w.Header().Set(xhttp.LastModified, oi.ModTime.UTC().Format(http.TimeFormat))
	}

	if oi.ETag != "" {
		w.Header()[xhttp.ETag] = []string{"\"" + oi.ETag + "\""}
	}

	if oi.Expires != "" {
		w.Header().Set(xhttp.Expires, oi.Expires)
	}

	if oi.CacheControl != "" {
		w.Header().Set(xhttp.CacheControl, oi.CacheControl)
	}

	statusCode()
}

		},
		// (1) Should error on an invalid access key.
		{
			queryParams: map[string]string{
				"X-Amz-Algorithm":     signV4Algorithm,
				"X-Amz-Date":          now.Format(iso8601Format),
				"X-Amz-Expires":       "60",
				"X-Amz-Signature":     "badsignature",
				"X-Amz-SignedHeaders": "host;x-amz-content-sha256;x-amz-date",

		return dockerConfig
	}

	var expiresAt time.Time
	// nil cache duration means use the default cache duration
	if response.CacheDuration == nil {
		if p.defaultCacheDuration == 0 {
			return dockerConfig
		}
		expiresAt = p.clock.Now().Add(p.defaultCacheDuration)
	} else {
		expiresAt = p.clock.Now().Add(response.CacheDuration.Duration)
	}

	cachedEntry := &cacheEntry{

	its.mu.RLock()
	token := its.Token
	needRecreate := time.Until(its.Expires) < its.sunsetPeriod
	its.mu.RUnlock()

	if needRecreate {
		its.mu.Lock()
		// This checks the same condition as above.  (The outer check is to bypass the mutex when it is too early to renew)
		if time.Until(its.Expires) < its.sunsetPeriod {

		// (1) Should error on an invalid access key.
		{
			queryParams: map[string]string{
				"Expires":        "60",
				"Signature":      "badsignature",
				"AWSAccessKeyId": "Z7IXGOO6BZ0REAN1Q26I",
			},
			expected: ErrInvalidAccessKeyID,
		},
		// (2) Should error with malformed expires.
		{
			queryParams: map[string]string{
				"Expires":        "60s",
				"Signature":      "badsignature",
				"AWSAccessKeyId": accessKey,
			},

	fmt.Fprintln(out, token)
	return nil
}

func formatBootstrapToken(obj *outputapiv1alpha3.BootstrapToken) string {
	ttl := "<forever>"
	expires := "<never>"
	if obj.Expires != nil {
		ttl = duration.ShortHumanDuration(time.Until(obj.Expires.Time))
		expires = obj.Expires.Format(time.RFC3339)
	}
	ttl = fmt.Sprintf("%-9s", ttl)

	usages := strings.Join(obj.Usages, ",")
	if len(usages) == 0 {
		usages = "<none>"

	}

	// Save expires in native time.Duration.
	preSignV4Values.Expires, e = time.ParseDuration(query.Get(xhttp.AmzExpires) + "s")
	if e != nil {
		return psv, ErrMalformedExpires
	}

	if preSignV4Values.Expires < 0 {
		return psv, ErrNegativeExpires
	}

	// Check if Expiry time is less than 7 days (value in seconds).
	if preSignV4Values.Expires.Seconds() > 604800 {

        public String propertiesPath;

        @Option(name = "-e", aliases = "--expires", metaVar = "expires", usage = "Expires for documents")
        public String expires;

        @Option(name = "-h", aliases = "--hotThread", metaVar = "hotThread", usage = "Interval for Hot Thread logging")
        public Integer hotThread;

				secs = -1
			}
			c.MaxAge = secs
			continue
		case "expires":
			c.RawExpires = val
			exptime, err := time.Parse(time.RFC1123, val)
			if err != nil {
				exptime, err = time.Parse("Mon, 02-Jan-2006 15:04:05 MST", val)
				if err != nil {
					c.Expires = time.Time{}
					break
				}
			}
			c.Expires = exptime.UTC()
			continue
		case "path":
			c.Path = val
			continue

	// rel=0ms
	runner.Run()
	waitForRun("first run", t, timer, obj)

	// Run again, before minInterval expires.
	timer.advance(500 * time.Millisecond) // rel=500ms
	runner.Run()
	waitForDefer("too soon after first", t, timer, obj, 500*time.Millisecond)

	// Run again, before minInterval expires.
	timer.advance(499 * time.Millisecond) // rel=999ms
	runner.Run()