lnd: remove global var access from genCertPair

Instead pass the optional strings as slices to the method.

lnd.go

@@ -185,9 +185,8 @@ func Main() error {
 	defer cancel()
 
 	tlsCfg, restCreds, restProxyDest, err := getTLSConfig(
-		cfg.TLSCertPath,
+		cfg.TLSCertPath, cfg.TLSKeyPath, cfg.TLSExtraIPs,
-		cfg.TLSKeyPath,
+		cfg.TLSExtraDomains, cfg.RPCListeners,
-		cfg.RPCListeners,
 	)
 	if err != nil {
 		err := fmt.Errorf("Unable to load TLS credentials: %v", err)
@@ -555,13 +554,15 @@ func Main() error {
 
 // getTLSConfig returns a TLS configuration for the gRPC server and credentials
 // and a proxy destination for the REST reverse proxy.
-func getTLSConfig(tlsCertPath string, tlsKeyPath string,
+func getTLSConfig(tlsCertPath string, tlsKeyPath string, tlsExtraIPs,
-	rpcListeners []net.Addr) (*tls.Config,
+	tlsExtraDomains []string, rpcListeners []net.Addr) (*tls.Config,
 	*credentials.TransportCredentials, string, error) {
 
 	// Ensure we create TLS key and certificate if they don't exist
 	if !fileExists(tlsCertPath) && !fileExists(tlsKeyPath) {
-		err := genCertPair(tlsCertPath, tlsKeyPath)
+		err := genCertPair(
+			tlsCertPath, tlsKeyPath, tlsExtraIPs, tlsExtraDomains,
+		)
 		if err != nil {
 			return nil, nil, "", err
 		}
@@ -591,7 +592,9 @@ func getTLSConfig(tlsCertPath string, tlsKeyPath string,
 			return nil, nil, "", err
 		}
 
-		err = genCertPair(tlsCertPath, tlsKeyPath)
+		err = genCertPair(
+			tlsCertPath, tlsKeyPath, tlsExtraIPs, tlsExtraDomains,
+		)
 		if err != nil {
 			return nil, nil, "", err
 		}
@@ -644,7 +647,9 @@ func fileExists(name string) bool {
 //
 // This function is adapted from https://github.com/btcsuite/btcd and
 // https://github.com/btcsuite/btcutil
-func genCertPair(certFile, keyFile string) error {
+func genCertPair(certFile, keyFile string, tlsExtraIPs,
+	tlsExtraDomains []string) error {
+
 	rpcsLog.Infof("Generating TLS certificates...")
 
 	org := "lnd autogenerated cert"
@@ -687,13 +692,11 @@ func genCertPair(certFile, keyFile string) error {
 		}
 	}
 
-	if cfg != nil {
+	// Add extra IPs to the slice.
-		// Add extra IPs to the slice.
+	for _, ip := range tlsExtraIPs {
-		for _, ip := range cfg.TLSExtraIPs {
+		ipAddr := net.ParseIP(ip)
-			ipAddr := net.ParseIP(ip)
+		if ipAddr != nil {
-			if ipAddr != nil {
+			addIP(ipAddr)
-				addIP(ipAddr)
-			}
 		}
 	}
 
@@ -709,9 +712,7 @@ func genCertPair(certFile, keyFile string) error {
 	if host != "localhost" {
 		dnsNames = append(dnsNames, "localhost")
 	}
-	if cfg != nil {
+	dnsNames = append(dnsNames, tlsExtraDomains...)
-		dnsNames = append(dnsNames, cfg.TLSExtraDomains...)
-	}
 
 	// Also add fake hostnames for unix sockets, otherwise hostname
 	// verification will fail in the client.

server_test.go

@@ -71,7 +71,6 @@ func TestTLSAutoRegeneration(t *testing.T) {
 	keyPath := tempDirPath + "/tls.key"
 
 	certDerBytes, keyBytes := genExpiredCertPair(t, tempDirPath)
-
 	expiredCert, err := x509.ParseCertificate(certDerBytes)
 	if err != nil {
 		t.Fatalf("failed to parse certificate: %v", err)
@@ -106,7 +105,6 @@ func TestTLSAutoRegeneration(t *testing.T) {
 	}
 	err = ioutil.WriteFile(tempDirPath+"/tls.key", keyBuf.Bytes(), 0600)
 	if err != nil {
-		os.Remove(tempDirPath + "tls.cert")
 		t.Fatalf("failed to write key file: %v", err)
 	}
 
@@ -116,7 +114,7 @@ func TestTLSAutoRegeneration(t *testing.T) {
 
 	// Now let's run getTLSConfig. If it works properly, it should delete
 	// the cert and create a new one.
-	_, _, _, err = getTLSConfig(certPath, keyPath, rpcListeners)
+	_, _, _, err = getTLSConfig(certPath, keyPath, nil, nil, rpcListeners)
 	if err != nil {
 		t.Fatalf("couldn't retrieve TLS config")
 	}
@@ -185,7 +183,8 @@ func genExpiredCertPair(t *testing.T, certDirPath string) ([]byte, []byte) {
 	}
 
 	certDerBytes, err := x509.CreateCertificate(
-		rand.Reader, &template, &template, &priv.PublicKey, priv)
+		rand.Reader, &template, &template, &priv.PublicKey, priv,
+	)
 	if err != nil {
 		t.Fatalf("failed to create certificate: %v", err)
 	}