Currently it will return logicalTime signed with default signature instead should not return the signature bson obj at all.

The proposed implementation will construct TimeProofService only when the RS is known to transition to sharding state, so the initial LogicalClock initialization will use a dummy TPS.
This also should include a protection from advancing clusterTime from the metadata, the only source of the clusterTime is an opLog.
This should not affect the operationTime that is generated from the opLog and afterClusterTime that also needs only opLog.

1. make _timeProofService optional and add a methods to reset it.

class LogicalClock:
...
  // remove TPS from c-tor
  LogicalClock(ServiceContext*);

  // reset TPS
  void setTimeProofService(std::unique_ptr<TimeProofService>) 
 }

2. set TPS in the initializeGlobalShardingState

3. make TimeProof optional

class SignedLogicalTime {
...
boost::optional<TimeProof> _proof;
}

4. Do not generate _proof if there is not TPS in _makeSignedLogicalTime

5. Non sharded RS will return an error if the command it receives contains logicalTime metadata.
The reason is that drivers should not use same connection when they speak to different mongos. If a shard became unsharded the mongos will not address it anymore. Even if its addressed its shardingState is still active i.e. the shard “does not know” that its removed from the config server. Hence there is no scenario where the client send the logicalTime to a non sharded RS.

Hence Return a BadInput error from advanceClusterTime or advanceClusterTimeFromTrustedSource if there is no TPS.

6. do not include logicalTime in the command response and metadata if there is no TPS

7. testcases - there is SERVER-28451 that should include the testing.