Add gRPC options on connect wallet

[michaelWuensch]

It would be awesome if the app could add gRPC options to the connect wallet screen.
BitBanana uses gRPC connection to Core Lightning but users cannot get the necessary data from the Umbrel app.

It would have to expose:

• The server certificate
• The client certificate
• The client key

[ShahanaFarooqui]

We can configure the application to either use Commando (current, default) or grpc to connect with CLN.

But currently, the grpc method for bkpr-listaccountevents is missing. I opened an issue on CLN github to add that first.

[michaelWuensch]

Ah, thanks. I wasn't aware of that limitation.
Then the Umbrel app should get a setting to switch between commando & grpc connection as well.

[ShahanaFarooqui]

Oh, I didn’t notice that you were just asking to expose the information on the connect wallet page.

Adding grpc support is in our to do list from past sometime, so I read what I wanted to read :D.

Let me check what can we do for connect wallet page tomorrow.

[michaelWuensch]

Perfect, thanks!

[ShahanaFarooqui]

@michaelWuensch Updated the feature with PR 53.

It would be great if you can test the PR to confirm that your requirements are met before I merge it for the next release.

[michaelWuensch]

Awesome!
I right now have no idea how to setup the test environment for this, but I might look into it tomorrow.
First things I noticed:

• Only one of CA Cert & Server Cert is needed. If I understand it correct, the CA Cert is the one we are looking for (https://docs.corelightning.org/docs/grpc)
• I just tested it, if I deactivate certificate validation in BitBanana I can actually connect with Core Lightning without CA Cert nor Server Cert. Of course this is not what we want from a security perspective as there might be the risk of connecting to a imposter node. (Even though extremely unlikely). But here comes the catch. If grpc (tor) is chosen we don't need the validation and the gRPC URL can be shorter leading to a QR Code easier to scan. So for Tor only include client key & client cert.
• The url starts with "grpc://". Are you following any standard for the variables (clientkey, ...) ? The URL scheme does not imply it has to do with Core Lightning. If other applications do something similar Apps working with these URLs might get conflicts.

[ShahanaFarooqui]

• Only one of CA Cert & Server Cert is needed. If I understand it correct, the CA Cert is the one we are looking for (https://docs.corelightning.org/docs/grpc)

Yes, CA Cert should be the only one required. But the issue specifically mentioned server certificate as requirement, so I decided to add both certs. As server certificate is not required anymore, I will remove it.

• I just tested it, if I deactivate certificate validation in BitBanana I can actually connect with Core Lightning without CA Cert nor Server Cert. Of course this is not what we want from a security perspective as there might be the risk of connecting to a imposter node. (Even though extremely unlikely). But here comes the catch. If grpc (tor) is chosen we don't need the validation and the gRPC URL can be shorter leading to a QR Code easier to scan. So for Tor only include client key & client cert.

Noted, will update for gRPC (Tor).

• The url starts with "grpc://". Are you following any standard for the variables (clientkey, ...) ? The URL scheme does not imply it has to do with Core Lightning. If other applications do something similar Apps working with these URLs might get conflicts.

Good catch, I will update it to cln-grpc.

FYI, below are the current connect urls:

ln-message://user.local:5000?rune=<clnrunevalue>
ln-message://torurl.onion:5000?rune=<clnrunevalue>
c-lightning-rest://http://user.local:3000?macaroon=<macaroonvalue>&protocol=http
c-lightning-rest://http://torurl.onion:3000?macaroon=<macaroonvalue>&protocol=http
grpc://user.local:2000?clientkey=<clientkeyvalue>&clientCert=<clientcertvalue>&caCert=<cacertvalue>&serverCert=<servercertvalue>
grpc://torurl.onion:2000?clientkey=<clientkeyvalue>&clientCert=<clientcertvalue>&caCert=<cacertvalue>&serverCert=<servercertvalue>

Which will be updated to:

cln-grpc://user.local:2000?clientkey=<clientkeyvalue>&clientCert=<clientcertvalue>&caCert=<cacertvalue>
cln-grpc://torurl.onion:2000?clientkey=<clientkeyvalue>&clientCert=<clientcertvalue>

I will wait for your testing update before I will work on these update.

[michaelWuensch]

I tried to get the test setup running, but I failed as I don't have much experienced with docker.
I am running a regtest network using Polar.
But I am having a hard time mapping all those env variables in the env.sh script

I think I found the IP Address of the bitcoin node and the core lightning node container, but how do I get the one for core lightning deamon?

Any help would be appreciated.

[ShahanaFarooqui]

The application can run as standalone also, no need for docker setup.
https://github.com/ElementsProject/cln-application?tab=readme-ov-file#standalone

For environment variable details (updated after your question):
https://github.com/ElementsProject/cln-application?tab=readme-ov-file#environment-variables

Regarding various IP values, if you are running bitcoin, cln, and application on your local computer, then you can provide localhost for all. Otherwise for:
APP_BITCOIN_NODE_IP: provide the IP address of the computer where bitcoin node is running.
APP_CORE_LIGHTNING_IP: provide the IP address of the cln-application's (this application) system.
APP_CORE_LIGHTNING_DAEMON_IP: provide the IP address of the computer where core lightning node is running.
APP_CORE_LIGHTNING_REST_IP: provide the IP address of the computer where c-lightning-REST node is running (optional).

[ShahanaFarooqui]

@michaelWuensch I merged the PR in Release branch with discussed updates.

Please feel free to comment here if you find anything missing whenever your testing is complete.

Closing the issue with PR #53.

[michaelWuensch]

@ShahanaFarooqui
Thanks for the updates.
Sorry, I still didn't get the test setup running.

But I now have implemented the cln-grpc:// url parsing in BitBanana (b8e1b27) and build a preview for you to test with.
You can find the apk here: https://drive.proton.me/urls/ANTQ93JJY4#Dj9r5GB45x5n
Please let me know if it is possible for you to test with that, it is Android only.

Remarks about that build:

• Core Lightning implementation is only half done so far. Don't use this version for anything else than checking if the connection works. If it works, it will display the balance on the home screen.
• To connect you can scan the QR code or you can input all connection data manually. To do it manually go to "Nodes" > "+" > "Manually"
• After a connection data was scanned or added manually, you can always change all details by going to "Nodes", then select the desired one and go to "Change Data"
• The encoding for the certificates and key in the cln-grpc url is expected to be base64url, not base64

[michaelWuensch]

@ShahanaFarooqui
have you been able to test it with the app preview i linked in the last comment?

[ShahanaFarooqui]

@ShahanaFarooqui have you been able to test it with the app preview i linked in the last comment?

No, didn't have enough time.

[michaelWuensch]

@ShahanaFarooqui
BitBanana 0.8.0 was released now with support for Core Lightning.
It is available on Playstore, F-Droid & GitHub.
With that it should be easy to test as long as you have an Android device.

[michaelWuensch]

@ShahanaFarooqui
Hi, I just tested it with a fresh Umbrel installation. (CLN wallet is empty)

I cannot use the new connect grpc feature as ClientKey, ClientCert and CA Cert are all empty. The app version is 0.0.5. CLN version is 24.02.2.
Is there anything I need to do? Or is this a bug?