+ /// Policy checks should be implemented in this function, including checking the amount
+ /// sent to us and checking the HTLCs.
+ //
+ // TODO: Document the things someone using this interface should enforce before signing.
+ fn sign_counterparty_commitment(&self, commitment_tx: &CommitmentTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()>;
+ /// Validate the counterparty's revocation.
+ ///
+ /// This is required in order for the signer to make sure that the state has moved
+ /// forward and it is safe to sign the next counterparty commitment.
+ fn validate_counterparty_revocation(&self, idx: u64, secret: &SecretKey) -> Result<(), ()>;
+
+ /// Create a signatures for a holder's commitment transaction and its claiming HTLC transactions.
+ /// This will only ever be called with a non-revoked commitment_tx. This will be called with the
+ /// latest commitment_tx when we initiate a force-close.
+ /// This will be called with the previous latest, just to get claiming HTLC signatures, if we are
+ /// reacting to a ChannelMonitor replica that decided to broadcast before it had been updated to
+ /// the latest.
+ /// This may be called multiple times for the same transaction.
+ ///
+ /// An external signer implementation should check that the commitment has not been revoked.
+ ///
+ /// May return Err if key derivation fails. Callers, such as ChannelMonitor, will panic in such a case.
+ //
+ // TODO: Document the things someone using this interface should enforce before signing.
+ // TODO: Key derivation failure should panic rather than Err
+ fn sign_holder_commitment_and_htlcs(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()>;
+
+ /// Same as sign_holder_commitment, but exists only for tests to get access to holder commitment
+ /// transactions which will be broadcasted later, after the channel has moved on to a newer
+ /// state. Thus, needs its own method as sign_holder_commitment may enforce that we only ever
+ /// get called once.
+ #[cfg(any(test,feature = "unsafe_revoked_tx_signing"))]
+ fn unsafe_sign_holder_commitment_and_htlcs(&self, commitment_tx: &HolderCommitmentTransaction, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<(Signature, Vec<Signature>), ()>;
+
+ /// Create a signature for the given input in a transaction spending an HTLC transaction output
+ /// or a commitment transaction `to_local` output when our counterparty broadcasts an old state.
+ ///
+ /// A justice transaction may claim multiple outputs at the same time if timelocks are
+ /// similar, but only a signature for the input at index `input` should be signed for here.
+ /// It may be called multiple times for same output(s) if a fee-bump is needed with regards
+ /// to an upcoming timelock expiration.
+ ///
+ /// Amount is value of the output spent by this input, committed to in the BIP 143 signature.
+ ///
+ /// per_commitment_key is revocation secret which was provided by our counterparty when they
+ /// revoked the state which they eventually broadcast. It's not a _holder_ secret key and does
+ /// not allow the spending of any funds by itself (you need our holder revocation_secret to do
+ /// so).
+ fn sign_justice_revoked_output(&self, justice_tx: &Transaction, input: usize, amount: u64, per_commitment_key: &SecretKey, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()>;
+
+ /// Create a signature for the given input in a transaction spending a commitment transaction
+ /// HTLC output when our counterparty broadcasts an old state.
+ ///
+ /// A justice transaction may claim multiple outputs at the same time if timelocks are
+ /// similar, but only a signature for the input at index `input` should be signed for here.
+ /// It may be called multiple times for same output(s) if a fee-bump is needed with regards
+ /// to an upcoming timelock expiration.
+ ///
+ /// Amount is value of the output spent by this input, committed to in the BIP 143 signature.
+ ///
+ /// per_commitment_key is revocation secret which was provided by our counterparty when they
+ /// revoked the state which they eventually broadcast. It's not a _holder_ secret key and does
+ /// not allow the spending of any funds by itself (you need our holder revocation_secret to do
+ /// so).
+ ///
+ /// htlc holds HTLC elements (hash, timelock), thus changing the format of the witness script
+ /// (which is committed to in the BIP 143 signatures).
+ fn sign_justice_revoked_htlc(&self, justice_tx: &Transaction, input: usize, amount: u64, per_commitment_key: &SecretKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()>;
+
+ /// Create a signature for a claiming transaction for a HTLC output on a counterparty's commitment
+ /// transaction, either offered or received.
+ ///
+ /// Such a transaction may claim multiples offered outputs at same time if we know the
+ /// preimage for each when we create it, but only the input at index `input` should be
+ /// signed for here. It may be called multiple times for same output(s) if a fee-bump is
+ /// needed with regards to an upcoming timelock expiration.
+ ///
+ /// Witness_script is either a offered or received script as defined in BOLT3 for HTLC
+ /// outputs.
+ ///
+ /// Amount is value of the output spent by this input, committed to in the BIP 143 signature.
+ ///
+ /// Per_commitment_point is the dynamic point corresponding to the channel state
+ /// detected onchain. It has been generated by our counterparty and is used to derive
+ /// channel state keys, which are then included in the witness script and committed to in the
+ /// BIP 143 signature.
+ fn sign_counterparty_htlc_transaction(&self, htlc_tx: &Transaction, input: usize, amount: u64, per_commitment_point: &PublicKey, htlc: &HTLCOutputInCommitment, secp_ctx: &Secp256k1<secp256k1::All>) -> Result<Signature, ()>;