akovalenko/lnd.xprv
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #785 from brndnmtthws/master

Browse Source 
Add more details on using macaroons with GRPC.
This commit is contained in:
Olaoluwa Osuntokun 2018-02-28 19:27:13 -08:00 committed by GitHub
commit 9479b085e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 94 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
docs/grpc/java.md
View File

@ -62,6 +62,11 @@ The following dependencies are required.
<artifactId>netty-tcnative-boringssl-static</artifactId> <artifactId>netty-tcnative-boringssl-static</artifactId>
<version>2.0.7.Final</version> <version>2.0.7.Final</version>
</dependency> </dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.11</version>
</dependency>
</dependencies> </dependencies>
``` ```
In the build section, we'll need to configure the following things : In the build section, we'll need to configure the following things :
@ -98,28 +103,79 @@ In the build section, we'll need to configure the following things :
``` ```
#### Main.java #### Main.java
```java ```java
import io.grpc.Attributes;
import io.grpc.CallCredentials;
import io.grpc.ManagedChannel; import io.grpc.ManagedChannel;
import io.grpc.Metadata;
import io.grpc.MethodDescriptor;
import io.grpc.Status;
import io.grpc.netty.GrpcSslContexts; import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyChannelBuilder; import io.grpc.netty.NettyChannelBuilder;
import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContext;
import lnrpc.LightningGrpc; import lnrpc.LightningGrpc;
import lnrpc.LightningGrpc.LightningBlockingStub; import lnrpc.LightningGrpc.LightningBlockingStub;
import lnrpc.Rpc.*; import lnrpc.Rpc.GetInfoRequest;
import lnrpc.Rpc.GetInfoResponse;
import org.apache.commons.codec.binary.Hex;
import javax.net.ssl.SSLException;
import java.io.File; import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.concurrent.Executor;
public class Main { public class Main {
static class MacaroonCallCredential implements CallCredentials {
private final String macaroon;
MacaroonCallCredential(String macaroon) {
this.macaroon = macaroon;
}
public void thisUsesUnstableApi() {}
public void applyRequestMetadata(
MethodDescriptor < ? , ? > methodDescriptor,
Attributes attributes,
Executor executor,
final MetadataApplier metadataApplier
) {
String authority = attributes.get(ATTR_AUTHORITY);
System.out.println(authority);
executor.execute(new Runnable() {
public void run() {
try {
Metadata headers = new Metadata();
Metadata.Key < String > macaroonKey = Metadata.Key.of("macaroon", Metadata.ASCII_STRING_MARSHALLER);
headers.put(macaroonKey, macaroon);
metadataApplier.apply(headers);
} catch (Throwable e) {
metadataApplier.fail(Status.UNAUTHENTICATED.withCause(e));
}
}
});
}
}
private static final String CERT_PATH = "/Users/user/Library/Application Support/Lnd/tls.cert"; private static final String CERT_PATH = "/Users/user/Library/Application Support/Lnd/tls.cert";
private static final String MACAROON_PATH = "/Users/user/Library/Application Support/Lnd/admin.macaroon";
private static final String HOST = "localhost"; private static final String HOST = "localhost";
private static final int PORT = 10009; private static final int PORT = 10009;
public static void main(String... args) throws SSLException { public static void main(String...args) throws IOException {
SslContext sslContext = GrpcSslContexts.forClient().trustManager(new File(CERT_PATH)).build(); SslContext sslContext = GrpcSslContexts.forClient().trustManager(new File(CERT_PATH)).build();
NettyChannelBuilder channelBuilder = NettyChannelBuilder.forAddress(HOST, PORT); NettyChannelBuilder channelBuilder = NettyChannelBuilder.forAddress(HOST, PORT);
ManagedChannel channel = channelBuilder.sslContext(sslContext).build(); ManagedChannel channel = channelBuilder.sslContext(sslContext).build();
LightningBlockingStub stub = LightningGrpc.newBlockingStub(channel);
String macaroon =
Hex.encodeHexString(
Files.readAllBytes(Paths.get(MACAROON_PATH))
);
LightningBlockingStub stub = LightningGrpc
.newBlockingStub(channel)
.withCallCredentials(new MacaroonCallCredential(macaroon));
GetInfoResponse response = stub.getInfo(GetInfoRequest.getDefaultInstance()); GetInfoResponse response = stub.getInfo(GetInfoRequest.getDefaultInstance());
System.out.println(response.getIdentityPubkey()); System.out.println(response.getIdentityPubkey());

17
docs/macaroons.md
View File

@ -97,6 +97,23 @@ timeout can be changed with the `--macaroontimeout` option; this can be
increased for making RPC calls between systems whose clocks are more than 60s increased for making RPC calls between systems whose clocks are more than 60s
apart. apart.
## Using Macaroons with GRPC clients
When interacting with `lnd` using the GRPC interface, the macaroons are encoded
as a hex string over the wire and can be passed to `lnd` by specifying the
hex-encoded macaroon as GRPC metadata:
GET https://localhost:8080/v1/getinfo
Grpc-Metadata-macaroon: <macaroon>
Where `<macaroon>` is the hex encoded binary data from the macaroon file itself.
A very simple example using `curl` may look something like this:
curl --insecure --header "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 $HOME/.lnd/admin.macaroon)" https://localhost:8080/v1/getinfo
Have a look at the [Java GRPC example](/docs/grpc/java.md) for programmatic usage details.
## Future improvements to the `lnd` macaroon implementation ## Future improvements to the `lnd` macaroon implementation
The existing macaroon implementation in `lnd` and `lncli` lays the groundwork The existing macaroon implementation in `lnd` and `lncli` lays the groundwork