Builder for creating invoices for offers

Add a builder for creating invoices for an offer from a given request
and required fields. Other settings are optional and duplicative
settings will override previous settings. Building produces a
semantically valid `invoice` message for the offer, which then can be
signed with the key associated with the offer's signing pubkey.

Author: jkczyz

lightning/src/offers/invoice.rs

@@ -10,21 +10,24 @@
 //! Data structures and encoding for `invoice` messages.
 
 use bitcoin::blockdata::constants::ChainHash;
+use bitcoin::hash_types::{WPubkeyHash, WScriptHash};
+use bitcoin::hashes::Hash;
 use bitcoin::network::constants::Network;
-use bitcoin::secp256k1::PublicKey;
+use bitcoin::secp256k1::{Message, PublicKey};
 use bitcoin::secp256k1::schnorr::Signature;
 use bitcoin::util::address::{Address, Payload, WitnessVersion};
+use bitcoin::util::schnorr::TweakedPublicKey;
 use core::convert::TryFrom;
 use core::time::Duration;
 use crate::io;
 use crate::ln::PaymentHash;
 use crate::ln::features::{BlindedHopFeatures, Bolt12InvoiceFeatures};
 use crate::ln::msgs::DecodeError;
-use crate::offers::invoice_request::{InvoiceRequestContents, InvoiceRequestTlvStream};
-use crate::offers::merkle::{SignatureTlvStream, self};
-use crate::offers::offer::OfferTlvStream;
+use crate::offers::invoice_request::{InvoiceRequest, InvoiceRequestContents, InvoiceRequestTlvStream, InvoiceRequestTlvStreamRef};
+use crate::offers::merkle::{SignError, SignatureTlvStream, SignatureTlvStreamRef, self};
+use crate::offers::offer::{OfferTlvStream, OfferTlvStreamRef};
 use crate::offers::parse::{ParseError, ParsedMessage, SemanticError};
-use crate::offers::payer::PayerTlvStream;
+use crate::offers::payer::{PayerTlvStream, PayerTlvStreamRef};
 use crate::offers::refund::RefundContents;
 use crate::onion_message::BlindedPath;
 use crate::util::ser::{HighZeroBytesDroppedBigSize, SeekReadable, WithoutLength, Writeable, Writer};
@@ -38,6 +41,164 @@ const DEFAULT_RELATIVE_EXPIRY: Duration = Duration::from_secs(7200);
 
 const SIGNATURE_TAG: &'static str = concat!("lightning", "invoice", "signature");
 
+/// Builds an [`Invoice`] from either:
+/// - an [`InvoiceRequest`] for the "offer to be paid" flow or
+/// - a [`Refund`] for the "offer for money" flow.
+///
+/// See [module-level documentation] for usage.
+///
+/// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
+/// [`Refund`]: crate::offers::refund::Refund
+/// [module-level documentation]: self
+pub struct InvoiceBuilder<'a> {
+	bytes: &'a Vec<u8>,
+	invoice: InvoiceContents,
+}
+
+impl<'a> InvoiceBuilder<'a> {
+	pub(super) fn for_offer(
+		invoice_request: &'a InvoiceRequest, paths: Vec<BlindedPath>, payinfo: Vec<BlindedPayInfo>,
+		created_at: Duration, payment_hash: PaymentHash
+	) -> Result<Self, SemanticError> {
+		if paths.is_empty() {
+			return Err(SemanticError::MissingPaths);
+		}
+
+		if paths.len() != payinfo.len() {
+			return Err(SemanticError::InvalidPayInfo);
+		}
+
+		Ok(Self {
+			bytes: &invoice_request.bytes,
+			invoice: InvoiceContents::ForOffer {
+				invoice_request: invoice_request.contents.clone(),
+				fields: InvoiceFields {
+					paths, payinfo, created_at, relative_expiry: None, payment_hash,
+					amount_msats: invoice_request.amount_msats(), fallbacks: None,
+					features: Bolt12InvoiceFeatures::empty(), code: None,
+				},
+			},
+		})
+	}
+
+	/// Sets the [`Invoice::relative_expiry`] as seconds since [`Invoice::created_at`]. Any expiry
+	/// that has already passed is valid and can be checked for using [`Invoice::is_expired`].
+	///
+	/// Successive calls to this method will override the previous setting.
+	pub fn relative_expiry(mut self, relative_expiry_secs: u32) -> Self {
+		let relative_expiry = Duration::from_secs(relative_expiry_secs as u64);
+		self.invoice.fields_mut().relative_expiry = Some(relative_expiry);
+		self
+	}
+
+	/// Adds a P2WSH address to [`Invoice::fallbacks`].
+	///
+	/// Successive calls to this method will add another address. Caller is responsible for not
+	/// adding duplicate addresses.
+	pub fn fallback_v0_p2wsh(mut self, script_hash: &WScriptHash) -> Self {
+		let address = FallbackAddress {
+			version: WitnessVersion::V0,
+			program: Vec::from(&script_hash.into_inner()[..]),
+		};
+		self.invoice.fields_mut().fallbacks.get_or_insert_with(Vec::new).push(address);
+		self
+	}
+
+	/// Adds a P2WPKH address to [`Invoice::fallbacks`].
+	///
+	/// Successive calls to this method will add another address. Caller is responsible for not
+	/// adding duplicate addresses.
+	pub fn fallback_v0_p2wpkh(mut self, pubkey_hash: &WPubkeyHash) -> Self {
+		let address = FallbackAddress {
+			version: WitnessVersion::V0,
+			program: Vec::from(&pubkey_hash.into_inner()[..]),
+		};
+		self.invoice.fields_mut().fallbacks.get_or_insert_with(Vec::new).push(address);
+		self
+	}
+
+	/// Adds a P2TR address to [`Invoice::fallbacks`].
+	///
+	/// Successive calls to this method will add another address. Caller is responsible for not
+	/// adding duplicate addresses.
+	pub fn fallback_v1_p2tr_tweaked(mut self, output_key: &TweakedPublicKey) -> Self {
+		let address = FallbackAddress {
+			version: WitnessVersion::V1,
+			program: Vec::from(&output_key.serialize()[..]),
+		};
+		self.invoice.fields_mut().fallbacks.get_or_insert_with(Vec::new).push(address);
+		self
+	}
+
+	/// Sets [`Invoice::features`] to indicate MPP may be used. Otherwise, MPP is disallowed.
+	///
+	/// A subsequent call to [`InvoiceBuilder::mpp_required`] will override this setting.
+	pub fn mpp_optional(mut self) -> Self {
+		self.invoice.fields_mut().features.set_basic_mpp_optional();
+		self
+	}
+
+	/// Sets [`Invoice::features`] to indicate MPP should be used. Otherwise, MPP is disallowed.
+	///
+	/// A subsequent call to [`InvoiceBuilder::mpp_optional`] will override this setting.
+	pub fn mpp_required(mut self) -> Self {
+		self.invoice.fields_mut().features.set_basic_mpp_required();
+		self
+	}
+
+	/// Builds an unsigned [`Invoice`] after checking for valid semantics. It can be signed by
+	/// [`UnsignedInvoice::sign`].
+	pub fn build(self) -> Result<UnsignedInvoice<'a>, SemanticError> {
+		#[cfg(feature = "std")] {
+			if self.invoice.is_offer_or_refund_expired() {
+				return Err(SemanticError::AlreadyExpired);
+			}
+		}
+
+		let InvoiceBuilder { bytes, invoice } = self;
+		Ok(UnsignedInvoice { bytes, invoice })
+	}
+}
+
+/// A semantically valid [`Invoice`] that hasn't been signed.
+pub struct UnsignedInvoice<'a> {
+	bytes: &'a Vec<u8>,
+	invoice: InvoiceContents,
+}
+
+impl<'a> UnsignedInvoice<'a> {
+	/// Signs the invoice using the given function.
+	pub fn sign<F, E>(self, sign: F) -> Result<Invoice, SignError<E>>
+	where
+		F: FnOnce(&Message) -> Result<Signature, E>
+	{
+		// Use the invoice_request bytes instead of the invoice_reqeuest TLV stream as the latter
+		// may have contained unknown TLV records, which are not stored in `InvoiceRequestContents`
+		// or `RefundContents`.
+		let (_, _, _, invoice_tlv_stream) = self.invoice.as_tlv_stream();
+		let invoice_request_bytes = WithoutLength(self.bytes);
+		let unsigned_tlv_stream = (invoice_request_bytes, invoice_tlv_stream);
+
+		let mut bytes = Vec::new();
+		unsigned_tlv_stream.write(&mut bytes).unwrap();
+
+		let pubkey = self.invoice.signing_pubkey();
+		let signature = merkle::sign_message(sign, SIGNATURE_TAG, &bytes, pubkey)?;
+
+		// Append the signature TLV record to the bytes.
+		let signature_tlv_stream = SignatureTlvStreamRef {
+			signature: Some(&signature),
+		};
+		signature_tlv_stream.write(&mut bytes).unwrap();
+
+		Ok(Invoice {
+			bytes,
+			contents: self.invoice,
+			signature: Some(signature),
+		})
+	}
+}
+
 /// An `Invoice` is a payment request, typically corresponding to an [`Offer`] or a [`Refund`].
 ///
 /// An invoice may be sent in response to an [`InvoiceRequest`] in the case of an offer or sent
@@ -199,19 +360,75 @@ impl Invoice {
 }
 
 impl InvoiceContents {
+	/// Whether the original offer or refund has expired.
+	#[cfg(feature = "std")]
+	fn is_offer_or_refund_expired(&self) -> bool {
+		match self {
+			InvoiceContents::ForOffer { invoice_request, .. } => invoice_request.offer.is_expired(),
+			InvoiceContents::ForRefund { refund, .. } => refund.is_expired(),
+		}
+	}
+
 	fn chain(&self) -> ChainHash {
 		match self {
 			InvoiceContents::ForOffer { invoice_request, .. } => invoice_request.chain(),
 			InvoiceContents::ForRefund { refund, .. } => refund.chain(),
 		}
 	}
 
+	fn signing_pubkey(&self) -> PublicKey {
+		match self {
+			InvoiceContents::ForOffer { invoice_request, .. } => {
+				invoice_request.offer.signing_pubkey()
+			},
+			InvoiceContents::ForRefund { .. } => unreachable!(),
+		}
+	}
+
 	fn fields(&self) -> &InvoiceFields {
 		match self {
 			InvoiceContents::ForOffer { fields, .. } => fields,
 			InvoiceContents::ForRefund { fields, .. } => fields,
 		}
 	}
+
+	fn fields_mut(&mut self) -> &mut InvoiceFields {
+		match self {
+			InvoiceContents::ForOffer { fields, .. } => fields,
+			InvoiceContents::ForRefund { fields, .. } => fields,
+		}
+	}
+
+	fn as_tlv_stream(&self) -> PartialInvoiceTlvStreamRef {
+		let (payer, offer, invoice_request) = match self {
+			InvoiceContents::ForOffer { invoice_request, .. } => invoice_request.as_tlv_stream(),
+			InvoiceContents::ForRefund { refund, .. } => refund.as_tlv_stream(),
+		};
+		let invoice = self.fields().as_tlv_stream();
+
+		(payer, offer, invoice_request, invoice)
+	}
+}
+
+impl InvoiceFields {
+	fn as_tlv_stream(&self) -> InvoiceTlvStreamRef {
+		let features = {
+			if self.features == Bolt12InvoiceFeatures::empty() { None }
+			else { Some(&self.features) }
+		};
+
+		InvoiceTlvStreamRef {
+			paths: Some(&self.paths),
+			blindedpay: Some(&self.payinfo),
+			created_at: Some(self.created_at.as_secs()),
+			relative_expiry: self.relative_expiry.map(|duration| duration.as_secs() as u32),
+			payment_hash: Some(&self.payment_hash),
+			amount: Some(self.amount_msats),
+			fallbacks: self.fallbacks.as_ref(),
+			features,
+			code: self.code.as_ref(),
+		}
+	}
 }
 
 impl Writeable for Invoice {
@@ -288,6 +505,13 @@ impl SeekReadable for FullInvoiceTlvStream {
 type PartialInvoiceTlvStream =
 	(PayerTlvStream, OfferTlvStream, InvoiceRequestTlvStream, InvoiceTlvStream);
 
+type PartialInvoiceTlvStreamRef<'a> = (
+	PayerTlvStreamRef<'a>,
+	OfferTlvStreamRef<'a>,
+	InvoiceRequestTlvStreamRef<'a>,
+	InvoiceTlvStreamRef<'a>,
+);
+
 impl TryFrom<ParsedMessage<FullInvoiceTlvStream>> for Invoice {
 	type Error = ParseError;
 

lightning/src/offers/invoice_request.rs

@@ -56,13 +56,17 @@ use bitcoin::network::constants::Network;
 use bitcoin::secp256k1::{Message, PublicKey};
 use bitcoin::secp256k1::schnorr::Signature;
 use core::convert::TryFrom;
+use core::time::Duration;
 use crate::io;
+use crate::ln::PaymentHash;
 use crate::ln::features::InvoiceRequestFeatures;
 use crate::ln::msgs::DecodeError;
+use crate::offers::invoice::{BlindedPayInfo, InvoiceBuilder};
 use crate::offers::merkle::{SignError, SignatureTlvStream, SignatureTlvStreamRef, self};
 use crate::offers::offer::{Offer, OfferContents, OfferTlvStream, OfferTlvStreamRef};
 use crate::offers::parse::{ParseError, ParsedMessage, SemanticError};
 use crate::offers::payer::{PayerContents, PayerTlvStream, PayerTlvStreamRef};
+use crate::onion_message::BlindedPath;
 use crate::util::ser::{HighZeroBytesDroppedBigSize, SeekReadable, WithoutLength, Writeable, Writer};
 use crate::util::string::PrintableString;
 
@@ -249,7 +253,7 @@ impl<'a> UnsignedInvoiceRequest<'a> {
 #[derive(Clone, Debug)]
 pub struct InvoiceRequest {
 	pub(super) bytes: Vec<u8>,
-	contents: InvoiceRequestContents,
+	pub(super) contents: InvoiceRequestContents,
 	signature: Signature,
 }
 
@@ -317,6 +321,29 @@ impl InvoiceRequest {
 		self.signature
 	}
 
+	/// Creates an [`Invoice`] for the request with the given required fields.
+	///
+	/// Unless [`InvoiceBuilder::relative_expiry`] is set, the invoice will expire two hours after
+	/// `created_at`. The caller is expected to remember the preimage of `payment_hash` in order to
+	/// claim a payment for the invoice.
+	///
+	/// The `paths` and `payinfo` parameters are useful for maintaining the payment recipient's
+	/// privacy. They must contain one or more elements and be of equal length.
+	///
+	/// Errors if the request contains unknown required features.
+	///
+	/// [`Invoice`]: crate::offers::invoice::Invoice
+	pub fn respond_with(
+		&self, paths: Vec<BlindedPath>, payinfo: Vec<BlindedPayInfo>, created_at: Duration,
+		payment_hash: PaymentHash
+	) -> Result<InvoiceBuilder, SemanticError> {
+		if self.features().requires_unknown_bits() {
+			return Err(SemanticError::UnknownRequiredFeatures);
+		}
+
+		InvoiceBuilder::for_offer(self, paths, payinfo, created_at, payment_hash)
+	}
+
 	#[cfg(test)]
 	fn as_tlv_stream(&self) -> FullInvoiceRequestTlvStreamRef {
 		let (payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream) =

lightning/src/offers/offer.rs

@@ -321,13 +321,7 @@ impl Offer {
 	/// Whether the offer has expired.
 	#[cfg(feature = "std")]
 	pub fn is_expired(&self) -> bool {
-		match self.absolute_expiry() {
-			Some(seconds_from_epoch) => match SystemTime::UNIX_EPOCH.elapsed() {
-				Ok(elapsed) => elapsed > seconds_from_epoch,
-				Err(_) => false,
-			},
-			None => false,
-		}
+		self.contents.is_expired()
 	}
 
 	/// The issuer of the offer, possibly beginning with `user@domain` or `domain`. Intended to be
@@ -412,6 +406,17 @@ impl OfferContents {
 		self.chains().contains(&chain)
 	}
 
+	#[cfg(feature = "std")]
+	pub(super) fn is_expired(&self) -> bool {
+		match self.absolute_expiry {
+			Some(seconds_from_epoch) => match SystemTime::UNIX_EPOCH.elapsed() {
+				Ok(elapsed) => elapsed > seconds_from_epoch,
+				Err(_) => false,
+			},
+			None => false,
+		}
+	}
+
 	pub fn amount(&self) -> Option<&Amount> {
 		self.amount.as_ref()
 	}