Merge pull request #3224 from cfromknecht/wtserver-key-family

watchtower: use separate key family for wtserver public key, add watchtower subserver

watchtower/conf.go

@@ -1,6 +1,7 @@
 package watchtower
 
 import (
+	"strconv"
 	"time"
 )
 
@@ -10,6 +11,9 @@ type Conf struct {
 	// RawListeners configures the watchtower's listening ports/interfaces.
 	RawListeners []string `long:"listen" description:"Add interfaces/ports to listen for peer connections"`
 
+	// RawExternalIPs configures the watchtower's external ports/interfaces.
+	RawExternalIPs []string `long:"externalip" description:"Add interfaces/ports where the watchtower can accept peer connections"`
+
 	// ReadTimeout specifies the duration the tower will wait when trying to
 	// read a message from a client before hanging up.
 	ReadTimeout time.Duration `long:"readtimeout" description:"Duration the watchtower server will wait for messages to be received before hanging up on clients"`
@@ -36,7 +40,7 @@ func (c *Conf) Apply(cfg *Config,
 		// If no addresses are specified by the Config, we will resort
 		// to the default peer port.
 		if len(c.RawListeners) == 0 {
-			addr := DefaultPeerPortStr
+			addr := DefaultListenAddr
 			c.RawListeners = append(c.RawListeners, addr)
 		}
 
@@ -44,7 +48,25 @@ func (c *Conf) Apply(cfg *Config,
 		// used by the brontide listener.
 		var err error
 		cfg.ListenAddrs, err = normalizer(
-			c.RawListeners, DefaultPeerPortStr,
+			c.RawListeners, strconv.Itoa(DefaultPeerPort),
+			cfg.Net.ResolveTCPAddr,
+		)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Set the Config's external ips if they are empty.
+	if cfg.ExternalIPs == nil {
+		// Without a network, we will be unable to resolve the external
+		// IP addresses.
+		if cfg.Net == nil {
+			return nil, ErrNoNetwork
+		}
+
+		var err error
+		cfg.ExternalIPs, err = normalizer(
+			c.RawExternalIPs, strconv.Itoa(DefaultPeerPort),
 			cfg.Net.ResolveTCPAddr,
 		)
 		if err != nil {

watchtower/config.go

@@ -28,8 +28,9 @@ const (
 )
 
 var (
-	// DefaultPeerPortStr is the default server port as a string.
-	DefaultPeerPortStr = fmt.Sprintf(":%d", DefaultPeerPort)
+	// DefaultListenAddr is the default watchtower address listening on all
+	// interfaces.
+	DefaultListenAddr = fmt.Sprintf(":%d", DefaultPeerPort)
 )
 
 // Config defines the resources and parameters used to configure a Watchtower.
@@ -73,9 +74,13 @@ type Config struct {
 	// have stronger guarantees wrt. returned error types.
 	PublishTx func(*wire.MsgTx) error
 
-	// ListenAddrs specifies which address to which clients may connect.
+	// ListenAddrs specifies the listening addresses of the tower.
 	ListenAddrs []net.Addr
 
+	// ExternalIPs specifies the addresses to which clients may connect to
+	// the tower.
+	ExternalIPs []net.Addr
+
 	// ReadTimeout specifies how long a client may go without sending a
 	// message.
 	ReadTimeout time.Duration

watchtower/standalone.go

@@ -4,6 +4,7 @@ import (
 	"net"
 	"sync/atomic"
 
+	"github.com/btcsuite/btcd/btcec"
 	"github.com/lightningnetwork/lnd/brontide"
 	"github.com/lightningnetwork/lnd/watchtower/lookout"
 	"github.com/lightningnetwork/lnd/watchtower/wtserver"
@@ -20,6 +21,9 @@ type Standalone struct {
 
 	cfg *Config
 
+	// listeners is a reference to the wtserver's listeners.
+	listeners []net.Listener
+
 	// server is the client endpoint, used for negotiating sessions and
 	// uploading state updates.
 	server wtserver.Interface
@@ -92,9 +96,10 @@ func New(cfg *Config) (*Standalone, error) {
 	}
 
 	return &Standalone{
-		cfg:     cfg,
-		server:  server,
-		lookout: lookout,
+		cfg:       cfg,
+		listeners: listeners,
+		server:    server,
+		lookout:   lookout,
 	}, nil
 }
 
@@ -136,3 +141,37 @@ func (w *Standalone) Stop() error {
 
 	return nil
 }
+
+// PubKey returns the public key for the watchtower used to authentication and
+// encrypt traffic with clients.
+//
+// NOTE: Part of the watchtowerrpc.WatchtowerBackend interface.
+func (w *Standalone) PubKey() *btcec.PublicKey {
+	return w.cfg.NodePrivKey.PubKey()
+}
+
+// ListeningAddrs returns the listening addresses where the watchtower server
+// can accept client connections.
+//
+// NOTE: Part of the watchtowerrpc.WatchtowerBackend interface.
+func (w *Standalone) ListeningAddrs() []net.Addr {
+	addrs := make([]net.Addr, 0, len(w.listeners))
+	for _, listener := range w.listeners {
+		addrs = append(addrs, listener.Addr())
+	}
+
+	return addrs
+}
+
+// ExternalIPs returns the addresses where the watchtower can be reached by
+// clients externally.
+//
+// NOTE: Part of the watchtowerrpc.WatchtowerBackend interface.
+func (w *Standalone) ExternalIPs() []net.Addr {
+	addrs := make([]net.Addr, 0, len(w.cfg.ExternalIPs))
+	for _, addr := range w.cfg.ExternalIPs {
+		addrs = append(addrs, addr)
+	}
+
+	return addrs
+}