SealBatch RPC endpoint accepts signed group PSBT

cmd/tapcli/assets.go

@@ -461,7 +461,16 @@ var sealBatchCommand = cli.Command{
 		cli.StringSliceFlag{
 			Name: "group_signatures",
 			Usage: "the asset ID and signature, separated by a " +
-				"colon",
+				"colon. This flag should not be used in " +
+				"conjunction with 'signed_group_psbt'; use " +
+				"one or the other.",
+		},
+		cli.StringSliceFlag{
+			Name: "signed_group_psbt",
+			Usage: "a signed group PSBT for a single asset group " +
+				"in the batch. This flag should not be used " +
+				"in conjunction with 'group_signatures'; use " +
+				"one or the other.",
 		},
 	},
 	Hidden: true,
@@ -474,13 +483,10 @@ func sealBatch(ctx *cli.Context) error {
 	defer cleanUp()
 
 	req := &mintrpc.SealBatchRequest{
-		ShortResponse: ctx.Bool(shortResponseName),
+		ShortResponse:           ctx.Bool(shortResponseName),
+		SignedGroupVirtualPsbts: ctx.StringSlice("signed_group_psbt"),
 	}
 
-	// TODO(guggero): Actually just ask for the signed PSBT back and extract
-	// the signature from there. We can query the pending batch to get the
-	// asset ID of each PSBT (can match by the unsigned transaction's input
-	// prev out).
 	sigs := ctx.StringSlice("group_signatures")
 	for _, witness := range sigs {
 		parts := strings.Split(witness, ":")

docs/external-group-key.md

@@ -249,99 +249,10 @@ Successfully signed PSBT:
 cHNidP8BAF4CAAAAATKZro+KSjqg4YQvE0bqBCbWuii3ekKAdufOGo57L8lwAAAAAAAAAAAAAQBlzR0AAAAAIlEgxoSpM86Pyu/bCRKhOc6/2TLXDGXnUnXn69FQqD8gw7cAAAAAAAEBKwBlzR0AAAAAIlEgqUflbsA2uA/P2qYe6qclsUox7koFCR3h1xkwh4+M1wQBCEIBQAv/X4PJqGyO2YzL2uJgIK+gDFGCTIFkzAq29ThWcBuW5mFIc7aQX1CBtxHSXiF8/jn+F5sWeL0pve1ZKxY7L4EAAA==
 ```
 
-## Step 5b: Extract the signature from the PSBT
-
-TODO(guggero/ffranr): Replace this step by allowing the CLI to take the signed
-PSBT instead. We can list the batch to get the asset ID of each pending asset
-and match the PSBT's input previous output to find out what signed PSBT belongs
-to what asset (in case there are multiple).
-
-```shell
-$ bitcoin-cli decodepsbt cHNidP8BAF4CAAAAATKZro+KSjqg4YQvE0bqBCbWuii3ekKAdufOGo57L8lwAAAAAAAAAAAAAQBlzR0AAAAAIlEgxoSpM86Pyu/bCRKhOc6/2TLXDGXnUnXn69FQqD8gw7cAAAAAAAEBKwBlzR0AAAAAIlEgqUflbsA2uA/P2qYe6qclsUox7koFCR3h1xkwh4+M1wQBCEIBQAv/X4PJqGyO2YzL2uJgIK+gDFGCTIFkzAq29ThWcBuW5mFIc7aQX1CBtxHSXiF8/jn+F5sWeL0pve1ZKxY7L4EAAA==
-
-{
-  "tx": {
-    "txid": "1994e0f5e6beee0a58f76b2f806894f94d93ea0a21c6e380b7634f76c358c38a",
-    "hash": "1994e0f5e6beee0a58f76b2f806894f94d93ea0a21c6e380b7634f76c358c38a",
-    "version": 2,
-    "size": 94,
-    "vsize": 94,
-    "weight": 376,
-    "locktime": 0,
-    "vin": [
-      {
-        "txid": "70c92f7b8e1acee77680427ab728bad62604ea46132f84e1a03a4a8a8fae9932",
-        "vout": 0,
-        "scriptSig": {
-          "asm": "",
-          "hex": ""
-        },
-        "sequence": 0
-      }
-    ],
-    "vout": [
-      {
-        "value": 5.00000000,
-        "n": 0,
-        "scriptPubKey": {
-          "asm": "1 c684a933ce8fcaefdb0912a139cebfd932d70c65e75275e7ebd150a83f20c3b7",
-          "desc": "addr(bcrt1pc6z2jv7w3l9wlkcfz2snnn4lmyedwrr9uaf8telt69g2s0eqcwmsnuxkp4)#ramnsz8q",
-          "hex": "5120c684a933ce8fcaefdb0912a139cebfd932d70c65e75275e7ebd150a83f20c3b7",
-          "address": "bcrt1pc6z2jv7w3l9wlkcfz2snnn4lmyedwrr9uaf8telt69g2s0eqcwmsnuxkp4",
-          "type": "witness_v1_taproot"
-        }
-      }
-    ]
-  },
-  "global_xpubs": [
-  ],
-  "psbt_version": 0,
-  "proprietary": [
-  ],
-  "unknown": {
-  },
-  "inputs": [
-    {
-      "witness_utxo": {
-        "amount": 5.00000000,
-        "scriptPubKey": {
-          "asm": "1 a947e56ec036b80fcfdaa61eeaa725b14a31ee4a05091de1d71930878f8cd704",
-          "desc": "rawtr(a947e56ec036b80fcfdaa61eeaa725b14a31ee4a05091de1d71930878f8cd704)#fnjmj6gz",
-          "hex": "5120a947e56ec036b80fcfdaa61eeaa725b14a31ee4a05091de1d71930878f8cd704",
-          "address": "bcrt1p49r72mkqx6uqln765c0w4fe9k99rrmj2q5y3mcwhrycg0ruv6uzqgnfa6h",
-          "type": "witness_v1_taproot"
-        }
-      },
-      "final_scriptwitness": [
-        "0bff5f83c9a86c8ed98ccbdae26020afa00c51824c8164cc0ab6f53856701b96e6614873b6905f5081b711d25e217cfe39fe179b1678bd29bded592b163b2f81"
-      ]
-    }
-  ],
-  "outputs": [
-    {
-    }
-  ],
-  "fee": 0.00000000
-}
-
-```
-
-We'll take the witness as the signature for the next step:
-
-```json
-"final_scriptwitness": [
-"0bff5f83c9a86c8ed98ccbdae26020afa00c51824c8164cc0ab6f53856701b96e6614873b6905f5081b711d25e217cfe39fe179b1678bd29bded592b163b2f81"
-]
-```
-
 ## Step 6: Seal the batch with the signature
 
-TODO(guggero/ffranr): Use signed PSBT instead, currently it's
-`--group_signatures <asset_id>:<signature>`, but should be
-`--signed_group_psbt` or something like that.
-
 ```shell
-$ tapcli assets mint seal --group_signatures c4b0771c1bd1334bf20df5204c162702a6dc765a9cb15b1bc9e3c91e0282061b:0bff5f83c9a86c8ed98ccbdae26020afa00c51824c8164cc0ab6f53856701b96e6614873b6905f5081b711d25e217cfe39fe179b1678bd29bded592b163b2f81
+$ tapcli assets mint seal --signed_group_psbt cHNidP8BAF4CAAAAATKZro+KSjqg4YQvE0bqBCbWuii3ekKAdufOGo57L8lwAAAAAAAAAAAAAQBlzR0AAAAAIlEgxoSpM86Pyu/bCRKhOc6/2TLXDGXnUnXn69FQqD8gw7cAAAAAAAEBKwBlzR0AAAAAIlEgqUflbsA2uA/P2qYe6qclsUox7koFCR3h1xkwh4+M1wQBCEIBQAv/X4PJqGyO2YzL2uJgIK+gDFGCTIFkzAq29ThWcBuW5mFIc7aQX1CBtxHSXiF8/jn+F5sWeL0pve1ZKxY7L4EAAA==
 
 {
     "batch":  {

itest/utils.go

@@ -3,8 +3,6 @@ package itest
 import (
 	"bytes"
 	"context"
-	"fmt"
-	"log"
 	"testing"
 	"time"
 
@@ -32,7 +30,6 @@ import (
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"github.com/lightningnetwork/lnd/lntest/node"
 	"github.com/lightningnetwork/lnd/lnwallet/chainfee"
-	"github.com/lightningnetwork/lnd/tlv"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc"
 	"google.golang.org/protobuf/proto"
@@ -779,38 +776,28 @@ func MintAssetExternalSigner(t *harnessTest, tapNode *tapdHarness,
 	callbackRes := externalSignerCallback(fundResp.Batch.UnsealedAssets)
 
 	// Extract group witness from signed PSBTs.
-	var groupWitnesses []*taprpc.GroupWitness
+	var signedGroupVirtualPsbts []string
 	for idx := range callbackRes {
 		res := callbackRes[idx]
 		signedPsbt := res.SignedPsbt
-		genesisAssetID := res.AssetID
 
 		// Sanity check signed PSBT.
 		require.Len(t.t, signedPsbt.Inputs, 1)
 		require.Len(t.t, signedPsbt.Outputs, 1)
 
-		// Extract witness from signed PSBT.
-		witnessStack, err := DeserializeWitnessStack(
-			signedPsbt.Inputs[0].FinalScriptWitness,
+		// Encode the signed PSBT as a string.
+		signedPsbtStr, err := signedPsbt.B64Encode()
+		require.NoError(t.t, err)
+		signedGroupVirtualPsbts = append(
+			signedGroupVirtualPsbts, signedPsbtStr,
 		)
-		if err != nil {
-			log.Fatalf("Failed to deserialize witness stack: %v",
-				err)
-		}
-
-		groupWitness := taprpc.GroupWitness{
-			GenesisId: genesisAssetID[:],
-			Witness:   witnessStack,
-		}
-
-		groupWitnesses = append(groupWitnesses, &groupWitness)
 	}
 
 	// Seal the batch with the group witnesses.
 	ctxt, cancel = context.WithTimeout(ctxb, defaultWaitTimeout)
 
 	sealReq := mintrpc.SealBatchRequest{
-		GroupWitnesses: groupWitnesses,
+		SignedGroupVirtualPsbts: signedGroupVirtualPsbts,
 	}
 	sealResp, err := tapNode.SealBatch(ctxt, &sealReq)
 	require.NoError(t.t, err)
@@ -844,45 +831,6 @@ func MintAssetExternalSigner(t *harnessTest, tapNode *tapdHarness,
 	return batchAssets
 }
 
-// DeserializeWitnessStack deserializes a serialized witness stack into a
-// [][]byte.
-//
-// TODO(ffranr): Reconcile this function with asset.TxWitnessDecoder.
-func DeserializeWitnessStack(serialized []byte) ([][]byte, error) {
-	var (
-		// buf is a general scratch buffer used when reading.
-		buf [8]byte
-
-		stack [][]byte
-	)
-	reader := bytes.NewReader(serialized)
-
-	// Read the number of witness elements (compact size integer)
-	count, err := tlv.ReadVarInt(reader, &buf)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read witness count: %w", err)
-	}
-
-	// Read each witness element
-	for i := uint64(0); i < count; i++ {
-		elementSize, err := tlv.ReadVarInt(reader, &buf)
-		if err != nil {
-			return nil, fmt.Errorf("failed to read witness "+
-				"element size: %w", err)
-		}
-
-		// Read the witness element data
-		element := make([]byte, elementSize)
-		if _, err := reader.Read(element); err != nil {
-			return nil, fmt.Errorf("failed to read witness "+
-				"element data: %w", err)
-		}
-		stack = append(stack, element)
-	}
-
-	return stack, nil
-}
-
 // SyncUniverses syncs the universes of two tapd instances and waits until they
 // are in sync.
 func SyncUniverses(ctx context.Context, t *testing.T, clientTapd,

rpcserver.go

@@ -780,6 +780,7 @@ func (r *rpcServer) FundBatch(ctx context.Context,
 func (r *rpcServer) SealBatch(ctx context.Context,
 	req *mintrpc.SealBatchRequest) (*mintrpc.SealBatchResponse, error) {
 
+	// Unmarshal group witnesses from the request.
 	var groupWitnesses []asset.PendingGroupWitness
 	for i := range req.GroupWitnesses {
 		wit, err := taprpc.UnmarshalGroupWitness(req.GroupWitnesses[i])
@@ -790,9 +791,27 @@ func (r *rpcServer) SealBatch(ctx context.Context,
 		groupWitnesses = append(groupWitnesses, *wit)
 	}
 
+	// Unmarshal signed group virtual PSBTs from the request.
+	var groupPSBTs []psbt.Packet
+	for i := range req.SignedGroupVirtualPsbts {
+		groupPsbt := req.SignedGroupVirtualPsbts[i]
+
+		// Decode the signed group virtual PSBT.
+		r := bytes.NewReader([]byte(groupPsbt))
+		psbtPacket, err := psbt.NewFromRawBytes(r, true)
+		if err != nil {
+			return nil, fmt.Errorf("unable to parse signed "+
+				"group virtual PSBT (signed_psbt=%s): %w",
+				groupPsbt, err)
+		}
+
+		groupPSBTs = append(groupPSBTs, *psbtPacket)
+	}
+
 	batch, err := r.cfg.AssetMinter.SealBatch(
 		tapgarden.SealParams{
-			GroupWitnesses: groupWitnesses,
+			GroupWitnesses:          groupWitnesses,
+			SignedGroupVirtualPsbts: groupPSBTs,
 		},
 	)
 	if err != nil {