Fail payment retry if Invoice is expired

jkczyz · jkczyz · commit ad61ec5fb92f · 2021-10-26T08:36:59.000-05:00
According to BOLT 11:

- after the `timestamp` plus `expiry` has passed
  - SHOULD NOT attempt a payment

Add a convenience method for checking if an Invoice has expired, and use
it to short-circuit payment retries.
diff --git a/lightning-invoice/src/lib.rs b/lightning-invoice/src/lib.rs
@@ -1188,6 +1188,19 @@ impl Invoice {
 			.unwrap_or(Duration::from_secs(DEFAULT_EXPIRY_TIME))
 	}
 
+	/// Returns whether the invoice has expired.
+	pub fn is_expired(&self) -> bool {
+		Self::is_expired_from_epoch(self.timestamp(), self.expiry_time())
+	}
+
+	/// Returns whether the expiry time from the given epoch has passed.
+	pub(crate) fn is_expired_from_epoch(epoch: &SystemTime, expiry_time: Duration) -> bool {
+		match epoch.elapsed() {
+			Ok(elapsed) => elapsed > expiry_time,
+			Err(_) => false,
+		}
+	}
+
 	/// Returns the invoice's `min_final_cltv_expiry` time, if present, otherwise
 	/// [`DEFAULT_MIN_FINAL_CLTV_EXPIRY`].
 	pub fn min_final_cltv_expiry(&self) -> u64 {
@@ -1920,5 +1933,33 @@ mod test {
 
 		assert_eq!(invoice.min_final_cltv_expiry(), DEFAULT_MIN_FINAL_CLTV_EXPIRY);
 		assert_eq!(invoice.expiry_time(), Duration::from_secs(DEFAULT_EXPIRY_TIME));
+		assert!(!invoice.is_expired());
+	}
+
+	#[test]
+	fn test_expiration() {
+		use ::*;
+		use secp256k1::Secp256k1;
+		use secp256k1::key::SecretKey;
+
+		let timestamp = SystemTime::now()
+			.checked_sub(Duration::from_secs(DEFAULT_EXPIRY_TIME * 2))
+			.unwrap();
+		let signed_invoice = InvoiceBuilder::new(Currency::Bitcoin)
+			.description("Test".into())
+			.payment_hash(sha256::Hash::from_slice(&[0;32][..]).unwrap())
+			.payment_secret(PaymentSecret([0; 32]))
+			.timestamp(timestamp)
+			.build_raw()
+			.unwrap()
+			.sign::<_, ()>(|hash| {
+				let privkey = SecretKey::from_slice(&[41; 32]).unwrap();
+				let secp_ctx = Secp256k1::new();
+				Ok(secp_ctx.sign_recoverable(hash, &privkey))
+			})
+			.unwrap();
+		let invoice = Invoice::from_signed(signed_invoice).unwrap();
+
+		assert!(invoice.is_expired());
 	}
 }
diff --git a/lightning-invoice/src/payment.rs b/lightning-invoice/src/payment.rs
@@ -114,6 +114,7 @@ use secp256k1::key::PublicKey;
 use std::collections::hash_map::{self, HashMap};
 use std::ops::Deref;
 use std::sync::Mutex;
+use std::time::{Duration, SystemTime};
 
 /// A utility for paying [`Invoice]`s.
 pub struct InvoicePayer<P: Deref, R, L: Deref, E>
@@ -225,6 +226,7 @@ where
 			hash_map::Entry::Vacant(entry) => {
 				let payer = self.payer.node_id();
 				let mut payee = Payee::new(invoice.recover_payee_pub_key())
+					.with_expiry_time(expiry_time_from_unix_epoch(&invoice))
 					.with_route_hints(invoice.route_hints());
 				if let Some(features) = invoice.features() {
 					payee = payee.with_features(features.clone());
@@ -272,6 +274,14 @@ where
 	}
 }
 
+fn expiry_time_from_unix_epoch(invoice: &Invoice) -> Duration {
+	invoice.timestamp().duration_since(SystemTime::UNIX_EPOCH).unwrap() + invoice.expiry_time()
+}
+
+fn has_expired(params: &RouteParameters) -> bool {
+	Invoice::is_expired_from_epoch(&SystemTime::UNIX_EPOCH, params.payee.expiry_time.unwrap())
+}
+
 impl<P: Deref, R, L: Deref, E> EventHandler for InvoicePayer<P, R, L, E>
 where
 	P::Target: Payer,
@@ -296,6 +306,8 @@ where
 						log_trace!(self.logger, "Payment {} exceeded maximum attempts; not retrying (attempts: {})", log_bytes!(payment_hash.0), attempts);
 					} else if retry.is_none() {
 						log_trace!(self.logger, "Payment {} missing retry params; not retrying (attempts: {})", log_bytes!(payment_hash.0), attempts);
+					} else if has_expired(retry.as_ref().unwrap()) {
+						log_trace!(self.logger, "Invoice expired for payment {}; not retrying (attempts: {})", log_bytes!(payment_hash.0), attempts);
 					} else if self.retry_payment(*payment_id.as_ref().unwrap(), retry.as_ref().unwrap()).is_err() {
 						log_trace!(self.logger, "Error retrying payment {}; not retrying (attempts: {})", log_bytes!(payment_hash.0), attempts);
 					} else {
@@ -328,7 +340,7 @@ where
 #[cfg(test)]
 mod tests {
 	use super::*;
-	use crate::{InvoiceBuilder, Currency};
+	use crate::{DEFAULT_EXPIRY_TIME, InvoiceBuilder, Currency};
 	use bitcoin_hashes::sha256::Hash as Sha256;
 	use lightning::ln::PaymentPreimage;
 	use lightning::ln::features::{ChannelFeatures, NodeFeatures};
@@ -338,6 +350,7 @@ mod tests {
 	use lightning::util::errors::APIError;
 	use lightning::util::events::Event;
 	use secp256k1::{SecretKey, PublicKey, Secp256k1};
+	use std::time::{SystemTime, Duration};
 
 	fn invoice(payment_preimage: PaymentPreimage) -> Invoice {
 		let payment_hash = Sha256::hash(&payment_preimage.0);
@@ -370,6 +383,25 @@ mod tests {
 			.unwrap()
 	}
 
+	fn expired_invoice(payment_preimage: PaymentPreimage) -> Invoice {
+		let payment_hash = Sha256::hash(&payment_preimage.0);
+		let private_key = SecretKey::from_slice(&[42; 32]).unwrap();
+		let timestamp = SystemTime::now()
+			.checked_sub(Duration::from_secs(DEFAULT_EXPIRY_TIME * 2))
+			.unwrap();
+		InvoiceBuilder::new(Currency::Bitcoin)
+			.description("test".into())
+			.payment_hash(payment_hash)
+			.payment_secret(PaymentSecret([0; 32]))
+			.timestamp(timestamp)
+			.min_final_cltv_expiry(144)
+			.amount_milli_satoshis(128)
+			.build_signed(|hash| {
+				Secp256k1::new().sign_recoverable(hash, &private_key)
+			})
+			.unwrap()
+	}
+
 	#[test]
 	fn pays_invoice_on_first_attempt() {
 		let event_handled = core::cell::RefCell::new(false);
@@ -524,6 +556,37 @@ mod tests {
 		assert_eq!(*payer.attempts.borrow(), 1);
 	}
 
+	#[test]
+	fn fails_paying_invoice_after_expiration() {
+		let event_handled = core::cell::RefCell::new(false);
+		let event_handler = |_: &_| { *event_handled.borrow_mut() = true; };
+
+		let payer = TestPayer::new();
+		let router = TestRouter {};
+		let logger = TestLogger::new();
+		let invoice_payer =
+			InvoicePayer::new(&payer, router, &logger, event_handler, RetryAttempts(2));
+
+		let payment_preimage = PaymentPreimage([1; 32]);
+		let invoice = expired_invoice(payment_preimage);
+		let payment_id = Some(invoice_payer.pay_invoice(&invoice).unwrap());
+		assert_eq!(*payer.attempts.borrow(), 1);
+
+		let event = Event::PaymentPathFailed {
+			payment_id,
+			payment_hash: PaymentHash(invoice.payment_hash().clone().into_inner()),
+			network_update: None,
+			rejected_by_dest: false,
+			all_paths_failed: false,
+			path: vec![],
+			short_channel_id: None,
+			retry: Some(TestRouter::retry_for_invoice(&invoice)),
+		};
+		invoice_payer.handle_event(&event);
+		assert_eq!(*event_handled.borrow(), true);
+		assert_eq!(*payer.attempts.borrow(), 1);
+	}
+
 	#[test]
 	fn fails_paying_invoice_after_retry_error() {
 		let event_handled = core::cell::RefCell::new(false);
@@ -745,6 +808,7 @@ mod tests {
 
 		fn retry_for_invoice(invoice: &Invoice) -> RouteParameters {
 			let mut payee = Payee::new(invoice.recover_payee_pub_key())
+				.with_expiry_time(expiry_time_from_unix_epoch(invoice))
 				.with_route_hints(invoice.route_hints());
 			if let Some(features) = invoice.features() {
 				payee = payee.with_features(features.clone());
diff --git a/lightning/src/routing/router.rs b/lightning/src/routing/router.rs
@@ -27,6 +27,7 @@ use prelude::*;
 use alloc::collections::BinaryHeap;
 use core::cmp;
 use core::ops::Deref;
+use core::time::Duration;
 
 /// A hop in a route
 #[derive(Clone, Debug, Hash, PartialEq, Eq)]
@@ -180,12 +181,16 @@ pub struct Payee {
 
 	/// Hints for routing to the payee, containing channels connecting the payee to public nodes.
 	pub route_hints: Vec<RouteHint>,
+
+	/// Expiration of a payment to the payee, relative to a user-defined epoch.
+	pub expiry_time: Option<Duration>,
 }
 
 impl_writeable_tlv_based!(Payee, {
 	(0, pubkey, required),
 	(2, features, option),
 	(4, route_hints, vec_type),
+	(6, expiry_time, option),
 });
 
 impl Payee {
@@ -195,6 +200,7 @@ impl Payee {
 			pubkey,
 			features: None,
 			route_hints: vec![],
+			expiry_time: None,
 		}
 	}
 
@@ -216,6 +222,11 @@ impl Payee {
 	pub fn with_route_hints(self, route_hints: Vec<RouteHint>) -> Self {
 		Self { route_hints, ..self }
 	}
+
+	/// Includes a payment expiration relative to a user-defined epoch.
+	pub fn with_expiry_time(self, expiry_time: Duration) -> Self {
+		Self { expiry_time: Some(expiry_time), ..self }
+	}
 }
 
 /// A list of hops along a payment path terminating with a channel to the recipient.
diff --git a/lightning/src/util/ser.rs b/lightning/src/util/ser.rs
@@ -27,6 +27,7 @@ use bitcoin::consensus::Encodable;
 use bitcoin::hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::hash_types::{Txid, BlockHash};
 use core::marker::Sized;
+use core::time::Duration;
 use ln::msgs::DecodeError;
 use ln::{PaymentPreimage, PaymentHash, PaymentSecret};
 
@@ -911,3 +912,16 @@ impl Readable for String {
 		Ok(ret)
 	}
 }
+
+impl Writeable for Duration {
+	#[inline]
+	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
+		self.as_secs().write(w)
+	}
+}
+impl Readable for Duration {
+	#[inline]
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+		Ok(Duration::from_secs(Readable::read(r)?))
+	}
+}
