Encapsulate wiregaurd key + timestamp in new class

- Use 'wireguard' object with key and timestamp for Rest api.
- Keep zk node format unchanged.

1 files changed, 39 insertions, 0 deletions

diff --git a/config-provisioning/src/main/java/com/yahoo/config/provision/WireguardKeyWithTimestamp.java b/config-provisioning/src/main/java/com/yahoo/config/provision/WireguardKeyWithTimestamp.java
new file mode 100644
index 00000000000..ecc1cf71113
--- /dev/null
+++ b/config-provisioning/src/main/java/com/yahoo/config/provision/WireguardKeyWithTimestamp.java
@@ -0,0 +1,39 @@
+package com.yahoo.config.provision;
+
+import com.yahoo.jdisc.Timer;
+
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.Random;
+
+/**
+ * @author gjoranv
+ */
+public record WireguardKeyWithTimestamp(WireguardKey key, Instant timestamp) {
+
+    public static final int KEY_ROTATION_BASE = 60;
+    public static final int KEY_ROTATION_VARIANCE = 10;
+    public static final int KEY_EXPIRY = KEY_ROTATION_BASE + KEY_ROTATION_VARIANCE + 5;
+
+    public WireguardKeyWithTimestamp {
+        if (key == null) throw new IllegalArgumentException("Wireguard key cannot be null");
+        if (timestamp == null) timestamp = Instant.EPOCH;
+    }
+
+    public static WireguardKeyWithTimestamp from(String key, long msTimestamp) {
+        return new WireguardKeyWithTimestamp(WireguardKey.from(key), Instant.ofEpochMilli(msTimestamp));
+    }
+
+    public boolean isDueForRotation(Timer timer, ChronoUnit unit, Random random) {
+        return timer.currentTime().isAfter(keyRotationDueAt(unit, random));
+    }
+
+    public boolean hasExpired(Timer timer, ChronoUnit unit) {
+        return timer.currentTime().isAfter(timestamp.plus(KEY_EXPIRY, unit));
+    }
+
+    private Instant keyRotationDueAt(ChronoUnit unit, Random random) {
+        return timestamp.plus(KEY_ROTATION_BASE + random.nextInt(KEY_ROTATION_VARIANCE), unit);
+    }
+
+}