From ef2f71e17f22633192a0dfa5e5b875c93dbac177 Mon Sep 17 00:00:00 2001
From: Armon Dadgar <armon.dadgar@gmail.com>
Date: Fri, 22 May 2015 19:31:11 -0700
Subject: [PATCH] vault: Adding InstallTime to key in keyring

---
 vault/keyring.go      | 26 ++++++++++++--------------
 vault/keyring_test.go | 16 ++++++++++------
 2 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/vault/keyring.go b/vault/keyring.go
index 65843ec87..da5ffa386 100644
--- a/vault/keyring.go
+++ b/vault/keyring.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"sync"
+	"time"
 )
 
 // Keyring is used to manage multiple encryption keys used by
@@ -30,8 +31,9 @@ type EncodedKeyring struct {
 
 // Key represents a single term, along with the key used.
 type Key struct {
-	Term  uint32
-	Value []byte
+	Term        uint32
+	Value       []byte
+	InstallTime time.Time
 }
 
 // NewKeyring creates a new keyring
@@ -44,28 +46,24 @@ func NewKeyring() *Keyring {
 }
 
 // AddKey adds a new key to the keyring
-func (k *Keyring) AddKey(term uint32, value []byte) error {
+func (k *Keyring) AddKey(key *Key) error {
 	k.l.Lock()
 	defer k.l.Unlock()
 
 	// Ensure there is no confict
-	if key, ok := k.keys[term]; ok {
-		if !bytes.Equal(key.Value, value) {
-			return fmt.Errorf("Conflicting key for term %d already installed", term)
+	if exist, ok := k.keys[key.Term]; ok {
+		if !bytes.Equal(key.Value, exist.Value) {
+			return fmt.Errorf("Conflicting key for term %d already installed", key.Term)
 		}
 		return nil
 	}
 
 	// Install the new key
-	key := &Key{
-		Term:  term,
-		Value: value,
-	}
-	k.keys[term] = key
+	k.keys[key.Term] = key
 
 	// Update the active term if newer
-	if term > k.activeTerm {
-		k.activeTerm = term
+	if key.Term > k.activeTerm {
+		k.activeTerm = key.Term
 	}
 	return nil
 }
@@ -150,7 +148,7 @@ func DeserializeKeyring(buf []byte) (*Keyring, error) {
 	k := NewKeyring()
 	k.SetMasterKey(enc.MasterKey)
 	for _, key := range enc.Keys {
-		if err := k.AddKey(key.Term, key.Value); err != nil {
+		if err := k.AddKey(key); err != nil {
 			return nil, fmt.Errorf("failed to add key for term %d: %v", key.Term, err)
 		}
 	}
diff --git a/vault/keyring_test.go b/vault/keyring_test.go
index 4608b554b..502a6dfe0 100644
--- a/vault/keyring_test.go
+++ b/vault/keyring_test.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"reflect"
 	"testing"
+	"time"
 )
 
 func TestKeyring(t *testing.T) {
@@ -21,7 +22,8 @@ func TestKeyring(t *testing.T) {
 
 	// Add a key
 	testKey := []byte("testing")
-	err := k.AddKey(1, testKey)
+	key1 := &Key{1, testKey, time.Now()}
+	err := k.AddKey(key1)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -44,21 +46,23 @@ func TestKeyring(t *testing.T) {
 	}
 
 	// Should handle idempotent set
-	err = k.AddKey(1, testKey)
+	err = k.AddKey(key1)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
 
 	// Should not allow conficting set
 	testConflict := []byte("nope")
-	err = k.AddKey(1, testConflict)
+	key1Conf := &Key{1, testConflict, time.Now()}
+	err = k.AddKey(key1Conf)
 	if err == nil {
 		t.Fatalf("err: %v", err)
 	}
 
 	// Add a new key
 	testSecond := []byte("second")
-	err = k.AddKey(2, testSecond)
+	key2 := &Key{2, testSecond, time.Now()}
+	err = k.AddKey(key2)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -136,8 +140,8 @@ func TestKeyring_Serialize(t *testing.T) {
 
 	testKey := []byte("testing")
 	testSecond := []byte("second")
-	k.AddKey(1, testKey)
-	k.AddKey(2, testSecond)
+	k.AddKey(&Key{1, testKey, time.Now()})
+	k.AddKey(&Key{2, testSecond, time.Now()})
 
 	buf, err := k.Serialize()
 	if err != nil {