*/
public void work(Map<Class<?>, Object> ejbs) throws ServiceExecutionFailedException {
log.trace(">CertificateExpirationNotifierWorker.work started");
final CAAdminSessionLocal caAdminSession = ((CAAdminSessionLocal)ejbs.get(CAAdminSessionLocal.class));
certificateStoreSession = ((CertificateStoreSessionLocal)ejbs.get(CertificateStoreSessionLocal.class));
final UserAdminSessionLocal userAdminSession = ((UserAdminSessionLocal)ejbs.get(UserAdminSessionLocal.class));
ArrayList<EmailCertData> userEmailQueue = new ArrayList<EmailCertData>();
ArrayList<EmailCertData> adminEmailQueue = new ArrayList<EmailCertData>();
// Build Query
String cASelectString = "";
Collection<Integer> ids = getCAIdsToCheck(false);
if (ids.size() > 0) {
Iterator<Integer> iter = ids.iterator();
while (iter.hasNext()) {
Integer caid = iter.next();
CAInfo caInfo = caAdminSession.getCAInfo(getAdmin(), caid);
if (caInfo == null) {
String msg = intres.getLocalizedMessage("services.errorworker.errornoca", caid, null);
log.info(msg);
continue;
}
String cadn = caInfo.getSubjectDN();
if (cASelectString.equals("")) {
cASelectString = "issuerDN='" + cadn + "' ";
} else {
cASelectString += " OR issuerDN='" + cadn + "' ";
}
}
/*
* Algorithm:
*
* Inputs: CertificateData.status Which either is ACTIVE or
* NOTIFIEDABOUTEXPIRATION in order to be candidates for
* notifications.
*
* nextRunTimestamp Tells when the next service run will be
*
* currRunTimestamp Tells when the service should run (usually "now"
* but there may be delayed runs as well if the app-server has been
* down)
*
* thresHold The configured "threshold"
*
* We want to accomplish two things:
*
* 1. Notify for expirations within the service window 2. Notify
* _once_ for expirations that occurred before the service window
* like flagging certificates that have a shorter life-span than the
* threshold (pathologic test-case...)
*
* The first is checked by:
*
* notify = currRunTimestamp + thresHold <= ExpireDate <
* nextRunTimestamp + thresHold AND (status = ACTIVE OR status =
* NOTIFIEDABOUTEXPIRATION)
*
* The second can be checked by:
*
* notify = currRunTimestamp + thresHold > ExpireDate AND status =
* ACTIVE
*
* In both case status can be set to NOTIFIEDABOUTEXPIRATION
*
* As Tomas pointed out we do not need to flag certificates that
* have expired already which is a separate test.
*/
long thresHold = getTimeBeforeExpire();
long now = new Date().getTime();
if (!cASelectString.equals("")) {
try {
List<Object[]> fingerprintUsernameList = certificateStoreSession.findExpirationInfo(cASelectString, now, (nextRunTimeStamp + thresHold), (runTimeStamp + thresHold));
int count = 0;
for (Object[] next : fingerprintUsernameList) {
count++;
// For each certificate update status.
String fingerprint = (String) next[0];
String username = (String) next[1];
// Get the certificate through a session bean
log.debug("Found a certificate we should notify. Username=" + username + ", fp=" + fingerprint);
Certificate cert = certificateStoreSession.findCertificateByFingerprint(new Admin(Admin.TYPE_INTERNALUSER), fingerprint);
UserDataVO userData = userAdminSession.findUser(getAdmin(), username);
if (userData != null) {
if (isSendToEndUsers()) {
if (userData.getEmail() == null || userData.getEmail().trim().equals("")) {
String msg = intres.getLocalizedMessage("services.errorworker.errornoemail", username);
log.info(msg);