Skip to content
This repository has been archived by the owner on Sep 8, 2020. It is now read-only.

Commit

Permalink
Btcpay (#68)
Browse files Browse the repository at this point in the history
* syntax nits

Signed-off-by: willcl-ark <[email protected]>

* add more cipher suites for BTCPay

Signed-off-by: willcl-ark <[email protected]>

* allow no_tls for BTCPay

Signed-off-by: willcl-ark <[email protected]>

* add GRPC_DEFAULT_SSL_ROOTS_FILE_PATH for no_tls

Signed-off-by: willcl-ark <[email protected]>

* remove assert

Signed-off-by: willcl-ark <[email protected]>

* remove unnecessary no_tls option

Signed-off-by: willcl-ark <[email protected]>

* more flexible TLS cert checks (works with root CA certs now)

Signed-off-by: willcl-ark <[email protected]>

* Add BTCPay instructions to README

Signed-off-by: willcl-ark <[email protected]>
  • Loading branch information
willcl-ark authored Aug 30, 2019
1 parent 98f7fca commit 184f0a3
Show file tree
Hide file tree
Showing 5 changed files with 258 additions and 207 deletions.
11 changes: 11 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,17 @@ inv_sub = threading.Thread(target=inv_sub_worker, args=[_hash, ], daemon=True)
inv_sub.start()
```

# BTCPay
BTCPay run their LND node's grpc behind an nginx proxy. In order to authenticate with this, the easiest way is to use your OS root certificate store for the tls cert path:

OSX: `/etc/ssl/cert.pem`

Debian-based: `/etc/ssl/certs/ca-certificates.crt`

Other OS: Google it :)

BTCPay server also presents the user with the admin.macaroon in hex format via the web interface, whereas lnd_grpc expects the raw binary file. The easiest way to obtain this is to SSH into the BTCPay instance and transfer the file from `/var/lib/docker/volumes/generated_lnd_bitcoin_datadir/_data/admin.macaroon` onto your local machine.

# Loop
LND must be re-built and installed as per the loop instructions found at the [Loop Readme](https://github.com/lightninglabs/loop/blob/master/README.md).

Expand Down
21 changes: 11 additions & 10 deletions lnd_grpc/base_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,17 @@
from lnd_grpc.utilities import get_lnd_dir

# tell gRPC which cypher suite to use
environ["GRPC_SSL_CIPHER_SUITES"] = "HIGH+ECDSA"
environ["GRPC_SSL_CIPHER_SUITES"] = (
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:"
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"
)


class BaseClient:
"""
A Base client which the other client services can build from. Can find tls cert and keys,
and macaroons in 'default' locations based off lnd_dir and network parameters.
A Base client which the other client services can build from. Can find tls cert and
keys, and macaroons in 'default' locations based off lnd_dir and network parameters.
Has some static helper methods for various applications.
"""
Expand Down Expand Up @@ -82,15 +86,12 @@ def tls_cert(self) -> bytes:
except FileNotFoundError:
sys.stderr.write("TLS cert not found at %s" % self.tls_cert_path)
raise
try:
assert _tls_cert.startswith(b"-----BEGIN CERTIFICATE-----")
return _tls_cert
except (AssertionError, AttributeError):
if not _tls_cert.startswith(b"-----BEGIN CERTIFICATE-----"):
sys.stderr.write(
"TLS cert at %s did not start with b'-----BEGIN CERTIFICATE-----')"
% self.tls_cert_path
"TLS cert at %s did not start with b'-----BEGIN CERTIFICATE-----')"
% self.tls_cert_path
)
raise
return _tls_cert

@property
def macaroon_path(self) -> str:
Expand Down
6 changes: 5 additions & 1 deletion lnd_grpc/invoices.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,11 @@
from lnd_grpc.config import defaultNetwork, defaultRPCHost, defaultRPCPort

# tell gRPC which cypher suite to use
environ["GRPC_SSL_CIPHER_SUITES"] = "HIGH+ECDSA"
environ["GRPC_SSL_CIPHER_SUITES"] = \
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:' \
'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:' \
'ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384'



class Invoices(BaseClient):
Expand Down
Loading

0 comments on commit 184f0a3

Please sign in to comment.