/**
* Creates the initial multisig contract and incomplete refund transaction which can be requested
* at the appropriate time using {@link PaymentChannelClientState#getIncompleteRefundTransaction}
* and {@link PaymentChannelClientState#getMultisigContract()}. The way the contract is crafted
* can be adjusted by overriding {@link
* PaymentChannelClientState#editContractSendRequest(com.google.bitcoin.core.Wallet.SendRequest)}.
* By default unconfirmed coins are allowed to be used, as for micropayments the risk should be
* relatively low.
*
* @throws ValueOutOfRangeException if the value being used is too small to be accepted by the
* network
* @throws InsufficientMoneyException if the wallet doesn't contain enough balance to initiate
*/
public synchronized void initiate() throws ValueOutOfRangeException, InsufficientMoneyException {
final NetworkParameters params = wallet.getParams();
Transaction template = new Transaction(params);
// We always place the client key before the server key because, if either side wants some
// privacy, they can
// use a fresh key for the the multisig contract and nowhere else
List<ECKey> keys = Lists.newArrayList(myKey, serverMultisigKey);
// There is also probably a change output, but we don't bother shuffling them as it's obvious
// from the
// format which one is the change. If we start obfuscating the change output better in future
// this may
// be worth revisiting.
TransactionOutput multisigOutput =
template.addOutput(totalValue, ScriptBuilder.createMultiSigOutputScript(2, keys));
if (multisigOutput.getMinNonDustValue().compareTo(totalValue) > 0)
throw new ValueOutOfRangeException("totalValue too small to use");
Wallet.SendRequest req = Wallet.SendRequest.forTx(template);
req.coinSelector = AllowUnconfirmedCoinSelector.get();
editContractSendRequest(req);
req.shuffleOutputs = false; // TODO: Fix things so shuffling is usable.
wallet.completeTx(req);
Coin multisigFee = req.tx.getFee();
multisigContract = req.tx;
// Build a refund transaction that protects us in the case of a bad server that's just trying to
// cause havoc
// by locking up peoples money (perhaps as a precursor to a ransom attempt). We time lock it so
// the server
// has an assurance that we cannot take back our money by claiming a refund before the channel
// closes - this
// relies on the fact that since Bitcoin 0.8 time locked transactions are non-final. This will
// need to change
// in future as it breaks the intended design of timelocking/tx replacement, but for now it
// simplifies this
// specific protocol somewhat.
refundTx = new Transaction(params);
refundTx
.addInput(multisigOutput)
.setSequenceNumber(0); // Allow replacement when it's eventually reactivated.
refundTx.setLockTime(expiryTime);
if (totalValue.compareTo(Coin.CENT) < 0) {
// Must pay min fee.
final Coin valueAfterFee = totalValue.subtract(Transaction.REFERENCE_DEFAULT_MIN_TX_FEE);
if (Transaction.MIN_NONDUST_OUTPUT.compareTo(valueAfterFee) > 0)
throw new ValueOutOfRangeException("totalValue too small to use");
refundTx.addOutput(valueAfterFee, myKey.toAddress(params));
refundFees = multisigFee.add(Transaction.REFERENCE_DEFAULT_MIN_TX_FEE);
} else {
refundTx.addOutput(totalValue, myKey.toAddress(params));
refundFees = multisigFee;
}
refundTx.getConfidence().setSource(TransactionConfidence.Source.SELF);
log.info(
"initiated channel with multi-sig contract {}, refund {}",
multisigContract.getHashAsString(),
refundTx.getHashAsString());
state = State.INITIATED;
// Client should now call getIncompleteRefundTransaction() and send it to the server.
}
/**
* Updates the outputs on the payment contract transaction and re-signs it. The state must be
* READY in order to call this method. The signature that is returned should be sent to the server
* so it has the ability to broadcast the best seen payment when the channel closes or times out.
*
* <p>The returned signature is over the payment transaction, which we never have a valid copy of
* and thus there is no accessor for it on this object.
*
* <p>To spend the whole channel increment by {@link PaymentChannelClientState#getTotalValue()} -
* {@link PaymentChannelClientState#getValueRefunded()}
*
* @param size How many satoshis to increment the payment by (note: not the new total).
* @throws ValueOutOfRangeException If size is negative or the channel does not have sufficient
* money in it to complete this payment.
*/
public synchronized IncrementedPayment incrementPaymentBy(Coin size)
throws ValueOutOfRangeException {
checkState(state == State.READY);
checkNotExpired();
checkNotNull(size); // Validity of size will be checked by makeUnsignedChannelContract.
if (size.signum() < 0) throw new ValueOutOfRangeException("Tried to decrement payment");
Coin newValueToMe = valueToMe.subtract(size);
if (newValueToMe.compareTo(Transaction.MIN_NONDUST_OUTPUT) < 0 && newValueToMe.signum() > 0) {
log.info(
"New value being sent back as change was smaller than minimum nondust output, sending all");
size = valueToMe;
newValueToMe = Coin.ZERO;
}
if (newValueToMe.signum() < 0)
throw new ValueOutOfRangeException(
"Channel has too little money to pay " + size + " satoshis");
Transaction tx = makeUnsignedChannelContract(newValueToMe);
log.info("Signing new payment tx {}", tx);
Transaction.SigHash mode;
// If we spent all the money we put into this channel, we (by definition) don't care what the
// outputs are, so
// we sign with SIGHASH_NONE to let the server do what it wants.
if (newValueToMe.equals(Coin.ZERO)) mode = Transaction.SigHash.NONE;
else mode = Transaction.SigHash.SINGLE;
TransactionSignature sig = tx.calculateSignature(0, myKey, multisigScript, mode, true);
valueToMe = newValueToMe;
updateChannelInWallet();
IncrementedPayment payment = new IncrementedPayment();
payment.signature = sig;
payment.amount = size;
return payment;
}
/**
* Creates a state object for a payment channel client. It is expected that you be ready to {@link
* PaymentChannelClientState#initiate()} after construction (to avoid creating objects for
* channels which are not going to finish opening) and thus some parameters provided here are only
* used in {@link PaymentChannelClientState#initiate()} to create the Multisig contract and refund
* transaction.
*
* @param wallet a wallet that contains at least the specified amount of value.
* @param myKey a freshly generated private key for this channel.
* @param serverMultisigKey a public key retrieved from the server used for the initial multisig
* contract
* @param value how many satoshis to put into this contract. If the channel reaches this limit, it
* must be closed. It is suggested you use at least {@link Utils#CENT} to avoid paying fees if
* you need to spend the refund transaction
* @param expiryTimeInSeconds At what point (UNIX timestamp +/- a few hours) the channel will
* expire
* @throws VerificationException If either myKey's pubkey or serverMultisigKey's pubkey are
* non-canonical (ie invalid)
*/
public PaymentChannelClientState(
Wallet wallet, ECKey myKey, ECKey serverMultisigKey, Coin value, long expiryTimeInSeconds)
throws VerificationException {
checkArgument(value.signum() > 0);
this.wallet = checkNotNull(wallet);
initWalletListeners();
this.serverMultisigKey = checkNotNull(serverMultisigKey);
this.myKey = checkNotNull(myKey);
this.valueToMe = this.totalValue = checkNotNull(value);
this.expiryTime = expiryTimeInSeconds;
this.state = State.NEW;
}
