Bug 642357 - CC Feature- Self-Test plugins only check for validity - (TPS part)

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1594 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

7 files changed, 293 insertions, 7 deletions

diff --git a/pki/base/tps/Makefile.am b/pki/base/tps/Makefile.am
index 9bb9d7665..011a0defd 100644
--- a/pki/base/tps/Makefile.am
+++ b/pki/base/tps/Makefile.am
@@ -359,6 +359,7 @@ libtps_la_SOURCES =	src/main/Buffer.cpp                        \
 					src/processor/RA_Unblock_Processor.cpp     \
 					src/processor/RA_Format_Processor.cpp      \
 					src/selftests/SelfTest.cpp                 \
+					src/selftests/TPSSystemCertsVerification.cpp  \
 					src/selftests/TPSPresence.cpp              \
 					src/selftests/TPSValidity.cpp
 
diff --git a/pki/base/tps/Makefile.in b/pki/base/tps/Makefile.in
index 2b692972c..2d155c19c 100644
--- a/pki/base/tps/Makefile.in
+++ b/pki/base/tps/Makefile.in
@@ -231,6 +231,7 @@ am_libtps_la_OBJECTS = src/main/libtps_la-Buffer.lo \
 	src/processor/libtps_la-RA_Unblock_Processor.lo \
 	src/processor/libtps_la-RA_Format_Processor.lo \
 	src/selftests/libtps_la-SelfTest.lo \
+	src/selftests/libtps_la-TPSSystemCertsVerification.lo \
 	src/selftests/libtps_la-TPSPresence.lo \
 	src/selftests/libtps_la-TPSValidity.lo
 libtps_la_OBJECTS = $(am_libtps_la_OBJECTS)
@@ -836,6 +837,7 @@ libtps_la_SOURCES = src/main/Buffer.cpp                        \
 					src/processor/RA_Unblock_Processor.cpp     \
 					src/processor/RA_Format_Processor.cpp      \
 					src/selftests/SelfTest.cpp                 \
+					src/selftests/TPSSystemCertsVerification.cpp \
 					src/selftests/TPSPresence.cpp              \
 					src/selftests/TPSValidity.cpp
 
@@ -1343,6 +1345,8 @@ src/selftests/$(DEPDIR)/$(am__dirstamp):
 	@: > src/selftests/$(DEPDIR)/$(am__dirstamp)
 src/selftests/libtps_la-SelfTest.lo: src/selftests/$(am__dirstamp) \
 	src/selftests/$(DEPDIR)/$(am__dirstamp)
+src/selftests/libtps_la-TPSSystemCertsVerification.lo: src/selftests/$(am__dirstamp) \
+	src/selftests/$(DEPDIR)/$(am__dirstamp)
 src/selftests/libtps_la-TPSPresence.lo: src/selftests/$(am__dirstamp) \
 	src/selftests/$(DEPDIR)/$(am__dirstamp)
 src/selftests/libtps_la-TPSValidity.lo: src/selftests/$(am__dirstamp) \
@@ -2174,6 +2178,8 @@ mostlyclean-compile:
 	-rm -f src/processor/libtps_la-RA_Unblock_Processor.lo
 	-rm -f src/selftests/libtps_la-SelfTest.$(OBJEXT)
 	-rm -f src/selftests/libtps_la-SelfTest.lo
+	-rm -f src/selftests/libtps_la-TPSSystemCertsVerification.$(OBJEXT)
+	-rm -f src/selftests/libtps_la-TPSSystemCertsVerification.lo
 	-rm -f src/selftests/libtps_la-TPSPresence.$(OBJEXT)
 	-rm -f src/selftests/libtps_la-TPSPresence.lo
 	-rm -f src/selftests/libtps_la-TPSValidity.$(OBJEXT)
@@ -2325,6 +2331,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-SelfTest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-TPSValidity.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@src/tus/$(DEPDIR)/libtokendb_la-tus_db.Plo@am__quote@
@@ -2982,6 +2989,13 @@ src/selftests/libtps_la-SelfTest.lo: src/selftests/SelfTest.cpp
 @AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/selftests/libtps_la-SelfTest.lo `test -f 'src/selftests/SelfTest.cpp' || echo '$(srcdir)/'`src/selftests/SelfTest.cpp
 
+src/selftests/libtps_la-TPSSystemCertsVerification.lo: src/selftests/TPSSystemCertsVerification.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/selftests/libtps_la-TPSSystemCertsVerification.lo -MD -MP -MF src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Tpo -c -o src/selftests/libtps_la-TPSSystemCertsVerification.lo `test -f 'src/selftests/TPSSystemCertsVerification.cpp' || echo '$(srcdir)/'`src/selftests/TPSSystemCertsVerification.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Tpo src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/selftests/TPSSystemCertsVerification.cpp' object='src/selftests/libtps_la-TPSSystemCertsVerification.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/selftests/libtps_la-TPSSystemCertsVerification.lo `test -f 'src/selftests/TPSSystemCertsVerification.cpp' || echo '$(srcdir)/'`src/selftests/TPSSystemCertsVerification.cpp
+
 src/selftests/libtps_la-TPSPresence.lo: src/selftests/TPSPresence.cpp
 @am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/selftests/libtps_la-TPSPresence.lo -MD -MP -MF src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Tpo -c -o src/selftests/libtps_la-TPSPresence.lo `test -f 'src/selftests/TPSPresence.cpp' || echo '$(srcdir)/'`src/selftests/TPSPresence.cpp
 @am__fastdepCXX_TRUE@	$(am__mv) src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Tpo src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Plo
diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg
index d3edc908f..b03846361 100644
--- a/pki/base/tps/doc/CS.cfg
+++ b/pki/base/tps/doc/CS.cfg
@@ -38,8 +38,8 @@ selftests.container.logger.fileName=[SERVER_ROOT]/logs/selftests.log
 selftests.container.logger.level=10
 selftests.container.logger.maxFileSize=2000
 selftests.container.logger.rolloverInterval=2592000
-selftests.container.order.startup=TPSPresence:critical, TPSValidity:critical
-selftests.container.order.onDemand=TPSPresence:critical, TPSValidity:critical
+selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical
+selftests.container.order.onDemand=TPSPresence:critical, TPSValidity:critical, TPSSystemCertsVerification:critical
 selftests.plugin.TPSPresence.nickname=[HSM_LABEL][NICKNAME]
 selftests.plugin.TPSValidity.nickname=[HSM_LABEL][NICKNAME]
 service.machineName=[SERVER_NAME]
@@ -1561,9 +1561,10 @@ tps._000=########################################
 tps._001=# For verifying system certificates
 tps._002=# tps.cert.list=sslserver,subsystem,audit_signing
 tps._003=# tps.cert.sslserver.nickname=xxx
-tps._004=# tps.cert.sslserver.certusage=SSLServer
 tps._005=# tps.cert.subsystem.nickname=xxx
-tps._006=# tps.cert.subsystem.certusage=SSLClient
 tps._007=# tps.cert.audit_signing.nickname=xxx 
-tps._008=# tps.cert.audit_signing.certusage=EmailSigner
 tps._009=########################################
+tps.cert.list=sslserver,subsystem,audit_signing
+tps.cert.sslserver.nickname=[HSM_LABEL][NICKNAME]
+tps.cert.subsystem.nickname=[HSM_LABEL][NICKNAME]
+tps.cert.audit_signing.nickname=[HSM_LABEL][NICKNAME]
diff --git a/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm
index c4a420877..3513327a7 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm
@@ -403,16 +403,32 @@ $debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sen
 
     # set selftest variables (always use the "latest" subsystem nickname)
     my $selftestNickname = $::config->get( "preop.cert.subsystem.nickname" );
+    my $selftestNickname_sslserver = $::config->get( "preop.cert.sslserver.nickname" );
+    my $selftestNickname_audit_signing = $::config->get( "preop.cert.audit_signing.nickname" );
     if ($hw ne "") {
         $::config->put( "selftests.plugin.TPSPresence.nickname",
                         "$tk$selftestNickname" );
         $::config->put( "selftests.plugin.TPSValidity.nickname", 
                         "$tk$selftestNickname" );
+
+        $::config->put( "tps.cert.sslserver.nickname",
+                        "$tk$selftestNickname_sslserver" );
+        $::config->put( "tps.cert.subsystem.nickname",
+                        "$tk$selftestNickname" );
+        $::config->put( "tps.cert.audit_signing.nickname",
+                        "$tk$selftestNickname_audit_signing" );
     } else {
         $::config->put( "selftests.plugin.TPSPresence.nickname",
                         "$selftestNickname" );
         $::config->put( "selftests.plugin.TPSValidity.nickname", 
                         "$selftestNickname" );
+
+        $::config->put( "tps.cert.sslserver.nickname",
+                        "$selftestNickname_sslserver" );
+        $::config->put( "tps.cert.subsystem.nickname",
+                        "$selftestNickname" );
+        $::config->put( "tps.cert.audit_signing.nickname",
+                        "$selftestNickname_audit_signing" );
     }
     $::config->commit();
 
diff --git a/pki/base/tps/src/include/selftests/TPSSystemCertsVerification.h b/pki/base/tps/src/include/selftests/TPSSystemCertsVerification.h
new file mode 100644
index 000000000..40a4d3fd4
--- /dev/null
+++ b/pki/base/tps/src/include/selftests/TPSSystemCertsVerification.h
@@ -0,0 +1,76 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifndef TPSSYSTEMCERTSVERIFICATION_H
+#define TPSSYSTEMCERTSVERIFICATION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+// #include "main/Util.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#include "main/ConfigStore.h"
+#include "selftests/SelfTest.h"
+
+class TPSSystemCertsVerification : public SelfTest
+{
+
+  public:
+    TPSSystemCertsVerification();  
+    ~TPSSystemCertsVerification();
+    static void Initialize (ConfigStore *cfg);
+    static int  runSelfTest ();
+    static bool isStartupEnabled ();
+    static bool isOnDemandEnabled ();
+    static bool isStartupCritical ();
+    static bool isOnDemandCritical ();
+    static const char *TEST_NAME;
+
+  private: 
+    static bool startupEnabled;
+    static bool onDemandEnabled;
+    static bool startupCritical;
+    static bool onDemandCritical;
+    static int  initialized;
+    static const char *CRITICAL_TEST_NAME;
+    static const char *UNINITIALIZED_NICKNAME;
+    static const char *SUBSYSTEM_NICKNAME;
+};
+
+#endif
diff --git a/pki/base/tps/src/selftests/SelfTest.cpp b/pki/base/tps/src/selftests/SelfTest.cpp
index 91c51afc3..93dc73d21 100644
--- a/pki/base/tps/src/selftests/SelfTest.cpp
+++ b/pki/base/tps/src/selftests/SelfTest.cpp
@@ -51,12 +51,13 @@ extern "C"
 #include "selftests/SelfTest.h"
 #include "selftests/TPSPresence.h"
 #include "selftests/TPSValidity.h"
+#include "selftests/TPSSystemCertsVerification.h"
 
 
 const char *SelfTest::CFG_SELFTEST_STARTUP = "selftests.container.order.startup";
 const char *SelfTest::CFG_SELFTEST_ONDEMAND = "selftests.container.order.onDemand";
-const int  SelfTest::nTests = 2;
-const char *SelfTest::TEST_NAMES[SelfTest::nTests] = { TPSPresence::TEST_NAME, TPSValidity::TEST_NAME };
+const int  SelfTest::nTests = 3;
+const char *SelfTest::TEST_NAMES[SelfTest::nTests] = { TPSPresence::TEST_NAME, TPSValidity::TEST_NAME, TPSSystemCertsVerification::TEST_NAME };
 
 int SelfTest::isInitialized = 0;
 
@@ -74,6 +75,7 @@ void SelfTest::Initialize (ConfigStore *cfg)
         SelfTest::isInitialized = 1;
         TPSPresence::Initialize (cfg);
         TPSValidity::Initialize (cfg);
+        TPSSystemCertsVerification::Initialize (cfg);
         SelfTest::isInitialized = 2;
     }
     RA::SelfTestLog("SelfTest::Initialize", "%s", ((isInitialized==2)?"successfully completed":"failed"));
@@ -121,6 +123,18 @@ int SelfTest::runStartUpSelfTests (const char *nickname)
     } else {
         RA::SelfTestLog("SelfTest::runStartUpSelfTests", "TPSValidity self test has been successfully completed.");
     }
+    if (TPSSystemCertsVerification::isStartupEnabled()) {
+        rc = TPSSystemCertsVerification::runSelfTest();
+    }
+    if (rc != 0 && TPSSystemCertsVerification::isStartupCritical()) {
+        if (rc > 0) rc *= -1;
+        RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Critical TPSSystemCertsVerification self test failure: %d", rc);
+        return rc;
+    } else if (rc != 0) {
+        RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Noncritical TPSSystemCertsVerification self test failure: %d", rc);
+    } else {
+        RA::SelfTestLog("SelfTest::runStartUpSelfTests", "TPSSystemCertsVerification self test has been successfully completed.");
+    }
     RA::SelfTestLog("SelfTest::runStartUpSelfTests", "done");
     return 0;
 }
@@ -153,6 +167,19 @@ int SelfTest::runOnDemandSelfTests ()
     } else {
         RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "TPSValidity self test has been successfully completed.");
     }
+
+    if (TPSSystemCertsVerification::isOnDemandEnabled()) {
+        rc = TPSSystemCertsVerification::runSelfTest();
+    }
+    if (rc != 0 && TPSSystemCertsVerification::isOnDemandCritical()) {
+        if (rc > 0) rc *= -1;
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Critical TPSSystemCertsVerification self test failure: %d", rc);
+        return rc;
+    } else if (rc != 0) {
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Noncritical TPSSystemCertsVerification self test failure: %d", rc);
+    } else {
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "TPSSystemCertsVerification self test has been successfully completed.");
+    }
     RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "done");
     return rc;
 }
@@ -162,6 +189,7 @@ int SelfTest::isOnDemandEnabled ()
     int n = 0;
     if (TPSPresence::isOnDemandEnabled()) n++;
     if (TPSValidity::isOnDemandEnabled()) n += 2;
+    if (TPSSystemCertsVerification::isOnDemandEnabled()) n += 4;
     return n;
 }
 
@@ -170,6 +198,7 @@ int SelfTest::isOnDemandCritical ()
     int n = 0;
     if (TPSPresence::isOnDemandCritical()) n++;
     if (TPSValidity::isOnDemandCritical()) n += 2;
+    if (TPSSystemCertsVerification::isOnDemandCritical()) n += 4;
     return n;
 }
 
diff --git a/pki/base/tps/src/selftests/TPSSystemCertsVerification.cpp b/pki/base/tps/src/selftests/TPSSystemCertsVerification.cpp
new file mode 100644
index 000000000..a89d18d04
--- /dev/null
+++ b/pki/base/tps/src/selftests/TPSSystemCertsVerification.cpp
@@ -0,0 +1,149 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+
+#include "cert.h"
+#include "certt.h"
+
+#ifdef __cplusplus
+}   
+#endif
+
+#include "engine/RA.h"
+#include "main/ConfigStore.h"
+#include "selftests/TPSSystemCertsVerification.h"
+
+
+int  TPSSystemCertsVerification::initialized = 0;
+bool TPSSystemCertsVerification::startupEnabled = false;
+bool TPSSystemCertsVerification::onDemandEnabled = false;
+bool TPSSystemCertsVerification::startupCritical = false;
+bool TPSSystemCertsVerification::onDemandCritical = false;
+const char *TPSSystemCertsVerification::CRITICAL_TEST_NAME = "TPSSystemCertsVerification:critical";
+const char *TPSSystemCertsVerification::TEST_NAME = "TPSSystemCertsVerification";
+// for testing if system is initialized
+const char *TPSSystemCertsVerification::UNINITIALIZED_NICKNAME = "[HSM_LABEL][NICKNAME]";
+const char *TPSSystemCertsVerification::SUBSYSTEM_NICKNAME= "tps.cert.subsystem.nickname";
+
+
+//default constructor
+TPSSystemCertsVerification::TPSSystemCertsVerification()
+{
+}
+
+TPSSystemCertsVerification::~TPSSystemCertsVerification()
+{
+}
+
+void TPSSystemCertsVerification::Initialize (ConfigStore *cfg)
+{
+    if (TPSSystemCertsVerification::initialized == 0) {
+        TPSSystemCertsVerification::initialized = 1;
+        const char* s = cfg->GetConfigAsString(CFG_SELFTEST_STARTUP);
+        if (s != NULL) {
+            if (PL_strstr (s, TPSSystemCertsVerification::CRITICAL_TEST_NAME) != NULL) {
+                startupCritical = true;
+                startupEnabled = true;
+            } else if (PL_strstr (s, TPSSystemCertsVerification::TEST_NAME) != NULL) {
+                startupEnabled = true;
+            }
+        }
+        const char* d = cfg->GetConfigAsString(CFG_SELFTEST_ONDEMAND);
+        if (d != NULL) {
+            if (PL_strstr (d, TPSSystemCertsVerification::CRITICAL_TEST_NAME) != NULL) {
+                onDemandCritical = true;
+                onDemandEnabled = true;
+            } else if (PL_strstr (d, TPSSystemCertsVerification::TEST_NAME) != NULL) {
+                onDemandEnabled = true;
+            }
+        }
+        char* n = (char*)(cfg->GetConfigAsString(TPSSystemCertsVerification::SUBSYSTEM_NICKNAME));
+        if (n != NULL && PL_strlen(n) > 0) {
+            if (PL_strstr (n, TPSSystemCertsVerification::UNINITIALIZED_NICKNAME) != NULL) {
+                TPSSystemCertsVerification::initialized = 0;
+            }
+        }
+        if (TPSSystemCertsVerification::initialized == 1) {
+            TPSSystemCertsVerification::initialized = 2;
+        }
+    }
+    RA::SelfTestLog("TPSSystemCertsVerification::Initialize", "%s", ((initialized==2)?"successfully completed":"failed"));
+}
+
+// Error codes:
+//   -1 -  failed system certs verification
+// critical errors are negative
+
+int TPSSystemCertsVerification::runSelfTest ()
+{
+    int rc = 0;
+
+    if (TPSSystemCertsVerification::initialized == 2) {
+        rc = RA::verifySystemCerts();
+        if (rc == true) {
+            return 0;
+        } else {
+            rc = -1;
+        }
+    }
+
+    return rc;
+}
+
+bool TPSSystemCertsVerification::isStartupEnabled ()
+{
+    return startupEnabled;
+}
+
+bool TPSSystemCertsVerification::isOnDemandEnabled ()
+{
+    return onDemandEnabled;
+}
+
+bool TPSSystemCertsVerification::isStartupCritical ()
+{
+    return startupCritical;
+}
+
+bool TPSSystemCertsVerification::isOnDemandCritical ()
+{
+    return onDemandCritical;
+}
+