lnd/lncfg/remotesigner.go

package lncfg

import (
	"fmt"
	"time"
)

const (
	// DefaultRemoteSignerRPCTimeout is the default timeout that is used
	// when forwarding a request to the remote signer through RPC.
	DefaultRemoteSignerRPCTimeout = 5 * time.Second
)

// RemoteSigner holds the configuration options for a remote RPC signer.
//
//nolint:lll
type RemoteSigner struct {
	Enable           bool          `long:"enable" description:"Use a remote signer for signing any on-chain related transactions or messages. Only recommended if local wallet is initialized as watch-only. Remote signer must use the same seed/root key as the local watch-only wallet but must have private keys."`
	RPCHost          string        `long:"rpchost" description:"The remote signer's RPC host:port"`
	MacaroonPath     string        `long:"macaroonpath" description:"The macaroon to use for authenticating with the remote signer"`
	TLSCertPath      string        `long:"tlscertpath" description:"The TLS certificate to use for establishing the remote signer's identity"`
	Timeout          time.Duration `long:"timeout" description:"The timeout for connecting to and signing requests with the remote signer. Valid time units are {s, m, h}."`
	MigrateWatchOnly bool          `long:"migrate-wallet-to-watch-only" description:"If a wallet with private key material already exists, migrate it into a watch-only wallet on first startup. WARNING: This cannot be undone! Make sure you have backed up your seed before you use this flag! All private keys will be purged from the wallet after first unlock with this flag!"`
}

// Validate checks the values configured for our remote RPC signer.
func (r *RemoteSigner) Validate() error {
	if !r.Enable {
		return nil
	}

	if r.Timeout < time.Millisecond {
		return fmt.Errorf("remote signer: timeout of %v is invalid, "+
			"cannot be smaller than %v", r.Timeout,
			time.Millisecond)
	}

	if r.MigrateWatchOnly && !r.Enable {
		return fmt.Errorf("remote signer: cannot turn on wallet " +
			"migration to watch-only if remote signing is not " +
			"enabled")
	}

	return nil
}
multi: add remote RPC signing wallet implementation 2021-10-14 15:42:49 +02:00			`package lncfg`

multi: make remote signer RPC timeout configurable 2022-01-05 11:04:28 +01:00			`import (`
			`"fmt"`
			`"time"`
			`)`

			`const (`
			`// DefaultRemoteSignerRPCTimeout is the default timeout that is used`
			`// when forwarding a request to the remote signer through RPC.`
			`DefaultRemoteSignerRPCTimeout = 5 * time.Second`
			`)`

multi: add remote RPC signing wallet implementation 2021-10-14 15:42:49 +02:00			`// RemoteSigner holds the configuration options for a remote RPC signer.`
multi: skip checking long lines for config files 2022-10-20 10:48:19 +02:00			`//`
multi: fix make lint Fixes new lint errors caught by the latest version. 2022-11-18 00:01:42 +01:00			`//nolint:lll`
multi: add remote RPC signing wallet implementation 2021-10-14 15:42:49 +02:00			`type RemoteSigner struct {`
multi: add migrate-wallet-to-watch-only flag To enable converting an existing wallet with private key material into a watch-only wallet on first startup with remote signing enabled, we add a new flag. Since the conversion is a destructive process, this shouldn't happen automatically just because remote signing is enabled. 2022-01-05 11:04:34 +01:00			Enable bool `long:"enable" description:"Use a remote signer for signing any on-chain related transactions or messages. Only recommended if local wallet is initialized as watch-only. Remote signer must use the same seed/root key as the local watch-only wallet but must have private keys."`
			RPCHost string `long:"rpchost" description:"The remote signer's RPC host:port"`
			MacaroonPath string `long:"macaroonpath" description:"The macaroon to use for authenticating with the remote signer"`
			TLSCertPath string `long:"tlscertpath" description:"The TLS certificate to use for establishing the remote signer's identity"`
			Timeout time.Duration `long:"timeout" description:"The timeout for connecting to and signing requests with the remote signer. Valid time units are {s, m, h}."`
			MigrateWatchOnly bool `long:"migrate-wallet-to-watch-only" description:"If a wallet with private key material already exists, migrate it into a watch-only wallet on first startup. WARNING: This cannot be undone! Make sure you have backed up your seed before you use this flag! All private keys will be purged from the wallet after first unlock with this flag!"`
multi: make remote signer RPC timeout configurable 2022-01-05 11:04:28 +01:00			`}`

			`// Validate checks the values configured for our remote RPC signer.`
			`func (r *RemoteSigner) Validate() error {`
			`if !r.Enable {`
			`return nil`
			`}`

			`if r.Timeout < time.Millisecond {`
			`return fmt.Errorf("remote signer: timeout of %v is invalid, "+`
			`"cannot be smaller than %v", r.Timeout,`
			`time.Millisecond)`
			`}`

multi: add migrate-wallet-to-watch-only flag To enable converting an existing wallet with private key material into a watch-only wallet on first startup with remote signing enabled, we add a new flag. Since the conversion is a destructive process, this shouldn't happen automatically just because remote signing is enabled. 2022-01-05 11:04:34 +01:00			`if r.MigrateWatchOnly && !r.Enable {`
			`return fmt.Errorf("remote signer: cannot turn on wallet " +`
			`"migration to watch-only if remote signing is not " +`
			`"enabled")`
			`}`

multi: make remote signer RPC timeout configurable 2022-01-05 11:04:28 +01:00			`return nil`
multi: add remote RPC signing wallet implementation 2021-10-14 15:42:49 +02:00			`}`