projects / rust-lightning / blob
? search:


fc17ae48da16a641ee53932fdd2c9d32362c15e0
[rust-lightning] / lightning / src / offers / offer.rs
1 // This file is Copyright its original authors, visible in version control
2 // history.
3 //
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
8 // licenses.
9
10 //! Data structures and encoding for `offer` messages.
11 //!
12 //! An [`Offer`] represents an "offer to be paid." It is typically constructed by a merchant and
13 //! published as a QR code to be scanned by a customer. The customer uses the offer to request an
14 //! invoice from the merchant to be paid.
15 //!
16 //! # Example
17 //!
18 //! ```
19 //! extern crate bitcoin;
20 //! extern crate core;
21 //! extern crate lightning;
22 //!
23 //! use core::convert::TryFrom;
24 //! use core::num::NonZeroU64;
25 //! use core::time::Duration;
26 //!
27 //! use bitcoin::secp256k1::{KeyPair, PublicKey, Secp256k1, SecretKey};
28 //! use lightning::offers::offer::{Offer, OfferBuilder, Quantity};
29 //! use lightning::offers::parse::Bolt12ParseError;
30 //! use lightning::util::ser::{Readable, Writeable};
31 //!
32 //! # use lightning::blinded_path::BlindedPath;
33 //! # #[cfg(feature = "std")]
34 //! # use std::time::SystemTime;
35 //! #
36 //! # fn create_blinded_path() -> BlindedPath { unimplemented!() }
37 //! # fn create_another_blinded_path() -> BlindedPath { unimplemented!() }
38 //! #
39 //! # #[cfg(feature = "std")]
40 //! # fn build() -> Result<(), Bolt12ParseError> {
41 //! let secp_ctx = Secp256k1::new();
42 //! let keys = KeyPair::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
43 //! let pubkey = PublicKey::from(keys);
44 //!
45 //! let expiration = SystemTime::now() + Duration::from_secs(24 * 60 * 60);
46 //! let offer = OfferBuilder::new(pubkey)
47 //!     .description("coffee, large".to_string())
48 //!     .amount_msats(20_000)
49 //!     .supported_quantity(Quantity::Unbounded)
50 //!     .absolute_expiry(expiration.duration_since(SystemTime::UNIX_EPOCH).unwrap())
51 //!     .issuer("Foo Bar".to_string())
52 //!     .path(create_blinded_path())
53 //!     .path(create_another_blinded_path())
54 //!     .build()?;
55 //!
56 //! // Encode as a bech32 string for use in a QR code.
57 //! let encoded_offer = offer.to_string();
58 //!
59 //! // Parse from a bech32 string after scanning from a QR code.
60 //! let offer = encoded_offer.parse::<Offer>()?;
61 //!
62 //! // Encode offer as raw bytes.
63 //! let mut bytes = Vec::new();
64 //! offer.write(&mut bytes).unwrap();
65 //!
66 //! // Decode raw bytes into an offer.
67 //! let offer = Offer::try_from(bytes)?;
68 //! # Ok(())
69 //! # }
70 //! ```
71 //!
72 //! # Note
73 //!
74 //! If constructing an [`Offer`] for use with a [`ChannelManager`], use
75 //! [`ChannelManager::create_offer_builder`] instead of [`OfferBuilder::new`].
76 //!
77 //! [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
78 //! [`ChannelManager::create_offer_builder`]: crate::ln::channelmanager::ChannelManager::create_offer_builder
79
80 use bitcoin::blockdata::constants::ChainHash;
81 use bitcoin::network::constants::Network;
82 use bitcoin::secp256k1::{KeyPair, PublicKey, Secp256k1, self};
83 use core::hash::{Hash, Hasher};
84 use core::num::NonZeroU64;
85 use core::ops::Deref;
86 use core::str::FromStr;
87 use core::time::Duration;
88 use crate::sign::EntropySource;
89 use crate::io;
90 use crate::blinded_path::BlindedPath;
91 use crate::ln::channelmanager::PaymentId;
92 use crate::ln::features::OfferFeatures;
93 use crate::ln::inbound_payment::{ExpandedKey, IV_LEN, Nonce};
94 use crate::ln::msgs::{DecodeError, MAX_VALUE_MSAT};
95 use crate::offers::merkle::{TaggedHash, TlvStream};
96 use crate::offers::parse::{Bech32Encode, Bolt12ParseError, Bolt12SemanticError, ParsedMessage};
97 use crate::offers::signer::{Metadata, MetadataMaterial, self};
98 use crate::util::ser::{HighZeroBytesDroppedBigSize, Readable, WithoutLength, Writeable, Writer};
99 use crate::util::string::PrintableString;
100
101 #[cfg(not(c_bindings))]
102 use {
103         crate::offers::invoice_request::{DerivedPayerId, ExplicitPayerId, InvoiceRequestBuilder},
104 };
105 #[cfg(c_bindings)]
106 use {
107         crate::offers::invoice_request::{InvoiceRequestWithDerivedPayerIdBuilder, InvoiceRequestWithExplicitPayerIdBuilder},
108 };
109
110 #[allow(unused_imports)]
111 use crate::prelude::*;
112
113 #[cfg(feature = "std")]
114 use std::time::SystemTime;
115
116 pub(super) const IV_BYTES: &[u8; IV_LEN] = b"LDK Offer ~~~~~~";
117
118 /// An identifier for an [`Offer`] built using [`DerivedMetadata`].
119 #[derive(Clone, Copy, Debug, Eq, PartialEq)]
120 pub struct OfferId(pub [u8; 32]);
121
122 impl OfferId {
123         const ID_TAG: &'static str = "LDK Offer ID";
124
125         fn from_valid_offer_tlv_stream(bytes: &[u8]) -> Self {
126                 let tagged_hash = TaggedHash::from_valid_tlv_stream_bytes(Self::ID_TAG, bytes);
127                 Self(tagged_hash.to_bytes())
128         }
129
130         fn from_valid_invreq_tlv_stream(bytes: &[u8]) -> Self {
131                 let tlv_stream = TlvStream::new(bytes).range(OFFER_TYPES);
132                 let tagged_hash = TaggedHash::from_tlv_stream(Self::ID_TAG, tlv_stream);
133                 Self(tagged_hash.to_bytes())
134         }
135 }
136
137 impl Writeable for OfferId {
138         fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
139                 self.0.write(w)
140         }
141 }
142
143 impl Readable for OfferId {
144         fn read<R: io::Read>(r: &mut R) -> Result<Self, DecodeError> {
145                 Ok(OfferId(Readable::read(r)?))
146         }
147 }
148
149 /// Builds an [`Offer`] for the "offer to be paid" flow.
150 ///
151 /// See [module-level documentation] for usage.
152 ///
153 /// This is not exported to bindings users as builder patterns don't map outside of move semantics.
154 ///
155 /// [module-level documentation]: self
156 pub struct OfferBuilder<'a, M: MetadataStrategy, T: secp256k1::Signing> {
157         offer: OfferContents,
158         metadata_strategy: core::marker::PhantomData<M>,
159         secp_ctx: Option<&'a Secp256k1<T>>,
160 }
161
162 /// Builds an [`Offer`] for the "offer to be paid" flow.
163 ///
164 /// See [module-level documentation] for usage.
165 ///
166 /// [module-level documentation]: self
167 #[cfg(c_bindings)]
168 pub struct OfferWithExplicitMetadataBuilder<'a> {
169         offer: OfferContents,
170         metadata_strategy: core::marker::PhantomData<ExplicitMetadata>,
171         secp_ctx: Option<&'a Secp256k1<secp256k1::All>>,
172 }
173
174 /// Builds an [`Offer`] for the "offer to be paid" flow.
175 ///
176 /// See [module-level documentation] for usage.
177 ///
178 /// [module-level documentation]: self
179 #[cfg(c_bindings)]
180 pub struct OfferWithDerivedMetadataBuilder<'a> {
181         offer: OfferContents,
182         metadata_strategy: core::marker::PhantomData<DerivedMetadata>,
183         secp_ctx: Option<&'a Secp256k1<secp256k1::All>>,
184 }
185
186 /// Indicates how [`Offer::metadata`] may be set.
187 ///
188 /// This is not exported to bindings users as builder patterns don't map outside of move semantics.
189 pub trait MetadataStrategy {}
190
191 /// [`Offer::metadata`] may be explicitly set or left empty.
192 ///
193 /// This is not exported to bindings users as builder patterns don't map outside of move semantics.
194 pub struct ExplicitMetadata {}
195
196 /// [`Offer::metadata`] will be derived.
197 ///
198 /// This is not exported to bindings users as builder patterns don't map outside of move semantics.
199 pub struct DerivedMetadata {}
200
201 impl MetadataStrategy for ExplicitMetadata {}
202
203 impl MetadataStrategy for DerivedMetadata {}
204
205 macro_rules! offer_explicit_metadata_builder_methods { (
206         $self: ident, $self_type: ty, $return_type: ty, $return_value: expr
207 ) => {
208         /// Creates a new builder for an offer using the [`Offer::signing_pubkey`] for signing invoices.
209         /// The associated secret key must be remembered while the offer is valid.
210         ///
211         /// Use a different pubkey per offer to avoid correlating offers.
212         ///
213         /// # Note
214         ///
215         /// If constructing an [`Offer`] for use with a [`ChannelManager`], use
216         /// [`ChannelManager::create_offer_builder`] instead of [`OfferBuilder::new`].
217         ///
218         /// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
219         /// [`ChannelManager::create_offer_builder`]: crate::ln::channelmanager::ChannelManager::create_offer_builder
220         pub fn new(signing_pubkey: PublicKey) -> Self {
221                 Self {
222                         offer: OfferContents {
223                                 chains: None, metadata: None, amount: None, description: None,
224                                 features: OfferFeatures::empty(), absolute_expiry: None, issuer: None, paths: None,
225                                 supported_quantity: Quantity::One, signing_pubkey: Some(signing_pubkey),
226                         },
227                         metadata_strategy: core::marker::PhantomData,
228                         secp_ctx: None,
229                 }
230         }
231
232         /// Sets the [`Offer::metadata`] to the given bytes.
233         ///
234         /// Successive calls to this method will override the previous setting.
235         pub fn metadata(mut $self: $self_type, metadata: Vec<u8>) -> Result<$return_type, Bolt12SemanticError> {
236                 $self.offer.metadata = Some(Metadata::Bytes(metadata));
237                 Ok($return_value)
238         }
239 } }
240
241 macro_rules! offer_derived_metadata_builder_methods { ($secp_context: ty) => {
242         /// Similar to [`OfferBuilder::new`] except, if [`OfferBuilder::path`] is called, the signing
243         /// pubkey is derived from the given [`ExpandedKey`] and [`EntropySource`]. This provides
244         /// recipient privacy by using a different signing pubkey for each offer. Otherwise, the
245         /// provided `node_id` is used for the signing pubkey.
246         ///
247         /// Also, sets the metadata when [`OfferBuilder::build`] is called such that it can be used by
248         /// [`InvoiceRequest::verify`] to determine if the request was produced for the offer given an
249         /// [`ExpandedKey`].
250         ///
251         /// [`InvoiceRequest::verify`]: crate::offers::invoice_request::InvoiceRequest::verify
252         /// [`ExpandedKey`]: crate::ln::inbound_payment::ExpandedKey
253         pub fn deriving_signing_pubkey<ES: Deref>(
254                 node_id: PublicKey, expanded_key: &ExpandedKey, entropy_source: ES,
255                 secp_ctx: &'a Secp256k1<$secp_context>
256         ) -> Self where ES::Target: EntropySource {
257                 let nonce = Nonce::from_entropy_source(entropy_source);
258                 let derivation_material = MetadataMaterial::new(nonce, expanded_key, IV_BYTES, None);
259                 let metadata = Metadata::DerivedSigningPubkey(derivation_material);
260                 Self {
261                         offer: OfferContents {
262                                 chains: None, metadata: Some(metadata), amount: None, description: None,
263                                 features: OfferFeatures::empty(), absolute_expiry: None, issuer: None, paths: None,
264                                 supported_quantity: Quantity::One, signing_pubkey: Some(node_id),
265                         },
266                         metadata_strategy: core::marker::PhantomData,
267                         secp_ctx: Some(secp_ctx),
268                 }
269         }
270 } }
271
272 macro_rules! offer_builder_methods { (
273         $self: ident, $self_type: ty, $return_type: ty, $return_value: expr $(, $self_mut: tt)?
274 ) => {
275         /// Adds the chain hash of the given [`Network`] to [`Offer::chains`]. If not called,
276         /// the chain hash of [`Network::Bitcoin`] is assumed to be the only one supported.
277         ///
278         /// See [`Offer::chains`] on how this relates to the payment currency.
279         ///
280         /// Successive calls to this method will add another chain hash.
281         pub fn chain($self: $self_type, network: Network) -> $return_type {
282                 $self.chain_hash(ChainHash::using_genesis_block(network))
283         }
284
285         /// Adds the [`ChainHash`] to [`Offer::chains`]. If not called, the chain hash of
286         /// [`Network::Bitcoin`] is assumed to be the only one supported.
287         ///
288         /// See [`Offer::chains`] on how this relates to the payment currency.
289         ///
290         /// Successive calls to this method will add another chain hash.
291         pub(crate) fn chain_hash($($self_mut)* $self: $self_type, chain: ChainHash) -> $return_type {
292                 let chains = $self.offer.chains.get_or_insert_with(Vec::new);
293                 if !chains.contains(&chain) {
294                         chains.push(chain);
295                 }
296
297                 $return_value
298         }
299
300         /// Sets the [`Offer::amount`] as an [`Amount::Bitcoin`].
301         ///
302         /// Successive calls to this method will override the previous setting.
303         pub fn amount_msats($self: $self_type, amount_msats: u64) -> $return_type {
304                 $self.amount(Amount::Bitcoin { amount_msats })
305         }
306
307         /// Sets the [`Offer::amount`].
308         ///
309         /// Successive calls to this method will override the previous setting.
310         pub(super) fn amount($($self_mut)* $self: $self_type, amount: Amount) -> $return_type {
311                 $self.offer.amount = Some(amount);
312                 $return_value
313         }
314
315         /// Sets the [`Offer::absolute_expiry`] as seconds since the Unix epoch. Any expiry that has
316         /// already passed is valid and can be checked for using [`Offer::is_expired`].
317         ///
318         /// Successive calls to this method will override the previous setting.
319         pub fn absolute_expiry($($self_mut)* $self: $self_type, absolute_expiry: Duration) -> $return_type {
320                 $self.offer.absolute_expiry = Some(absolute_expiry);
321                 $return_value
322         }
323
324         /// Sets the [`Offer::description`].
325         ///
326         /// Successive calls to this method will override the previous setting.
327         pub fn description($($self_mut)* $self: $self_type, description: String) -> $return_type {
328                 $self.offer.description = Some(description);
329                 $return_value
330         }
331
332         /// Sets the [`Offer::issuer`].
333         ///
334         /// Successive calls to this method will override the previous setting.
335         pub fn issuer($($self_mut)* $self: $self_type, issuer: String) -> $return_type {
336                 $self.offer.issuer = Some(issuer);
337                 $return_value
338         }
339
340         /// Adds a blinded path to [`Offer::paths`]. Must include at least one path if only connected by
341         /// private channels or if [`Offer::signing_pubkey`] is not a public node id.
342         ///
343         /// Successive calls to this method will add another blinded path. Caller is responsible for not
344         /// adding duplicate paths.
345         pub fn path($($self_mut)* $self: $self_type, path: BlindedPath) -> $return_type {
346                 $self.offer.paths.get_or_insert_with(Vec::new).push(path);
347                 $return_value
348         }
349
350         /// Sets the quantity of items for [`Offer::supported_quantity`]. If not called, defaults to
351         /// [`Quantity::One`].
352         ///
353         /// Successive calls to this method will override the previous setting.
354         pub fn supported_quantity($($self_mut)* $self: $self_type, quantity: Quantity) -> $return_type {
355                 $self.offer.supported_quantity = quantity;
356                 $return_value
357         }
358
359         /// Builds an [`Offer`] from the builder's settings.
360         pub fn build($($self_mut)* $self: $self_type) -> Result<Offer, Bolt12SemanticError> {
361                 match $self.offer.amount {
362                         Some(Amount::Bitcoin { amount_msats }) => {
363                                 if amount_msats > MAX_VALUE_MSAT {
364                                         return Err(Bolt12SemanticError::InvalidAmount);
365                                 }
366                         },
367                         Some(Amount::Currency { .. }) => return Err(Bolt12SemanticError::UnsupportedCurrency),
368                         None => {},
369                 }
370
371                 if $self.offer.amount.is_some() && $self.offer.description.is_none() {
372                         $self.offer.description = Some(String::new());
373                 }
374
375                 if let Some(chains) = &$self.offer.chains {
376                         if chains.len() == 1 && chains[0] == $self.offer.implied_chain() {
377                                 $self.offer.chains = None;
378                         }
379                 }
380
381                 Ok($self.build_without_checks())
382         }
383
384         fn build_without_checks($($self_mut)* $self: $self_type) -> Offer {
385                 // Create the metadata for stateless verification of an InvoiceRequest.
386                 if let Some(mut metadata) = $self.offer.metadata.take() {
387                         if metadata.has_derivation_material() {
388                                 if $self.offer.paths.is_none() {
389                                         metadata = metadata.without_keys();
390                                 }
391
392                                 let mut tlv_stream = $self.offer.as_tlv_stream();
393                                 debug_assert_eq!(tlv_stream.metadata, None);
394                                 tlv_stream.metadata = None;
395                                 if metadata.derives_recipient_keys() {
396                                         tlv_stream.node_id = None;
397                                 }
398
399                                 let (derived_metadata, keys) = metadata.derive_from(tlv_stream, $self.secp_ctx);
400                                 metadata = derived_metadata;
401                                 if let Some(keys) = keys {
402                                         $self.offer.signing_pubkey = Some(keys.public_key());
403                                 }
404                         }
405
406                         $self.offer.metadata = Some(metadata);
407                 }
408
409                 let mut bytes = Vec::new();
410                 $self.offer.write(&mut bytes).unwrap();
411
412                 let id = OfferId::from_valid_offer_tlv_stream(&bytes);
413
414                 Offer {
415                         bytes,
416                         #[cfg(not(c_bindings))]
417                         contents: $self.offer,
418                         #[cfg(c_bindings)]
419                         contents: $self.offer.clone(),
420                         id,
421                 }
422         }
423 } }
424
425 #[cfg(test)]
426 macro_rules! offer_builder_test_methods { (
427         $self: ident, $self_type: ty, $return_type: ty, $return_value: expr $(, $self_mut: tt)?
428 ) => {
429         #[cfg_attr(c_bindings, allow(dead_code))]
430         fn features_unchecked($($self_mut)* $self: $self_type, features: OfferFeatures) -> $return_type {
431                 $self.offer.features = features;
432                 $return_value
433         }
434
435         #[cfg_attr(c_bindings, allow(dead_code))]
436         pub(crate) fn clear_chains($($self_mut)* $self: $self_type) -> $return_type {
437                 $self.offer.chains = None;
438                 $return_value
439         }
440
441         #[cfg_attr(c_bindings, allow(dead_code))]
442         pub(crate) fn clear_paths($($self_mut)* $self: $self_type) -> $return_type {
443                 $self.offer.paths = None;
444                 $return_value
445         }
446
447         #[cfg_attr(c_bindings, allow(dead_code))]
448         pub(crate) fn clear_signing_pubkey($($self_mut)* $self: $self_type) -> $return_type {
449                 $self.offer.signing_pubkey = None;
450                 $return_value
451         }
452
453         #[cfg_attr(c_bindings, allow(dead_code))]
454         pub(super) fn build_unchecked($self: $self_type) -> Offer {
455                 $self.build_without_checks()
456         }
457 } }
458
459 impl<'a, M: MetadataStrategy, T: secp256k1::Signing> OfferBuilder<'a, M, T> {
460         offer_builder_methods!(self, Self, Self, self, mut);
461
462         #[cfg(test)]
463         offer_builder_test_methods!(self, Self, Self, self, mut);
464 }
465
466 impl<'a> OfferBuilder<'a, ExplicitMetadata, secp256k1::SignOnly> {
467         offer_explicit_metadata_builder_methods!(self, Self, Self, self);
468 }
469
470 impl<'a, T: secp256k1::Signing> OfferBuilder<'a, DerivedMetadata, T> {
471         offer_derived_metadata_builder_methods!(T);
472 }
473
474 #[cfg(all(c_bindings, not(test)))]
475 impl<'a> OfferWithExplicitMetadataBuilder<'a> {
476         offer_explicit_metadata_builder_methods!(self, &mut Self, (), ());
477         offer_builder_methods!(self, &mut Self, (), ());
478 }
479
480 #[cfg(all(c_bindings, test))]
481 impl<'a> OfferWithExplicitMetadataBuilder<'a> {
482         offer_explicit_metadata_builder_methods!(self, &mut Self, &mut Self, self);
483         offer_builder_methods!(self, &mut Self, &mut Self, self);
484         offer_builder_test_methods!(self, &mut Self, &mut Self, self);
485 }
486
487 #[cfg(all(c_bindings, not(test)))]
488 impl<'a> OfferWithDerivedMetadataBuilder<'a> {
489         offer_derived_metadata_builder_methods!(secp256k1::All);
490         offer_builder_methods!(self, &mut Self, (), ());
491 }
492
493 #[cfg(all(c_bindings, test))]
494 impl<'a> OfferWithDerivedMetadataBuilder<'a> {
495         offer_derived_metadata_builder_methods!(secp256k1::All);
496         offer_builder_methods!(self, &mut Self, &mut Self, self);
497         offer_builder_test_methods!(self, &mut Self, &mut Self, self);
498 }
499
500 #[cfg(c_bindings)]
501 impl<'a> From<OfferBuilder<'a, DerivedMetadata, secp256k1::All>>
502 for OfferWithDerivedMetadataBuilder<'a> {
503         fn from(builder: OfferBuilder<'a, DerivedMetadata, secp256k1::All>) -> Self {
504                 let OfferBuilder { offer, metadata_strategy, secp_ctx } = builder;
505
506                 Self { offer, metadata_strategy, secp_ctx }
507         }
508 }
509
510 #[cfg(c_bindings)]
511 impl<'a> From<OfferWithDerivedMetadataBuilder<'a>>
512 for OfferBuilder<'a, DerivedMetadata, secp256k1::All> {
513         fn from(builder: OfferWithDerivedMetadataBuilder<'a>) -> Self {
514                 let OfferWithDerivedMetadataBuilder { offer, metadata_strategy, secp_ctx } = builder;
515
516                 Self { offer, metadata_strategy, secp_ctx }
517         }
518 }
519
520 /// An `Offer` is a potentially long-lived proposal for payment of a good or service.
521 ///
522 /// An offer is a precursor to an [`InvoiceRequest`]. A merchant publishes an offer from which a
523 /// customer may request an [`Bolt12Invoice`] for a specific quantity and using an amount sufficient
524 /// to cover that quantity (i.e., at least `quantity * amount`). See [`Offer::amount`].
525 ///
526 /// Offers may be denominated in currency other than bitcoin but are ultimately paid using the
527 /// latter.
528 ///
529 /// Through the use of [`BlindedPath`]s, offers provide recipient privacy.
530 ///
531 /// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
532 /// [`Bolt12Invoice`]: crate::offers::invoice::Bolt12Invoice
533 #[derive(Clone, Debug)]
534 pub struct Offer {
535         // The serialized offer. Needed when creating an `InvoiceRequest` if the offer contains unknown
536         // fields.
537         pub(super) bytes: Vec<u8>,
538         pub(super) contents: OfferContents,
539         id: OfferId,
540 }
541
542 /// The contents of an [`Offer`], which may be shared with an [`InvoiceRequest`] or a
543 /// [`Bolt12Invoice`].
544 ///
545 /// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
546 /// [`Bolt12Invoice`]: crate::offers::invoice::Bolt12Invoice
547 #[derive(Clone, Debug)]
548 #[cfg_attr(test, derive(PartialEq))]
549 pub(super) struct OfferContents {
550         chains: Option<Vec<ChainHash>>,
551         metadata: Option<Metadata>,
552         amount: Option<Amount>,
553         description: Option<String>,
554         features: OfferFeatures,
555         absolute_expiry: Option<Duration>,
556         issuer: Option<String>,
557         paths: Option<Vec<BlindedPath>>,
558         supported_quantity: Quantity,
559         signing_pubkey: Option<PublicKey>,
560 }
561
562 macro_rules! offer_accessors { ($self: ident, $contents: expr) => {
563         // TODO: Return a slice once ChainHash has constants.
564         // - https://github.com/rust-bitcoin/rust-bitcoin/pull/1283
565         // - https://github.com/rust-bitcoin/rust-bitcoin/pull/1286
566         /// The chains that may be used when paying a requested invoice (e.g., bitcoin mainnet).
567         /// Payments must be denominated in units of the minimal lightning-payable unit (e.g., msats)
568         /// for the selected chain.
569         pub fn chains(&$self) -> Vec<bitcoin::blockdata::constants::ChainHash> {
570                 $contents.chains()
571         }
572
573         // TODO: Link to corresponding method in `InvoiceRequest`.
574         /// Opaque bytes set by the originator. Useful for authentication and validating fields since it
575         /// is reflected in `invoice_request` messages along with all the other fields from the `offer`.
576         pub fn metadata(&$self) -> Option<&Vec<u8>> {
577                 $contents.metadata()
578         }
579
580         /// The minimum amount required for a successful payment of a single item.
581         pub fn amount(&$self) -> Option<$crate::offers::offer::Amount> {
582                 $contents.amount()
583         }
584
585         /// A complete description of the purpose of the payment. Intended to be displayed to the user
586         /// but with the caveat that it has not been verified in any way.
587         pub fn description(&$self) -> Option<$crate::util::string::PrintableString> {
588                 $contents.description()
589         }
590
591         /// Features pertaining to the offer.
592         pub fn offer_features(&$self) -> &$crate::ln::features::OfferFeatures {
593                 &$contents.features()
594         }
595
596         /// Duration since the Unix epoch when an invoice should no longer be requested.
597         ///
598         /// If `None`, the offer does not expire.
599         pub fn absolute_expiry(&$self) -> Option<core::time::Duration> {
600                 $contents.absolute_expiry()
601         }
602
603         /// The issuer of the offer, possibly beginning with `user@domain` or `domain`. Intended to be
604         /// displayed to the user but with the caveat that it has not been verified in any way.
605         pub fn issuer(&$self) -> Option<$crate::util::string::PrintableString> {
606                 $contents.issuer()
607         }
608
609         /// Paths to the recipient originating from publicly reachable nodes. Blinded paths provide
610         /// recipient privacy by obfuscating its node id.
611         pub fn paths(&$self) -> &[$crate::blinded_path::BlindedPath] {
612                 $contents.paths()
613         }
614
615         /// The quantity of items supported.
616         pub fn supported_quantity(&$self) -> $crate::offers::offer::Quantity {
617                 $contents.supported_quantity()
618         }
619
620         /// The public key used by the recipient to sign invoices.
621         pub fn signing_pubkey(&$self) -> Option<bitcoin::secp256k1::PublicKey> {
622                 $contents.signing_pubkey()
623         }
624 } }
625
626 impl Offer {
627         offer_accessors!(self, self.contents);
628
629         /// Returns the id of the offer.
630         pub fn id(&self) -> OfferId {
631                 self.id
632         }
633
634         pub(super) fn implied_chain(&self) -> ChainHash {
635                 self.contents.implied_chain()
636         }
637
638         /// Returns whether the given chain is supported by the offer.
639         pub fn supports_chain(&self, chain: ChainHash) -> bool {
640                 self.contents.supports_chain(chain)
641         }
642
643         /// Whether the offer has expired.
644         #[cfg(feature = "std")]
645         pub fn is_expired(&self) -> bool {
646                 self.contents.is_expired()
647         }
648
649         /// Whether the offer has expired given the duration since the Unix epoch.
650         pub fn is_expired_no_std(&self, duration_since_epoch: Duration) -> bool {
651                 self.contents.is_expired_no_std(duration_since_epoch)
652         }
653
654         /// Returns whether the given quantity is valid for the offer.
655         pub fn is_valid_quantity(&self, quantity: u64) -> bool {
656                 self.contents.is_valid_quantity(quantity)
657         }
658
659         /// Returns whether a quantity is expected in an [`InvoiceRequest`] for the offer.
660         ///
661         /// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
662         pub fn expects_quantity(&self) -> bool {
663                 self.contents.expects_quantity()
664         }
665 }
666
667 macro_rules! request_invoice_derived_payer_id { ($self: ident, $builder: ty) => {
668         /// Similar to [`Offer::request_invoice`] except it:
669         /// - derives the [`InvoiceRequest::payer_id`] such that a different key can be used for each
670         ///   request,
671         /// - sets [`InvoiceRequest::payer_metadata`] when [`InvoiceRequestBuilder::build`] is called
672         ///   such that it can be used by [`Bolt12Invoice::verify`] to determine if the invoice was
673         ///   requested using a base [`ExpandedKey`] from which the payer id was derived, and
674         /// - includes the [`PaymentId`] encrypted in [`InvoiceRequest::payer_metadata`] so that it can
675         ///   be used when sending the payment for the requested invoice.
676         ///
677         /// Useful to protect the sender's privacy.
678         ///
679         /// [`InvoiceRequest::payer_id`]: crate::offers::invoice_request::InvoiceRequest::payer_id
680         /// [`InvoiceRequest::payer_metadata`]: crate::offers::invoice_request::InvoiceRequest::payer_metadata
681         /// [`Bolt12Invoice::verify`]: crate::offers::invoice::Bolt12Invoice::verify
682         /// [`ExpandedKey`]: crate::ln::inbound_payment::ExpandedKey
683         pub fn request_invoice_deriving_payer_id<
684                 'a, 'b, ES: Deref,
685                 #[cfg(not(c_bindings))]
686                 T: secp256k1::Signing
687         >(
688                 &'a $self, expanded_key: &ExpandedKey, entropy_source: ES,
689                 #[cfg(not(c_bindings))]
690                 secp_ctx: &'b Secp256k1<T>,
691                 #[cfg(c_bindings)]
692                 secp_ctx: &'b Secp256k1<secp256k1::All>,
693                 payment_id: PaymentId
694         ) -> Result<$builder, Bolt12SemanticError>
695         where
696                 ES::Target: EntropySource,
697         {
698                 if $self.offer_features().requires_unknown_bits() {
699                         return Err(Bolt12SemanticError::UnknownRequiredFeatures);
700                 }
701
702                 Ok(<$builder>::deriving_payer_id($self, expanded_key, entropy_source, secp_ctx, payment_id))
703         }
704 } }
705
706 macro_rules! request_invoice_explicit_payer_id { ($self: ident, $builder: ty) => {
707         /// Similar to [`Offer::request_invoice_deriving_payer_id`] except uses `payer_id` for the
708         /// [`InvoiceRequest::payer_id`] instead of deriving a different key for each request.
709         ///
710         /// Useful for recurring payments using the same `payer_id` with different invoices.
711         ///
712         /// [`InvoiceRequest::payer_id`]: crate::offers::invoice_request::InvoiceRequest::payer_id
713         pub fn request_invoice_deriving_metadata<ES: Deref>(
714                 &$self, payer_id: PublicKey, expanded_key: &ExpandedKey, entropy_source: ES,
715                 payment_id: PaymentId
716         ) -> Result<$builder, Bolt12SemanticError>
717         where
718                 ES::Target: EntropySource,
719         {
720                 if $self.offer_features().requires_unknown_bits() {
721                         return Err(Bolt12SemanticError::UnknownRequiredFeatures);
722                 }
723
724                 Ok(<$builder>::deriving_metadata($self, payer_id, expanded_key, entropy_source, payment_id))
725         }
726
727         /// Creates an [`InvoiceRequestBuilder`] for the offer with the given `metadata` and `payer_id`,
728         /// which will be reflected in the `Bolt12Invoice` response.
729         ///
730         /// The `metadata` is useful for including information about the derivation of `payer_id` such
731         /// that invoice response handling can be stateless. Also serves as payer-provided entropy while
732         /// hashing in the signature calculation.
733         ///
734         /// This should not leak any information such as by using a simple BIP-32 derivation path.
735         /// Otherwise, payments may be correlated.
736         ///
737         /// Errors if the offer contains unknown required features.
738         ///
739         /// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
740         pub fn request_invoice(
741                 &$self, metadata: Vec<u8>, payer_id: PublicKey
742         ) -> Result<$builder, Bolt12SemanticError> {
743                 if $self.offer_features().requires_unknown_bits() {
744                         return Err(Bolt12SemanticError::UnknownRequiredFeatures);
745                 }
746
747                 Ok(<$builder>::new($self, metadata, payer_id))
748         }
749 } }
750
751 #[cfg(not(c_bindings))]
752 impl Offer {
753         request_invoice_derived_payer_id!(self, InvoiceRequestBuilder<'a, 'b, DerivedPayerId, T>);
754         request_invoice_explicit_payer_id!(self, InvoiceRequestBuilder<ExplicitPayerId, secp256k1::SignOnly>);
755 }
756
757 #[cfg(c_bindings)]
758 impl Offer {
759         request_invoice_derived_payer_id!(self, InvoiceRequestWithDerivedPayerIdBuilder<'a, 'b>);
760         request_invoice_explicit_payer_id!(self, InvoiceRequestWithExplicitPayerIdBuilder);
761 }
762
763 #[cfg(test)]
764 impl Offer {
765         pub(super) fn as_tlv_stream(&self) -> OfferTlvStreamRef {
766                 self.contents.as_tlv_stream()
767         }
768 }
769
770 impl AsRef<[u8]> for Offer {
771         fn as_ref(&self) -> &[u8] {
772                 &self.bytes
773         }
774 }
775
776 impl PartialEq for Offer {
777         fn eq(&self, other: &Self) -> bool {
778                 self.bytes.eq(&other.bytes)
779         }
780 }
781
782 impl Eq for Offer {}
783
784 impl Hash for Offer {
785         fn hash<H: Hasher>(&self, state: &mut H) {
786                 self.bytes.hash(state);
787         }
788 }
789
790 impl OfferContents {
791         pub fn chains(&self) -> Vec<ChainHash> {
792                 self.chains.as_ref().cloned().unwrap_or_else(|| vec![self.implied_chain()])
793         }
794
795         pub fn implied_chain(&self) -> ChainHash {
796                 ChainHash::using_genesis_block(Network::Bitcoin)
797         }
798
799         pub fn supports_chain(&self, chain: ChainHash) -> bool {
800                 self.chains().contains(&chain)
801         }
802
803         pub fn metadata(&self) -> Option<&Vec<u8>> {
804                 self.metadata.as_ref().and_then(|metadata| metadata.as_bytes())
805         }
806
807         pub fn amount(&self) -> Option<Amount> {
808                 self.amount
809         }
810
811         pub fn description(&self) -> Option<PrintableString> {
812                 self.description.as_ref().map(|description| PrintableString(description))
813         }
814
815         pub fn features(&self) -> &OfferFeatures {
816                 &self.features
817         }
818
819         pub fn absolute_expiry(&self) -> Option<Duration> {
820                 self.absolute_expiry
821         }
822
823         #[cfg(feature = "std")]
824         pub(super) fn is_expired(&self) -> bool {
825                 SystemTime::UNIX_EPOCH
826                         .elapsed()
827                         .map(|duration_since_epoch| self.is_expired_no_std(duration_since_epoch))
828                         .unwrap_or(false)
829         }
830
831         pub(super) fn is_expired_no_std(&self, duration_since_epoch: Duration) -> bool {
832                 self.absolute_expiry
833                         .map(|absolute_expiry| duration_since_epoch > absolute_expiry)
834                         .unwrap_or(false)
835         }
836
837         pub fn issuer(&self) -> Option<PrintableString> {
838                 self.issuer.as_ref().map(|issuer| PrintableString(issuer.as_str()))
839         }
840
841         pub fn paths(&self) -> &[BlindedPath] {
842                 self.paths.as_ref().map(|paths| paths.as_slice()).unwrap_or(&[])
843         }
844
845         pub(super) fn check_amount_msats_for_quantity(
846                 &self, amount_msats: Option<u64>, quantity: Option<u64>
847         ) -> Result<(), Bolt12SemanticError> {
848                 let offer_amount_msats = match self.amount {
849                         None => 0,
850                         Some(Amount::Bitcoin { amount_msats }) => amount_msats,
851                         Some(Amount::Currency { .. }) => return Err(Bolt12SemanticError::UnsupportedCurrency),
852                 };
853
854                 if !self.expects_quantity() || quantity.is_some() {
855                         let expected_amount_msats = offer_amount_msats.checked_mul(quantity.unwrap_or(1))
856                                 .ok_or(Bolt12SemanticError::InvalidAmount)?;
857                         let amount_msats = amount_msats.unwrap_or(expected_amount_msats);
858
859                         if amount_msats < expected_amount_msats {
860                                 return Err(Bolt12SemanticError::InsufficientAmount);
861                         }
862
863                         if amount_msats > MAX_VALUE_MSAT {
864                                 return Err(Bolt12SemanticError::InvalidAmount);
865                         }
866                 }
867
868                 Ok(())
869         }
870
871         pub fn supported_quantity(&self) -> Quantity {
872                 self.supported_quantity
873         }
874
875         pub(super) fn check_quantity(&self, quantity: Option<u64>) -> Result<(), Bolt12SemanticError> {
876                 let expects_quantity = self.expects_quantity();
877                 match quantity {
878                         None if expects_quantity => Err(Bolt12SemanticError::MissingQuantity),
879                         Some(_) if !expects_quantity => Err(Bolt12SemanticError::UnexpectedQuantity),
880                         Some(quantity) if !self.is_valid_quantity(quantity) => {
881                                 Err(Bolt12SemanticError::InvalidQuantity)
882                         },
883                         _ => Ok(()),
884                 }
885         }
886
887         fn is_valid_quantity(&self, quantity: u64) -> bool {
888                 match self.supported_quantity {
889                         Quantity::Bounded(n) => quantity <= n.get(),
890                         Quantity::Unbounded => quantity > 0,
891                         Quantity::One => quantity == 1,
892                 }
893         }
894
895         fn expects_quantity(&self) -> bool {
896                 match self.supported_quantity {
897                         Quantity::Bounded(_) => true,
898                         Quantity::Unbounded => true,
899                         Quantity::One => false,
900                 }
901         }
902
903         pub(super) fn signing_pubkey(&self) -> Option<PublicKey> {
904                 self.signing_pubkey
905         }
906
907         /// Verifies that the offer metadata was produced from the offer in the TLV stream.
908         pub(super) fn verify<T: secp256k1::Signing>(
909                 &self, bytes: &[u8], key: &ExpandedKey, secp_ctx: &Secp256k1<T>
910         ) -> Result<(OfferId, Option<KeyPair>), ()> {
911                 match self.metadata() {
912                         Some(metadata) => {
913                                 let tlv_stream = TlvStream::new(bytes).range(OFFER_TYPES).filter(|record| {
914                                         match record.r#type {
915                                                 OFFER_METADATA_TYPE => false,
916                                                 OFFER_NODE_ID_TYPE => {
917                                                         !self.metadata.as_ref().unwrap().derives_recipient_keys()
918                                                 },
919                                                 _ => true,
920                                         }
921                                 });
922                                 let signing_pubkey = match self.signing_pubkey() {
923                                         Some(signing_pubkey) => signing_pubkey,
924                                         None => return Err(()),
925                                 };
926                                 let keys = signer::verify_recipient_metadata(
927                                         metadata, key, IV_BYTES, signing_pubkey, tlv_stream, secp_ctx
928                                 )?;
929
930                                 let offer_id = OfferId::from_valid_invreq_tlv_stream(bytes);
931
932                                 Ok((offer_id, keys))
933                         },
934                         None => Err(()),
935                 }
936         }
937
938         pub(super) fn as_tlv_stream(&self) -> OfferTlvStreamRef {
939                 let (currency, amount) = match &self.amount {
940                         None => (None, None),
941                         Some(Amount::Bitcoin { amount_msats }) => (None, Some(*amount_msats)),
942                         Some(Amount::Currency { iso4217_code, amount }) => (
943                                 Some(iso4217_code), Some(*amount)
944                         ),
945                 };
946
947                 let features = {
948                         if self.features == OfferFeatures::empty() { None } else { Some(&self.features) }
949                 };
950
951                 OfferTlvStreamRef {
952                         chains: self.chains.as_ref(),
953                         metadata: self.metadata(),
954                         currency,
955                         amount,
956                         description: self.description.as_ref(),
957                         features,
958                         absolute_expiry: self.absolute_expiry.map(|duration| duration.as_secs()),
959                         paths: self.paths.as_ref(),
960                         issuer: self.issuer.as_ref(),
961                         quantity_max: self.supported_quantity.to_tlv_record(),
962                         node_id: self.signing_pubkey.as_ref(),
963                 }
964         }
965 }
966
967 impl Writeable for Offer {
968         fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
969                 WithoutLength(&self.bytes).write(writer)
970         }
971 }
972
973 impl Writeable for OfferContents {
974         fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
975                 self.as_tlv_stream().write(writer)
976         }
977 }
978
979 /// The minimum amount required for an item in an [`Offer`], denominated in either bitcoin or
980 /// another currency.
981 #[derive(Clone, Copy, Debug, PartialEq)]
982 pub enum Amount {
983         /// An amount of bitcoin.
984         Bitcoin {
985                 /// The amount in millisatoshi.
986                 amount_msats: u64,
987         },
988         /// An amount of currency specified using ISO 4712.
989         Currency {
990                 /// The currency that the amount is denominated in.
991                 iso4217_code: CurrencyCode,
992                 /// The amount in the currency unit adjusted by the ISO 4712 exponent (e.g., USD cents).
993                 amount: u64,
994         },
995 }
996
997 /// An ISO 4712 three-letter currency code (e.g., USD).
998 pub type CurrencyCode = [u8; 3];
999
1000 /// Quantity of items supported by an [`Offer`].
1001 #[derive(Clone, Copy, Debug, PartialEq)]
1002 pub enum Quantity {
1003         /// Up to a specific number of items (inclusive). Use when more than one item can be requested
1004         /// but is limited (e.g., because of per customer or inventory limits).
1005         ///
1006         /// May be used with `NonZeroU64::new(1)` but prefer to use [`Quantity::One`] if only one item
1007         /// is supported.
1008         Bounded(NonZeroU64),
1009         /// One or more items. Use when more than one item can be requested without any limit.
1010         Unbounded,
1011         /// Only one item. Use when only a single item can be requested.
1012         One,
1013 }
1014
1015 impl Quantity {
1016         fn to_tlv_record(&self) -> Option<u64> {
1017                 match self {
1018                         Quantity::Bounded(n) => Some(n.get()),
1019                         Quantity::Unbounded => Some(0),
1020                         Quantity::One => None,
1021                 }
1022         }
1023 }
1024
1025 /// Valid type range for offer TLV records.
1026 pub(super) const OFFER_TYPES: core::ops::Range<u64> = 1..80;
1027
1028 /// TLV record type for [`Offer::metadata`].
1029 const OFFER_METADATA_TYPE: u64 = 4;
1030
1031 /// TLV record type for [`Offer::signing_pubkey`].
1032 const OFFER_NODE_ID_TYPE: u64 = 22;
1033
1034 tlv_stream!(OfferTlvStream, OfferTlvStreamRef, OFFER_TYPES, {
1035         (2, chains: (Vec<ChainHash>, WithoutLength)),
1036         (OFFER_METADATA_TYPE, metadata: (Vec<u8>, WithoutLength)),
1037         (6, currency: CurrencyCode),
1038         (8, amount: (u64, HighZeroBytesDroppedBigSize)),
1039         (10, description: (String, WithoutLength)),
1040         (12, features: (OfferFeatures, WithoutLength)),
1041         (14, absolute_expiry: (u64, HighZeroBytesDroppedBigSize)),
1042         (16, paths: (Vec<BlindedPath>, WithoutLength)),
1043         (18, issuer: (String, WithoutLength)),
1044         (20, quantity_max: (u64, HighZeroBytesDroppedBigSize)),
1045         (OFFER_NODE_ID_TYPE, node_id: PublicKey),
1046 });
1047
1048 impl Bech32Encode for Offer {
1049         const BECH32_HRP: &'static str = "lno";
1050 }
1051
1052 impl FromStr for Offer {
1053         type Err = Bolt12ParseError;
1054
1055         fn from_str(s: &str) -> Result<Self, <Self as FromStr>::Err> {
1056                 Self::from_bech32_str(s)
1057         }
1058 }
1059
1060 impl TryFrom<Vec<u8>> for Offer {
1061         type Error = Bolt12ParseError;
1062
1063         fn try_from(bytes: Vec<u8>) -> Result<Self, Self::Error> {
1064                 let offer = ParsedMessage::<OfferTlvStream>::try_from(bytes)?;
1065                 let ParsedMessage { bytes, tlv_stream } = offer;
1066                 let contents = OfferContents::try_from(tlv_stream)?;
1067                 let id = OfferId::from_valid_offer_tlv_stream(&bytes);
1068
1069                 Ok(Offer { bytes, contents, id })
1070         }
1071 }
1072
1073 impl TryFrom<OfferTlvStream> for OfferContents {
1074         type Error = Bolt12SemanticError;
1075
1076         fn try_from(tlv_stream: OfferTlvStream) -> Result<Self, Self::Error> {
1077                 let OfferTlvStream {
1078                         chains, metadata, currency, amount, description, features, absolute_expiry, paths,
1079                         issuer, quantity_max, node_id,
1080                 } = tlv_stream;
1081
1082                 let metadata = metadata.map(|metadata| Metadata::Bytes(metadata));
1083
1084                 let amount = match (currency, amount) {
1085                         (None, None) => None,
1086                         (None, Some(amount_msats)) if amount_msats > MAX_VALUE_MSAT => {
1087                                 return Err(Bolt12SemanticError::InvalidAmount);
1088                         },
1089                         (None, Some(amount_msats)) => Some(Amount::Bitcoin { amount_msats }),
1090                         (Some(_), None) => return Err(Bolt12SemanticError::MissingAmount),
1091                         (Some(iso4217_code), Some(amount)) => Some(Amount::Currency { iso4217_code, amount }),
1092                 };
1093
1094                 if amount.is_some() && description.is_none() {
1095                         return Err(Bolt12SemanticError::MissingDescription);
1096                 }
1097
1098                 let features = features.unwrap_or_else(OfferFeatures::empty);
1099
1100                 let absolute_expiry = absolute_expiry
1101                         .map(|seconds_from_epoch| Duration::from_secs(seconds_from_epoch));
1102
1103                 let supported_quantity = match quantity_max {
1104                         None => Quantity::One,
1105                         Some(0) => Quantity::Unbounded,
1106                         Some(n) => Quantity::Bounded(NonZeroU64::new(n).unwrap()),
1107                 };
1108
1109                 let (signing_pubkey, paths) = match (node_id, paths) {
1110                         (None, None) => return Err(Bolt12SemanticError::MissingSigningPubkey),
1111                         (_, Some(paths)) if paths.is_empty() => return Err(Bolt12SemanticError::MissingPaths),
1112                         (node_id, paths) => (node_id, paths),
1113                 };
1114
1115                 Ok(OfferContents {
1116                         chains, metadata, amount, description, features, absolute_expiry, issuer, paths,
1117                         supported_quantity, signing_pubkey,
1118                 })
1119         }
1120 }
1121
1122 impl core::fmt::Display for Offer {
1123         fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
1124                 self.fmt_bech32_str(f)
1125         }
1126 }
1127
1128 #[cfg(test)]
1129 mod tests {
1130         use super::{Amount, Offer, OfferTlvStreamRef, Quantity};
1131         #[cfg(not(c_bindings))]
1132         use {
1133                 super::OfferBuilder,
1134         };
1135         #[cfg(c_bindings)]
1136         use {
1137                 super::OfferWithExplicitMetadataBuilder as OfferBuilder,
1138         };
1139
1140         use bitcoin::blockdata::constants::ChainHash;
1141         use bitcoin::network::constants::Network;
1142         use bitcoin::secp256k1::Secp256k1;
1143         use core::num::NonZeroU64;
1144         use core::time::Duration;
1145         use crate::blinded_path::{BlindedHop, BlindedPath, IntroductionNode};
1146         use crate::sign::KeyMaterial;
1147         use crate::ln::features::OfferFeatures;
1148         use crate::ln::inbound_payment::ExpandedKey;
1149         use crate::ln::msgs::{DecodeError, MAX_VALUE_MSAT};
1150         use crate::offers::parse::{Bolt12ParseError, Bolt12SemanticError};
1151         use crate::offers::test_utils::*;
1152         use crate::util::ser::{BigSize, Writeable};
1153         use crate::util::string::PrintableString;
1154
1155         #[test]
1156         fn builds_offer_with_defaults() {
1157                 let offer = OfferBuilder::new(pubkey(42)).build().unwrap();
1158
1159                 let mut buffer = Vec::new();
1160                 offer.write(&mut buffer).unwrap();
1161
1162                 assert_eq!(offer.bytes, buffer.as_slice());
1163                 assert_eq!(offer.chains(), vec![ChainHash::using_genesis_block(Network::Bitcoin)]);
1164                 assert!(offer.supports_chain(ChainHash::using_genesis_block(Network::Bitcoin)));
1165                 assert_eq!(offer.metadata(), None);
1166                 assert_eq!(offer.amount(), None);
1167                 assert_eq!(offer.description(), None);
1168                 assert_eq!(offer.offer_features(), &OfferFeatures::empty());
1169                 assert_eq!(offer.absolute_expiry(), None);
1170                 #[cfg(feature = "std")]
1171                 assert!(!offer.is_expired());
1172                 assert_eq!(offer.paths(), &[]);
1173                 assert_eq!(offer.issuer(), None);
1174                 assert_eq!(offer.supported_quantity(), Quantity::One);
1175                 assert_eq!(offer.signing_pubkey(), Some(pubkey(42)));
1176
1177                 assert_eq!(
1178                         offer.as_tlv_stream(),
1179                         OfferTlvStreamRef {
1180                                 chains: None,
1181                                 metadata: None,
1182                                 currency: None,
1183                                 amount: None,
1184                                 description: None,
1185                                 features: None,
1186                                 absolute_expiry: None,
1187                                 paths: None,
1188                                 issuer: None,
1189                                 quantity_max: None,
1190                                 node_id: Some(&pubkey(42)),
1191                         },
1192                 );
1193
1194                 if let Err(e) = Offer::try_from(buffer) {
1195                         panic!("error parsing offer: {:?}", e);
1196                 }
1197         }
1198
1199         #[test]
1200         fn builds_offer_with_chains() {
1201                 let mainnet = ChainHash::using_genesis_block(Network::Bitcoin);
1202                 let testnet = ChainHash::using_genesis_block(Network::Testnet);
1203
1204                 let offer = OfferBuilder::new(pubkey(42))
1205                         .chain(Network::Bitcoin)
1206                         .build()
1207                         .unwrap();
1208                 assert!(offer.supports_chain(mainnet));
1209                 assert_eq!(offer.chains(), vec![mainnet]);
1210                 assert_eq!(offer.as_tlv_stream().chains, None);
1211
1212                 let offer = OfferBuilder::new(pubkey(42))
1213                         .chain(Network::Testnet)
1214                         .build()
1215                         .unwrap();
1216                 assert!(offer.supports_chain(testnet));
1217                 assert_eq!(offer.chains(), vec![testnet]);
1218                 assert_eq!(offer.as_tlv_stream().chains, Some(&vec![testnet]));
1219
1220                 let offer = OfferBuilder::new(pubkey(42))
1221                         .chain(Network::Testnet)
1222                         .chain(Network::Testnet)
1223                         .build()
1224                         .unwrap();
1225                 assert!(offer.supports_chain(testnet));
1226                 assert_eq!(offer.chains(), vec![testnet]);
1227                 assert_eq!(offer.as_tlv_stream().chains, Some(&vec![testnet]));
1228
1229                 let offer = OfferBuilder::new(pubkey(42))
1230                         .chain(Network::Bitcoin)
1231                         .chain(Network::Testnet)
1232                         .build()
1233                         .unwrap();
1234                 assert!(offer.supports_chain(mainnet));
1235                 assert!(offer.supports_chain(testnet));
1236                 assert_eq!(offer.chains(), vec![mainnet, testnet]);
1237                 assert_eq!(offer.as_tlv_stream().chains, Some(&vec![mainnet, testnet]));
1238         }
1239
1240         #[test]
1241         fn builds_offer_with_metadata() {
1242                 let offer = OfferBuilder::new(pubkey(42))
1243                         .metadata(vec![42; 32]).unwrap()
1244                         .build()
1245                         .unwrap();
1246                 assert_eq!(offer.metadata(), Some(&vec![42; 32]));
1247                 assert_eq!(offer.as_tlv_stream().metadata, Some(&vec![42; 32]));
1248
1249                 let offer = OfferBuilder::new(pubkey(42))
1250                         .metadata(vec![42; 32]).unwrap()
1251                         .metadata(vec![43; 32]).unwrap()
1252                         .build()
1253                         .unwrap();
1254                 assert_eq!(offer.metadata(), Some(&vec![43; 32]));
1255                 assert_eq!(offer.as_tlv_stream().metadata, Some(&vec![43; 32]));
1256         }
1257
1258         #[test]
1259         fn builds_offer_with_metadata_derived() {
1260                 let node_id = recipient_pubkey();
1261                 let expanded_key = ExpandedKey::new(&KeyMaterial([42; 32]));
1262                 let entropy = FixedEntropy {};
1263                 let secp_ctx = Secp256k1::new();
1264
1265                 #[cfg(c_bindings)]
1266                 use super::OfferWithDerivedMetadataBuilder as OfferBuilder;
1267                 let offer = OfferBuilder
1268                         ::deriving_signing_pubkey(node_id, &expanded_key, &entropy, &secp_ctx)
1269                         .amount_msats(1000)
1270                         .build().unwrap();
1271                 assert_eq!(offer.signing_pubkey(), Some(node_id));
1272
1273                 let invoice_request = offer.request_invoice(vec![1; 32], payer_pubkey()).unwrap()
1274                         .build().unwrap()
1275                         .sign(payer_sign).unwrap();
1276                 match invoice_request.verify(&expanded_key, &secp_ctx) {
1277                         Ok(invoice_request) => assert_eq!(invoice_request.offer_id, offer.id()),
1278                         Err(_) => panic!("unexpected error"),
1279                 }
1280
1281                 // Fails verification with altered offer field
1282                 let mut tlv_stream = offer.as_tlv_stream();
1283                 tlv_stream.amount = Some(100);
1284
1285                 let mut encoded_offer = Vec::new();
1286                 tlv_stream.write(&mut encoded_offer).unwrap();
1287
1288                 let invoice_request = Offer::try_from(encoded_offer).unwrap()
1289                         .request_invoice(vec![1; 32], payer_pubkey()).unwrap()
1290                         .build().unwrap()
1291                         .sign(payer_sign).unwrap();
1292                 assert!(invoice_request.verify(&expanded_key, &secp_ctx).is_err());
1293
1294                 // Fails verification with altered metadata
1295                 let mut tlv_stream = offer.as_tlv_stream();
1296                 let metadata = tlv_stream.metadata.unwrap().iter().copied().rev().collect();
1297                 tlv_stream.metadata = Some(&metadata);
1298
1299                 let mut encoded_offer = Vec::new();
1300                 tlv_stream.write(&mut encoded_offer).unwrap();
1301
1302                 let invoice_request = Offer::try_from(encoded_offer).unwrap()
1303                         .request_invoice(vec![1; 32], payer_pubkey()).unwrap()
1304                         .build().unwrap()
1305                         .sign(payer_sign).unwrap();
1306                 assert!(invoice_request.verify(&expanded_key, &secp_ctx).is_err());
1307         }
1308
1309         #[test]
1310         fn builds_offer_with_derived_signing_pubkey() {
1311                 let node_id = recipient_pubkey();
1312                 let expanded_key = ExpandedKey::new(&KeyMaterial([42; 32]));
1313                 let entropy = FixedEntropy {};
1314                 let secp_ctx = Secp256k1::new();
1315
1316                 let blinded_path = BlindedPath {
1317                         introduction_node: IntroductionNode::NodeId(pubkey(40)),
1318                         blinding_point: pubkey(41),
1319                         blinded_hops: vec![
1320                                 BlindedHop { blinded_node_id: pubkey(42), encrypted_payload: vec![0; 43] },
1321                                 BlindedHop { blinded_node_id: node_id, encrypted_payload: vec![0; 44] },
1322                         ],
1323                 };
1324
1325                 #[cfg(c_bindings)]
1326                 use super::OfferWithDerivedMetadataBuilder as OfferBuilder;
1327                 let offer = OfferBuilder
1328                         ::deriving_signing_pubkey(node_id, &expanded_key, &entropy, &secp_ctx)
1329                         .amount_msats(1000)
1330                         .path(blinded_path)
1331                         .build().unwrap();
1332                 assert_ne!(offer.signing_pubkey(), Some(node_id));
1333
1334                 let invoice_request = offer.request_invoice(vec![1; 32], payer_pubkey()).unwrap()
1335                         .build().unwrap()
1336                         .sign(payer_sign).unwrap();
1337                 match invoice_request.verify(&expanded_key, &secp_ctx) {
1338                         Ok(invoice_request) => assert_eq!(invoice_request.offer_id, offer.id()),
1339                         Err(_) => panic!("unexpected error"),
1340                 }
1341
1342                 // Fails verification with altered offer field
1343                 let mut tlv_stream = offer.as_tlv_stream();
1344                 tlv_stream.amount = Some(100);
1345
1346                 let mut encoded_offer = Vec::new();
1347                 tlv_stream.write(&mut encoded_offer).unwrap();
1348
1349                 let invoice_request = Offer::try_from(encoded_offer).unwrap()
1350                         .request_invoice(vec![1; 32], payer_pubkey()).unwrap()
1351                         .build().unwrap()
1352                         .sign(payer_sign).unwrap();
1353                 assert!(invoice_request.verify(&expanded_key, &secp_ctx).is_err());
1354
1355                 // Fails verification with altered signing pubkey
1356                 let mut tlv_stream = offer.as_tlv_stream();
1357                 let signing_pubkey = pubkey(1);
1358                 tlv_stream.node_id = Some(&signing_pubkey);
1359
1360                 let mut encoded_offer = Vec::new();
1361                 tlv_stream.write(&mut encoded_offer).unwrap();
1362
1363                 let invoice_request = Offer::try_from(encoded_offer).unwrap()
1364                         .request_invoice(vec![1; 32], payer_pubkey()).unwrap()
1365                         .build().unwrap()
1366                         .sign(payer_sign).unwrap();
1367                 assert!(invoice_request.verify(&expanded_key, &secp_ctx).is_err());
1368         }
1369
1370         #[test]
1371         fn builds_offer_with_amount() {
1372                 let bitcoin_amount = Amount::Bitcoin { amount_msats: 1000 };
1373                 let currency_amount = Amount::Currency { iso4217_code: *b"USD", amount: 10 };
1374
1375                 let offer = OfferBuilder::new(pubkey(42))
1376                         .amount_msats(1000)
1377                         .build()
1378                         .unwrap();
1379                 let tlv_stream = offer.as_tlv_stream();
1380                 assert_eq!(offer.amount(), Some(bitcoin_amount));
1381                 assert_eq!(tlv_stream.amount, Some(1000));
1382                 assert_eq!(tlv_stream.currency, None);
1383
1384                 #[cfg(not(c_bindings))]
1385                 let builder = OfferBuilder::new(pubkey(42))
1386                         .amount(currency_amount.clone());
1387                 #[cfg(c_bindings)]
1388                 let mut builder = OfferBuilder::new(pubkey(42));
1389                 #[cfg(c_bindings)]
1390                 builder.amount(currency_amount.clone());
1391                 let tlv_stream = builder.offer.as_tlv_stream();
1392                 assert_eq!(builder.offer.amount, Some(currency_amount.clone()));
1393                 assert_eq!(tlv_stream.amount, Some(10));
1394                 assert_eq!(tlv_stream.currency, Some(b"USD"));
1395                 match builder.build() {
1396                         Ok(_) => panic!("expected error"),
1397                         Err(e) => assert_eq!(e, Bolt12SemanticError::UnsupportedCurrency),
1398                 }
1399
1400                 let offer = OfferBuilder::new(pubkey(42))
1401                         .amount(currency_amount.clone())
1402                         .amount(bitcoin_amount.clone())
1403                         .build()
1404                         .unwrap();
1405                 let tlv_stream = offer.as_tlv_stream();
1406                 assert_eq!(tlv_stream.amount, Some(1000));
1407                 assert_eq!(tlv_stream.currency, None);
1408
1409                 let invalid_amount = Amount::Bitcoin { amount_msats: MAX_VALUE_MSAT + 1 };
1410                 match OfferBuilder::new(pubkey(42)).amount(invalid_amount).build() {
1411                         Ok(_) => panic!("expected error"),
1412                         Err(e) => assert_eq!(e, Bolt12SemanticError::InvalidAmount),
1413                 }
1414         }
1415
1416         #[test]
1417         fn builds_offer_with_description() {
1418                 let offer = OfferBuilder::new(pubkey(42))
1419                         .description("foo".into())
1420                         .build()
1421                         .unwrap();
1422                 assert_eq!(offer.description(), Some(PrintableString("foo")));
1423                 assert_eq!(offer.as_tlv_stream().description, Some(&String::from("foo")));
1424
1425                 let offer = OfferBuilder::new(pubkey(42))
1426                         .description("foo".into())
1427                         .description("bar".into())
1428                         .build()
1429                         .unwrap();
1430                 assert_eq!(offer.description(), Some(PrintableString("bar")));
1431                 assert_eq!(offer.as_tlv_stream().description, Some(&String::from("bar")));
1432
1433                 let offer = OfferBuilder::new(pubkey(42))
1434                         .amount_msats(1000)
1435                         .build()
1436                         .unwrap();
1437                 assert_eq!(offer.description(), Some(PrintableString("")));
1438                 assert_eq!(offer.as_tlv_stream().description, Some(&String::from("")));
1439         }
1440
1441         #[test]
1442         fn builds_offer_with_features() {
1443                 let offer = OfferBuilder::new(pubkey(42))
1444                         .features_unchecked(OfferFeatures::unknown())
1445                         .build()
1446                         .unwrap();
1447                 assert_eq!(offer.offer_features(), &OfferFeatures::unknown());
1448                 assert_eq!(offer.as_tlv_stream().features, Some(&OfferFeatures::unknown()));
1449
1450                 let offer = OfferBuilder::new(pubkey(42))
1451                         .features_unchecked(OfferFeatures::unknown())
1452                         .features_unchecked(OfferFeatures::empty())
1453                         .build()
1454                         .unwrap();
1455                 assert_eq!(offer.offer_features(), &OfferFeatures::empty());
1456                 assert_eq!(offer.as_tlv_stream().features, None);
1457         }
1458
1459         #[test]
1460         fn builds_offer_with_absolute_expiry() {
1461                 let future_expiry = Duration::from_secs(u64::max_value());
1462                 let past_expiry = Duration::from_secs(0);
1463                 let now = future_expiry - Duration::from_secs(1_000);
1464
1465                 let offer = OfferBuilder::new(pubkey(42))
1466                         .absolute_expiry(future_expiry)
1467                         .build()
1468                         .unwrap();
1469                 #[cfg(feature = "std")]
1470                 assert!(!offer.is_expired());
1471                 assert!(!offer.is_expired_no_std(now));
1472                 assert_eq!(offer.absolute_expiry(), Some(future_expiry));
1473                 assert_eq!(offer.as_tlv_stream().absolute_expiry, Some(future_expiry.as_secs()));
1474
1475                 let offer = OfferBuilder::new(pubkey(42))
1476                         .absolute_expiry(future_expiry)
1477                         .absolute_expiry(past_expiry)
1478                         .build()
1479                         .unwrap();
1480                 #[cfg(feature = "std")]
1481                 assert!(offer.is_expired());
1482                 assert!(offer.is_expired_no_std(now));
1483                 assert_eq!(offer.absolute_expiry(), Some(past_expiry));
1484                 assert_eq!(offer.as_tlv_stream().absolute_expiry, Some(past_expiry.as_secs()));
1485         }
1486
1487         #[test]
1488         fn builds_offer_with_paths() {
1489                 let paths = vec![
1490                         BlindedPath {
1491                                 introduction_node: IntroductionNode::NodeId(pubkey(40)),
1492                                 blinding_point: pubkey(41),
1493                                 blinded_hops: vec![
1494                                         BlindedHop { blinded_node_id: pubkey(43), encrypted_payload: vec![0; 43] },
1495                                         BlindedHop { blinded_node_id: pubkey(44), encrypted_payload: vec![0; 44] },
1496                                 ],
1497                         },
1498                         BlindedPath {
1499                                 introduction_node: IntroductionNode::NodeId(pubkey(40)),
1500                                 blinding_point: pubkey(41),
1501                                 blinded_hops: vec![
1502                                         BlindedHop { blinded_node_id: pubkey(45), encrypted_payload: vec![0; 45] },
1503                                         BlindedHop { blinded_node_id: pubkey(46), encrypted_payload: vec![0; 46] },
1504                                 ],
1505                         },
1506                 ];
1507
1508                 let offer = OfferBuilder::new(pubkey(42))
1509                         .path(paths[0].clone())
1510                         .path(paths[1].clone())
1511                         .build()
1512                         .unwrap();
1513                 let tlv_stream = offer.as_tlv_stream();
1514                 assert_eq!(offer.paths(), paths.as_slice());
1515                 assert_eq!(offer.signing_pubkey(), Some(pubkey(42)));
1516                 assert_ne!(pubkey(42), pubkey(44));
1517                 assert_eq!(tlv_stream.paths, Some(&paths));
1518                 assert_eq!(tlv_stream.node_id, Some(&pubkey(42)));
1519         }
1520
1521         #[test]
1522         fn builds_offer_with_issuer() {
1523                 let offer = OfferBuilder::new(pubkey(42))
1524                         .issuer("foo".into())
1525                         .build()
1526                         .unwrap();
1527                 assert_eq!(offer.issuer(), Some(PrintableString("foo")));
1528                 assert_eq!(offer.as_tlv_stream().issuer, Some(&String::from("foo")));
1529
1530                 let offer = OfferBuilder::new(pubkey(42))
1531                         .issuer("foo".into())
1532                         .issuer("bar".into())
1533                         .build()
1534                         .unwrap();
1535                 assert_eq!(offer.issuer(), Some(PrintableString("bar")));
1536                 assert_eq!(offer.as_tlv_stream().issuer, Some(&String::from("bar")));
1537         }
1538
1539         #[test]
1540         fn builds_offer_with_supported_quantity() {
1541                 let one = NonZeroU64::new(1).unwrap();
1542                 let ten = NonZeroU64::new(10).unwrap();
1543
1544                 let offer = OfferBuilder::new(pubkey(42))
1545                         .supported_quantity(Quantity::One)
1546                         .build()
1547                         .unwrap();
1548                 let tlv_stream = offer.as_tlv_stream();
1549                 assert_eq!(offer.supported_quantity(), Quantity::One);
1550                 assert_eq!(tlv_stream.quantity_max, None);
1551
1552                 let offer = OfferBuilder::new(pubkey(42))
1553                         .supported_quantity(Quantity::Unbounded)
1554                         .build()
1555                         .unwrap();
1556                 let tlv_stream = offer.as_tlv_stream();
1557                 assert_eq!(offer.supported_quantity(), Quantity::Unbounded);
1558                 assert_eq!(tlv_stream.quantity_max, Some(0));
1559
1560                 let offer = OfferBuilder::new(pubkey(42))
1561                         .supported_quantity(Quantity::Bounded(ten))
1562                         .build()
1563                         .unwrap();
1564                 let tlv_stream = offer.as_tlv_stream();
1565                 assert_eq!(offer.supported_quantity(), Quantity::Bounded(ten));
1566                 assert_eq!(tlv_stream.quantity_max, Some(10));
1567
1568                 let offer = OfferBuilder::new(pubkey(42))
1569                         .supported_quantity(Quantity::Bounded(one))
1570                         .build()
1571                         .unwrap();
1572                 let tlv_stream = offer.as_tlv_stream();
1573                 assert_eq!(offer.supported_quantity(), Quantity::Bounded(one));
1574                 assert_eq!(tlv_stream.quantity_max, Some(1));
1575
1576                 let offer = OfferBuilder::new(pubkey(42))
1577                         .supported_quantity(Quantity::Bounded(ten))
1578                         .supported_quantity(Quantity::One)
1579                         .build()
1580                         .unwrap();
1581                 let tlv_stream = offer.as_tlv_stream();
1582                 assert_eq!(offer.supported_quantity(), Quantity::One);
1583                 assert_eq!(tlv_stream.quantity_max, None);
1584         }
1585
1586         #[test]
1587         fn fails_requesting_invoice_with_unknown_required_features() {
1588                 match OfferBuilder::new(pubkey(42))
1589                         .features_unchecked(OfferFeatures::unknown())
1590                         .build().unwrap()
1591                         .request_invoice(vec![1; 32], pubkey(43))
1592                 {
1593                         Ok(_) => panic!("expected error"),
1594                         Err(e) => assert_eq!(e, Bolt12SemanticError::UnknownRequiredFeatures),
1595                 }
1596         }
1597
1598         #[test]
1599         fn parses_offer_with_chains() {
1600                 let offer = OfferBuilder::new(pubkey(42))
1601                         .chain(Network::Bitcoin)
1602                         .chain(Network::Testnet)
1603                         .build()
1604                         .unwrap();
1605                 if let Err(e) = offer.to_string().parse::<Offer>() {
1606                         panic!("error parsing offer: {:?}", e);
1607                 }
1608         }
1609
1610         #[test]
1611         fn parses_offer_with_amount() {
1612                 let offer = OfferBuilder::new(pubkey(42))
1613                         .amount(Amount::Bitcoin { amount_msats: 1000 })
1614                         .build()
1615                         .unwrap();
1616                 if let Err(e) = offer.to_string().parse::<Offer>() {
1617                         panic!("error parsing offer: {:?}", e);
1618                 }
1619
1620                 let mut tlv_stream = offer.as_tlv_stream();
1621                 tlv_stream.amount = Some(1000);
1622                 tlv_stream.currency = Some(b"USD");
1623
1624                 let mut encoded_offer = Vec::new();
1625                 tlv_stream.write(&mut encoded_offer).unwrap();
1626
1627                 if let Err(e) = Offer::try_from(encoded_offer) {
1628                         panic!("error parsing offer: {:?}", e);
1629                 }
1630
1631                 let mut tlv_stream = offer.as_tlv_stream();
1632                 tlv_stream.amount = None;
1633                 tlv_stream.currency = Some(b"USD");
1634
1635                 let mut encoded_offer = Vec::new();
1636                 tlv_stream.write(&mut encoded_offer).unwrap();
1637
1638                 match Offer::try_from(encoded_offer) {
1639                         Ok(_) => panic!("expected error"),
1640                         Err(e) => assert_eq!(e, Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingAmount)),
1641                 }
1642
1643                 let mut tlv_stream = offer.as_tlv_stream();
1644                 tlv_stream.amount = Some(MAX_VALUE_MSAT + 1);
1645                 tlv_stream.currency = None;
1646
1647                 let mut encoded_offer = Vec::new();
1648                 tlv_stream.write(&mut encoded_offer).unwrap();
1649
1650                 match Offer::try_from(encoded_offer) {
1651                         Ok(_) => panic!("expected error"),
1652                         Err(e) => assert_eq!(e, Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::InvalidAmount)),
1653                 }
1654         }
1655
1656         #[test]
1657         fn parses_offer_with_description() {
1658                 let offer = OfferBuilder::new(pubkey(42)).build().unwrap();
1659                 if let Err(e) = offer.to_string().parse::<Offer>() {
1660                         panic!("error parsing offer: {:?}", e);
1661                 }
1662
1663                 let offer = OfferBuilder::new(pubkey(42))
1664                         .description("foo".to_string())
1665                         .amount_msats(1000)
1666                         .build().unwrap();
1667                 if let Err(e) = offer.to_string().parse::<Offer>() {
1668                         panic!("error parsing offer: {:?}", e);
1669                 }
1670
1671                 let mut tlv_stream = offer.as_tlv_stream();
1672                 tlv_stream.description = None;
1673
1674                 let mut encoded_offer = Vec::new();
1675                 tlv_stream.write(&mut encoded_offer).unwrap();
1676
1677                 match Offer::try_from(encoded_offer) {
1678                         Ok(_) => panic!("expected error"),
1679                         Err(e) => {
1680                                 assert_eq!(e, Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingDescription));
1681                         },
1682                 }
1683         }
1684
1685         #[test]
1686         fn parses_offer_with_paths() {
1687                 let offer = OfferBuilder::new(pubkey(42))
1688                         .path(BlindedPath {
1689                                 introduction_node: IntroductionNode::NodeId(pubkey(40)),
1690                                 blinding_point: pubkey(41),
1691                                 blinded_hops: vec![
1692                                         BlindedHop { blinded_node_id: pubkey(43), encrypted_payload: vec![0; 43] },
1693                                         BlindedHop { blinded_node_id: pubkey(44), encrypted_payload: vec![0; 44] },
1694                                 ],
1695                         })
1696                         .path(BlindedPath {
1697                                 introduction_node: IntroductionNode::NodeId(pubkey(40)),
1698                                 blinding_point: pubkey(41),
1699                                 blinded_hops: vec![
1700                                         BlindedHop { blinded_node_id: pubkey(45), encrypted_payload: vec![0; 45] },
1701                                         BlindedHop { blinded_node_id: pubkey(46), encrypted_payload: vec![0; 46] },
1702                                 ],
1703                         })
1704                         .build()
1705                         .unwrap();
1706                 if let Err(e) = offer.to_string().parse::<Offer>() {
1707                         panic!("error parsing offer: {:?}", e);
1708                 }
1709
1710                 let offer = OfferBuilder::new(pubkey(42))
1711                         .path(BlindedPath {
1712                                 introduction_node: IntroductionNode::NodeId(pubkey(40)),
1713                                 blinding_point: pubkey(41),
1714                                 blinded_hops: vec![
1715                                         BlindedHop { blinded_node_id: pubkey(43), encrypted_payload: vec![0; 43] },
1716                                         BlindedHop { blinded_node_id: pubkey(44), encrypted_payload: vec![0; 44] },
1717                                 ],
1718                         })
1719                         .clear_signing_pubkey()
1720                         .build()
1721                         .unwrap();
1722                 if let Err(e) = offer.to_string().parse::<Offer>() {
1723                         panic!("error parsing offer: {:?}", e);
1724                 }
1725
1726                 let mut builder = OfferBuilder::new(pubkey(42));
1727                 builder.offer.paths = Some(vec![]);
1728
1729                 let offer = builder.build().unwrap();
1730                 match offer.to_string().parse::<Offer>() {
1731                         Ok(_) => panic!("expected error"),
1732                         Err(e) => {
1733                                 assert_eq!(e, Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingPaths));
1734                         },
1735                 }
1736         }
1737
1738         #[test]
1739         fn parses_offer_with_quantity() {
1740                 let offer = OfferBuilder::new(pubkey(42))
1741                         .supported_quantity(Quantity::One)
1742                         .build()
1743                         .unwrap();
1744                 if let Err(e) = offer.to_string().parse::<Offer>() {
1745                         panic!("error parsing offer: {:?}", e);
1746                 }
1747
1748                 let offer = OfferBuilder::new(pubkey(42))
1749                         .supported_quantity(Quantity::Unbounded)
1750                         .build()
1751                         .unwrap();
1752                 if let Err(e) = offer.to_string().parse::<Offer>() {
1753                         panic!("error parsing offer: {:?}", e);
1754                 }
1755
1756                 let offer = OfferBuilder::new(pubkey(42))
1757                         .supported_quantity(Quantity::Bounded(NonZeroU64::new(10).unwrap()))
1758                         .build()
1759                         .unwrap();
1760                 if let Err(e) = offer.to_string().parse::<Offer>() {
1761                         panic!("error parsing offer: {:?}", e);
1762                 }
1763
1764                 let offer = OfferBuilder::new(pubkey(42))
1765                         .supported_quantity(Quantity::Bounded(NonZeroU64::new(1).unwrap()))
1766                         .build()
1767                         .unwrap();
1768                 if let Err(e) = offer.to_string().parse::<Offer>() {
1769                         panic!("error parsing offer: {:?}", e);
1770                 }
1771         }
1772
1773         #[test]
1774         fn parses_offer_with_node_id() {
1775                 let offer = OfferBuilder::new(pubkey(42)).build().unwrap();
1776                 if let Err(e) = offer.to_string().parse::<Offer>() {
1777                         panic!("error parsing offer: {:?}", e);
1778                 }
1779
1780                 let mut tlv_stream = offer.as_tlv_stream();
1781                 tlv_stream.node_id = None;
1782
1783                 let mut encoded_offer = Vec::new();
1784                 tlv_stream.write(&mut encoded_offer).unwrap();
1785
1786                 match Offer::try_from(encoded_offer) {
1787                         Ok(_) => panic!("expected error"),
1788                         Err(e) => {
1789                                 assert_eq!(e, Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingSigningPubkey));
1790                         },
1791                 }
1792         }
1793
1794         #[test]
1795         fn fails_parsing_offer_with_extra_tlv_records() {
1796                 let offer = OfferBuilder::new(pubkey(42)).build().unwrap();
1797
1798                 let mut encoded_offer = Vec::new();
1799                 offer.write(&mut encoded_offer).unwrap();
1800                 BigSize(80).write(&mut encoded_offer).unwrap();
1801                 BigSize(32).write(&mut encoded_offer).unwrap();
1802                 [42u8; 32].write(&mut encoded_offer).unwrap();
1803
1804                 match Offer::try_from(encoded_offer) {
1805                         Ok(_) => panic!("expected error"),
1806                         Err(e) => assert_eq!(e, Bolt12ParseError::Decode(DecodeError::InvalidValue)),
1807                 }
1808         }
1809 }
1810
1811 #[cfg(test)]
1812 mod bolt12_tests {
1813         use super::{Bolt12ParseError, Bolt12SemanticError, Offer};
1814         use crate::ln::msgs::DecodeError;
1815
1816         #[test]
1817         fn parses_bech32_encoded_offers() {
1818                 let offers = [
1819                         // Minimal bolt12 offer
1820                         "lno1pgx9getnwss8vetrw3hhyuckyypwa3eyt44h6txtxquqh7lz5djge4afgfjn7k4rgrkuag0jsd5xvxg",
1821
1822                         // for testnet
1823                         "lno1qgsyxjtl6luzd9t3pr62xr7eemp6awnejusgf6gw45q75vcfqqqqqqq2p32x2um5ypmx2cm5dae8x93pqthvwfzadd7jejes8q9lhc4rvjxd022zv5l44g6qah82ru5rdpnpj",
1824
1825                         // for bitcoin (redundant)
1826                         "lno1qgsxlc5vp2m0rvmjcxn2y34wv0m5lyc7sdj7zksgn35dvxgqqqqqqqq2p32x2um5ypmx2cm5dae8x93pqthvwfzadd7jejes8q9lhc4rvjxd022zv5l44g6qah82ru5rdpnpj",
1827
1828                         // for bitcoin or liquidv1
1829                         "lno1qfqpge38tqmzyrdjj3x2qkdr5y80dlfw56ztq6yd9sme995g3gsxqqm0u2xq4dh3kdevrf4zg6hx8a60jv0gxe0ptgyfc6xkryqqqqqqqq9qc4r9wd6zqan9vd6x7unnzcss9mk8y3wkklfvevcrszlmu23kfrxh49px20665dqwmn4p72pksese",
1830
1831                         // with metadata
1832                         "lno1qsgqqqqqqqqqqqqqqqqqqqqqqqqqqzsv23jhxapqwejkxar0wfe3vggzamrjghtt05kvkvpcp0a79gmy3nt6jsn98ad2xs8de6sl9qmgvcvs",
1833
1834                         // with amount
1835                         "lno1pqpzwyq2p32x2um5ypmx2cm5dae8x93pqthvwfzadd7jejes8q9lhc4rvjxd022zv5l44g6qah82ru5rdpnpj",
1836
1837                         // with currency
1838                         "lno1qcp4256ypqpzwyq2p32x2um5ypmx2cm5dae8x93pqthvwfzadd7jejes8q9lhc4rvjxd022zv5l44g6qah82ru5rdpnpj",
1839
1840                         // with expiry
1841                         "lno1pgx9getnwss8vetrw3hhyucwq3ay997czcss9mk8y3wkklfvevcrszlmu23kfrxh49px20665dqwmn4p72pksese",
1842
1843                         // with issuer
1844                         "lno1pgx9getnwss8vetrw3hhyucjy358garswvaz7tmzdak8gvfj9ehhyeeqgf85c4p3xgsxjmnyw4ehgunfv4e3vggzamrjghtt05kvkvpcp0a79gmy3nt6jsn98ad2xs8de6sl9qmgvcvs",
1845
1846                         // with quantity
1847                         "lno1pgx9getnwss8vetrw3hhyuc5qyz3vggzamrjghtt05kvkvpcp0a79gmy3nt6jsn98ad2xs8de6sl9qmgvcvs",
1848
1849                         // with unlimited (or unknown) quantity
1850                         "lno1pgx9getnwss8vetrw3hhyuc5qqtzzqhwcuj966ma9n9nqwqtl032xeyv6755yeflt235pmww58egx6rxry",
1851
1852                         // with single quantity (weird but valid)
1853                         "lno1pgx9getnwss8vetrw3hhyuc5qyq3vggzamrjghtt05kvkvpcp0a79gmy3nt6jsn98ad2xs8de6sl9qmgvcvs",
1854
1855                         // with feature
1856                         "lno1pgx9getnwss8vetrw3hhyucvp5yqqqqqqqqqqqqqqqqqqqqkyypwa3eyt44h6txtxquqh7lz5djge4afgfjn7k4rgrkuag0jsd5xvxg",
1857
1858                         // with blinded path via Bob (0x424242...), blinding 020202...
1859                         "lno1pgx9getnwss8vetrw3hhyucs5ypjgef743p5fzqq9nqxh0ah7y87rzv3ud0eleps9kl2d5348hq2k8qzqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgqpqqqqqqqqqqqqqqqqqqqqqqqqqqqzqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqqzq3zyg3zyg3zyg3vggzamrjghtt05kvkvpcp0a79gmy3nt6jsn98ad2xs8de6sl9qmgvcvs",
1860
1861                         // ... and with second blinded path via Carol (0x434343...), blinding 020202...
1862                         "lno1pgx9getnwss8vetrw3hhyucsl5q5yqeyv5l2cs6y3qqzesrth7mlzrlp3xg7xhulusczm04x6g6nms9trspqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqqsqqqqqqqqqqqqqqqqqqqqqqqqqqpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsqpqg3zyg3zyg3zygz0uc7h32x9s0aecdhxlk075kn046aafpuuyw8f5j652t3vha2yqrsyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsqzqqqqqqqqqqqqqqqqqqqqqqqqqqqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqqyzyg3zyg3zyg3zzcss9mk8y3wkklfvevcrszlmu23kfrxh49px20665dqwmn4p72pksese",
1863
1864                         // unknown odd field
1865                         "lno1pgx9getnwss8vetrw3hhyuckyypwa3eyt44h6txtxquqh7lz5djge4afgfjn7k4rgrkuag0jsd5xvxfppf5x2mrvdamk7unvvs",
1866                 ];
1867                 for encoded_offer in &offers {
1868                         if let Err(e) = encoded_offer.parse::<Offer>() {
1869                                 panic!("Invalid offer ({:?}): {}", e, encoded_offer);
1870                         }
1871                 }
1872         }
1873
1874         #[test]
1875         fn fails_parsing_bech32_encoded_offers() {
1876                 // Malformed: fields out of order
1877                 assert_eq!(
1878                         "lno1zcssyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszpgz5znzfgdzs".parse::<Offer>(),
1879                         Err(Bolt12ParseError::Decode(DecodeError::InvalidValue)),
1880                 );
1881
1882                 // Malformed: unknown even TLV type 78
1883                 assert_eq!(
1884                         "lno1pgz5znzfgdz3vggzqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpysgr0u2xq4dh3kdevrf4zg6hx8a60jv0gxe0ptgyfc6xkryqqqqqqqq".parse::<Offer>(),
1885                         Err(Bolt12ParseError::Decode(DecodeError::UnknownRequiredFeature)),
1886                 );
1887
1888                 // Malformed: empty
1889                 assert_eq!(
1890                         "lno1".parse::<Offer>(),
1891                         Err(Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingSigningPubkey)),
1892                 );
1893
1894                 // Malformed: truncated at type
1895                 assert_eq!(
1896                         "lno1pg".parse::<Offer>(),
1897                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1898                 );
1899
1900                 // Malformed: truncated in length
1901                 assert_eq!(
1902                         "lno1pt7s".parse::<Offer>(),
1903                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1904                 );
1905
1906                 // Malformed: truncated after length
1907                 assert_eq!(
1908                         "lno1pgpq".parse::<Offer>(),
1909                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1910                 );
1911
1912                 // Malformed: truncated in description
1913                 assert_eq!(
1914                         "lno1pgpyz".parse::<Offer>(),
1915                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1916                 );
1917
1918                 // Malformed: invalid offer_chains length
1919                 assert_eq!(
1920                         "lno1qgqszzs9g9xyjs69zcssyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsz".parse::<Offer>(),
1921                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1922                 );
1923
1924                 // Malformed: truncated currency UTF-8
1925                 assert_eq!(
1926                         "lno1qcqcqzs9g9xyjs69zcssyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsz".parse::<Offer>(),
1927                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1928                 );
1929
1930                 // Malformed: invalid currency UTF-8
1931                 assert_eq!(
1932                         "lno1qcpgqsg2q4q5cj2rg5tzzqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqg".parse::<Offer>(),
1933                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1934                 );
1935
1936                 // Malformed: truncated description UTF-8
1937                 assert_eq!(
1938                         "lno1pgqcq93pqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqy".parse::<Offer>(),
1939                         Err(Bolt12ParseError::Decode(DecodeError::InvalidValue)),
1940                 );
1941
1942                 // Malformed: invalid description UTF-8
1943                 assert_eq!(
1944                         "lno1pgpgqsgkyypqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs".parse::<Offer>(),
1945                         Err(Bolt12ParseError::Decode(DecodeError::InvalidValue)),
1946                 );
1947
1948                 // Malformed: truncated offer_paths
1949                 assert_eq!(
1950                         "lno1pgz5znzfgdz3qqgpzcssyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsz".parse::<Offer>(),
1951                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1952                 );
1953
1954                 // Malformed: zero num_hops in blinded_path
1955                 assert_eq!(
1956                         "lno1pgz5znzfgdz3qqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsqzcssyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsz".parse::<Offer>(),
1957                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1958                 );
1959
1960                 // Malformed: truncated onionmsg_hop in blinded_path
1961                 assert_eq!(
1962                         "lno1pgz5znzfgdz3qqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqspqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqgkyypqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs".parse::<Offer>(),
1963                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1964                 );
1965
1966                 // Malformed: bad first_node_id in blinded_path
1967                 assert_eq!(
1968                         "lno1pgz5znzfgdz3qqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqspqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqgqzcssyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsz".parse::<Offer>(),
1969                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1970                 );
1971
1972                 // Malformed: bad blinding in blinded_path
1973                 assert_eq!(
1974                         "lno1pgz5znzfgdz3qqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcpqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqgqzcssyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsz".parse::<Offer>(),
1975                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1976                 );
1977
1978                 // Malformed: bad blinded_node_id in onionmsg_hop
1979                 assert_eq!(
1980                         "lno1pgz5znzfgdz3qqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqspqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqgqzcssyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsz".parse::<Offer>(),
1981                         Err(Bolt12ParseError::Decode(DecodeError::ShortRead)),
1982                 );
1983
1984                 // Malformed: truncated issuer UTF-8
1985                 assert_eq!(
1986                         "lno1pgz5znzfgdz3yqvqzcssyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqsz".parse::<Offer>(),
1987                         Err(Bolt12ParseError::Decode(DecodeError::InvalidValue)),
1988                 );
1989
1990                 // Malformed: invalid issuer UTF-8
1991                 assert_eq!(
1992                         "lno1pgz5znzfgdz3yq5qgytzzqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqg".parse::<Offer>(),
1993                         Err(Bolt12ParseError::Decode(DecodeError::InvalidValue)),
1994                 );
1995
1996                 // Malformed: invalid offer_node_id
1997                 assert_eq!(
1998                         "lno1pgz5znzfgdz3vggzqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvpsxqcrqvps".parse::<Offer>(),
1999                         Err(Bolt12ParseError::Decode(DecodeError::InvalidValue)),
2000                 );
2001
2002                 // Contains type >= 80
2003                 assert_eq!(
2004                         "lno1pgz5znzfgdz3vggzqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgp9qgr0u2xq4dh3kdevrf4zg6hx8a60jv0gxe0ptgyfc6xkryqqqqqqqq".parse::<Offer>(),
2005                         Err(Bolt12ParseError::Decode(DecodeError::InvalidValue)),
2006                 );
2007
2008                 // TODO: Resolved in spec https://github.com/lightning/bolts/pull/798/files#r1334851959
2009                 // Contains unknown feature 22
2010                 assert!(
2011                         "lno1pgx9getnwss8vetrw3hhyucvqdqqqqqkyypwa3eyt44h6txtxquqh7lz5djge4afgfjn7k4rgrkuag0jsd5xvxg".parse::<Offer>().is_ok()
2012                 );
2013
2014                 // Missing offer_description
2015                 assert_eq!(
2016                         // TODO: Match the spec once it is updated.
2017                         "lno1pqpq86qkyypwa3eyt44h6txtxquqh7lz5djge4afgfjn7k4rgrkuag0jsd5xvxg".parse::<Offer>(),
2018                         Err(Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingDescription)),
2019                 );
2020
2021                 // Missing offer_node_id"
2022                 assert_eq!(
2023                         "lno1pgx9getnwss8vetrw3hhyuc".parse::<Offer>(),
2024                         Err(Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingSigningPubkey)),
2025                 );
2026         }
2027 }
Personal fork of Rust-Lightning. Upstream is https://github.com/rust-bitcoin/rust-lightning