From 6aa7040f39968fc178fb266b189251995f451f54 Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmyzelinskie@gmail.com>
Date: Wed, 13 Apr 2016 15:50:56 -0400
Subject: [PATCH] keyserver: add cache-control headers

---
 endpoints/key_server.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/endpoints/key_server.py b/endpoints/key_server.py
index 6ab4fddf5..b164f03f3 100644
--- a/endpoints/key_server.py
+++ b/endpoints/key_server.py
@@ -1,6 +1,6 @@
 import logging
 
-from datetime import datetime
+from datetime import datetime, timedelta
 
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicNumbers
@@ -88,7 +88,15 @@ def get_service_key(service, kid):
   if key.approval is None:
     abort(409)
 
-  return jsonify(key.jwk)
+  resp = jsonify(key.jwk)
+
+  # Set the cache header to be a year for non-expiring keys.
+  lifetime = timedelta(days=365)
+  if key.expiration_date is not None:
+    lifetime = key.expiration_date - key.created_date
+  resp.cache_control.max_age = lifetime.seconds
+
+  return resp
 
 
 @key_server.route('/services/<service>/keys/<kid>', methods=['PUT'])