Fixed selftest error handling.

The selftest has been modified to throw an exception and provide
more specific error message if a test fails in order to help
troubleshoot the problem.

https://fedorahosted.org/pki/ticket/1328

3 files changed, 25 insertions, 20 deletions

diff --git a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
index 5c1e97bfa..e4fc1cbe2 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
@@ -189,18 +189,20 @@ public class SystemCertsVerification
      */
     public void runSelfTest(ILogEventListener logger) throws Exception {
 
-        boolean status = CMS.verifySystemCerts();
-        if (!status) {
+        try {
+            CMS.verifySystemCerts();
+
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+
+        } catch (Exception e) {
             String logMessage = CMS.getLogMessage(
                     "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
                     getSelfTestName());
             mSelfTestSubsystem.log(logger, logMessage);
-            throw new Exception(logMessage);
+            throw e;
         }
-
-        String logMessage = CMS.getLogMessage(
-                "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
-                getSelfTestName());
-        mSelfTestSubsystem.log(logger, logMessage);
     }
 }
diff --git a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
index 1686ba564..f734f67c0 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
@@ -363,8 +363,6 @@ public class TKSKnownSessionKey
             mSelfTestSubsystem.log(logger, logMessage);
             throw e;
         }
-
-        return;
     }
 
     private void generateSessionKey(String sharedSecretName) throws Exception {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index b6325b71d..18be8a854 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -38,11 +38,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.crypto.CryptoToken;
 import org.mozilla.jss.crypto.PQGParams;
@@ -80,6 +75,11 @@ import com.netscape.cmsutil.util.Cert;
 import com.netscape.cmsutil.util.Utils;
 import com.netscape.symkey.SessionKey;
 
+import netscape.security.x509.BasicConstraintsExtension;
+import netscape.security.x509.CertificateExtensions;
+import netscape.security.x509.X509CertImpl;
+import netscape.security.x509.X509CertInfo;
+
 /**
  * A class representings an administration servlet. This
  * servlet is responsible to serve Certificate Server
@@ -2191,9 +2191,12 @@ public final class CMSAdminServlet extends AdminServlet {
                 modifyRADMCert(nickname);
             }
 
-            boolean verified = CMS.verifySystemCertByNickname(nickname, null);
-            if (verified == true) {
-                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded: " + nickname);
+            boolean verified = false;
+            try {
+                CMS.debug("CMSAdminServlet: verifying system certificate " + nickname);
+                CMS.verifySystemCertByNickname(nickname, null);
+                verified = true;
+
                 auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
                         auditSubjectID,
@@ -2201,8 +2204,9 @@ public final class CMSAdminServlet extends AdminServlet {
                                 nickname);
 
                 audit(auditMessage);
-            } else {
-                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed: " + nickname);
+
+            } catch (Exception e) {
+                CMS.debug(e);
                 auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
                                 auditSubjectID,
@@ -2211,6 +2215,7 @@ public final class CMSAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
             }
+
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,