initial commit

LICENSE

+The MIT License (MIT)
+
+Copyright (c) 2018 Protocol Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

+# go-ss-multistream
+
+[![](https://img.shields.io/badge/made%20by-Protocol%20Labs-blue.svg?style=flat-square)](http://ipn.io)
+[![](https://img.shields.io/badge/freenode-%23ipfs-blue.svg?style=flat-square)](http://webchat.freenode.net/?channels=%23ipfs)
+[![](https://img.shields.io/badge/project-IPFS-blue.svg?style=flat-square)](http://ipfs.io/)
+[![standard-readme compliant](https://img.shields.io/badge/standard--readme-OK-green.svg?style=flat-square)](https://github.com/RichardLitt/standard-readme)
+[![GoDoc](https://godoc.org/github.com/libp2p/go-ss-multistream?status.svg)](https://godoc.org/github.com/libp2p/go-ss-multistream)
+[![Coverage Status](https://coveralls.io/repos/github/libp2p/go-ss-multistream/badge.svg?branch=master)](https://coveralls.io/github/libp2p/go-ss-multistream?branch=master)
+[![Build Status](https://travis-ci.org/libp2p/go-ss-multistream.svg?branch=master)](https://travis-ci.org/libp2p/go-ss-multistream)
+
+> Stream security transport multistream multiplexer
+
+This package provides a multistream multiplexed stream security transport. It:
+
+1. Selects a security security transport using multistream-select.
+2. Secures the stream using the selected transport.
+
+Known libp2p security transports include:
+
+* [go-libp2p-secio](https://github.com/libp2p/go-libp2p-secio)
+
+## Install
+
+`go-ss-multistream` is a standard Go module which can be installed with:
+
+```sh
+go get github.com/libp2p/go-ss-multistream
+```
+
+Note that `go-ss-multistream` is packaged with Gx, so it is recommended to use Gx to install and use it (see the Usage section).
+
+## Usage
+
+This module is packaged with [Gx](https://github.com/whyrusleeping/gx). In order to use it in your own project it is recommended that you:
+
+```sh
+go get -u github.com/whyrusleeping/gx
+go get -u github.com/whyrusleeping/gx-go
+cd <your-project-repository>
+gx init
+gx import github.com/libp2p/go-ss-multistream
+gx install --global
+gx-go --rewrite
+```
+
+Please check [Gx](https://github.com/whyrusleeping/gx) and [Gx-go](https://github.com/whyrusleeping/gx-go) documentation for more information.
+
+For more information about how `go-ss-multistream` is used in the libp2p context, you can see the [go-libp2p-conn](https://github.com/libp2p/go-libp2p-conn) module.
+
+## Contribute
+
+Feel free to join in. All welcome. Open an [issue](https://github.com/libp2p/go-ss-multistream/issues)!
+
+This repository falls under the IPFS [Code of Conduct](https://github.com/libp2p/community/blob/master/code-of-conduct.md).
+
+### Want to hack on IPFS?
+
+[![](https://cdn.rawgit.com/jbenet/contribute-ipfs-gif/master/img/contribute.gif)](https://github.com/ipfs/community/blob/master/contributing.md)
+
+## License
+
+MIT

ssms.go

+package ssms
+
+import (
+	"context"
+	"fmt"
+	"net"
+
+	peer "github.com/libp2p/go-libp2p-peer"
+	ss "github.com/libp2p/go-stream-security"
+	mss "github.com/multiformats/go-multistream"
+)
+
+// SSMuxer is a multistream stream security transport multiplexer.
+//
+// SSMuxer is safe to use without initialization. However, it's not safe to move
+// after use.
+type SSMuxer struct {
+	mux             mss.MultistreamMuxer
+	tpts            map[string]ss.Transport
+	OrderPreference []string
+}
+
+// AddTransport adds a stream security transport to this multistream muxer.
+//
+// This method is *not* thread-safe. It should be called only when initializing
+// the SSMuxer.
+func (sm *SSMuxer) AddTransport(path string, transport ss.Transport) {
+	if sm.tpts == nil {
+		sm.tpts = make(map[string]ss.Transport, 1)
+	}
+
+	sm.mux.AddHandler(path, nil)
+	sm.tpts[path] = transport
+	sm.OrderPreference = append(sm.OrderPreference, path)
+}
+
+// SecureInbound secures an inbound connection using this multistream
+// multiplexed stream security transport.
+func (sm *SSMuxer) SecureInbound(ctx context.Context, insecure net.Conn) (ss.Conn, error) {
+	tpt, err := sm.selectProto(ctx, insecure, true)
+	if err != nil {
+		return nil, err
+	}
+	return tpt.SecureInbound(ctx, insecure)
+}
+
+// SecureOutbound secures an outbound connection using this multistream
+// multiplexed stream security transport.
+func (sm *SSMuxer) SecureOutbound(ctx context.Context, insecure net.Conn, p peer.ID) (ss.Conn, error) {
+	tpt, err := sm.selectProto(ctx, insecure, false)
+	if err != nil {
+		return nil, err
+	}
+	return tpt.SecureOutbound(ctx, insecure, p)
+}
+
+func (sm *SSMuxer) selectProto(ctx context.Context, insecure net.Conn, server bool) (ss.Transport, error) {
+	var proto string
+	var err error
+	done := make(chan struct{})
+	go func() {
+		defer close(done)
+		if server {
+			proto, _, err = sm.mux.Negotiate(insecure)
+		} else {
+			proto, err = mss.SelectOneOf(sm.OrderPreference, insecure)
+		}
+	}()
+
+	select {
+	case <-done:
+		if err != nil {
+			return nil, err
+		}
+		if tpt, ok := sm.tpts[proto]; ok {
+			return tpt, nil
+		}
+		return nil, fmt.Errorf("selected unknown security transport")
+	case <-ctx.Done():
+		// We *must* do this. We have outstanding work on the connection
+		// and it's no longer safe to use.
+		insecure.Close()
+		return nil, ctx.Err()
+	}
+}