subtle.ConstantTimeCompare([]byte(cred.SessionToken), []byte(ccred.SessionToken)) == 1)
}

var timeSentinel = time.Unix(0, 0).UTC()

// ErrInvalidDuration invalid token expiry
var ErrInvalidDuration = errors.New("invalid token expiry")

// ExpToInt64 - convert input interface value to int64.
func ExpToInt64(expI any) (expAt int64, err error) {
	switch exp := expI.(type) {
	case string:

specific objects or by configuring a bucket with default object lock configuration that applies default retention mode and retention duration to all objects. This makes objects in the bucket immutable i.e. delete of the version are not allowed until an expiry specified in the bucket's object lock configuration or object retention.

Object locking requires locking to be enabled on a bucket at the time of bucket creation refer to `mc mb --with-lock`, object locking enables versioning on the bucket...

	if resp.StatusCode != http.StatusOK {
		return errors.New(resp.Status)
	}

	return r.pubKeys.parseAndAdd(resp.Body)
}

// ErrTokenExpired - error token expired
var (
	ErrTokenExpired = errors.New("token expired")
)

func updateClaimsExpiry(dsecs string, claims map[string]any) error {
	expStr := claims["exp"]
	if expStr == "" {
		return ErrTokenExpired
	}

                    return true;
                }

                final Date expires = DocumentUtil.getValue(document, fessConfig.getIndexFieldExpires(), Date.class);
                if (expires != null && expires.getTime() < systemHelper.getCurrentTimeAsLong()) {
                    final Object idValue = document.get(fessConfig.getIndexFieldId());

		w.Header()[xhttp.ETag] = []string{"\"" + objInfo.ETag + "\""}
	}

	if objInfo.VersionID != "" {
		w.Header()[xhttp.AmzVersionID] = []string{objInfo.VersionID}
	}

	if !objInfo.Expires.IsZero() {
		w.Header().Set(xhttp.Expires, objInfo.Expires.UTC().Format(http.TimeFormat))
	}

	if objInfo.CacheControl != "" {
		w.Header().Set(xhttp.CacheControl, objInfo.CacheControl)
	}
}

		return
	}

	expiry, err := globalIAMSys.STSTLSConfig.GetExpiryDuration(r.Form.Get(stsDurationSeconds))
	if err != nil {
		writeSTSErrorResponse(ctx, w, ErrSTSMissingParameter, err)
		return
	}

	// We set the expiry of the temp. credentials to the minimum of the
	// configured expiry and the duration until the certificate itself
	// expires.

Following example shows how you can use [`minio-go` PresignedGetObject](https://docs.min.io/community/minio-object-store/developers/go/API.html#presignedgetobject-ctx-context-context-bucketname-objectname-string-expiry-time-duration-reqparams-url-values-url-url-error)
```go
package main

import (
	"context"
	"log"
	"net/url"
	"time"
	"fmt"

	"github.com/minio/minio-go/v7"

    /** Parameter key for controlling deletion of old documents */
    private static final String DELETE_OLD_DOCS = "delete_old_docs";

    /** Parameter key for controlling retention of expired documents */
    private static final String KEEP_EXPIRES_DOCS = "keep_expires_docs";

    /**
     * Interval in milliseconds between crawler thread executions.

        public MonitorTarget(final JobLog jobLog) {
            this.jobLog = jobLog;
        }

        /**
         * Called when the timeout expires. Updates the job log if the job is still running.
         */
        @Override
        public void expired() {
            if (jobLog.getEndTime() == null) {
                jobLog.setLastUpdated(ComponentUtil.getSystemHelper().getCurrentTimeAsLong());

        // After update, should not be expired with long timeout
        assertFalse(registration.isExpired(60000));

        // Verify heartbeat was actually updated
        assertTrue(registration.getLastHeartbeat() > initialTime);
    }

    @Test
    void testExpiration() throws InterruptedException {
        // Registration should not be expired initially with long timeout