SERVER-28432 Move key management out from TimeProofService

13 files changed, 42 insertions, 56 deletions

diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp
index 07d790b9a48..7a4aa4a1b18 100644
--- a/src/mongo/db/db.cpp
+++ b/src/mongo/db/db.cpp
@@ -894,9 +894,7 @@ MONGO_INITIALIZER_WITH_PREREQUISITES(CreateReplicationManager,
     topoCoordOptions.maxSyncSourceLagSecs = Seconds(repl::maxSyncSourceLagSecs);
     topoCoordOptions.clusterRole = serverGlobalParams.clusterRole;
 
-    std::array<std::uint8_t, 20> tempKey = {};
-    TimeProofService::Key key(std::move(tempKey));
-    auto timeProofService = stdx::make_unique<TimeProofService>(std::move(key));
+    auto timeProofService = stdx::make_unique<TimeProofService>();
     auto logicalClock =
         stdx::make_unique<LogicalClock>(serviceContext, std::move(timeProofService));
     LogicalClock::set(serviceContext, std::move(logicalClock));
diff --git a/src/mongo/db/logical_clock.cpp b/src/mongo/db/logical_clock.cpp
index 32e0b22184e..6f0e4c55574 100644
--- a/src/mongo/db/logical_clock.cpp
+++ b/src/mongo/db/logical_clock.cpp
@@ -95,7 +95,7 @@ SignedLogicalTime LogicalClock::getClusterTime() {
 SignedLogicalTime LogicalClock::_makeSignedLogicalTime(LogicalTime logicalTime) {
     // TODO: SERVER-28436 Implement KeysCollectionManager
     // Replace dummy keyId with real id from key manager.
-    return SignedLogicalTime(logicalTime, _timeProofService->getProof(logicalTime), 0);
+    return SignedLogicalTime(logicalTime, _timeProofService->getProof(logicalTime, _tempKey), 0);
 }
 
 Status LogicalClock::advanceClusterTime(const SignedLogicalTime& newTime) {
@@ -107,7 +107,7 @@ Status LogicalClock::advanceClusterTime(const SignedLogicalTime& newTime) {
     }
 
     invariant(_timeProofService);
-    auto res = _timeProofService->checkProof(newLogicalTime, newTime.getProof());
+    auto res = _timeProofService->checkProof(newLogicalTime, newTime.getProof(), _tempKey);
     if (res != Status::OK()) {
         return res;
     }
diff --git a/src/mongo/db/logical_clock.h b/src/mongo/db/logical_clock.h
index aabe9a07c89..06562c92719 100644
--- a/src/mongo/db/logical_clock.h
+++ b/src/mongo/db/logical_clock.h
@@ -115,6 +115,14 @@ private:
     // the mutex protects _clusterTime
     stdx::mutex _mutex;
     SignedLogicalTime _clusterTime;
+
+    /**
+     * Temporary key only used for unit tests.
+     *
+     * TODO: SERVER-28436 Implement KeysCollectionManager
+     * Remove _tempKey and its uses from logical clock, and pass actual key from key manager.
+     */
+    TimeProofService::Key _tempKey = {};
 };
 
 }  // namespace mongo
diff --git a/src/mongo/db/logical_clock_test.cpp b/src/mongo/db/logical_clock_test.cpp
index 156232fc386..98c600a1421 100644
--- a/src/mongo/db/logical_clock_test.cpp
+++ b/src/mongo/db/logical_clock_test.cpp
@@ -46,9 +46,7 @@ class LogicalClockTestBase : public unittest::Test {
 protected:
     void setUp() {
         _serviceContext = stdx::make_unique<ServiceContextNoop>();
-        std::array<std::uint8_t, 20> tempKey = {};
-        TimeProofService::Key key(std::move(tempKey));
-        auto pTps = stdx::make_unique<TimeProofService>(std::move(key));
+        auto pTps = stdx::make_unique<TimeProofService>();
         _timeProofService = pTps.get();
         _clock = stdx::make_unique<LogicalClock>(_serviceContext.get(), std::move(pTps));
     }
@@ -63,7 +61,8 @@ protected:
     }
 
     SignedLogicalTime makeSignedLogicalTime(LogicalTime logicalTime) {
-        return SignedLogicalTime(logicalTime, _timeProofService->getProof(logicalTime), 0);
+        TimeProofService::Key key = {};
+        return SignedLogicalTime(logicalTime, _timeProofService->getProof(logicalTime, key), 0);
     }
 
     const unsigned currentWallClockSecs() {
@@ -79,17 +78,11 @@ private:
 
 // Check that the initial time does not change during logicalClock creation.
 TEST_F(LogicalClockTestBase, roundtrip) {
-    // Create different logicalClock instance to validate that the initial time is preserved.
-    ServiceContextNoop serviceContext;
     Timestamp tX(1);
-    std::array<std::uint8_t, 20> tempKey = {};
-    TimeProofService::Key key(std::move(tempKey));
-    auto pTps = stdx::make_unique<TimeProofService>(std::move(key));
     auto time = LogicalTime(tX);
 
-    LogicalClock logicalClock(&serviceContext, std::move(pTps));
-    logicalClock.initClusterTimeFromTrustedSource(time);
-    auto storedTime(logicalClock.getClusterTime());
+    getClock()->initClusterTimeFromTrustedSource(time);
+    auto storedTime(getClock()->getClusterTime());
 
     ASSERT_TRUE(storedTime.getTime() == time);
 }
diff --git a/src/mongo/db/logical_clock_test_fixture.cpp b/src/mongo/db/logical_clock_test_fixture.cpp
index 618da867ee1..6f5860b7a66 100644
--- a/src/mongo/db/logical_clock_test_fixture.cpp
+++ b/src/mongo/db/logical_clock_test_fixture.cpp
@@ -40,9 +40,7 @@ namespace mongo {
 void LogicalClockTest::setUp() {
     auto service = getGlobalServiceContext();
 
-    std::array<std::uint8_t, 20> tempKey = {};
-    TimeProofService::Key key(std::move(tempKey));
-    auto timeProofService = stdx::make_unique<TimeProofService>(std::move(key));
+    auto timeProofService = stdx::make_unique<TimeProofService>();
     auto logicalClock = stdx::make_unique<LogicalClock>(service, std::move(timeProofService));
     LogicalClock::set(service, std::move(logicalClock));
 }
diff --git a/src/mongo/db/logical_time_test.cpp b/src/mongo/db/logical_time_test.cpp
index b55d4fee950..ed738cc20d6 100644
--- a/src/mongo/db/logical_time_test.cpp
+++ b/src/mongo/db/logical_time_test.cpp
@@ -107,12 +107,10 @@ TEST(LogicalTime, toUnsignedArray) {
 
 TEST(SignedLogicalTime, roundtrip) {
     Timestamp tX(1);
-
-    std::array<std::uint8_t, 20> tempKey = {};
-    TimeProofService::Key key(std::move(tempKey));
-    TimeProofService tps(std::move(key));
+    TimeProofService tps;
+    TimeProofService::Key key = {};
     auto time = LogicalTime(tX);
-    auto proof = tps.getProof(time);
+    auto proof = tps.getProof(time, key);
 
     long long keyId = 1;
 
diff --git a/src/mongo/db/repl/replication_coordinator_test_fixture.cpp b/src/mongo/db/repl/replication_coordinator_test_fixture.cpp
index 93c3a564a93..21fe828ee95 100644
--- a/src/mongo/db/repl/replication_coordinator_test_fixture.cpp
+++ b/src/mongo/db/repl/replication_coordinator_test_fixture.cpp
@@ -122,9 +122,7 @@ void ReplCoordTest::init() {
     // PRNG seed for tests.
     const int64_t seed = 0;
 
-    std::array<std::uint8_t, 20> tempKey = {};
-    TimeProofService::Key key(std::move(tempKey));
-    auto timeProofService = stdx::make_unique<TimeProofService>(std::move(key));
+    auto timeProofService = stdx::make_unique<TimeProofService>();
     auto logicalClock = stdx::make_unique<LogicalClock>(service, std::move(timeProofService));
     LogicalClock::set(service, std::move(logicalClock));
 
diff --git a/src/mongo/db/service_context_d_test_fixture.cpp b/src/mongo/db/service_context_d_test_fixture.cpp
index 3ea54ecf2d6..b90d58fb72a 100644
--- a/src/mongo/db/service_context_d_test_fixture.cpp
+++ b/src/mongo/db/service_context_d_test_fixture.cpp
@@ -55,9 +55,7 @@ void ServiceContextMongoDTest::setUp() {
     Client::initThread(getThreadName());
     ServiceContext* serviceContext = getServiceContext();
 
-    std::array<std::uint8_t, 20> tempKey = {};
-    TimeProofService::Key key(std::move(tempKey));
-    auto timeProofService = stdx::make_unique<TimeProofService>(std::move(key));
+    auto timeProofService = stdx::make_unique<TimeProofService>();
     auto logicalClock =
         stdx::make_unique<LogicalClock>(serviceContext, std::move(timeProofService));
     LogicalClock::set(serviceContext, std::move(logicalClock));
diff --git a/src/mongo/db/time_proof_service.cpp b/src/mongo/db/time_proof_service.cpp
index 1d0d6c0b46b..38b63a3af63 100644
--- a/src/mongo/db/time_proof_service.cpp
+++ b/src/mongo/db/time_proof_service.cpp
@@ -48,14 +48,17 @@ TimeProofService::Key TimeProofService::generateRandomKey() {
                                                  SHA1Block::kHashLength));
 }
 
-TimeProofService::TimeProof TimeProofService::getProof(const LogicalTime& time) const {
+TimeProofService::TimeProof TimeProofService::getProof(const LogicalTime& time,
+                                                       const Key& key) const {
     auto unsignedTimeArray = time.toUnsignedArray();
     return SHA1Block::computeHmac(
-        _key.data(), _key.size(), unsignedTimeArray.data(), unsignedTimeArray.size());
+        key.data(), key.size(), unsignedTimeArray.data(), unsignedTimeArray.size());
 }
 
-Status TimeProofService::checkProof(const LogicalTime& time, const TimeProof& proof) const {
-    auto myProof = getProof(time);
+Status TimeProofService::checkProof(const LogicalTime& time,
+                                    const TimeProof& proof,
+                                    const Key& key) const {
+    auto myProof = getProof(time, key);
     if (myProof != proof) {
         return Status(ErrorCodes::TimeProofMismatch, "Proof does not match the logical time");
     }
diff --git a/src/mongo/db/time_proof_service.h b/src/mongo/db/time_proof_service.h
index 2157523f6fc..a0a297379e0 100644
--- a/src/mongo/db/time_proof_service.h
+++ b/src/mongo/db/time_proof_service.h
@@ -46,7 +46,7 @@ public:
     using TimeProof = SHA1Block;
     using Key = SHA1Block;
 
-    TimeProofService(Key key) : _key(std::move(key)) {}
+    TimeProofService() = default;
 
     /**
      * Generates a pseudorandom key to be used for HMAC authentication.
@@ -56,15 +56,12 @@ public:
     /**
      * Returns the proof matching the time argument.
      */
-    TimeProof getProof(const LogicalTime& time) const;
+    TimeProof getProof(const LogicalTime& time, const Key& key) const;
 
     /**
      * Verifies that the proof matches the time argument.
      */
-    Status checkProof(const LogicalTime& time, const TimeProof& proof) const;
-
-private:
-    Key _key;
+    Status checkProof(const LogicalTime& time, const TimeProof& proof, const Key& key) const;
 };
 
 }  // namespace mongo
diff --git a/src/mongo/db/time_proof_service_test.cpp b/src/mongo/db/time_proof_service_test.cpp
index 6c4a8d51256..19c35ef05c0 100644
--- a/src/mongo/db/time_proof_service_test.cpp
+++ b/src/mongo/db/time_proof_service_test.cpp
@@ -38,28 +38,27 @@ namespace {
 
 using TimeProof = TimeProofService::TimeProof;
 
+const TimeProofService::Key key = {};
+
 // Verifies logical time with proof signed with the correct key.
 TEST(TimeProofService, VerifyLogicalTimeWithValidProof) {
-    std::array<std::uint8_t, 20> tempKey = {};
-    TimeProofService::Key key(std::move(tempKey));
-    TimeProofService timeProofService(std::move(key));
+    TimeProofService timeProofService;
 
     LogicalTime time(Timestamp(1));
-    TimeProof proof = timeProofService.getProof(time);
+    TimeProof proof = timeProofService.getProof(time, key);
 
-    ASSERT_OK(timeProofService.checkProof(time, proof));
+    ASSERT_OK(timeProofService.checkProof(time, proof, key));
 }
 
 // Fails for logical time with proof signed with an invalid key.
 TEST(TimeProofService, LogicalTimeWithMismatchingProofShouldFail) {
-    std::array<std::uint8_t, 20> tempKey = {};
-    TimeProofService::Key key(std::move(tempKey));
-    TimeProofService timeProofService(std::move(key));
+    TimeProofService timeProofService;
 
     LogicalTime time(Timestamp(1));
     TimeProof invalidProof = {{1, 2, 3}};
 
-    ASSERT_EQUALS(ErrorCodes::TimeProofMismatch, timeProofService.checkProof(time, invalidProof));
+    ASSERT_EQUALS(ErrorCodes::TimeProofMismatch,
+                  timeProofService.checkProof(time, invalidProof, key));
 }
 
 }  // unnamed namespace
diff --git a/src/mongo/dbtests/dbtests.cpp b/src/mongo/dbtests/dbtests.cpp
index 1ad9c0f8d2d..2f54eb7d1ae 100644
--- a/src/mongo/dbtests/dbtests.cpp
+++ b/src/mongo/dbtests/dbtests.cpp
@@ -132,9 +132,7 @@ int dbtestsMain(int argc, char** argv, char** envp) {
     replSettings.setOplogSizeBytes(10 * 1024 * 1024);
     ServiceContext* service = getGlobalServiceContext();
 
-    std::array<std::uint8_t, 20> tempKey = {};
-    TimeProofService::Key key(std::move(tempKey));
-    auto timeProofService = stdx::make_unique<TimeProofService>(std::move(key));
+    auto timeProofService = stdx::make_unique<TimeProofService>();
     auto logicalClock = stdx::make_unique<LogicalClock>(service, std::move(timeProofService));
     LogicalClock::set(service, std::move(logicalClock));
 
diff --git a/src/mongo/s/server.cpp b/src/mongo/s/server.cpp
index 8e6ea2edefd..21665ef726b 100644
--- a/src/mongo/s/server.cpp
+++ b/src/mongo/s/server.cpp
@@ -288,9 +288,7 @@ static ExitCode runMongosServer() {
 
     auto opCtx = cc().makeOperationContext();
 
-    std::array<std::uint8_t, 20> tempKey = {};
-    TimeProofService::Key key(std::move(tempKey));
-    auto timeProofService = stdx::make_unique<TimeProofService>(std::move(key));
+    auto timeProofService = stdx::make_unique<TimeProofService>();
     auto logicalClock =
         stdx::make_unique<LogicalClock>(opCtx->getServiceContext(), std::move(timeProofService));
     LogicalClock::set(opCtx->getServiceContext(), std::move(logicalClock));