diff options
author | Randolph Tan <randolph@10gen.com> | 2017-05-01 14:37:16 -0400 |
---|---|---|
committer | Randolph Tan <randolph@10gen.com> | 2017-05-22 10:59:36 -0400 |
commit | 8edbf46a78494ae034e8faa982c8f8bdcd5c3ef4 (patch) | |
tree | e5484224ac87be90ffb8b24d25beb97f07ab5d01 /src/mongo/db/logical_time_validator.h | |
parent | b035e46ec65088885d8b934af235481f294af77f (diff) | |
download | mongo-8edbf46a78494ae034e8faa982c8f8bdcd5c3ef4.tar.gz |
SERVER-28127 Integrate KeyManager to LogicalClock
Diffstat (limited to 'src/mongo/db/logical_time_validator.h')
-rw-r--r-- | src/mongo/db/logical_time_validator.h | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/src/mongo/db/logical_time_validator.h b/src/mongo/db/logical_time_validator.h index 74bf93077bf..24be173d2dd 100644 --- a/src/mongo/db/logical_time_validator.h +++ b/src/mongo/db/logical_time_validator.h @@ -38,6 +38,8 @@ namespace mongo { class OperationContext; class ServiceContext; +class KeysCollectionDocument; +class KeysCollectionManager; /** * This is responsible for signing logical times that can be used to sent to other servers and @@ -50,26 +52,52 @@ public: static LogicalTimeValidator* get(OperationContext* ctx); static void set(ServiceContext* service, std::unique_ptr<LogicalTimeValidator> validator); + explicit LogicalTimeValidator(std::unique_ptr<KeysCollectionManager> keyManager); + + /** + * Tries to sign the newTime with a valid signature. Can return an empty signature and keyId + * of 0 if it cannot find valid key for newTime. + */ + SignedLogicalTime trySignLogicalTime(const LogicalTime& newTime); + /** * Returns the newTime with a valid signature. */ - SignedLogicalTime signLogicalTime(const LogicalTime& newTime); + SignedLogicalTime signLogicalTime(OperationContext* opCtx, const LogicalTime& newTime); /** * Returns true if the signature of newTime is valid. */ - Status validate(const SignedLogicalTime& newTime); + Status validate(OperationContext* opCtx, const SignedLogicalTime& newTime); + + /** + * Initializes this validator. This should be called first before the other methods can be used. + */ + void init(ServiceContext* service); /** - * Saves the newTime if it is newer than the last seen valid LogicalTime without performing - * validation. + * Cleans up this validator. This will no longer be usable after this is called. */ - void updateCacheTrustedSource(const SignedLogicalTime& newTime); + void shutDown(); + + /** + * Enable writing new keys to the config server primary. Should only be called if current node + * is the config primary. + */ + void enableKeyGenerator(OperationContext* opCtx, bool doEnable); + + /** + * Returns true if client has sufficient privilege to advance clock. + */ + static bool isAuthorizedToAdvanceClock(OperationContext* opCtx); private: + SignedLogicalTime _getProof(const KeysCollectionDocument& keyDoc, LogicalTime newTime); + stdx::mutex _mutex; SignedLogicalTime _lastSeenValidTime; TimeProofService _timeProofService; + std::unique_ptr<KeysCollectionManager> _keyManager; }; } // namespace mongo |