diff options
Diffstat (limited to 'src/mongo/db/service_liason.cpp')
-rw-r--r-- | src/mongo/db/service_liason.cpp | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/src/mongo/db/service_liason.cpp b/src/mongo/db/service_liason.cpp index 96bb92d2b00..22edb98b5c2 100644 --- a/src/mongo/db/service_liason.cpp +++ b/src/mongo/db/service_liason.cpp @@ -36,73 +36,6 @@ namespace mongo { -namespace { - -const int kSignatureSize = sizeof(UUID) + sizeof(OID); - -SHA1Block computeSignature(const SignedLogicalSessionId* id, TimeProofService::Key key) { - // Write the uuid and user id to a block for signing. - char signatureBlock[kSignatureSize] = {0}; - DataRangeCursor cursor(signatureBlock, signatureBlock + kSignatureSize); - auto res = cursor.writeAndAdvance<ConstDataRange>(id->getLsid().getId().toCDR()); - invariant(res.isOK()); - if (auto userId = id->getUserId()) { - res = cursor.writeAndAdvance<ConstDataRange>(userId->toCDR()); - invariant(res.isOK()); - } - - // Compute the signature. - return SHA1Block::computeHmac( - key.data(), key.size(), reinterpret_cast<uint8_t*>(signatureBlock), kSignatureSize); -} - -KeysCollectionManagerZero kKeysCollectionManagerZero{"HMAC"}; - -} // namespace - ServiceLiason::~ServiceLiason() = default; -StatusWith<SignedLogicalSessionId> ServiceLiason::signLsid(OperationContext* opCtx, - const LogicalSessionId& lsid, - boost::optional<OID> userId) { - auto& keyManager = kKeysCollectionManagerZero; - - auto logicalTime = LogicalClock::get(_context())->getClusterTime(); - auto res = keyManager.getKeyForSigning(opCtx, logicalTime); - if (!res.isOK()) { - return res.getStatus(); - } - - SignedLogicalSessionId signedLsid; - signedLsid.setUserId(std::move(userId)); - signedLsid.setLsid(lsid); - - auto keyDoc = res.getValue(); - signedLsid.setKeyId(keyDoc.getKeyId()); - - auto signature = computeSignature(&signedLsid, keyDoc.getKey()); - signedLsid.setSignature(std::move(signature)); - - return signedLsid; -} - -Status ServiceLiason::validateLsid(OperationContext* opCtx, const SignedLogicalSessionId& id) { - auto& keyManager = kKeysCollectionManagerZero; - - // Attempt to get the correct key. - auto logicalTime = LogicalClock::get(_context())->getClusterTime(); - auto res = keyManager.getKeyForValidation(opCtx, id.getKeyId(), logicalTime); - if (!res.isOK()) { - return res.getStatus(); - } - - // Re-compute the signature, and see that it matches. - auto signature = computeSignature(&id, res.getValue().getKey()); - if (signature != id.getSignature()) { - return {ErrorCodes::NoSuchSession, "Signature validation failed."}; - } - - return Status::OK(); -} - } // namespace mongo |