-/// Enforces some rules on ChannelKeys calls. Eventually we will probably want to expose a variant
-/// of this which would essentially be what you'd want to run on a hardware wallet.
-pub struct EnforcingChannelKeys {
- pub inner: InMemoryChannelKeys,
- commitment_number_obscure_and_last: Mutex<(Option<u64>, u64)>,
+use bitcoin::secp256k1;
+use bitcoin::secp256k1::key::{SecretKey, PublicKey};
+use bitcoin::secp256k1::{Secp256k1, Signature};
+use util::ser::{Writeable, Writer, Readable};
+use std::io::Error;
+use ln::msgs::DecodeError;
+
+/// Initial value for revoked commitment downward counter
+pub const INITIAL_REVOKED_COMMITMENT_NUMBER: u64 = 1 << 48;
+
+/// An implementation of Sign that enforces some policy checks. The current checks
+/// are an incomplete set. They include:
+///
+/// - When signing, the holder transaction has not been revoked
+/// - When revoking, the holder transaction has not been signed
+/// - The holder commitment number is monotonic and without gaps
+/// - The counterparty commitment number is monotonic and without gaps
+/// - The pre-derived keys and pre-built transaction in CommitmentTransaction were correctly built
+///
+/// Eventually we will probably want to expose a variant of this which would essentially
+/// be what you'd want to run on a hardware wallet.
+///
+/// Note that before we do so we should ensure its serialization format has backwards- and
+/// forwards-compatibility prefix/suffixes!
+#[derive(Clone)]
+pub struct EnforcingSigner {
+ pub inner: InMemorySigner,
+ /// The last counterparty commitment number we signed, backwards counting
+ pub last_commitment_number: Arc<Mutex<Option<u64>>>,
+ /// The last holder commitment number we revoked, backwards counting
+ pub revoked_commitment: Arc<Mutex<u64>>,
+ pub disable_revocation_policy_check: bool,