vault: Adding InstallTime to key in keyring

This commit is contained in:
Armon Dadgar 2015-05-22 19:31:11 -07:00
parent 57c763a3fa
commit ef2f71e17f
2 changed files with 22 additions and 20 deletions

View file

@ -5,6 +5,7 @@ import (
"encoding/json"
"fmt"
"sync"
"time"
)
// Keyring is used to manage multiple encryption keys used by
@ -30,8 +31,9 @@ type EncodedKeyring struct {
// Key represents a single term, along with the key used.
type Key struct {
Term uint32
Value []byte
Term uint32
Value []byte
InstallTime time.Time
}
// NewKeyring creates a new keyring
@ -44,28 +46,24 @@ func NewKeyring() *Keyring {
}
// AddKey adds a new key to the keyring
func (k *Keyring) AddKey(term uint32, value []byte) error {
func (k *Keyring) AddKey(key *Key) error {
k.l.Lock()
defer k.l.Unlock()
// Ensure there is no confict
if key, ok := k.keys[term]; ok {
if !bytes.Equal(key.Value, value) {
return fmt.Errorf("Conflicting key for term %d already installed", term)
if exist, ok := k.keys[key.Term]; ok {
if !bytes.Equal(key.Value, exist.Value) {
return fmt.Errorf("Conflicting key for term %d already installed", key.Term)
}
return nil
}
// Install the new key
key := &Key{
Term: term,
Value: value,
}
k.keys[term] = key
k.keys[key.Term] = key
// Update the active term if newer
if term > k.activeTerm {
k.activeTerm = term
if key.Term > k.activeTerm {
k.activeTerm = key.Term
}
return nil
}
@ -150,7 +148,7 @@ func DeserializeKeyring(buf []byte) (*Keyring, error) {
k := NewKeyring()
k.SetMasterKey(enc.MasterKey)
for _, key := range enc.Keys {
if err := k.AddKey(key.Term, key.Value); err != nil {
if err := k.AddKey(key); err != nil {
return nil, fmt.Errorf("failed to add key for term %d: %v", key.Term, err)
}
}

View file

@ -4,6 +4,7 @@ import (
"bytes"
"reflect"
"testing"
"time"
)
func TestKeyring(t *testing.T) {
@ -21,7 +22,8 @@ func TestKeyring(t *testing.T) {
// Add a key
testKey := []byte("testing")
err := k.AddKey(1, testKey)
key1 := &Key{1, testKey, time.Now()}
err := k.AddKey(key1)
if err != nil {
t.Fatalf("err: %v", err)
}
@ -44,21 +46,23 @@ func TestKeyring(t *testing.T) {
}
// Should handle idempotent set
err = k.AddKey(1, testKey)
err = k.AddKey(key1)
if err != nil {
t.Fatalf("err: %v", err)
}
// Should not allow conficting set
testConflict := []byte("nope")
err = k.AddKey(1, testConflict)
key1Conf := &Key{1, testConflict, time.Now()}
err = k.AddKey(key1Conf)
if err == nil {
t.Fatalf("err: %v", err)
}
// Add a new key
testSecond := []byte("second")
err = k.AddKey(2, testSecond)
key2 := &Key{2, testSecond, time.Now()}
err = k.AddKey(key2)
if err != nil {
t.Fatalf("err: %v", err)
}
@ -136,8 +140,8 @@ func TestKeyring_Serialize(t *testing.T) {
testKey := []byte("testing")
testSecond := []byte("second")
k.AddKey(1, testKey)
k.AddKey(2, testSecond)
k.AddKey(&Key{1, testKey, time.Now()})
k.AddKey(&Key{2, testSecond, time.Now()})
buf, err := k.Serialize()
if err != nil {