diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2015-06-23 12:23:15 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2015-06-23 17:30:18 -0400 |
| commit | cc97f8628b23f8ea75308bb97a31307cb4f162b9 (patch) | |
| tree | 0e8eb0d56294eb7beedf0041f4ba6f8d9f0cf3fd /base | |
| parent | e1e1e1867c3665def4738530d5c36a1f9801fdb9 (diff) | |
| download | pki-cc97f8628b23f8ea75308bb97a31307cb4f162b9.tar.gz pki-cc97f8628b23f8ea75308bb97a31307cb4f162b9.tar.xz pki-cc97f8628b23f8ea75308bb97a31307cb4f162b9.zip | |
Fixed selftests log message.
The SelfTestSubsystem has been modified to display a 'successful'
message only if all tests have passed. If a test fails, it will
log a failure, subsequent tests will not be executed, and the
subsystem will shutdown immediately.
The runSelfTest() in various tests have been cleaned up to throw
the original exception to help troubleshooting. The unused
RAPresence test has been removed.
https://fedorahosted.org/pki/ticket/1249
Diffstat (limited to 'base')
15 files changed, 449 insertions, 809 deletions
diff --git a/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java b/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java index 24ad623e4..0ffc74b6b 100644 --- a/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java +++ b/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java @@ -126,8 +126,7 @@ public interface ISelfTest { * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException; + public void runSelfTest(ILogEventListener logger) throws Exception; } diff --git a/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java b/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java index 214ee1764..29adde082 100644 --- a/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java +++ b/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java @@ -206,10 +206,9 @@ public interface ISelfTestSubsystem * <P> * * @exception EMissingSelfTestException subsystem has missing name - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTestsAtStartup() - throws EMissingSelfTestException, ESelfTestException; + public void runSelfTestsAtStartup() throws Exception; // // methods associated with the list of self test instances diff --git a/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java b/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java index e77ece551..c77514f35 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java @@ -186,8 +186,7 @@ public abstract class ASelfTest * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public abstract void runSelfTest(ILogEventListener logger) - throws ESelfTestException; + public abstract void runSelfTest(ILogEventListener logger) throws Exception; } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java index 83caa0099..ab491c7e7 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java @@ -191,72 +191,55 @@ public class CAPresence * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - ICertificateAuthority ca = null; - X509CertImpl caCert = null; - X509Key caPubKey = null; - - ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); if (ca == null) { // log that the CA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the CA certificate - caCert = ca.getCACert(); - - if (caCert == null) { - // log that the CA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_CA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the CA certificate public key - try { - caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY); - - if (caPubKey == null) { - // log that something is seriously wrong with the CA - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_CORRUPT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(logMessage); - } - } catch (CertificateParsingException e) { - // log that something is seriously wrong with the CA - mSelfTestSubsystem.log(logger, - e.toString()); + // Retrieve the CA certificate + X509CertImpl caCert = ca.getCACert(); + if (caCert == null) { + // log that the CA is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(e.toString()); - } + // Retrieve the CA certificate public key + X509Key caPubKey; + try { + caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY); - // log that the CA is present - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_PRESENT", - getSelfTestName()); + } catch (CertificateParsingException e) { + // log that something is seriously wrong with the CA + mSelfTestSubsystem.log(logger, e.toString()); + throw e; + } - mSelfTestSubsystem.log(logger, - logMessage); + if (caPubKey == null) { + // log that something is seriously wrong with the CA + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_CORRUPT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + // log that the CA is present + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java b/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java index b1751ecb4..4d90be199 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java @@ -191,72 +191,56 @@ public class CAValidity * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - ICertificateAuthority ca = null; - X509CertImpl caCert = null; - - ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); if (ca == null) { // log that the CA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the CA certificate - caCert = ca.getCACert(); - - if (caCert == null) { - // log that the CA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_CA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the CA validity period - try { - caCert.checkValidity(); - } catch (CertificateNotYetValidException e) { - // log that the CA is not yet valid - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_YET_VALID", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } catch (CertificateExpiredException e) { - // log that the CA is expired - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_EXPIRED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - // log that the CA is valid - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_VALID", - getSelfTestName()); + // Retrieve the CA certificate + X509CertImpl caCert = ca.getCACert(); + if (caCert == null) { + // log that the CA is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the CA validity period + try { + caCert.checkValidity(); + + } catch (CertificateNotYetValidException e) { + // log that the CA is not yet valid + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_YET_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; + + } catch (CertificateExpiredException e) { + // log that the CA is expired + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_EXPIRED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; } - return; + // log that the CA is valid + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java index f5b0939f1..5c1e97bfa 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java +++ b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java @@ -185,29 +185,22 @@ public class SystemCertsVerification * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - boolean rc = false; - - rc = CMS.verifySystemCerts(); - if (rc == true) { - logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - } else { - logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - throw new ESelfTestException(logMessage); + public void runSelfTest(ILogEventListener logger) throws Exception { + + boolean status = CMS.verifySystemCerts(); + if (!status) { + String logMessage = CMS.getLogMessage( + "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + String logMessage = CMS.getLogMessage( + "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java index 832d2b747..ff0c3fbc2 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java +++ b/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java @@ -188,64 +188,46 @@ public class KRAPresence * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - IKeyRecoveryAuthority kra = null; - org.mozilla.jss.crypto.X509Certificate kraCert = null; - PublicKey kraPubKey = null; - - kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId); if (kra == null) { // log that the KRA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the KRA certificate - kraCert = kra.getTransportCert(); - - if (kraCert == null) { - // log that the RA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_KRA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the KRA certificate public key - kraPubKey = kraCert.getPublicKey(); - - if (kraPubKey == null) { - // log that something is seriously wrong with the KRA - logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_CORRUPT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - // log that the KRA is present - logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_PRESENT", - getSelfTestName()); + // Retrieve the KRA certificate + org.mozilla.jss.crypto.X509Certificate kraCert = kra.getTransportCert(); + if (kraCert == null) { + // log that the RA is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the KRA certificate public key + PublicKey kraPubKey = kraCert.getPublicKey(); + if (kraPubKey == null) { + // log that something is seriously wrong with the KRA + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_CORRUPT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + // log that the KRA is present + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java index a3d9e3ad3..db9d237fc 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java @@ -192,89 +192,66 @@ public class OCSPPresence * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - IOCSPAuthority ocsp = null; - ISigningUnit ocspSigningUnit = null; - X509CertImpl ocspCert = null; - X509Key ocspPubKey = null; - - ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); if (ocsp == null) { // log that the OCSP is not installed - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the OCSP signing unit - ocspSigningUnit = ocsp.getSigningUnit(); - - if (ocspSigningUnit == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP certificate - ocspCert = ocspSigningUnit.getCertImpl(); - - if (ocspCert == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP certificate public key - try { - ocspPubKey = (X509Key) - ocspCert.get(X509CertImpl.PUBLIC_KEY); - - if (ocspPubKey == null) { - // log that something is seriously wrong with the OCSP - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_CORRUPT", - getSelfTestName()); + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the OCSP signing unit + ISigningUnit ocspSigningUnit = ocsp.getSigningUnit(); + if (ocspSigningUnit == null) { + // log that the OCSP is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(logMessage); - } - } catch (CertificateParsingException e) { - // log that something is seriously wrong with the OCSP - mSelfTestSubsystem.log(logger, - e.toString()); + // Retrieve the OCSP certificate + X509CertImpl ocspCert = ocspSigningUnit.getCertImpl(); + if (ocspCert == null) { + // log that the OCSP is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(e.toString()); - } + // Retrieve the OCSP certificate public key + X509Key ocspPubKey; + try { + ocspPubKey = (X509Key)ocspCert.get(X509CertImpl.PUBLIC_KEY); - // log that the OCSP is present - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_PRESENT", - getSelfTestName()); + } catch (CertificateParsingException e) { + // log that something is seriously wrong with the OCSP + mSelfTestSubsystem.log(logger, e.toString()); + throw e; + } - mSelfTestSubsystem.log(logger, - logMessage); + if (ocspPubKey == null) { + // log that something is seriously wrong with the OCSP + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_CORRUPT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + // log that the OCSP is present + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java index 383779d22..6aadf842d 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java @@ -192,89 +192,68 @@ public class OCSPValidity * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { + public void runSelfTest(ILogEventListener logger) throws Exception { String logMessage = null; - IOCSPAuthority ocsp = null; - ISigningUnit ocspSigningUnit = null; - X509CertImpl ocspCert = null; - - ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); if (ocsp == null) { // log that the OCSP is not installed - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the OCSP signing unit - ocspSigningUnit = ocsp.getSigningUnit(); - - if (ocspSigningUnit == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP certificate - ocspCert = ocspSigningUnit.getCertImpl(); - - if (ocspCert == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP validity period - try { - ocspCert.checkValidity(); - } catch (CertificateNotYetValidException e) { - // log that the OCSP is not yet valid - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_YET_VALID", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } catch (CertificateExpiredException e) { - // log that the OCSP is expired - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_EXPIRED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(logMessage); - } + // Retrieve the OCSP signing unit + ISigningUnit ocspSigningUnit = ocsp.getSigningUnit(); + if (ocspSigningUnit == null) { + // log that the OCSP is not yet initialized + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - // log that the OCSP is valid - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_VALID", - getSelfTestName()); + // Retrieve the OCSP certificate + X509CertImpl ocspCert = ocspSigningUnit.getCertImpl(); + if (ocspCert == null) { + // log that the OCSP is not yet initialized + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the OCSP validity period + try { + ocspCert.checkValidity(); + + } catch (CertificateNotYetValidException e) { + // log that the OCSP is not yet valid + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_YET_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; + + } catch (CertificateExpiredException e) { + // log that the OCSP is expired + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_EXPIRED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; } - return; + // log that the OCSP is valid + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java deleted file mode 100644 index 6facd807c..000000000 --- a/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java +++ /dev/null @@ -1,261 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -// package statement // -/////////////////////// - -package com.netscape.cms.selftests.ra; - -/////////////////////// -// import statements // -/////////////////////// - -import java.security.PublicKey; -import java.util.Locale; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.logging.ILogEventListener; -import com.netscape.certsrv.ra.IRegistrationAuthority; -import com.netscape.certsrv.selftests.EDuplicateSelfTestException; -import com.netscape.certsrv.selftests.EInvalidSelfTestException; -import com.netscape.certsrv.selftests.EMissingSelfTestException; -import com.netscape.certsrv.selftests.ESelfTestException; -import com.netscape.certsrv.selftests.ISelfTestSubsystem; -import com.netscape.cms.selftests.ASelfTest; - -////////////////////// -// class definition // -////////////////////// - -/** - * This class implements a self test to check for RA presence. - * <P> - * - * <PRE> - * NOTE: This self-test is for Registration Authorities prior to - * Netscape Certificate Management System 7.0. It does NOT - * apply to the Registration Authority found in - * Red Hat Certificate System 7.3 or later (including - * ALL versions of Dogtag Certificate System). - * </PRE> - * <P> - * - * @deprecated - * @author mharmsen - * @author thomask - * @version $Revision$, $Date$ - */ -public class RAPresence - extends ASelfTest { - //////////////////////// - // default parameters // - //////////////////////// - - /////////////////////////// - // RAPresence parameters // - /////////////////////////// - - // parameter information - public static final String PROP_RA_SUB_ID = "RaSubId"; - private String mRaSubId = null; - - ///////////////////// - // default methods // - ///////////////////// - - //////////////////////// - // RAPresence methods // - //////////////////////// - - /** - * Initializes this subsystem with the configuration store - * associated with this instance name. - * <P> - * - * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance - * @param parameters configuration store (self test parameters) - * @exception EDuplicateSelfTestException subsystem has duplicate name/value - * @exception EInvalidSelfTestException subsystem has invalid name/value - * @exception EMissingSelfTestException subsystem has missing name/value - */ - public void initSelfTest(ISelfTestSubsystem subsystem, - String instanceName, - IConfigStore parameters) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException { - super.initSelfTest(subsystem, instanceName, parameters); - - // retrieve mandatory parameter(s) - try { - mRaSubId = mConfig.getString(PROP_RA_SUB_ID); - if (mRaSubId != null) { - mRaSubId = mRaSubId.trim(); - } else { - mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_RA_SUB_ID)); - - throw new EMissingSelfTestException(PROP_RA_SUB_ID); - } - } catch (EBaseException e) { - mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_RA_SUB_ID)); - - throw new EMissingSelfTestException(mPrefix, - PROP_RA_SUB_ID, - null); - } - - // retrieve optional parameter(s) - - return; - } - - /** - * Notifies this subsystem if it is in execution mode. - * <P> - * - * @exception ESelfTestException failed to start - */ - public void startupSelfTest() - throws ESelfTestException { - return; - } - - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. - * <P> - */ - public void shutdownSelfTest() { - return; - } - - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. - * <P> - * - * @return instanceName of this self test - */ - public String getSelfTestName() { - return super.getSelfTestName(); - } - - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. - * <P> - * - * @return configuration store (self test parameters) of this subsystem - */ - public IConfigStore getSelfTestConfigStore() { - return super.getSelfTestConfigStore(); - } - - /** - * Retrieves description associated with an individual self test. - * This method may return null. - * <P> - * - * @param locale locale of the client that requests the description - * @return description of self test - */ - public String getSelfTestDescription(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION"); - } - - /** - * Execute an individual self test. - * <P> - * - * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception - */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - IRegistrationAuthority ra = null; - org.mozilla.jss.crypto.X509Certificate raCert = null; - PublicKey raPubKey = null; - - ra = (IRegistrationAuthority) CMS.getSubsystem(mRaSubId); - - if (ra == null) { - // log that the RA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the RA certificate - raCert = ra.getRACert(); - - if (raCert == null) { - // log that the RA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_RA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the RA certificate public key - raPubKey = raCert.getPublicKey(); - - if (raPubKey == null) { - // log that something is seriously wrong with the RA - logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_CORRUPT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // log that the RA is present - logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - } - - return; - } -} diff --git a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java index d5e7c11ad..1686ba564 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java +++ b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java @@ -104,7 +104,7 @@ public class TKSKnownSessionKey mMacKey = getConfigByteArray("macKey", 16); mUseSoftToken = getConfigString("useSoftToken"); - // AC: KDF SPEC CHANGE + // AC: KDF SPEC CHANGE // read CUID for the KDD field mKDD = getConfigByteArray("CUID", 10); // @@ -143,7 +143,7 @@ public class TKSKnownSessionKey getSelfTestName(), mPrefix + ".nistSP800-108KdfUseCuidAsKdd")); throw new EMissingSelfTestException("nistSP800-108KdfUseCuidAsKdd"); } - + String defKeySetMacKey = null; tks = CMS.getSubsystem(mTksSubId); if (tks != null) { @@ -175,7 +175,7 @@ public class TKSKnownSessionKey if (mSessionKey == null) { mSessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName, mCardChallenge, mHostChallenge, - mKeyInfo, + mKeyInfo, mNistSP800_108KdfOnKeyVersion, // AC: KDF SPEC CHANGE - pass in configuration self-test value mNistSP800_108KdfUseCuidAsKdd, // AC: KDF SPEC CHANGE - pass in configuration self-test value mCUID, @@ -320,13 +320,12 @@ public class TKSKnownSessionKey * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - IConfigStore cs = CMS.getConfigStore(); - String sharedSecretName; + public void runSelfTest(ILogEventListener logger) throws Exception { + try { + IConfigStore cs = CMS.getConfigStore(); boolean useNewNames = cs.getBoolean("tks.useNewSharedSecretNames", false); if (useNewNames) { String tpsList = cs.getString("tps.list", ""); @@ -336,29 +335,39 @@ public class TKSKnownSessionKey } for (String tpsID : tpsList.split(",")) { - sharedSecretName = cs.getString("tps." + tpsID + ".nickname", ""); + String sharedSecretName = cs.getString("tps." + tpsID + ".nickname", ""); if (!sharedSecretName.isEmpty()) { CMS.debug("TKSKnownSessionKey: testing with key " + sharedSecretName); - generateSessionKey(logger, sharedSecretName); + generateSessionKey(sharedSecretName); } } + } else { // legacy systems - sharedSecretName = cs.getString("tks.tksSharedSymKeyName", "sharedSecret"); - generateSessionKey(logger, sharedSecretName); + String sharedSecretName = cs.getString("tks.tksSharedSymKeyName", "sharedSecret"); + generateSessionKey(sharedSecretName); } - } catch (EBaseException e) { - e.printStackTrace(); - CMS.debug("TKSKnownSessionKey: failed to read config file to set up test"); - String logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName()); + + String logMessage = CMS.getLogMessage( + "SELFTESTS_TKS_SUCCEEDED", + getSelfTestName(), + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + CMS.debug("TKSKnownSessionKey self test SUCCEEDED"); + + } catch (Exception e) { + String logMessage = CMS.getLogMessage( + "SELFTESTS_TKS_FAILED", + getSelfTestName(), + getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); + throw e; } + return; } - private void generateSessionKey(ILogEventListener logger, String sharedSecretName) throws ESelfTestException { - String logMessage; + private void generateSessionKey(String sharedSecretName) throws Exception { String keySet = "defKeySet"; byte[] sessionKey = SessionKey.ComputeSessionKey( @@ -374,14 +383,7 @@ public class TKSKnownSessionKey // For FIPS compliance, the routine now returns a wrapped key, which can't be extracted and compared. if (sessionKey == null) { CMS.debug("TKSKnownSessionKey: generated no session key"); - CMS.debug("TKSKnownSessionKey self test FAILED"); - logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName()); - mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); - } else { - logMessage = CMS.getLogMessage("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName()); - mSelfTestSubsystem.log(logger, logMessage); - CMS.debug("TKSKnownSessionKey self test SUCCEEDED"); + throw new Exception("No session key generated"); } } } diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index b8cf27cc5..b6325b71d 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -3248,7 +3248,11 @@ public final class CMSAdminServlet extends AdminServlet { // store this information for console notification content += "COMPLETED SUCCESSFULLY\n"; - } catch (ESelfTestException e) { + + } catch (Exception e) { + + CMS.debug(e); + // Check to see if the self test was critical: if (mSelfTestSubsystem.isSelfTestCriticalOnDemand( instanceName)) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java index ad1a1b0b8..d060f8180 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java @@ -530,7 +530,11 @@ public class SelfTestSubsystem } test.runSelfTest(mLogger); - } catch (ESelfTestException e) { + + } catch (Exception e) { + + CMS.debug(e); + // Check to see if the self test was critical: if (isSelfTestCriticalOnDemand(instanceName)) { log(mLogger, @@ -810,146 +814,76 @@ public class SelfTestSubsystem * </ul> * * @exception EMissingSelfTestException subsystem has missing name - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTestsAtStartup() - throws EMissingSelfTestException, ESelfTestException { - String auditMessage = null; + public void runSelfTestsAtStartup() throws Exception { - // ensure that any low-level exceptions are reported - // to the signed audit log and stored as failures - try { - if (CMS.debugOn()) { - CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():" - + " ENTERING . . ."); - } + // log that execution of startup self tests has begun + log(mLogger, + CMS.getLogMessage( + "CMSCORE_SELFTESTS_RUN_AT_STARTUP")); - // loop through all self test plugin instances - // specified to be executed at server startup - Enumeration<SelfTestOrderedInstance> instances = mStartupOrder.elements(); + // loop through all self test plugin instances + // specified to be executed at server startup + Enumeration<SelfTestOrderedInstance> instances = mStartupOrder.elements(); - while (instances.hasMoreElements()) { - SelfTestOrderedInstance instance = instances.nextElement(); + while (instances.hasMoreElements()) { + SelfTestOrderedInstance instance = instances.nextElement(); - String instanceFullName = null; - String instanceName = instance.getSelfTestName(); + String instanceFullName = null; + String instanceName = instance.getSelfTestName(); - if (instanceName != null) { - instanceName = instanceName.trim(); - instanceFullName = getFullName(mPrefix, - instanceName); - } else { - log(mLogger, - CMS.getLogMessage( - "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL")); + if (instanceName == null) { + log(mLogger, + CMS.getLogMessage( + "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL")); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - ILogger.SYSTEM_UID, - ILogger.FAILURE); + throw new EMissingSelfTestException(); + } - audit(auditMessage); + instanceName = instanceName.trim(); + instanceFullName = getFullName(mPrefix, instanceName); - throw new EMissingSelfTestException(); - } + if (!mSelfTestInstances.containsKey(instanceName)) { + // self test plugin instance property name is not present + log(mLogger, + CMS.getLogMessage( + "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME", + instanceFullName)); - if (mSelfTestInstances.containsKey(instanceName)) { - ISelfTest test = mSelfTestInstances.get(instanceName); - - try { - if (CMS.debugOn()) { - CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():" - + " running \"" - + test.getSelfTestName() - + "\""); - } - - test.runSelfTest(mLogger); - } catch (ESelfTestException e) { - // Check to see if the self test was critical: - if (isSelfTestCriticalAtStartup(instanceName)) { - log(mLogger, - CMS.getLogMessage( - "CMSCORE_SELFTESTS_RUN_AT_STARTUP_FAILED", - instanceFullName)); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - ILogger.SYSTEM_UID, - ILogger.FAILURE); - - audit(auditMessage); - - // shutdown the system gracefully - CMS.shutdown(); - - IConfigStore cs = CMS.getConfigStore(); - String instanceID = cs.get("instanceId"); - String subsystemID = cs.get("cs.type").toLowerCase(); - - System.out.println("SelfTestSubsystem: Disabling \"" + subsystemID + "\" subsystem due to selftest failure."); - - try { - ProcessBuilder pb = new ProcessBuilder("pki-server", "subsystem-disable", "-i", instanceID, subsystemID); - Process process = pb.inheritIO().start(); - int rc = process.waitFor(); - - if (rc != 0) { - System.out.println("SelfTestSubsystem: Unable to disable \"" + subsystemID + "\". RC: " + rc); - } - - } catch (Exception e2) { - e.printStackTrace(); - } - - return; - } - } - } else { - // self test plugin instance property name is not present - log(mLogger, - CMS.getLogMessage( - "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME", - instanceFullName)); + throw new EMissingSelfTestException(instanceFullName); + } - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - ILogger.SYSTEM_UID, - ILogger.FAILURE); + ISelfTest test = mSelfTestInstances.get(instanceName); - audit(auditMessage); + try { + CMS.debug("SelfTestSubsystem: running " + test.getSelfTestName()); + test.runSelfTest(mLogger); - throw new EMissingSelfTestException(instanceFullName); - } - } + } catch (Exception e) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - ILogger.SYSTEM_UID, - ILogger.SUCCESS); + CMS.debug(e); - audit(auditMessage); + // Check to see if the self test was critical: + if (!isSelfTestCriticalAtStartup(instanceName)) { + continue; + } + + log(mLogger, + CMS.getLogMessage( + "CMSCORE_SELFTESTS_RUN_AT_STARTUP_FAILED", + instanceFullName)); - if (CMS.debugOn()) { - CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():" - + " EXITING."); + throw e; } - } catch (EMissingSelfTestException eAudit1) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - ILogger.SYSTEM_UID, - ILogger.FAILURE); + } - audit(auditMessage); + // log that execution of all "critical" startup self tests + // has completed "successfully" + log(mLogger, + CMS.getLogMessage( + "CMSCORE_SELFTESTS_RUN_AT_STARTUP_SUCCEEDED")); - // rethrow the specific exception to be handled later - throw eAudit1; - } } public void log(int level, String msg) { @@ -1831,39 +1765,88 @@ public class SelfTestSubsystem * * @exception EBaseException base CMS exception */ - public void startup() - throws EBaseException { + public void startup() throws EBaseException { + // loop through all self test plugin instances Enumeration<ISelfTest> instances = mSelfTestInstances.elements(); while (instances.hasMoreElements()) { ISelfTest instance = instances.nextElement(); - instance.startupSelfTest(); } - if (!CMS.isPreOpMode()) { - // run all self test plugin instances (designated at startup) - Enumeration<SelfTestOrderedInstance> selftests = mStartupOrder.elements(); + if (CMS.isPreOpMode()) { + // do not run selftests in pre-op mode + return; + } - if (selftests.hasMoreElements()) { - // log that execution of startup self tests has begun - log(mLogger, - CMS.getLogMessage( - "CMSCORE_SELFTESTS_RUN_AT_STARTUP")); + // run all self test plugin instances (designated at startup) + Enumeration<SelfTestOrderedInstance> selftests = mStartupOrder.elements(); - // execute all startup self tests - runSelfTestsAtStartup(); + if (!selftests.hasMoreElements()) { + log(mLogger, + CMS.getLogMessage( + "CMSCORE_SELFTESTS_NOT_RUN_AT_STARTUP")); + return; + } - // log that execution of all "critical" startup self tests - // has completed "successfully" - log(mLogger, - CMS.getLogMessage( - "CMSCORE_SELFTESTS_RUN_AT_STARTUP_SUCCEEDED")); - } else { - log(mLogger, - CMS.getLogMessage( - "CMSCORE_SELFTESTS_NOT_RUN_AT_STARTUP")); + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + // execute all startup self tests + runSelfTestsAtStartup(); + + // store a message in the signed audit log file + String auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + ILogger.SYSTEM_UID, + ILogger.SUCCESS); + + audit(auditMessage); + + } catch (EMissingSelfTestException e) { + + // store a message in the signed audit log file + String auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + ILogger.SYSTEM_UID, + ILogger.FAILURE); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw e; + + } catch (Exception e) { + + // store a message in the signed audit log file + String auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + ILogger.SYSTEM_UID, + ILogger.FAILURE); + + audit(auditMessage); + + // shutdown the system gracefully + CMS.shutdown(); + + IConfigStore cs = CMS.getConfigStore(); + String instanceID = cs.get("instanceId"); + String subsystemID = cs.get("cs.type").toLowerCase(); + + System.out.println("SelfTestSubsystem: Disabling \"" + subsystemID + "\" subsystem due to selftest failure."); + + try { + ProcessBuilder pb = new ProcessBuilder("pki-server", "subsystem-disable", "-i", instanceID, subsystemID); + Process process = pb.inheritIO().start(); + int rc = process.waitFor(); + + if (rc != 0) { + System.out.println("SelfTestSubsystem: Unable to disable \"" + subsystemID + "\". RC: " + rc); + } + + } catch (Exception e2) { + e.printStackTrace(); } } } diff --git a/base/tps/src/org/dogtagpki/server/tps/selftests/TPSPresence.java b/base/tps/src/org/dogtagpki/server/tps/selftests/TPSPresence.java index 65ac197e7..665f06855 100644 --- a/base/tps/src/org/dogtagpki/server/tps/selftests/TPSPresence.java +++ b/base/tps/src/org/dogtagpki/server/tps/selftests/TPSPresence.java @@ -140,48 +140,60 @@ public class TPSPresence extends ASelfTest { * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; + public void runSelfTest(ILogEventListener logger) throws Exception { + TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(tpsSubId); if (tps == null) { // log that the TPS is not installed - logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_NOT_PRESENT", getSelfTestName()); + String logMessage = CMS.getLogMessage( + "SELFTESTS_TPS_IS_NOT_PRESENT", + getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); + throw new Exception(logMessage); } // Retrieve the TPS certificate - org.mozilla.jss.crypto.X509Certificate tpsCert = null; + org.mozilla.jss.crypto.X509Certificate tpsCert; try { tpsCert = tps.getSubsystemCert(); + } catch (Exception e) { - e.printStackTrace(); // cert does not exist or is not yet configured // tpsCert will remain null + // log that the TPS is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_TPS_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; } if (tpsCert == null) { // log that the TPS is not yet initialized - logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_NOT_INITIALIZED", + String logMessage = CMS.getLogMessage( + "SELFTESTS_TPS_IS_NOT_INITIALIZED", getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); + throw new Exception(logMessage); } // Retrieve the TPS certificate public key PublicKey tpsPubKey = tpsCert.getPublicKey(); if (tpsPubKey == null) { // log that something is seriously wrong with the TPS - logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_CORRUPT", getSelfTestName()); + String logMessage = CMS.getLogMessage( + "SELFTESTS_TPS_IS_CORRUPT", + getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); + throw new Exception(logMessage); } // log that the TPS is present - logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_PRESENT", getSelfTestName()); + String logMessage = CMS.getLogMessage( + "SELFTESTS_TPS_IS_PRESENT", + getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/tps/src/org/dogtagpki/server/tps/selftests/TPSValidity.java b/base/tps/src/org/dogtagpki/server/tps/selftests/TPSValidity.java index f140d6e7c..28ac38da2 100644 --- a/base/tps/src/org/dogtagpki/server/tps/selftests/TPSValidity.java +++ b/base/tps/src/org/dogtagpki/server/tps/selftests/TPSValidity.java @@ -144,54 +144,59 @@ public class TPSValidity extends ASelfTest { * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(tpsSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(tpsSubId); if (tps == null) { // log that the TPS is not installed - logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_NOT_PRESENT", getSelfTestName()); + String logMessage = CMS.getLogMessage( + "SELFTESTS_TPS_IS_NOT_PRESENT", + getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); + throw new Exception(logMessage); } // Retrieve the TPS subsystem certificate - X509CertImpl tpsCert = null; + X509CertImpl tpsCert; try { tpsCert = new X509CertImpl(tps.getSubsystemCert().getEncoded()); } catch (Exception e) { // certificate is not present or has not been configured - // tpsCert will remain null - } - - if (tpsCert == null) { // log that the TPS is not yet initialized - logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_NOT_INITIALIZED", + String logMessage = CMS.getLogMessage( + "SELFTESTS_TPS_IS_NOT_INITIALIZED", getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); + throw e; } // Check the TPS validity period try { tpsCert.checkValidity(); + } catch (CertificateNotYetValidException e) { // log that the TPS is not yet valid - logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_NOT_YET_VALID", getSelfTestName()); + String logMessage = CMS.getLogMessage( + "SELFTESTS_TPS_IS_NOT_YET_VALID", + getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); + throw e; + } catch (CertificateExpiredException e) { // log that the TPS is expired - logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_EXPIRED", getSelfTestName()); + String logMessage = CMS.getLogMessage( + "SELFTESTS_TPS_IS_EXPIRED", + getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); + throw e; } // log that the TPS is valid - logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_VALID", getSelfTestName()); + String logMessage = CMS.getLogMessage( + "SELFTESTS_TPS_IS_VALID", + getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); } } |