/** Add a new user and an expire service. Test that the service expires the users password */
@Test
public void testExpireCertificateWithCertificateProfiles() throws Exception {
final String certificateprofilename = "testExpireCertificateWithCertificateProfiles";
int certificateProfileId =
certificateProfileSession.addCertificateProfile(
admin, certificateprofilename, new CertificateProfile());
try {
createCertificate(certificateProfileId);
long seconds = (cert.getNotAfter().getTime() - new Date().getTime()) / 1000l;
// Create a new UserPasswordExpireService
ServiceConfiguration config = new ServiceConfiguration();
config.setActive(true);
config.setDescription("This is a description");
// No mailsending for this Junit test service
config.setActionClassPath(NoAction.class.getName());
config.setActionProperties(null);
config.setIntervalClassPath(PeriodicalInterval.class.getName());
Properties intervalprop = new Properties();
// Run the service every 3:rd second
intervalprop.setProperty(PeriodicalInterval.PROP_VALUE, "3");
intervalprop.setProperty(PeriodicalInterval.PROP_UNIT, PeriodicalInterval.UNIT_SECONDS);
config.setIntervalProperties(intervalprop);
config.setWorkerClassPath(CertificateExpirationNotifierWorker.class.getName());
Properties workerprop = new Properties();
workerprop.setProperty(EmailSendingWorkerConstants.PROP_SENDTOADMINS, "FALSE");
workerprop.setProperty(EmailSendingWorkerConstants.PROP_SENDTOENDUSERS, "FALSE");
workerprop.setProperty(BaseWorker.PROP_CAIDSTOCHECK, String.valueOf(caid));
workerprop.setProperty(
BaseWorker.PROP_CERTIFICATE_PROFILE_IDS_TO_CHECK, Integer.toString(certificateProfileId));
workerprop.setProperty(BaseWorker.PROP_TIMEBEFOREEXPIRING, String.valueOf(seconds - 5));
workerprop.setProperty(BaseWorker.PROP_TIMEUNIT, BaseWorker.UNIT_SECONDS);
config.setWorkerProperties(workerprop);
if (serviceSession.getService(CERTIFICATE_EXPIRATION_SERVICE) == null) {
serviceSession.addService(admin, 4711, CERTIFICATE_EXPIRATION_SERVICE, config);
}
serviceSession.activateServiceTimer(admin, CERTIFICATE_EXPIRATION_SERVICE);
// The service will run... the cert should still be active after 2
// seconds..
Thread.sleep(2000);
info = certificateStoreSession.getCertificateInfo(fingerprint);
assertEquals("status does not match.", CertificateConstants.CERT_ACTIVE, info.getStatus());
// The service will run...We need some tolerance since timers cannot
// be guaranteed to executed at the exact interval.
Thread.sleep(10000);
int tries = 0;
while (info.getStatus() != CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION && tries < 5) {
Thread.sleep(1000);
info = certificateStoreSession.getCertificateInfo(fingerprint);
tries++;
}
info = certificateStoreSession.getCertificateInfo(fingerprint);
assertEquals(
"Status does not match.",
CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION,
info.getStatus());
} finally {
// Clean the certificate profile
certificateProfileSession.removeCertificateProfile(admin, certificateprofilename);
}
}
/** Add a new user and an expire service. Test running on all CAs. */
@Test
public void testExpireCertificateWithAllCAs() throws Exception {
try {
createCertificate();
long seconds = (cert.getNotAfter().getTime() - new Date().getTime()) / 1000l;
// Create a new UserPasswordExpireService
ServiceConfiguration config = new ServiceConfiguration();
config.setActive(true);
config.setDescription("This is a description");
// No mailsending for this Junit test service
config.setActionClassPath(NoAction.class.getName());
config.setActionProperties(null);
config.setIntervalClassPath(PeriodicalInterval.class.getName());
Properties intervalprop = new Properties();
// Run the service every 3:rd second
intervalprop.setProperty(PeriodicalInterval.PROP_VALUE, "3");
intervalprop.setProperty(PeriodicalInterval.PROP_UNIT, PeriodicalInterval.UNIT_SECONDS);
config.setIntervalProperties(intervalprop);
config.setWorkerClassPath(CertificateExpirationNotifierWorker.class.getName());
Properties workerprop = new Properties();
workerprop.setProperty(EmailSendingWorkerConstants.PROP_SENDTOADMINS, "FALSE");
workerprop.setProperty(EmailSendingWorkerConstants.PROP_SENDTOENDUSERS, "FALSE");
// Here is the line that matters for this test
workerprop.setProperty(BaseWorker.PROP_CAIDSTOCHECK, String.valueOf(SecConst.ALLCAS));
workerprop.setProperty(BaseWorker.PROP_TIMEBEFOREEXPIRING, String.valueOf(seconds - 5));
workerprop.setProperty(BaseWorker.PROP_TIMEUNIT, BaseWorker.UNIT_SECONDS);
config.setWorkerProperties(workerprop);
if (serviceSession.getService(CERTIFICATE_EXPIRATION_SERVICE) == null) {
serviceSession.addService(admin, 4711, CERTIFICATE_EXPIRATION_SERVICE, config);
}
serviceSession.activateServiceTimer(admin, CERTIFICATE_EXPIRATION_SERVICE);
// The service will run... the cert should still be active after 2
// seconds..
Thread.sleep(2000);
info = certificateStoreSession.getCertificateInfo(fingerprint);
assertEquals("status does not match.", CertificateConstants.CERT_ACTIVE, info.getStatus());
// The service will run...We need some tolerance since timers cannot
// be guaranteed to executed at the exact interval.
Thread.sleep(10000);
int tries = 0;
while (info.getStatus() != CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION && tries < 8) {
Thread.sleep(1000);
info = certificateStoreSession.getCertificateInfo(fingerprint);
tries++;
}
info = certificateStoreSession.getCertificateInfo(fingerprint);
assertEquals(
"Status does not match.",
CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION,
info.getStatus());
} finally {
// Restore superadmin CA if it got screwed up.
List<Certificate> certs = certificateStoreSession.findCertificatesByUsername("superadmin");
for (Certificate certificate : certs) {
String superAdminFingerprint = CertTools.getFingerprintAsString(certificate);
internalCertificateStoreSession.setStatus(
admin, superAdminFingerprint, CertificateConstants.CERT_ACTIVE);
}
}
}