diff options
author | Endi S. Dewata <edewata@redhat.com> | 2015-12-01 23:34:41 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2015-12-01 21:10:43 +0100 |
commit | 6a9990784b3a5ff18a800a288e8d1af173c7ae6e (patch) | |
tree | ff43c432f868edb0765180d41c09e6f358d666c0 /base/server/cms/src/com/netscape | |
parent | c44d643c8f1f1b34004e8a1c5eedbcb75e46860d (diff) | |
download | pki-6a9990784b3a5ff18a800a288e8d1af173c7ae6e.tar.gz pki-6a9990784b3a5ff18a800a288e8d1af173c7ae6e.tar.xz pki-6a9990784b3a5ff18a800a288e8d1af173c7ae6e.zip |
Fixed selftest error handling.
The selftest has been modified to throw an exception and provide
more specific error message if a test fails in order to help
troubleshoot the problem.
https://fedorahosted.org/pki/ticket/1328
Diffstat (limited to 'base/server/cms/src/com/netscape')
3 files changed, 25 insertions, 20 deletions
diff --git a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java index 5c1e97bfa..e4fc1cbe2 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java +++ b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java @@ -189,18 +189,20 @@ public class SystemCertsVerification */ public void runSelfTest(ILogEventListener logger) throws Exception { - boolean status = CMS.verifySystemCerts(); - if (!status) { + try { + CMS.verifySystemCerts(); + + String logMessage = CMS.getLogMessage( + "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + + } catch (Exception e) { String logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new Exception(logMessage); + throw e; } - - String logMessage = CMS.getLogMessage( - "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", - getSelfTestName()); - mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java index 1686ba564..f734f67c0 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java +++ b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java @@ -363,8 +363,6 @@ public class TKSKnownSessionKey mSelfTestSubsystem.log(logger, logMessage); throw e; } - - return; } private void generateSessionKey(String sharedSecretName) throws Exception { diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index b6325b71d..18be8a854 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -38,11 +38,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.PQGParams; @@ -80,6 +75,11 @@ import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.util.Utils; import com.netscape.symkey.SessionKey; +import netscape.security.x509.BasicConstraintsExtension; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + /** * A class representings an administration servlet. This * servlet is responsible to serve Certificate Server @@ -2191,9 +2191,12 @@ public final class CMSAdminServlet extends AdminServlet { modifyRADMCert(nickname); } - boolean verified = CMS.verifySystemCertByNickname(nickname, null); - if (verified == true) { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded: " + nickname); + boolean verified = false; + try { + CMS.debug("CMSAdminServlet: verifying system certificate " + nickname); + CMS.verifySystemCertByNickname(nickname, null); + verified = true; + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, auditSubjectID, @@ -2201,8 +2204,9 @@ public final class CMSAdminServlet extends AdminServlet { nickname); audit(auditMessage); - } else { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed: " + nickname); + + } catch (Exception e) { + CMS.debug(e); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, auditSubjectID, @@ -2211,6 +2215,7 @@ public final class CMSAdminServlet extends AdminServlet { audit(auditMessage); } + // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, |