Separate TLS

Cargo.toml

@@ -23,6 +23,7 @@ chia-wallet-sdk = { version = "0.13.0", features = ["chip-0035"] }
 hex-literal = "0.4.1"
 num-bigint = "0.4.6"
 hex = "0.4.3"
+native-tls = "0.2.12"
 
 [target.aarch64-unknown-linux-gnu.dependencies]
 openssl = { version = "0.10.64", features = ["vendored"] }

README.md

@@ -55,7 +55,8 @@ Where `NETWORK_PREFIX` is `xch` for mainnet and `txch` for testnet.
 To 'talk' with the wallet, you will need to initialize a `Peer` object like in the example below:
 
 ```js
-const peer = await Peer.new("127.0.0.1:58444", "testnet11", CHIA_CRT, CHIA_KEY);
+const tls = new Tls(CHIA_CRT, CHIA_KEY);
+const peer = await Peer.new("127.0.0.1:58444", "testnet11", tls);
 ```
 
 The example above connects to a `tesntet11` full node. Note that `CHIA_CRT` is usually `~/.chia/mainnet/config/ssl/wallet/wallet_node.crt` and `CHIA_KEY` is usually `~/.chia/mainnet/config/ssl/wallet/wallet_node.key`. For mainnet, the port is usually `8444`, and the network id is `mainnet`.
@@ -184,7 +185,8 @@ const CHIA_KEY = path.join(
   ".chia/mainnet/config/ssl/wallet/wallet_node.key"
 );
 // ...
-const peer = await Peer.new("127.0.0.1:58444", "testnet11", CHIA_CRT, CHIA_KEY);
+const tls = new Tls(CHIA_CRT, CHIA_KEY);
+const peer = await Peer.new("127.0.0.1:58444", "testnet11", tls);
 ```
 
 To sync, you'll also need two other values, `MIN_HEIGHT` and `MIN_HEIGHT_HEADER_HASH`. These variables represent information relating to the block you want to start syncing from - higher heights lead to faster sync times. If you wish to sync from genesis, use a height of `null` and a header hash equal to the network's genesis challenge.

index.d.ts

@@ -403,6 +403,17 @@ export declare function syntheticKeyToPuzzleHash(syntheticKey: Buffer): Buffer
  * @returns {BigInt} The cost of the coin spends.
  */
 export declare function getCost(coinSpends: Array<CoinSpend>): bigint
+
+export declare class Tls {
+  /**
+   * Creates a new TLS connector.
+   *
+   * @param {String} certPath - Path to the certificate file (usually '~/.chia/mainnet/config/ssl/wallet/wallet_node.crt').
+   * @param {String} keyPath - Path to the key file (usually '~/.chia/mainnet/config/ssl/wallet/wallet_node.key').
+   */
+  constructor(certPath: string, keyPath: string)
+}
+
 /**
  * Returns the mainnet genesis challenge.
  *
@@ -415,17 +426,17 @@ export declare function getMainnetGenesisChallenge(): Buffer
  * @returns {Buffer} The testnet11 genesis challenge.
  */
 export declare function getTestnet11GenesisChallenge(): Buffer
+
 export declare class Peer {
   /**
    * Creates a new Peer instance.
    *
    * @param {String} nodeUri - URI of the node (e.g., '127.0.0.1:58444').
    * @param {bool} testnet - True for connecting to testnet11, false for mainnet.
-   * @param {String} certPath - Path to the certificate file (usually '~/.chia/mainnet/config/ssl/wallet/wallet_node.crt').
-   * @param {String} keyPath - Path to the key file (usually '~/.chia/mainnet/config/ssl/wallet/wallet_node.key').
+   * @param {Tls} tls - TLS connector.
    * @returns {Promise<Peer>} A new Peer instance.
    */
-  static new(nodeUri: string, tesntet: boolean, certPath: string, keyPath: string): Promise<Peer>
+  static new(nodeUri: string, tesntet: boolean, tls: Tls): Promise<Peer>
   /**
    * Retrieves all coins that are unspent on the chain. Note that coins part of spend bundles that are pending in the mempool will also be included.
    *

index.js

@@ -310,10 +310,11 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
 
-const { newLineageProof, newEveProof, Peer, selectCoins, sendXch, morphLauncherId, createServerCoin, mintStore, oracleSpend, addFee, masterPublicKeyToWalletSyntheticKey, masterPublicKeyToFirstPuzzleHash, masterSecretKeyToWalletSyntheticSecretKey, secretKeyToPublicKey, puzzleHashToAddress, addressToPuzzleHash, adminDelegatedPuzzleFromKey, writerDelegatedPuzzleFromKey, oracleDelegatedPuzzle, signCoinSpends, getCoinId, updateStoreMetadata, updateStoreOwnership, meltStore, signMessage, verifySignedMessage, syntheticKeyToPuzzleHash, getCost, getMainnetGenesisChallenge, getTestnet11GenesisChallenge } = nativeBinding
+const { newLineageProof, newEveProof, Tls, Peer, selectCoins, sendXch, morphLauncherId, createServerCoin, mintStore, oracleSpend, addFee, masterPublicKeyToWalletSyntheticKey, masterPublicKeyToFirstPuzzleHash, masterSecretKeyToWalletSyntheticSecretKey, secretKeyToPublicKey, puzzleHashToAddress, addressToPuzzleHash, adminDelegatedPuzzleFromKey, writerDelegatedPuzzleFromKey, oracleDelegatedPuzzle, signCoinSpends, getCoinId, updateStoreMetadata, updateStoreOwnership, meltStore, signMessage, verifySignedMessage, syntheticKeyToPuzzleHash, getCost, getMainnetGenesisChallenge, getTestnet11GenesisChallenge } = nativeBinding
 
 module.exports.newLineageProof = newLineageProof
 module.exports.newEveProof = newEveProof
+module.exports.Tls = Tls
 module.exports.Peer = Peer
 module.exports.selectCoins = selectCoins
 module.exports.sendXch = sendXch

src/lib.rs

@@ -25,6 +25,7 @@ use conversions::{ConversionError, FromJs, ToJs};
 use js::{Coin, CoinSpend, CoinState, EveProof, Proof, ServerCoin};
 use napi::bindgen_prelude::*;
 use napi::Result;
+use native_tls::TlsConnector;
 use std::{net::SocketAddr, sync::Arc};
 use tokio::sync::Mutex;
 use wallet::{SuccessResponse as RustSuccessResponse, SyncStoreResponse as RustSyncStoreResponse};
@@ -384,6 +385,23 @@ impl ToJs<UnspentCoinsResponse> for rust::UnspentCoinsResponse {
     }
 }
 
+#[napi]
+pub struct Tls(TlsConnector);
+
+#[napi]
+impl Tls {
+    #[napi(constructor)]
+    /// Creates a new TLS connector.
+    ///
+    /// @param {String} certPath - Path to the certificate file (usually '~/.chia/mainnet/config/ssl/wallet/wallet_node.crt').
+    /// @param {String} keyPath - Path to the key file (usually '~/.chia/mainnet/config/ssl/wallet/wallet_node.key').
+    pub fn new(cert_path: String, key_path: String) -> napi::Result<Self> {
+        let cert = load_ssl_cert(&cert_path, &key_path).map_err(js::err)?;
+        let tls = create_tls_connector(&cert).map_err(js::err)?;
+        Ok(Self(tls))
+    }
+}
+
 #[napi]
 pub struct Peer {
     inner: Arc<RustPeer>,
@@ -397,24 +415,16 @@ impl Peer {
     ///
     /// @param {String} nodeUri - URI of the node (e.g., '127.0.0.1:58444').
     /// @param {bool} testnet - True for connecting to testnet11, false for mainnet.
-    /// @param {String} certPath - Path to the certificate file (usually '~/.chia/mainnet/config/ssl/wallet/wallet_node.crt').
-    /// @param {String} keyPath - Path to the key file (usually '~/.chia/mainnet/config/ssl/wallet/wallet_node.key').
+    /// @param {Tls} tls - TLS connector.
     /// @returns {Promise<Peer>} A new Peer instance.
-    pub async fn new(
-        node_uri: String,
-        tesntet: bool,
-        cert_path: String,
-        key_path: String,
-    ) -> napi::Result<Self> {
-        let cert = load_ssl_cert(&cert_path, &key_path).map_err(js::err)?;
-        let tls = create_tls_connector(&cert).map_err(js::err)?;
+    pub async fn new(node_uri: String, tesntet: bool, tls: &Tls) -> napi::Result<Self> {
         let (peer, mut receiver) = connect_peer(
             if tesntet {
                 NetworkId::Testnet11
             } else {
                 NetworkId::Mainnet
             },
-            tls,
+            tls.0.clone(),
             if let Ok(socket_addr) = node_uri.parse::<SocketAddr>() {
                 socket_addr
             } else {