Merge parallel feature flag local certificate logic in cli ohttp

benalleng · benalleng · commit 105678ce84fe · 2025-06-05T16:03:46.000-04:00
These ohttp functions had parallel methods when running tests vs running
in production. This made it difficult to read as there were two
functions that appeared to do completely different things when a feature
flag was present.
diff --git a/payjoin-cli/src/app/v2/mod.rs b/payjoin-cli/src/app/v2/mod.rs
@@ -16,7 +16,7 @@ use tokio::sync::watch;
 use super::config::Config;
 use super::wallet::BitcoindWallet;
 use super::App as AppTrait;
-use crate::app::v2::ohttp::{unwrap_ohttp_keys_or_else_fetch, validate_relay, RelayManager};
+use crate::app::v2::ohttp::{unwrap_ohttp_keys_or_else_fetch, RelayManager};
 use crate::app::{handle_interrupt, http_agent};
 use crate::db::v2::{ReceiverPersister, SenderPersister};
 use crate::db::Database;
@@ -77,8 +77,9 @@ impl AppTrait for App {
 
     async fn receive_payjoin(&self, amount: Amount) -> Result<()> {
         let address = self.wallet().get_new_address()?;
-        let ohttp_keys =
-            unwrap_ohttp_keys_or_else_fetch(&self.config, self.relay_manager.clone()).await?;
+        let ohttp_keys = unwrap_ohttp_keys_or_else_fetch(&self.config, self.relay_manager.clone())
+            .await?
+            .ohttp_keys;
         let mut persister = ReceiverPersister::new(self.db.clone());
         let new_receiver = NewReceiver::new(
             address,
@@ -307,7 +308,10 @@ impl App {
             self.relay_manager.lock().expect("Lock should not be poisoned").get_selected_relay();
         let ohttp_relay = match selected_relay {
             Some(relay) => relay,
-            None => validate_relay(&self.config, self.relay_manager.clone()).await?,
+            None =>
+                unwrap_ohttp_keys_or_else_fetch(&self.config, self.relay_manager.clone())
+                    .await?
+                    .relay_url,
         };
         Ok(ohttp_relay)
     }
diff --git a/payjoin-cli/src/app/v2/ohttp.rs b/payjoin-cli/src/app/v2/ohttp.rs
@@ -1,120 +1,50 @@
 use std::sync::{Arc, Mutex};
 
-#[cfg(feature = "_danger-local-https")]
-use anyhow::Result;
-#[cfg(not(feature = "_danger-local-https"))]
 use anyhow::{anyhow, Result};
 
 use super::Config;
 
 #[derive(Debug, Clone)]
 pub struct RelayManager {
     selected_relay: Option<payjoin::Url>,
-    #[cfg(not(feature = "_danger-local-https"))]
     failed_relays: Vec<payjoin::Url>,
 }
 
 impl RelayManager {
-    #[cfg(feature = "_danger-local-https")]
-    pub fn new() -> Self { RelayManager { selected_relay: None } }
-    #[cfg(not(feature = "_danger-local-https"))]
     pub fn new() -> Self { RelayManager { selected_relay: None, failed_relays: Vec::new() } }
 
-    #[cfg(not(feature = "_danger-local-https"))]
     pub fn set_selected_relay(&mut self, relay: payjoin::Url) { self.selected_relay = Some(relay); }
 
     pub fn get_selected_relay(&self) -> Option<payjoin::Url> { self.selected_relay.clone() }
 
-    #[cfg(not(feature = "_danger-local-https"))]
     pub fn add_failed_relay(&mut self, relay: payjoin::Url) { self.failed_relays.push(relay); }
 
-    #[cfg(not(feature = "_danger-local-https"))]
     pub fn get_failed_relays(&self) -> Vec<payjoin::Url> { self.failed_relays.clone() }
 }
 
-pub(crate) async fn unwrap_ohttp_keys_or_else_fetch(
-    config: &Config,
-    relay_manager: Arc<Mutex<RelayManager>>,
-) -> Result<payjoin::OhttpKeys> {
-    if let Some(keys) = config.v2()?.ohttp_keys.clone() {
-        println!("Using OHTTP Keys from config");
-        Ok(keys)
-    } else {
-        println!("Bootstrapping private network transport over Oblivious HTTP");
-
-        fetch_keys(config, relay_manager.clone())
-            .await
-            .and_then(|keys| keys.ok_or_else(|| anyhow::anyhow!("No OHTTP keys found")))
-    }
+pub(crate) struct ValidatedOhttpKeys {
+    pub(crate) ohttp_keys: payjoin::OhttpKeys,
+    pub(crate) relay_url: payjoin::Url,
 }
 
-#[cfg(not(feature = "_danger-local-https"))]
-async fn fetch_keys(
+pub(crate) async fn unwrap_ohttp_keys_or_else_fetch(
     config: &Config,
     relay_manager: Arc<Mutex<RelayManager>>,
-) -> Result<Option<payjoin::OhttpKeys>> {
-    use payjoin::bitcoin::secp256k1::rand::prelude::SliceRandom;
-    let payjoin_directory = config.v2()?.pj_directory.clone();
-    let relays = config.v2()?.ohttp_relays.clone();
-
-    loop {
-        let failed_relays =
-            relay_manager.lock().expect("Lock should not be poisoned").get_failed_relays();
-
-        let remaining_relays: Vec<_> =
-            relays.iter().filter(|r| !failed_relays.contains(r)).cloned().collect();
-
-        if remaining_relays.is_empty() {
-            return Err(anyhow!("No valid relays available"));
-        }
-
-        let selected_relay =
-            match remaining_relays.choose(&mut payjoin::bitcoin::key::rand::thread_rng()) {
-                Some(relay) => relay.clone(),
-                None => return Err(anyhow!("Failed to select from remaining relays")),
-            };
-
-        relay_manager
-            .lock()
-            .expect("Lock should not be poisoned")
-            .set_selected_relay(selected_relay.clone());
+) -> Result<ValidatedOhttpKeys> {
+    let config_keys = config.v2()?.ohttp_keys.clone();
+    let mut fetched_keys = fetch_ohttp_keys(config, relay_manager).await?;
 
-        let ohttp_keys = {
-            payjoin::io::fetch_ohttp_keys(selected_relay.clone(), payjoin_directory.clone()).await
-        };
-
-        match ohttp_keys {
-            Ok(keys) => return Ok(Some(keys)),
-            Err(payjoin::io::Error::UnexpectedStatusCode(e)) => {
-                return Err(payjoin::io::Error::UnexpectedStatusCode(e).into());
-            }
-            Err(e) => {
-                log::debug!("Failed to connect to relay: {selected_relay}, {e:?}");
-                relay_manager
-                    .lock()
-                    .expect("Lock should not be poisoned")
-                    .add_failed_relay(selected_relay);
-            }
-        }
+    if let Some(keys) = config_keys {
+        fetched_keys.ohttp_keys = keys;
     }
-}
 
-///Local relays are incapable of acting as proxies so we must opportunistically fetch keys from the config
-#[cfg(feature = "_danger-local-https")]
-async fn fetch_keys(
-    config: &Config,
-    _relay_manager: Arc<Mutex<RelayManager>>,
-) -> Result<Option<payjoin::OhttpKeys>> {
-    let keys = config.v2()?.ohttp_keys.clone().expect("No OHTTP keys set");
-
-    Ok(Some(keys))
+    Ok(fetched_keys)
 }
 
-#[cfg(not(feature = "_danger-local-https"))]
-pub(crate) async fn validate_relay(
+async fn fetch_ohttp_keys(
     config: &Config,
     relay_manager: Arc<Mutex<RelayManager>>,
-) -> Result<payjoin::Url> {
+) -> Result<ValidatedOhttpKeys> {
     use payjoin::bitcoin::secp256k1::rand::prelude::SliceRandom;
     let payjoin_directory = config.v2()?.pj_directory.clone();
     let relays = config.v2()?.ohttp_relays.clone();
@@ -141,11 +71,26 @@ pub(crate) async fn validate_relay(
             .expect("Lock should not be poisoned")
             .set_selected_relay(selected_relay.clone());
 
-        let ohttp_keys =
-            payjoin::io::fetch_ohttp_keys(selected_relay.clone(), payjoin_directory.clone()).await;
+        let ohttp_keys = {
+            #[cfg(feature = "_danger-local-https")]
+            {
+                let cert_der = crate::app::read_local_cert()?;
+                payjoin::io::fetch_ohttp_keys_with_cert(
+                    &selected_relay,
+                    &payjoin_directory,
+                    cert_der,
+                )
+                .await
+            }
+            #[cfg(not(feature = "_danger-local-https"))]
+            {
+                payjoin::io::fetch_ohttp_keys(&selected_relay, &payjoin_directory).await
+            }
+        };
 
         match ohttp_keys {
-            Ok(_) => return Ok(selected_relay),
+            Ok(keys) =>
+                return Ok(ValidatedOhttpKeys { ohttp_keys: keys, relay_url: selected_relay }),
             Err(payjoin::io::Error::UnexpectedStatusCode(e)) => {
                 return Err(payjoin::io::Error::UnexpectedStatusCode(e).into());
             }
@@ -159,13 +104,3 @@ pub(crate) async fn validate_relay(
         }
     }
 }
-
-#[cfg(feature = "_danger-local-https")]
-pub(crate) async fn validate_relay(
-    config: &Config,
-    _relay_manager: Arc<Mutex<RelayManager>>,
-) -> Result<payjoin::Url> {
-    let relay = config.v2()?.ohttp_relays.first().expect("no OHTTP relay set").clone();
-
-    Ok(relay)
-}
