vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Hide expired keys outside of their staleness window

Browse source
This commit is contained in:
Joseph Schorr 2016-04-27 17:44:59 -04:00 committed by Jimmy Zelinskie
parent a55e92bc95
commit 6091db983b
4 changed files with 37 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

10
endpoints/key_server.py
View file

@ -88,16 +88,12 @@ def get_service_key(service, kid):
if key.approval is None:
abort(409)
if key.expiration_date <= datetime.utcnow():
if key.expiration_date is not None and key.expiration_date <= datetime.utcnow():
abort(403)
resp = jsonify(key.jwk)
lifetime = timedelta(days=365)
if key.expiration_date is not None:
lifetime = key.expiration_date - key.created_date
resp.cache_control.max_age = lifetime.seconds
lifetime = min(timedelta(days=1), ((key.expiration_date or datetime.max) - datetime.utcnow()))
resp.cache_control.max_age = max(0, lifetime.total_seconds())
return resp