From a870ed5fb75f0173ff0de44f98d141f7d659cfe8 Mon Sep 17 00:00:00 2001 From: "Johan T. Halseth" Date: Mon, 13 Jan 2020 12:21:13 +0100 Subject: [PATCH 1/3] lnd: add WalletUnlockerAuthOptions Similar to what was done for the regular RPC server, we add auth dial options for the wallet unlocker, as it also requires TLS now. --- lnd.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/lnd.go b/lnd.go index 62e8c6c2..1d0e9ce7 100644 --- a/lnd.go +++ b/lnd.go @@ -60,6 +60,25 @@ var ( networkDir string ) +// WalletUnlockerAuthOptions returns a list of DialOptions that can be used to +// authenticate with the wallet unlocker service. +// +// NOTE: This should only be called after the WalletUnlocker listener has +// signaled it is ready. +func WalletUnlockerAuthOptions() ([]grpc.DialOption, error) { + creds, err := credentials.NewClientTLSFromFile(cfg.TLSCertPath, "") + if err != nil { + return nil, fmt.Errorf("unable to read TLS cert: %v", err) + } + + // Create a dial options array with the TLS credentials. + opts := []grpc.DialOption{ + grpc.WithTransportCredentials(creds), + } + + return opts, nil +} + // AdminAuthOptions returns a list of DialOptions that can be used to // authenticate with the RPC server with admin capabilities. // From f5a981330471115a7a56740d673d3ccda14fcd28 Mon Sep 17 00:00:00 2001 From: "Johan T. Halseth" Date: Mon, 13 Jan 2020 12:21:39 +0100 Subject: [PATCH 2/3] mobile: add TLS options to wallet unlocker listener The wallet unlocker service also requires the TLS certificates to be added, but this was not set. This commit sets the options similar to what is done for the regular RPC server. --- mobile/bindings.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/mobile/bindings.go b/mobile/bindings.go index 0945a17b..fed2b218 100644 --- a/mobile/bindings.go +++ b/mobile/bindings.go @@ -74,6 +74,18 @@ func Start(extraArgs string, unlockerReady, rpcReady Callback) { // callbacks when the RPC servers are ready to accept calls. go func() { <-unlockerListening + + // We must set the TLS certificates in order to properly + // authenticate with the wallet unlocker service. + auth, err := lnd.WalletUnlockerAuthOptions() + if err != nil { + unlockerReady.OnError(err) + return + } + + // Add the auth options to the listener's dial options. + addWalletUnlockerLisDialOption(auth...) + unlockerReady.OnResponse([]byte{}) }() From 56230f5de2253167856ddcc210d0611bbea95090 Mon Sep 17 00:00:00 2001 From: "Johan T. Halseth" Date: Mon, 13 Jan 2020 12:30:59 +0100 Subject: [PATCH 3/3] mobile: add note about using lnddir On both Android and iOS (when not using a simulator) the application procees doesn't have write permissions to the default lnd directory. This commit adds a note about using the app directory given by the used platform. --- mobile/bindings.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mobile/bindings.go b/mobile/bindings.go index fed2b218..3a2936b8 100644 --- a/mobile/bindings.go +++ b/mobile/bindings.go @@ -20,6 +20,10 @@ import ( // The unlockerReady callback is called when the WalletUnlocker service is // ready, and rpcReady is called after the wallet has been unlocked and lnd is // ready to accept RPC calls. +// +// NOTE: On mobile platforms the '--lnddir` argument should be set to the +// current app directory in order to ensure lnd has the permissions needed to +// write to it. func Start(extraArgs string, unlockerReady, rpcReady Callback) { // Split the argument string on "--" to get separated command line // arguments.