loopd: add swap server TLS cert path

We need the ability to connect to a swap server that uses
a self-signed certificate. The LSAT proxy cannot proxy insecure
gRPC requests since they don't conform to the HTTP 1.1 standard.
Therefore the LSAT proxy fill only serve TLS connections.
This means, we need the TLS path option to specify the certificate
the test environment LSAT proxy uses.

Author: guggero

client.go

@@ -71,14 +71,17 @@ type Client struct {
 
 // NewClient returns a new instance to initiate swaps with.
 func NewClient(dbDir string, serverAddress string, insecure bool,
-	lnd *lndclient.LndServices) (*Client, func(), error) {
+	tlsPathServer string, lnd *lndclient.LndServices) (*Client, func(),
+	error) {
 
 	store, err := loopdb.NewBoltSwapStore(dbDir, lnd.ChainParams)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	swapServerClient, err := newSwapServerClient(serverAddress, insecure)
+	swapServerClient, err := newSwapServerClient(
+		serverAddress, insecure, tlsPathServer,
+	)
 	if err != nil {
 		return nil, nil, err
 	}

cmd/loopd/config.go

@@ -27,12 +27,13 @@ type lndConfig struct {
 type viewParameters struct{}
 
 type config struct {
-	ShowVersion bool   `short:"V" long:"version" description:"Display version information and exit"`
-	Insecure    bool   `long:"insecure" description:"disable tls"`
-	Network     string `long:"network" description:"network to run on" choice:"regtest" choice:"testnet" choice:"mainnet" choice:"simnet"`
-	SwapServer  string `long:"swapserver" description:"swap server address host:port"`
-	RPCListen   string `long:"rpclisten" description:"Address to listen on for gRPC clients"`
-	RESTListen  string `long:"restlisten" description:"Address to listen on for REST clients"`
+	ShowVersion    bool   `short:"V" long:"version" description:"Display version information and exit"`
+	Insecure       bool   `long:"insecure" description:"disable tls"`
+	Network        string `long:"network" description:"network to run on" choice:"regtest" choice:"testnet" choice:"mainnet" choice:"simnet"`
+	SwapServer     string `long:"swapserver" description:"swap server address host:port"`
+	TLSPathSwapSrv string `long:"tlspathswapserver" description:"Path to swap server tls certificate. Only needed if the swap server uses a self-signed certificate."`
+	RPCListen      string `long:"rpclisten" description:"Address to listen on for gRPC clients"`
+	RESTListen     string `long:"restlisten" description:"Address to listen on for REST clients"`
 
 	LogDir         string `long:"logdir" description:"Directory to log output."`
 	MaxLogFiles    int    `long:"maxlogfiles" description:"Maximum logfiles to keep (0 for no rotation)"`

cmd/loopd/daemon.go

@@ -45,7 +45,7 @@ func daemon(config *config) error {
 	// Create an instance of the loop client library.
 	swapClient, cleanup, err := getClient(
 		config.Network, config.SwapServer, config.Insecure,
-		&lnd.LndServices,
+		config.TLSPathSwapSrv, &lnd.LndServices,
 	)
 	if err != nil {
 		return err

cmd/loopd/utils.go

@@ -16,7 +16,7 @@ func getLnd(network string, cfg *lndConfig) (*lndclient.GrpcLndServices, error)
 }
 
 // getClient returns an instance of the swap client.
-func getClient(network, swapServer string, insecure bool,
+func getClient(network, swapServer string, insecure bool, tlsPathServer string,
 	lnd *lndclient.LndServices) (*loop.Client, func(), error) {
 
 	storeDir, err := getStoreDir(network)
@@ -25,7 +25,7 @@ func getClient(network, swapServer string, insecure bool,
 	}
 
 	swapClient, cleanUp, err := loop.NewClient(
-		storeDir, swapServer, insecure, lnd,
+		storeDir, swapServer, insecure, tlsPathServer, lnd,
 	)
 	if err != nil {
 		return nil, nil, err

cmd/loopd/view.go

@@ -24,7 +24,8 @@ func view(config *config) error {
 	defer lnd.Close()
 
 	swapClient, cleanup, err := getClient(
-		config.Network, config.SwapServer, config.Insecure, &lnd.LndServices,
+		config.Network, config.SwapServer, config.Insecure,
+		config.TLSPathSwapSrv, &lnd.LndServices,
 	)
 	if err != nil {
 		return err

swap_server_client.go

@@ -8,11 +8,10 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/lightninglabs/loop/looprpc"
-	"github.com/lightningnetwork/lnd/lntypes"
-
 	"github.com/btcsuite/btcd/btcec"
 	"github.com/btcsuite/btcutil"
+	"github.com/lightninglabs/loop/looprpc"
+	"github.com/lightningnetwork/lnd/lntypes"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )
@@ -49,10 +48,10 @@ type grpcSwapServerClient struct {
 
 var _ swapServerClient = (*grpcSwapServerClient)(nil)
 
-func newSwapServerClient(address string,
-	insecure bool) (*grpcSwapServerClient, error) {
+func newSwapServerClient(address string, insecure bool, tlsPath string) (
+	*grpcSwapServerClient, error) {
 
-	serverConn, err := getSwapServerConn(address, insecure)
+	serverConn, err := getSwapServerConn(address, insecure, tlsPath)
 	if err != nil {
 		return nil, err
 	}
@@ -227,19 +226,37 @@ func (s *grpcSwapServerClient) Close() {
 }
 
 // getSwapServerConn returns a connection to the swap server.
-func getSwapServerConn(address string, insecure bool) (*grpc.ClientConn, error) {
+func getSwapServerConn(address string, insecure bool, tlsPath string) (
+	*grpc.ClientConn, error) {
+
 	// Create a dial options array.
 	opts := []grpc.DialOption{}
-	if insecure {
+
+	// There are three options to connect to a swap server, either insecure,
+	// using a self-signed certificate or with a certificate signed by a
+	// public CA.
+	switch {
+	case insecure:
 		opts = append(opts, grpc.WithInsecure())
-	} else {
+
+	case tlsPath != "":
+		// Load the specified TLS certificate and build
+		// transport credentials
+		creds, err := credentials.NewClientTLSFromFile(tlsPath, "")
+		if err != nil {
+			return nil, err
+		}
+		opts = append(opts, grpc.WithTransportCredentials(creds))
+
+	default:
 		creds := credentials.NewTLS(&tls.Config{})
 		opts = append(opts, grpc.WithTransportCredentials(creds))
 	}
 
 	conn, err := grpc.Dial(address, opts...)
 	if err != nil {
-		return nil, fmt.Errorf("unable to connect to RPC server: %v", err)
+		return nil, fmt.Errorf("unable to connect to RPC server: %v",
+			err)
 	}
 
 	return conn, nil