From a19baaccf3c93390a0c40395454c667440f6b2bd Mon Sep 17 00:00:00 2001
From: Marcello Stanisci <stanisci.m@gmail.com>
Date: Fri, 5 Apr 2019 16:29:48 +0200
Subject: Do not include legally expired keys into /keys response.

---
 src/exchange/taler-exchange-httpd_keystate.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/exchange/taler-exchange-httpd_keystate.c b/src/exchange/taler-exchange-httpd_keystate.c
index 0ee3806fa..ad1883ba8 100644
--- a/src/exchange/taler-exchange-httpd_keystate.c
+++ b/src/exchange/taler-exchange-httpd_keystate.c
@@ -1494,6 +1494,13 @@ reload_public_denoms_cb (void *cls,
   struct ResponseFactoryContext *rfc = cls;
   struct TALER_EXCHANGEDB_DenominationKeyIssueInformation dki;
 
+  if (rfc->now.abs_value_us > GNUNET_TIME_absolute_ntoh
+    (issue->properties.expire_legal).abs_value_us)
+  {
+    /* Expired key, discard.  */
+    return;
+  }
+
   if (NULL !=
       GNUNET_CONTAINER_multihashmap_get (rfc->key_state->denomkey_map,
                                          &issue->properties.denom_hash))
-- 
cgit v1.2.3