vault: Adding InstallTime to key in keyring
This commit is contained in:
parent
57c763a3fa
commit
ef2f71e17f
|
@ -5,6 +5,7 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Keyring is used to manage multiple encryption keys used by
|
||||
|
@ -30,8 +31,9 @@ type EncodedKeyring struct {
|
|||
|
||||
// Key represents a single term, along with the key used.
|
||||
type Key struct {
|
||||
Term uint32
|
||||
Value []byte
|
||||
Term uint32
|
||||
Value []byte
|
||||
InstallTime time.Time
|
||||
}
|
||||
|
||||
// NewKeyring creates a new keyring
|
||||
|
@ -44,28 +46,24 @@ func NewKeyring() *Keyring {
|
|||
}
|
||||
|
||||
// AddKey adds a new key to the keyring
|
||||
func (k *Keyring) AddKey(term uint32, value []byte) error {
|
||||
func (k *Keyring) AddKey(key *Key) error {
|
||||
k.l.Lock()
|
||||
defer k.l.Unlock()
|
||||
|
||||
// Ensure there is no confict
|
||||
if key, ok := k.keys[term]; ok {
|
||||
if !bytes.Equal(key.Value, value) {
|
||||
return fmt.Errorf("Conflicting key for term %d already installed", term)
|
||||
if exist, ok := k.keys[key.Term]; ok {
|
||||
if !bytes.Equal(key.Value, exist.Value) {
|
||||
return fmt.Errorf("Conflicting key for term %d already installed", key.Term)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Install the new key
|
||||
key := &Key{
|
||||
Term: term,
|
||||
Value: value,
|
||||
}
|
||||
k.keys[term] = key
|
||||
k.keys[key.Term] = key
|
||||
|
||||
// Update the active term if newer
|
||||
if term > k.activeTerm {
|
||||
k.activeTerm = term
|
||||
if key.Term > k.activeTerm {
|
||||
k.activeTerm = key.Term
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -150,7 +148,7 @@ func DeserializeKeyring(buf []byte) (*Keyring, error) {
|
|||
k := NewKeyring()
|
||||
k.SetMasterKey(enc.MasterKey)
|
||||
for _, key := range enc.Keys {
|
||||
if err := k.AddKey(key.Term, key.Value); err != nil {
|
||||
if err := k.AddKey(key); err != nil {
|
||||
return nil, fmt.Errorf("failed to add key for term %d: %v", key.Term, err)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"bytes"
|
||||
"reflect"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
func TestKeyring(t *testing.T) {
|
||||
|
@ -21,7 +22,8 @@ func TestKeyring(t *testing.T) {
|
|||
|
||||
// Add a key
|
||||
testKey := []byte("testing")
|
||||
err := k.AddKey(1, testKey)
|
||||
key1 := &Key{1, testKey, time.Now()}
|
||||
err := k.AddKey(key1)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
@ -44,21 +46,23 @@ func TestKeyring(t *testing.T) {
|
|||
}
|
||||
|
||||
// Should handle idempotent set
|
||||
err = k.AddKey(1, testKey)
|
||||
err = k.AddKey(key1)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
// Should not allow conficting set
|
||||
testConflict := []byte("nope")
|
||||
err = k.AddKey(1, testConflict)
|
||||
key1Conf := &Key{1, testConflict, time.Now()}
|
||||
err = k.AddKey(key1Conf)
|
||||
if err == nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
// Add a new key
|
||||
testSecond := []byte("second")
|
||||
err = k.AddKey(2, testSecond)
|
||||
key2 := &Key{2, testSecond, time.Now()}
|
||||
err = k.AddKey(key2)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
@ -136,8 +140,8 @@ func TestKeyring_Serialize(t *testing.T) {
|
|||
|
||||
testKey := []byte("testing")
|
||||
testSecond := []byte("second")
|
||||
k.AddKey(1, testKey)
|
||||
k.AddKey(2, testSecond)
|
||||
k.AddKey(&Key{1, testKey, time.Now()})
|
||||
k.AddKey(&Key{2, testSecond, time.Now()})
|
||||
|
||||
buf, err := k.Serialize()
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in a new issue