Bug 642357 - CC Feature- Self-Test plugins only check for validity (missing CS.cfg changes)

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1596 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

5 files changed, 49 insertions, 7 deletions

diff --git a/pki/base/ca/shared/conf/CS.cfg b/pki/base/ca/shared/conf/CS.cfg
index 463859a98..8eab9d87f 100644
--- a/pki/base/ca/shared/conf/CS.cfg
+++ b/pki/base/ca/shared/conf/CS.cfg
@@ -45,6 +45,7 @@ preop.admin.name=Certificate System Administrator
 preop.admin.group=Certificate Manager Agents
 preop.admincert.profile=caAdminCert
 preop.pin=[PKI_RANDOM_NUMBER]
+ca.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing
 preop.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing
 preop.cert.signing.enable=true
 preop.cert.ocsp_signing.enable=true
@@ -1021,8 +1022,15 @@ request.assignee.enable=true
 selftests._000=##
 selftests._001=## Self Tests
 selftests._002=##
+selftests._003=## The Self-Test plugin SystemCertsVerification uses the
+selftests._004=## following parameters (where certusage is optional):
+selftests._005=## ca.cert.list = <list of cert tag names deliminated by ",">
+selftests._006=## ca.cert.<cert tag name>.nickname
+selftests._007=## ca.cert.<cert tag name>.certusage
+selftests._008=## 
 selftests.container.instance.CAPresence=com.netscape.cms.selftests.ca.CAPresence
 selftests.container.instance.CAValidity=com.netscape.cms.selftests.ca.CAValidity
+selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
 selftests.container.logger.bufferSize=512
 selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
 selftests.container.logger.enable=true
@@ -1034,10 +1042,11 @@ selftests.container.logger.maxFileSize=2000
 selftests.container.logger.register=false
 selftests.container.logger.rolloverInterval=2592000
 selftests.container.logger.type=transaction
-selftests.container.order.onDemand=CAPresence:critical, CAValidity:critical
-selftests.container.order.startup=CAPresence:critical, CAValidity:critical
+selftests.container.order.onDemand=CAPresence:critical, SystemCertsVerification:critical, CAValidity:critical
+selftests.container.order.startup=CAPresence:critical, SystemCertsVerification:critical
 selftests.plugin.CAPresence.CaSubId=ca
 selftests.plugin.CAValidity.CaSubId=ca
+selftests.plugin.SystemCertsVerification.SubId=ca
 smtp.host=localhost
 smtp.port=25
 subsystem.0.class=com.netscape.ca.CertificateAuthority
diff --git a/pki/base/kra/shared/conf/CS.cfg b/pki/base/kra/shared/conf/CS.cfg
index e3b5966a6..69a33d570 100644
--- a/pki/base/kra/shared/conf/CS.cfg
+++ b/pki/base/kra/shared/conf/CS.cfg
@@ -35,6 +35,7 @@ preop.admin.name=Data Recovery Manager Administrator
 preop.admin.group=Data Recovery Manager Agents
 preop.admincert.profile=caAdminCert
 preop.pin=[PKI_RANDOM_NUMBER]
+kra.cert.list=transport,storage,sslserver,subsystem,audit_signing
 preop.cert.list=transport,storage,sslserver,subsystem,audit_signing
 preop.cert.transport.enable=true
 preop.cert.storage.enable=true
@@ -325,7 +326,14 @@ registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg
 selftests._000=##
 selftests._001=## Self Tests
 selftests._002=##
+selftests._003=## The Self-Test plugin SystemCertsVerification uses the 
+selftests._004=## following parameters (where certusage is optional):
+selftests._005=## kra.cert.list = <list of cert tag names deliminated by ",">
+selftests._006=## kra.cert.<cert tag name>.nickname
+selftests._007=## kra.cert.<cert tag name>.certusage
+selftests._008=##
 selftests.container.instance.KRAPresence=com.netscape.cms.selftests.kra.KRAPresence
+selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
 selftests.container.logger.bufferSize=512
 selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
 selftests.container.logger.enable=true
@@ -338,8 +346,9 @@ selftests.container.logger.register=false
 selftests.container.logger.rolloverInterval=2592000
 selftests.container.logger.type=transaction
 selftests.container.order.onDemand=KRAPresence:critical
-selftests.container.order.startup=
+selftests.container.order.startup=SystemCertsVerification:critical
 selftests.plugin.KRAPresence.SubId=kra
+selftests.plugin.SystemCertsVerification.SubId=kra
 smtp.host=localhost
 smtp.port=25
 subsystem.0.class=com.netscape.kra.KeyRecoveryAuthority
diff --git a/pki/base/ocsp/shared/conf/CS.cfg b/pki/base/ocsp/shared/conf/CS.cfg
index 89bd35c3b..79b045ee6 100644
--- a/pki/base/ocsp/shared/conf/CS.cfg
+++ b/pki/base/ocsp/shared/conf/CS.cfg
@@ -39,6 +39,7 @@ preop.configModules.module2.commonName=lunasa
 preop.configModules.module2.imagePath=../img/clearpixel.gif
 preop.configModules.count=3
 preop.module.token=Internal Key Storage Token
+ocsp.cert.list=signing,sslserver,subsystem,audit_signing
 preop.cert.list=signing,sslserver,subsystem,audit_signing
 preop.cert.ocsp_signing.enable=true
 preop.cert.sslserver.enable=true
@@ -279,8 +280,15 @@ registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg
 selftests._000=##
 selftests._001=## Self Tests
 selftests._002=##
+selftests._003=## The Self-Test plugin SystemCertsVerification uses the
+selftests._004=## following parameters (where certusage is optional):
+selftests._005=## ocsp.cert.list = <list of cert tag names deliminated by ",">
+selftests._006=## ocsp.cert.<cert tag name>.nickname
+selftests._007=## ocsp.cert.<cert tag name>.certusage
+selftests._008=##
 selftests.container.instance.OCSPPresence=com.netscape.cms.selftests.ocsp.OCSPPresence
 selftests.container.instance.OCSPValidity=com.netscape.cms.selftests.ocsp.OCSPValidity
+selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
 selftests.container.logger.bufferSize=512
 selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
 selftests.container.logger.enable=true
@@ -292,10 +300,11 @@ selftests.container.logger.maxFileSize=2000
 selftests.container.logger.register=false
 selftests.container.logger.rolloverInterval=2592000
 selftests.container.logger.type=transaction
-selftests.container.order.onDemand=OCSPPresence:critical, OCSPValidity:critical
-selftests.container.order.startup=OCSPPresence:critical, OCSPValidity:critical
+selftests.container.order.onDemand=OCSPPresence:critical, SystemCertsVerification:critical, OCSPValidity:critical
+selftests.container.order.startup=OCSPPresence:critical, SystemCertsVerification:critical
 selftests.plugin.OCSPPresence.OcspSubId=ocsp
 selftests.plugin.OCSPValidity.OcspSubId=ocsp
+selftests.plugin.SystemCertsVerification.SubId=ocsp
 smtp.host=localhost
 smtp.port=25
 subsystem.0.class=com.netscape.ocsp.OCSPAuthority
diff --git a/pki/base/tks/shared/conf/CS.cfg b/pki/base/tks/shared/conf/CS.cfg
index d9e3580a1..158166316 100644
--- a/pki/base/tks/shared/conf/CS.cfg
+++ b/pki/base/tks/shared/conf/CS.cfg
@@ -30,6 +30,7 @@ preop.system.name=TKS
 preop.product.name=CS
 preop.product.version=
 preop.system.fullname=Token Key Service
+tks.cert.list=sslserver,subsystem,audit_signing
 preop.cert.list=sslserver,subsystem,audit_signing
 preop.cert.sslserver.enable=true
 preop.cert.subsystem.enable=true
@@ -267,7 +268,14 @@ registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg
 selftests._000=##
 selftests._001=## Self Tests
 selftests._002=##
+selftests._003=## The Self-Test plugin SystemCertsVerification uses the
+selftests._004=## following parameters (where certusage is optional):
+selftests._005=## tks.cert.list = <list of cert tag names deliminated by ",">
+selftests._006=## tks.cert.<cert tag name>.nickname
+selftests._007=## tks.cert.<cert tag name>.certusage
+selftests._008=##
 selftests.container.instance.TKSKnownSessionKey=com.netscape.cms.selftests.tks.TKSKnownSessionKey
+selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
 selftests.container.logger.bufferSize=512
 selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
 selftests.container.logger.enable=true
@@ -279,8 +287,8 @@ selftests.container.logger.maxFileSize=2000
 selftests.container.logger.register=false
 selftests.container.logger.rolloverInterval=2592000
 selftests.container.logger.type=transaction
-selftests.container.order.onDemand=TKSKnownSessionKey:critical
-selftests.container.order.startup=TKSKnownSessionKey:critical
+selftests.container.order.onDemand=TKSKnownSessionKey:critical, SystemCertsVerification:critical
+selftests.container.order.startup=TKSKnownSessionKey:critical, SystemCertsVerification:critical
 selftests.plugin.TKSKnownSessionKey.CUID=#a0#01#92#03#04#05#06#07#08#c9
 selftests.plugin.TKSKnownSessionKey.TksSubId=tks
 selftests.plugin.TKSKnownSessionKey.cardChallenge=#bd#6d#19#85#6e#54#0f#cd
@@ -290,6 +298,7 @@ selftests.plugin.TKSKnownSessionKey.macKey=#40#41#42#43#44#45#46#47#48#49#4a#4b#
 selftests.plugin.TKSKnownSessionKey.sessionKey=#d1#be#b8#26#dc#56#20#25#8c#93#e7#de#f0#ab#4f#5b
 selftests.plugin.TKSKnownSessionKey.token=Internal Key Storage Token
 selftests.plugin.TKSKnownSessionKey.useSoftToken=true
+selftests.plugin.SystemCertsVerification.SubId=tks
 smtp.host=localhost
 smtp.port=25
 subsystem.0.class=com.netscape.tks.TKSAuthority
diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg
index b03846361..3750c6da0 100644
--- a/pki/base/tps/doc/CS.cfg
+++ b/pki/base/tps/doc/CS.cfg
@@ -31,6 +31,12 @@ cs.type=TPS
 selftests._000=##
 selftests._001=## Self Tests
 selftests._002=##
+selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the
+selftests._004=## following parameters (where certusage is optional):
+selftests._005=## tps.cert.list = <list of cert tag names deliminated by ",">
+selftests._006=## tps.cert.<cert tag name>.nickname
+selftests._007=## tps.cert.<cert tag name>.certusage
+selftests._008=##
 selftests.container.logger.enable=true
 selftests.container.logger.expirationTime=0
 selftests.container.logger.file.type=RollingLogFile