MCPcopy
hub / github.com/smallstep/cli / WithValidity

Function WithValidity

token/options.go:148–168  ·  view source on GitHub ↗

WithValidity validates boundary inputs and sets the 'nbf' (NotBefore) and 'exp' (expiration) options.

(notBefore, expiration time.Time)

Source from the content-addressed store, hash-verified

146// WithValidity validates boundary inputs and sets the 'nbf' (NotBefore) and
147// 'exp' (expiration) options.
148func WithValidity(notBefore, expiration time.Time) Options {
149 return func(c *Claims) error {
150 now := time.Now().UTC()
151 if expiration.Before(notBefore) {
152 return errors.Errorf("nbf < exp: nbf=%v, exp=%v", notBefore, expiration)
153 }
154 requestedDelay := notBefore.Sub(now)
155 if requestedDelay > MaxValidityDelay {
156 return errors.Errorf("requested validity delay is too long: 'requested validity delay'=%v, 'max validity delay'=%v", requestedDelay, MaxValidityDelay)
157 }
158 requestedValidity := expiration.Sub(notBefore)
159 if requestedValidity < MinValidity {
160 return errors.Errorf("requested token validity is too short: 'requested token validity'=%v, 'minimum token validity'=%v", requestedValidity, MinValidity)
161 } else if requestedValidity > MaxValidity {
162 return errors.Errorf("requested token validity is too long: 'requested token validity'=%v, 'maximum token validity'=%v", requestedValidity, MaxValidity)
163 }
164 c.NotBefore = jose.NewNumericDate(notBefore)
165 c.Expiry = jose.NewNumericDate(expiration)
166 return nil
167 }
168}
169
170// WithIssuer returns an Options function that sets the issuer to use in the
171// token claims. If Issuer is not used the default issuer will be used.

Callers 3

TokenMethod · 0.92
TestNewClaimsFunction · 0.85
TestOptionsFunction · 0.85

Calls

no outgoing calls

Tested by 2

TestNewClaimsFunction · 0.68
TestOptionsFunction · 0.68

Used in the wild real call sites across dependent graphs

searching dependent graphs…