From 49cbe9aa63f226d8f04ace95f255d93e5d4eebc0 Mon Sep 17 00:00:00 2001
From: Oliver Gugger <gugger@gmail.com>
Date: Fri, 8 Nov 2019 10:00:02 +0100
Subject: [PATCH] loopd: add swap server TLS cert path

We need the ability to connect to a swap server that uses
a self-signed certificate. The LSAT proxy cannot proxy insecure
gRPC requests since they don't conform to the HTTP 1.1 standard.
Therefore the LSAT proxy fill only serve TLS connections.
This means, we need the TLS path option to specify the certificate
the test environment LSAT proxy uses.
---
 client.go             |  7 +++++--
 cmd/loopd/config.go   | 13 +++++++------
 cmd/loopd/daemon.go   |  2 +-
 cmd/loopd/utils.go    |  4 ++--
 cmd/loopd/view.go     |  3 ++-
 swap_server_client.go | 37 +++++++++++++++++++++++++++----------
 6 files changed, 44 insertions(+), 22 deletions(-)

diff --git a/client.go b/client.go
index d7c382a..4d1b9df 100644
--- a/client.go
+++ b/client.go
@@ -71,14 +71,17 @@ type Client struct {
 
 // NewClient returns a new instance to initiate swaps with.
 func NewClient(dbDir string, serverAddress string, insecure bool,
-	lnd *lndclient.LndServices) (*Client, func(), error) {
+	tlsPathServer string, lnd *lndclient.LndServices) (*Client, func(),
+	error) {
 
 	store, err := loopdb.NewBoltSwapStore(dbDir, lnd.ChainParams)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	swapServerClient, err := newSwapServerClient(serverAddress, insecure)
+	swapServerClient, err := newSwapServerClient(
+		serverAddress, insecure, tlsPathServer,
+	)
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/cmd/loopd/config.go b/cmd/loopd/config.go
index 33c81ae..690665b 100644
--- a/cmd/loopd/config.go
+++ b/cmd/loopd/config.go
@@ -27,12 +27,13 @@ type lndConfig struct {
 type viewParameters struct{}
 
 type config struct {
-	ShowVersion bool   `short:"V" long:"version" description:"Display version information and exit"`
-	Insecure    bool   `long:"insecure" description:"disable tls"`
-	Network     string `long:"network" description:"network to run on" choice:"regtest" choice:"testnet" choice:"mainnet" choice:"simnet"`
-	SwapServer  string `long:"swapserver" description:"swap server address host:port"`
-	RPCListen   string `long:"rpclisten" description:"Address to listen on for gRPC clients"`
-	RESTListen  string `long:"restlisten" description:"Address to listen on for REST clients"`
+	ShowVersion    bool   `short:"V" long:"version" description:"Display version information and exit"`
+	Insecure       bool   `long:"insecure" description:"disable tls"`
+	Network        string `long:"network" description:"network to run on" choice:"regtest" choice:"testnet" choice:"mainnet" choice:"simnet"`
+	SwapServer     string `long:"swapserver" description:"swap server address host:port"`
+	TLSPathSwapSrv string `long:"tlspathswapserver" description:"Path to swap server tls certificate. Only needed if the swap server uses a self-signed certificate."`
+	RPCListen      string `long:"rpclisten" description:"Address to listen on for gRPC clients"`
+	RESTListen     string `long:"restlisten" description:"Address to listen on for REST clients"`
 
 	LogDir         string `long:"logdir" description:"Directory to log output."`
 	MaxLogFiles    int    `long:"maxlogfiles" description:"Maximum logfiles to keep (0 for no rotation)"`
diff --git a/cmd/loopd/daemon.go b/cmd/loopd/daemon.go
index b00a7f7..11f0790 100644
--- a/cmd/loopd/daemon.go
+++ b/cmd/loopd/daemon.go
@@ -45,7 +45,7 @@ func daemon(config *config) error {
 	// Create an instance of the loop client library.
 	swapClient, cleanup, err := getClient(
 		config.Network, config.SwapServer, config.Insecure,
-		&lnd.LndServices,
+		config.TLSPathSwapSrv, &lnd.LndServices,
 	)
 	if err != nil {
 		return err
diff --git a/cmd/loopd/utils.go b/cmd/loopd/utils.go
index 0e10b44..601957e 100644
--- a/cmd/loopd/utils.go
+++ b/cmd/loopd/utils.go
@@ -16,7 +16,7 @@ func getLnd(network string, cfg *lndConfig) (*lndclient.GrpcLndServices, error)
 }
 
 // getClient returns an instance of the swap client.
-func getClient(network, swapServer string, insecure bool,
+func getClient(network, swapServer string, insecure bool, tlsPathServer string,
 	lnd *lndclient.LndServices) (*loop.Client, func(), error) {
 
 	storeDir, err := getStoreDir(network)
@@ -25,7 +25,7 @@ func getClient(network, swapServer string, insecure bool,
 	}
 
 	swapClient, cleanUp, err := loop.NewClient(
-		storeDir, swapServer, insecure, lnd,
+		storeDir, swapServer, insecure, tlsPathServer, lnd,
 	)
 	if err != nil {
 		return nil, nil, err
diff --git a/cmd/loopd/view.go b/cmd/loopd/view.go
index eefc47f..50e3f4e 100644
--- a/cmd/loopd/view.go
+++ b/cmd/loopd/view.go
@@ -24,7 +24,8 @@ func view(config *config) error {
 	defer lnd.Close()
 
 	swapClient, cleanup, err := getClient(
-		config.Network, config.SwapServer, config.Insecure, &lnd.LndServices,
+		config.Network, config.SwapServer, config.Insecure,
+		config.TLSPathSwapSrv, &lnd.LndServices,
 	)
 	if err != nil {
 		return err
diff --git a/swap_server_client.go b/swap_server_client.go
index fde9e4f..4d328a9 100644
--- a/swap_server_client.go
+++ b/swap_server_client.go
@@ -8,11 +8,10 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/lightninglabs/loop/looprpc"
-	"github.com/lightningnetwork/lnd/lntypes"
-
 	"github.com/btcsuite/btcd/btcec"
 	"github.com/btcsuite/btcutil"
+	"github.com/lightninglabs/loop/looprpc"
+	"github.com/lightningnetwork/lnd/lntypes"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )
@@ -49,10 +48,10 @@ type grpcSwapServerClient struct {
 
 var _ swapServerClient = (*grpcSwapServerClient)(nil)
 
-func newSwapServerClient(address string,
-	insecure bool) (*grpcSwapServerClient, error) {
+func newSwapServerClient(address string, insecure bool, tlsPath string) (
+	*grpcSwapServerClient, error) {
 
-	serverConn, err := getSwapServerConn(address, insecure)
+	serverConn, err := getSwapServerConn(address, insecure, tlsPath)
 	if err != nil {
 		return nil, err
 	}
@@ -227,19 +226,37 @@ func (s *grpcSwapServerClient) Close() {
 }
 
 // getSwapServerConn returns a connection to the swap server.
-func getSwapServerConn(address string, insecure bool) (*grpc.ClientConn, error) {
+func getSwapServerConn(address string, insecure bool, tlsPath string) (
+	*grpc.ClientConn, error) {
+
 	// Create a dial options array.
 	opts := []grpc.DialOption{}
-	if insecure {
+
+	// There are three options to connect to a swap server, either insecure,
+	// using a self-signed certificate or with a certificate signed by a
+	// public CA.
+	switch {
+	case insecure:
 		opts = append(opts, grpc.WithInsecure())
-	} else {
+
+	case tlsPath != "":
+		// Load the specified TLS certificate and build
+		// transport credentials
+		creds, err := credentials.NewClientTLSFromFile(tlsPath, "")
+		if err != nil {
+			return nil, err
+		}
+		opts = append(opts, grpc.WithTransportCredentials(creds))
+
+	default:
 		creds := credentials.NewTLS(&tls.Config{})
 		opts = append(opts, grpc.WithTransportCredentials(creds))
 	}
 
 	conn, err := grpc.Dial(address, opts...)
 	if err != nil {
-		return nil, fmt.Errorf("unable to connect to RPC server: %v", err)
+		return nil, fmt.Errorf("unable to connect to RPC server: %v",
+			err)
 	}
 
 	return conn, nil