diff --git a/crates/cdk-integration-tests/src/bin/start_fake_mint.rs b/crates/cdk-integration-tests/src/bin/start_fake_mint.rs index ccac111eef..c36390a26b 100644 --- a/crates/cdk-integration-tests/src/bin/start_fake_mint.rs +++ b/crates/cdk-integration-tests/src/bin/start_fake_mint.rs @@ -53,10 +53,13 @@ async fn start_fake_mint( ) -> Result> { let signatory_config = if external_signatory { println!("Configuring external signatory"); - Some(( - "https://127.0.0.1:15060".to_string(), // Default signatory URL - temp_dir.to_string_lossy().to_string(), // Certs directory as string - )) + Some(cdk_mintd::config::Signatory { + enabled: true, + address: "127.0.0.1".to_string(), + port: 15060, + tls_dir: Some(temp_dir.to_path_buf()), + allow_insecure: false, + }) } else { None }; diff --git a/crates/cdk-integration-tests/src/bin/start_regtest_mints.rs b/crates/cdk-integration-tests/src/bin/start_regtest_mints.rs index 9b23201b94..1eed8e8365 100644 --- a/crates/cdk-integration-tests/src/bin/start_regtest_mints.rs +++ b/crates/cdk-integration-tests/src/bin/start_regtest_mints.rs @@ -445,8 +445,6 @@ fn create_ldk_settings( "eye survey guilt napkin crystal cup whisper salt luggage manage unveil loyal" .to_string(), ), - signatory_url: None, - signatory_certs: None, input_fee_ppk: None, use_keyset_v2: None, http_cache: cdk_axum::cache::Config::default(), @@ -555,8 +553,6 @@ fn create_onchain_settings(port: u16) -> cdk_mintd::config::Settings { "eye survey guilt napkin crystal cup whisper salt luggage manage unveil loyal" .to_string(), ), - signatory_url: None, - signatory_certs: None, input_fee_ppk: None, use_keyset_v2: None, http_cache: cdk_axum::cache::Config::default(), diff --git a/crates/cdk-integration-tests/src/shared.rs b/crates/cdk-integration-tests/src/shared.rs index 06eca25e25..5a55a308d1 100644 --- a/crates/cdk-integration-tests/src/shared.rs +++ b/crates/cdk-integration-tests/src/shared.rs @@ -159,7 +159,7 @@ pub fn create_fake_wallet_settings( port: u16, database: &str, mnemonic: Option, - signatory_config: Option<(String, String)>, // (url, certs_dir) + signatory_config: Option, fake_wallet_config: Option, onchain_config: Option, ) -> cdk_mintd::config::Settings { @@ -187,10 +187,6 @@ pub fn create_fake_wallet_settings( listen_port: port, seed: None, mnemonic: mnemonic.clone(), - signatory_url: signatory_config.as_ref().map(|(url, _)| url.clone()), - signatory_certs: signatory_config - .as_ref() - .map(|(_, certs_dir)| certs_dir.clone()), input_fee_ppk: None, use_keyset_v2: None, http_cache: cache::Config::default(), @@ -201,6 +197,7 @@ pub fn create_fake_wallet_settings( }, enable_info_page: None, }, + signatory: signatory_config, mint_info: cdk_mintd::config::MintInfo::default(), limits: cdk_mintd::config::Limits::default(), ln: vec![ @@ -262,8 +259,6 @@ pub fn create_cln_settings( listen_port: port, seed: None, mnemonic: Some(mnemonic), - signatory_url: None, - signatory_certs: None, input_fee_ppk: None, use_keyset_v2: None, http_cache: cache::Config::default(), @@ -318,8 +313,6 @@ pub fn create_lnd_settings( listen_port: port, seed: None, mnemonic: Some(mnemonic), - signatory_url: None, - signatory_certs: None, input_fee_ppk: None, use_keyset_v2: None, http_cache: cache::Config::default(), diff --git a/crates/cdk-mintd/example.config.toml b/crates/cdk-mintd/example.config.toml index 5bb65f4169..ed6a189758 100644 --- a/crates/cdk-mintd/example.config.toml +++ b/crates/cdk-mintd/example.config.toml @@ -27,6 +27,13 @@ melt_ttl = 120 # Log level for file output (default: "debug") # file_level = "debug" +[signatory] +enabled = false +# address = "127.0.0.1" +# port = 15060 +# tls_dir = "/path/to/tls" +# allow_insecure = false + [mint_management_rpc] enabled = false # address = "127.0.0.1" @@ -320,7 +327,7 @@ max_delay_time = 3 # [grpc_processor] # gRPC Payment Processor configuration -# addr = "127.0.0.1" +# address = "127.0.0.1" # port = 50051 # tls_dir = "/path/to/tls" # allow_insecure = false diff --git a/crates/cdk-mintd/src/config.rs b/crates/cdk-mintd/src/config.rs index c49bb8de14..137ccf63e7 100644 --- a/crates/cdk-mintd/src/config.rs +++ b/crates/cdk-mintd/src/config.rs @@ -54,8 +54,6 @@ pub struct Info { /// Overrides mnemonic pub seed: Option, pub mnemonic: Option, - pub signatory_url: Option, - pub signatory_certs: Option, pub input_fee_ppk: Option, /// Use keyset v2 pub use_keyset_v2: Option, @@ -87,8 +85,6 @@ impl Default for Info { listen_port: 8091, // Default to port 8091 instead of 0 seed: None, mnemonic: None, - signatory_url: None, - signatory_certs: None, input_fee_ppk: None, use_keyset_v2: None, http_cache: cache::Config::default(), @@ -107,7 +103,7 @@ impl std::fmt::Debug for Info { let hash = sha256::Hash::hash(mnemonic.as_bytes()); format!("") } else { - format!("", self.signatory_url.clone().unwrap_or_default()) + "".to_string() } }; @@ -125,6 +121,40 @@ impl std::fmt::Debug for Info { } } +#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)] +pub struct Signatory { + #[serde(default)] + pub enabled: bool, + #[serde(default = "default_signatory_address")] + pub address: String, + #[serde(default = "default_signatory_port")] + pub port: u16, + #[serde(default)] + pub tls_dir: Option, + #[serde(default)] + pub allow_insecure: bool, +} + +impl Default for Signatory { + fn default() -> Self { + Self { + enabled: false, + address: default_signatory_address(), + port: default_signatory_port(), + tls_dir: None, + allow_insecure: false, + } + } +} + +fn default_signatory_address() -> String { + "127.0.0.1".to_string() +} + +fn default_signatory_port() -> u16 { + 15060 +} + #[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Default)] #[serde(rename_all = "lowercase")] pub enum LnBackend { @@ -845,8 +875,8 @@ fn default_fake_wallet_supported_units() -> Vec { pub struct GrpcProcessor { #[serde(default)] pub supported_units: Vec, - #[serde(default = "default_grpc_addr")] - pub addr: String, + #[serde(default = "default_grpc_address", alias = "addr")] + pub address: String, #[serde(default = "default_grpc_port")] pub port: u16, #[serde(default)] @@ -859,7 +889,7 @@ impl Default for GrpcProcessor { fn default() -> Self { Self { supported_units: Vec::new(), - addr: default_grpc_addr(), + address: default_grpc_address(), port: default_grpc_port(), tls_dir: None, allow_insecure: false, @@ -867,7 +897,7 @@ impl Default for GrpcProcessor { } } -fn default_grpc_addr() -> String { +fn default_grpc_address() -> String { "127.0.0.1".to_string() } @@ -1004,6 +1034,7 @@ fn default_blind() -> AuthType { #[derive(Debug, Clone, Serialize, Deserialize, Default)] pub struct Settings { pub info: Info, + pub signatory: Option, pub mint_info: MintInfo, #[serde(default, deserialize_with = "deserialize_ln")] pub ln: Vec, @@ -1209,9 +1240,13 @@ impl Settings { // override with file contents .add_source(File::with_name(&config)) .build()?; - let settings: Settings = config.try_deserialize()?; + config.try_deserialize() + } - Ok(settings) + pub(crate) fn enabled_signatory(&self) -> Option<&Signatory> { + self.signatory + .as_ref() + .filter(|signatory| signatory.enabled) } } @@ -2225,7 +2260,7 @@ max_melt = 500000 // Verify that settings were populated from env vars assert!(settings.grpc_processor.is_some()); let grpc_config = settings.grpc_processor.as_ref().unwrap(); - assert_eq!(grpc_config.addr, "localhost"); + assert_eq!(grpc_config.address, "localhost"); assert_eq!(grpc_config.port, 50051); // Cleanup env vars diff --git a/crates/cdk-mintd/src/env_vars/common.rs b/crates/cdk-mintd/src/env_vars/common.rs index e1bb1c38e0..0f75bbad67 100644 --- a/crates/cdk-mintd/src/env_vars/common.rs +++ b/crates/cdk-mintd/src/env_vars/common.rs @@ -8,8 +8,11 @@ pub const ENV_LISTEN_HOST: &str = "CDK_MINTD_LISTEN_HOST"; pub const ENV_LISTEN_PORT: &str = "CDK_MINTD_LISTEN_PORT"; pub const ENV_SEED: &str = "CDK_MINTD_SEED"; pub const ENV_MNEMONIC: &str = "CDK_MINTD_MNEMONIC"; -pub const ENV_SIGNATORY_URL: &str = "CDK_MINTD_SIGNATORY_URL"; -pub const ENV_SIGNATORY_CERTS: &str = "CDK_MINTD_SIGNATORY_CERTS"; +pub const ENV_SIGNATORY_ENABLED: &str = "CDK_MINTD_SIGNATORY_ENABLED"; +pub const ENV_SIGNATORY_ADDRESS: &str = "CDK_MINTD_SIGNATORY_ADDRESS"; +pub const ENV_SIGNATORY_PORT: &str = "CDK_MINTD_SIGNATORY_PORT"; +pub const ENV_SIGNATORY_TLS_DIR: &str = "CDK_MINTD_SIGNATORY_TLS_DIR"; +pub const ENV_SIGNATORY_ALLOW_INSECURE: &str = "CDK_MINTD_SIGNATORY_ALLOW_INSECURE"; pub const ENV_SECONDS_QUOTE_VALID: &str = "CDK_MINTD_SECONDS_QUOTE_VALID"; pub const ENV_CACHE_SECONDS: &str = "CDK_MINTD_CACHE_SECONDS"; pub const ENV_EXTEND_CACHE_SECONDS: &str = "CDK_MINTD_EXTEND_CACHE_SECONDS"; diff --git a/crates/cdk-mintd/src/env_vars/grpc_processor.rs b/crates/cdk-mintd/src/env_vars/grpc_processor.rs index 3e8e91003c..0a65bd6d57 100644 --- a/crates/cdk-mintd/src/env_vars/grpc_processor.rs +++ b/crates/cdk-mintd/src/env_vars/grpc_processor.rs @@ -28,7 +28,7 @@ impl GrpcProcessor { } if let Ok(addr) = env::var(ENV_GRPC_PROCESSOR_ADDRESS) { - self.addr = addr; + self.address = addr; } if let Ok(port) = env::var(ENV_GRPC_PROCESSOR_PORT) { diff --git a/crates/cdk-mintd/src/env_vars/info.rs b/crates/cdk-mintd/src/env_vars/info.rs index 8831a1f4a8..1d02fcf4e5 100644 --- a/crates/cdk-mintd/src/env_vars/info.rs +++ b/crates/cdk-mintd/src/env_vars/info.rs @@ -25,14 +25,6 @@ impl Info { } } - if let Ok(signatory_url) = env::var(ENV_SIGNATORY_URL) { - self.signatory_url = Some(signatory_url); - } - - if let Ok(signatory_certs) = env::var(ENV_SIGNATORY_CERTS) { - self.signatory_certs = Some(signatory_certs); - } - if let Ok(seed) = env::var(ENV_SEED) { self.seed = Some(seed); } diff --git a/crates/cdk-mintd/src/env_vars/mod.rs b/crates/cdk-mintd/src/env_vars/mod.rs index f3e51c3ac6..a32ed1587f 100644 --- a/crates/cdk-mintd/src/env_vars/mod.rs +++ b/crates/cdk-mintd/src/env_vars/mod.rs @@ -11,6 +11,7 @@ mod limits; mod ln; mod mint_info; mod onchain; +mod signatory; mod auth; #[cfg(feature = "bdk")] @@ -95,6 +96,8 @@ impl Settings { }); self.info = self.info.clone().from_env(); + self.signatory = Some(self.signatory.clone().unwrap_or_default().from_env()); + self.mint_info = self.mint_info.clone().from_env(); // CDK_MINTD_LN_* env vars only apply when there is exactly one // configured Lightning entry. Multi-backend setups must choose units diff --git a/crates/cdk-mintd/src/env_vars/signatory.rs b/crates/cdk-mintd/src/env_vars/signatory.rs new file mode 100644 index 0000000000..4931dcdfb7 --- /dev/null +++ b/crates/cdk-mintd/src/env_vars/signatory.rs @@ -0,0 +1,86 @@ +//! Remote signatory environment variables + +use std::env; + +use super::common::*; +use crate::config::Signatory; + +impl Signatory { + pub fn from_env(mut self) -> Self { + if let Ok(enabled) = env::var(ENV_SIGNATORY_ENABLED) { + if let Ok(enabled) = enabled.parse() { + self.enabled = enabled; + } + } + + if let Ok(addr) = env::var(ENV_SIGNATORY_ADDRESS) { + self.address = addr; + } + + if let Ok(port) = env::var(ENV_SIGNATORY_PORT) { + if let Ok(port) = port.parse() { + self.port = port; + } + } + + if let Ok(tls_dir) = env::var(ENV_SIGNATORY_TLS_DIR) { + self.tls_dir = Some(tls_dir.into()); + } + + if let Ok(allow_insecure) = env::var(ENV_SIGNATORY_ALLOW_INSECURE) { + if let Ok(allow_insecure) = allow_insecure.parse() { + self.allow_insecure = allow_insecure; + } + } + + self + } +} + +#[cfg(test)] +mod tests { + use std::path::PathBuf; + + use super::*; + + fn env_lock() -> std::sync::MutexGuard<'static, ()> { + static ENV_LOCK: std::sync::Mutex<()> = std::sync::Mutex::new(()); + + ENV_LOCK + .lock() + .expect("signatory env test lock should not be poisoned") + } + + fn clear_env_vars() { + env::remove_var(ENV_SIGNATORY_ENABLED); + env::remove_var(ENV_SIGNATORY_ADDRESS); + env::remove_var(ENV_SIGNATORY_PORT); + env::remove_var(ENV_SIGNATORY_TLS_DIR); + env::remove_var(ENV_SIGNATORY_ALLOW_INSECURE); + } + + #[test] + fn signatory_from_env_reads_enabled_and_connection_fields() { + let _guard = env_lock(); + clear_env_vars(); + + env::set_var(ENV_SIGNATORY_ENABLED, "true"); + env::set_var(ENV_SIGNATORY_ADDRESS, "0.0.0.0"); + env::set_var(ENV_SIGNATORY_PORT, "15061"); + env::set_var(ENV_SIGNATORY_TLS_DIR, "/var/lib/cdk/signatory-tls"); + env::set_var(ENV_SIGNATORY_ALLOW_INSECURE, "true"); + + let signatory = Signatory::default().from_env(); + + assert!(signatory.enabled); + assert_eq!(signatory.address, "0.0.0.0"); + assert_eq!(signatory.port, 15061); + assert_eq!( + signatory.tls_dir, + Some(PathBuf::from("/var/lib/cdk/signatory-tls")) + ); + assert!(signatory.allow_insecure); + + clear_env_vars(); + } +} diff --git a/crates/cdk-mintd/src/lib.rs b/crates/cdk-mintd/src/lib.rs index 783cb3d9e0..8acbfd5163 100644 --- a/crates/cdk-mintd/src/lib.rs +++ b/crates/cdk-mintd/src/lib.rs @@ -701,7 +701,7 @@ async fn configure_lightning_backend( tracing::info!( "Attempting to start with gRPC payment processor at {}:{}.", - grpc_processor.addr, + grpc_processor.address, grpc_processor.port ); @@ -1205,20 +1205,34 @@ async fn build_mint( keystore: Arc + Send + Sync>, mint_builder: MintBuilder, ) -> Result { - if let Some(signatory_url) = settings.info.signatory_url.clone() { + if let Some(signatory) = settings.enabled_signatory() { + let tls_dir = signatory.tls_dir.clone(); + + if tls_dir.is_none() { + if !signatory.allow_insecure { + bail!( + "gRPC signatory TLS is not configured. Set [signatory].tls_dir or \ + [signatory].allow_insecure = true to connect without TLS" + ); + } + + tracing::warn!( + "No gRPC signatory TLS directory configured; connecting without TLS because \ + allow_insecure is true" + ); + } + tracing::info!( - "Connecting to remote signatory to {} with certs {:?}", - signatory_url, - settings.info.signatory_certs.clone() + "Connecting to remote signatory to {}:{} with TLS directory {:?}", + signatory.address, + signatory.port, + tls_dir.clone() ); Ok(mint_builder .build_with_signatory(Arc::new( - cdk_signatory::SignatoryRpcClient::new( - signatory_url, - settings.info.signatory_certs.clone(), - ) - .await?, + cdk_signatory::SignatoryRpcClient::new(&signatory.address, signatory.port, tls_dir) + .await?, )) .await?) } else if let Some(seed) = settings.info.seed.clone() { @@ -1789,10 +1803,15 @@ mod tests { info: config::Info { seed: Some("raw seed from config".to_string()), mnemonic: Some("mnemonic from config".to_string()), - signatory_url: Some("http://127.0.0.1:50051".to_string()), - signatory_certs: Some("/tmp/certs".to_string()), ..Default::default() }, + signatory: Some(config::Signatory { + enabled: true, + address: "127.0.0.1".to_string(), + port: 15060, + tls_dir: Some("/tmp/certs".into()), + allow_insecure: false, + }), ..Default::default() }; @@ -1801,12 +1820,22 @@ mod tests { assert_eq!(settings.info.seed, None); assert_eq!(settings.info.mnemonic, Some(TEST_MNEMONIC.to_string())); assert_eq!( - settings.info.signatory_url, - Some("http://127.0.0.1:50051".to_string()) + settings + .signatory + .as_ref() + .map(|signatory| signatory.address.clone()), + Some("127.0.0.1".to_string()) + ); + assert_eq!( + settings.signatory.as_ref().map(|signatory| signatory.port), + Some(15060) ); assert_eq!( - settings.info.signatory_certs, - Some("/tmp/certs".to_string()) + settings + .signatory + .as_ref() + .and_then(|signatory| signatory.tls_dir.clone()), + Some("/tmp/certs".into()) ); let _ = fs::remove_file(&seed_file); diff --git a/crates/cdk-mintd/src/setup.rs b/crates/cdk-mintd/src/setup.rs index 1e86777790..c76f0915e3 100644 --- a/crates/cdk-mintd/src/setup.rs +++ b/crates/cdk-mintd/src/setup.rs @@ -338,7 +338,7 @@ impl LnBackendSetup for config::GrpcProcessor { } let payment_processor = - cdk_payment_processor::PaymentProcessorClient::new(&self.addr, self.port, tls_dir) + cdk_payment_processor::PaymentProcessorClient::new(&self.address, self.port, tls_dir) .await?; Ok(payment_processor) diff --git a/crates/cdk-signatory/README.md b/crates/cdk-signatory/README.md new file mode 100644 index 0000000000..d921d8b6c0 --- /dev/null +++ b/crates/cdk-signatory/README.md @@ -0,0 +1,138 @@ +# CDK Signatory + +[![crates.io](https://img.shields.io/crates/v/cdk-signatory.svg)](https://crates.io/crates/cdk-signatory) +[![Documentation](https://docs.rs/cdk-signatory/badge.svg)](https://docs.rs/cdk-signatory) +[![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/cashubtc/cdk/blob/main/LICENSE) + +**ALPHA** This library is in early development, the API will change and should be used with caution. + +Signing utilities and a standalone gRPC signatory service for the Cashu Development Kit (CDK). +The standalone service lets `cdk-mintd` use a remote signing process instead of keeping mint +signing keys in the mint daemon process. + +## Components + +This crate includes: +- A `Signatory` trait for blind signing, proof verification, and keyset rotation +- A database-backed signatory implementation +- A gRPC client and server for remote signing +- The `signatory` binary for running the standalone service + +## Installation + +Add this to your `Cargo.toml`: + +```toml +[dependencies] +cdk-signatory = "*" +``` + +Or build the standalone binary from this workspace: + +```bash +cargo build --release -p cdk-signatory --bin signatory +``` + +## Quick Start + +The standalone binary uses SQLite by default. It stores its database and seed file in the work +directory. If `CDK_MINTD_MNEMONIC` is set, that mnemonic is used as the seed. Otherwise, the +binary reads `/seed` or creates a new mnemonic there on first start. + +The gRPC server expects TLS files in the certs directory. The helper script creates the files +needed by both the signatory server and `cdk-mintd`. + +```bash +mkdir -p ~/.cdk-signatory +bash crates/cdk-signatory/generate_certs.sh ~/.cdk-signatory + +cargo run -p cdk-signatory --bin signatory -- \ + --work-dir ~/.cdk-signatory \ + --certs ~/.cdk-signatory \ + --listen-addr 127.0.0.1 \ + --listen-port 15060 \ + --enable-logging \ + --log-level info +``` + +For a built release binary: + +```bash +./target/release/signatory \ + --work-dir ~/.cdk-signatory \ + --certs ~/.cdk-signatory +``` + +## Options + +Show all CLI options: + +```bash +cargo run -p cdk-signatory --bin signatory -- --help +``` + +Common options: + +| Option | Description | Default | +|--------|-------------|---------| +| `--work-dir` | Directory for the SQLite database and seed file | `~/.cdk-signatory` | +| `--certs` | Directory containing `server.pem`, `server.key`, and `ca.pem` | Same as `--work-dir` | +| `--listen-addr` | gRPC bind address | `127.0.0.1` | +| `--listen-port` | gRPC bind port | `15060` | +| `--units` | Supported unit in `name,input_fee_ppk,max_order` format | `sat,0,32` | +| `--enable-logging` | Enable tracing output | `false` | +| `--log-level` | Log level when logging is enabled | `debug` | + +`--units` can be repeated to support multiple units. `max_order` controls the generated powers-of-two +amounts, from `2^0` through `2^(max_order - 1)`. + +## Configuration for cdk-mintd + +### Config File + +Point `cdk-mintd` at the remote signatory with `[signatory].enabled = true`: + +```toml +[signatory] +enabled = true +address = "127.0.0.1" +port = 15060 +tls_dir = "/home/user/.cdk-signatory" +allow_insecure = false +``` + +`tls_dir` must contain `ca.pem`, `client.pem`, and `client.key` for the `cdk-mintd` gRPC client. +The same directory created by `generate_certs.sh` can be used for both services. + +### Environment Variables + +All `cdk-mintd` signatory configuration can also be set via environment variables: + +| Variable | Description | Required | +|----------|-------------|----------| +| `CDK_MINTD_SIGNATORY_ENABLED` | Enable the remote signatory client | Yes | +| `CDK_MINTD_SIGNATORY_ADDRESS` | Remote signatory address | No | +| `CDK_MINTD_SIGNATORY_PORT` | Remote signatory port | No | +| `CDK_MINTD_SIGNATORY_TLS_DIR` | Directory with client TLS files | Recommended | +| `CDK_MINTD_SIGNATORY_ALLOW_INSECURE` | Allow connecting without TLS | No | + +Example: + +```bash +export CDK_MINTD_SIGNATORY_ENABLED=true +export CDK_MINTD_SIGNATORY_ADDRESS=127.0.0.1 +export CDK_MINTD_SIGNATORY_PORT=15060 +export CDK_MINTD_SIGNATORY_TLS_DIR="$HOME/.cdk-signatory" +cdk-mintd +``` + +## Security Notes + +- Back up the seed file or set a stable `CDK_MINTD_MNEMONIC`; losing the seed loses access to the + mint signing keys. +- Keep `server.key`, `client.key`, and the seed file private. +- Use TLS for remote deployments. `allow_insecure = true` should only be used for local testing. + +## License + +This project is licensed under the [MIT License](../../LICENSE). diff --git a/crates/cdk-signatory/src/proto/client.rs b/crates/cdk-signatory/src/proto/client.rs index 659e07ba0b..730cf71ab5 100644 --- a/crates/cdk-signatory/src/proto/client.rs +++ b/crates/cdk-signatory/src/proto/client.rs @@ -1,4 +1,4 @@ -use std::path::Path; +use std::path::PathBuf; use cdk_common::error::Error; use cdk_common::grpc::{VersionInterceptor, VERSION_SIGNATORY_HEADER}; @@ -39,17 +39,16 @@ pub enum ClientError { impl SignatoryRpcClient { /// Create a new RemoteSigner from a tonic transport channel. - pub async fn new(url: String, tls_dir: Option) -> Result - where - A: AsRef, - { + pub async fn new(addr: &str, port: u16, tls_dir: Option) -> Result { #[cfg(not(target_arch = "wasm32"))] if rustls::crypto::CryptoProvider::get_default().is_none() { let _ = rustls::crypto::ring::default_provider().install_default(); } + let scheme = if tls_dir.is_some() { "https" } else { "http" }; + let url = format!("{scheme}://{addr}:{port}"); + let channel = if let Some(tls_dir) = tls_dir { - let tls_dir = tls_dir.as_ref(); let server_root_ca_cert = std::fs::read_to_string(tls_dir.join("ca.pem"))?; let server_root_ca_cert = Certificate::from_pem(server_root_ca_cert); let client_cert = std::fs::read_to_string(tls_dir.join("client.pem"))?;