Etusivu Tutki Apua
Kirjaudu sisään
cesar
/
cdk
1
0
Haarauta 0
Tiedostot Esitykset 0 Vetopyynnöt 0 Wiki
Puu: eb65e7603f
Haarat Tunnisteet
cdk
/
crates
/
cdk-lnd
/
src
/
client.rs

client.rs 6.7 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227 
  1. //! GRPC Client
    2. 

  2. 

  3. use std::path::Path;
    4. 

  4. use std::str::FromStr;
    5. 

  5. use std::sync::Arc;
    6. 

  6. 

  7. use cdk_common::util::hex;
    8. 

  8. use hyper_rustls::HttpsConnectorBuilder;
    9. 

  9. use hyper_util::client::legacy::connect::HttpConnector;
    10. 

  10. use hyper_util::client::legacy::Client as HyperClient;
    11. 

  11. use hyper_util::rt::TokioExecutor;
    12. 

  12. use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
    13. 

  13. use rustls::crypto::ring::default_provider;
    14. 

  14. use rustls::pki_types::{CertificateDer, ServerName, UnixTime};
    15. 

  15. use rustls::{ClientConfig, DigitallySignedStruct, Error as TLSError, SignatureScheme};
    16. 

  16. use tokio::fs;
    17. 

  17. use tonic::body::Body;
    18. 

  18. use tonic::codegen::InterceptedService;
    19. 

  19. use tonic::metadata::MetadataValue;
    20. 

  20. use tonic::service::Interceptor;
    21. 

  21. use tonic::{Request, Status};
    22. 

  22. 

  23. use crate::{lnrpc, routerrpc, Error};
    24. 

  24. 

  25. /// Custom certificate verifier for LND's self-signed certificates
    26. 

  26. #[derive(Debug)]
    27. 

  27. pub(crate) struct LndCertVerifier {
    28. 

  28.     certs: Vec<Vec<u8>>,
    29. 

  29.     provider: Arc<rustls::crypto::CryptoProvider>,
    30. 

  30. }
    31. 

  31. 

  32. impl LndCertVerifier {
    33. 

  33.     pub(crate) async fn load(path: impl AsRef<Path>) -> Result<Self, Error> {
    34. 

  34.         let provider = default_provider();
    35. 

  35. 

  36.         let contents = fs::read(path).await.map_err(|_| Error::ReadFile)?;
    37. 

  37.         let mut reader = std::io::Cursor::new(contents);
    38. 

  38. 

  39.         // Parse PEM certificates
    40. 

  40.         let certs: Vec<CertificateDer<'static>> =
    41. 

  41.             rustls_pemfile::certs(&mut reader).flatten().collect();
    42. 

  42. 

  43.         Ok(LndCertVerifier {
    44. 

  44.             certs: certs.into_iter().map(|c| c.to_vec()).collect(),
    45. 

  45.             provider: Arc::new(provider),
    46. 

  46.         })
    47. 

  47.     }
    48. 

  48. }
    49. 

  49. 

  50. impl ServerCertVerifier for LndCertVerifier {
    51. 

  51.     fn verify_server_cert(
    52. 

  52.         &self,
    53. 

  53.         end_entity: &CertificateDer<'_>,
    54. 

  54.         intermediates: &[CertificateDer<'_>],
    55. 

  55.         _server_name: &ServerName,
    56. 

  56.         _ocsp_response: &[u8],
    57. 

  57.         _now: UnixTime,
    58. 

  58.     ) -> Result<ServerCertVerified, TLSError> {
    59. 

  59.         let mut certs = intermediates
    60. 

  60.             .iter()
    61. 

  61.             .map(|c| c.as_ref().to_vec())
    62. 

  62.             .collect::<Vec<Vec<u8>>>();
    63. 

  63.         certs.push(end_entity.as_ref().to_vec());
    64. 

  64.         certs.sort();
    65. 

  65. 

  66.         let mut our_certs = self.certs.clone();
    67. 

  67.         our_certs.sort();
    68. 

  68. 

  69.         if self.certs.len() != certs.len() {
    70. 

  70.             return Err(TLSError::General(format!(
    71. 

  71.                 "Mismatched number of certificates (Expected: {}, Presented: {})",
    72. 

  72.                 self.certs.len(),
    73. 

  73.                 certs.len()
    74. 

  74.             )));
    75. 

  75.         }
    76. 

  76.         for (c, p) in our_certs.iter().zip(certs.iter()) {
    77. 

  77.             if p != c {
    78. 

  78.                 return Err(TLSError::General(
    79. 

  79.                     "Server certificates do not match ours".to_string(),
    80. 

  80.                 ));
    81. 

  81.             }
    82. 

  82.         }
    83. 

  83. 

  84.         Ok(ServerCertVerified::assertion())
    85. 

  85.     }
    86. 

  86. 

  87.     fn verify_tls12_signature(
    88. 

  88.         &self,
    89. 

  89.         message: &[u8],
    90. 

  90.         cert: &CertificateDer<'_>,
    91. 

  91.         dss: &DigitallySignedStruct,
    92. 

  92.     ) -> Result<HandshakeSignatureValid, TLSError> {
    93. 

  93.         rustls::crypto::verify_tls12_signature(
    94. 

  94.             message,
    95. 

  95.             cert,
    96. 

  96.             dss,
    97. 

  97.             &self.provider.signature_verification_algorithms,
    98. 

  98.         )
    99. 

  99.         .map(|_| HandshakeSignatureValid::assertion())
    100. 

  100.     }
    101. 

  101. 

  102.     fn verify_tls13_signature(
    103. 

  103.         &self,
    104. 

  104.         message: &[u8],
    105. 

  105.         cert: &CertificateDer<'_>,
    106. 

  106.         dss: &DigitallySignedStruct,
    107. 

  107.     ) -> Result<HandshakeSignatureValid, TLSError> {
    108. 

  108.         rustls::crypto::verify_tls13_signature(
    109. 

  109.             message,
    110. 

  110.             cert,
    111. 

  111.             dss,
    112. 

  112.             &self.provider.signature_verification_algorithms,
    113. 

  113.         )
    114. 

  114.         .map(|_| HandshakeSignatureValid::assertion())
    115. 

  115.     }
    116. 

  116. 

  117.     fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
    118. 

  118.         self.provider
    119. 

  119.             .signature_verification_algorithms
    120. 

  120.             .supported_schemes()
    121. 

  121.     }
    122. 

  122. }
    123. 

  123. 

  124. pub type RouterClient = routerrpc::router_client::RouterClient<
    125. 

  125.     InterceptedService<
    126. 

  126.         HyperClient<hyper_rustls::HttpsConnector<HttpConnector>, Body>,
    127. 

  127.         MacaroonInterceptor,
    128. 

  128.     >,
    129. 

  129. >;
    130. 

  130. 

  131. /// The client returned by `connect` function
    132. 

  132. #[derive(Clone)]
    133. 

  133. pub struct Client {
    134. 

  134.     lightning: lnrpc::lightning_client::LightningClient<
    135. 

  135.         InterceptedService<
    136. 

  136.             HyperClient<hyper_rustls::HttpsConnector<HttpConnector>, Body>,
    137. 

  137.             MacaroonInterceptor,
    138. 

  138.         >,
    139. 

  139.     >,
    140. 

  140.     router: RouterClient,
    141. 

  141. }
    142. 

  142. 

  143. /// Supplies requests with macaroon
    144. 

  144. #[derive(Clone)]
    145. 

  145. pub struct MacaroonInterceptor {
    146. 

  146.     macaroon: String,
    147. 

  147. }
    148. 

  148. 

  149. impl Interceptor for MacaroonInterceptor {
    150. 

  150.     fn call(&mut self, mut request: Request<()>) -> Result<Request<()>, Status> {
    151. 

  151.         request.metadata_mut().insert(
    152. 

  152.             "macaroon",
    153. 

  153.             MetadataValue::from_str(&self.macaroon)
    154. 

  154.                 .map_err(|e| Status::internal(format!("Invalid macaroon: {e}")))?,
    155. 

  155.         );
    156. 

  156.         Ok(request)
    157. 

  157.     }
    158. 

  158. }
    159. 

  159. 

  160. async fn load_macaroon(path: impl AsRef<Path>) -> Result<String, Error> {
    161. 

  161.     let macaroon = fs::read(path).await.map_err(|_| Error::ReadFile)?;
    162. 

  162.     Ok(hex::encode(macaroon))
    163. 

  163. }
    164. 

  164. 

  165. pub async fn connect<P: AsRef<Path>>(
    166. 

  166.     address: &str,
    167. 

  167.     cert_path: P,
    168. 

  168.     macaroon_path: P,
    169. 

  169. ) -> Result<Client, Error> {
    170. 

  170.     if rustls::crypto::CryptoProvider::get_default().is_none() {
    171. 

  171.         let _ = rustls::crypto::ring::default_provider().install_default();
    172. 

  172.     }
    173. 

  173. 

  174.     let config = ClientConfig::builder()
    175. 

  175.         .dangerous()
    176. 

  176.         .with_custom_certificate_verifier(Arc::new(LndCertVerifier::load(cert_path).await?))
    177. 

  177.         .with_no_client_auth();
    178. 

  178. 

  179.     // Create HTTPS connector
    180. 

  180.     let https = HttpsConnectorBuilder::new()
    181. 

  181.         .with_tls_config(config)
    182. 

  182.         .https_only()
    183. 

  183.         .enable_http2()
    184. 

  184.         .build();
    185. 

  185. 

  186.     // Create hyper client
    187. 

  187.     let client = HyperClient::builder(TokioExecutor::new())
    188. 

  188.         .http2_only(true)
    189. 

  189.         .build(https);
    190. 

  190. 

  191.     // Load macaroon
    192. 

  192.     let macaroon = load_macaroon(macaroon_path).await?;
    193. 

  193. 

  194.     // Create service with macaroon interceptor
    195. 

  195.     let service = InterceptedService::new(client, MacaroonInterceptor { macaroon });
    196. 

  196. 

  197.     // Create URI for the service
    198. 

  198.     let address = address
    199. 

  199.         .trim_start_matches("http://")
    200. 

  200.         .trim_start_matches("https://");
    201. 

  201.     let uri = http::Uri::from_str(&format!("https://{address}"))
    202. 

  202.         .map_err(|e| Error::InvalidConfig(format!("Invalid URI: {e}")))?;
    203. 

  203. 

  204.     // Create LND client
    205. 

  205.     let lightning =
    206. 

  206.         lnrpc::lightning_client::LightningClient::with_origin(service.clone(), uri.clone());
    207. 

  207.     let router = RouterClient::with_origin(service, uri);
    208. 

  208. 

  209.     Ok(Client { lightning, router })
    210. 

  210. }
    211. 

  211. 

  212. impl Client {
    213. 

  213.     pub fn lightning(
    214. 

  214.         &mut self,
    215. 

  215.     ) -> &mut lnrpc::lightning_client::LightningClient<
    216. 

  216.         InterceptedService<
    217. 

  217.             HyperClient<hyper_rustls::HttpsConnector<HttpConnector>, Body>,
    218. 

  218.             MacaroonInterceptor,
    219. 

  219.         >,
    220. 

  220.     > {
    221. 

  221.         &mut self.lightning
    222. 

  222.     }
    223. 

  223. 

  224.     pub fn router(&mut self) -> &mut RouterClient {
    225. 

  225.         &mut self.router
    226. 

  226.     }
    227. 

  227. }
    228.