diff options
Diffstat (limited to 'base/server/cms/src/com')
10 files changed, 269 insertions, 627 deletions
diff --git a/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java b/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java index e77ece551..c77514f35 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java @@ -186,8 +186,7 @@ public abstract class ASelfTest * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public abstract void runSelfTest(ILogEventListener logger) - throws ESelfTestException; + public abstract void runSelfTest(ILogEventListener logger) throws Exception; } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java index 83caa0099..ab491c7e7 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java @@ -191,72 +191,55 @@ public class CAPresence * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - ICertificateAuthority ca = null; - X509CertImpl caCert = null; - X509Key caPubKey = null; - - ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); if (ca == null) { // log that the CA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the CA certificate - caCert = ca.getCACert(); - - if (caCert == null) { - // log that the CA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_CA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the CA certificate public key - try { - caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY); - - if (caPubKey == null) { - // log that something is seriously wrong with the CA - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_CORRUPT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(logMessage); - } - } catch (CertificateParsingException e) { - // log that something is seriously wrong with the CA - mSelfTestSubsystem.log(logger, - e.toString()); + // Retrieve the CA certificate + X509CertImpl caCert = ca.getCACert(); + if (caCert == null) { + // log that the CA is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(e.toString()); - } + // Retrieve the CA certificate public key + X509Key caPubKey; + try { + caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY); - // log that the CA is present - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_PRESENT", - getSelfTestName()); + } catch (CertificateParsingException e) { + // log that something is seriously wrong with the CA + mSelfTestSubsystem.log(logger, e.toString()); + throw e; + } - mSelfTestSubsystem.log(logger, - logMessage); + if (caPubKey == null) { + // log that something is seriously wrong with the CA + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_CORRUPT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + // log that the CA is present + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java b/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java index b1751ecb4..4d90be199 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java @@ -191,72 +191,56 @@ public class CAValidity * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - ICertificateAuthority ca = null; - X509CertImpl caCert = null; - - ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId); if (ca == null) { // log that the CA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the CA certificate - caCert = ca.getCACert(); - - if (caCert == null) { - // log that the CA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_CA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the CA validity period - try { - caCert.checkValidity(); - } catch (CertificateNotYetValidException e) { - // log that the CA is not yet valid - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_YET_VALID", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } catch (CertificateExpiredException e) { - // log that the CA is expired - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_EXPIRED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - // log that the CA is valid - logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_VALID", - getSelfTestName()); + // Retrieve the CA certificate + X509CertImpl caCert = ca.getCACert(); + if (caCert == null) { + // log that the CA is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the CA validity period + try { + caCert.checkValidity(); + + } catch (CertificateNotYetValidException e) { + // log that the CA is not yet valid + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_NOT_YET_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; + + } catch (CertificateExpiredException e) { + // log that the CA is expired + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_EXPIRED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; } - return; + // log that the CA is valid + String logMessage = CMS.getLogMessage( + "SELFTESTS_CA_IS_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java index f5b0939f1..5c1e97bfa 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java +++ b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java @@ -185,29 +185,22 @@ public class SystemCertsVerification * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - boolean rc = false; - - rc = CMS.verifySystemCerts(); - if (rc == true) { - logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - } else { - logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - throw new ESelfTestException(logMessage); + public void runSelfTest(ILogEventListener logger) throws Exception { + + boolean status = CMS.verifySystemCerts(); + if (!status) { + String logMessage = CMS.getLogMessage( + "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + String logMessage = CMS.getLogMessage( + "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java index 832d2b747..ff0c3fbc2 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java +++ b/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java @@ -188,64 +188,46 @@ public class KRAPresence * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - IKeyRecoveryAuthority kra = null; - org.mozilla.jss.crypto.X509Certificate kraCert = null; - PublicKey kraPubKey = null; - - kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId); if (kra == null) { // log that the KRA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the KRA certificate - kraCert = kra.getTransportCert(); - - if (kraCert == null) { - // log that the RA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_KRA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the KRA certificate public key - kraPubKey = kraCert.getPublicKey(); - - if (kraPubKey == null) { - // log that something is seriously wrong with the KRA - logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_CORRUPT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - // log that the KRA is present - logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_PRESENT", - getSelfTestName()); + // Retrieve the KRA certificate + org.mozilla.jss.crypto.X509Certificate kraCert = kra.getTransportCert(); + if (kraCert == null) { + // log that the RA is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the KRA certificate public key + PublicKey kraPubKey = kraCert.getPublicKey(); + if (kraPubKey == null) { + // log that something is seriously wrong with the KRA + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_CORRUPT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + // log that the KRA is present + String logMessage = CMS.getLogMessage( + "SELFTESTS_KRA_IS_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java index a3d9e3ad3..db9d237fc 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java @@ -192,89 +192,66 @@ public class OCSPPresence * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - IOCSPAuthority ocsp = null; - ISigningUnit ocspSigningUnit = null; - X509CertImpl ocspCert = null; - X509Key ocspPubKey = null; - - ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); + public void runSelfTest(ILogEventListener logger) throws Exception { + IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); if (ocsp == null) { // log that the OCSP is not installed - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the OCSP signing unit - ocspSigningUnit = ocsp.getSigningUnit(); - - if (ocspSigningUnit == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP certificate - ocspCert = ocspSigningUnit.getCertImpl(); - - if (ocspCert == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP certificate public key - try { - ocspPubKey = (X509Key) - ocspCert.get(X509CertImpl.PUBLIC_KEY); - - if (ocspPubKey == null) { - // log that something is seriously wrong with the OCSP - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_CORRUPT", - getSelfTestName()); + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the OCSP signing unit + ISigningUnit ocspSigningUnit = ocsp.getSigningUnit(); + if (ocspSigningUnit == null) { + // log that the OCSP is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(logMessage); - } - } catch (CertificateParsingException e) { - // log that something is seriously wrong with the OCSP - mSelfTestSubsystem.log(logger, - e.toString()); + // Retrieve the OCSP certificate + X509CertImpl ocspCert = ocspSigningUnit.getCertImpl(); + if (ocspCert == null) { + // log that the OCSP is not yet initialized + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(e.toString()); - } + // Retrieve the OCSP certificate public key + X509Key ocspPubKey; + try { + ocspPubKey = (X509Key)ocspCert.get(X509CertImpl.PUBLIC_KEY); - // log that the OCSP is present - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_PRESENT", - getSelfTestName()); + } catch (CertificateParsingException e) { + // log that something is seriously wrong with the OCSP + mSelfTestSubsystem.log(logger, e.toString()); + throw e; + } - mSelfTestSubsystem.log(logger, - logMessage); + if (ocspPubKey == null) { + // log that something is seriously wrong with the OCSP + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_CORRUPT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); } - return; + // log that the OCSP is present + String logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java index 383779d22..6aadf842d 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java +++ b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java @@ -192,89 +192,68 @@ public class OCSPValidity * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { + public void runSelfTest(ILogEventListener logger) throws Exception { String logMessage = null; - IOCSPAuthority ocsp = null; - ISigningUnit ocspSigningUnit = null; - X509CertImpl ocspCert = null; - - ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId); if (ocsp == null) { // log that the OCSP is not installed - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the OCSP signing unit - ocspSigningUnit = ocsp.getSigningUnit(); - - if (ocspSigningUnit == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP certificate - ocspCert = ocspSigningUnit.getCertImpl(); - - if (ocspCert == null) { - // log that the OCSP is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the OCSP validity period - try { - ocspCert.checkValidity(); - } catch (CertificateNotYetValidException e) { - // log that the OCSP is not yet valid - logMessage = CMS.getLogMessage( - "SELFTESTS_OCSP_IS_NOT_YET_VALID", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } catch (CertificateExpiredException e) { - // log that the OCSP is expired - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_EXPIRED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_PRESENT", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - throw new ESelfTestException(logMessage); - } + // Retrieve the OCSP signing unit + ISigningUnit ocspSigningUnit = ocsp.getSigningUnit(); + if (ocspSigningUnit == null) { + // log that the OCSP is not yet initialized + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - // log that the OCSP is valid - logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_VALID", - getSelfTestName()); + // Retrieve the OCSP certificate + X509CertImpl ocspCert = ocspSigningUnit.getCertImpl(); + if (ocspCert == null) { + // log that the OCSP is not yet initialized + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_INITIALIZED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw new Exception(logMessage); + } - mSelfTestSubsystem.log(logger, - logMessage); + // Retrieve the OCSP validity period + try { + ocspCert.checkValidity(); + + } catch (CertificateNotYetValidException e) { + // log that the OCSP is not yet valid + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_NOT_YET_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; + + } catch (CertificateExpiredException e) { + // log that the OCSP is expired + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_EXPIRED", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + throw e; } - return; + // log that the OCSP is valid + logMessage = CMS.getLogMessage( + "SELFTESTS_OCSP_IS_VALID", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java deleted file mode 100644 index 6facd807c..000000000 --- a/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java +++ /dev/null @@ -1,261 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -// package statement // -/////////////////////// - -package com.netscape.cms.selftests.ra; - -/////////////////////// -// import statements // -/////////////////////// - -import java.security.PublicKey; -import java.util.Locale; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.logging.ILogEventListener; -import com.netscape.certsrv.ra.IRegistrationAuthority; -import com.netscape.certsrv.selftests.EDuplicateSelfTestException; -import com.netscape.certsrv.selftests.EInvalidSelfTestException; -import com.netscape.certsrv.selftests.EMissingSelfTestException; -import com.netscape.certsrv.selftests.ESelfTestException; -import com.netscape.certsrv.selftests.ISelfTestSubsystem; -import com.netscape.cms.selftests.ASelfTest; - -////////////////////// -// class definition // -////////////////////// - -/** - * This class implements a self test to check for RA presence. - * <P> - * - * <PRE> - * NOTE: This self-test is for Registration Authorities prior to - * Netscape Certificate Management System 7.0. It does NOT - * apply to the Registration Authority found in - * Red Hat Certificate System 7.3 or later (including - * ALL versions of Dogtag Certificate System). - * </PRE> - * <P> - * - * @deprecated - * @author mharmsen - * @author thomask - * @version $Revision$, $Date$ - */ -public class RAPresence - extends ASelfTest { - //////////////////////// - // default parameters // - //////////////////////// - - /////////////////////////// - // RAPresence parameters // - /////////////////////////// - - // parameter information - public static final String PROP_RA_SUB_ID = "RaSubId"; - private String mRaSubId = null; - - ///////////////////// - // default methods // - ///////////////////// - - //////////////////////// - // RAPresence methods // - //////////////////////// - - /** - * Initializes this subsystem with the configuration store - * associated with this instance name. - * <P> - * - * @param subsystem the associated subsystem - * @param instanceName the name of this self test instance - * @param parameters configuration store (self test parameters) - * @exception EDuplicateSelfTestException subsystem has duplicate name/value - * @exception EInvalidSelfTestException subsystem has invalid name/value - * @exception EMissingSelfTestException subsystem has missing name/value - */ - public void initSelfTest(ISelfTestSubsystem subsystem, - String instanceName, - IConfigStore parameters) - throws EDuplicateSelfTestException, - EInvalidSelfTestException, - EMissingSelfTestException { - super.initSelfTest(subsystem, instanceName, parameters); - - // retrieve mandatory parameter(s) - try { - mRaSubId = mConfig.getString(PROP_RA_SUB_ID); - if (mRaSubId != null) { - mRaSubId = mRaSubId.trim(); - } else { - mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - CMS.getLogMessage( - "SELFTESTS_MISSING_VALUES", - getSelfTestName(), - mPrefix - + "." - + PROP_RA_SUB_ID)); - - throw new EMissingSelfTestException(PROP_RA_SUB_ID); - } - } catch (EBaseException e) { - mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", - getSelfTestName(), - mPrefix - + "." - + PROP_RA_SUB_ID)); - - throw new EMissingSelfTestException(mPrefix, - PROP_RA_SUB_ID, - null); - } - - // retrieve optional parameter(s) - - return; - } - - /** - * Notifies this subsystem if it is in execution mode. - * <P> - * - * @exception ESelfTestException failed to start - */ - public void startupSelfTest() - throws ESelfTestException { - return; - } - - /** - * Stops this subsystem. The subsystem may call shutdownSelfTest - * anytime after initialization. - * <P> - */ - public void shutdownSelfTest() { - return; - } - - /** - * Returns the name associated with this self test. This method may - * return null if the self test has not been intialized. - * <P> - * - * @return instanceName of this self test - */ - public String getSelfTestName() { - return super.getSelfTestName(); - } - - /** - * Returns the root configuration storage (self test parameters) - * associated with this subsystem. - * <P> - * - * @return configuration store (self test parameters) of this subsystem - */ - public IConfigStore getSelfTestConfigStore() { - return super.getSelfTestConfigStore(); - } - - /** - * Retrieves description associated with an individual self test. - * This method may return null. - * <P> - * - * @param locale locale of the client that requests the description - * @return description of self test - */ - public String getSelfTestDescription(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION"); - } - - /** - * Execute an individual self test. - * <P> - * - * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception - */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - String logMessage = null; - IRegistrationAuthority ra = null; - org.mozilla.jss.crypto.X509Certificate raCert = null; - PublicKey raPubKey = null; - - ra = (IRegistrationAuthority) CMS.getSubsystem(mRaSubId); - - if (ra == null) { - // log that the RA is not installed - logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_NOT_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } else { - // Retrieve the RA certificate - raCert = ra.getRACert(); - - if (raCert == null) { - // log that the RA is not yet initialized - logMessage = CMS.getLogMessage( - "SELFTESTS_RA_IS_NOT_INITIALIZED", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // Retrieve the RA certificate public key - raPubKey = raCert.getPublicKey(); - - if (raPubKey == null) { - // log that something is seriously wrong with the RA - logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_CORRUPT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - - throw new ESelfTestException(logMessage); - } - - // log that the RA is present - logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_PRESENT", - getSelfTestName()); - - mSelfTestSubsystem.log(logger, - logMessage); - } - - return; - } -} diff --git a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java index d5e7c11ad..1686ba564 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java +++ b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java @@ -104,7 +104,7 @@ public class TKSKnownSessionKey mMacKey = getConfigByteArray("macKey", 16); mUseSoftToken = getConfigString("useSoftToken"); - // AC: KDF SPEC CHANGE + // AC: KDF SPEC CHANGE // read CUID for the KDD field mKDD = getConfigByteArray("CUID", 10); // @@ -143,7 +143,7 @@ public class TKSKnownSessionKey getSelfTestName(), mPrefix + ".nistSP800-108KdfUseCuidAsKdd")); throw new EMissingSelfTestException("nistSP800-108KdfUseCuidAsKdd"); } - + String defKeySetMacKey = null; tks = CMS.getSubsystem(mTksSubId); if (tks != null) { @@ -175,7 +175,7 @@ public class TKSKnownSessionKey if (mSessionKey == null) { mSessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName, mCardChallenge, mHostChallenge, - mKeyInfo, + mKeyInfo, mNistSP800_108KdfOnKeyVersion, // AC: KDF SPEC CHANGE - pass in configuration self-test value mNistSP800_108KdfUseCuidAsKdd, // AC: KDF SPEC CHANGE - pass in configuration self-test value mCUID, @@ -320,13 +320,12 @@ public class TKSKnownSessionKey * <P> * * @param logger specifies logging subsystem - * @exception ESelfTestException self test exception + * @exception Exception self test exception */ - public void runSelfTest(ILogEventListener logger) - throws ESelfTestException { - IConfigStore cs = CMS.getConfigStore(); - String sharedSecretName; + public void runSelfTest(ILogEventListener logger) throws Exception { + try { + IConfigStore cs = CMS.getConfigStore(); boolean useNewNames = cs.getBoolean("tks.useNewSharedSecretNames", false); if (useNewNames) { String tpsList = cs.getString("tps.list", ""); @@ -336,29 +335,39 @@ public class TKSKnownSessionKey } for (String tpsID : tpsList.split(",")) { - sharedSecretName = cs.getString("tps." + tpsID + ".nickname", ""); + String sharedSecretName = cs.getString("tps." + tpsID + ".nickname", ""); if (!sharedSecretName.isEmpty()) { CMS.debug("TKSKnownSessionKey: testing with key " + sharedSecretName); - generateSessionKey(logger, sharedSecretName); + generateSessionKey(sharedSecretName); } } + } else { // legacy systems - sharedSecretName = cs.getString("tks.tksSharedSymKeyName", "sharedSecret"); - generateSessionKey(logger, sharedSecretName); + String sharedSecretName = cs.getString("tks.tksSharedSymKeyName", "sharedSecret"); + generateSessionKey(sharedSecretName); } - } catch (EBaseException e) { - e.printStackTrace(); - CMS.debug("TKSKnownSessionKey: failed to read config file to set up test"); - String logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName()); + + String logMessage = CMS.getLogMessage( + "SELFTESTS_TKS_SUCCEEDED", + getSelfTestName(), + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + CMS.debug("TKSKnownSessionKey self test SUCCEEDED"); + + } catch (Exception e) { + String logMessage = CMS.getLogMessage( + "SELFTESTS_TKS_FAILED", + getSelfTestName(), + getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); + throw e; } + return; } - private void generateSessionKey(ILogEventListener logger, String sharedSecretName) throws ESelfTestException { - String logMessage; + private void generateSessionKey(String sharedSecretName) throws Exception { String keySet = "defKeySet"; byte[] sessionKey = SessionKey.ComputeSessionKey( @@ -374,14 +383,7 @@ public class TKSKnownSessionKey // For FIPS compliance, the routine now returns a wrapped key, which can't be extracted and compared. if (sessionKey == null) { CMS.debug("TKSKnownSessionKey: generated no session key"); - CMS.debug("TKSKnownSessionKey self test FAILED"); - logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName()); - mSelfTestSubsystem.log(logger, logMessage); - throw new ESelfTestException(logMessage); - } else { - logMessage = CMS.getLogMessage("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName()); - mSelfTestSubsystem.log(logger, logMessage); - CMS.debug("TKSKnownSessionKey self test SUCCEEDED"); + throw new Exception("No session key generated"); } } } diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index b8cf27cc5..b6325b71d 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -3248,7 +3248,11 @@ public final class CMSAdminServlet extends AdminServlet { // store this information for console notification content += "COMPLETED SUCCESSFULLY\n"; - } catch (ESelfTestException e) { + + } catch (Exception e) { + + CMS.debug(e); + // Check to see if the self test was critical: if (mSelfTestSubsystem.isSelfTestCriticalOnDemand( instanceName)) { |