[Pki-devel] [PATCH] 661 Fixed selftest error handling.
Endi Sukma Dewata
edewata at redhat.com
Tue Dec 1 23:16:30 UTC 2015
The selftest has been modified to throw an exception and provide
more specific error message if a test fails in order to help
troubleshoot the problem.
https://fedorahosted.org/pki/ticket/1328
--
Endi S. Dewata
-------------- next part --------------
From f7dc87a2d0d7261e01f8eea3b2f4b13dc84b03ef Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Tue, 1 Dec 2015 23:34:41 +0100
Subject: [PATCH] Fixed selftest error handling.
The selftest has been modified to throw an exception and provide
more specific error message if a test fails in order to help
troubleshoot the problem.
https://fedorahosted.org/pki/ticket/1328
---
base/common/src/com/netscape/certsrv/apps/CMS.java | 12 +--
.../src/com/netscape/certsrv/apps/ICMSEngine.java | 28 ++---
.../selftests/common/SystemCertsVerification.java | 18 ++--
.../cms/selftests/tks/TKSKnownSessionKey.java | 2 -
.../cms/servlet/admin/CMSAdminServlet.java | 25 +++--
.../src/com/netscape/cmscore/apps/CMSEngine.java | 57 +++++-----
.../src/com/netscape/cmscore/cert/CertUtils.java | 120 ++++++++++-----------
.../cmscore/selftests/SelfTestSubsystem.java | 30 ++++--
.../netscape/cmscore/app/CMSEngineDefaultStub.java | 27 +++--
9 files changed, 161 insertions(+), 158 deletions(-)
diff --git a/base/common/src/com/netscape/certsrv/apps/CMS.java b/base/common/src/com/netscape/certsrv/apps/CMS.java
index 84fc3f743a7c6fed0206404019df8cb440b97a74..94f5c1687322cbe4a4b194b22e0f483bc8e012dc 100644
--- a/base/common/src/com/netscape/certsrv/apps/CMS.java
+++ b/base/common/src/com/netscape/certsrv/apps/CMS.java
@@ -1377,23 +1377,23 @@ public final class CMS {
* Verifies all system certs
* with tags defined in <subsystemtype>.cert.list
*/
- public static boolean verifySystemCerts() {
- return _engine.verifySystemCerts();
+ public static void verifySystemCerts() throws Exception {
+ _engine.verifySystemCerts();
}
/**
* Verify a system cert by tag name
* with tags defined in <subsystemtype>.cert.list
*/
- public static boolean verifySystemCertByTag(String tag) {
- return _engine.verifySystemCertByTag(tag);
+ public static void verifySystemCertByTag(String tag) throws Exception {
+ _engine.verifySystemCertByTag(tag);
}
/**
* Verify a system cert by certificate nickname
*/
- public static boolean verifySystemCertByNickname(String nickname, String certificateUsage) {
- return _engine.verifySystemCertByNickname(nickname, certificateUsage);
+ public static void verifySystemCertByNickname(String nickname, String certificateUsage) throws Exception {
+ _engine.verifySystemCertByNickname(nickname, certificateUsage);
}
/**
diff --git a/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java b/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
index e9b5b765fca2c949db0db91494f48c12b4fee35a..e024208fdcfdf83d3cf25478355d1a6d867a9ab3 100644
--- a/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
+++ b/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
@@ -29,14 +29,6 @@ import java.util.Hashtable;
import java.util.Locale;
import java.util.Vector;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSSLSocketFactoryExt;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.X509CertInfo;
-
import org.mozilla.jss.CryptoManager.CertificateUsage;
import org.mozilla.jss.util.PasswordCallback;
@@ -80,6 +72,14 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.cmsutil.net.ISocketFactory;
import com.netscape.cmsutil.password.IPasswordStore;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPException;
+import netscape.ldap.LDAPSSLSocketFactoryExt;
+import netscape.security.util.ObjectIdentifier;
+import netscape.security.x509.Extension;
+import netscape.security.x509.GeneralName;
+import netscape.security.x509.X509CertInfo;
+
/**
* This interface represents the CMS core framework. The
* framework contains a set of services that provide
@@ -798,24 +798,24 @@ public interface ICMSEngine extends ISubsystem {
/**
* Verifies all system certificates
*
- * @return true if all passed, false otherwise
+ * @throws Exception if something is wrong
*/
- public boolean verifySystemCerts();
+ public void verifySystemCerts() throws Exception;
/**
* Verifies a system certificate by its tag name
* as defined in <subsystemtype>.cert.list
*
- * @return true if passed, false otherwise
+ * @throws Exception if something is wrong
*/
- public boolean verifySystemCertByTag(String tag);
+ public void verifySystemCertByTag(String tag) throws Exception;
/**
* Verifies a system certificate by its nickname
*
- * @return true if passed, false otherwise
+ * @throws Exception if something is wrong
*/
- public boolean verifySystemCertByNickname(String nickname, String certificateUsage);
+ public void verifySystemCertByNickname(String nickname, String certificateUsage) throws Exception;
/**
* get the CertificateUsage as defined in JSS CryptoManager
diff --git a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
index 5c1e97bfaa558ba9394eca0b88543482c6bece9a..e4fc1cbe2554180762dbdd331ab08de2cf9052bb 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
@@ -189,18 +189,20 @@ public class SystemCertsVerification
*/
public void runSelfTest(ILogEventListener logger) throws Exception {
- boolean status = CMS.verifySystemCerts();
- if (!status) {
+ try {
+ CMS.verifySystemCerts();
+
+ String logMessage = CMS.getLogMessage(
+ "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
+ getSelfTestName());
+ mSelfTestSubsystem.log(logger, logMessage);
+
+ } catch (Exception e) {
String logMessage = CMS.getLogMessage(
"SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
getSelfTestName());
mSelfTestSubsystem.log(logger, logMessage);
- throw new Exception(logMessage);
+ throw e;
}
-
- String logMessage = CMS.getLogMessage(
- "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
- getSelfTestName());
- mSelfTestSubsystem.log(logger, logMessage);
}
}
diff --git a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
index 1686ba564be428a35ad4c5d0aa42def09e97c5e8..f734f67c003420f73194d71877a6537e7b122e68 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
@@ -363,8 +363,6 @@ public class TKSKnownSessionKey
mSelfTestSubsystem.log(logger, logMessage);
throw e;
}
-
- return;
}
private void generateSessionKey(String sharedSecretName) throws Exception {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index b6325b71d0bceac9589775cbaf1643400775abf8..18be8a854f148ab682aabe5d731b3dfe6d73aee1 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -38,11 +38,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.security.x509.BasicConstraintsExtension;
-import netscape.security.x509.CertificateExtensions;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.PQGParams;
@@ -80,6 +75,11 @@ import com.netscape.cmsutil.util.Cert;
import com.netscape.cmsutil.util.Utils;
import com.netscape.symkey.SessionKey;
+import netscape.security.x509.BasicConstraintsExtension;
+import netscape.security.x509.CertificateExtensions;
+import netscape.security.x509.X509CertImpl;
+import netscape.security.x509.X509CertInfo;
+
/**
* A class representings an administration servlet. This
* servlet is responsible to serve Certificate Server
@@ -2191,9 +2191,12 @@ public final class CMSAdminServlet extends AdminServlet {
modifyRADMCert(nickname);
}
- boolean verified = CMS.verifySystemCertByNickname(nickname, null);
- if (verified == true) {
- CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded: " + nickname);
+ boolean verified = false;
+ try {
+ CMS.debug("CMSAdminServlet: verifying system certificate " + nickname);
+ CMS.verifySystemCertByNickname(nickname, null);
+ verified = true;
+
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
auditSubjectID,
@@ -2201,8 +2204,9 @@ public final class CMSAdminServlet extends AdminServlet {
nickname);
audit(auditMessage);
- } else {
- CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed: " + nickname);
+
+ } catch (Exception e) {
+ CMS.debug(e);
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
auditSubjectID,
@@ -2211,6 +2215,7 @@ public final class CMSAdminServlet extends AdminServlet {
audit(auditMessage);
}
+
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
index 77f913636bda6a490755d3ea88b9d6c56b341c74..1e1f844cd85d444703ae81ee273c14f7b1170834 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
@@ -24,7 +24,6 @@ import java.io.FileReader;
import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
@@ -44,32 +43,15 @@ import java.util.Vector;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSSLSocketFactoryExt;
-import netscape.security.extensions.CertInfo;
-import netscape.security.pkcs.ContentInfo;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.pkcs.SignerInfo;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.X509CRLImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
import org.apache.commons.lang.StringUtils;
import org.apache.xerces.parsers.DOMParser;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.CryptoManager.CertificateUsage;
-import org.mozilla.jss.util.PasswordCallback;
+import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.Signature;
import org.mozilla.jss.crypto.SignatureAlgorithm;
-import org.mozilla.jss.crypto.CryptoToken;
-
+import org.mozilla.jss.util.PasswordCallback;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
@@ -184,8 +166,24 @@ import com.netscape.cmscore.util.Debug;
import com.netscape.cmsutil.net.ISocketFactory;
import com.netscape.cmsutil.password.IPasswordStore;
import com.netscape.cmsutil.password.NuxwdogPasswordStore;
-import com.netscape.cmsutil.util.Utils;
import com.netscape.cmsutil.util.Cert;
+import com.netscape.cmsutil.util.Utils;
+
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPException;
+import netscape.ldap.LDAPSSLSocketFactoryExt;
+import netscape.security.extensions.CertInfo;
+import netscape.security.pkcs.ContentInfo;
+import netscape.security.pkcs.PKCS7;
+import netscape.security.pkcs.SignerInfo;
+import netscape.security.util.ObjectIdentifier;
+import netscape.security.x509.AlgorithmId;
+import netscape.security.x509.CertificateChain;
+import netscape.security.x509.Extension;
+import netscape.security.x509.GeneralName;
+import netscape.security.x509.X509CRLImpl;
+import netscape.security.x509.X509CertImpl;
+import netscape.security.x509.X509CertInfo;
public class CMSEngine implements ICMSEngine {
private static final String ID = "MAIN";
@@ -1259,7 +1257,7 @@ public class CMSEngine implements ICMSEngine {
return;
}
CMS.debug(method + "autoShutdown allowed");
- CryptoToken token =
+ CryptoToken token =
((org.mozilla.jss.pkcs11.PK11PrivKey) mSigningKey).getOwningToken();
SignatureAlgorithm signAlg = Cert.mapAlgorithmToJss("SHA256withRSA");
Signature signer = token.getSignatureContext(signAlg);
@@ -1731,17 +1729,16 @@ public class CMSEngine implements ICMSEngine {
}
}
- public boolean verifySystemCerts() {
- return CertUtils.verifySystemCerts();
+ public void verifySystemCerts() throws Exception {
+ CertUtils.verifySystemCerts();
}
- public boolean verifySystemCertByTag(String tag) {
- return CertUtils.verifySystemCertByTag(tag);
+ public void verifySystemCertByTag(String tag) throws Exception {
+ CertUtils.verifySystemCertByTag(tag);
}
- public boolean verifySystemCertByNickname(String nickname, String certificateUsage) {
- CMS.debug("CMSEngine: verifySystemCertByNickname(" + nickname + ", " + certificateUsage + ")");
- return CertUtils.verifySystemCertByNickname(nickname, certificateUsage);
+ public void verifySystemCertByNickname(String nickname, String certificateUsage) throws Exception {
+ CertUtils.verifySystemCertByNickname(nickname, certificateUsage);
}
public CertificateUsage getCertificateUsage(String certusage) {
@@ -1995,7 +1992,7 @@ public class CMSEngine implements ICMSEngine {
crumb.createNewFile();
} catch (IOException e) {
CMS.debug(method + " create autoShutdown crumb file failed on " +
- mAutoSD_CrumbFile + "; nothing to do...keep shutting down:" + e.toString());
+ mAutoSD_CrumbFile + "; nothing to do...keep shutting down:" + e);
e.printStackTrace();
}
}
diff --git a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java
index 244c36dc7e0bbac181ce37d6344cc849a70ba873..8c5c2ccc10970426bc161c9fcfb3f0e3732ca2b8 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java
@@ -35,6 +35,15 @@ import java.util.Arrays;
import java.util.Date;
import java.util.StringTokenizer;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.CryptoManager.CertificateUsage;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.cmsutil.util.Utils;
+
import netscape.security.extensions.NSCertTypeExtension;
import netscape.security.pkcs.PKCS10;
import netscape.security.pkcs.PKCS7;
@@ -54,15 +63,6 @@ import netscape.security.x509.X509CertImpl;
import netscape.security.x509.X509CertInfo;
import netscape.security.x509.X509Key;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.CryptoManager.CertificateUsage;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.cmsutil.util.Utils;
-
/**
* Utility class with assorted methods to check for
* smime pairs, determining the type of cert - signature
@@ -828,43 +828,42 @@ public class CertUtils {
/*
* verify a certificate by its nickname
- * returns true if it verifies; false if any not
+ * @throws Exception if something is wrong
*/
- public static boolean verifySystemCertByNickname(String nickname, String certusage) {
- CMS.debug("CertUtils: verifySystemCertByNickname(" + nickname + "," + certusage + ")");
- boolean r = true;
- CertificateUsage cu = null;
- cu = getCertificateUsage(certusage);
+ public static void verifySystemCertByNickname(String nickname, String certusage) throws Exception {
+ CMS.debug("CertUtils: verifySystemCertByNickname(" + nickname + ", " + certusage + ")");
+ CertificateUsage cu = getCertificateUsage(certusage);
int ccu = 0;
if (cu == null) {
CMS.debug("CertUtils: verifySystemCertByNickname() failed: " +
nickname + " with unsupported certusage =" + certusage);
- return false;
+ throw new Exception("Unsupported certificate usage " + certusage + " in certificate " + nickname);
}
if (certusage == null || certusage.equals(""))
CMS.debug("CertUtils: verifySystemCertByNickname(): required certusage not defined, getting current certusage");
+
CMS.debug("CertUtils: verifySystemCertByNickname(): calling isCertValid()");
try {
CryptoManager cm = CryptoManager.getInstance();
if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) {
if (cm.isCertValid(nickname, true, cu)) {
- r = true;
CMS.debug("CertUtils: verifySystemCertByNickname() passed: " + nickname);
} else {
CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + nickname);
- r = false;
+ throw new Exception("Invalid certificate " + nickname);
}
+
} else {
// find out about current cert usage
ccu = cm.isCertValid(nickname, true);
if (ccu == CertificateUsage.basicCertificateUsages) {
/* cert is good for nothing */
- r = false;
CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:" + nickname);
+ throw new Exception("Unusable certificate " + nickname);
+
} else {
- r = true;
CMS.debug("CertUtils: verifySystemCertByNickname() passed: " + nickname);
if ((ccu & CryptoManager.CertificateUsage.SSLServer.getUsage()) != 0)
@@ -893,31 +892,31 @@ public class CertUtils {
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is AnyCA");
}
}
+
} catch (Exception e) {
- CMS.debug("CertUtils: verifySystemCertByNickname() failed: " +
- e.toString());
- r = false;
+ CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + e);
+ throw e;
}
- return r;
}
/*
* verify a certificate by its tag name
- * returns true if it verifies; false if any not
+ * @throws Exception if something is wrong
*/
- public static boolean verifySystemCertByTag(String tag) {
+ public static void verifySystemCertByTag(String tag) throws Exception {
CMS.debug("CertUtils: verifySystemCertByTag(" + tag + ")");
String auditMessage = null;
IConfigStore config = CMS.getConfigStore();
- boolean r = true;
+
try {
String subsysType = config.getString("cs.type", "");
if (subsysType.equals("")) {
CMS.debug("CertUtils: verifySystemCertByTag() cs.type not defined in CS.cfg. System certificates verification not done");
- r = false;
+ throw new Exception("Missing cs.type in CS.cfg");
}
+
subsysType = toLowerCaseSubsystemType(subsysType);
if (subsysType == null) {
CMS.debug("CertUtils: verifySystemCerts() invalid cs.type in CS.cfg. System certificates verification not done");
@@ -928,39 +927,32 @@ public class CertUtils {
"");
audit(auditMessage);
- r = false;
- return r;
+ throw new Exception("Invalid cs.type in CS.cfg");
}
+
String nickname = config.getString(subsysType + ".cert." + tag + ".nickname", "");
if (nickname.equals("")) {
CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag " + tag + " undefined in CS.cfg");
- r = false;
+ throw new Exception("Missing nickname for " + tag + " certificate");
}
+
String certusage = config.getString(subsysType + ".cert." + tag + ".certusage", "");
if (certusage.equals("")) {
CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag "
+ tag + " undefined in CS.cfg, getting current certificate usage");
+ // throw new Exception("Missing certificate usage for " + tag + " certificate"); ?
}
- r = verifySystemCertByNickname(nickname, certusage);
- if (r == true) {
- // audit here
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- ILogger.SYSTEM_UID,
- ILogger.SUCCESS,
- nickname);
- audit(auditMessage);
- } else {
- // audit here
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- ILogger.SYSTEM_UID,
- ILogger.FAILURE,
- nickname);
+ verifySystemCertByNickname(nickname, certusage);
+
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ ILogger.SYSTEM_UID,
+ ILogger.SUCCESS,
+ nickname);
+
+ audit(auditMessage);
- audit(auditMessage);
- }
} catch (Exception e) {
CMS.debug("CertUtils: verifySystemCertsByTag() failed: " +
e.toString());
@@ -971,10 +963,8 @@ public class CertUtils {
"");
audit(auditMessage);
- r = false;
+ throw e;
}
-
- return r;
}
/*
@@ -1015,13 +1005,13 @@ public class CertUtils {
/*
* goes through all system certs and check to see if they are good
* and audit the result
- * returns true if all verifies; false if any not
+ * @throws Exception if something is wrong
*/
- public static boolean verifySystemCerts() {
+ public static void verifySystemCerts() throws Exception {
+
String auditMessage = null;
IConfigStore config = CMS.getConfigStore();
- boolean verifyResult = true;
- boolean r = true; /* the final return value */
+
try {
String subsysType = config.getString("cs.type", "");
if (subsysType.equals("")) {
@@ -1033,8 +1023,9 @@ public class CertUtils {
"");
audit(auditMessage);
- return false;
+ throw new Exception("Missing cs.type in CS.cfg");
}
+
subsysType = toLowerCaseSubsystemType(subsysType);
if (subsysType == null) {
CMS.debug("CertUtils: verifySystemCerts() invalid cs.type in CS.cfg. System certificates verification not done");
@@ -1045,8 +1036,9 @@ public class CertUtils {
"");
audit(auditMessage);
- return false;
+ throw new Exception("Invalid cs.type in CS.cfg");
}
+
String certlist = config.getString(subsysType + ".cert.list", "");
if (certlist.equals("")) {
CMS.debug("CertUtils: verifySystemCerts() "
@@ -1058,17 +1050,17 @@ public class CertUtils {
"");
audit(auditMessage);
- return false;
+ throw new Exception("Missing " + subsysType + ".cert.list in CS.cfg");
}
+
StringTokenizer tokenizer = new StringTokenizer(certlist, ",");
while (tokenizer.hasMoreTokens()) {
String tag = tokenizer.nextToken();
tag = tag.trim();
CMS.debug("CertUtils: verifySystemCerts() cert tag=" + tag);
- verifyResult = verifySystemCertByTag(tag);
- if (verifyResult == false)
- r = false; //r captures the value for final return
+ verifySystemCertByTag(tag);
}
+
} catch (Exception e) {
// audit here
auditMessage = CMS.getLogMessage(
@@ -1078,10 +1070,8 @@ public class CertUtils {
"");
audit(auditMessage);
- r = false;
- CMS.debug("CertUtils: verifySystemCerts():" + e.toString());
+ throw e;
}
- return r;
}
public static String toLowerCaseSubsystemType(String s) {
diff --git a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
index d060f8180ff8e91cff69b3576bfedecea96fbae6..14fab26e4d3f9ffdfc305acbd94b742be6141604 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
@@ -1328,13 +1328,24 @@ public class SelfTestSubsystem
loggerFullName,
loggerValue));
- throw new EInvalidSelfTestException(loggerFullName,
- loggerValue);
+ throw new EInvalidSelfTestException(
+ "The self test plugin named " +
+ loggerFullName + " contains a value " +
+ loggerValue + " which is not an instance of ILogEventListener.");
}
// initialize the self tests logger
mLogger = (ILogEventListener) o;
mLogger.init(this, loggerConfig);
+
+ } catch (EMissingSelfTestException e) {
+ // already logged
+ throw e;
+
+ } catch (EInvalidSelfTestException e) {
+ // already logged
+ throw e;
+
} catch (EBaseException e) {
// self test property name EBaseException
@@ -1351,8 +1362,8 @@ public class SelfTestSubsystem
loggerFullName,
loggerValue));
- throw new EInvalidSelfTestException(loggerFullName,
- loggerValue);
+ throw e;
+
} catch (Exception e) {
// NOTE: These messages can only be logged to the
// "transactions" log, since the "selftests.log"
@@ -1369,8 +1380,7 @@ public class SelfTestSubsystem
CMS.debugStackTrace();
- throw new EInvalidSelfTestException(loggerFullName,
- loggerValue);
+ throw new EBaseException(e);
}
}
@@ -1481,6 +1491,11 @@ public class SelfTestSubsystem
throw new EMissingSelfTestException(instanceFullName,
instanceValue);
}
+
+ } catch (EMissingSelfTestException e) {
+ // already logged
+ throw e;
+
} catch (EBaseException e) {
// self test property name EBaseException
log(mLogger,
@@ -1489,8 +1504,7 @@ public class SelfTestSubsystem
instanceFullName,
instanceValue));
- throw new EInvalidSelfTestException(instanceFullName,
- instanceValue);
+ throw e;
}
// verify that the associated class is a valid instance of ISelfTest
diff --git a/base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java b/base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java
index b45b33b5feb57eaa510b3b2d239152cb48c6e740..5d43af7d136c83e1c436d0e9222338f747f5b685 100644
--- a/base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java
+++ b/base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java
@@ -12,14 +12,6 @@ import java.util.Hashtable;
import java.util.Locale;
import java.util.Vector;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSSLSocketFactoryExt;
-import netscape.security.util.ObjectIdentifier;
-import netscape.security.x509.Extension;
-import netscape.security.x509.GeneralName;
-import netscape.security.x509.X509CertInfo;
-
import org.mozilla.jss.CryptoManager.CertificateUsage;
import org.mozilla.jss.util.PasswordCallback;
@@ -65,6 +57,14 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.cmsutil.net.ISocketFactory;
import com.netscape.cmsutil.password.IPasswordStore;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPException;
+import netscape.ldap.LDAPSSLSocketFactoryExt;
+import netscape.security.util.ObjectIdentifier;
+import netscape.security.x509.Extension;
+import netscape.security.x509.GeneralName;
+import netscape.security.x509.X509CertInfo;
+
/**
* Default engine stub for testing.
*/
@@ -572,19 +572,16 @@ public class CMSEngineDefaultStub implements ICMSEngine {
}
@Override
- public boolean verifySystemCerts() {
- return false;
+ public void verifySystemCerts() throws Exception {
}
@Override
- public boolean verifySystemCertByTag(String tag) {
- return false;
+ public void verifySystemCertByTag(String tag) throws Exception {
}
@Override
- public boolean verifySystemCertByNickname(String nickname,
- String certificateUsage) {
- return false;
+ public void verifySystemCertByNickname(String nickname,
+ String certificateUsage) throws Exception {
}
@Override
--
2.5.0
More information about the Pki-devel
mailing list