1 package org.ldk.structs;
3 import org.ldk.impl.bindings;
4 import org.ldk.enums.*;
6 import java.util.Arrays;
7 import java.lang.ref.Reference;
8 import javax.annotation.Nullable;
11 * A trait to sign Lightning channel transactions as described in
12 * [BOLT 3](https://github.com/lightning/bolts/blob/master/03-transactions.md).
14 * Signing services could be implemented on a hardware wallet and should implement signing
15 * policies in order to be secure. Please refer to the [VLS Policy
16 * Controls](https://gitlab.com/lightning-signer/validating-lightning-signer/-/blob/main/docs/policy-controls.md)
17 * for an example of such policies.
19 @SuppressWarnings("unchecked") // We correctly assign various generic arrays
20 public class EcdsaChannelSigner extends CommonBase {
21 final bindings.LDKEcdsaChannelSigner bindings_instance;
22 EcdsaChannelSigner(Object _dummy, long ptr) { super(ptr); bindings_instance = null; }
23 private EcdsaChannelSigner(bindings.LDKEcdsaChannelSigner arg, bindings.LDKChannelSigner ChannelSigner, ChannelPublicKeys pubkeys) {
24 super(bindings.LDKEcdsaChannelSigner_new(arg, ChannelSigner, pubkeys == null ? 0 : pubkeys.clone_ptr()));
25 this.ptrs_to.add(arg);
26 this.ptrs_to.add(ChannelSigner);
27 this.bindings_instance = arg;
29 @Override @SuppressWarnings("deprecation")
30 protected void finalize() throws Throwable {
31 if (ptr != 0) { bindings.EcdsaChannelSigner_free(ptr); } super.finalize();
34 * Destroys the object, freeing associated resources. After this call, any access
35 * to this object may result in a SEGFAULT or worse.
37 * You should generally NEVER call this method. You should let the garbage collector
38 * do this for you when it finalizes objects. However, it may be useful for types
39 * which represent locks and should be closed immediately to avoid holding locks
42 public void destroy() {
43 if (ptr != 0) { bindings.EcdsaChannelSigner_free(ptr); }
46 public static interface EcdsaChannelSignerInterface {
48 * Create a signature for a counterparty's commitment transaction and associated HTLC transactions.
50 * Note that if signing fails or is rejected, the channel will be force-closed.
52 * Policy checks should be implemented in this function, including checking the amount
53 * sent to us and checking the HTLCs.
55 * The preimages of outgoing HTLCs that were fulfilled since the last commitment are provided.
56 * A validating signer should ensure that an HTLC output is removed only when the matching
57 * preimage is provided, or when the value to holder is restored.
59 * Note that all the relevant preimages will be provided, but there may also be additional
60 * irrelevant or duplicate preimages.
62 Result_C2Tuple_SignatureCVec_SignatureZZNoneZ sign_counterparty_commitment(CommitmentTransaction commitment_tx, byte[][] preimages);
64 * Validate the counterparty's revocation.
66 * This is required in order for the signer to make sure that the state has moved
67 * forward and it is safe to sign the next counterparty commitment.
69 Result_NoneNoneZ validate_counterparty_revocation(long idx, byte[] secret);
71 * Creates a signature for a holder's commitment transaction and its claiming HTLC transactions.
74 * - with a non-revoked `commitment_tx`.
75 * - with the latest `commitment_tx` when we initiate a force-close.
76 * - with the previous `commitment_tx`, just to get claiming HTLC
77 * signatures, if we are reacting to a [`ChannelMonitor`]
78 * [replica](https://github.com/lightningdevkit/rust-lightning/blob/main/GLOSSARY.md#monitor-replicas)
79 * that decided to broadcast before it had been updated to the latest `commitment_tx`.
81 * This may be called multiple times for the same transaction.
83 * An external signer implementation should check that the commitment has not been revoked.
85 * [`ChannelMonitor`]: crate::chain::channelmonitor::ChannelMonitor
87 Result_C2Tuple_SignatureCVec_SignatureZZNoneZ sign_holder_commitment_and_htlcs(HolderCommitmentTransaction commitment_tx);
89 * Create a signature for the given input in a transaction spending an HTLC transaction output
90 * or a commitment transaction `to_local` output when our counterparty broadcasts an old state.
92 * A justice transaction may claim multiple outputs at the same time if timelocks are
93 * similar, but only a signature for the input at index `input` should be signed for here.
94 * It may be called multiple times for same output(s) if a fee-bump is needed with regards
95 * to an upcoming timelock expiration.
97 * Amount is value of the output spent by this input, committed to in the BIP 143 signature.
99 * `per_commitment_key` is revocation secret which was provided by our counterparty when they
100 * revoked the state which they eventually broadcast. It's not a _holder_ secret key and does
101 * not allow the spending of any funds by itself (you need our holder `revocation_secret` to do
104 Result_SignatureNoneZ sign_justice_revoked_output(byte[] justice_tx, long input, long amount, byte[] per_commitment_key);
106 * Create a signature for the given input in a transaction spending a commitment transaction
107 * HTLC output when our counterparty broadcasts an old state.
109 * A justice transaction may claim multiple outputs at the same time if timelocks are
110 * similar, but only a signature for the input at index `input` should be signed for here.
111 * It may be called multiple times for same output(s) if a fee-bump is needed with regards
112 * to an upcoming timelock expiration.
114 * `amount` is the value of the output spent by this input, committed to in the BIP 143
117 * `per_commitment_key` is revocation secret which was provided by our counterparty when they
118 * revoked the state which they eventually broadcast. It's not a _holder_ secret key and does
119 * not allow the spending of any funds by itself (you need our holder revocation_secret to do
122 * `htlc` holds HTLC elements (hash, timelock), thus changing the format of the witness script
123 * (which is committed to in the BIP 143 signatures).
125 Result_SignatureNoneZ sign_justice_revoked_htlc(byte[] justice_tx, long input, long amount, byte[] per_commitment_key, HTLCOutputInCommitment htlc);
127 * Create a signature for a claiming transaction for a HTLC output on a counterparty's commitment
128 * transaction, either offered or received.
130 * Such a transaction may claim multiples offered outputs at same time if we know the
131 * preimage for each when we create it, but only the input at index `input` should be
132 * signed for here. It may be called multiple times for same output(s) if a fee-bump is
133 * needed with regards to an upcoming timelock expiration.
135 * `witness_script` is either an offered or received script as defined in BOLT3 for HTLC
138 * `amount` is value of the output spent by this input, committed to in the BIP 143 signature.
140 * `per_commitment_point` is the dynamic point corresponding to the channel state
141 * detected onchain. It has been generated by our counterparty and is used to derive
142 * channel state keys, which are then included in the witness script and committed to in the
145 Result_SignatureNoneZ sign_counterparty_htlc_transaction(byte[] htlc_tx, long input, long amount, byte[] per_commitment_point, HTLCOutputInCommitment htlc);
147 * Create a signature for a (proposed) closing transaction.
149 * Note that, due to rounding, there may be one \"missing\" satoshi, and either party may have
150 * chosen to forgo their output as dust.
152 Result_SignatureNoneZ sign_closing_transaction(ClosingTransaction closing_tx);
154 * Computes the signature for a commitment transaction's anchor output used as an
155 * input within `anchor_tx`, which spends the commitment transaction, at index `input`.
157 Result_SignatureNoneZ sign_holder_anchor_input(byte[] anchor_tx, long input);
159 * Signs a channel announcement message with our funding key proving it comes from one of the
160 * channel participants.
162 * Channel announcements also require a signature from each node's network key. Our node
163 * signature is computed through [`NodeSigner::sign_gossip_message`].
165 * Note that if this fails or is rejected, the channel will not be publicly announced and
166 * our counterparty may (though likely will not) close the channel on us for violating the
169 Result_SignatureNoneZ sign_channel_announcement_with_funding_key(UnsignedChannelAnnouncement msg);
171 private static class LDKEcdsaChannelSignerHolder { EcdsaChannelSigner held; }
172 public static EcdsaChannelSigner new_impl(EcdsaChannelSignerInterface arg, ChannelSigner.ChannelSignerInterface ChannelSigner_impl, ChannelPublicKeys pubkeys) {
173 final LDKEcdsaChannelSignerHolder impl_holder = new LDKEcdsaChannelSignerHolder();
174 impl_holder.held = new EcdsaChannelSigner(new bindings.LDKEcdsaChannelSigner() {
175 @Override public long sign_counterparty_commitment(long commitment_tx, byte[][] preimages) {
176 org.ldk.structs.CommitmentTransaction commitment_tx_hu_conv = null; if (commitment_tx < 0 || commitment_tx > 4096) { commitment_tx_hu_conv = new org.ldk.structs.CommitmentTransaction(null, commitment_tx); }
177 Result_C2Tuple_SignatureCVec_SignatureZZNoneZ ret = arg.sign_counterparty_commitment(commitment_tx_hu_conv, preimages);
178 Reference.reachabilityFence(arg);
179 long result = ret == null ? 0 : ret.clone_ptr();
182 @Override public long validate_counterparty_revocation(long idx, byte[] secret) {
183 Result_NoneNoneZ ret = arg.validate_counterparty_revocation(idx, secret);
184 Reference.reachabilityFence(arg);
185 long result = ret == null ? 0 : ret.clone_ptr();
188 @Override public long sign_holder_commitment_and_htlcs(long commitment_tx) {
189 org.ldk.structs.HolderCommitmentTransaction commitment_tx_hu_conv = null; if (commitment_tx < 0 || commitment_tx > 4096) { commitment_tx_hu_conv = new org.ldk.structs.HolderCommitmentTransaction(null, commitment_tx); }
190 Result_C2Tuple_SignatureCVec_SignatureZZNoneZ ret = arg.sign_holder_commitment_and_htlcs(commitment_tx_hu_conv);
191 Reference.reachabilityFence(arg);
192 long result = ret == null ? 0 : ret.clone_ptr();
195 @Override public long sign_justice_revoked_output(byte[] justice_tx, long input, long amount, byte[] per_commitment_key) {
196 Result_SignatureNoneZ ret = arg.sign_justice_revoked_output(justice_tx, input, amount, per_commitment_key);
197 Reference.reachabilityFence(arg);
198 long result = ret == null ? 0 : ret.clone_ptr();
201 @Override public long sign_justice_revoked_htlc(byte[] justice_tx, long input, long amount, byte[] per_commitment_key, long htlc) {
202 org.ldk.structs.HTLCOutputInCommitment htlc_hu_conv = null; if (htlc < 0 || htlc > 4096) { htlc_hu_conv = new org.ldk.structs.HTLCOutputInCommitment(null, htlc); }
203 Result_SignatureNoneZ ret = arg.sign_justice_revoked_htlc(justice_tx, input, amount, per_commitment_key, htlc_hu_conv);
204 Reference.reachabilityFence(arg);
205 long result = ret == null ? 0 : ret.clone_ptr();
208 @Override public long sign_counterparty_htlc_transaction(byte[] htlc_tx, long input, long amount, byte[] per_commitment_point, long htlc) {
209 org.ldk.structs.HTLCOutputInCommitment htlc_hu_conv = null; if (htlc < 0 || htlc > 4096) { htlc_hu_conv = new org.ldk.structs.HTLCOutputInCommitment(null, htlc); }
210 Result_SignatureNoneZ ret = arg.sign_counterparty_htlc_transaction(htlc_tx, input, amount, per_commitment_point, htlc_hu_conv);
211 Reference.reachabilityFence(arg);
212 long result = ret == null ? 0 : ret.clone_ptr();
215 @Override public long sign_closing_transaction(long closing_tx) {
216 org.ldk.structs.ClosingTransaction closing_tx_hu_conv = null; if (closing_tx < 0 || closing_tx > 4096) { closing_tx_hu_conv = new org.ldk.structs.ClosingTransaction(null, closing_tx); }
217 Result_SignatureNoneZ ret = arg.sign_closing_transaction(closing_tx_hu_conv);
218 Reference.reachabilityFence(arg);
219 long result = ret == null ? 0 : ret.clone_ptr();
222 @Override public long sign_holder_anchor_input(byte[] anchor_tx, long input) {
223 Result_SignatureNoneZ ret = arg.sign_holder_anchor_input(anchor_tx, input);
224 Reference.reachabilityFence(arg);
225 long result = ret == null ? 0 : ret.clone_ptr();
228 @Override public long sign_channel_announcement_with_funding_key(long msg) {
229 org.ldk.structs.UnsignedChannelAnnouncement msg_hu_conv = null; if (msg < 0 || msg > 4096) { msg_hu_conv = new org.ldk.structs.UnsignedChannelAnnouncement(null, msg); }
230 Result_SignatureNoneZ ret = arg.sign_channel_announcement_with_funding_key(msg_hu_conv);
231 Reference.reachabilityFence(arg);
232 long result = ret == null ? 0 : ret.clone_ptr();
235 }, ChannelSigner.new_impl(ChannelSigner_impl, pubkeys).bindings_instance, pubkeys);
236 return impl_holder.held;
240 * Gets the underlying ChannelSigner.
242 public ChannelSigner get_channel_signer() {
243 ChannelSigner res = new ChannelSigner(null, bindings.LDKEcdsaChannelSigner_get_ChannelSigner(this.ptr));
244 res.ptrs_to.add(this);
249 * Create a signature for a counterparty's commitment transaction and associated HTLC transactions.
251 * Note that if signing fails or is rejected, the channel will be force-closed.
253 * Policy checks should be implemented in this function, including checking the amount
254 * sent to us and checking the HTLCs.
256 * The preimages of outgoing HTLCs that were fulfilled since the last commitment are provided.
257 * A validating signer should ensure that an HTLC output is removed only when the matching
258 * preimage is provided, or when the value to holder is restored.
260 * Note that all the relevant preimages will be provided, but there may also be additional
261 * irrelevant or duplicate preimages.
263 public Result_C2Tuple_SignatureCVec_SignatureZZNoneZ sign_counterparty_commitment(org.ldk.structs.CommitmentTransaction commitment_tx, byte[][] preimages) {
264 long ret = bindings.EcdsaChannelSigner_sign_counterparty_commitment(this.ptr, commitment_tx == null ? 0 : commitment_tx.ptr, preimages != null ? Arrays.stream(preimages).map(preimages_conv_8 -> InternalUtils.check_arr_len(preimages_conv_8, 32)).toArray(byte[][]::new) : null);
265 Reference.reachabilityFence(this);
266 Reference.reachabilityFence(commitment_tx);
267 Reference.reachabilityFence(preimages);
268 if (ret >= 0 && ret <= 4096) { return null; }
269 Result_C2Tuple_SignatureCVec_SignatureZZNoneZ ret_hu_conv = Result_C2Tuple_SignatureCVec_SignatureZZNoneZ.constr_from_ptr(ret);
270 if (this != null) { this.ptrs_to.add(commitment_tx); };
275 * Validate the counterparty's revocation.
277 * This is required in order for the signer to make sure that the state has moved
278 * forward and it is safe to sign the next counterparty commitment.
280 public Result_NoneNoneZ validate_counterparty_revocation(long idx, byte[] secret) {
281 long ret = bindings.EcdsaChannelSigner_validate_counterparty_revocation(this.ptr, idx, InternalUtils.check_arr_len(secret, 32));
282 Reference.reachabilityFence(this);
283 Reference.reachabilityFence(idx);
284 Reference.reachabilityFence(secret);
285 if (ret >= 0 && ret <= 4096) { return null; }
286 Result_NoneNoneZ ret_hu_conv = Result_NoneNoneZ.constr_from_ptr(ret);
291 * Creates a signature for a holder's commitment transaction and its claiming HTLC transactions.
293 * This will be called
294 * - with a non-revoked `commitment_tx`.
295 * - with the latest `commitment_tx` when we initiate a force-close.
296 * - with the previous `commitment_tx`, just to get claiming HTLC
297 * signatures, if we are reacting to a [`ChannelMonitor`]
298 * [replica](https://github.com/lightningdevkit/rust-lightning/blob/main/GLOSSARY.md#monitor-replicas)
299 * that decided to broadcast before it had been updated to the latest `commitment_tx`.
301 * This may be called multiple times for the same transaction.
303 * An external signer implementation should check that the commitment has not been revoked.
305 * [`ChannelMonitor`]: crate::chain::channelmonitor::ChannelMonitor
307 public Result_C2Tuple_SignatureCVec_SignatureZZNoneZ sign_holder_commitment_and_htlcs(org.ldk.structs.HolderCommitmentTransaction commitment_tx) {
308 long ret = bindings.EcdsaChannelSigner_sign_holder_commitment_and_htlcs(this.ptr, commitment_tx == null ? 0 : commitment_tx.ptr);
309 Reference.reachabilityFence(this);
310 Reference.reachabilityFence(commitment_tx);
311 if (ret >= 0 && ret <= 4096) { return null; }
312 Result_C2Tuple_SignatureCVec_SignatureZZNoneZ ret_hu_conv = Result_C2Tuple_SignatureCVec_SignatureZZNoneZ.constr_from_ptr(ret);
313 if (this != null) { this.ptrs_to.add(commitment_tx); };
318 * Create a signature for the given input in a transaction spending an HTLC transaction output
319 * or a commitment transaction `to_local` output when our counterparty broadcasts an old state.
321 * A justice transaction may claim multiple outputs at the same time if timelocks are
322 * similar, but only a signature for the input at index `input` should be signed for here.
323 * It may be called multiple times for same output(s) if a fee-bump is needed with regards
324 * to an upcoming timelock expiration.
326 * Amount is value of the output spent by this input, committed to in the BIP 143 signature.
328 * `per_commitment_key` is revocation secret which was provided by our counterparty when they
329 * revoked the state which they eventually broadcast. It's not a _holder_ secret key and does
330 * not allow the spending of any funds by itself (you need our holder `revocation_secret` to do
333 public Result_SignatureNoneZ sign_justice_revoked_output(byte[] justice_tx, long input, long amount, byte[] per_commitment_key) {
334 long ret = bindings.EcdsaChannelSigner_sign_justice_revoked_output(this.ptr, justice_tx, input, amount, InternalUtils.check_arr_len(per_commitment_key, 32));
335 Reference.reachabilityFence(this);
336 Reference.reachabilityFence(justice_tx);
337 Reference.reachabilityFence(input);
338 Reference.reachabilityFence(amount);
339 Reference.reachabilityFence(per_commitment_key);
340 if (ret >= 0 && ret <= 4096) { return null; }
341 Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret);
346 * Create a signature for the given input in a transaction spending a commitment transaction
347 * HTLC output when our counterparty broadcasts an old state.
349 * A justice transaction may claim multiple outputs at the same time if timelocks are
350 * similar, but only a signature for the input at index `input` should be signed for here.
351 * It may be called multiple times for same output(s) if a fee-bump is needed with regards
352 * to an upcoming timelock expiration.
354 * `amount` is the value of the output spent by this input, committed to in the BIP 143
357 * `per_commitment_key` is revocation secret which was provided by our counterparty when they
358 * revoked the state which they eventually broadcast. It's not a _holder_ secret key and does
359 * not allow the spending of any funds by itself (you need our holder revocation_secret to do
362 * `htlc` holds HTLC elements (hash, timelock), thus changing the format of the witness script
363 * (which is committed to in the BIP 143 signatures).
365 public Result_SignatureNoneZ sign_justice_revoked_htlc(byte[] justice_tx, long input, long amount, byte[] per_commitment_key, org.ldk.structs.HTLCOutputInCommitment htlc) {
366 long ret = bindings.EcdsaChannelSigner_sign_justice_revoked_htlc(this.ptr, justice_tx, input, amount, InternalUtils.check_arr_len(per_commitment_key, 32), htlc == null ? 0 : htlc.ptr);
367 Reference.reachabilityFence(this);
368 Reference.reachabilityFence(justice_tx);
369 Reference.reachabilityFence(input);
370 Reference.reachabilityFence(amount);
371 Reference.reachabilityFence(per_commitment_key);
372 Reference.reachabilityFence(htlc);
373 if (ret >= 0 && ret <= 4096) { return null; }
374 Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret);
375 if (this != null) { this.ptrs_to.add(htlc); };
380 * Create a signature for a claiming transaction for a HTLC output on a counterparty's commitment
381 * transaction, either offered or received.
383 * Such a transaction may claim multiples offered outputs at same time if we know the
384 * preimage for each when we create it, but only the input at index `input` should be
385 * signed for here. It may be called multiple times for same output(s) if a fee-bump is
386 * needed with regards to an upcoming timelock expiration.
388 * `witness_script` is either an offered or received script as defined in BOLT3 for HTLC
391 * `amount` is value of the output spent by this input, committed to in the BIP 143 signature.
393 * `per_commitment_point` is the dynamic point corresponding to the channel state
394 * detected onchain. It has been generated by our counterparty and is used to derive
395 * channel state keys, which are then included in the witness script and committed to in the
398 public Result_SignatureNoneZ sign_counterparty_htlc_transaction(byte[] htlc_tx, long input, long amount, byte[] per_commitment_point, org.ldk.structs.HTLCOutputInCommitment htlc) {
399 long ret = bindings.EcdsaChannelSigner_sign_counterparty_htlc_transaction(this.ptr, htlc_tx, input, amount, InternalUtils.check_arr_len(per_commitment_point, 33), htlc == null ? 0 : htlc.ptr);
400 Reference.reachabilityFence(this);
401 Reference.reachabilityFence(htlc_tx);
402 Reference.reachabilityFence(input);
403 Reference.reachabilityFence(amount);
404 Reference.reachabilityFence(per_commitment_point);
405 Reference.reachabilityFence(htlc);
406 if (ret >= 0 && ret <= 4096) { return null; }
407 Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret);
408 if (this != null) { this.ptrs_to.add(htlc); };
413 * Create a signature for a (proposed) closing transaction.
415 * Note that, due to rounding, there may be one \"missing\" satoshi, and either party may have
416 * chosen to forgo their output as dust.
418 public Result_SignatureNoneZ sign_closing_transaction(org.ldk.structs.ClosingTransaction closing_tx) {
419 long ret = bindings.EcdsaChannelSigner_sign_closing_transaction(this.ptr, closing_tx == null ? 0 : closing_tx.ptr);
420 Reference.reachabilityFence(this);
421 Reference.reachabilityFence(closing_tx);
422 if (ret >= 0 && ret <= 4096) { return null; }
423 Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret);
424 if (this != null) { this.ptrs_to.add(closing_tx); };
429 * Computes the signature for a commitment transaction's anchor output used as an
430 * input within `anchor_tx`, which spends the commitment transaction, at index `input`.
432 public Result_SignatureNoneZ sign_holder_anchor_input(byte[] anchor_tx, long input) {
433 long ret = bindings.EcdsaChannelSigner_sign_holder_anchor_input(this.ptr, anchor_tx, input);
434 Reference.reachabilityFence(this);
435 Reference.reachabilityFence(anchor_tx);
436 Reference.reachabilityFence(input);
437 if (ret >= 0 && ret <= 4096) { return null; }
438 Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret);
443 * Signs a channel announcement message with our funding key proving it comes from one of the
444 * channel participants.
446 * Channel announcements also require a signature from each node's network key. Our node
447 * signature is computed through [`NodeSigner::sign_gossip_message`].
449 * Note that if this fails or is rejected, the channel will not be publicly announced and
450 * our counterparty may (though likely will not) close the channel on us for violating the
453 public Result_SignatureNoneZ sign_channel_announcement_with_funding_key(org.ldk.structs.UnsignedChannelAnnouncement msg) {
454 long ret = bindings.EcdsaChannelSigner_sign_channel_announcement_with_funding_key(this.ptr, msg == null ? 0 : msg.ptr);
455 Reference.reachabilityFence(this);
456 Reference.reachabilityFence(msg);
457 if (ret >= 0 && ret <= 4096) { return null; }
458 Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret);
459 if (this != null) { this.ptrs_to.add(msg); };