Registry::RegisterKeyManager - new key allowed can be changed to more

restrictive PiperOrigin-RevId: 203283070 GitOrigin-RevId: 058f0b9a347ec73ba0ae1ee38679c0739a8eec89
author: Veronika Slivova <slivova@google.com> 2018-07-04 08:24:16 -0700
committer: Tink Team <noreply@google.com> 2018-07-06 17:20:21 -0400
commit: 44b8960e774f22f9122f84a8109c12f328af8de5 (patch)
tree: d27af34de22e5d6d05aa0554d2b261338323075d /cc/registry.h
parent: 57c0a72df8f705489204887cdf2e1d40ddae55d4 (diff)
download: tink-44b8960e774f22f9122f84a8109c12f328af8de5.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/cc/registry.h b/cc/registry.h
index 09b2dfdf3..14fe5ca5c 100644
--- a/cc/registry.h
+++ b/cc/registry.h
@@ -249,6 +249,16 @@ crypto::tink::util::Status Registry::RegisterKeyManager(
       return ToStatusF(crypto::tink::util::error::ALREADY_EXISTS,
                        "A manager for type '%s' has been already registered.",
                        type_url.c_str());
+    } else {
+      auto curr_new_key_allowed = type_to_new_key_allowed_map_.find(type_url);
+      if (!curr_new_key_allowed->second && new_key_allowed) {
+        return ToStatusF(crypto::tink::util::error::ALREADY_EXISTS,
+                         "A manager for type '%s' has been already registered "
+                         "with forbidden new key operation.",
+                         type_url.c_str());
+      } else {
+        curr_new_key_allowed->second = new_key_allowed;
+      }
     }
   } else {
     type_to_manager_map_.insert(
author	Veronika Slivova <slivova@google.com>	2018-07-04 08:24:16 -0700
committer	Tink Team <noreply@google.com>	2018-07-06 17:20:21 -0400
commit	44b8960e774f22f9122f84a8109c12f328af8de5 (patch)
tree	d27af34de22e5d6d05aa0554d2b261338323075d /cc/registry.h
parent	57c0a72df8f705489204887cdf2e1d40ddae55d4 (diff)
download	tink-44b8960e774f22f9122f84a8109c12f328af8de5.tar.gz