Commit bf42e89f authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Set the expiration time for CH credentials to 90 days instead of 24

hours.
parent 193b980c
......@@ -179,15 +179,22 @@ sub GetCredential($)
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Who are you?");
}
my $credential =
GeniCredential->CreateSigned($authority,
$caller_authority,
$GeniCredential::LOCALMA_FLAG);
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
my $credential = GeniCredential->Create($authority, $caller_authority);
if (!defined($credential)) {
print STDERR "Could not create credential for $caller_authority\n";
return GeniResponse->Create(GENIRESPONSE_ERROR);
}
#
# We want this credential to be valid for a long time;
#
$credential->SetExpiration(time() + 24 * 60 * 60 * 120);
if ($credential->Sign($GeniCredential::LOCALMA_FLAG) != 0) {
$credential->Delete();
print STDERR "Could not sign credential for $caller_authority\n";
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Could not create signed credential")
if (!defined($credential));
}
return GeniResponse->Create(GENIRESPONSE_SUCCESS,
$credential->asString());
}
......
#!/usr/bin/perl -wT
#
# GENIPUBLIC-COPYRIGHT
# Copyright (c) 2008-2010 University of Utah and the Flux Group.
# Copyright (c) 2008-2011 University of Utah and the Flux Group.
# All rights reserved.
#
package GeniCredential;
......@@ -190,6 +190,20 @@ sub IsExpired($)
return (time() >= $expires);
}
#
# Set the expiration time for a credential. Only changes the
# in memory copy, not the DB.
#
sub SetExpiration($$)
{
my ($self, $expires) = @_;
$self->{'valid_until'} =
POSIX::strftime("20%y-%m-%dT%H:%M:%S", localtime($expires));
return 0;
}
#
# Compare the certs inside a credential to make sure that the
# certs for the target/owner have not changed. Say, if the user
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment