use the new SecureTransport and SecureMuxer interfaces (#36)

* use the new SecureTransport and SecureMuxer interfaces * restore sanity check for the remote peer's ID, add log statement
libp2p · Sep 8, 2021 · b63c8ff · b63c8ff
1 parent d0442a2
commit b63c8ff
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/p2p/net/conn-security-multistream/ssms.go b/p2p/net/conn-security-multistream/ssms.go
@@ -3,6 +3,7 @@ package csms
 import (
 	"context"
 	"fmt"
+	"log"
 	"net"
 
 	"github.com/libp2p/go-libp2p-core/peer"
@@ -38,12 +39,12 @@ func (sm *SSMuxer) AddTransport(path string, transport sec.SecureTransport) {
 
 // SecureInbound secures an inbound connection using this multistream
 // multiplexed stream security transport.
-func (sm *SSMuxer) SecureInbound(ctx context.Context, insecure net.Conn) (sec.SecureConn, bool, error) {
+func (sm *SSMuxer) SecureInbound(ctx context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, bool, error) {
 	tpt, _, err := sm.selectProto(ctx, insecure, true)
 	if err != nil {
 		return nil, false, err
 	}
-	sconn, err := tpt.SecureInbound(ctx, insecure)
+	sconn, err := tpt.SecureInbound(ctx, insecure, p)
 	return sconn, true, err
 }
 
@@ -57,13 +58,14 @@ func (sm *SSMuxer) SecureOutbound(ctx context.Context, insecure net.Conn, p peer
 
 	var sconn sec.SecureConn
 	if server {
-		sconn, err = tpt.SecureInbound(ctx, insecure)
+		sconn, err = tpt.SecureInbound(ctx, insecure, p)
 		if err != nil {
 			return nil, false, fmt.Errorf("failed to secure inbound connection: %s", err)
 		}
 		// ensure the correct peer connected to us
 		if sconn.RemotePeer() != p {
 			sconn.Close()
+			log.Printf("Handshake failed to properly authenticate peer. Authenticated %s, expected %s.", sconn.RemotePeer(), p)
 			return nil, false, fmt.Errorf("unexpected peer")
 		}
 	} else {

diff --git a/p2p/net/conn-security-multistream/ssms_test.go b/p2p/net/conn-security-multistream/ssms_test.go
@@ -17,8 +17,8 @@ type TransportAdapter struct {
 	mux *SSMuxer
 }
 
-func (sm *TransportAdapter) SecureInbound(ctx context.Context, insecure net.Conn) (sec.SecureConn, error) {
-	sconn, _, err := sm.mux.SecureInbound(ctx, insecure)
+func (sm *TransportAdapter) SecureInbound(ctx context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, error) {
+	sconn, _, err := sm.mux.SecureInbound(ctx, insecure, p)
 	return sconn, err
 }
 
@@ -61,9 +61,9 @@ func TestNoCommonProto(t *testing.T) {
 	go func() {
 		defer wg.Done()
 		defer a.Close()
-		_, _, err := at.SecureInbound(ctx, a)
+		_, _, err := at.SecureInbound(ctx, a, "")
 		if err == nil {
-			t.Error("conection should have failed")
+			t.Error("connection should have failed")
 		}
 	}()