diff --git a/client.go b/client.go index d7c382a..4d1b9df 100644 --- a/client.go +++ b/client.go @@ -71,14 +71,17 @@ type Client struct { // NewClient returns a new instance to initiate swaps with. func NewClient(dbDir string, serverAddress string, insecure bool, - lnd *lndclient.LndServices) (*Client, func(), error) { + tlsPathServer string, lnd *lndclient.LndServices) (*Client, func(), + error) { store, err := loopdb.NewBoltSwapStore(dbDir, lnd.ChainParams) if err != nil { return nil, nil, err } - swapServerClient, err := newSwapServerClient(serverAddress, insecure) + swapServerClient, err := newSwapServerClient( + serverAddress, insecure, tlsPathServer, + ) if err != nil { return nil, nil, err } diff --git a/cmd/loopd/config.go b/cmd/loopd/config.go index 33c81ae..690665b 100644 --- a/cmd/loopd/config.go +++ b/cmd/loopd/config.go @@ -27,12 +27,13 @@ type lndConfig struct { type viewParameters struct{} type config struct { - ShowVersion bool `short:"V" long:"version" description:"Display version information and exit"` - Insecure bool `long:"insecure" description:"disable tls"` - Network string `long:"network" description:"network to run on" choice:"regtest" choice:"testnet" choice:"mainnet" choice:"simnet"` - SwapServer string `long:"swapserver" description:"swap server address host:port"` - RPCListen string `long:"rpclisten" description:"Address to listen on for gRPC clients"` - RESTListen string `long:"restlisten" description:"Address to listen on for REST clients"` + ShowVersion bool `short:"V" long:"version" description:"Display version information and exit"` + Insecure bool `long:"insecure" description:"disable tls"` + Network string `long:"network" description:"network to run on" choice:"regtest" choice:"testnet" choice:"mainnet" choice:"simnet"` + SwapServer string `long:"swapserver" description:"swap server address host:port"` + TLSPathSwapSrv string `long:"tlspathswapserver" description:"Path to swap server tls certificate. Only needed if the swap server uses a self-signed certificate."` + RPCListen string `long:"rpclisten" description:"Address to listen on for gRPC clients"` + RESTListen string `long:"restlisten" description:"Address to listen on for REST clients"` LogDir string `long:"logdir" description:"Directory to log output."` MaxLogFiles int `long:"maxlogfiles" description:"Maximum logfiles to keep (0 for no rotation)"` diff --git a/cmd/loopd/daemon.go b/cmd/loopd/daemon.go index b00a7f7..11f0790 100644 --- a/cmd/loopd/daemon.go +++ b/cmd/loopd/daemon.go @@ -45,7 +45,7 @@ func daemon(config *config) error { // Create an instance of the loop client library. swapClient, cleanup, err := getClient( config.Network, config.SwapServer, config.Insecure, - &lnd.LndServices, + config.TLSPathSwapSrv, &lnd.LndServices, ) if err != nil { return err diff --git a/cmd/loopd/utils.go b/cmd/loopd/utils.go index 0e10b44..601957e 100644 --- a/cmd/loopd/utils.go +++ b/cmd/loopd/utils.go @@ -16,7 +16,7 @@ func getLnd(network string, cfg *lndConfig) (*lndclient.GrpcLndServices, error) } // getClient returns an instance of the swap client. -func getClient(network, swapServer string, insecure bool, +func getClient(network, swapServer string, insecure bool, tlsPathServer string, lnd *lndclient.LndServices) (*loop.Client, func(), error) { storeDir, err := getStoreDir(network) @@ -25,7 +25,7 @@ func getClient(network, swapServer string, insecure bool, } swapClient, cleanUp, err := loop.NewClient( - storeDir, swapServer, insecure, lnd, + storeDir, swapServer, insecure, tlsPathServer, lnd, ) if err != nil { return nil, nil, err diff --git a/cmd/loopd/view.go b/cmd/loopd/view.go index eefc47f..50e3f4e 100644 --- a/cmd/loopd/view.go +++ b/cmd/loopd/view.go @@ -24,7 +24,8 @@ func view(config *config) error { defer lnd.Close() swapClient, cleanup, err := getClient( - config.Network, config.SwapServer, config.Insecure, &lnd.LndServices, + config.Network, config.SwapServer, config.Insecure, + config.TLSPathSwapSrv, &lnd.LndServices, ) if err != nil { return err diff --git a/swap_server_client.go b/swap_server_client.go index fde9e4f..4d328a9 100644 --- a/swap_server_client.go +++ b/swap_server_client.go @@ -8,11 +8,10 @@ import ( "fmt" "time" - "github.com/lightninglabs/loop/looprpc" - "github.com/lightningnetwork/lnd/lntypes" - "github.com/btcsuite/btcd/btcec" "github.com/btcsuite/btcutil" + "github.com/lightninglabs/loop/looprpc" + "github.com/lightningnetwork/lnd/lntypes" "google.golang.org/grpc" "google.golang.org/grpc/credentials" ) @@ -49,10 +48,10 @@ type grpcSwapServerClient struct { var _ swapServerClient = (*grpcSwapServerClient)(nil) -func newSwapServerClient(address string, - insecure bool) (*grpcSwapServerClient, error) { +func newSwapServerClient(address string, insecure bool, tlsPath string) ( + *grpcSwapServerClient, error) { - serverConn, err := getSwapServerConn(address, insecure) + serverConn, err := getSwapServerConn(address, insecure, tlsPath) if err != nil { return nil, err } @@ -227,19 +226,37 @@ func (s *grpcSwapServerClient) Close() { } // getSwapServerConn returns a connection to the swap server. -func getSwapServerConn(address string, insecure bool) (*grpc.ClientConn, error) { +func getSwapServerConn(address string, insecure bool, tlsPath string) ( + *grpc.ClientConn, error) { + // Create a dial options array. opts := []grpc.DialOption{} - if insecure { + + // There are three options to connect to a swap server, either insecure, + // using a self-signed certificate or with a certificate signed by a + // public CA. + switch { + case insecure: opts = append(opts, grpc.WithInsecure()) - } else { + + case tlsPath != "": + // Load the specified TLS certificate and build + // transport credentials + creds, err := credentials.NewClientTLSFromFile(tlsPath, "") + if err != nil { + return nil, err + } + opts = append(opts, grpc.WithTransportCredentials(creds)) + + default: creds := credentials.NewTLS(&tls.Config{}) opts = append(opts, grpc.WithTransportCredentials(creds)) } conn, err := grpc.Dial(address, opts...) if err != nil { - return nil, fmt.Errorf("unable to connect to RPC server: %v", err) + return nil, fmt.Errorf("unable to connect to RPC server: %v", + err) } return conn, nil