From 726cb5fe6a37e6fe084867a42dd0d261048103ce Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmyzelinskie@gmail.com>
Date: Wed, 27 Apr 2016 14:48:12 -0400
Subject: [PATCH] key server: 403 on expired approved keys (#1410)

---
 endpoints/key_server.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/endpoints/key_server.py b/endpoints/key_server.py
index 6ea3839c9..62adcb0d4 100644
--- a/endpoints/key_server.py
+++ b/endpoints/key_server.py
@@ -88,6 +88,9 @@ def get_service_key(service, kid):
   if key.approval is None:
     abort(409)
 
+  if key.expiration_date <= datetime.utcnow():
+    abort(403)
+
   resp = jsonify(key.jwk)
 
   lifetime = timedelta(days=365)