SERVER-27768 Implement HMAC key for signing Logical clock's storage & distribution

1 files changed, 19 insertions, 10 deletions

diff --git a/src/mongo/db/time_proof_service.h b/src/mongo/db/time_proof_service.h
index 5be6bf46e38..2157523f6fc 100644
--- a/src/mongo/db/time_proof_service.h
+++ b/src/mongo/db/time_proof_service.h
@@ -35,27 +35,36 @@
 namespace mongo {
 
 /**
- *  Mock of the TimeProofService class. The class when fully implemented will be self-contained. It
- *  will provide key management and rotation, caching and other optimizations as needed.
+ * TODO: SERVER-28127 Add key rotation to the TimeProofService
+ *
+ * The TimeProofService holds the key used by mongod and mongos processes to verify logical times
+ * and contains the logic to generate this key, but not to store or retrieve it.
  */
 class TimeProofService {
 public:
     // This type must be synchronized with the library that generates SHA1 or other proof.
     using TimeProof = SHA1Block;
+    using Key = SHA1Block;
+
+    TimeProofService(Key key) : _key(std::move(key)) {}
+
+    /**
+     * Generates a pseudorandom key to be used for HMAC authentication.
+     */
+    static Key generateRandomKey();
 
     /**
-     *  Returns the proof matching the time argument.
+     * Returns the proof matching the time argument.
      */
-    TimeProof getProof(LogicalTime time) {
-        return SHA1Block();
-    }
+    TimeProof getProof(const LogicalTime& time) const;
 
     /**
-     *  Verifies that the proof is matching the time argument.
+     * Verifies that the proof matches the time argument.
      */
-    Status checkProof(LogicalTime time, const TimeProof& proof) {
-        return Status::OK();
-    }
+    Status checkProof(const LogicalTime& time, const TimeProof& proof) const;
+
+private:
+    Key _key;
 };
 
 }  // namespace mongo