WebRTCListenerMetrics {
@@ -53,7 +54,7 @@ let UDP_MUX_LISTENERS: UDPMuxServer[] = []
 
 export class WebRTCDirectListener extends TypedEventEmitter<ListenerEvents> implements Listener {
   private listeningMultiaddr?: Multiaddr
-  private certificate?: TransportCertificate
+  private certificate: TransportCertificate
   private stunServer?: StunServer
   private readonly connections: Map<string, DirectRTCPeerConnection>
   private readonly log: Logger
@@ -69,8 +70,8 @@ export class WebRTCDirectListener extends TypedEventEmitter<ListenerEvents> impl
     this.components = components
     this.connections = new Map()
     this.log = components.logger.forComponent('libp2p:webrtc-direct:listener')
-    this.certificate = init.certificates?.[0]
     this.shutdownController = new AbortController()
+    this.certificate = init.certificate
 
     if (components.metrics != null) {
       this.metrics = {
@@ -80,6 +81,13 @@ export class WebRTCDirectListener extends TypedEventEmitter<ListenerEvents> impl
         })
       }
     }
+
+    // inform the transport manager our addresses have changed
+    init.emitter.addEventListener('certificate:renew', evt => {
+      this.log('received new TLS certificate', evt.detail.certhash)
+      this.certificate = evt.detail
+      this.safeDispatchEvent('listening')
+    })
   }
 
   async listen (ma: Multiaddr): Promise<void> {
@@ -132,23 +140,6 @@ export class WebRTCDirectListener extends TypedEventEmitter<ListenerEvents> impl
       isIPv6: family === 6,
       server: Promise.resolve()
         .then(async (): Promise<StunServer> => {
-          // ensure we have a certificate
-          if (this.certificate == null) {
-            this.log.trace('creating TLS certificate')
-            const keyPair = await crypto.subtle.generateKey({
-              name: 'ECDSA',
-              namedCurve: 'P-256'
-            }, true, ['sign', 'verify'])
-
-            const certificate = await generateTransportCertificate(keyPair, {
-              days: 365 * 10
-            })
-
-            if (this.certificate == null) {
-              this.certificate = certificate
-            }
-          }
-
           if (port === 0) {
             // libjuice doesn't map 0 to a random free port so we have to do it
             // ourselves