diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2015-06-23 12:23:15 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2015-06-23 17:30:18 -0400 |
| commit | cc97f8628b23f8ea75308bb97a31307cb4f162b9 (patch) | |
| tree | 0e8eb0d56294eb7beedf0041f4ba6f8d9f0cf3fd /base/server/cms/src/com/netscape | |
| parent | e1e1e1867c3665def4738530d5c36a1f9801fdb9 (diff) | |
| download | pki-cc97f8628b23f8ea75308bb97a31307cb4f162b9.tar.gz pki-cc97f8628b23f8ea75308bb97a31307cb4f162b9.tar.xz pki-cc97f8628b23f8ea75308bb97a31307cb4f162b9.zip | |
Fixed selftests log message.
The SelfTestSubsystem has been modified to display a 'successful'
message only if all tests have passed. If a test fails, it will
log a failure, subsequent tests will not be executed, and the
subsystem will shutdown immediately.
The runSelfTest() in various tests have been cleaned up to throw
the original exception to help troubleshooting. The unused
RAPresence test has been removed.
https://fedorahosted.org/pki/ticket/1249
Diffstat (limited to 'base/server/cms/src/com/netscape')
10 files changed, 269 insertions, 627 deletions
diff --git a/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java b/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java index e77ece551..c77514f35 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java @@ -186,8 +186,7 @@ public abstract class ASelfTest * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public abstract void runSelfTest(ILogEventListener logger) - throws ESelfTestException; + public abstract void runSelfTest(ILogEventListener logger) throws Exception; } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java index 83caa0099..ab491c7e7 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java @@ -191,72 +191,55 @@ public class CAPresence * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - ICertificateAuthority ca = null; - X509CertImpl caCert = null; - X509Key caPubKey = null; - - ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); if (ca == null) { // log that the CA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the CA certificate - caCert = ca.getCACert(); - - if (caCert == null) { - // log that the CA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_CA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the CA certificate public key - try { - caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY); - - if (caPubKey == null) { - // log that something is seriously wrong with the CA - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_CORRUPT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(logMessage); - } - } catch (CertificateParsingException e) { - // log that something is seriously wrong with the CA - mSelfTestSubsystem.log(logger, - e.toString()); + // Retrieve the CA certificate + X509CertImpl caCert = ca.getCACert(); + if (caCert == null) { + // log that the CA is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(e.toString()); - } + // Retrieve the CA certificate public key + X509Key caPubKey; + try { + caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY); - // log that the CA is present - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_PRESENT", - getSelfTestName()); + } catch (CertificateParsingException e) { + // log that something is seriously wrong with the CA + mSelfTestSubsystem.log(logger, e.toString()); + throw e; + } - mSelfTestSubsystem.log(logger, - logMessage); + if (caPubKey == null) { + // log that something is seriously wrong with the CA + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_CORRUPT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + // log that the CA is present + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java b/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java index b1751ecb4..4d90be199 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java @@ -191,72 +191,56 @@ public class CAValidity * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - ICertificateAuthority ca = null; - X509CertImpl caCert = null; - - ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); if (ca == null) { // log that the CA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the CA certificate - caCert = ca.getCACert(); - - if (caCert == null) { - // log that the CA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_CA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the CA validity period - try { - caCert.checkValidity(); - } catch (CertificateNotYetValidException e) { - // log that the CA is not yet valid - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_YET_VALID", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } catch (CertificateExpiredException e) { - // log that the CA is expired - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_EXPIRED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - // log that the CA is valid - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_VALID", - getSelfTestName()); + // Retrieve the CA certificate + X509CertImpl caCert = ca.getCACert(); + if (caCert == null) { + // log that the CA is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the CA validity period + try { + caCert.checkValidity(); + + } catch (CertificateNotYetValidException e) { + // log that the CA is not yet valid + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_YET_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; + + } catch (CertificateExpiredException e) { + // log that the CA is expired + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_EXPIRED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; } - return; + // log that the CA is valid + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java index f5b0939f1..5c1e97bfa 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java +++ b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java @@ -185,29 +185,22 @@ public class SystemCertsVerification * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - boolean rc = false; - - rc = CMS.verifySystemCerts(); - if (rc == true) { - logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - } else { - logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - throw new ESelfTestException(logMessage); + public void runSelfTest(ILogEventListener logger) throws Exception { + + boolean status = CMS.verifySystemCerts(); + if (!status) { + String logMessage = CMS.getLogMessage( + "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + String logMessage = CMS.getLogMessage( + "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java index 832d2b747..ff0c3fbc2 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java +++ b/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java @@ -188,64 +188,46 @@ public class KRAPresence * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - IKeyRecoveryAuthority kra = null; - org.mozilla.jss.crypto.X509Certificate kraCert = null; - PublicKey kraPubKey = null; - - kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId); if (kra == null) { // log that the KRA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the KRA certificate - kraCert = kra.getTransportCert(); - - if (kraCert == null) { - // log that the RA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_KRA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the KRA certificate public key - kraPubKey = kraCert.getPublicKey(); - - if (kraPubKey == null) { - // log that something is seriously wrong with the KRA - logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_CORRUPT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - // log that the KRA is present - logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_PRESENT", - getSelfTestName()); + // Retrieve the KRA certificate + org.mozilla.jss.crypto.X509Certificate kraCert = kra.getTransportCert(); + if (kraCert == null) { + // log that the RA is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the KRA certificate public key + PublicKey kraPubKey = kraCert.getPublicKey(); + if (kraPubKey == null) { + // log that something is seriously wrong with the KRA + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_CORRUPT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + // log that the KRA is present + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java index a3d9e3ad3..db9d237fc 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java @@ -192,89 +192,66 @@ public class OCSPPresence * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - IOCSPAuthority ocsp = null; - ISigningUnit ocspSigningUnit = null; - X509CertImpl ocspCert = null; - X509Key ocspPubKey = null; - - ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); if (ocsp == null) { // log that the OCSP is not installed - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the OCSP signing unit - ocspSigningUnit = ocsp.getSigningUnit(); - - if (ocspSigningUnit == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP certificate - ocspCert = ocspSigningUnit.getCertImpl(); - - if (ocspCert == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP certificate public key - try { - ocspPubKey = (X509Key) - ocspCert.get(X509CertImpl.PUBLIC_KEY); - - if (ocspPubKey == null) { - // log that something is seriously wrong with the OCSP - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_CORRUPT", - getSelfTestName()); + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the OCSP signing unit + ISigningUnit ocspSigningUnit = ocsp.getSigningUnit(); + if (ocspSigningUnit == null) { + // log that the OCSP is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(logMessage); - } - } catch (CertificateParsingException e) { - // log that something is seriously wrong with the OCSP - mSelfTestSubsystem.log(logger, - e.toString()); + // Retrieve the OCSP certificate + X509CertImpl ocspCert = ocspSigningUnit.getCertImpl(); + if (ocspCert == null) { + // log that the OCSP is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(e.toString()); - } + // Retrieve the OCSP certificate public key + X509Key ocspPubKey; + try { + ocspPubKey = (X509Key)ocspCert.get(X509CertImpl.PUBLIC_KEY); - // log that the OCSP is present - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_PRESENT", - getSelfTestName()); + } catch (CertificateParsingException e) { + // log that something is seriously wrong with the OCSP + mSelfTestSubsystem.log(logger, e.toString()); + throw e; + } - mSelfTestSubsystem.log(logger, - logMessage); + if (ocspPubKey == null) { + // log that something is seriously wrong with the OCSP + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_CORRUPT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + // log that the OCSP is present + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java index 383779d22..6aadf842d 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java @@ -192,89 +192,68 @@ public class OCSPValidity * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { + public void runSelfTest(ILogEventListener logger) throws Exception { String logMessage = null; - IOCSPAuthority ocsp = null; - ISigningUnit ocspSigningUnit = null; - X509CertImpl ocspCert = null; - - ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); if (ocsp == null) { // log that the OCSP is not installed - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the OCSP signing unit - ocspSigningUnit = ocsp.getSigningUnit(); - - if (ocspSigningUnit == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP certificate - ocspCert = ocspSigningUnit.getCertImpl(); - - if (ocspCert == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP validity period - try { - ocspCert.checkValidity(); - } catch (CertificateNotYetValidException e) { - // log that the OCSP is not yet valid - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_YET_VALID", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } catch (CertificateExpiredException e) { - // log that the OCSP is expired - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_EXPIRED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(logMessage); - } + // Retrieve the OCSP signing unit + ISigningUnit ocspSigningUnit = ocsp.getSigningUnit(); + if (ocspSigningUnit == null) { + // log that the OCSP is not yet initialized + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - // log that the OCSP is valid - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_VALID", - getSelfTestName()); + // Retrieve the OCSP certificate + X509CertImpl ocspCert = ocspSigningUnit.getCertImpl(); + if (ocspCert == null) { + // log that the OCSP is not yet initialized + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the OCSP validity period + try { + ocspCert.checkValidity(); + + } catch (CertificateNotYetValidException e) { + // log that the OCSP is not yet valid + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_YET_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; + + } catch (CertificateExpiredException e) { + // log that the OCSP is expired + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_EXPIRED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; } - return; + // log that the OCSP is valid + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java deleted file mode 100644 index 6facd807c..000000000 --- a/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java +++ /dev/null @@ -1,261 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -// package statement // -/////////////////////// - -package com.netscape.cms.selftests.ra; - -/////////////////////// -// import statements // -/////////////////////// - -import java.security.PublicKey; -import java.util.Locale; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.logging.ILogEventListener; -import com.netscape.certsrv.ra.IRegistrationAuthority; -import com.netscape.certsrv.selftests.EDuplicateSelfTestException; -import com.netscape.certsrv.selftests.EInvalidSelfTestException; -import com.netscape.certsrv.selftests.EMissingSelfTestException; -import com.netscape.certsrv.selftests.ESelfTestException; -import com.netscape.certsrv.selftests.ISelfTestSubsystem; -import com.netscape.cms.selftests.ASelfTest; - -////////////////////// -// class definition // -////////////////////// - -/** - * This class implements a self test to check for RA presence. - * <P> - * - * <PRE> - * NOTE: This self-test is for Registration Authorities prior to - * Netscape Certificate Management System 7.0. It does NOT - * apply to the Registration Authority found in - * Red Hat Certificate System 7.3 or later (including - * ALL versions of Dogtag Certificate System). - * </PRE> - * <P> - * - * @deprecated - * @author mharmsen - * @author thomask - * @version $Revision$, $Date$ - */ -public class RAPresence - extends ASelfTest { - //////////////////////// - // default parameters // - //////////////////////// - - /////////////////////////// - // RAPresence parameters // - /////////////////////////// - - // parameter information - public static final String PROP_RA_SUB_ID = "RaSubId"; - private String mRaSubId = null; - - ///////////////////// - // default methods // - ///////////////////// - - //////////////////////// - // RAPresence methods // - //////////////////////// - - /** - * Initializes this subsystem with the configuration store - * associated with this instance name. - * <P> - * - * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance - * @param parameters configuration store (self test parameters) - * @exception EDuplicateSelfTestException subsystem has duplicate name/value - * @exception EInvalidSelfTestException subsystem has invalid name/value - * @exception EMissingSelfTestException subsystem has missing name/value - */ - public void initSelfTest(ISelfTestSubsystem subsystem, - String instanceName, - IConfigStore parameters) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException { - super.initSelfTest(subsystem, instanceName, parameters); - - // retrieve mandatory parameter(s) - try { - mRaSubId = mConfig.getString(PROP_RA_SUB_ID); - if (mRaSubId != null) { - mRaSubId = mRaSubId.trim(); - } else { - mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_RA_SUB_ID)); - - throw new EMissingSelfTestException(PROP_RA_SUB_ID); - } - } catch (EBaseException e) { - mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_RA_SUB_ID)); - - throw new EMissingSelfTestException(mPrefix, - PROP_RA_SUB_ID, - null); - } - - // retrieve optional parameter(s) - - return; - } - - /** - * Notifies this subsystem if it is in execution mode. - * <P> - * - * @exception ESelfTestException failed to start - */ - public void startupSelfTest() - throws ESelfTestException { - return; - } - - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. - * <P> - */ - public void shutdownSelfTest() { - return; - } - - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. - * <P> - * - * @return instanceName of this self test - */ - public String getSelfTestName() { - return super.getSelfTestName(); - } - - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. - * <P> - * - * @return configuration store (self test parameters) of this subsystem - */ - public IConfigStore getSelfTestConfigStore() { - return super.getSelfTestConfigStore(); - } - - /** - * Retrieves description associated with an individual self test. - * This method may return null. - * <P> - * - * @param locale locale of the client that requests the description - * @return description of self test - */ - public String getSelfTestDescription(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION"); - } - - /** - * Execute an individual self test. - * <P> - * - * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception - */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - IRegistrationAuthority ra = null; - org.mozilla.jss.crypto.X509Certificate raCert = null; - PublicKey raPubKey = null; - - ra = (IRegistrationAuthority) CMS.getSubsystem(mRaSubId); - - if (ra == null) { - // log that the RA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the RA certificate - raCert = ra.getRACert(); - - if (raCert == null) { - // log that the RA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_RA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the RA certificate public key - raPubKey = raCert.getPublicKey(); - - if (raPubKey == null) { - // log that something is seriously wrong with the RA - logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_CORRUPT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // log that the RA is present - logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - } - - return; - } -} diff --git a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java index d5e7c11ad..1686ba564 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java +++ b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java @@ -104,7 +104,7 @@ public class TKSKnownSessionKey mMacKey = getConfigByteArray("macKey", 16); mUseSoftToken = getConfigString("useSoftToken"); - // AC: KDF SPEC CHANGE + // AC: KDF SPEC CHANGE // read CUID for the KDD field mKDD = getConfigByteArray("CUID", 10); // @@ -143,7 +143,7 @@ public class TKSKnownSessionKey getSelfTestName(), mPrefix + ".nistSP800-108KdfUseCuidAsKdd")); throw new EMissingSelfTestException("nistSP800-108KdfUseCuidAsKdd"); } - + String defKeySetMacKey = null; tks = CMS.getSubsystem(mTksSubId); if (tks != null) { @@ -175,7 +175,7 @@ public class TKSKnownSessionKey if (mSessionKey == null) { mSessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName, mCardChallenge, mHostChallenge, - mKeyInfo, + mKeyInfo, mNistSP800_108KdfOnKeyVersion, // AC: KDF SPEC CHANGE - pass in configuration self-test value mNistSP800_108KdfUseCuidAsKdd, // AC: KDF SPEC CHANGE - pass in configuration self-test value mCUID, @@ -320,13 +320,12 @@ public class TKSKnownSessionKey * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - IConfigStore cs = CMS.getConfigStore(); - String sharedSecretName; + public void runSelfTest(ILogEventListener logger) throws Exception { + try { + IConfigStore cs = CMS.getConfigStore(); boolean useNewNames = cs.getBoolean("tks.useNewSharedSecretNames", false); if (useNewNames) { String tpsList = cs.getString("tps.list", ""); @@ -336,29 +335,39 @@ public class TKSKnownSessionKey } for (String tpsID : tpsList.split(",")) { - sharedSecretName = cs.getString("tps." + tpsID + ".nickname", ""); + String sharedSecretName = cs.getString("tps." + tpsID + ".nickname", ""); if (!sharedSecretName.isEmpty()) { CMS.debug("TKSKnownSessionKey: testing with key " + sharedSecretName); - generateSessionKey(logger, sharedSecretName); + generateSessionKey(sharedSecretName); } } + } else { // legacy systems - sharedSecretName = cs.getString("tks.tksSharedSymKeyName", "sharedSecret"); - generateSessionKey(logger, sharedSecretName); + String sharedSecretName = cs.getString("tks.tksSharedSymKeyName", "sharedSecret"); + generateSessionKey(sharedSecretName); } - } catch (EBaseException e) { - e.printStackTrace(); - CMS.debug("TKSKnownSessionKey: failed to read config file to set up test"); - String logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName()); + + String logMessage = CMS.getLogMessage( + "SELFTESTS_TKS_SUCCEEDED", + getSelfTestName(), + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + CMS.debug("TKSKnownSessionKey self test SUCCEEDED"); + + } catch (Exception e) { + String logMessage = CMS.getLogMessage( + "SELFTESTS_TKS_FAILED", + getSelfTestName(), + getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); + throw e; } + return; } - private void generateSessionKey(ILogEventListener logger, String sharedSecretName) throws ESelfTestException { - String logMessage; + private void generateSessionKey(String sharedSecretName) throws Exception { String keySet = "defKeySet"; byte[] sessionKey = SessionKey.ComputeSessionKey( @@ -374,14 +383,7 @@ public class TKSKnownSessionKey // For FIPS compliance, the routine now returns a wrapped key, which can't be extracted and compared. if (sessionKey == null) { CMS.debug("TKSKnownSessionKey: generated no session key"); - CMS.debug("TKSKnownSessionKey self test FAILED"); - logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName()); - mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); - } else { - logMessage = CMS.getLogMessage("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName()); - mSelfTestSubsystem.log(logger, logMessage); - CMS.debug("TKSKnownSessionKey self test SUCCEEDED"); + throw new Exception("No session key generated"); } } } diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index b8cf27cc5..b6325b71d 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -3248,7 +3248,11 @@ public final class CMSAdminServlet extends AdminServlet { // store this information for console notification content += "COMPLETED SUCCESSFULLY\n"; - } catch (ESelfTestException e) { + + } catch (Exception e) { + + CMS.debug(e); + // Check to see if the self test was critical: if (mSelfTestSubsystem.isSelfTestCriticalOnDemand( instanceName)) { |