assertTrue(auth.isExpired());

        // Reset timestamp
        auth.resetAuthenticationTimestamp();
        assertFalse(auth.isExpired());

        // Test with no expiration (TTL = 0)
        auth.setAuthenticationTTL(0);
        Thread.sleep(100);
        assertFalse(auth.isExpired());

        // Test with negative TTL (no expiration)
        auth.setAuthenticationTTL(-1);
        Thread.sleep(100);

     */
    public HandleInfo getHandleForReconnect(String path) {
        lock.readLock().lock();
        try {
            HandleInfo info = handles.get(path);
            if (info != null && !info.isExpired()) {
                info.setReconnecting(true);
                info.updateAccessTime();
                log.debug("Found handle for reconnect: {}", path);
                return info;
            }

	if !cred.Expiration.IsZero() && !cred.Expiration.Equal(timeSentinel) {
		s.WriteString("\n")
		s.WriteString(cred.Expiration.String())
	}
	return s.String()
}

// IsExpired - returns whether Credential is expired or not.
func (cred Credentials) IsExpired() bool {
	if cred.Expiration.IsZero() || cred.Expiration.Equal(timeSentinel) {
		return false
	}

	return cred.Expiration.Before(time.Now().UTC())
}

					return nil, errAccessKeyDisabled
				}
				return nil, errInvalidAccessKeyID
			}
			cred := u.Credentials
			// Expired credentials return error.
			if cred.IsTemp() && cred.IsExpired() {
				return nil, errInvalidAccessKeyID
			}
			return []byte(cred.SecretKey), nil
		} // this means claims.AccessKey == rootAccessKey
		if !globalAPIConfig.permitRootAccess() {

    /**
     * Checks if this registration has expired based on the timeout.
     *
     * @param timeoutMs the timeout in milliseconds
     * @return true if the registration is expired
     */
    public boolean isExpired(long timeoutMs) {
        return System.currentTimeMillis() - lastHeartbeat > timeoutMs;
    }

    // Getters and setters

    /**
     * Gets the last heartbeat timestamp.
     *

    private void checkHeartbeats() {
        long timeout = context.getConfig().getWitnessHeartbeatTimeout();

        for (WitnessRegistration registration : registrations.values()) {
            if (registration.isExpired(timeout)) {
                log.warn("Witness registration expired: {}", registration.getRegistrationId());

                registration.setState(WitnessRegistrationState.EXPIRED);

    V value = entry.getValueReference().get();
    if (value == null) {
      return null;
    }

    if (isExpired(entry, now)) {
      return null;
    }
    return value;
  }

  // expiration

  /** Returns true if the entry has expired. */
  boolean isExpired(ReferenceEntry<K, V> entry, long now) {
    checkNotNull(entry);

            throws SmbException {
        checkNotClosed();

        // Check if authentication has expired
        if (isExpired()) {
            throw new SmbException("Authentication has expired. Please re-authenticate.");
        }

        // Generate session ID for secure key management
        if (this.sessionId == null) {

	return ies.addUser(ctx, user, userType, u, m)
}

func (ies *IAMEtcdStore) addUser(ctx context.Context, user string, userType IAMUserType, u UserIdentity, m map[string]UserIdentity) error {
	if u.Credentials.IsExpired() {
		// Delete expired identity.
		deleteKeyEtcd(ctx, ies.client, getUserIdentityPath(user, userType))
		deleteKeyEtcd(ctx, ies.client, getMappedPolicyPath(user, userType, false))
		return nil
	}

		// validate token for temporary credentials only.
		return nil, ErrInvalidToken
	}

	// Expired credentials must return error right away.
	if cred.IsTemp() && cred.IsExpired() {
		return nil, toAPIErrorCode(r.Context(), errInvalidAccessKeyID)
	}
	secret := globalActiveCred.SecretKey
	if globalSiteReplicationSys.isEnabled() && cred.AccessKey != siteReplicatorSvcAcc {