webtransport: Add helpers to transform webtransport multiaddrs in AddrsFactory

libp2p_test.go

@@ -17,6 +17,7 @@ import (
 	tls "github.com/libp2p/go-libp2p/p2p/security/tls"
 	quic "github.com/libp2p/go-libp2p/p2p/transport/quic"
 	"github.com/libp2p/go-libp2p/p2p/transport/tcp"
+	webtransport "github.com/libp2p/go-libp2p/p2p/transport/webtransport"
 
 	ma "github.com/multiformats/go-multiaddr"
 	"github.com/stretchr/testify/require"
@@ -289,3 +290,48 @@ func TestSecurityConstructor(t *testing.T) {
 	require.Contains(t, err.Error(), "failed to negotiate security protocol")
 	require.NoError(t, h2.Connect(context.Background(), ai))
 }
+
+func TestTransportConstructorWebTransport(t *testing.T) {
+	h, err := New(
+		Transport(webtransport.New),
+		DisableRelay(),
+	)
+	require.NoError(t, err)
+	defer h.Close()
+	require.NoError(t, h.Network().Listen(ma.StringCast("/ip4/127.0.0.1/udp/0/quic-v1/webtransport")))
+	err = h.Network().Listen(ma.StringCast("/ip4/127.0.0.1/udp/0/quic-v1/"))
+	require.Error(t, err)
+	require.Contains(t, err.Error(), swarm.ErrNoTransport.Error())
+}
+
+func TestTransportCustomAddressWebTransport(t *testing.T) {
+	customAddr, err := ma.NewMultiaddr("/ip4/1.2.3.4/udp/1234/quic-v1/webtransport")
+	if err != nil {
+		t.Fatal(err)
+	}
+	h, err := New(
+		Transport(webtransport.New),
+		DisableRelay(),
+		AddrsFactory(func(multiaddrs []ma.Multiaddr) []ma.Multiaddr {
+			customAddrWithCertHash := customAddr
+			for _, addr := range multiaddrs {
+				if webtransport.IsWebtransportMultiaddrWithCerthash(addr) {
+					customAddrWithCertHash = webtransport.CopyCerthashes(addr, customAddrWithCertHash)
+					break
+				}
+			}
+			return []ma.Multiaddr{customAddrWithCertHash}
+		}),
+	)
+	require.NoError(t, err)
+	defer h.Close()
+	require.NoError(t, h.Network().Listen(ma.StringCast("/ip4/127.0.0.1/udp/0/quic-v1/webtransport")))
+	addrs := h.Addrs()
+	require.Len(t, addrs, 1)
+	require.NotEqual(t, addrs[0], customAddr)
+	restOfAddr, lastComp := ma.SplitLast(addrs[0])
+	restOfAddr, secondToLastComp := ma.SplitLast(restOfAddr)
+	require.Equal(t, lastComp.Protocol().Code, ma.P_CERTHASH)
+	require.Equal(t, secondToLastComp.Protocol().Code, ma.P_CERTHASH)
+	require.True(t, restOfAddr.Equal(customAddr))
+}

p2p/transport/webtransport/multiaddr.go

@@ -7,16 +7,13 @@ import (
 	"strconv"
 
 	ma "github.com/multiformats/go-multiaddr"
-	mafmt "github.com/multiformats/go-multiaddr-fmt"
 	manet "github.com/multiformats/go-multiaddr/net"
 	"github.com/multiformats/go-multibase"
 	"github.com/multiformats/go-multihash"
 )
 
 var webtransportMA = ma.StringCast("/quic-v1/webtransport")
 
-var webtransportMatcher = mafmt.And(mafmt.IP, mafmt.Base(ma.P_UDP), mafmt.Base(ma.P_QUIC_V1), mafmt.Base(ma.P_WEBTRANSPORT))
-
 func toWebtransportMultiaddr(na net.Addr) (ma.Multiaddr, error) {
 	addr, err := manet.FromNetAddr(na)
 	if err != nil {
@@ -78,3 +75,59 @@ func addrComponentForCert(hash []byte) (ma.Multiaddr, error) {
 	}
 	return ma.NewComponent(ma.ProtocolWithCode(ma.P_CERTHASH).Name, certStr)
 }
+
+// IsWebtransportMultiaddrWithCerthash returns true if the given multiaddr is a
+// well formed webtransport multiaddr. Returns the number of certhashes found.
+func IsWebtransportMultiaddr(multiaddr ma.Multiaddr) (bool, int) {
+	const (
+		init = iota
+		foundUDP
+		foundQuicV1
+		foundWebTransport
+	)
+	state := init
+	certhashCount := 0
+
+	ma.ForEach(multiaddr, func(c ma.Component) bool {
+		if c.Protocol().Code == ma.P_QUIC_V1 && state == init {
+			state = foundUDP
+		}
+		if c.Protocol().Code == ma.P_QUIC_V1 && state == foundUDP {
+			state = foundQuicV1
+		}
+		if c.Protocol().Code == ma.P_WEBTRANSPORT && state == foundQuicV1 {
+			state = foundWebTransport
+		}
+		if c.Protocol().Code == ma.P_CERTHASH && state == foundWebTransport {
+			certhashCount++
+		}
+		return true
+	})
+	return state == foundWebTransport, certhashCount
+}
+
+// IsWebtransportMultiaddrWithCerthash returns true if the given multiaddr is a
+// well formed webtransport multiaddr with a certificate hash.
+func IsWebtransportMultiaddrWithCerthash(multiaddr ma.Multiaddr) bool {
+	ok, n := IsWebtransportMultiaddr(multiaddr)
+	return ok && n > 0
+}
+
+// CopyCerthashes copies the certificate hashes from the first multiaddr to the
+// second. If there are no multiaddrs in the first, the second is returned
+// unchanged.  Otherwise a new multiaddr is returned with certhashes appeneded
+// to it
+func CopyCerthashes(existingMultiaddrWithCerthashes, multiaddrWithoutCerthashes ma.Multiaddr) ma.Multiaddr {
+	certhashComponents := make([]ma.Component, 0, 2) // 2 is the common case
+	ma.ForEach(existingMultiaddrWithCerthashes, func(c ma.Component) bool {
+		if c.Protocol().Code == ma.P_CERTHASH {
+			certhashComponents = append(certhashComponents, c)
+		}
+		return true
+	})
+	out := multiaddrWithoutCerthashes
+	for _, certComponent := range certhashComponents {
+		out = out.Encapsulate(&certComponent)
+	}
+	return out
+}

p2p/transport/webtransport/multiaddr_test.go

@@ -103,3 +103,51 @@ func TestWebtransportResolve(t *testing.T) {
 		require.Error(t, err)
 	})
 }
+
+func TestIsWebtransportMultiaddrWithCerthash(t *testing.T) {
+	fooHash := encodeCertHash(t, []byte("foo"), multihash.SHA2_256, multibase.Base58BTC)
+	barHash := encodeCertHash(t, []byte("bar"), multihash.SHA2_256, multibase.Base58BTC)
+
+	testCases := []struct {
+		addr          string
+		want          bool
+		certhashCount int
+	}{
+		{addr: "/ip4/1.2.3.4/udp/60042/quic-v1/webtransport", want: true},
+		{addr: "/ip4/1.2.3.4/udp/60042/quic-v1/webtransport/certhash/" + fooHash, want: true, certhashCount: 1},
+		{addr: "/ip4/1.2.3.4/udp/60042/quic-v1/webtransport/certhash/" + fooHash + "/certhash/" + barHash, want: true, certhashCount: 2},
+		{addr: "/dns4/example.com/udp/60042/quic-v1/webtransport/certhash/" + fooHash, want: true, certhashCount: 1},
+		{addr: "/dns4/example.com/udp/60042/webrtc/certhash/" + fooHash, want: false},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.addr, func(t *testing.T) {
+			got, n := IsWebtransportMultiaddr(ma.StringCast(tc.addr))
+			require.Equal(t, tc.want, got)
+			require.Equal(t, tc.certhashCount, n)
+			require.Equal(t, tc.want && n > 0, IsWebtransportMultiaddrWithCerthash(ma.StringCast(tc.addr)))
+		})
+	}
+}
+
+func TestCopyCerthashes(t *testing.T) {
+	fooHash := ma.StringCast("/certhash/" + encodeCertHash(t, []byte("foo"), multihash.SHA2_256, multibase.Base58BTC)).String()
+	barHash := ma.StringCast("/certhash/" + encodeCertHash(t, []byte("bar"), multihash.SHA2_256, multibase.Base58BTC)).String()
+
+	testCases := []struct {
+		addr string
+		want string
+	}{
+		{addr: "/ip4/1.2.3.4/udp/60042/quic-v1/webtransport", want: "/ip4/4.3.2.1/udp/24006/quic-v1/webtransport"},
+		{addr: "/ip4/1.2.3.4/udp/60042/quic-v1/webtransport" + fooHash, want: "/ip4/4.3.2.1/udp/24006/quic-v1/webtransport" + fooHash},
+		{addr: "/ip4/1.2.3.4/udp/60042/quic-v1/webtransport" + fooHash + barHash, want: "/ip4/4.3.2.1/udp/24006/quic-v1/webtransport" + fooHash + barHash},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.addr, func(t *testing.T) {
+			got := CopyCerthashes(ma.StringCast(tc.addr), ma.StringCast("/ip4/4.3.2.1/udp/24006/quic-v1/webtransport"))
+			require.Equal(t, tc.want, got.String())
+		})
+	}
+
+}

p2p/transport/webtransport/transport.go

@@ -286,23 +286,13 @@ func decodeCertHashesFromProtobuf(b [][]byte) ([]multihash.DecodedMultihash, err
 }
 
 func (t *transport) CanDial(addr ma.Multiaddr) bool {
-	var numHashes int
-	ma.ForEach(addr, func(c ma.Component) bool {
-		if c.Protocol().Code == ma.P_CERTHASH {
-			numHashes++
-		}
-		return true
-	})
-	// Remove the /certhash components from the multiaddr.
-	// If the multiaddr doesn't contain any certhashes, the node might have a CA-signed certificate.
-	for i := 0; i < numHashes; i++ {
-		addr, _ = ma.SplitLast(addr)
-	}
-	return webtransportMatcher.Matches(addr)
+	ok, _ := IsWebtransportMultiaddr(addr)
+	return ok
 }
 
 func (t *transport) Listen(laddr ma.Multiaddr) (tpt.Listener, error) {
-	if !webtransportMatcher.Matches(laddr) {
+	isWebTransport, _ := IsWebtransportMultiaddr(laddr)
+	if !isWebTransport {
 		return nil, fmt.Errorf("cannot listen on non-WebTransport addr: %s", laddr)
 	}
 	if t.staticTLSConf == nil {