def test_grpc_wrong_auth(node_factory):
"""An mTLS client certificate should only be usable with its node
We create two instances, each generates its own certs and keys,
and then we try to cross the wires.
"""
# These only exist if we have rust!
from node_pb2_grpc import NodeStub # noqa: E402
import node_pb2 as nodepb # noqa: E402
grpc_port = reserve()
bin_path = Path.cwd() / "target" / "debug" / "cln-grpc"
l1, l2 = node_factory.get_nodes(2,
opts={
"plugin": str(bin_path),
"start": False,
"grpc-port": str(grpc_port),
})
l1.start()
wait_for_grpc_start(l1)
def connect(node):
p = Path(node.daemon.lightning_dir) / TEST_NETWORK
cert, key, ca = [
f.open('rb').read()
for f in [p / 'client.pem', p / 'client-key.pem', p / "ca.pem"]
]
creds = grpc.ssl_channel_credentials(
root_certificates=ca,
private_key=key,
certificate_chain=cert,
)
channel = grpc.secure_channel(
f"localhost:{grpc_port}",
creds,
options=(('grpc.ssl_target_name_override', 'cln'), ))
return NodeStub(channel)
stub = connect(l1)
# This should work, it's the correct node
stub.Getinfo(nodepb.GetinfoRequest())
l1.stop()
l2.start()
wait_for_grpc_start(l2)
# This should not work, it's a different node
with pytest.raises(Exception,
match=r'Socket closed|StatusCode.UNAVAILABLE'):
stub.Getinfo(nodepb.GetinfoRequest())
# Now load the correct ones and we should be good to go
stub = connect(l2)
stub.Getinfo(nodepb.GetinfoRequest())
def test_grpc_connect(node_factory):
"""Attempts to connect to the grpc interface and call getinfo"""
# These only exist if we have rust!
from node_pb2_grpc import NodeStub # noqa: E402
import node_pb2 as nodepb # noqa: E402
from primitives_pb2 import AmountOrAny, Amount # noqa: E402
grpc_port = reserve()
bin_path = Path.cwd() / "target" / "debug" / "cln-grpc"
l1 = node_factory.get_node(options={
"plugin": str(bin_path),
"grpc-port": str(grpc_port)
})
p = Path(l1.daemon.lightning_dir) / TEST_NETWORK
cert_path = p / "client.pem"
key_path = p / "client-key.pem"
ca_cert_path = p / "ca.pem"
creds = grpc.ssl_channel_credentials(
root_certificates=ca_cert_path.open('rb').read(),
private_key=key_path.open('rb').read(),
certificate_chain=cert_path.open('rb').read())
wait_for_grpc_start(l1)
channel = grpc.secure_channel(f"localhost:{grpc_port}",
creds,
options=(('grpc.ssl_target_name_override',
'cln'), ))
stub = NodeStub(channel)
response = stub.Getinfo(nodepb.GetinfoRequest())
print(response)
response = stub.ListFunds(nodepb.ListfundsRequest())
print(response)
inv = stub.Invoice(
nodepb.InvoiceRequest(msatoshi=AmountOrAny(any=True),
description="hello",
label="lbl1",
preimage=b"\x00" * 32,
cltv=24))
print(inv)
rates = stub.Feerates(nodepb.FeeratesRequest(style='PERKB'))
print(rates)
# Test a failing RPC call, so we know that errors are returned correctly.
with pytest.raises(Exception, match=r'Duplicate label'):
# This request creates a label collision
stub.Invoice(
nodepb.InvoiceRequest(
msatoshi=AmountOrAny(amount=Amount(msat=12345)),
description="hello",
label="lbl1",
))