- if requested_time > Credential(cred=valid_creds[0]).get_expiration():
- raise InsufficientRights('Renewsliver: Credential expires before requested expiration time')
- if requested_time > datetime.datetime.utcnow() + datetime.timedelta(days=max_renew_days):
- raise Exception('Cannot renew > %s days from now' % max_renew_days)
- return self.api.manager.Renew(self.api, urns, creds, expiration_time, options)
-
+ max_expire = datetime.datetime.utcnow() + datetime.timedelta(days=max_renew_days)
+ if requested_expire > credential_expire:
+ # used to throw an InsufficientRights exception here, this was not
+ # right
+ logger.warning("Requested expiration %s, after credential expiration (%s) -> trimming to the latter/sooner" %
+ (requested_expire, credential_expire))
+ requested_expire = credential_expire
+ if requested_expire > max_expire:
+ # likewise
+ logger.warning("Requested expiration %s, after maximal expiration %s days (%s) -> trimming to the latter/sooner" %
+ (requested_expire, self.api.config.SFA_MAX_SLICE_RENEW, max_expire))
+ requested_expire = max_expire
+
+ return self.api.manager.Renew(self.api, urns, creds, requested_expire, options)