Commit 1aa4572f authored by Gary Wong's avatar Gary Wong
Browse files

Update stale slice expiration times when we notice them.

We never get live data from the SA about when slices expire, so simply
assume that the slice expires at the maximum of all credential expiry
times we've ever seen from that slice.
parent ffa8eaf3
...@@ -1553,6 +1553,13 @@ sub Credential2SliceAggregate($) ...@@ -1553,6 +1553,13 @@ sub Credential2SliceAggregate($)
$slice = GeniSlice->Lookup($target_uuid); $slice = GeniSlice->Lookup($target_uuid);
} }
if (defined($slice)) { if (defined($slice)) {
if( $credential->expires() > $slice->expires() ) {
# The credential presented lasts longer than we though the
# slice did: our expiry date must have been stale. This can
# happen because the SA is always free to extend the lifetime
# of a slice, and is not required to tell us.
$slice->SetExpiration( $credential->expires() );
}
$aggregate = GeniAggregate->SliceAggregate($slice); $aggregate = GeniAggregate->SliceAggregate($slice);
} }
else { else {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment