/** Test Overflow of CRL Period */ @Test public void testCRLPeriodOverflow() throws Exception { log.trace(">test05CRLPeriodOverflow()"); // Fetch CAInfo and save CRLPeriod CAInfo cainfo = testx509ca.getCAInfo(); long tempCRLPeriod = cainfo.getCRLPeriod(); X509Certificate cert = createCertWithValidity(1); try { // Revoke the user certificateStoreSession.setRevokeStatus( roleMgmgToken, cert, RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE, null); // Change CRLPeriod cainfo.setCRLPeriod(Long.MAX_VALUE); caSession.editCA(roleMgmgToken, cainfo); // Create new CRL's assertTrue(publishingCrlSessionRemote.forceCRL(roleMgmgToken, testx509ca.getCAId())); // Verify that status is not archived CertificateInfo certinfo = certificateStoreSession.getCertificateInfo(CertTools.getFingerprintAsString(cert)); assertFalse( "Non Expired Revoked Certificate was archived", certinfo.getStatus() == CertificateConstants.CERT_ARCHIVED); } finally { internalCertificateStoreSession.removeCertificate(CertTools.getSerialNumber(cert)); // Restore CRL Period cainfo.setCRLPeriod(tempCRLPeriod); caSession.editCA(roleMgmgToken, cainfo); } }
/** Add a new user and an expire service. Test that the service expires the users password */ @Test public void testExpireCertificateWithCertificateProfiles() throws Exception { final String certificateprofilename = "testExpireCertificateWithCertificateProfiles"; int certificateProfileId = certificateProfileSession.addCertificateProfile( admin, certificateprofilename, new CertificateProfile()); try { createCertificate(certificateProfileId); long seconds = (cert.getNotAfter().getTime() - new Date().getTime()) / 1000l; // Create a new UserPasswordExpireService ServiceConfiguration config = new ServiceConfiguration(); config.setActive(true); config.setDescription("This is a description"); // No mailsending for this Junit test service config.setActionClassPath(NoAction.class.getName()); config.setActionProperties(null); config.setIntervalClassPath(PeriodicalInterval.class.getName()); Properties intervalprop = new Properties(); // Run the service every 3:rd second intervalprop.setProperty(PeriodicalInterval.PROP_VALUE, "3"); intervalprop.setProperty(PeriodicalInterval.PROP_UNIT, PeriodicalInterval.UNIT_SECONDS); config.setIntervalProperties(intervalprop); config.setWorkerClassPath(CertificateExpirationNotifierWorker.class.getName()); Properties workerprop = new Properties(); workerprop.setProperty(EmailSendingWorkerConstants.PROP_SENDTOADMINS, "FALSE"); workerprop.setProperty(EmailSendingWorkerConstants.PROP_SENDTOENDUSERS, "FALSE"); workerprop.setProperty(BaseWorker.PROP_CAIDSTOCHECK, String.valueOf(caid)); workerprop.setProperty( BaseWorker.PROP_CERTIFICATE_PROFILE_IDS_TO_CHECK, Integer.toString(certificateProfileId)); workerprop.setProperty(BaseWorker.PROP_TIMEBEFOREEXPIRING, String.valueOf(seconds - 5)); workerprop.setProperty(BaseWorker.PROP_TIMEUNIT, BaseWorker.UNIT_SECONDS); config.setWorkerProperties(workerprop); if (serviceSession.getService(CERTIFICATE_EXPIRATION_SERVICE) == null) { serviceSession.addService(admin, 4711, CERTIFICATE_EXPIRATION_SERVICE, config); } serviceSession.activateServiceTimer(admin, CERTIFICATE_EXPIRATION_SERVICE); // The service will run... the cert should still be active after 2 // seconds.. Thread.sleep(2000); info = certificateStoreSession.getCertificateInfo(fingerprint); assertEquals("status does not match.", CertificateConstants.CERT_ACTIVE, info.getStatus()); // The service will run...We need some tolerance since timers cannot // be guaranteed to executed at the exact interval. Thread.sleep(10000); int tries = 0; while (info.getStatus() != CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION && tries < 5) { Thread.sleep(1000); info = certificateStoreSession.getCertificateInfo(fingerprint); tries++; } info = certificateStoreSession.getCertificateInfo(fingerprint); assertEquals( "Status does not match.", CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION, info.getStatus()); } finally { // Clean the certificate profile certificateProfileSession.removeCertificateProfile(admin, certificateprofilename); } }
private void createCertificate(int certificateProfileId) throws Exception { KeyPair keys = KeyTools.genKeys("1024", "RSA"); cert = (X509Certificate) signSession.createCertificate( admin, USERNAME, PASSWORD, new PublicKeyWrapper(keys.getPublic()), -1, null, null, certificateProfileId, SecConst.CAID_USEUSERDEFINED); certificatesToRemove.add(cert); fingerprint = CertTools.getFingerprintAsString(cert); X509Certificate ce = (X509Certificate) certificateStoreSession.findCertificateByFingerprint(fingerprint); if (ce == null) { throw new Exception("Cannot find certificate with fp=" + fingerprint); } info = certificateStoreSession.getCertificateInfo(fingerprint); if (!fingerprint.equals(info.getFingerprint())) { throw new Exception("fingerprint does not match."); } if (!cert.getSerialNumber().equals(info.getSerialNumber())) { throw new Exception("serialnumber does not match."); } if (!CertTools.getIssuerDN(cert).equals(info.getIssuerDN())) { throw new Exception("issuerdn does not match."); } if (!CertTools.getSubjectDN(cert).equals(info.getSubjectDN())) { throw new Exception("subjectdn does not match."); } // The cert was just stored above with status INACTIVE if (!(CertificateConstants.CERT_ACTIVE == info.getStatus())) { throw new Exception("status does not match."); } }
/** Add a new user and an expire service. Test running on all CAs. */ @Test public void testExpireCertificateWithAllCAs() throws Exception { try { createCertificate(); long seconds = (cert.getNotAfter().getTime() - new Date().getTime()) / 1000l; // Create a new UserPasswordExpireService ServiceConfiguration config = new ServiceConfiguration(); config.setActive(true); config.setDescription("This is a description"); // No mailsending for this Junit test service config.setActionClassPath(NoAction.class.getName()); config.setActionProperties(null); config.setIntervalClassPath(PeriodicalInterval.class.getName()); Properties intervalprop = new Properties(); // Run the service every 3:rd second intervalprop.setProperty(PeriodicalInterval.PROP_VALUE, "3"); intervalprop.setProperty(PeriodicalInterval.PROP_UNIT, PeriodicalInterval.UNIT_SECONDS); config.setIntervalProperties(intervalprop); config.setWorkerClassPath(CertificateExpirationNotifierWorker.class.getName()); Properties workerprop = new Properties(); workerprop.setProperty(EmailSendingWorkerConstants.PROP_SENDTOADMINS, "FALSE"); workerprop.setProperty(EmailSendingWorkerConstants.PROP_SENDTOENDUSERS, "FALSE"); // Here is the line that matters for this test workerprop.setProperty(BaseWorker.PROP_CAIDSTOCHECK, String.valueOf(SecConst.ALLCAS)); workerprop.setProperty(BaseWorker.PROP_TIMEBEFOREEXPIRING, String.valueOf(seconds - 5)); workerprop.setProperty(BaseWorker.PROP_TIMEUNIT, BaseWorker.UNIT_SECONDS); config.setWorkerProperties(workerprop); if (serviceSession.getService(CERTIFICATE_EXPIRATION_SERVICE) == null) { serviceSession.addService(admin, 4711, CERTIFICATE_EXPIRATION_SERVICE, config); } serviceSession.activateServiceTimer(admin, CERTIFICATE_EXPIRATION_SERVICE); // The service will run... the cert should still be active after 2 // seconds.. Thread.sleep(2000); info = certificateStoreSession.getCertificateInfo(fingerprint); assertEquals("status does not match.", CertificateConstants.CERT_ACTIVE, info.getStatus()); // The service will run...We need some tolerance since timers cannot // be guaranteed to executed at the exact interval. Thread.sleep(10000); int tries = 0; while (info.getStatus() != CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION && tries < 8) { Thread.sleep(1000); info = certificateStoreSession.getCertificateInfo(fingerprint); tries++; } info = certificateStoreSession.getCertificateInfo(fingerprint); assertEquals( "Status does not match.", CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION, info.getStatus()); } finally { // Restore superadmin CA if it got screwed up. List<Certificate> certs = certificateStoreSession.findCertificatesByUsername("superadmin"); for (Certificate certificate : certs) { String superAdminFingerprint = CertTools.getFingerprintAsString(certificate); internalCertificateStoreSession.setStatus( admin, superAdminFingerprint, CertificateConstants.CERT_ACTIVE); } } }