Skip to content

Commit 67d74e2

Browse files
authored
Ensure key creation time is no later than key activation time (#54299)
It makes no functional difference, but it was causing confusion.
1 parent 919618d commit 67d74e2

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

src/DataProtection/DataProtection/src/KeyManagement/XmlKeyManager.cs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -135,9 +135,12 @@ internal XmlKeyManager(
135135
/// <inheritdoc />
136136
public IKey CreateNewKey(DateTimeOffset activationDate, DateTimeOffset expirationDate)
137137
{
138+
// For an immediately-activated key, the caller's Now may be slightly before ours,
139+
// so we'll compensate to ensure that activation is never before creation.
140+
var now = DateTimeOffset.UtcNow;
138141
return _internalKeyManager.CreateNewKey(
139142
keyId: Guid.NewGuid(),
140-
creationDate: DateTimeOffset.UtcNow,
143+
creationDate: activationDate < now ? activationDate : now,
141144
activationDate: activationDate,
142145
expirationDate: expirationDate);
143146
}

0 commit comments

Comments
 (0)