diff options
-rw-r--r-- | pki/base/tps/Makefile.am | 1 | ||||
-rw-r--r-- | pki/base/tps/Makefile.in | 14 | ||||
-rw-r--r-- | pki/base/tps/doc/CS.cfg | 11 | ||||
-rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm | 16 | ||||
-rw-r--r-- | pki/base/tps/src/include/selftests/TPSSystemCertsVerification.h | 76 | ||||
-rw-r--r-- | pki/base/tps/src/selftests/SelfTest.cpp | 33 | ||||
-rw-r--r-- | pki/base/tps/src/selftests/TPSSystemCertsVerification.cpp | 149 |
7 files changed, 293 insertions, 7 deletions
diff --git a/pki/base/tps/Makefile.am b/pki/base/tps/Makefile.am index 9bb9d7665..011a0defd 100644 --- a/pki/base/tps/Makefile.am +++ b/pki/base/tps/Makefile.am @@ -359,6 +359,7 @@ libtps_la_SOURCES = src/main/Buffer.cpp \ src/processor/RA_Unblock_Processor.cpp \ src/processor/RA_Format_Processor.cpp \ src/selftests/SelfTest.cpp \ + src/selftests/TPSSystemCertsVerification.cpp \ src/selftests/TPSPresence.cpp \ src/selftests/TPSValidity.cpp diff --git a/pki/base/tps/Makefile.in b/pki/base/tps/Makefile.in index 2b692972c..2d155c19c 100644 --- a/pki/base/tps/Makefile.in +++ b/pki/base/tps/Makefile.in @@ -231,6 +231,7 @@ am_libtps_la_OBJECTS = src/main/libtps_la-Buffer.lo \ src/processor/libtps_la-RA_Unblock_Processor.lo \ src/processor/libtps_la-RA_Format_Processor.lo \ src/selftests/libtps_la-SelfTest.lo \ + src/selftests/libtps_la-TPSSystemCertsVerification.lo \ src/selftests/libtps_la-TPSPresence.lo \ src/selftests/libtps_la-TPSValidity.lo libtps_la_OBJECTS = $(am_libtps_la_OBJECTS) @@ -836,6 +837,7 @@ libtps_la_SOURCES = src/main/Buffer.cpp \ src/processor/RA_Unblock_Processor.cpp \ src/processor/RA_Format_Processor.cpp \ src/selftests/SelfTest.cpp \ + src/selftests/TPSSystemCertsVerification.cpp \ src/selftests/TPSPresence.cpp \ src/selftests/TPSValidity.cpp @@ -1343,6 +1345,8 @@ src/selftests/$(DEPDIR)/$(am__dirstamp): @: > src/selftests/$(DEPDIR)/$(am__dirstamp) src/selftests/libtps_la-SelfTest.lo: src/selftests/$(am__dirstamp) \ src/selftests/$(DEPDIR)/$(am__dirstamp) +src/selftests/libtps_la-TPSSystemCertsVerification.lo: src/selftests/$(am__dirstamp) \ + src/selftests/$(DEPDIR)/$(am__dirstamp) src/selftests/libtps_la-TPSPresence.lo: src/selftests/$(am__dirstamp) \ src/selftests/$(DEPDIR)/$(am__dirstamp) src/selftests/libtps_la-TPSValidity.lo: src/selftests/$(am__dirstamp) \ @@ -2174,6 +2178,8 @@ mostlyclean-compile: -rm -f src/processor/libtps_la-RA_Unblock_Processor.lo -rm -f src/selftests/libtps_la-SelfTest.$(OBJEXT) -rm -f src/selftests/libtps_la-SelfTest.lo + -rm -f src/selftests/libtps_la-TPSSystemCertsVerification.$(OBJEXT) + -rm -f src/selftests/libtps_la-TPSSystemCertsVerification.lo -rm -f src/selftests/libtps_la-TPSPresence.$(OBJEXT) -rm -f src/selftests/libtps_la-TPSPresence.lo -rm -f src/selftests/libtps_la-TPSValidity.$(OBJEXT) @@ -2325,6 +2331,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-SelfTest.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-TPSValidity.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tus/$(DEPDIR)/libtokendb_la-tus_db.Plo@am__quote@ @@ -2982,6 +2989,13 @@ src/selftests/libtps_la-SelfTest.lo: src/selftests/SelfTest.cpp @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/selftests/libtps_la-SelfTest.lo `test -f 'src/selftests/SelfTest.cpp' || echo '$(srcdir)/'`src/selftests/SelfTest.cpp +src/selftests/libtps_la-TPSSystemCertsVerification.lo: src/selftests/TPSSystemCertsVerification.cpp +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/selftests/libtps_la-TPSSystemCertsVerification.lo -MD -MP -MF src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Tpo -c -o src/selftests/libtps_la-TPSSystemCertsVerification.lo `test -f 'src/selftests/TPSSystemCertsVerification.cpp' || echo '$(srcdir)/'`src/selftests/TPSSystemCertsVerification.cpp +@am__fastdepCXX_TRUE@ $(am__mv) src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Tpo src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='src/selftests/TPSSystemCertsVerification.cpp' object='src/selftests/libtps_la-TPSSystemCertsVerification.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/selftests/libtps_la-TPSSystemCertsVerification.lo `test -f 'src/selftests/TPSSystemCertsVerification.cpp' || echo '$(srcdir)/'`src/selftests/TPSSystemCertsVerification.cpp + src/selftests/libtps_la-TPSPresence.lo: src/selftests/TPSPresence.cpp @am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/selftests/libtps_la-TPSPresence.lo -MD -MP -MF src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Tpo -c -o src/selftests/libtps_la-TPSPresence.lo `test -f 'src/selftests/TPSPresence.cpp' || echo '$(srcdir)/'`src/selftests/TPSPresence.cpp @am__fastdepCXX_TRUE@ $(am__mv) src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Tpo src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Plo diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg index d3edc908f..b03846361 100644 --- a/pki/base/tps/doc/CS.cfg +++ b/pki/base/tps/doc/CS.cfg @@ -38,8 +38,8 @@ selftests.container.logger.fileName=[SERVER_ROOT]/logs/selftests.log selftests.container.logger.level=10 selftests.container.logger.maxFileSize=2000 selftests.container.logger.rolloverInterval=2592000 -selftests.container.order.startup=TPSPresence:critical, TPSValidity:critical -selftests.container.order.onDemand=TPSPresence:critical, TPSValidity:critical +selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical +selftests.container.order.onDemand=TPSPresence:critical, TPSValidity:critical, TPSSystemCertsVerification:critical selftests.plugin.TPSPresence.nickname=[HSM_LABEL][NICKNAME] selftests.plugin.TPSValidity.nickname=[HSM_LABEL][NICKNAME] service.machineName=[SERVER_NAME] @@ -1561,9 +1561,10 @@ tps._000=######################################## tps._001=# For verifying system certificates tps._002=# tps.cert.list=sslserver,subsystem,audit_signing tps._003=# tps.cert.sslserver.nickname=xxx -tps._004=# tps.cert.sslserver.certusage=SSLServer tps._005=# tps.cert.subsystem.nickname=xxx -tps._006=# tps.cert.subsystem.certusage=SSLClient tps._007=# tps.cert.audit_signing.nickname=xxx -tps._008=# tps.cert.audit_signing.certusage=EmailSigner tps._009=######################################## +tps.cert.list=sslserver,subsystem,audit_signing +tps.cert.sslserver.nickname=[HSM_LABEL][NICKNAME] +tps.cert.subsystem.nickname=[HSM_LABEL][NICKNAME] +tps.cert.audit_signing.nickname=[HSM_LABEL][NICKNAME] diff --git a/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm index c4a420877..3513327a7 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm @@ -403,16 +403,32 @@ $debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sen # set selftest variables (always use the "latest" subsystem nickname) my $selftestNickname = $::config->get( "preop.cert.subsystem.nickname" ); + my $selftestNickname_sslserver = $::config->get( "preop.cert.sslserver.nickname" ); + my $selftestNickname_audit_signing = $::config->get( "preop.cert.audit_signing.nickname" ); if ($hw ne "") { $::config->put( "selftests.plugin.TPSPresence.nickname", "$tk$selftestNickname" ); $::config->put( "selftests.plugin.TPSValidity.nickname", "$tk$selftestNickname" ); + + $::config->put( "tps.cert.sslserver.nickname", + "$tk$selftestNickname_sslserver" ); + $::config->put( "tps.cert.subsystem.nickname", + "$tk$selftestNickname" ); + $::config->put( "tps.cert.audit_signing.nickname", + "$tk$selftestNickname_audit_signing" ); } else { $::config->put( "selftests.plugin.TPSPresence.nickname", "$selftestNickname" ); $::config->put( "selftests.plugin.TPSValidity.nickname", "$selftestNickname" ); + + $::config->put( "tps.cert.sslserver.nickname", + "$selftestNickname_sslserver" ); + $::config->put( "tps.cert.subsystem.nickname", + "$selftestNickname" ); + $::config->put( "tps.cert.audit_signing.nickname", + "$selftestNickname_audit_signing" ); } $::config->commit(); diff --git a/pki/base/tps/src/include/selftests/TPSSystemCertsVerification.h b/pki/base/tps/src/include/selftests/TPSSystemCertsVerification.h new file mode 100644 index 000000000..40a4d3fd4 --- /dev/null +++ b/pki/base/tps/src/include/selftests/TPSSystemCertsVerification.h @@ -0,0 +1,76 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; +// version 2.1 of the License. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, +// Boston, MA 02110-1301 USA +// +// Copyright (C) 2010 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +#ifndef TPSSYSTEMCERTSVERIFICATION_H +#define TPSSYSTEMCERTSVERIFICATION_H + +#ifdef HAVE_CONFIG_H +#ifndef AUTOTOOLS_CONFIG_H +#define AUTOTOOLS_CONFIG_H + +/* Eliminate warnings when using Autotools */ +#undef PACKAGE_BUGREPORT +#undef PACKAGE_NAME +#undef PACKAGE_STRING +#undef PACKAGE_TARNAME +#undef PACKAGE_VERSION + +#include <config.h> +#endif /* AUTOTOOLS_CONFIG_H */ +#endif /* HAVE_CONFIG_H */ + +#include <stdio.h> +// #include "main/Util.h" + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +#include "main/ConfigStore.h" +#include "selftests/SelfTest.h" + +class TPSSystemCertsVerification : public SelfTest +{ + + public: + TPSSystemCertsVerification(); + ~TPSSystemCertsVerification(); + static void Initialize (ConfigStore *cfg); + static int runSelfTest (); + static bool isStartupEnabled (); + static bool isOnDemandEnabled (); + static bool isStartupCritical (); + static bool isOnDemandCritical (); + static const char *TEST_NAME; + + private: + static bool startupEnabled; + static bool onDemandEnabled; + static bool startupCritical; + static bool onDemandCritical; + static int initialized; + static const char *CRITICAL_TEST_NAME; + static const char *UNINITIALIZED_NICKNAME; + static const char *SUBSYSTEM_NICKNAME; +}; + +#endif diff --git a/pki/base/tps/src/selftests/SelfTest.cpp b/pki/base/tps/src/selftests/SelfTest.cpp index 91c51afc3..93dc73d21 100644 --- a/pki/base/tps/src/selftests/SelfTest.cpp +++ b/pki/base/tps/src/selftests/SelfTest.cpp @@ -51,12 +51,13 @@ extern "C" #include "selftests/SelfTest.h" #include "selftests/TPSPresence.h" #include "selftests/TPSValidity.h" +#include "selftests/TPSSystemCertsVerification.h" const char *SelfTest::CFG_SELFTEST_STARTUP = "selftests.container.order.startup"; const char *SelfTest::CFG_SELFTEST_ONDEMAND = "selftests.container.order.onDemand"; -const int SelfTest::nTests = 2; -const char *SelfTest::TEST_NAMES[SelfTest::nTests] = { TPSPresence::TEST_NAME, TPSValidity::TEST_NAME }; +const int SelfTest::nTests = 3; +const char *SelfTest::TEST_NAMES[SelfTest::nTests] = { TPSPresence::TEST_NAME, TPSValidity::TEST_NAME, TPSSystemCertsVerification::TEST_NAME }; int SelfTest::isInitialized = 0; @@ -74,6 +75,7 @@ void SelfTest::Initialize (ConfigStore *cfg) SelfTest::isInitialized = 1; TPSPresence::Initialize (cfg); TPSValidity::Initialize (cfg); + TPSSystemCertsVerification::Initialize (cfg); SelfTest::isInitialized = 2; } RA::SelfTestLog("SelfTest::Initialize", "%s", ((isInitialized==2)?"successfully completed":"failed")); @@ -121,6 +123,18 @@ int SelfTest::runStartUpSelfTests (const char *nickname) } else { RA::SelfTestLog("SelfTest::runStartUpSelfTests", "TPSValidity self test has been successfully completed."); } + if (TPSSystemCertsVerification::isStartupEnabled()) { + rc = TPSSystemCertsVerification::runSelfTest(); + } + if (rc != 0 && TPSSystemCertsVerification::isStartupCritical()) { + if (rc > 0) rc *= -1; + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Critical TPSSystemCertsVerification self test failure: %d", rc); + return rc; + } else if (rc != 0) { + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Noncritical TPSSystemCertsVerification self test failure: %d", rc); + } else { + RA::SelfTestLog("SelfTest::runStartUpSelfTests", "TPSSystemCertsVerification self test has been successfully completed."); + } RA::SelfTestLog("SelfTest::runStartUpSelfTests", "done"); return 0; } @@ -153,6 +167,19 @@ int SelfTest::runOnDemandSelfTests () } else { RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "TPSValidity self test has been successfully completed."); } + + if (TPSSystemCertsVerification::isOnDemandEnabled()) { + rc = TPSSystemCertsVerification::runSelfTest(); + } + if (rc != 0 && TPSSystemCertsVerification::isOnDemandCritical()) { + if (rc > 0) rc *= -1; + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Critical TPSSystemCertsVerification self test failure: %d", rc); + return rc; + } else if (rc != 0) { + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Noncritical TPSSystemCertsVerification self test failure: %d", rc); + } else { + RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "TPSSystemCertsVerification self test has been successfully completed."); + } RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "done"); return rc; } @@ -162,6 +189,7 @@ int SelfTest::isOnDemandEnabled () int n = 0; if (TPSPresence::isOnDemandEnabled()) n++; if (TPSValidity::isOnDemandEnabled()) n += 2; + if (TPSSystemCertsVerification::isOnDemandEnabled()) n += 4; return n; } @@ -170,6 +198,7 @@ int SelfTest::isOnDemandCritical () int n = 0; if (TPSPresence::isOnDemandCritical()) n++; if (TPSValidity::isOnDemandCritical()) n += 2; + if (TPSSystemCertsVerification::isOnDemandCritical()) n += 4; return n; } diff --git a/pki/base/tps/src/selftests/TPSSystemCertsVerification.cpp b/pki/base/tps/src/selftests/TPSSystemCertsVerification.cpp new file mode 100644 index 000000000..a89d18d04 --- /dev/null +++ b/pki/base/tps/src/selftests/TPSSystemCertsVerification.cpp @@ -0,0 +1,149 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; +// version 2.1 of the License. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, +// Boston, MA 02110-1301 USA +// +// Copyright (C) 2010 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +#ifdef __cplusplus +extern "C" +{ +#endif +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> + +#include "prmem.h" +#include "prsystem.h" +#include "plstr.h" +#include "prio.h" + +#include "cert.h" +#include "certt.h" + +#ifdef __cplusplus +} +#endif + +#include "engine/RA.h" +#include "main/ConfigStore.h" +#include "selftests/TPSSystemCertsVerification.h" + + +int TPSSystemCertsVerification::initialized = 0; +bool TPSSystemCertsVerification::startupEnabled = false; +bool TPSSystemCertsVerification::onDemandEnabled = false; +bool TPSSystemCertsVerification::startupCritical = false; +bool TPSSystemCertsVerification::onDemandCritical = false; +const char *TPSSystemCertsVerification::CRITICAL_TEST_NAME = "TPSSystemCertsVerification:critical"; +const char *TPSSystemCertsVerification::TEST_NAME = "TPSSystemCertsVerification"; +// for testing if system is initialized +const char *TPSSystemCertsVerification::UNINITIALIZED_NICKNAME = "[HSM_LABEL][NICKNAME]"; +const char *TPSSystemCertsVerification::SUBSYSTEM_NICKNAME= "tps.cert.subsystem.nickname"; + + +//default constructor +TPSSystemCertsVerification::TPSSystemCertsVerification() +{ +} + +TPSSystemCertsVerification::~TPSSystemCertsVerification() +{ +} + +void TPSSystemCertsVerification::Initialize (ConfigStore *cfg) +{ + if (TPSSystemCertsVerification::initialized == 0) { + TPSSystemCertsVerification::initialized = 1; + const char* s = cfg->GetConfigAsString(CFG_SELFTEST_STARTUP); + if (s != NULL) { + if (PL_strstr (s, TPSSystemCertsVerification::CRITICAL_TEST_NAME) != NULL) { + startupCritical = true; + startupEnabled = true; + } else if (PL_strstr (s, TPSSystemCertsVerification::TEST_NAME) != NULL) { + startupEnabled = true; + } + } + const char* d = cfg->GetConfigAsString(CFG_SELFTEST_ONDEMAND); + if (d != NULL) { + if (PL_strstr (d, TPSSystemCertsVerification::CRITICAL_TEST_NAME) != NULL) { + onDemandCritical = true; + onDemandEnabled = true; + } else if (PL_strstr (d, TPSSystemCertsVerification::TEST_NAME) != NULL) { + onDemandEnabled = true; + } + } + char* n = (char*)(cfg->GetConfigAsString(TPSSystemCertsVerification::SUBSYSTEM_NICKNAME)); + if (n != NULL && PL_strlen(n) > 0) { + if (PL_strstr (n, TPSSystemCertsVerification::UNINITIALIZED_NICKNAME) != NULL) { + TPSSystemCertsVerification::initialized = 0; + } + } + if (TPSSystemCertsVerification::initialized == 1) { + TPSSystemCertsVerification::initialized = 2; + } + } + RA::SelfTestLog("TPSSystemCertsVerification::Initialize", "%s", ((initialized==2)?"successfully completed":"failed")); +} + +// Error codes: +// -1 - failed system certs verification +// critical errors are negative + +int TPSSystemCertsVerification::runSelfTest () +{ + int rc = 0; + + if (TPSSystemCertsVerification::initialized == 2) { + rc = RA::verifySystemCerts(); + if (rc == true) { + return 0; + } else { + rc = -1; + } + } + + return rc; +} + +bool TPSSystemCertsVerification::isStartupEnabled () +{ + return startupEnabled; +} + +bool TPSSystemCertsVerification::isOnDemandEnabled () +{ + return onDemandEnabled; +} + +bool TPSSystemCertsVerification::isStartupCritical () +{ + return startupCritical; +} + +bool TPSSystemCertsVerification::isOnDemandCritical () +{ + return onDemandCritical; +} + |