tapgarden: adjust validation for external key re-issuance

guggero · guggero · commit 2bd9192800ea · 2025-05-06T18:30:15.000+02:00
This commit fixes two checks that prevented us to re-issue more assets
into an existing group using an external group key.
diff --git a/tapgarden/planter.go b/tapgarden/planter.go
@@ -2668,7 +2668,11 @@ func (c *ChainPlanter) prepAssetSeedling(ctx context.Context,
 	// If a group internal key or tapscript root is specified, emission must
 	// also be enabled.
 	if !req.EnableEmission {
-		if req.GroupInternalKey != nil {
+		// For re-issuance or regular assets, the group internal key
+		// shouldn't be set. It is, however, set for re-issuance with
+		// an external key, because the internal group key is the key
+		// we compare the external key against.
+		if req.GroupInternalKey != nil && req.ExternalKey.IsNone() {
 			return fmt.Errorf("cannot specify group internal key " +
 				"without enabling emission")
 		}
diff --git a/tapgarden/seedling.go b/tapgarden/seedling.go
@@ -183,10 +183,49 @@ func (c Seedling) validateFields() error {
 func (c Seedling) validateGroupKey(group asset.AssetGroup,
 	anchorMeta *proof.MetaReveal) error {
 
-	// We must be able to sign with the group key.
-	if !group.GroupKey.IsLocal() {
-		groupKeyBytes := c.GroupInfo.GroupPubKey.SerializeCompressed()
-		return fmt.Errorf("can't sign with group key %x", groupKeyBytes)
+	switch {
+	// If we have an external key, we need to check that the group key
+	// matches the external key.
+	case c.ExternalKey.IsSome():
+		err := fn.MapOptionZ(
+			c.ExternalKey, func(extKey asset.ExternalKey) error {
+				if group.GroupKey == nil {
+					return fmt.Errorf("group key is nil")
+				}
+
+				if group.GroupKey.RawKey.PubKey == nil {
+					return fmt.Errorf("group raw key is " +
+						"nil")
+				}
+
+				pk, err := extKey.PubKey()
+				if err != nil {
+					return fmt.Errorf("error getting "+
+						"external key: %w", err)
+				}
+
+				if !pk.IsEqual(group.RawKey.PubKey) {
+					return fmt.Errorf("external key " +
+						"does not match group key")
+				}
+
+				return nil
+			},
+		)
+		if err != nil {
+			return fmt.Errorf("error validating external key: %w",
+				err)
+		}
+
+	// If it's not an external key, we need to check that we can actually
+	// sign with the group key.
+	default:
+		if !group.GroupKey.IsLocal() {
+			groupPubKey := c.GroupInfo.GroupPubKey
+			groupKeyBytes := groupPubKey.SerializeCompressed()
+			return fmt.Errorf("can't sign with group key %x",
+				groupKeyBytes)
+		}
 	}
 
 	// The seedling asset type must match the group asset type.
