+ test 'signature expiry does not exceed expires_at' do
+ act_as_user users(:active) do
+ t0 = db_current_time
+ c = Collection.create!(manifest_text: ". d41d8cd98f00b204e9800998ecf8427e+0 0:0:x\n", name: 'foo')
+ c.update_attributes! expires_at: (t0 + 1.hours)
+ c.reload
+ sig_exp = /\+A[0-9a-f]{40}\@([0-9]+)/.match(c.signed_manifest_text)[1].to_i
+ assert_operator sig_exp.to_i, :<=, (t0 + 1.hours).to_i
+ end
+ end
+
+ test 'far-future expiry date cannot be used to circumvent configured permission ttl' do
+ act_as_user users(:active) do
+ c = Collection.create!(manifest_text: ". d41d8cd98f00b204e9800998ecf8427e+0 0:0:x\n",
+ name: 'foo',
+ expires_at: db_current_time + 1.years)
+ sig_exp = /\+A[0-9a-f]{40}\@([0-9]+)/.match(c.signed_manifest_text)[1].to_i
+ expect_max_sig_exp = db_current_time.to_i + Rails.configuration.blob_signature_ttl
+ assert_operator c.expires_at.to_i, :>, expect_max_sig_exp
+ assert_operator sig_exp.to_i, :<=, expect_max_sig_exp
+ end
+ end
+