diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-24 02:27:47 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-26 11:43:54 -0500 |
| commit | 621d9e5c413e561293d7484b93882d985b3fe15f (patch) | |
| tree | 638f3d75761c121d9a8fb50b52a12a6686c5ac5c /base/tps/src/selftests | |
| parent | 40d3643b8d91886bf210aa27f711731c81a11e49 (diff) | |
| download | pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip | |
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
Diffstat (limited to 'base/tps/src/selftests')
| -rw-r--r-- | base/tps/src/selftests/SelfTest.cpp | 220 | ||||
| -rw-r--r-- | base/tps/src/selftests/TPSPresence.cpp | 204 | ||||
| -rw-r--r-- | base/tps/src/selftests/TPSSystemCertsVerification.cpp | 149 | ||||
| -rw-r--r-- | base/tps/src/selftests/TPSValidity.cpp | 215 |
4 files changed, 788 insertions, 0 deletions
diff --git a/base/tps/src/selftests/SelfTest.cpp b/base/tps/src/selftests/SelfTest.cpp new file mode 100644 index 000000000..71266d581 --- /dev/null +++ b/base/tps/src/selftests/SelfTest.cpp @@ -0,0 +1,220 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; +// version 2.1 of the License. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, +// Boston, MA 02110-1301 USA +// +// Copyright (C) 2010 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +#ifdef __cplusplus +extern "C" +{ +#endif +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> + +#include "prmem.h" +#include "prsystem.h" +#include "plstr.h" +#include "prio.h" + +#include "cert.h" +#include "certt.h" + +#ifdef __cplusplus +} +#endif + +#include "engine/RA.h" +#include "main/ConfigStore.h" +#include "selftests/SelfTest.h" +#include "selftests/TPSPresence.h" +#include "selftests/TPSValidity.h" +#include "selftests/TPSSystemCertsVerification.h" + + +const char *SelfTest::CFG_SELFTEST_STARTUP = "selftests.container.order.startup"; +const char *SelfTest::CFG_SELFTEST_ONDEMAND = "selftests.container.order.onDemand"; +const int SelfTest::nTests = 3; +const char *SelfTest::TEST_NAMES[SelfTest::nTests] = { TPSPresence::TEST_NAME, TPSValidity::TEST_NAME, TPSSystemCertsVerification::TEST_NAME }; + +int SelfTest::isInitialized = 0; +int SelfTest::StartupSystemCertsVerificationRun = 0; + +SelfTest::SelfTest() +{ +} + +SelfTest::~SelfTest() +{ +} + +void SelfTest::Initialize (ConfigStore *cfg) +{ + if (SelfTest::isInitialized == 0) { + SelfTest::isInitialized = 1; + TPSPresence::Initialize (cfg); + TPSValidity::Initialize (cfg); + TPSSystemCertsVerification::Initialize (cfg); + SelfTest::isInitialized = 2; + } + RA::SelfTestLog("SelfTest::Initialize", "%s", ((isInitialized==2)?"successfully completed":"failed")); +} + +// Error codes: +// -1 - missing cert db handle +// 2 - missing cert +// -3 - missing cert nickname +// 4 - secCertTimeExpired +// 5 - secCertTimeNotValidYet +// critical errors are negative + +int SelfTest::runStartUpSelfTests (const char *nickname) +{ + int rc = 0; + CERTCertificate *cert = 0; + + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "per cert selftests starting for %s", nickname); + if (TPSPresence::isStartupEnabled()) { + rc = TPSPresence::runSelfTest(nickname, &cert); + } + if (rc != 0 && TPSPresence::isStartupCritical()) { + if (rc > 0) rc *= -1; + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Critical TPSPresence self test failure: %d", rc); + return rc; + } else if (rc != 0) { + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Noncritical TPSPresence self test failure: %d", rc); + } else { + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "TPSPresence self test has been successfully completed."); + } + if (TPSValidity::isStartupEnabled()) { + rc = TPSValidity::runSelfTest(nickname, cert); + } + if (cert != 0) { + CERT_DestroyCertificate (cert); + cert = 0; + } + if (rc != 0 && TPSValidity::isStartupCritical()) { + if (rc > 0) rc *= -1; + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Critical TPSValidity self test failure: %d", rc); + return rc; + } else if (rc != 0) { + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Noncritical TPSValidity self test failure: %d", rc); + } else { + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "TPSValidity self test has been successfully completed."); + } + + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "per cert selftests done for %s", nickname); + return 0; +} + +int SelfTest::runStartUpSelfTests () +{ + int rc = 0; + + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "general selftests starting"); + /* this only needs to run once at startup */ + if (SelfTest::StartupSystemCertsVerificationRun == 0) { + if (TPSSystemCertsVerification::isStartupEnabled()) { + rc = TPSSystemCertsVerification::runSelfTest(); + } + if (rc != 0 && TPSSystemCertsVerification::isStartupCritical()) { + if (rc > 0) rc *= -1; + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Critical TPSSystemCertsVerification self test failure: %d", rc); + return rc; + } else if (rc != 0) { + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Noncritical TPSSystemCertsVerification self test failure: %d", rc); + } else { + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "TPSSystemCertsVerification self test has been successfully completed."); + } + SelfTest::StartupSystemCertsVerificationRun = 1; + } + + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "general selftests done"); + return 0; +} + +int SelfTest::runOnDemandSelfTests () +{ + int rc = 0; + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "starting"); + if (TPSPresence::isOnDemandEnabled()) { + rc = TPSPresence::runSelfTest(); + } + if (rc != 0 && TPSPresence::isOnDemandCritical()) { + if (rc > 0) rc *= -1; + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Critical TPSPresence self test failure: %d", rc); + return rc; + } else if (rc != 0) { + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Noncritical TPSPresence self test failure: %d", rc); + } else { + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "TPSPresence self test has been successfully completed."); + } + if (TPSValidity::isOnDemandEnabled()) { + rc = TPSValidity::runSelfTest(); + } + if (rc != 0 && TPSValidity::isOnDemandCritical()) { + if (rc > 0) rc *= -1; + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Critical TPSValidity self test failure: %d", rc); + return rc; + } else if (rc != 0) { + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Noncritical TPSValidity self test failure: %d", rc); + } else { + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "TPSValidity self test has been successfully completed."); + } + + if (TPSSystemCertsVerification::isOnDemandEnabled()) { + rc = TPSSystemCertsVerification::runSelfTest(); + } + if (rc != 0 && TPSSystemCertsVerification::isOnDemandCritical()) { + if (rc > 0) rc *= -1; + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Critical TPSSystemCertsVerification self test failure: %d", rc); + return rc; + } else if (rc != 0) { + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Noncritical TPSSystemCertsVerification self test failure: %d", rc); + } else { + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "TPSSystemCertsVerification self test has been successfully completed."); + } + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "done"); + return rc; +} + +int SelfTest::isOnDemandEnabled () +{ + int n = 0; + if (TPSPresence::isOnDemandEnabled()) n++; + if (TPSValidity::isOnDemandEnabled()) n += 2; + if (TPSSystemCertsVerification::isOnDemandEnabled()) n += 4; + return n; +} + +int SelfTest::isOnDemandCritical () +{ + int n = 0; + if (TPSPresence::isOnDemandCritical()) n++; + if (TPSValidity::isOnDemandCritical()) n += 2; + if (TPSSystemCertsVerification::isOnDemandCritical()) n += 4; + return n; +} + diff --git a/base/tps/src/selftests/TPSPresence.cpp b/base/tps/src/selftests/TPSPresence.cpp new file mode 100644 index 000000000..7f37fd0fb --- /dev/null +++ b/base/tps/src/selftests/TPSPresence.cpp @@ -0,0 +1,204 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; +// version 2.1 of the License. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, +// Boston, MA 02110-1301 USA +// +// Copyright (C) 2010 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +#ifdef __cplusplus +extern "C" +{ +#endif +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> + +#include "prmem.h" +#include "prsystem.h" +#include "plstr.h" +#include "prio.h" + +#include "cert.h" +#include "certt.h" + +#ifdef __cplusplus +} +#endif + +#include "engine/RA.h" +#include "main/ConfigStore.h" +#include "selftests/TPSPresence.h" + + +int TPSPresence::initialized = 0; +bool TPSPresence::startupEnabled = false; +bool TPSPresence::onDemandEnabled = false; +bool TPSPresence::startupCritical = false; +bool TPSPresence::onDemandCritical = false; +char *TPSPresence::nickname = 0; +const char *TPSPresence::UNINITIALIZED_NICKNAME = "[HSM_LABEL][NICKNAME]"; +const char *TPSPresence::NICKNAME_NAME = "selftests.plugin.TPSPresence.nickname"; +const char *TPSPresence::CRITICAL_TEST_NAME = "TPSPresence:critical"; +const char *TPSPresence::TEST_NAME = "TPSPresence"; + +//default constructor +TPSPresence::TPSPresence() +{ +} + +TPSPresence::~TPSPresence() +{ +} + +void TPSPresence::Initialize (ConfigStore *cfg) +{ + if (TPSPresence::initialized == 0) { + TPSPresence::initialized = 1; + const char* s = cfg->GetConfigAsString(CFG_SELFTEST_STARTUP); + if (s != 0) { + if (PL_strstr (s, TPSPresence::CRITICAL_TEST_NAME) != 0) { + startupCritical = true; + startupEnabled = true; + } else if (PL_strstr (s, TPSPresence::TEST_NAME) != 0) { + startupEnabled = true; + } + } + const char* d = cfg->GetConfigAsString(CFG_SELFTEST_ONDEMAND); + if (d != 0) { + if (PL_strstr (d, TPSPresence::CRITICAL_TEST_NAME) != 0) { + onDemandCritical = true; + onDemandEnabled = true; + } else if (PL_strstr (d, TPSPresence::TEST_NAME) != 0) { + onDemandEnabled = true; + } + } + char* n = (char*)(cfg->GetConfigAsString(TPSPresence::NICKNAME_NAME)); + if (n != 0 && PL_strlen(n) > 0) { + if (PL_strstr (n, TPSPresence::UNINITIALIZED_NICKNAME) != NULL) { + TPSPresence::initialized = 0; + } else { + TPSPresence::nickname = n; + } + + TPSPresence::nickname = n; + } + if (TPSPresence::initialized == 1) { + TPSPresence::initialized = 2; + } + } + RA::SelfTestLog("TPSPresence::Initialize", "%s", ((initialized==2)?"successfully completed":"failed")); +} + +// Error codes: +// -1 - missing cert db handle +// 2 - missing cert +// -3 - missing cert nickname +// 4 - secCertTimeExpired +// 5 - secCertTimeNotValidYet +// critical errors are negative + +int TPSPresence::runSelfTest () +{ + int rc = 0; + + if (TPSPresence::initialized == 2) { + if (TPSPresence::nickname != 0 && PL_strlen(TPSPresence::nickname) > 0) { + rc = TPSPresence::runSelfTest (TPSPresence::nickname); + } else { + rc = -3; + } + } + + return rc; +} + +int TPSPresence::runSelfTest (const char *nick_name) +{ + int rc = 0; + CERTCertDBHandle *handle = 0; + CERTCertificate *cert = 0; + + if (TPSPresence::initialized == 2) { + if (nick_name != 0 && PL_strlen(nick_name) > 0) { + handle = CERT_GetDefaultCertDB(); + if (handle != 0) { + cert = CERT_FindCertByNickname( handle, (char *) nick_name); + if (cert != 0) { + CERT_DestroyCertificate (cert); + cert = 0; + } else { + rc = 2; + } + } else { + rc = -1; + } + } else { + rc = TPSPresence::runSelfTest (); + } + } + + return rc; +} + +int TPSPresence::runSelfTest (const char *nick_name, CERTCertificate **cert) +{ + int rc = 0; + CERTCertDBHandle *handle = 0; + + if (TPSPresence::initialized == 2) { + handle = CERT_GetDefaultCertDB(); + if (handle != 0) { + *cert = CERT_FindCertByNickname( handle, (char *) nick_name); + if (*cert == NULL) { + rc = 2; + } + } else { + rc = 1; + } + } + + return rc; +} + +bool TPSPresence::isStartupEnabled () +{ + return startupEnabled; +} + +bool TPSPresence::isOnDemandEnabled () +{ + return onDemandEnabled; +} + +bool TPSPresence::isStartupCritical () +{ + return startupCritical; +} + +bool TPSPresence::isOnDemandCritical () +{ + return onDemandCritical; +} + + diff --git a/base/tps/src/selftests/TPSSystemCertsVerification.cpp b/base/tps/src/selftests/TPSSystemCertsVerification.cpp new file mode 100644 index 000000000..a89d18d04 --- /dev/null +++ b/base/tps/src/selftests/TPSSystemCertsVerification.cpp @@ -0,0 +1,149 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; +// version 2.1 of the License. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, +// Boston, MA 02110-1301 USA +// +// Copyright (C) 2010 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +#ifdef __cplusplus +extern "C" +{ +#endif +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> + +#include "prmem.h" +#include "prsystem.h" +#include "plstr.h" +#include "prio.h" + +#include "cert.h" +#include "certt.h" + +#ifdef __cplusplus +} +#endif + +#include "engine/RA.h" +#include "main/ConfigStore.h" +#include "selftests/TPSSystemCertsVerification.h" + + +int TPSSystemCertsVerification::initialized = 0; +bool TPSSystemCertsVerification::startupEnabled = false; +bool TPSSystemCertsVerification::onDemandEnabled = false; +bool TPSSystemCertsVerification::startupCritical = false; +bool TPSSystemCertsVerification::onDemandCritical = false; +const char *TPSSystemCertsVerification::CRITICAL_TEST_NAME = "TPSSystemCertsVerification:critical"; +const char *TPSSystemCertsVerification::TEST_NAME = "TPSSystemCertsVerification"; +// for testing if system is initialized +const char *TPSSystemCertsVerification::UNINITIALIZED_NICKNAME = "[HSM_LABEL][NICKNAME]"; +const char *TPSSystemCertsVerification::SUBSYSTEM_NICKNAME= "tps.cert.subsystem.nickname"; + + +//default constructor +TPSSystemCertsVerification::TPSSystemCertsVerification() +{ +} + +TPSSystemCertsVerification::~TPSSystemCertsVerification() +{ +} + +void TPSSystemCertsVerification::Initialize (ConfigStore *cfg) +{ + if (TPSSystemCertsVerification::initialized == 0) { + TPSSystemCertsVerification::initialized = 1; + const char* s = cfg->GetConfigAsString(CFG_SELFTEST_STARTUP); + if (s != NULL) { + if (PL_strstr (s, TPSSystemCertsVerification::CRITICAL_TEST_NAME) != NULL) { + startupCritical = true; + startupEnabled = true; + } else if (PL_strstr (s, TPSSystemCertsVerification::TEST_NAME) != NULL) { + startupEnabled = true; + } + } + const char* d = cfg->GetConfigAsString(CFG_SELFTEST_ONDEMAND); + if (d != NULL) { + if (PL_strstr (d, TPSSystemCertsVerification::CRITICAL_TEST_NAME) != NULL) { + onDemandCritical = true; + onDemandEnabled = true; + } else if (PL_strstr (d, TPSSystemCertsVerification::TEST_NAME) != NULL) { + onDemandEnabled = true; + } + } + char* n = (char*)(cfg->GetConfigAsString(TPSSystemCertsVerification::SUBSYSTEM_NICKNAME)); + if (n != NULL && PL_strlen(n) > 0) { + if (PL_strstr (n, TPSSystemCertsVerification::UNINITIALIZED_NICKNAME) != NULL) { + TPSSystemCertsVerification::initialized = 0; + } + } + if (TPSSystemCertsVerification::initialized == 1) { + TPSSystemCertsVerification::initialized = 2; + } + } + RA::SelfTestLog("TPSSystemCertsVerification::Initialize", "%s", ((initialized==2)?"successfully completed":"failed")); +} + +// Error codes: +// -1 - failed system certs verification +// critical errors are negative + +int TPSSystemCertsVerification::runSelfTest () +{ + int rc = 0; + + if (TPSSystemCertsVerification::initialized == 2) { + rc = RA::verifySystemCerts(); + if (rc == true) { + return 0; + } else { + rc = -1; + } + } + + return rc; +} + +bool TPSSystemCertsVerification::isStartupEnabled () +{ + return startupEnabled; +} + +bool TPSSystemCertsVerification::isOnDemandEnabled () +{ + return onDemandEnabled; +} + +bool TPSSystemCertsVerification::isStartupCritical () +{ + return startupCritical; +} + +bool TPSSystemCertsVerification::isOnDemandCritical () +{ + return onDemandCritical; +} + diff --git a/base/tps/src/selftests/TPSValidity.cpp b/base/tps/src/selftests/TPSValidity.cpp new file mode 100644 index 000000000..e70263e80 --- /dev/null +++ b/base/tps/src/selftests/TPSValidity.cpp @@ -0,0 +1,215 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; +// version 2.1 of the License. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, +// Boston, MA 02110-1301 USA +// +// Copyright (C) 2010 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +#ifdef __cplusplus +extern "C" +{ +#endif +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> + +#include "prmem.h" +#include "prsystem.h" +#include "plstr.h" +#include "prio.h" + +#include "cert.h" +#include "certt.h" + +#ifdef __cplusplus +} +#endif + +#include "engine/RA.h" +#include "main/ConfigStore.h" +#include "selftests/TPSValidity.h" + + +int TPSValidity::initialized = 0; +bool TPSValidity::startupEnabled = false; +bool TPSValidity::onDemandEnabled = false; +bool TPSValidity::startupCritical = false; +bool TPSValidity::onDemandCritical = false; +char *TPSValidity::nickname = 0; +const char *TPSValidity::UNINITIALIZED_NICKNAME = "[HSM_LABEL][NICKNAME]"; +const char *TPSValidity::NICKNAME_NAME = "selftests.plugin.TPSValidity.nickname"; +const char *TPSValidity::CRITICAL_TEST_NAME = "TPSValidity:critical"; +const char *TPSValidity::TEST_NAME = "TPSValidity"; + + +//default constructor +TPSValidity::TPSValidity() +{ +} + +TPSValidity::~TPSValidity() +{ +} + +void TPSValidity::Initialize (ConfigStore *cfg) +{ + if (TPSValidity::initialized == 0) { + TPSValidity::initialized = 1; + const char* s = cfg->GetConfigAsString(CFG_SELFTEST_STARTUP); + if (s != NULL) { + if (PL_strstr (s, TPSValidity::CRITICAL_TEST_NAME) != NULL) { + startupCritical = true; + startupEnabled = true; + } else if (PL_strstr (s, TPSValidity::TEST_NAME) != NULL) { + startupEnabled = true; + } + } + const char* d = cfg->GetConfigAsString(CFG_SELFTEST_ONDEMAND); + if (d != NULL) { + if (PL_strstr (d, TPSValidity::CRITICAL_TEST_NAME) != NULL) { + onDemandCritical = true; + onDemandEnabled = true; + } else if (PL_strstr (d, TPSValidity::TEST_NAME) != NULL) { + onDemandEnabled = true; + } + } + char* n = (char*)(cfg->GetConfigAsString(TPSValidity::NICKNAME_NAME)); + if (n != NULL && PL_strlen(n) > 0) { + if (PL_strstr (n, TPSValidity::UNINITIALIZED_NICKNAME) != NULL) { + TPSValidity::initialized = 0; + } else { + TPSValidity::nickname = n; + } + } + if (TPSValidity::initialized == 1) { + TPSValidity::initialized = 2; + } + } + RA::SelfTestLog("TPSValidity::Initialize", "%s", ((initialized==2)?"successfully completed":"failed")); +} + +// Error codes: +// -1 - missing cert db handle +// 2 - missing cert +// -3 - missing cert nickname +// 4 - secCertTimeExpired +// 5 - secCertTimeNotValidYet +// critical errors are negative + +int TPSValidity::runSelfTest () +{ + int rc = 0; + + if (TPSValidity::initialized == 2) { + if (TPSValidity::nickname != NULL && PL_strlen(TPSValidity::nickname) > 0) { + rc = TPSValidity::runSelfTest (TPSValidity::nickname); + } else { + rc = -3; + } + } + + return rc; +} + +int TPSValidity::runSelfTest (const char *nick_name) +{ + SECCertTimeValidity certTimeValidity; + PRTime now; + int rc = 0; + CERTCertDBHandle *handle = 0; + CERTCertificate *cert = 0; + + if (TPSValidity::initialized == 2) { + handle = CERT_GetDefaultCertDB(); + if (handle != 0) { + cert = CERT_FindCertByNickname( handle, (char *) nick_name); + if (cert != 0) { + now = PR_Now(); + certTimeValidity = CERT_CheckCertValidTimes (cert, now, PR_FALSE); + if (certTimeValidity == secCertTimeExpired) { + rc = 4; + } else if (certTimeValidity == secCertTimeNotValidYet) { + rc = 5; + } + CERT_DestroyCertificate (cert); + cert = 0; + } else { + rc = 2; + } + } else { + rc = -1; + } + } + + return rc; +} + +int TPSValidity::runSelfTest (const char *nick_name, CERTCertificate *cert) +{ + SECCertTimeValidity certTimeValidity; + PRTime now; + int rc = 0; + + if (TPSValidity::initialized == 2) { + if (cert != 0) { + now = PR_Now(); + certTimeValidity = CERT_CheckCertValidTimes (cert, now, PR_FALSE); + if (certTimeValidity == secCertTimeExpired) { + rc = 4; + } else if (certTimeValidity == secCertTimeNotValidYet) { + rc = 5; + } + CERT_DestroyCertificate (cert); + cert = 0; + } else if (nick_name != 0 && PL_strlen(nick_name) > 0) { + rc = TPSValidity::runSelfTest (nick_name); + } else { + rc = TPSValidity::runSelfTest (); + } + } + + return rc; + +} + +bool TPSValidity::isStartupEnabled () +{ + return startupEnabled; +} + +bool TPSValidity::isOnDemandEnabled () +{ + return onDemandEnabled; +} + +bool TPSValidity::isStartupCritical () +{ + return startupCritical; +} + +bool TPSValidity::isOnDemandCritical () +{ + return onDemandCritical; +} + |