latestDataKey will give you the latest generated datakey based on the rotation period. If the last generated datakey lifetime exceeds the rotation period. It'll create new datakey.
()
| 313 | // period. If the last generated datakey lifetime exceeds the rotation period. |
| 314 | // It'll create new datakey. |
| 315 | func (kr *KeyRegistry) latestDataKey() (*pb.DataKey, error) { |
| 316 | if len(kr.opt.EncryptionKey) == 0 { |
| 317 | // nil is for no encryption. |
| 318 | return nil, nil |
| 319 | } |
| 320 | // validKey return datakey if the last generated key duration less than |
| 321 | // rotation duration. |
| 322 | validKey := func() (*pb.DataKey, bool) { |
| 323 | // Time diffrence from the last generated time. |
| 324 | diff := time.Since(time.Unix(kr.lastCreated, 0)) |
| 325 | if diff < kr.opt.EncryptionKeyRotationDuration { |
| 326 | return kr.dataKeys[kr.nextKeyID], true |
| 327 | } |
| 328 | return nil, false |
| 329 | } |
| 330 | kr.RLock() |
| 331 | key, valid := validKey() |
| 332 | kr.RUnlock() |
| 333 | if valid { |
| 334 | // If less than EncryptionKeyRotationDuration, returns the last generated key. |
| 335 | return key, nil |
| 336 | } |
| 337 | kr.Lock() |
| 338 | defer kr.Unlock() |
| 339 | // Key might have generated by another go routine. So, |
| 340 | // checking once again. |
| 341 | key, valid = validKey() |
| 342 | if valid { |
| 343 | return key, nil |
| 344 | } |
| 345 | k := make([]byte, len(kr.opt.EncryptionKey)) |
| 346 | iv, err := y.GenerateIV() |
| 347 | if err != nil { |
| 348 | return nil, err |
| 349 | } |
| 350 | _, err = rand.Read(k) |
| 351 | if err != nil { |
| 352 | return nil, err |
| 353 | } |
| 354 | // Otherwise Increment the KeyID and generate new datakey. |
| 355 | kr.nextKeyID++ |
| 356 | dk := &pb.DataKey{ |
| 357 | KeyId: kr.nextKeyID, |
| 358 | Data: k, |
| 359 | CreatedAt: time.Now().Unix(), |
| 360 | Iv: iv, |
| 361 | } |
| 362 | // Don't store the datakey on file if badger is running in InMemory mode. |
| 363 | if !kr.opt.InMemory { |
| 364 | // Store the datekey. |
| 365 | buf := &bytes.Buffer{} |
| 366 | if err = storeDataKey(buf, kr.opt.EncryptionKey, dk); err != nil { |
| 367 | return nil, err |
| 368 | } |
| 369 | // Persist the datakey to the disk |
| 370 | if _, err = kr.fp.Write(buf.Bytes()); err != nil { |
| 371 | return nil, err |
| 372 | } |