tls_manager: Handle partial TLS files

[mohamedawnallah]

Change Description

When there is only one of the tls pairs (key/certificate) and the other is missing, the TLS manager currently assumes it exists and ignore generating them. This results in error propgated to user that the other tls pair file is missing/not found.

lnd/tls_manager.go

Lines 210 to 254 in 85a5bf2

	func (t *TLSManager) generateCertPair(keyRing keychain.SecretKeyRing) error {
	// Ensure we create TLS key and certificate if they don't exist.
	if lnrpc.FileExists(t.cfg.TLSCertPath) ||
	lnrpc.FileExists(t.cfg.TLSKeyPath) {
	// Handle discrepencies related to the TLSEncryptKey setting.
	return t.ensureEncryption(keyRing)
	}
	rpcsLog.Infof("Generating TLS certificates...")
	certBytes, keyBytes, err := cert.GenCertPair(
	"lnd autogenerated cert", t.cfg.TLSExtraIPs,
	t.cfg.TLSExtraDomains, t.cfg.TLSDisableAutofill,
	t.cfg.TLSCertDuration,
	)
	if err != nil {
	return err
	}
	if t.cfg.TLSEncryptKey {
	var b bytes.Buffer
	e, err := lnencrypt.KeyRingEncrypter(keyRing)
	if err != nil {
	return fmt.Errorf("unable to create "+
	"encrypt key %v", err)
	}
	err = e.EncryptPayloadToWriter(
	keyBytes, &b,
	)
	if err != nil {
	return err
	}
	keyBytes = b.Bytes()
	}
	err = cert.WriteCertPair(
	t.cfg.TLSCertPath, t.cfg.TLSKeyPath, certBytes, keyBytes,
	)
	rpcsLog.Infof("Done generating TLS certificates")
	return err
	}

Closes #10392.

Steps to Test

Steps for reviewers to follow to test the change.

Pull Request Checklist

Testing

• Your PR passes all CI checks.
• Tests covering the positive and negative (error paths) are included.
• Bug fixes contain tests triggering the bug to prevent regressions.

Code Style and Documentation

• The change is not insubstantial. Typo fixes are not accepted to fight bot spam.
• The change obeys the Code Documentation and Commenting guidelines, and lines wrap at 80.
• Commits follow the Ideal Git Commit Structure.
• Any new logging statements use an appropriate subsystem and logging level.
• Any new lncli commands have appropriate tags in the comments for the rpc in the proto file.
• There is a change description in the release notes, or [skip ci] in the commit message for small changes.

📝 Please see our Contribution Guidelines for further guidance.

[gemini-code-assist]

Summary of Changes

Hello @mohamedawnallah, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the robustness of the TLS manager by addressing an edge case where the system might not correctly regenerate a TLS certificate and key pair if only one of the two required files (certificate or key) was present. The updated logic ensures that in such 'partial file' scenarios, a new, complete, and valid TLS pair is generated, thereby improving the reliability of TLS setup and preventing potential connection issues.

Highlights

• TLS File Handling Logic: The logic for checking the existence of TLS certificate and key files has been updated. Previously, the system would proceed with existing file handling if either the certificate or key file was present. Now, it only proceeds if both files exist, ensuring that a new pair is generated if only one file is found (a 'partial' state).
• Robust Certificate Regeneration: The change ensures that the generateCertPair function correctly regenerates a complete TLS certificate and key pair when a partial setup is detected, preventing issues that could arise from incomplete TLS file configurations.
• New Test Coverage: A new test case, TestGenerateCertPairWithPartialFiles, has been added to explicitly verify that the generateCertPair function behaves as expected when only the certificate file or only the key file is present on disk.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly addresses an issue where lnd would fail to start if only one of the TLS certificate or key files were present. The logic change in generateCertPair to use && instead of || is the right fix. The addition of TestGenerateCertPairWithPartialFiles is great for ensuring this case is covered and prevents regressions. I've suggested a small refactoring for the new test to improve its structure and maintainability by making it table-driven, which is also a preferred style in this repository.