diff --git a/chainregistry.go b/chainregistry.go index b5a38035..13f16e53 100644 --- a/chainregistry.go +++ b/chainregistry.go @@ -719,7 +719,9 @@ func (c *chainRegistry) NumActiveChains() uint32 { // initNeutrinoBackend inits a new instance of the neutrino light client // backend given a target chain directory to store the chain state. -func initNeutrinoBackend(chainDir string) (*neutrino.ChainService, func(), error) { +func initNeutrinoBackend(cfg *Config, chainDir string) (*neutrino.ChainService, + func(), error) { + // First we'll open the database file for neutrino, creating the // database if needed. We append the normalized network name here to // match the behavior of btcwallet. diff --git a/lnd.go b/lnd.go index ba59b3c5..840e684f 100644 --- a/lnd.go +++ b/lnd.go @@ -51,16 +51,12 @@ import ( "github.com/lightningnetwork/lnd/watchtower/wtdb" ) -var ( - cfg *Config -) - // WalletUnlockerAuthOptions returns a list of DialOptions that can be used to // authenticate with the wallet unlocker service. // // NOTE: This should only be called after the WalletUnlocker listener has // signaled it is ready. -func WalletUnlockerAuthOptions() ([]grpc.DialOption, error) { +func WalletUnlockerAuthOptions(cfg *Config) ([]grpc.DialOption, error) { creds, err := credentials.NewClientTLSFromFile(cfg.TLSCertPath, "") if err != nil { return nil, fmt.Errorf("unable to read TLS cert: %v", err) @@ -79,7 +75,7 @@ func WalletUnlockerAuthOptions() ([]grpc.DialOption, error) { // // NOTE: This should only be called after the RPCListener has signaled it is // ready. -func AdminAuthOptions() ([]grpc.DialOption, error) { +func AdminAuthOptions(cfg *Config) ([]grpc.DialOption, error) { creds, err := credentials.NewClientTLSFromFile(cfg.TLSCertPath, "") if err != nil { return nil, fmt.Errorf("unable to read TLS cert: %v", err) @@ -192,8 +188,7 @@ type rpcListeners func() ([]*ListenerWithSignal, func(), error) // validated main configuration struct and an optional listener config struct. // This function starts all main system components then blocks until a signal // is received on the shutdownChan at which point everything is shut down again. -func Main(config *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) error { - cfg = config +func Main(cfg *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) error { defer func() { ltndLog.Info("Shutdown complete") err := RootLogWriter.Close() @@ -289,10 +284,7 @@ func Main(config *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) erro ctx, cancel := context.WithCancel(ctx) defer cancel() - tlsCfg, restCreds, restProxyDest, err := getTLSConfig( - cfg.TLSCertPath, cfg.TLSKeyPath, cfg.TLSExtraIPs, - cfg.TLSExtraDomains, cfg.RPCListeners, - ) + tlsCfg, restCreds, restProxyDest, err := getTLSConfig(cfg) if err != nil { err := fmt.Errorf("unable to load TLS credentials: %v", err) ltndLog.Error(err) @@ -324,7 +316,7 @@ func Main(config *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) erro var neutrinoCS *neutrino.ChainService if mainChain.Node == "neutrino" { neutrinoBackend, neutrinoCleanUp, err := initNeutrinoBackend( - mainChain.ChainDir, + cfg, mainChain.ChainDir, ) if err != nil { err := fmt.Errorf("unable to initialize neutrino "+ @@ -398,7 +390,7 @@ func Main(config *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) erro // for wallet encryption. if !cfg.NoSeedBackup { params, err := waitForWalletPassword( - cfg.RESTListeners, serverOpts, restDialOpts, + cfg, cfg.RESTListeners, serverOpts, restDialOpts, restProxyDest, tlsCfg, walletUnlockerListeners, ) if err != nil { @@ -773,16 +765,15 @@ func Main(config *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) erro // getTLSConfig returns a TLS configuration for the gRPC server and credentials // and a proxy destination for the REST reverse proxy. -func getTLSConfig(tlsCertPath string, tlsKeyPath string, tlsExtraIPs, - tlsExtraDomains []string, rpcListeners []net.Addr) (*tls.Config, - *credentials.TransportCredentials, string, error) { +func getTLSConfig(cfg *Config) (*tls.Config, *credentials.TransportCredentials, + string, error) { // Ensure we create TLS key and certificate if they don't exist. - if !fileExists(tlsCertPath) && !fileExists(tlsKeyPath) { + if !fileExists(cfg.TLSCertPath) && !fileExists(cfg.TLSKeyPath) { rpcsLog.Infof("Generating TLS certificates...") err := cert.GenCertPair( - "lnd autogenerated cert", tlsCertPath, tlsKeyPath, - tlsExtraIPs, tlsExtraDomains, + "lnd autogenerated cert", cfg.TLSCertPath, + cfg.TLSKeyPath, cfg.TLSExtraIPs, cfg.TLSExtraDomains, cert.DefaultAutogenValidity, ) if err != nil { @@ -791,7 +782,9 @@ func getTLSConfig(tlsCertPath string, tlsKeyPath string, tlsExtraIPs, rpcsLog.Infof("Done generating TLS certificates") } - certData, parsedCert, err := cert.LoadCert(tlsCertPath, tlsKeyPath) + certData, parsedCert, err := cert.LoadCert( + cfg.TLSCertPath, cfg.TLSKeyPath, + ) if err != nil { return nil, nil, "", err } @@ -803,7 +796,7 @@ func getTLSConfig(tlsCertPath string, tlsKeyPath string, tlsExtraIPs, refresh := false if cfg.TLSAutoRefresh { refresh, err = cert.IsOutdated( - parsedCert, tlsExtraIPs, tlsExtraDomains, + parsedCert, cfg.TLSExtraIPs, cfg.TLSExtraDomains, ) if err != nil { return nil, nil, "", err @@ -816,20 +809,20 @@ func getTLSConfig(tlsCertPath string, tlsKeyPath string, tlsExtraIPs, ltndLog.Info("TLS certificate is expired or outdated, " + "generating a new one") - err := os.Remove(tlsCertPath) + err := os.Remove(cfg.TLSCertPath) if err != nil { return nil, nil, "", err } - err = os.Remove(tlsKeyPath) + err = os.Remove(cfg.TLSKeyPath) if err != nil { return nil, nil, "", err } rpcsLog.Infof("Renewing TLS certificates...") err = cert.GenCertPair( - "lnd autogenerated cert", tlsCertPath, tlsKeyPath, - tlsExtraIPs, tlsExtraDomains, + "lnd autogenerated cert", cfg.TLSCertPath, + cfg.TLSKeyPath, cfg.TLSExtraIPs, cfg.TLSExtraDomains, cert.DefaultAutogenValidity, ) if err != nil { @@ -838,19 +831,21 @@ func getTLSConfig(tlsCertPath string, tlsKeyPath string, tlsExtraIPs, rpcsLog.Infof("Done renewing TLS certificates") // Reload the certificate data. - certData, _, err = cert.LoadCert(tlsCertPath, tlsKeyPath) + certData, _, err = cert.LoadCert( + cfg.TLSCertPath, cfg.TLSKeyPath, + ) if err != nil { return nil, nil, "", err } } tlsCfg := cert.TLSConfFromCert(certData) - restCreds, err := credentials.NewClientTLSFromFile(tlsCertPath, "") + restCreds, err := credentials.NewClientTLSFromFile(cfg.TLSCertPath, "") if err != nil { return nil, nil, "", err } - restProxyDest := rpcListeners[0].String() + restProxyDest := cfg.RPCListeners[0].String() switch { case strings.Contains(restProxyDest, "0.0.0.0"): restProxyDest = strings.Replace( @@ -967,7 +962,7 @@ type WalletUnlockParams struct { // waitForWalletPassword will spin up gRPC and REST endpoints for the // WalletUnlocker server, and block until a password is provided by // the user to this RPC server. -func waitForWalletPassword(restEndpoints []net.Addr, +func waitForWalletPassword(cfg *Config, restEndpoints []net.Addr, serverOpts []grpc.ServerOption, restDialOpts []grpc.DialOption, restProxyDest string, tlsConf *tls.Config, getListeners rpcListeners) (*WalletUnlockParams, error) { diff --git a/server_test.go b/server_test.go index cb9034a0..d272fcf9 100644 --- a/server_test.go +++ b/server_test.go @@ -114,7 +114,12 @@ func TestTLSAutoRegeneration(t *testing.T) { // Now let's run getTLSConfig. If it works properly, it should delete // the cert and create a new one. - _, _, _, err = getTLSConfig(certPath, keyPath, nil, nil, rpcListeners) + cfg := &Config{ + TLSCertPath: certPath, + TLSKeyPath: keyPath, + RPCListeners: rpcListeners, + } + _, _, _, err = getTLSConfig(cfg) if err != nil { t.Fatalf("couldn't retrieve TLS config") }