lnd: remove global var access from genCertPair

Instead pass the optional strings as slices to the method.
This commit is contained in:
Johan T. Halseth 2019-07-22 09:26:25 +02:00
parent 807012f960
commit 2bef62b467
No known key found for this signature in database
GPG Key ID: 15BAADA29DA20D26
2 changed files with 22 additions and 22 deletions

29
lnd.go

@ -185,9 +185,8 @@ func Main() error {
defer cancel() defer cancel()
tlsCfg, restCreds, restProxyDest, err := getTLSConfig( tlsCfg, restCreds, restProxyDest, err := getTLSConfig(
cfg.TLSCertPath, cfg.TLSCertPath, cfg.TLSKeyPath, cfg.TLSExtraIPs,
cfg.TLSKeyPath, cfg.TLSExtraDomains, cfg.RPCListeners,
cfg.RPCListeners,
) )
if err != nil { if err != nil {
err := fmt.Errorf("Unable to load TLS credentials: %v", err) err := fmt.Errorf("Unable to load TLS credentials: %v", err)
@ -555,13 +554,15 @@ func Main() error {
// getTLSConfig returns a TLS configuration for the gRPC server and credentials // getTLSConfig returns a TLS configuration for the gRPC server and credentials
// and a proxy destination for the REST reverse proxy. // and a proxy destination for the REST reverse proxy.
func getTLSConfig(tlsCertPath string, tlsKeyPath string, func getTLSConfig(tlsCertPath string, tlsKeyPath string, tlsExtraIPs,
rpcListeners []net.Addr) (*tls.Config, tlsExtraDomains []string, rpcListeners []net.Addr) (*tls.Config,
*credentials.TransportCredentials, string, error) { *credentials.TransportCredentials, string, error) {
// Ensure we create TLS key and certificate if they don't exist // Ensure we create TLS key and certificate if they don't exist
if !fileExists(tlsCertPath) && !fileExists(tlsKeyPath) { if !fileExists(tlsCertPath) && !fileExists(tlsKeyPath) {
err := genCertPair(tlsCertPath, tlsKeyPath) err := genCertPair(
tlsCertPath, tlsKeyPath, tlsExtraIPs, tlsExtraDomains,
)
if err != nil { if err != nil {
return nil, nil, "", err return nil, nil, "", err
} }
@ -591,7 +592,9 @@ func getTLSConfig(tlsCertPath string, tlsKeyPath string,
return nil, nil, "", err return nil, nil, "", err
} }
err = genCertPair(tlsCertPath, tlsKeyPath) err = genCertPair(
tlsCertPath, tlsKeyPath, tlsExtraIPs, tlsExtraDomains,
)
if err != nil { if err != nil {
return nil, nil, "", err return nil, nil, "", err
} }
@ -644,7 +647,9 @@ func fileExists(name string) bool {
// //
// This function is adapted from https://github.com/btcsuite/btcd and // This function is adapted from https://github.com/btcsuite/btcd and
// https://github.com/btcsuite/btcutil // https://github.com/btcsuite/btcutil
func genCertPair(certFile, keyFile string) error { func genCertPair(certFile, keyFile string, tlsExtraIPs,
tlsExtraDomains []string) error {
rpcsLog.Infof("Generating TLS certificates...") rpcsLog.Infof("Generating TLS certificates...")
org := "lnd autogenerated cert" org := "lnd autogenerated cert"
@ -687,15 +692,13 @@ func genCertPair(certFile, keyFile string) error {
} }
} }
if cfg != nil {
// Add extra IPs to the slice. // Add extra IPs to the slice.
for _, ip := range cfg.TLSExtraIPs { for _, ip := range tlsExtraIPs {
ipAddr := net.ParseIP(ip) ipAddr := net.ParseIP(ip)
if ipAddr != nil { if ipAddr != nil {
addIP(ipAddr) addIP(ipAddr)
} }
} }
}
// Collect the host's names into a slice. // Collect the host's names into a slice.
host, err := os.Hostname() host, err := os.Hostname()
@ -709,9 +712,7 @@ func genCertPair(certFile, keyFile string) error {
if host != "localhost" { if host != "localhost" {
dnsNames = append(dnsNames, "localhost") dnsNames = append(dnsNames, "localhost")
} }
if cfg != nil { dnsNames = append(dnsNames, tlsExtraDomains...)
dnsNames = append(dnsNames, cfg.TLSExtraDomains...)
}
// Also add fake hostnames for unix sockets, otherwise hostname // Also add fake hostnames for unix sockets, otherwise hostname
// verification will fail in the client. // verification will fail in the client.

@ -71,7 +71,6 @@ func TestTLSAutoRegeneration(t *testing.T) {
keyPath := tempDirPath + "/tls.key" keyPath := tempDirPath + "/tls.key"
certDerBytes, keyBytes := genExpiredCertPair(t, tempDirPath) certDerBytes, keyBytes := genExpiredCertPair(t, tempDirPath)
expiredCert, err := x509.ParseCertificate(certDerBytes) expiredCert, err := x509.ParseCertificate(certDerBytes)
if err != nil { if err != nil {
t.Fatalf("failed to parse certificate: %v", err) t.Fatalf("failed to parse certificate: %v", err)
@ -106,7 +105,6 @@ func TestTLSAutoRegeneration(t *testing.T) {
} }
err = ioutil.WriteFile(tempDirPath+"/tls.key", keyBuf.Bytes(), 0600) err = ioutil.WriteFile(tempDirPath+"/tls.key", keyBuf.Bytes(), 0600)
if err != nil { if err != nil {
os.Remove(tempDirPath + "tls.cert")
t.Fatalf("failed to write key file: %v", err) t.Fatalf("failed to write key file: %v", err)
} }
@ -116,7 +114,7 @@ func TestTLSAutoRegeneration(t *testing.T) {
// Now let's run getTLSConfig. If it works properly, it should delete // Now let's run getTLSConfig. If it works properly, it should delete
// the cert and create a new one. // the cert and create a new one.
_, _, _, err = getTLSConfig(certPath, keyPath, rpcListeners) _, _, _, err = getTLSConfig(certPath, keyPath, nil, nil, rpcListeners)
if err != nil { if err != nil {
t.Fatalf("couldn't retrieve TLS config") t.Fatalf("couldn't retrieve TLS config")
} }
@ -185,7 +183,8 @@ func genExpiredCertPair(t *testing.T, certDirPath string) ([]byte, []byte) {
} }
certDerBytes, err := x509.CreateCertificate( certDerBytes, err := x509.CreateCertificate(
rand.Reader, &template, &template, &priv.PublicKey, priv) rand.Reader, &template, &template, &priv.PublicKey, priv,
)
if err != nil { if err != nil {
t.Fatalf("failed to create certificate: %v", err) t.Fatalf("failed to create certificate: %v", err)
} }