tapgarden: adjust validation for external key re-issuance

guggero · guggero · commit 9ec0c8dc1e16 · 2025-05-08T11:00:52.000+02:00
This commit fixes two checks that prevented us to re-issue more assets
into an existing group using an external group key.
diff --git a/tapgarden/planter.go b/tapgarden/planter.go
@@ -2668,7 +2668,12 @@ func (c *ChainPlanter) prepAssetSeedling(ctx context.Context,
 	// If a group internal key or tapscript root is specified, emission must
 	// also be enabled.
 	if !req.EnableEmission {
-		if req.GroupInternalKey != nil {
+		// For re-issuing grouped assets or regular (non-grouped)
+		// assets, the group internal key shouldn't be set. It is,
+		// however, set for re-issuance with an external key, because
+		// the internal group key is the key we compare the external key
+		// against.
+		if req.GroupInternalKey != nil && req.ExternalKey.IsNone() {
 			return fmt.Errorf("cannot specify group internal key " +
 				"without enabling emission")
 		}
diff --git a/tapgarden/seedling.go b/tapgarden/seedling.go
@@ -183,12 +183,43 @@ func (c Seedling) validateFields() error {
 func (c Seedling) validateGroupKey(group asset.AssetGroup,
 	anchorMeta *proof.MetaReveal) error {
 
-	// We must be able to sign with the group key.
-	if !group.GroupKey.IsLocal() {
+	// If an external key isn't specified but the actual group key used
+	// isn't local to this daemon, we won't be able to sign with it.
+	if c.ExternalKey.IsNone() && !group.GroupKey.IsLocal() {
 		groupKeyBytes := c.GroupInfo.GroupPubKey.SerializeCompressed()
 		return fmt.Errorf("can't sign with group key %x", groupKeyBytes)
 	}
 
+	// If there is an external key defined, we need to check that it matches
+	// the group key.
+	err := fn.MapOptionZ(
+		c.ExternalKey, func(extKey asset.ExternalKey) error {
+			if group.GroupKey == nil {
+				return fmt.Errorf("group key is nil")
+			}
+
+			if group.GroupKey.RawKey.PubKey == nil {
+				return fmt.Errorf("group raw key is nil")
+			}
+
+			pk, err := extKey.PubKey()
+			if err != nil {
+				return fmt.Errorf("error getting external "+
+					"key: %w", err)
+			}
+
+			if !pk.IsEqual(group.RawKey.PubKey) {
+				return fmt.Errorf("external key does not " +
+					"match group key")
+			}
+
+			return nil
+		},
+	)
+	if err != nil {
+		return fmt.Errorf("error validating external key: %w", err)
+	}
+
 	// The seedling asset type must match the group asset type.
 	if c.AssetType != group.Genesis.Type {
 		return fmt.Errorf("seedling type does not match "+
