summaryrefslogtreecommitdiff
path: root/src/mongo/db/logical_time_validator.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/logical_time_validator.cpp')
-rw-r--r--src/mongo/db/logical_time_validator.cpp27
1 files changed, 19 insertions, 8 deletions
diff --git a/src/mongo/db/logical_time_validator.cpp b/src/mongo/db/logical_time_validator.cpp
index c56a3a146f0..d2b8866a79c 100644
--- a/src/mongo/db/logical_time_validator.cpp
+++ b/src/mongo/db/logical_time_validator.cpp
@@ -164,23 +164,34 @@ Status LogicalTimeValidator::validate(OperationContext* opCtx, const SignedLogic
}
}
- auto keyStatus =
- _getKeyManagerCopy()->getKeyForValidation(opCtx, newTime.getKeyId(), newTime.getTime());
- uassertStatusOK(keyStatus.getStatus());
+ auto keyStatusWith =
+ _getKeyManagerCopy()->getKeysForValidation(opCtx, newTime.getKeyId(), newTime.getTime());
+ auto status = keyStatusWith.getStatus();
- const auto& key = keyStatus.getValue().getKey();
+ if (!status.isOK()) {
+ return status;
+ }
+
+ auto keys = keyStatusWith.getValue();
+ invariant(!keys.empty());
const auto newProof = newTime.getProof();
// Cluster time is only sent if a server's clock can verify and sign cluster times, so any
// received cluster times should have proofs.
invariant(newProof);
- auto res = _timeProofService.checkProof(newTime.getTime(), newProof.get(), key);
- if (res != Status::OK()) {
- return res;
+ auto firstError = Status::OK();
+ for (const auto& key : keys) {
+ auto proofStatus =
+ _timeProofService.checkProof(newTime.getTime(), newProof.get(), key.getKey());
+ if (proofStatus.isOK()) {
+ return Status::OK();
+ } else if (firstError.isOK()) {
+ firstError = proofStatus;
+ }
}
- return Status::OK();
+ return firstError;
}
void LogicalTimeValidator::init(ServiceContext* service) {
View Lorry Controller Status