From 63adba17441f4d953dc1a806106543adf02cd723 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 3 Sep 2020 11:13:07 -0400
Subject: [PATCH] checkable: Add a simple type for self-signed objects.

---
 tor-checkable/Cargo.toml    |  3 +++
 tor-checkable/src/lib.rs    |  1 +
 tor-checkable/src/signed.rs | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 36 insertions(+)
 create mode 100644 tor-checkable/src/signed.rs

diff --git a/tor-checkable/Cargo.toml b/tor-checkable/Cargo.toml
index 445b7fe28..b9a691ff6 100644
--- a/tor-checkable/Cargo.toml
+++ b/tor-checkable/Cargo.toml
@@ -7,4 +7,7 @@ license = "MIT OR Apache-2.0"
 publish = false
 
 [dependencies]
+signature = "*"
 thiserror = "*"
+
+tor-llcrypto = { path="../tor-llcrypto", version = "*" }
\ No newline at end of file
diff --git a/tor-checkable/src/lib.rs b/tor-checkable/src/lib.rs
index eeadb24fa..75fe91682 100644
--- a/tor-checkable/src/lib.rs
+++ b/tor-checkable/src/lib.rs
@@ -17,6 +17,7 @@
 use std::time;
 use thiserror::Error;
 
+pub mod signed;
 pub mod timed;
 
 /// An error that can occur when checking whether a Timebound object is
diff --git a/tor-checkable/src/signed.rs b/tor-checkable/src/signed.rs
new file mode 100644
index 000000000..54cd73e3c
--- /dev/null
+++ b/tor-checkable/src/signed.rs
@@ -0,0 +1,32 @@
+//! Convenience implementation of a SelfSigned object.
+
+use tor_llcrypto::pk::ValidatableSignature;
+
+/// A SignatureGated object is a self-signed object that's well-signed
+/// when one or more ValidatableSignature objects are correct.
+pub struct SignatureGated<T> {
+    obj: T,
+    signatures: Vec<Box<dyn ValidatableSignature>>,
+}
+
+impl<T> SignatureGated<T> {
+    /// Return a new SignatureGated object that will be treated as
+    /// correct if every one if the given set of signatures is valid.
+    pub fn new(obj: T, signatures: Vec<Box<dyn ValidatableSignature>>) -> Self {
+        SignatureGated { obj, signatures }
+    }
+}
+
+impl<T> super::SelfSigned<T> for SignatureGated<T> {
+    type Error = signature::Error;
+    fn dangerously_assume_wellsigned(self) -> T {
+        self.obj
+    }
+    fn is_well_signed(&self) -> Result<(), Self::Error> {
+        if self.signatures.iter().all(|b| b.is_valid()) {
+            Ok(())
+        } else {
+            Err(signature::Error::new())
+        }
+    }
+}