Implement additional tests for ARI renewal checks

webprofusion-chrisc · webprofusion-chrisc · commit a76f39f752f9 · 2025-06-24T18:52:41.000+08:00
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
@@ -28,7 +28,7 @@ public partial class CertifyManager
         /// </summary>
         /// <param name="managedItem"></param>
         /// <returns></returns>
-        public async Task<IACMEClientProvider> GetACMEProvider(ManagedCertificate managedItem, AccountDetails caAccount)
+        public virtual async Task<IACMEClientProvider> GetACMEProvider(ManagedCertificate managedItem, AccountDetails caAccount)
         {
             // determine account to use for the given managed cert
 
@@ -106,7 +106,7 @@ private async Task<IACMEClientProvider> GetACMEProvider(string storageKey, strin
         /// <param name="allowCache">if true, allow use of cached account list</param>
         /// <param name="allowFailover">if true, select a fallback CA account if item has recently failed renewal, if false use same account as last renewal/attempt</param>
         /// <returns>Account Details or null if there is no matching account</returns>
-        public async Task<AccountDetails> GetAccountDetails(ManagedCertificate item, bool allowCache = true, bool allowFailover = false, bool isResumedOrder = false)
+        public virtual async Task<AccountDetails> GetAccountDetails(ManagedCertificate item, bool allowCache = true, bool allowFailover = false, bool isResumedOrder = false)
         {
             if (OverrideAccountDetails != null)
             {
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
@@ -8,6 +8,7 @@
 using Certify.Models;
 using Certify.Models.Config;
 using Certify.Models.Hub;
+using Certify.Models.Providers;
 using Certify.Models.Shared;
 
 namespace Certify.Management
@@ -439,7 +440,7 @@ public virtual async Task<string> ComputeARICertificateId(ManagedCertificate ite
 #if NET9_0_OR_GREATER
             var x509Cert2 = System.Security.Cryptography.X509Certificates.X509CertificateLoader.LoadPkcs12FromFile(item.CertificatePath, await GetPfxPassword(item));
 #else
-            var x509Cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(File.ReadAllBytes(item.CertificatePath), await GetPfxPassword(item));
+                                            var x509Cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(File.ReadAllBytes(item.CertificatePath), await GetPfxPassword(item));
 #endif
             var ariCertId = item.ARICertificateId ?? Certify.Shared.Core.Utils.PKI.CertUtils.GetARICertIdBase64(x509Cert2);
             return ariCertId;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerMaintenanceTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerMaintenanceTests.cs
@@ -0,0 +1,120 @@
+﻿using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Certify.Management;
+using Certify.Models;
+using Certify.Models.Providers;
+using Certify.Models.Shared;
+using Microsoft.Extensions.Logging;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Moq;
+
+namespace Certify.Core.Tests.Unit
+{
+    [TestClass]
+    public class CertifyManagerMaintenanceTests
+    {
+        [DataTestMethod]
+        [DataRow(90, null, 1, 10, DisplayName = "No scheduled renewal, ARI window in future")]
+        [DataRow(90, 60, 1, 10, DisplayName = "Scheduled renewal in future, ARI window in future")]
+        [DataRow(10, null, -5, 5, DisplayName = "No scheduled renewal, ARI window started")]
+        [DataRow(10, 2, -5, 5, DisplayName = "Scheduled renewal soon, ARI window started")]
+        [DataRow(1, null, -10, -1, DisplayName = "No scheduled renewal, ARI window in past")]
+        [DataRow(1, 0, -10, -1, DisplayName = "Scheduled renewal now, ARI window in past")]
+        [DataRow(10, 2, -5, 5, true, DisplayName = "Revoked, Scheduled renewal soon, ARI window started")]
+        public async Task PerformRenewalInfoCheck_VariousInputs(
+            int expiryDays,
+            int? scheduledRenewalDays,
+            int renewalWindowStartOffset,
+            int renewalWindowEndOffset, bool revoked = false, bool alreadyScheduled = false)
+        {
+            // Arrange
+            var renewalWindow = new RenewalWindow
+            {
+                Start = DateTimeOffset.UtcNow.AddDays(renewalWindowStartOffset),
+                End = DateTimeOffset.UtcNow.AddDays(renewalWindowEndOffset)
+            };
+
+            var managerMock = GetMockCertifyManager(renewalWindow);
+
+            var completedRenewalInfoChecks = new List<string>();
+            var itemsWhichRequireRenewal = new List<string>();
+            var itemsViaARI = new Dictionary<string, DateTimeOffset>();
+            var directoryInfoCache = new Dictionary<string, AcmeDirectoryInfo>();
+            var managedCert = new ManagedCertificate
+            {
+                Id = "test-cert",
+                Name = "Test Cert",
+                CertificateThumbprintHash = "abc123",
+                DateExpiry = DateTimeOffset.UtcNow.AddDays(expiryDays),
+                CertificatePath = "dummy.pfx"
+            };
+
+            if (revoked)
+            {
+                managedCert.CertificateRevoked = true;
+            }
+
+            if (scheduledRenewalDays.HasValue)
+            {
+                managedCert.DateNextScheduledRenewalAttempt = DateTimeOffset.UtcNow.AddDays(scheduledRenewalDays.Value);
+            }
+
+            var log = new Loggy(LoggerFactory.Create(builder => builder.AddDebug()).CreateLogger<CertifyManagerMaintenanceTests>());
+
+            // Act
+            var newAriRenewalScheduled = await managerMock.Object.PerformRenewalInfoCheck(
+                log,
+                completedRenewalInfoChecks,
+                itemsWhichRequireRenewal,
+                itemsViaARI,
+                directoryInfoCache,
+                managedCert
+            );
+
+            // Assert
+            Assert.IsTrue(completedRenewalInfoChecks.Contains("test-cert"), "Certificate ID should be added to completedRenewalInfoChecks");
+
+            var nextRenewal = ManagedCertificate.CalculateNextRenewalAttempt(managedCert, CoreAppSettings.Current.RenewalIntervalDays, CoreAppSettings.Current.RenewalIntervalMode ?? RenewalIntervalModes.DaysAfterLastRenewal);
+
+            if (newAriRenewalScheduled)
+            {
+                Assert.IsTrue(itemsViaARI.ContainsKey("test-cert"), "Certificate ID should be added to itemsViaARI");
+
+                if (nextRenewal.DateNextRenewalAttempt < DateTimeOffset.UtcNow)
+                {
+                    Assert.IsTrue(itemsWhichRequireRenewal.Contains("test-cert"), "Certificate ID should be added to itemsWhichRequireRenewal");
+                }
+            }
+            else
+            {
+                Assert.IsFalse(itemsViaARI.ContainsKey("test-cert"), "Certificate ID should not be added to itemsViaARI if no renewal is scheduled");
+            }
+        }
+
+        private Mock<CertifyManager> GetMockCertifyManager(RenewalWindow mockRenewalWindow)
+        {
+            var mockAcmeProvider = new Mock<IACMEClientProvider>();
+
+            mockAcmeProvider.Setup(p => p.GetRenewalInfo(It.IsAny<string>()))
+                .ReturnsAsync(new RenewalInfo
+                {
+                    SuggestedWindow = mockRenewalWindow,
+                    ExplanationURL = new Uri("https://example.com/renewalinfo")
+                });
+            mockAcmeProvider.Setup(p => p.GetAcmeDirectory()).ReturnsAsync(new AcmeDirectoryInfo { RenewalInfo = new Uri("https://example-acme.com/renewalinfo") });
+            mockAcmeProvider.Setup(p => p.GetAcmeBaseURI()).Returns("https://example-acme.com/");
+
+            var managerMock = new Mock<CertifyManager>();
+
+            managerMock.Setup(m => m.GetAccountDetails(It.IsAny<ManagedCertificate>(), It.IsAny<bool>(), It.IsAny<bool>(), It.IsAny<bool>()))
+                .ReturnsAsync(new AccountDetails());
+
+            managerMock.Setup(m => m.GetACMEProvider(It.IsAny<ManagedCertificate>(), It.IsAny<AccountDetails>())).ReturnsAsync(mockAcmeProvider.Object);
+
+            managerMock.Setup(m => m.ComputeARICertificateId(It.IsAny<ManagedCertificate>())).ReturnsAsync("ARICertId12345");
+
+            return managerMock;
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public partial class CertifyManager`
`28`	`28`	`/// </summary>`
`29`	`29`	`/// <param name="managedItem"></param>`
`30`	`30`	`/// <returns></returns>`
`31`		`- public async Task<IACMEClientProvider> GetACMEProvider(ManagedCertificate managedItem, AccountDetails caAccount)`
	`31`	`+ public virtual async Task<IACMEClientProvider> GetACMEProvider(ManagedCertificate managedItem, AccountDetails caAccount)`
`32`	`32`	`{`
`33`	`33`	`// determine account to use for the given managed cert`
`34`	`34`
`@@ -106,7 +106,7 @@ private async Task<IACMEClientProvider> GetACMEProvider(string storageKey, strin`
`106`	`106`	`/// <param name="allowCache">if true, allow use of cached account list</param>`
`107`	`107`	`/// <param name="allowFailover">if true, select a fallback CA account if item has recently failed renewal, if false use same account as last renewal/attempt</param>`
`108`	`108`	`/// <returns>Account Details or null if there is no matching account</returns>`
`109`		`- public async Task<AccountDetails> GetAccountDetails(ManagedCertificate item, bool allowCache = true, bool allowFailover = false, bool isResumedOrder = false)`
	`109`	`+ public virtual async Task<AccountDetails> GetAccountDetails(ManagedCertificate item, bool allowCache = true, bool allowFailover = false, bool isResumedOrder = false)`
`110`	`110`	`{`
`111`	`111`	`if (OverrideAccountDetails != null)`
`112`	`112`	`{`