blvm_protocol/

payment.rs

//! BIP70: Payment Protocol (P2P Variant)
//!
//! Specification: https://github.com/bitcoin/bips/blob/master/bip-0070.mediawiki
//!
//! This is a P2P-based variant of BIP70 that addresses security concerns:
//! - Uses Bitcoin P2P network instead of HTTP/HTTPS (privacy-preserving)
//! - Uses Bitcoin public key signatures instead of X.509 certificates (decentralized)
//! - Supports signed refund addresses (prevents refund attacks)
//! - Works with TCP, Iroh, and QUIC transports
//!
//! Core messages:
//! - PaymentRequest: Merchant payment details signed with Bitcoin key
//! - Payment: Customer payment transaction(s)
//! - PaymentACK: Merchant confirmation of payment
//!
//! Security enhancements:
//! - Merchant authentication via Bitcoin public keys (on-chain verifiable)
//! - Signed refund addresses prevent refund attacks
//! - P2P routing preserves customer privacy (no direct merchant connection)

use crate::Hash;
use hex;
use secp256k1::ecdsa::Signature;
use secp256k1::{Message, Secp256k1};
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};

/// BIP70 Payment Protocol version
pub const PAYMENT_PROTOCOL_VERSION: u32 = 1;

/// Payment Details - Core payment information
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PaymentDetails {
    /// Network identifier (mainnet, testnet, regtest)
    pub network: String,
    /// Payment outputs (address, amount)
    pub outputs: Vec<PaymentOutput>,
    /// Payment expiration time (Unix timestamp)
    pub time: u64,
    /// Payment expiration time
    pub expires: Option<u64>,
    /// Memo for merchant
    pub memo: Option<String>,
    /// Memo for customer
    pub payment_url: Option<String>,
    /// Merchant data (opaque to customer)
    pub merchant_data: Option<Vec<u8>>,
}

/// Payment Output - Address and amount
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct PaymentOutput {
    /// Bitcoin address or script
    pub script: Vec<u8>,
    /// Amount in satoshis (None = all available)
    pub amount: Option<u64>,
}

/// Signed refund address - Pre-authorized refund address with merchant signature
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SignedRefundAddress {
    /// Refund address/script
    pub address: PaymentOutput,
    /// Merchant signature over address (prevents refund attacks)
    pub signature: Vec<u8>,
}

/// Payment Request - Main payment protocol message
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PaymentRequest {
    /// Payment details
    pub payment_details: PaymentDetails,
    /// Merchant's Bitcoin public key (compressed, 33 bytes)
    /// Replaces X.509 certificates with on-chain verifiable keys
    pub merchant_pubkey: Option<Vec<u8>>,
    /// Signature over payment_details by merchant's Bitcoin key
    pub signature: Option<Vec<u8>>,
    /// Pre-authorized refund addresses (signed by merchant)
    /// Prevents refund address attacks by requiring merchant signature
    pub authorized_refund_addresses: Option<Vec<SignedRefundAddress>>,
}

/// Payment - Customer payment transaction(s)
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Payment {
    /// Serialized transaction(s)
    pub transactions: Vec<Vec<u8>>,
    /// Refund addresses (if change needed)
    pub refund_to: Option<Vec<PaymentOutput>>,
    /// Merchant data (echo back from PaymentRequest)
    pub merchant_data: Option<Vec<u8>>,
    /// Memo from customer
    pub memo: Option<String>,
}

/// Payment ACK - Merchant confirmation
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PaymentACK {
    /// Original payment message
    pub payment: Payment,
    /// Confirmation memo from merchant
    pub memo: Option<String>,
    /// Merchant signature over PaymentACK (optional)
    pub signature: Option<Vec<u8>>,
}

impl PaymentACK {
    /// Sign PaymentACK with merchant's private key
    pub fn sign(&mut self, private_key: &secp256k1::SecretKey) -> Result<(), Bip70Error> {
        // Serialize PaymentACK for signing (excluding signature field)
        let mut ack_for_signing = self.clone();
        ack_for_signing.signature = None;

        let serialized = bincode::serialize(&ack_for_signing)
            .map_err(|e| Bip70Error::SerializationError(e.to_string()))?;

        // Hash PaymentACK
        let mut hasher = Sha256::new();
        hasher.update(&serialized);
        let hash = hasher.finalize();

        // Create message for signing
        let message = Message::from_digest(hash.into());

        // Sign with secp256k1
        let secp = Secp256k1::new();
        let signature = secp.sign_ecdsa(&message, private_key);

        // Store signature
        self.signature = Some(signature.serialize_compact().to_vec());

        Ok(())
    }

    /// Verify PaymentACK signature
    pub fn verify_signature(&self, merchant_pubkey: &[u8]) -> Result<(), Bip70Error> {
        let signature_bytes = self
            .signature
            .as_ref()
            .ok_or_else(|| Bip70Error::SignatureError("No signature".to_string()))?;

        // Parse public key
        let pubkey = secp256k1::PublicKey::from_slice(merchant_pubkey)
            .map_err(|e| Bip70Error::SignatureError(format!("Invalid public key: {e}")))?;

        // Parse signature
        let signature = Signature::from_compact(signature_bytes)
            .map_err(|e| Bip70Error::SignatureError(format!("Invalid signature: {e}")))?;

        // Serialize PaymentACK for verification (excluding signature)
        let mut ack_for_verification = self.clone();
        ack_for_verification.signature = None;

        let serialized = bincode::serialize(&ack_for_verification)
            .map_err(|e| Bip70Error::SerializationError(e.to_string()))?;

        // Hash PaymentACK
        let mut hasher = Sha256::new();
        hasher.update(&serialized);
        let hash = hasher.finalize();

        // Create message for verification
        let message = Message::from_digest(hash.into());

        // Verify signature
        let secp = Secp256k1::new();
        secp.verify_ecdsa(&message, &signature, &pubkey)
            .map_err(|_| {
                Bip70Error::SignatureError("PaymentACK signature verification failed".to_string())
            })?;

        Ok(())
    }
}

impl PaymentRequest {
    /// Create a new payment request
    pub fn new(network: String, outputs: Vec<PaymentOutput>, time: u64) -> Self {
        Self {
            payment_details: PaymentDetails {
                network,
                outputs,
                time,
                expires: None,
                memo: None,
                payment_url: None,
                merchant_data: None,
            },
            merchant_pubkey: None,
            signature: None,
            authorized_refund_addresses: None,
        }
    }

    /// Set merchant public key
    pub fn with_merchant_key(mut self, pubkey: [u8; 33]) -> Self {
        self.merchant_pubkey = Some(pubkey.to_vec());
        self
    }

    /// Add authorized refund address (signed by merchant)
    pub fn with_authorized_refund(mut self, signed_refund: SignedRefundAddress) -> Self {
        if self.authorized_refund_addresses.is_none() {
            self.authorized_refund_addresses = Some(Vec::new());
        }
        self.authorized_refund_addresses
            .as_mut()
            .unwrap()
            .push(signed_refund);
        self
    }

    /// Set expiration time
    pub fn with_expires(mut self, expires: u64) -> Self {
        self.payment_details.expires = Some(expires);
        self
    }

    /// Set memo for merchant
    pub fn with_memo(mut self, memo: String) -> Self {
        self.payment_details.memo = Some(memo);
        self
    }

    /// Set payment URL (where to send Payment message)
    pub fn with_payment_url(mut self, url: String) -> Self {
        self.payment_details.payment_url = Some(url);
        self
    }

    /// Set merchant data (opaque customer data)
    pub fn with_merchant_data(mut self, data: Vec<u8>) -> Self {
        self.payment_details.merchant_data = Some(data);
        self
    }

    /// Sign payment request with merchant's private key
    pub fn sign(&mut self, private_key: &secp256k1::SecretKey) -> Result<(), Bip70Error> {
        // Serialize payment_details for signing
        let serialized = bincode::serialize(&self.payment_details)
            .map_err(|e| Bip70Error::SerializationError(e.to_string()))?;

        // Hash payment_details
        let mut hasher = Sha256::new();
        hasher.update(&serialized);
        let hash = hasher.finalize();

        // Create message for signing
        let message = Message::from_digest(hash.into());

        // Sign with secp256k1
        let secp = Secp256k1::new();
        let signature = secp.sign_ecdsa(&message, private_key);
        let pubkey = secp256k1::PublicKey::from_secret_key(&secp, private_key);
        let pubkey_serialized = pubkey.serialize();

        // Store signature and public key
        self.signature = Some(signature.serialize_compact().to_vec());
        self.merchant_pubkey = Some(pubkey_serialized.to_vec());

        Ok(())
    }

    /// Verify payment request signature
    pub fn verify_signature(&self) -> Result<(), Bip70Error> {
        let pubkey = self
            .merchant_pubkey
            .as_ref()
            .ok_or_else(|| Bip70Error::SignatureError("No merchant public key".to_string()))?;
        let signature_bytes = self
            .signature
            .as_ref()
            .ok_or_else(|| Bip70Error::SignatureError("No signature".to_string()))?;

        // Parse public key
        let pubkey = secp256k1::PublicKey::from_slice(pubkey)
            .map_err(|e| Bip70Error::SignatureError(format!("Invalid public key: {e}")))?;

        // Parse signature
        let signature = Signature::from_compact(signature_bytes)
            .map_err(|e| Bip70Error::SignatureError(format!("Invalid signature: {e}")))?;

        // Serialize payment_details for verification
        let serialized = bincode::serialize(&self.payment_details)
            .map_err(|e| Bip70Error::SerializationError(e.to_string()))?;

        // Hash payment_details
        let mut hasher = Sha256::new();
        hasher.update(&serialized);
        let hash = hasher.finalize();

        // Create message for verification
        let message = Message::from_digest(hash.into());

        // Verify signature
        let secp = Secp256k1::new();
        secp.verify_ecdsa(&message, &signature, &pubkey)
            .map_err(|_| Bip70Error::SignatureError("Signature verification failed".to_string()))?;

        Ok(())
    }

    /// Validate payment request
    pub fn validate(&self) -> Result<(), Bip70Error> {
        // Check expiration
        if let Some(expires) = self.payment_details.expires {
            let now = crate::time::current_timestamp();
            if now > expires {
                return Err(Bip70Error::Expired);
            }
        }

        // Validate outputs
        if self.payment_details.outputs.is_empty() {
            return Err(Bip70Error::InvalidRequest("No payment outputs".to_string()));
        }

        // Validate network
        let valid_networks = ["main", "test", "regtest"];
        if !valid_networks.contains(&self.payment_details.network.as_str()) {
            return Err(Bip70Error::InvalidRequest(format!(
                "Invalid network: {}",
                self.payment_details.network
            )));
        }

        Ok(())
    }
}

impl Payment {
    /// Create a new payment
    pub fn new(transactions: Vec<Vec<u8>>) -> Self {
        Self {
            transactions,
            refund_to: None,
            merchant_data: None,
            memo: None,
        }
    }

    /// Add refund address (must be pre-authorized in PaymentRequest)
    pub fn with_refund_to(mut self, outputs: Vec<PaymentOutput>) -> Self {
        self.refund_to = Some(outputs);
        self
    }

    /// Validate refund addresses against PaymentRequest authorized list
    pub fn validate_refund_addresses(
        &self,
        authorized_refunds: &[SignedRefundAddress],
    ) -> Result<(), Bip70Error> {
        if let Some(ref refund_to) = self.refund_to {
            for refund_addr in refund_to {
                // Check if refund address is in authorized list
                let is_authorized = authorized_refunds.iter().any(|auth| {
                    auth.address.script == refund_addr.script
                        && auth.address.amount == refund_addr.amount
                });

                if !is_authorized {
                    return Err(Bip70Error::InvalidPayment(format!(
                        "Refund address not authorized: {:?}",
                        refund_addr.script
                    )));
                }
            }
        }
        Ok(())
    }

    /// Set merchant data (echo from PaymentRequest)
    pub fn with_merchant_data(mut self, data: Vec<u8>) -> Self {
        self.merchant_data = Some(data);
        self
    }

    /// Set customer memo
    pub fn with_memo(mut self, memo: String) -> Self {
        self.memo = Some(memo);
        self
    }

    /// Validate payment
    pub fn validate(&self) -> Result<(), Bip70Error> {
        if self.transactions.is_empty() {
            return Err(Bip70Error::InvalidPayment("No transactions".to_string()));
        }

        Ok(())
    }
}

/// BIP70 Error types
#[derive(Debug, thiserror::Error)]
pub enum Bip70Error {
    #[error("Payment request expired")]
    Expired,

    #[error("Invalid payment request: {0}")]
    InvalidRequest(String),

    #[error("Invalid payment: {0}")]
    InvalidPayment(String),

    #[error("Certificate validation failed: {0}")]
    CertificateError(String),

    #[error("Signature verification failed: {0}")]
    SignatureError(String),

    #[error("HTTP error: {0}")]
    HttpError(String),

    #[error("Serialization error: {0}")]
    SerializationError(String),

    #[error("Validation error: {0}")]
    ValidationError(String),
}

/// BIP70 Payment Protocol client (for making payments via P2P)
///
/// Note: Node-specific message creation functions are in blvm-node.
/// This struct provides protocol-level validation only.
pub struct PaymentProtocolClient;

impl PaymentProtocolClient {
    /// Validate a PaymentRequest (protocol-level validation)
    pub fn validate_payment_request(
        payment_request: &PaymentRequest,
        expected_merchant_pubkey: Option<&[u8]>,
    ) -> Result<(), Bip70Error> {
        // Verify signature
        payment_request.verify_signature()?;

        // Validate payment request
        payment_request.validate()?;

        // Verify merchant pubkey matches if provided
        if let Some(expected_pubkey) = expected_merchant_pubkey {
            if let Some(ref req_pubkey) = payment_request.merchant_pubkey {
                if req_pubkey.as_slice() != expected_pubkey {
                    return Err(Bip70Error::SignatureError(
                        "PaymentRequest pubkey mismatch".to_string(),
                    ));
                }
            }
        }

        Ok(())
    }

    /// Validate PaymentACK from merchant (protocol-level validation)
    ///
    /// This is a legacy method for backward compatibility.
    /// Prefer using PaymentACK::verify_signature() directly.
    pub fn validate_payment_ack(
        payment_ack: &PaymentACK,
        merchant_signature: &[u8],
        merchant_pubkey: &[u8],
    ) -> Result<(), Bip70Error> {
        // If PaymentACK has embedded signature, use that
        if let Some(ref sig) = payment_ack.signature {
            if !sig.is_empty() {
                return payment_ack.verify_signature(merchant_pubkey);
            }
        }

        // Legacy: Verify external signature (for backward compatibility)
        if !merchant_signature.is_empty() {
            let pubkey = secp256k1::PublicKey::from_slice(merchant_pubkey)
                .map_err(|e| Bip70Error::SignatureError(format!("Invalid pubkey: {e}")))?;

            // Serialize payment_ack for verification (excluding signature field)
            let mut ack_for_verification = payment_ack.clone();
            ack_for_verification.signature = None;

            let serialized = bincode::serialize(&ack_for_verification)
                .map_err(|e| Bip70Error::SerializationError(e.to_string()))?;

            let mut hasher = Sha256::new();
            hasher.update(&serialized);
            let hash = hasher.finalize();

            let message = Message::from_digest(hash.into());

            let signature = Signature::from_compact(merchant_signature)
                .map_err(|e| Bip70Error::SignatureError(format!("Invalid signature: {e}")))?;

            let secp = Secp256k1::new();
            secp.verify_ecdsa(&message, &signature, &pubkey)
                .map_err(|_| {
                    Bip70Error::SignatureError(
                        "PaymentACK signature verification failed".to_string(),
                    )
                })?;
        }

        Ok(())
    }
}

/// BIP70 Payment Protocol server (for receiving payments via P2P)
///
/// Note: Node-specific message creation functions are in blvm-node.
/// This struct provides protocol-level processing only.
pub struct PaymentProtocolServer;

impl PaymentProtocolServer {
    /// Create signed payment request (protocol-level)
    pub fn create_signed_payment_request(
        details: PaymentDetails,
        merchant_private_key: &secp256k1::SecretKey,
        authorized_refunds: Option<Vec<SignedRefundAddress>>,
    ) -> Result<PaymentRequest, Bip70Error> {
        let mut payment_request = PaymentRequest {
            payment_details: details,
            merchant_pubkey: None,
            signature: None,
            authorized_refund_addresses: authorized_refunds,
        };

        // Sign payment request
        payment_request.sign(merchant_private_key)?;

        Ok(payment_request)
    }

    /// Process incoming payment (protocol-level validation and ACK creation)
    pub fn process_payment(
        payment: &Payment,
        original_request: &PaymentRequest,
        merchant_private_key: Option<&secp256k1::SecretKey>,
    ) -> Result<PaymentACK, Bip70Error> {
        // Validate payment
        payment.validate()?;

        // Validate refund addresses if provided
        if let Some(ref authorized_refunds) = original_request.authorized_refund_addresses {
            payment.validate_refund_addresses(authorized_refunds)?;
        }

        // Validate merchant_data matches original request
        if let Some(ref payment_merchant_data) = payment.merchant_data {
            if let Some(ref request_merchant_data) = original_request.payment_details.merchant_data
            {
                if payment_merchant_data != request_merchant_data {
                    return Err(Bip70Error::ValidationError(
                        "Merchant data mismatch".to_string(),
                    ));
                }
            }
        } else if original_request.payment_details.merchant_data.is_some() {
            return Err(Bip70Error::ValidationError(
                "Payment missing merchant data".to_string(),
            ));
        }

        // Verify transactions match PaymentRequest outputs
        Self::verify_payment_transactions(payment, original_request)?;

        // Create payment ACK
        let mut payment_ack = PaymentACK {
            payment: payment.clone(),
            memo: Some("Payment received".to_string()),
            signature: None, // Will be set by sign() method
        };

        // Sign PaymentACK if merchant key provided
        if let Some(private_key) = merchant_private_key {
            payment_ack.sign(private_key)?;
        }

        Ok(payment_ack)
    }

    /// Verify that payment transactions match PaymentRequest outputs
    fn verify_payment_transactions(
        payment: &Payment,
        original_request: &PaymentRequest,
    ) -> Result<(), Bip70Error> {
        use crate::Transaction;

        // Deserialize all transactions
        let mut all_outputs = Vec::new();
        for tx_bytes in &payment.transactions {
            let tx: Transaction = bincode::deserialize(tx_bytes)
                .map_err(|e| Bip70Error::SerializationError(format!("Invalid transaction: {e}")))?;

            // Collect all outputs from this transaction
            for output in &tx.outputs {
                all_outputs.push(PaymentOutput {
                    script: output.script_pubkey.clone(),
                    amount: Some(output.value as u64), // Convert i64 to u64
                });
            }
        }

        // Check that all requested outputs are present
        // Note: Payment may include additional outputs (change, refunds), but must include all requested
        for requested_output in &original_request.payment_details.outputs {
            let found = all_outputs.iter().any(|output| {
                output.script == requested_output.script
                    && match (output.amount, requested_output.amount) {
                        (Some(amt), Some(req_amt)) => amt >= req_amt, // Allow overpayment
                        (Some(_), None) => true,                      // Requested "all available"
                        (None, Some(_)) => false, // Output has no amount but request requires one
                        (None, None) => true,     // Both "all available"
                    }
            });

            if !found {
                return Err(Bip70Error::ValidationError(format!(
                    "Payment missing required output: script={}, amount={:?}",
                    hex::encode(&requested_output.script),
                    requested_output.amount
                )));
            }
        }

        Ok(())
    }

    /// Sign a refund address for inclusion in PaymentRequest
    pub fn sign_refund_address(
        address: PaymentOutput,
        merchant_private_key: &secp256k1::SecretKey,
    ) -> Result<SignedRefundAddress, Bip70Error> {
        // Serialize address for signing
        let serialized = bincode::serialize(&address)
            .map_err(|e| Bip70Error::SerializationError(e.to_string()))?;

        // Hash address
        let mut hasher = Sha256::new();
        hasher.update(&serialized);
        let hash = hasher.finalize();

        // Sign
        let message = Message::from_digest(hash.into());

        let secp = Secp256k1::new();
        let signature = secp.sign_ecdsa(&message, merchant_private_key);

        Ok(SignedRefundAddress {
            address,
            signature: signature.serialize_compact().to_vec(),
        })
    }

    /// Verify signed refund address
    pub fn verify_refund_address(
        signed_refund: &SignedRefundAddress,
        merchant_pubkey: &[u8],
    ) -> Result<(), Bip70Error> {
        let pubkey = secp256k1::PublicKey::from_slice(merchant_pubkey)
            .map_err(|e| Bip70Error::SignatureError(format!("Invalid pubkey: {e}")))?;

        let serialized = bincode::serialize(&signed_refund.address)
            .map_err(|e| Bip70Error::SerializationError(e.to_string()))?;

        let mut hasher = Sha256::new();
        hasher.update(&serialized);
        let hash = hasher.finalize();

        let message = Message::from_digest(hash.into());

        let signature = Signature::from_compact(&signed_refund.signature)
            .map_err(|e| Bip70Error::SignatureError(format!("Invalid signature: {e}")))?;

        let secp = Secp256k1::new();
        secp.verify_ecdsa(&message, &signature, &pubkey)
            .map_err(|_| {
                Bip70Error::SignatureError(
                    "Refund address signature verification failed".to_string(),
                )
            })?;

        Ok(())
    }
}

// --- CTV covenant types (shared by P2P payment messages and node covenant engine; serde-stable) ---

/// CTV covenant proof for payment commitment
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct CovenantProof {
    /// CTV template hash (32 bytes)
    pub template_hash: Hash,
    /// Transaction template structure (without signatures)
    pub transaction_template: TransactionTemplate,
    /// Payment request ID this proof commits to
    pub payment_request_id: String,
    /// Timestamp when proof was created
    pub created_at: u64,
    /// Optional cryptographic signature of the proof
    pub signature: Option<Vec<u8>>,
}

/// Transaction template for CTV (without scriptSig)
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct TransactionTemplate {
    pub version: u32,
    pub inputs: Vec<TemplateInput>,
    pub outputs: Vec<TemplateOutput>,
    pub lock_time: u32,
}

/// Template input (CTV format: no scriptSig)
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct TemplateInput {
    pub prevout_hash: Hash,
    pub prevout_index: u32,
    pub sequence: u32,
}

/// Template output
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct TemplateOutput {
    pub value: u64,
    pub script_pubkey: Vec<u8>,
}

/// Settlement status for payment
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum SettlementStatus {
    /// Payment proof created, not yet broadcast
    ProofCreated,
    /// Payment proof broadcast, transaction not yet in mempool
    ProofBroadcast,
    /// Transaction in mempool, waiting for confirmation
    InMempool { tx_hash: Hash },
    /// Settlement confirmed on-chain
    Settled {
        tx_hash: Hash,
        block_hash: Hash,
        confirmation_count: u32,
    },
    /// Payment failed or rejected
    Failed { reason: String },
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_payment_request_creation() {
        let output = PaymentOutput {
            script: vec![blvm_consensus::opcodes::OP_1],
            amount: Some(100000), // 0.001 BTC
        };

        let request = PaymentRequest::new("main".to_string(), vec![output], 1234567890);

        assert_eq!(request.payment_details.network, "main");
        assert_eq!(request.payment_details.outputs.len(), 1);
        assert_eq!(request.payment_details.time, 1234567890);
    }

    #[test]
    fn test_payment_request_validation() {
        let request = PaymentRequest::new(
            "main".to_string(),
            vec![PaymentOutput {
                script: vec![blvm_consensus::opcodes::OP_1],
                amount: Some(100000),
            }],
            1234567890,
        );

        assert!(request.validate().is_ok());
    }

    #[test]
    fn test_payment_request_expired() {
        let expired_time = 1000;
        let request = PaymentRequest::new(
            "main".to_string(),
            vec![PaymentOutput {
                script: vec![blvm_consensus::opcodes::OP_1],
                amount: Some(100000),
            }],
            expired_time,
        )
        .with_expires(1001);

        // Should fail validation (expired)
        let result = request.validate();
        assert!(result.is_err());
    }

    #[test]
    fn test_payment_creation() {
        let tx = vec![0x01, 0x00, 0x00, 0x00]; // Arbitrary bytes for Payment::new structure test (not a valid tx)
        let payment = Payment::new(vec![tx.clone()]);

        assert_eq!(payment.transactions.len(), 1);
        assert_eq!(payment.transactions[0], tx);
    }

    #[test]
    fn test_payment_validation() {
        let payment = Payment::new(vec![vec![0x01, 0x02, 0x03]]);
        assert!(payment.validate().is_ok());

        let empty_payment = Payment::new(vec![]);
        assert!(empty_payment.validate().is_err());
    }
}