Rename _danger-local-https to _manual-tls

contrib/coverage.sh

@@ -4,5 +4,5 @@ set -e
 # https://github.com/taiki-e/cargo-llvm-cov?tab=readme-ov-file#merge-coverages-generated-under-different-test-conditions
 cargo llvm-cov clean --workspace # remove artifacts that may affect the coverage results
 cargo llvm-cov --no-report --all-features
-cargo llvm-cov --no-report --package payjoin-cli --no-default-features --features=v1,_danger-local-https # Explicitly run payjoin-cli v1 e2e tests
+cargo llvm-cov --no-report --package payjoin-cli --no-default-features --features=v1,_manual-tls # Explicitly run payjoin-cli v1 e2e tests
 cargo llvm-cov report --lcov --output-path lcov.info # generate report without tests

flake.nix

@@ -126,7 +126,7 @@
                 partitions = 1;
                 partitionType = "count";
                 # TODO also run integration tests
-                # this needs --all-features to enable io,_danger_local_https features
+                # this needs --all-features to enable io,_manual-tls features
                 # unfortunately this can't yet work because running docker inside the nix sandbox is not possible,
                 # which precludes use of the redis test container
                 # cargoExtraArgs = "--locked --all-features";

payjoin-cli/Cargo.toml

@@ -21,7 +21,7 @@ path = "src/main.rs"
 [features]
 default = ["v2"]
 native-certs = ["reqwest/rustls-tls-native-roots"]
-_danger-local-https = ["rcgen", "reqwest/rustls-tls", "rustls", "hyper-rustls", "payjoin/_danger-local-https", "tokio-rustls"]
+_manual-tls = ["rcgen", "reqwest/rustls-tls", "rustls", "hyper-rustls", "payjoin/_manual-tls", "tokio-rustls"]
 v1 = ["payjoin/v1","hyper", "hyper-util", "http-body-util"]
 v2 = ["payjoin/v2", "payjoin/io"]
 

payjoin-cli/src/app/config.rs

@@ -58,9 +58,9 @@ pub struct Config {
     pub bitcoind: BitcoindConfig,
     #[serde(skip)]
     pub version: Option<VersionConfig>,
-    #[cfg(feature = "_danger-local-https")]
+    #[cfg(feature = "_manual-tls")]
     pub root_certificate: Option<PathBuf>,
-    #[cfg(feature = "_danger-local-https")]
+    #[cfg(feature = "_manual-tls")]
     pub certificate_key: Option<PathBuf>,
 }
 
@@ -145,9 +145,9 @@ impl Config {
             max_fee_rate: built_config.get("max_fee_rate").ok(),
             bitcoind: built_config.get("bitcoind")?,
             version: None,
-            #[cfg(feature = "_danger-local-https")]
+            #[cfg(feature = "_manual-tls")]
             root_certificate: built_config.get("root_certificate").ok(),
-            #[cfg(feature = "_danger-local-https")]
+            #[cfg(feature = "_manual-tls")]
             certificate_key: built_config.get("certificate_key").ok(),
         };
 
@@ -289,7 +289,7 @@ fn add_v2_defaults(config: Builder, cli: &Cli) -> Result<Builder, ConfigError> {
 
 /// Handles configuration overrides based on CLI subcommands
 fn handle_subcommands(config: Builder, cli: &Cli) -> Result<Builder, ConfigError> {
-    #[cfg(feature = "_danger-local-https")]
+    #[cfg(feature = "_manual-tls")]
     let config = {
         config
             .set_override_option(

payjoin-cli/src/app/mod.rs

@@ -52,15 +52,15 @@ pub trait App: Send + Sync {
     }
 }
 
-#[cfg(feature = "_danger-local-https")]
+#[cfg(feature = "_manual-tls")]
 fn http_agent(config: &Config) -> Result<reqwest::Client> {
     Ok(http_agent_builder(config.root_certificate.as_ref())?.build()?)
 }
 
-#[cfg(not(feature = "_danger-local-https"))]
+#[cfg(not(feature = "_manual-tls"))]
 fn http_agent(_config: &Config) -> Result<reqwest::Client> { Ok(reqwest::Client::new()) }
 
-#[cfg(feature = "_danger-local-https")]
+#[cfg(feature = "_manual-tls")]
 fn http_agent_builder(
     root_cert_path: Option<&std::path::PathBuf>,
 ) -> Result<reqwest::ClientBuilder> {

payjoin-cli/src/app/v1.rs

@@ -150,14 +150,14 @@ impl App {
 
         let app = self.clone();
 
-        #[cfg(feature = "_danger-local-https")]
+        #[cfg(feature = "_manual-tls")]
         let tls_acceptor = self.init_tls_acceptor()?;
         while let Ok((stream, _)) = listener.accept().await {
             let app = app.clone();
-            #[cfg(feature = "_danger-local-https")]
+            #[cfg(feature = "_manual-tls")]
             let tls_acceptor = tls_acceptor.clone();
             tokio::spawn(async move {
-                #[cfg(feature = "_danger-local-https")]
+                #[cfg(feature = "_manual-tls")]
                 let stream = match tls_acceptor.accept(stream).await {
                     Ok(tls_stream) => tls_stream,
                     Err(e) => {
@@ -177,7 +177,7 @@ impl App {
         Ok(())
     }
 
-    #[cfg(feature = "_danger-local-https")]
+    #[cfg(feature = "_manual-tls")]
     fn init_tls_acceptor(&self) -> Result<tokio_rustls::TlsAcceptor> {
         use rustls::pki_types::{CertificateDer, PrivateKeyDer};
         use rustls::ServerConfig;

payjoin-cli/src/app/v2/ohttp.rs

@@ -78,7 +78,7 @@ async fn fetch_ohttp_keys(
             .set_selected_relay(selected_relay.clone());
 
         let ohttp_keys = {
-            #[cfg(feature = "_danger-local-https")]
+            #[cfg(feature = "_manual-tls")]
             {
                 if let Some(cert_path) = config.root_certificate.as_ref() {
                     let cert_der = std::fs::read(cert_path)?;
@@ -92,7 +92,7 @@ async fn fetch_ohttp_keys(
                     payjoin::io::fetch_ohttp_keys(&selected_relay, &payjoin_directory).await
                 }
             }
-            #[cfg(not(feature = "_danger-local-https"))]
+            #[cfg(not(feature = "_manual-tls"))]
             payjoin::io::fetch_ohttp_keys(&selected_relay, &payjoin_directory).await
         };
 

payjoin-cli/src/cli/mod.rs

@@ -76,11 +76,11 @@ pub struct Cli {
     #[arg(long = "pj-directory", help = "The directory to store payjoin requests", value_parser = value_parser!(Url))]
     pub pj_directory: Option<Url>,
 
-    #[cfg(feature = "_danger-local-https")]
+    #[cfg(feature = "_manual-tls")]
     #[arg(long = "root-certificate", help = "Specify a TLS certificate to be added as a root", value_parser = value_parser!(PathBuf))]
     pub root_certificate: Option<PathBuf>,
 
-    #[cfg(feature = "_danger-local-https")]
+    #[cfg(feature = "_manual-tls")]
     #[arg(long = "certificate-key", help = "Specify the certificate private key", value_parser = value_parser!(PathBuf))]
     pub certificate_key: Option<PathBuf>,
 }

payjoin-cli/tests/e2e.rs

@@ -1,4 +1,4 @@
-#[cfg(feature = "_danger-local-https")]
+#[cfg(feature = "_manual-tls")]
 mod e2e {
     use std::process::{ExitStatus, Stdio};
 

payjoin-directory/Cargo.toml

@@ -15,7 +15,7 @@ resolver = "2"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [features]
-_danger-local-https = ["hyper-rustls", "rustls", "tokio-rustls"]
+_manual-tls = ["hyper-rustls", "rustls", "tokio-rustls"]
 
 [dependencies]
 anyhow = "1.0.71"

payjoin-directory/src/lib.rs

@@ -34,7 +34,7 @@ mod db;
 
 pub type BoxError = Box<dyn std::error::Error + Send + Sync>;
 
-#[cfg(feature = "_danger-local-https")]
+#[cfg(feature = "_manual-tls")]
 fn init_tls_acceptor(cert_key: (Vec<u8>, Vec<u8>)) -> Result<tokio_rustls::TlsAcceptor> {
     use rustls::pki_types::{CertificateDer, PrivateKeyDer};
     use rustls::ServerConfig;
@@ -75,7 +75,7 @@ impl hyper::service::Service<Request<Incoming>> for Service {
 impl Service {
     pub fn new(pool: DbPool, ohttp: ohttp::Server) -> Self { Self { pool, ohttp } }
 
-    #[cfg(feature = "_danger-local-https")]
+    #[cfg(feature = "_manual-tls")]
     pub async fn serve_tls(
         self,
         listener: tokio::net::TcpListener,

payjoin-ffi/Cargo.toml

@@ -7,7 +7,7 @@ exclude = ["tests"]
 
 [features]
 _test-utils = ["payjoin-test-utils", "tokio", "bitcoind"]
-_danger-local-https = ["payjoin/_danger-local-https"]
+_manual-tls = ["payjoin/_manual-tls"]
 
 [lib]
 name = "payjoin_ffi"

payjoin-ffi/contrib/lint.sh

@@ -2,7 +2,7 @@
 set -e
 
 # Individual features with no defaults.
-features=("_danger-local-https" "_test-utils")
+features=("_manual-tls" "_test-utils")
 
 for feature in "${features[@]}"; do
   # Don't duplicate --all-targets clippy. Clippy end-user code, not tests.

payjoin-ffi/contrib/test.sh

@@ -4,7 +4,7 @@ set -e
 RUST_VERSION=$(rustc --version | awk '{print $2}')
 
 if [[ ! "$RUST_VERSION" =~ ^1\.63\. ]]; then
-  cargo test --package payjoin-ffi --verbose --features=_danger-local-https,_test-utils
+  cargo test --package payjoin-ffi --verbose --features=_manual-tls,_test-utils
 else
   echo "Skipping payjoin-ffi tests for Rust version $RUST_VERSION (MSRV)"
 fi

payjoin-ffi/src/io.rs

@@ -41,7 +41,7 @@ pub async fn fetch_ohttp_keys(
 ///   directory stores and forwards payjoin client payloads.
 ///
 /// * `cert_der`: The DER-encoded certificate to use for local HTTPS connections.
-#[cfg(feature = "_danger-local-https")]
+#[cfg(feature = "_manual-tls")]
 pub async fn fetch_ohttp_keys_with_cert(
     ohttp_relay: &str,
     payjoin_directory: &str,

payjoin-test-utils/Cargo.toml

@@ -17,8 +17,8 @@ log = "0.4.7"
 ohttp = { package = "bitcoin-ohttp", version = "0.6.0" }
 ohttp-relay = { version = "0.0.10", features = ["_test-util"] }
 once_cell = "1.19.0"
-payjoin = { version = "0.24.0", features = ["io", "_danger-local-https", "_test-utils"] }
-payjoin-directory = { version = "0.0.3", features = ["_danger-local-https"] }
+payjoin = { version = "0.24.0", features = ["io", "_manual-tls", "_test-utils"] }
+payjoin-directory = { version = "0.0.3", features = ["_manual-tls"] }
 rcgen = "0.11"
 rustls = "0.22"
 reqwest = { version = "0.12", default-features = false, features = ["rustls-tls"] }

payjoin/Cargo.toml

@@ -24,7 +24,7 @@ v1 = ["_core"]
 v2 = ["_core", "hpke", "dep:http", "bhttp", "ohttp", "url/serde", "directory"]
 #[doc = "Functions to fetch OHTTP keys via CONNECT proxy using reqwest. Enables `v2` since only `v2` uses OHTTP."]
 io = ["v2", "reqwest/rustls-tls"]
-_danger-local-https = ["reqwest/rustls-tls", "rustls"]
+_manual-tls = ["reqwest/rustls-tls", "rustls"]
 _test-utils = []
 
 [dependencies]

payjoin/src/core/io.rs

@@ -35,7 +35,7 @@ pub async fn fetch_ohttp_keys(
 ///   directory stores and forwards payjoin client payloads.
 ///
 /// * `cert_der`: The DER-encoded certificate to use for local HTTPS connections.
-#[cfg(feature = "_danger-local-https")]
+#[cfg(feature = "_manual-tls")]
 pub async fn fetch_ohttp_keys_with_cert(
     ohttp_relay: impl IntoUrl,
     payjoin_directory: impl IntoUrl,
@@ -81,7 +81,7 @@ enum InternalErrorInner {
     ParseUrl(crate::into_url::Error),
     Reqwest(reqwest::Error),
     Io(std::io::Error),
-    #[cfg(feature = "_danger-local-https")]
+    #[cfg(feature = "_manual-tls")]
     Rustls(rustls::Error),
     InvalidOhttpKeys(String),
 }
@@ -105,7 +105,7 @@ macro_rules! impl_from_error {
 impl_from_error!(crate::into_url::Error, ParseUrl);
 impl_from_error!(reqwest::Error, Reqwest);
 impl_from_error!(std::io::Error, Io);
-#[cfg(feature = "_danger-local-https")]
+#[cfg(feature = "_manual-tls")]
 impl_from_error!(rustls::Error, Rustls);
 
 impl std::fmt::Display for Error {
@@ -130,7 +130,7 @@ impl std::fmt::Display for InternalErrorInner {
             InvalidOhttpKeys(e) => {
                 write!(f, "Invalid ohttp keys returned from payjoin directory: {e}")
             }
-            #[cfg(feature = "_danger-local-https")]
+            #[cfg(feature = "_manual-tls")]
             Rustls(e) => e.fmt(f),
         }
     }
@@ -154,7 +154,7 @@ impl std::error::Error for InternalErrorInner {
             ParseUrl(e) => Some(e),
             Io(e) => Some(e),
             InvalidOhttpKeys(_) => None,
-            #[cfg(feature = "_danger-local-https")]
+            #[cfg(feature = "_manual-tls")]
             Rustls(e) => Some(e),
         }
     }

payjoin/tests/integration.rs

@@ -163,7 +163,7 @@ mod integration {
         }
     }
 
-    #[cfg(all(feature = "io", feature = "v2", feature = "_danger-local-https"))]
+    #[cfg(all(feature = "io", feature = "v2", feature = "_manual-tls"))]
     mod v2 {
         use std::sync::Arc;
         use std::time::Duration;