lnd: remove global var access from genCertPair

Instead pass the optional strings as slices to the method.
This commit is contained in:
Johan T. Halseth 2019-07-22 09:26:25 +02:00
parent 807012f960
commit 2bef62b467
No known key found for this signature in database
GPG Key ID: 15BAADA29DA20D26
2 changed files with 22 additions and 22 deletions

29
lnd.go

@ -185,9 +185,8 @@ func Main() error {
defer cancel()
tlsCfg, restCreds, restProxyDest, err := getTLSConfig(
cfg.TLSCertPath,
cfg.TLSKeyPath,
cfg.RPCListeners,
cfg.TLSCertPath, cfg.TLSKeyPath, cfg.TLSExtraIPs,
cfg.TLSExtraDomains, cfg.RPCListeners,
)
if err != nil {
err := fmt.Errorf("Unable to load TLS credentials: %v", err)
@ -555,13 +554,15 @@ func Main() error {
// getTLSConfig returns a TLS configuration for the gRPC server and credentials
// and a proxy destination for the REST reverse proxy.
func getTLSConfig(tlsCertPath string, tlsKeyPath string,
rpcListeners []net.Addr) (*tls.Config,
func getTLSConfig(tlsCertPath string, tlsKeyPath string, tlsExtraIPs,
tlsExtraDomains []string, rpcListeners []net.Addr) (*tls.Config,
*credentials.TransportCredentials, string, error) {
// Ensure we create TLS key and certificate if they don't exist
if !fileExists(tlsCertPath) && !fileExists(tlsKeyPath) {
err := genCertPair(tlsCertPath, tlsKeyPath)
err := genCertPair(
tlsCertPath, tlsKeyPath, tlsExtraIPs, tlsExtraDomains,
)
if err != nil {
return nil, nil, "", err
}
@ -591,7 +592,9 @@ func getTLSConfig(tlsCertPath string, tlsKeyPath string,
return nil, nil, "", err
}
err = genCertPair(tlsCertPath, tlsKeyPath)
err = genCertPair(
tlsCertPath, tlsKeyPath, tlsExtraIPs, tlsExtraDomains,
)
if err != nil {
return nil, nil, "", err
}
@ -644,7 +647,9 @@ func fileExists(name string) bool {
//
// This function is adapted from https://github.com/btcsuite/btcd and
// https://github.com/btcsuite/btcutil
func genCertPair(certFile, keyFile string) error {
func genCertPair(certFile, keyFile string, tlsExtraIPs,
tlsExtraDomains []string) error {
rpcsLog.Infof("Generating TLS certificates...")
org := "lnd autogenerated cert"
@ -687,15 +692,13 @@ func genCertPair(certFile, keyFile string) error {
}
}
if cfg != nil {
// Add extra IPs to the slice.
for _, ip := range cfg.TLSExtraIPs {
for _, ip := range tlsExtraIPs {
ipAddr := net.ParseIP(ip)
if ipAddr != nil {
addIP(ipAddr)
}
}
}
// Collect the host's names into a slice.
host, err := os.Hostname()
@ -709,9 +712,7 @@ func genCertPair(certFile, keyFile string) error {
if host != "localhost" {
dnsNames = append(dnsNames, "localhost")
}
if cfg != nil {
dnsNames = append(dnsNames, cfg.TLSExtraDomains...)
}
dnsNames = append(dnsNames, tlsExtraDomains...)
// Also add fake hostnames for unix sockets, otherwise hostname
// verification will fail in the client.

@ -71,7 +71,6 @@ func TestTLSAutoRegeneration(t *testing.T) {
keyPath := tempDirPath + "/tls.key"
certDerBytes, keyBytes := genExpiredCertPair(t, tempDirPath)
expiredCert, err := x509.ParseCertificate(certDerBytes)
if err != nil {
t.Fatalf("failed to parse certificate: %v", err)
@ -106,7 +105,6 @@ func TestTLSAutoRegeneration(t *testing.T) {
}
err = ioutil.WriteFile(tempDirPath+"/tls.key", keyBuf.Bytes(), 0600)
if err != nil {
os.Remove(tempDirPath + "tls.cert")
t.Fatalf("failed to write key file: %v", err)
}
@ -116,7 +114,7 @@ func TestTLSAutoRegeneration(t *testing.T) {
// Now let's run getTLSConfig. If it works properly, it should delete
// the cert and create a new one.
_, _, _, err = getTLSConfig(certPath, keyPath, rpcListeners)
_, _, _, err = getTLSConfig(certPath, keyPath, nil, nil, rpcListeners)
if err != nil {
t.Fatalf("couldn't retrieve TLS config")
}
@ -185,7 +183,8 @@ func genExpiredCertPair(t *testing.T, certDirPath string) ([]byte, []byte) {
}
certDerBytes, err := x509.CreateCertificate(
rand.Reader, &template, &template, &priv.PublicKey, priv)
rand.Reader, &template, &template, &priv.PublicKey, priv,
)
if err != nil {
t.Fatalf("failed to create certificate: %v", err)
}