Support macaroons and TLS && Add arkd wallet cmds (#232)

* Update protos

* Update handlers

* Support macaroons and TLS

* Add arkd cli

* Minor fixes

* Update deps

* Fixes

* Update makefile

* Fixes

* Fix

* Fix

* Fix

* Remove trusted onboarding from client

* Completely remove trusted onboarding

* Fix compose files and add --no-macaroon flag to arkd cli

* Lint

* Remove e2e for trusted onboarding

* Add sleep time

server/internal/interface/grpc/config.go

@@ -1,27 +1,25 @@
 package grpcservice
 
 import (
+	"crypto/rand"
 	"crypto/tls"
 	"fmt"
 	"net"
+	"path/filepath"
+
+	"golang.org/x/net/http2"
 )
 
 type Config struct {
-	Port     uint32
-	NoTLS    bool
-	AuthUser string
-	AuthPass string
+	Datadir         string
+	Port            uint32
+	NoTLS           bool
+	NoMacaroons     bool
+	TLSExtraIPs     []string
+	TLSExtraDomains []string
 }
 
 func (c Config) Validate() error {
-	if len(c.AuthUser) == 0 {
-		return fmt.Errorf("missing auth user")
-	}
-
-	if len(c.AuthPass) == 0 {
-		return fmt.Errorf("missing auth password")
-	}
-
 	lis, err := net.Listen("tcp", c.address())
 	if err != nil {
 		return fmt.Errorf("invalid port: %s", err)
@@ -29,7 +27,40 @@ func (c Config) Validate() error {
 	defer lis.Close()
 
 	if !c.NoTLS {
-		return fmt.Errorf("tls termination not supported yet")
+		tlsDir := c.tlsDatadir()
+		tlsKeyExists := pathExists(filepath.Join(tlsDir, tlsKeyFile))
+		tlsCertExists := pathExists(filepath.Join(tlsDir, tlsCertFile))
+		if !tlsKeyExists && tlsCertExists {
+			return fmt.Errorf(
+				"found %s file but %s is missing. Please delete %s to make the "+
+					"daemon recreating both files in path %s",
+				tlsCertFile, tlsKeyFile, tlsCertFile, tlsDir,
+			)
+		}
+
+		if len(c.TLSExtraIPs) > 0 {
+			for _, ip := range c.TLSExtraIPs {
+				if net.ParseIP(ip) == nil {
+					return fmt.Errorf("invalid operator extra ip %s", ip)
+				}
+			}
+		}
+	}
+
+	if !c.NoMacaroons {
+		macDir := c.macaroonsDatadir()
+		adminMacExists := pathExists(filepath.Join(macDir, adminMacaroonFile))
+		roMacExists := pathExists(filepath.Join(macDir, roMacaroonFile))
+		walletMacExists := pathExists(filepath.Join(macDir, walletMacaroonFile))
+		managerMacExists := pathExists(filepath.Join(macDir, managerMacaroonFile))
+
+		if adminMacExists != roMacExists ||
+			adminMacExists != walletMacExists ||
+			adminMacExists != managerMacExists {
+			return fmt.Errorf(
+				"all macaroons must be either existing or not in path %s", macDir,
+			)
+		}
 	}
 	return nil
 }
@@ -46,6 +77,52 @@ func (c Config) gatewayAddress() string {
 	return fmt.Sprintf("localhost:%d", c.Port)
 }
 
-func (c Config) tlsConfig() *tls.Config {
-	return nil
+func (c Config) macaroonsDatadir() string {
+	return filepath.Join(c.Datadir, macaroonsFolder)
+}
+
+func (c Config) tlsDatadir() string {
+	return filepath.Join(c.Datadir, tlsFolder)
+}
+
+func (c Config) tlsKey() string {
+	if c.NoTLS {
+		return ""
+	}
+	return filepath.Join(c.tlsDatadir(), tlsKeyFile)
+}
+
+func (c Config) tlsCert() string {
+	if c.NoTLS {
+		return ""
+	}
+	return filepath.Join(c.tlsDatadir(), tlsCertFile)
+}
+
+func (c Config) tlsConfig() (*tls.Config, error) {
+	if c.NoTLS {
+		return nil, nil
+	}
+
+	if c.tlsKey() == "" || c.tlsCert() == "" {
+		return nil, fmt.Errorf("tls_key and tls_cert both needs to be provided")
+	}
+
+	certificate, err := tls.LoadX509KeyPair(c.tlsCert(), c.tlsKey())
+	if err != nil {
+		return nil, err
+	}
+
+	config := &tls.Config{
+		MinVersion:   tls.VersionTLS12,
+		NextProtos:   []string{"http/1.1", http2.NextProtoTLS, "h2-14"}, // h2-14 is just for compatibility. will be eventually removed.
+		Certificates: []tls.Certificate{certificate},
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		},
+	}
+	config.Rand = rand.Reader
+
+	return config, nil
 }