bee/pkg/p2p/libp2p/p2pforge.go at eb7ed4d340bcae57a4d0164f206b97d3dd076d36 · ethersphere/bee · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
// Copyright 2026 The Swarm Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package libp2p

import (
	"crypto/tls"
	"fmt"
	"os"
	"path/filepath"

	"github.com/caddyserver/certmagic"
	"github.com/ethersphere/bee/v2/pkg/log"
	p2pforge "github.com/ipshipyard/p2p-forge/client"
	"github.com/libp2p/go-libp2p/config"
	"go.uber.org/zap"
	"go.uber.org/zap/zapcore"
)

// P2PForgeOptions contains the configuration for creating a P2P Forge certificate manager.
type P2PForgeOptions struct {
	Domain               string
	RegistrationEndpoint string
	CAEndpoint           string
	StorageDir           string
}

// P2PForgeCertManager wraps the p2p-forge certificate manager with its associated zap logger.
type P2PForgeCertManager struct {
	certMgr   *p2pforge.P2PForgeCertMgr
	zapLogger *zap.Logger
}

// newP2PForgeCertManager creates a new P2P Forge certificate manager.
// It handles the creation of the storage directory and configures logging
// to match bee's verbosity level.
func newP2PForgeCertManager(beeLogger log.Logger, opts P2PForgeOptions) (*P2PForgeCertManager, error) {
	zapLogger, err := newZapLogger(beeLogger)
	if err != nil {
		return nil, fmt.Errorf("create zap logger: %w", err)
	}

	// Use storage dir with domain subdir for easier management of different registries.
	storagePath := filepath.Join(opts.StorageDir, opts.Domain)
	if err := os.MkdirAll(storagePath, 0o700); err != nil {
		return nil, fmt.Errorf("create certificate storage directory %s: %w", storagePath, err)
	}

	certMgr, err := p2pforge.NewP2PForgeCertMgr(
		p2pforge.WithForgeDomain(opts.Domain),
		p2pforge.WithForgeRegistrationEndpoint(opts.RegistrationEndpoint),
		p2pforge.WithCAEndpoint(opts.CAEndpoint),
		p2pforge.WithCertificateStorage(&certmagic.FileStorage{Path: storagePath}),
		p2pforge.WithLogger(zapLogger.Sugar()),
		p2pforge.WithUserAgent(userAgent()),
		p2pforge.WithAllowPrivateForgeAddrs(),
		p2pforge.WithRegistrationDelay(0),
		p2pforge.WithOnCertLoaded(func() {
			beeLogger.Info("auto tls certificate is loaded")
		}),
		p2pforge.WithOnCertRenewed(func() {
			beeLogger.Info("auto tls certificate is renewed")
		}),
	)
	if err != nil {
		return nil, fmt.Errorf("initialize P2P Forge: %w", err)
	}

	return &P2PForgeCertManager{
		certMgr:   certMgr,
		zapLogger: zapLogger,
	}, nil
}

// CertMgr returns the underlying p2pforge.P2PForgeCertMgr.
func (m *P2PForgeCertManager) CertMgr() *p2pforge.P2PForgeCertMgr {
	return m.certMgr
}

// ZapLogger returns the zap logger used by the certificate manager.
func (m *P2PForgeCertManager) ZapLogger() *zap.Logger {
	return m.zapLogger
}

// autoTLSCertManager defines the interface for managing TLS certificates.
type autoTLSCertManager interface {
	Start() error
	Stop()
	TLSConfig() *tls.Config
	AddressFactory() config.AddrsFactory
}

// newZapLogger creates a zap logger configured to match bee's verbosity level.
// This is used by third-party libraries (like p2p-forge) that require a zap logger.
func newZapLogger(beeLogger log.Logger) (*zap.Logger, error) {
	cfg := zap.Config{
		Level:            zap.NewAtomicLevelAt(beeVerbosityToZapLevel(beeLogger.Verbosity())),
		Development:      false,
		Encoding:         "json",
		OutputPaths:      []string{"stderr"},
		ErrorOutputPaths: []string{"stderr"},
		Sampling: &zap.SamplingConfig{
			Initial:    100,
			Thereafter: 100,
		},
		EncoderConfig: zapcore.EncoderConfig{
			TimeKey:        "time",
			LevelKey:       "level",
			NameKey:        "logger",
			CallerKey:      "caller",
			MessageKey:     "msg",
			StacktraceKey:  "stacktrace",
			LineEnding:     zapcore.DefaultLineEnding,
			EncodeLevel:    zapcore.LowercaseLevelEncoder,
			EncodeTime:     zapcore.EpochTimeEncoder,
			EncodeDuration: zapcore.SecondsDurationEncoder,
			EncodeCaller:   zapcore.ShortCallerEncoder,
		},
	}
	return cfg.Build()
}

// beeVerbosityToZapLevel converts bee's log verbosity level to zap's log level.
func beeVerbosityToZapLevel(v log.Level) zapcore.Level {
	switch {
	case v <= log.VerbosityNone:
		return zap.FatalLevel // effectively silences the logger
	case v == log.VerbosityError:
		return zap.ErrorLevel
	case v == log.VerbosityWarning:
		return zap.WarnLevel
	case v == log.VerbosityInfo:
		return zap.InfoLevel
	default:
		return zap.DebugLevel // VerbosityDebug and VerbosityAll
	}
}