Add support for passing in macaroons/tls cert as data to basic client

orbitalturtle · orbitalturtle · commit 3870f0f49439 · 2021-08-12T16:30:06.000-05:00
diff --git a/basic_client.go b/basic_client.go
@@ -1,6 +1,7 @@
 package lndclient
 
 import (
+	"encoding/hex"
 	"fmt"
 	"io/ioutil"
 	"path/filepath"
@@ -52,13 +53,14 @@ func (bc *basicClientOptions) applyBasicClientOptions(options ...BasicClientOpti
 // NewBasicClient creates a new basic gRPC client to lnd. We call this client
 // "basic" as it falls back to expected defaults if the arguments aren't
 // provided.
-func NewBasicClient(lndHost, tlsPath, macDir, network string,
-	basicOptions ...BasicClientOption) (
+func NewBasicClient(lndHost, tlsPath, macDir, tlsData, macData,
+	network string, basicOptions ...BasicClientOption) (
 
 	lnrpc.LightningClient, error) {
 
 	conn, err := NewBasicConn(
-		lndHost, tlsPath, macDir, network, basicOptions...,
+		lndHost, tlsPath, macDir, tlsData, macData, network,
+		basicOptions...,
 	)
 	if err != nil {
 		return nil, err
@@ -70,54 +72,26 @@ func NewBasicClient(lndHost, tlsPath, macDir, network string,
 // NewBasicConn creates a new basic gRPC connection to lnd. We call this
 // connection "basic" as it falls back to expected defaults if the arguments
 // aren't provided.
-func NewBasicConn(lndHost, tlsPath, macDir, network string,
-	basicOptions ...BasicClientOption) (
+func NewBasicConn(lndHost string, tlsPath, macDir, tlsData, macData,
+	network string, basicOptions ...BasicClientOption) (
 
 	*grpc.ClientConn, error) {
 
-	if tlsPath == "" {
-		tlsPath = defaultTLSCertPath
-	}
-
-	// Load the specified TLS certificate and build transport credentials
-	creds, err := credentials.NewClientTLSFromFile(tlsPath, "")
+	creds, mac, err := parseTLSAndMacaroon(
+		tlsPath, macDir, tlsData, macData, network, basicOptions...,
+	)
 	if err != nil {
 		return nil, err
 	}
 
+	// Now we append the macaroon credentials to the dial options.
+	cred := macaroons.NewMacaroonCredential(mac)
+
 	// Create a dial options array.
 	opts := []grpc.DialOption{
 		grpc.WithTransportCredentials(creds),
-	}
-
-	if macDir == "" {
-		macDir = filepath.Join(
-			defaultLndDir, defaultDataDir, defaultChainSubDir,
-			"bitcoin", network,
-		)
-	}
-
-	// Starting with the set of default options, we'll apply any specified
-	// functional options to the basic client.
-	bco := defaultBasicClientOptions()
-	bco.applyBasicClientOptions(basicOptions...)
-
-	macPath := filepath.Join(macDir, bco.macFilename)
-
-	// Load the specified macaroon file.
-	macBytes, err := ioutil.ReadFile(macPath)
-	if err == nil {
-		// Only if file is found
-		mac := &macaroon.Macaroon{}
-		if err = mac.UnmarshalBinary(macBytes); err != nil {
-			return nil, fmt.Errorf("unable to decode macaroon: %v",
-				err)
-		}
-
-		// Now we append the macaroon credentials to the dial options.
-		cred := macaroons.NewMacaroonCredential(mac)
-		opts = append(opts, grpc.WithPerRPCCredentials(cred))
-		opts = append(opts, grpc.WithDefaultCallOptions(maxMsgRecvSize))
+		grpc.WithPerRPCCredentials(cred),
+		grpc.WithDefaultCallOptions(maxMsgRecvSize),
 	}
 
 	// We need to use a custom dialer so we can also connect to unix sockets
@@ -134,3 +108,45 @@ func NewBasicConn(lndHost, tlsPath, macDir, network string,
 
 	return conn, nil
 }
+
+// parseTLSAndMacaroon looks to see if the TLS certificate and macaroon were
+// passed in as a path or as straight-up data, and processes it accordingly so
+// it can be passed into grpc to establish a connection with LND.
+func parseTLSAndMacaroon(tlsPath, macDir, tlsData, macData, network string,
+	basicOptions ...BasicClientOption) (credentials.TransportCredentials,
+	*macaroon.Macaroon, error) {
+
+	creds, err := GetTLSCredentials(tlsData, tlsPath)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Starting with the set of default options, we'll apply any specified
+	// functional options to the basic client.
+	bco := defaultBasicClientOptions()
+	bco.applyBasicClientOptions(basicOptions...)
+
+	var macBytes []byte
+	mac := &macaroon.Macaroon{}
+	if macData != "" {
+		macBytes, err = hex.DecodeString(macData)
+		if err != nil {
+			return nil, nil, err
+		}
+	} else {
+		macPath := filepath.Join(macDir, bco.macFilename)
+
+		// Load the specified macaroon file.
+		macBytes, err = ioutil.ReadFile(macPath)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	if err = mac.UnmarshalBinary(macBytes); err != nil {
+		return nil, nil, fmt.Errorf("unable to decode macaroon: %v",
+			err)
+	}
+
+	return creds, mac, nil
+}
diff --git a/basic_client_test.go b/basic_client_test.go
@@ -0,0 +1,70 @@
+package lndclient
+
+import (
+	"encoding/hex"
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+// Tests that NewBasicConn works correctly when macaroon and TLS certificate
+//  data are passed in directly instead of being supplied as file paths.
+func TestParseTLSAndMacaroon(t *testing.T) {
+
+	tlsData := `-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIUEkmdMOVPL92AwgsSYFFBvz4ilmUwDQYJKoZIhvcNAQEL
+BQAwUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1OMRQwEgYDVQQHDAtNaW5uZWFw
+b2xpczEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTIxMDQy
+MzA2NDkyNVoXDTIxMDUyMzA2NDkyNVowUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
+Ak1OMRQwEgYDVQQHDAtNaW5uZWFwb2xpczEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
+Z2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnK21
+qJmWWs4Nwz2f2ZbTsDxJAumgDJdZ9JKsJBrqjFf7+25ip+1hIB15P1UHHPhtW5Yp
+P9Xm50z8W2RP2pHyCFB09cwKgdqPsS8Q2tzr5DINt+eNYa5JpxnWXM5ZqmYD7Zg0
+wSMVW3FuAWFpjlzNWs/UHSuDShiQLoMhl2xAjiGSsHbY9plV438/kypSKS+7wjxe
+0TJaTv/kWlHhQkXvnLqIMhD8J+ScGVSSk0OFgWiRmcCGDsLZgEGklHklC7ZKrr+Q
+Am2MGbvUaGuwW+R5d2ZaQRbQ5UVhHcna2MxUn6MzSjbEhpIsMKZoYVXCb0GFObcq
+UsLUOrIqpIyngd4G9wIDAQABo1MwUTAdBgNVHQ4EFgQU0lZJ2gp/RM79oAegXr/H
+sU+GU3YwHwYDVR0jBBgwFoAU0lZJ2gp/RM79oAegXr/HsU+GU3YwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAly744gq/LPuL0EnEbfxXrVqmvWh6
+t9kNljXybVjQNTZ00e4zGknOA3VM29JWOEYyQ7ut/tP+kquWLdfOq/Lehe7vnBSn
+lPR6IYbba9ck5AvPZgGG9fEncKxeUoI0ltI/luycmWL7Eb9j3128diIwljf9JXNT
+I/LThs8Nl5RSiMOuGer0e934vLlZlrEEI4rWs3DKK56WjrMeVf5dhvYK44usNwUh
+vKgMVFsUeyLLTN0EuZjGoFdi3lfLQo3vRwLD6h/EDa5uWK14pZXDQ30+fT2RjuVD
+XhkpT5dliEGFLNe6OOgeWTU1JpEXfCud/GImtNMHQi4EDWQfvWuCNGhOoQ==
+-----END CERTIFICATE-----`
+
+	macData := "0201047465737402067788991234560000062052d26ed139ea5af8" +
+		"3e675500c4ccb2471f62191b745bab820f129e5588a255d2"
+
+	// Make sure it works when data is passed in.
+	_, _, err := parseTLSAndMacaroon(
+		"", "", tlsData, macData, "mainnet", MacFilename(""),
+	)
+	require.NoError(t, err)
+
+	// Now let's write the data to a file to make sure parseTLSAndMacaroon
+	// parses that properly as well.
+	tempDirPath, err := ioutil.TempDir("", ".testCreds")
+	require.NoError(t, err)
+	defer os.RemoveAll(tempDirPath)
+
+	certPath := tempDirPath + "/tls.cert"
+	tlsPEMBytes := []byte(tlsData)
+
+	err = ioutil.WriteFile(certPath, tlsPEMBytes, 0644)
+	require.NoError(t, err)
+
+	macPath := tempDirPath + "/test.macaroon"
+	macBytes, err := hex.DecodeString(macData)
+	require.NoError(t, err)
+
+	err = ioutil.WriteFile(macPath, macBytes, 0644)
+	require.NoError(t, err)
+
+	_, _, err = parseTLSAndMacaroon(
+		certPath, macPath, "", "", "mainnet", MacFilename(""),
+	)
+	require.NoError(t, err)
+}
