Replace rcgen with custom X.509 certificate generation

ldk-server/Cargo.toml

@@ -11,13 +11,13 @@ http-body-util = { version = "0.1", default-features = false }
 hyper-util = { version = "0.1", default-features = false, features = ["server-graceful"] }
 tokio = { version = "1.38.0", default-features = false, features = ["time", "signal", "rt-multi-thread"] }
 tokio-rustls = { version = "0.26", default-features = false, features = ["ring"] }
-rcgen = { version = "0.13", default-features = false, features = ["ring"] }
+ring = { version = "0.17", default-features = false }
+getrandom = { version = "0.2", default-features = false }
 prost = { version = "0.11.6", default-features = false, features = ["std"] }
 ldk-server-protos = { path = "../ldk-server-protos" }
 bytes = { version = "1.4.0", default-features = false }
 hex = { package = "hex-conservative", version = "0.2.1", default-features = false }
 rusqlite = { version = "0.31.0", features = ["bundled"] }
-rand = { version = "0.8.5", default-features = false }
 async-trait = { version = "0.1.85", default-features = false }
 toml = { version = "0.8.9", default-features = false, features = ["parse"] }
 chrono = { version = "0.4", default-features = false, features = ["clock"] }

ldk-server/src/io/persist/sqlite_store/mod.rs

@@ -291,9 +291,8 @@ impl PaginatedKVStore for SqliteStore {
 mod tests {
 	use std::panic::RefUnwindSafe;
 
+	use hex::DisplayHex;
 	use ldk_node::lightning::util::persist::KVSTORE_NAMESPACE_KEY_MAX_LEN;
-	use rand::distributions::Alphanumeric;
-	use rand::{thread_rng, Rng};
 
 	use super::*;
 
@@ -312,8 +311,9 @@ mod tests {
 
 	pub(crate) fn random_storage_path() -> PathBuf {
 		let mut temp_path = std::env::temp_dir();
-		let mut rng = thread_rng();
-		let rand_dir: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
+		let mut bytes = [0u8; 8];
+		getrandom::getrandom(&mut bytes).expect("Failed to generate random bytes");
+		let rand_dir = bytes.to_lower_hex_string();
 		temp_path.push(rand_dir);
 		temp_path
 	}

ldk-server/src/main.rs

@@ -31,7 +31,6 @@ use ldk_server_protos::events::{event_envelope, EventEnvelope};
 use ldk_server_protos::types::Payment;
 use log::{debug, error, info};
 use prost::Message;
-use rand::Rng;
 use tokio::net::TcpListener;
 use tokio::select;
 use tokio::signal::unix::SignalKind;
@@ -408,8 +407,8 @@ fn main() {
 							// We don't expose this payment-id to the user, it is a temporary measure to generate
 							// some unique identifiers until we have forwarded-payment-id available in ldk.
 							// Currently, this is the expected user handling behaviour for forwarded payments.
-							let mut forwarded_payment_id = [0u8;32];
-							rand::thread_rng().fill(&mut forwarded_payment_id);
+							let mut forwarded_payment_id = [0u8; 32];
+							getrandom::getrandom(&mut forwarded_payment_id).expect("Failed to generate random bytes");
 
 							let forwarded_payment_creation_time = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time must be > 1970").as_secs() as i64;
 
@@ -546,9 +545,8 @@ fn load_or_generate_api_key(storage_dir: &Path) -> std::io::Result<String> {
 		Ok(key_bytes.to_lower_hex_string())
 	} else {
 		// Generate a 32-byte random API key
-		let mut rng = rand::thread_rng();
 		let mut key_bytes = [0u8; 32];
-		rng.fill(&mut key_bytes);
+		getrandom::getrandom(&mut key_bytes).map_err(std::io::Error::other)?;
 
 		// Write the raw bytes to the file
 		fs::write(&api_key_path, key_bytes)?;