[Pki-devel] [PATCH] 616 Fixed selftests log message.

Endi Sukma Dewata edewata at redhat.com
Tue Jun 23 18:37:19 UTC 2015


The SelfTestSubsystem has been modified to display a 'successful'
message only if all tests have passed. If a test fails, it will
log a failure, subsequent tests will not be executed, and the
subsystem will shutdown immediately.

The runSelfTest() in various tests have been cleaned up to throw
the original exception to help troubleshooting. The unused
RAPresence test has been removed.

https://fedorahosted.org/pki/ticket/1249

-- 
Endi S. Dewata
-------------- next part --------------
From a212b565584215b924b7f4de6bc5beaf9ba589a4 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Tue, 23 Jun 2015 12:23:15 -0400
Subject: [PATCH] Fixed selftests log message.

The SelfTestSubsystem has been modified to display a 'successful'
message only if all tests have passed. If a test fails, it will
log a failure, subsequent tests will not be executed, and the
subsystem will shutdown immediately.

The runSelfTest() in various tests have been cleaned up to throw
the original exception to help troubleshooting. The unused
RAPresence test has been removed.

https://fedorahosted.org/pki/ticket/1249
---
 .../com/netscape/certsrv/selftests/ISelfTest.java  |   5 +-
 .../certsrv/selftests/ISelfTestSubsystem.java      |   5 +-
 .../src/com/netscape/cms/selftests/ASelfTest.java  |   5 +-
 .../com/netscape/cms/selftests/ca/CAPresence.java  |  97 +++----
 .../com/netscape/cms/selftests/ca/CAValidity.java  | 102 ++++----
 .../selftests/common/SystemCertsVerification.java  |  33 +--
 .../netscape/cms/selftests/kra/KRAPresence.java    |  84 +++---
 .../netscape/cms/selftests/ocsp/OCSPPresence.java  | 123 ++++-----
 .../netscape/cms/selftests/ocsp/OCSPValidity.java  | 127 ++++-----
 .../com/netscape/cms/selftests/ra/RAPresence.java  | 261 -------------------
 .../cms/selftests/tks/TKSKnownSessionKey.java      |  56 ++--
 .../cms/servlet/admin/CMSAdminServlet.java         |   6 +-
 .../cmscore/selftests/SelfTestSubsystem.java       | 283 ++++++++++-----------
 .../server/tps/selftests/TPSPresence.java          |  38 ++-
 .../server/tps/selftests/TPSValidity.java          |  43 ++--
 15 files changed, 454 insertions(+), 814 deletions(-)
 delete mode 100644 base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java

diff --git a/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java b/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java
index 24ad623e477462bfbecae4fc1138b441ea07af16..0ffc74b6bbd7d915c25af74cfa75017f601105c3 100644
--- a/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java
+++ b/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java
@@ -126,8 +126,7 @@ public interface ISelfTest {
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException;
+    public void runSelfTest(ILogEventListener logger) throws Exception;
 }
diff --git a/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java b/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java
index 214ee17649379bacf56e5d2a770eb535076376ae..29adde0828332c600a325c4aa9e4418d718b8ea4 100644
--- a/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java
+++ b/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java
@@ -206,10 +206,9 @@ public interface ISelfTestSubsystem
      * <P>
      *
      * @exception EMissingSelfTestException subsystem has missing name
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTestsAtStartup()
-            throws EMissingSelfTestException, ESelfTestException;
+    public void runSelfTestsAtStartup() throws Exception;
 
     //
     // methods associated with the list of self test instances
diff --git a/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java b/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java
index e77ece551c1dd9703b686b7af634e7353883d7bf..c77514f3587218b4466f8a386b8ee1bb130f4db5 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/ASelfTest.java
@@ -186,8 +186,7 @@ public abstract class ASelfTest
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public abstract void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException;
+    public abstract void runSelfTest(ILogEventListener logger) throws Exception;
 }
diff --git a/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java
index 83caa009958625df210297ca057755ce02dfcc02..ab491c7e71bc1ab83d97dd96246730adc9ef8c99 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/ca/CAPresence.java
@@ -191,72 +191,55 @@ public class CAPresence
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        ICertificateAuthority ca = null;
-        X509CertImpl caCert = null;
-        X509Key caPubKey = null;
-
-        ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
+    public void runSelfTest(ILogEventListener logger) throws Exception {
 
+        ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
         if (ca == null) {
             // log that the CA is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the CA certificate
-            caCert = ca.getCACert();
-
-            if (caCert == null) {
-                // log that the CA is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_CA_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the CA certificate public key
-            try {
-                caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY);
-
-                if (caPubKey == null) {
-                    // log that something is seriously wrong with the CA
-                    logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_CORRUPT",
-                                                    getSelfTestName());
-
-                    mSelfTestSubsystem.log(logger,
-                                            logMessage);
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_CA_IS_NOT_PRESENT",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-                    throw new ESelfTestException(logMessage);
-                }
-            } catch (CertificateParsingException e) {
-                // log that something is seriously wrong with the CA
-                mSelfTestSubsystem.log(logger,
-                                        e.toString());
+        // Retrieve the CA certificate
+        X509CertImpl caCert = ca.getCACert();
+        if (caCert == null) {
+            // log that the CA is not yet initialized
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_CA_IS_NOT_INITIALIZED",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-                throw new ESelfTestException(e.toString());
-            }
+        // Retrieve the CA certificate public key
+        X509Key caPubKey;
+        try {
+            caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY);
 
-            // log that the CA is present
-            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_PRESENT",
-                                            getSelfTestName());
+        } catch (CertificateParsingException e) {
+            // log that something is seriously wrong with the CA
+            mSelfTestSubsystem.log(logger, e.toString());
+            throw e;
+        }
 
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
+        if (caPubKey == null) {
+            // log that something is seriously wrong with the CA
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_CA_IS_CORRUPT",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
         }
 
-        return;
+        // log that the CA is present
+        String logMessage = CMS.getLogMessage(
+                "SELFTESTS_CA_IS_PRESENT",
+                getSelfTestName());
+        mSelfTestSubsystem.log(logger, logMessage);
     }
 }
diff --git a/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java b/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java
index b1751ecb442b62ef370e2f8bc5825edcf9f7dd0c..4d90be1999b36e7f0feb02d7733f42a7f9708b41 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/ca/CAValidity.java
@@ -191,72 +191,56 @@ public class CAValidity
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        ICertificateAuthority ca = null;
-        X509CertImpl caCert = null;
-
-        ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
+    public void runSelfTest(ILogEventListener logger) throws Exception {
 
+        ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
         if (ca == null) {
             // log that the CA is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the CA certificate
-            caCert = ca.getCACert();
-
-            if (caCert == null) {
-                // log that the CA is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_CA_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the CA validity period
-            try {
-                caCert.checkValidity();
-            } catch (CertificateNotYetValidException e) {
-                // log that the CA is not yet valid
-                logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_YET_VALID",
-                                                getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            } catch (CertificateExpiredException e) {
-                // log that the CA is expired
-                logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_EXPIRED",
-                                                getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_CA_IS_NOT_PRESENT",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-            // log that the CA is valid
-            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_VALID",
-                                            getSelfTestName());
+        // Retrieve the CA certificate
+        X509CertImpl caCert = ca.getCACert();
+        if (caCert == null) {
+            // log that the CA is not yet initialized
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_CA_IS_NOT_INITIALIZED",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
+        // Retrieve the CA validity period
+        try {
+            caCert.checkValidity();
+
+        } catch (CertificateNotYetValidException e) {
+            // log that the CA is not yet valid
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_CA_IS_NOT_YET_VALID",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw e;
+
+        } catch (CertificateExpiredException e) {
+            // log that the CA is expired
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_CA_IS_EXPIRED",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw e;
         }
 
-        return;
+        // log that the CA is valid
+        String logMessage = CMS.getLogMessage(
+                "SELFTESTS_CA_IS_VALID",
+                getSelfTestName());
+        mSelfTestSubsystem.log(logger, logMessage);
     }
 }
diff --git a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
index f5b0939f1c7de12d71b56d540a99c3383f169f3a..5c1e97bfaa558ba9394eca0b88543482c6bece9a 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
@@ -185,29 +185,22 @@ public class SystemCertsVerification
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        boolean rc = false;
+    public void runSelfTest(ILogEventListener logger) throws Exception {
 
-        rc = CMS.verifySystemCerts();
-        if (rc == true) {
-            logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
-                                                getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                        logMessage);
-        } else {
-            logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-            throw new ESelfTestException(logMessage);
+        boolean status = CMS.verifySystemCerts();
+        if (!status) {
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
         }
 
-        return;
+        String logMessage = CMS.getLogMessage(
+                "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
+                getSelfTestName());
+        mSelfTestSubsystem.log(logger, logMessage);
     }
 }
diff --git a/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java
index 832d2b747ca90b70937a15d11899dff6b365cbc3..ff0c3fbc2518a355cd6eed98077e1ed7ad262f16 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/kra/KRAPresence.java
@@ -188,64 +188,46 @@ public class KRAPresence
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        IKeyRecoveryAuthority kra = null;
-        org.mozilla.jss.crypto.X509Certificate kraCert = null;
-        PublicKey kraPubKey = null;
-
-        kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId);
+    public void runSelfTest(ILogEventListener logger) throws Exception {
 
+        IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId);
         if (kra == null) {
             // log that the KRA is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the KRA certificate
-            kraCert = kra.getTransportCert();
-
-            if (kraCert == null) {
-                // log that the RA is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_KRA_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the KRA certificate public key
-            kraPubKey = kraCert.getPublicKey();
-
-            if (kraPubKey == null) {
-                // log that something is seriously wrong with the KRA
-                logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_CORRUPT",
-                                                getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_KRA_IS_NOT_PRESENT",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-            // log that the KRA is present
-            logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_PRESENT",
-                                            getSelfTestName());
+        // Retrieve the KRA certificate
+        org.mozilla.jss.crypto.X509Certificate kraCert = kra.getTransportCert();
+        if (kraCert == null) {
+            // log that the RA is not yet initialized
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_KRA_IS_NOT_INITIALIZED",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
+        // Retrieve the KRA certificate public key
+        PublicKey kraPubKey = kraCert.getPublicKey();
+        if (kraPubKey == null) {
+            // log that something is seriously wrong with the KRA
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_KRA_IS_CORRUPT",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
         }
 
-        return;
+        // log that the KRA is present
+        String logMessage = CMS.getLogMessage(
+                "SELFTESTS_KRA_IS_PRESENT",
+                getSelfTestName());
+        mSelfTestSubsystem.log(logger, logMessage);
     }
 }
diff --git a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
index a3d9e3ad300213c73f44050c195e5f4be656e5e5..db9d237fc5810dad8d73c61a1bceff9d7e47256a 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
@@ -192,89 +192,66 @@ public class OCSPPresence
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        IOCSPAuthority ocsp = null;
-        ISigningUnit ocspSigningUnit = null;
-        X509CertImpl ocspCert = null;
-        X509Key ocspPubKey = null;
-
-        ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
+    public void runSelfTest(ILogEventListener logger) throws Exception {
 
+        IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
         if (ocsp == null) {
             // log that the OCSP is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the OCSP signing unit
-            ocspSigningUnit = ocsp.getSigningUnit();
-
-            if (ocspSigningUnit == null) {
-                // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the OCSP certificate
-            ocspCert = ocspSigningUnit.getCertImpl();
-
-            if (ocspCert == null) {
-                // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the OCSP certificate public key
-            try {
-                ocspPubKey = (X509Key)
-                             ocspCert.get(X509CertImpl.PUBLIC_KEY);
-
-                if (ocspPubKey == null) {
-                    // log that something is seriously wrong with the OCSP
-                    logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_CORRUPT",
-                                                    getSelfTestName());
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_OCSP_IS_NOT_PRESENT",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-                    mSelfTestSubsystem.log(logger,
-                                            logMessage);
+        // Retrieve the OCSP signing unit
+        ISigningUnit ocspSigningUnit = ocsp.getSigningUnit();
+        if (ocspSigningUnit == null) {
+            // log that the OCSP is not yet initialized
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-                    throw new ESelfTestException(logMessage);
-                }
-            } catch (CertificateParsingException e) {
-                // log that something is seriously wrong with the OCSP
-                mSelfTestSubsystem.log(logger,
-                                        e.toString());
+        // Retrieve the OCSP certificate
+        X509CertImpl ocspCert = ocspSigningUnit.getCertImpl();
+        if (ocspCert == null) {
+            // log that the OCSP is not yet initialized
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-                throw new ESelfTestException(e.toString());
-            }
+        // Retrieve the OCSP certificate public key
+        X509Key ocspPubKey;
+        try {
+            ocspPubKey = (X509Key)ocspCert.get(X509CertImpl.PUBLIC_KEY);
 
-            // log that the OCSP is present
-            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_PRESENT",
-                                            getSelfTestName());
+        } catch (CertificateParsingException e) {
+            // log that something is seriously wrong with the OCSP
+            mSelfTestSubsystem.log(logger, e.toString());
+            throw e;
+        }
 
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
+        if (ocspPubKey == null) {
+            // log that something is seriously wrong with the OCSP
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_OCSP_IS_CORRUPT",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
         }
 
-        return;
+        // log that the OCSP is present
+        String logMessage = CMS.getLogMessage(
+                "SELFTESTS_OCSP_IS_PRESENT",
+                getSelfTestName());
+        mSelfTestSubsystem.log(logger, logMessage);
     }
 }
diff --git a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
index 383779d22646f99167f426b09f4242e56dcd3821..6aadf842dc5f09303fe7ea8ffea723769defad40 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
@@ -192,89 +192,68 @@ public class OCSPValidity
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
+    public void runSelfTest(ILogEventListener logger) throws Exception {
         String logMessage = null;
-        IOCSPAuthority ocsp = null;
-        ISigningUnit ocspSigningUnit = null;
-        X509CertImpl ocspCert = null;
-
-        ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
 
+        IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
         if (ocsp == null) {
             // log that the OCSP is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the OCSP signing unit
-            ocspSigningUnit = ocsp.getSigningUnit();
-
-            if (ocspSigningUnit == null) {
-                // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the OCSP certificate
-            ocspCert = ocspSigningUnit.getCertImpl();
-
-            if (ocspCert == null) {
-                // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the OCSP validity period
-            try {
-                ocspCert.checkValidity();
-            } catch (CertificateNotYetValidException e) {
-                // log that the OCSP is not yet valid
-                logMessage = CMS.getLogMessage(
-                                 "SELFTESTS_OCSP_IS_NOT_YET_VALID",
-                                 getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            } catch (CertificateExpiredException e) {
-                // log that the OCSP is expired
-                logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_EXPIRED",
-                                                getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
+            logMessage = CMS.getLogMessage(
+                    "SELFTESTS_OCSP_IS_NOT_PRESENT",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-                throw new ESelfTestException(logMessage);
-            }
+        // Retrieve the OCSP signing unit
+        ISigningUnit ocspSigningUnit = ocsp.getSigningUnit();
+        if (ocspSigningUnit == null) {
+            // log that the OCSP is not yet initialized
+            logMessage = CMS.getLogMessage(
+                    "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-            // log that the OCSP is valid
-            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_VALID",
-                                            getSelfTestName());
+        // Retrieve the OCSP certificate
+        X509CertImpl ocspCert = ocspSigningUnit.getCertImpl();
+        if (ocspCert == null) {
+            // log that the OCSP is not yet initialized
+            logMessage = CMS.getLogMessage(
+                    "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new Exception(logMessage);
+        }
 
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
+        // Retrieve the OCSP validity period
+        try {
+            ocspCert.checkValidity();
+
+        } catch (CertificateNotYetValidException e) {
+            // log that the OCSP is not yet valid
+            logMessage = CMS.getLogMessage(
+                    "SELFTESTS_OCSP_IS_NOT_YET_VALID",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw e;
+
+        } catch (CertificateExpiredException e) {
+            // log that the OCSP is expired
+            logMessage = CMS.getLogMessage(
+                    "SELFTESTS_OCSP_IS_EXPIRED",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw e;
         }
 
-        return;
+        // log that the OCSP is valid
+        logMessage = CMS.getLogMessage(
+                "SELFTESTS_OCSP_IS_VALID",
+                getSelfTestName());
+        mSelfTestSubsystem.log(logger, logMessage);
     }
 }
diff --git a/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java b/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java
deleted file mode 100644
index 6facd807cc33e6a39ad3c60cd2334949452001f2..0000000000000000000000000000000000000000
--- a/base/server/cms/src/com/netscape/cms/selftests/ra/RAPresence.java
+++ /dev/null
@@ -1,261 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2007 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-// package statement //
-///////////////////////
-
-package com.netscape.cms.selftests.ra;
-
-///////////////////////
-// import statements //
-///////////////////////
-
-import java.security.PublicKey;
-import java.util.Locale;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.logging.ILogEventListener;
-import com.netscape.certsrv.ra.IRegistrationAuthority;
-import com.netscape.certsrv.selftests.EDuplicateSelfTestException;
-import com.netscape.certsrv.selftests.EInvalidSelfTestException;
-import com.netscape.certsrv.selftests.EMissingSelfTestException;
-import com.netscape.certsrv.selftests.ESelfTestException;
-import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-import com.netscape.cms.selftests.ASelfTest;
-
-//////////////////////
-// class definition //
-//////////////////////
-
-/**
- * This class implements a self test to check for RA presence.
- * <P>
- *
- * <PRE>
- * NOTE:  This self-test is for Registration Authorities prior to
- *        Netscape Certificate Management System 7.0.  It does NOT
- *        apply to the Registration Authority found in
- *        Red Hat Certificate System 7.3 or later (including
- *        ALL versions of Dogtag Certificate System).
- * </PRE>
- * <P>
- *
- * @deprecated
- * @author mharmsen
- * @author thomask
- * @version $Revision$, $Date$
- */
-public class RAPresence
-        extends ASelfTest {
-    ////////////////////////
-    // default parameters //
-    ////////////////////////
-
-    ///////////////////////////
-    // RAPresence parameters //
-    ///////////////////////////
-
-    // parameter information
-    public static final String PROP_RA_SUB_ID = "RaSubId";
-    private String mRaSubId = null;
-
-    /////////////////////
-    // default methods //
-    /////////////////////
-
-    ////////////////////////
-    // RAPresence methods //
-    ////////////////////////
-
-    /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
-     * <P>
-     *
-     * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance
-     * @param parameters configuration store (self test parameters)
-     * @exception EDuplicateSelfTestException subsystem has duplicate name/value
-     * @exception EInvalidSelfTestException subsystem has invalid name/value
-     * @exception EMissingSelfTestException subsystem has missing name/value
-     */
-    public void initSelfTest(ISelfTestSubsystem subsystem,
-                              String instanceName,
-                              IConfigStore parameters)
-            throws EDuplicateSelfTestException,
-            EInvalidSelfTestException,
-            EMissingSelfTestException {
-        super.initSelfTest(subsystem, instanceName, parameters);
-
-        // retrieve mandatory parameter(s)
-        try {
-            mRaSubId = mConfig.getString(PROP_RA_SUB_ID);
-            if (mRaSubId != null) {
-                mRaSubId = mRaSubId.trim();
-            } else {
-                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                        CMS.getLogMessage(
-                                                "SELFTESTS_MISSING_VALUES",
-                                                getSelfTestName(),
-                                                mPrefix
-                                                        + "."
-                                                        + PROP_RA_SUB_ID));
-
-                throw new EMissingSelfTestException(PROP_RA_SUB_ID);
-            }
-        } catch (EBaseException e) {
-            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                                    CMS.getLogMessage(
-                                            "SELFTESTS_MISSING_NAME",
-                                            getSelfTestName(),
-                                            mPrefix
-                                                    + "."
-                                                    + PROP_RA_SUB_ID));
-
-            throw new EMissingSelfTestException(mPrefix,
-                                                 PROP_RA_SUB_ID,
-                                                 null);
-        }
-
-        // retrieve optional parameter(s)
-
-        return;
-    }
-
-    /**
-     * Notifies this subsystem if it is in execution mode.
-     * <P>
-     *
-     * @exception ESelfTestException failed to start
-     */
-    public void startupSelfTest()
-            throws ESelfTestException {
-        return;
-    }
-
-    /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
-     * <P>
-     */
-    public void shutdownSelfTest() {
-        return;
-    }
-
-    /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
-     * <P>
-     *
-     * @return instanceName of this self test
-     */
-    public String getSelfTestName() {
-        return super.getSelfTestName();
-    }
-
-    /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
-     * <P>
-     *
-     * @return configuration store (self test parameters) of this subsystem
-     */
-    public IConfigStore getSelfTestConfigStore() {
-        return super.getSelfTestConfigStore();
-    }
-
-    /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
-     * <P>
-     *
-     * @param locale locale of the client that requests the description
-     * @return description of self test
-     */
-    public String getSelfTestDescription(Locale locale) {
-        return CMS.getUserMessage(locale,
-                                   "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION");
-    }
-
-    /**
-     * Execute an individual self test.
-     * <P>
-     *
-     * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
-     */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
-        IRegistrationAuthority ra = null;
-        org.mozilla.jss.crypto.X509Certificate raCert = null;
-        PublicKey raPubKey = null;
-
-        ra = (IRegistrationAuthority) CMS.getSubsystem(mRaSubId);
-
-        if (ra == null) {
-            // log that the RA is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_NOT_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-
-            throw new ESelfTestException(logMessage);
-        } else {
-            // Retrieve the RA certificate
-            raCert = ra.getRACert();
-
-            if (raCert == null) {
-                // log that the RA is not yet initialized
-                logMessage = CMS.getLogMessage(
-                             "SELFTESTS_RA_IS_NOT_INITIALIZED",
-                             getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // Retrieve the RA certificate public key
-            raPubKey = raCert.getPublicKey();
-
-            if (raPubKey == null) {
-                // log that something is seriously wrong with the RA
-                logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_CORRUPT",
-                                                getSelfTestName());
-
-                mSelfTestSubsystem.log(logger,
-                                        logMessage);
-
-                throw new ESelfTestException(logMessage);
-            }
-
-            // log that the RA is present
-            logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_PRESENT",
-                                            getSelfTestName());
-
-            mSelfTestSubsystem.log(logger,
-                                    logMessage);
-        }
-
-        return;
-    }
-}
diff --git a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
index d5e7c11ade7a3a3296960f86551971bd21976c57..1686ba564be428a35ad4c5d0aa42def09e97c5e8 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
@@ -104,7 +104,7 @@ public class TKSKnownSessionKey
         mMacKey = getConfigByteArray("macKey", 16);
         mUseSoftToken = getConfigString("useSoftToken");
 
-        // AC: KDF SPEC CHANGE 
+        // AC: KDF SPEC CHANGE
         // read CUID for the KDD field
         mKDD = getConfigByteArray("CUID", 10);
         //
@@ -143,7 +143,7 @@ public class TKSKnownSessionKey
                     getSelfTestName(), mPrefix + ".nistSP800-108KdfUseCuidAsKdd"));
                 throw new EMissingSelfTestException("nistSP800-108KdfUseCuidAsKdd");
         }
-        
+
         String defKeySetMacKey = null;
         tks = CMS.getSubsystem(mTksSubId);
         if (tks != null) {
@@ -175,7 +175,7 @@ public class TKSKnownSessionKey
             if (mSessionKey == null) {
                 mSessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName,
                                                             mCardChallenge, mHostChallenge,
-                                                            mKeyInfo, 
+                                                            mKeyInfo,
                                                             mNistSP800_108KdfOnKeyVersion,   // AC: KDF SPEC CHANGE - pass in configuration self-test value
                                                             mNistSP800_108KdfUseCuidAsKdd,   // AC: KDF SPEC CHANGE - pass in configuration self-test value
                                                             mCUID,
@@ -320,13 +320,12 @@ public class TKSKnownSessionKey
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        IConfigStore cs = CMS.getConfigStore();
-        String sharedSecretName;
+    public void runSelfTest(ILogEventListener logger) throws Exception {
+
         try {
+            IConfigStore cs = CMS.getConfigStore();
             boolean useNewNames = cs.getBoolean("tks.useNewSharedSecretNames", false);
             if (useNewNames) {
                 String tpsList = cs.getString("tps.list", "");
@@ -336,29 +335,39 @@ public class TKSKnownSessionKey
                 }
 
                 for (String tpsID : tpsList.split(",")) {
-                    sharedSecretName = cs.getString("tps." + tpsID + ".nickname", "");
+                    String sharedSecretName = cs.getString("tps." + tpsID + ".nickname", "");
                     if (!sharedSecretName.isEmpty()) {
                         CMS.debug("TKSKnownSessionKey: testing with key " + sharedSecretName);
-                        generateSessionKey(logger, sharedSecretName);
+                        generateSessionKey(sharedSecretName);
                     }
                 }
+
             } else {
                 // legacy systems
-                sharedSecretName = cs.getString("tks.tksSharedSymKeyName", "sharedSecret");
-                generateSessionKey(logger, sharedSecretName);
+                String sharedSecretName = cs.getString("tks.tksSharedSymKeyName", "sharedSecret");
+                generateSessionKey(sharedSecretName);
             }
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            CMS.debug("TKSKnownSessionKey: failed to read config file to set up test");
-            String logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName());
+
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_TKS_SUCCEEDED",
+                    getSelfTestName(),
+                    getSelfTestName());
             mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
+            CMS.debug("TKSKnownSessionKey self test SUCCEEDED");
+
+        } catch (Exception e) {
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_TKS_FAILED",
+                    getSelfTestName(),
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw e;
         }
+
         return;
     }
 
-    private void generateSessionKey(ILogEventListener logger, String sharedSecretName) throws ESelfTestException {
-        String logMessage;
+    private void generateSessionKey(String sharedSecretName) throws Exception {
         String keySet = "defKeySet";
 
         byte[] sessionKey = SessionKey.ComputeSessionKey(
@@ -374,14 +383,7 @@ public class TKSKnownSessionKey
         // For FIPS compliance, the routine now returns a wrapped key, which can't be extracted and compared.
         if (sessionKey == null) {
             CMS.debug("TKSKnownSessionKey: generated no session key");
-            CMS.debug("TKSKnownSessionKey self test FAILED");
-            logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName());
-            mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
-        } else {
-            logMessage = CMS.getLogMessage("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName());
-            mSelfTestSubsystem.log(logger, logMessage);
-            CMS.debug("TKSKnownSessionKey self test SUCCEEDED");
+            throw new Exception("No session key generated");
         }
     }
 }
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index b8cf27cc5697f5f4b356d49ba679f8f1105b44d5..b6325b71d0bceac9589775cbaf1643400775abf8 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -3248,7 +3248,11 @@ public final class CMSAdminServlet extends AdminServlet {
 
                         // store this information for console notification
                         content += "COMPLETED SUCCESSFULLY\n";
-                    } catch (ESelfTestException e) {
+
+                    } catch (Exception e) {
+
+                        CMS.debug(e);
+
                         // Check to see if the self test was critical:
                         if (mSelfTestSubsystem.isSelfTestCriticalOnDemand(
                                 instanceName)) {
diff --git a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
index ad1a1b0b886a580edbe4afddcda997dba6126c66..d060f8180ff8e91cff69b3576bfedecea96fbae6 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
@@ -530,7 +530,11 @@ public class SelfTestSubsystem
                     }
 
                     test.runSelfTest(mLogger);
-                } catch (ESelfTestException e) {
+
+                } catch (Exception e) {
+
+                    CMS.debug(e);
+
                     // Check to see if the self test was critical:
                     if (isSelfTestCriticalOnDemand(instanceName)) {
                         log(mLogger,
@@ -810,146 +814,76 @@ public class SelfTestSubsystem
      * </ul>
      *
      * @exception EMissingSelfTestException subsystem has missing name
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTestsAtStartup()
-            throws EMissingSelfTestException, ESelfTestException {
-        String auditMessage = null;
-
-        // ensure that any low-level exceptions are reported
-        // to the signed audit log and stored as failures
-        try {
-            if (CMS.debugOn()) {
-                CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():"
-                        + "  ENTERING . . .");
-            }
+    public void runSelfTestsAtStartup() throws Exception {
 
-            // loop through all self test plugin instances
-            // specified to be executed at server startup
-            Enumeration<SelfTestOrderedInstance> instances = mStartupOrder.elements();
+        // log that execution of startup self tests has begun
+        log(mLogger,
+                CMS.getLogMessage(
+                        "CMSCORE_SELFTESTS_RUN_AT_STARTUP"));
 
-            while (instances.hasMoreElements()) {
-                SelfTestOrderedInstance instance = instances.nextElement();
+        // loop through all self test plugin instances
+        // specified to be executed at server startup
+        Enumeration<SelfTestOrderedInstance> instances = mStartupOrder.elements();
 
-                String instanceFullName = null;
-                String instanceName = instance.getSelfTestName();
+        while (instances.hasMoreElements()) {
+            SelfTestOrderedInstance instance = instances.nextElement();
 
-                if (instanceName != null) {
-                    instanceName = instanceName.trim();
-                    instanceFullName = getFullName(mPrefix,
-                                instanceName);
-                } else {
-                    log(mLogger,
-                            CMS.getLogMessage(
-                                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+            String instanceFullName = null;
+            String instanceName = instance.getSelfTestName();
 
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                                ILogger.SYSTEM_UID,
-                                ILogger.FAILURE);
+            if (instanceName == null) {
+                log(mLogger,
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
-                    audit(auditMessage);
+                throw new EMissingSelfTestException();
+            }
 
-                    throw new EMissingSelfTestException();
-                }
+            instanceName = instanceName.trim();
+            instanceFullName = getFullName(mPrefix, instanceName);
 
-                if (mSelfTestInstances.containsKey(instanceName)) {
-                    ISelfTest test = mSelfTestInstances.get(instanceName);
-
-                    try {
-                        if (CMS.debugOn()) {
-                            CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():"
-                                    + "    running \""
-                                    + test.getSelfTestName()
-                                    + "\"");
-                        }
-
-                        test.runSelfTest(mLogger);
-                    } catch (ESelfTestException e) {
-                        // Check to see if the self test was critical:
-                        if (isSelfTestCriticalAtStartup(instanceName)) {
-                            log(mLogger,
-                                    CMS.getLogMessage(
-                                            "CMSCORE_SELFTESTS_RUN_AT_STARTUP_FAILED",
-                                            instanceFullName));
-
-                            // store a message in the signed audit log file
-                            auditMessage = CMS.getLogMessage(
-                                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                                        ILogger.SYSTEM_UID,
-                                        ILogger.FAILURE);
-
-                            audit(auditMessage);
-
-                            // shutdown the system gracefully
-                            CMS.shutdown();
-
-                            IConfigStore cs = CMS.getConfigStore();
-                            String instanceID = cs.get("instanceId");
-                            String subsystemID = cs.get("cs.type").toLowerCase();
-
-                            System.out.println("SelfTestSubsystem: Disabling \"" + subsystemID + "\" subsystem due to selftest failure.");
-
-                            try {
-                                ProcessBuilder pb = new ProcessBuilder("pki-server", "subsystem-disable", "-i", instanceID, subsystemID);
-                                Process process = pb.inheritIO().start();
-                                int rc = process.waitFor();
-
-                                if (rc != 0) {
-                                    System.out.println("SelfTestSubsystem: Unable to disable \"" + subsystemID + "\". RC: " + rc);
-                                }
-
-                            } catch (Exception e2) {
-                                e.printStackTrace();
-                            }
-
-                            return;
-                        }
-                    }
-                } else {
-                    // self test plugin instance property name is not present
-                    log(mLogger,
-                            CMS.getLogMessage(
-                                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                                    instanceFullName));
-
-                    // store a message in the signed audit log file
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                                ILogger.SYSTEM_UID,
-                                ILogger.FAILURE);
-
-                    audit(auditMessage);
-
-                    throw new EMissingSelfTestException(instanceFullName);
-                }
+            if (!mSelfTestInstances.containsKey(instanceName)) {
+                // self test plugin instance property name is not present
+                log(mLogger,
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                                instanceFullName));
+
+                throw new EMissingSelfTestException(instanceFullName);
             }
 
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                        ILogger.SYSTEM_UID,
-                        ILogger.SUCCESS);
+            ISelfTest test = mSelfTestInstances.get(instanceName);
 
-            audit(auditMessage);
+            try {
+                CMS.debug("SelfTestSubsystem: running " + test.getSelfTestName());
+                test.runSelfTest(mLogger);
 
-            if (CMS.debugOn()) {
-                CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():"
-                        + "  EXITING.");
-            }
-        } catch (EMissingSelfTestException eAudit1) {
-            // store a message in the signed audit log file
-            auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
-                        ILogger.SYSTEM_UID,
-                        ILogger.FAILURE);
+            } catch (Exception e) {
+
+                CMS.debug(e);
 
-            audit(auditMessage);
+                // Check to see if the self test was critical:
+                if (!isSelfTestCriticalAtStartup(instanceName)) {
+                    continue;
+                }
 
-            // rethrow the specific exception to be handled later
-            throw eAudit1;
+                log(mLogger,
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_RUN_AT_STARTUP_FAILED",
+                                instanceFullName));
+
+                throw e;
+            }
         }
+
+        // log that execution of all "critical" startup self tests
+        // has completed "successfully"
+        log(mLogger,
+                CMS.getLogMessage(
+                        "CMSCORE_SELFTESTS_RUN_AT_STARTUP_SUCCEEDED"));
+
     }
 
     public void log(int level, String msg) {
@@ -1831,39 +1765,88 @@ public class SelfTestSubsystem
      *
      * @exception EBaseException base CMS exception
      */
-    public void startup()
-            throws EBaseException {
+    public void startup() throws EBaseException {
+
         // loop through all self test plugin instances
         Enumeration<ISelfTest> instances = mSelfTestInstances.elements();
 
         while (instances.hasMoreElements()) {
             ISelfTest instance = instances.nextElement();
-
             instance.startupSelfTest();
         }
 
-        if (!CMS.isPreOpMode()) {
-            // run all self test plugin instances (designated at startup)
-            Enumeration<SelfTestOrderedInstance> selftests = mStartupOrder.elements();
-
-            if (selftests.hasMoreElements()) {
-                // log that execution of startup self tests has begun
-                log(mLogger,
-                        CMS.getLogMessage(
-                                "CMSCORE_SELFTESTS_RUN_AT_STARTUP"));
-
-                // execute all startup self tests
-                runSelfTestsAtStartup();
-
-                // log that execution of all "critical" startup self tests
-                // has completed "successfully"
-                log(mLogger,
-                        CMS.getLogMessage(
-                                "CMSCORE_SELFTESTS_RUN_AT_STARTUP_SUCCEEDED"));
-            } else {
-                log(mLogger,
-                        CMS.getLogMessage(
-                                "CMSCORE_SELFTESTS_NOT_RUN_AT_STARTUP"));
+        if (CMS.isPreOpMode()) {
+            // do not run selftests in pre-op mode
+            return;
+        }
+
+        // run all self test plugin instances (designated at startup)
+        Enumeration<SelfTestOrderedInstance> selftests = mStartupOrder.elements();
+
+        if (!selftests.hasMoreElements()) {
+            log(mLogger,
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_NOT_RUN_AT_STARTUP"));
+            return;
+        }
+
+        // ensure that any low-level exceptions are reported
+        // to the signed audit log and stored as failures
+        try {
+            // execute all startup self tests
+            runSelfTestsAtStartup();
+
+            // store a message in the signed audit log file
+            String auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+                        ILogger.SYSTEM_UID,
+                        ILogger.SUCCESS);
+
+            audit(auditMessage);
+
+        } catch (EMissingSelfTestException e) {
+
+            // store a message in the signed audit log file
+            String auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+                        ILogger.SYSTEM_UID,
+                        ILogger.FAILURE);
+
+            audit(auditMessage);
+
+            // rethrow the specific exception to be handled later
+            throw e;
+
+        } catch (Exception e) {
+
+            // store a message in the signed audit log file
+            String auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+                        ILogger.SYSTEM_UID,
+                        ILogger.FAILURE);
+
+            audit(auditMessage);
+
+            // shutdown the system gracefully
+            CMS.shutdown();
+
+            IConfigStore cs = CMS.getConfigStore();
+            String instanceID = cs.get("instanceId");
+            String subsystemID = cs.get("cs.type").toLowerCase();
+
+            System.out.println("SelfTestSubsystem: Disabling \"" + subsystemID + "\" subsystem due to selftest failure.");
+
+            try {
+                ProcessBuilder pb = new ProcessBuilder("pki-server", "subsystem-disable", "-i", instanceID, subsystemID);
+                Process process = pb.inheritIO().start();
+                int rc = process.waitFor();
+
+                if (rc != 0) {
+                    System.out.println("SelfTestSubsystem: Unable to disable \"" + subsystemID + "\". RC: " + rc);
+                }
+
+            } catch (Exception e2) {
+                e.printStackTrace();
             }
         }
     }
diff --git a/base/tps/src/org/dogtagpki/server/tps/selftests/TPSPresence.java b/base/tps/src/org/dogtagpki/server/tps/selftests/TPSPresence.java
index 65ac197e7317f35b0c6e03e2166cb5cca7553684..665f068555af96d1dfec9bf239a38747b312d0c0 100644
--- a/base/tps/src/org/dogtagpki/server/tps/selftests/TPSPresence.java
+++ b/base/tps/src/org/dogtagpki/server/tps/selftests/TPSPresence.java
@@ -140,48 +140,60 @@ public class TPSPresence extends ASelfTest {
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
+    public void runSelfTest(ILogEventListener logger) throws Exception {
+
         TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(tpsSubId);
         if (tps == null) {
             // log that the TPS is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_NOT_PRESENT", getSelfTestName());
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_TPS_IS_NOT_PRESENT",
+                    getSelfTestName());
             mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
+            throw new Exception(logMessage);
         }
 
         // Retrieve the TPS certificate
-        org.mozilla.jss.crypto.X509Certificate tpsCert = null;
+        org.mozilla.jss.crypto.X509Certificate tpsCert;
         try {
             tpsCert = tps.getSubsystemCert();
+
         } catch (Exception e) {
-            e.printStackTrace();
             // cert does not exist or is not yet configured
             // tpsCert will remain null
+            // log that the TPS is not yet initialized
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_TPS_IS_NOT_INITIALIZED",
+                    getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw e;
         }
 
         if (tpsCert == null) {
             // log that the TPS is not yet initialized
-            logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_NOT_INITIALIZED",
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_TPS_IS_NOT_INITIALIZED",
                     getSelfTestName());
             mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
+            throw new Exception(logMessage);
         }
 
         // Retrieve the TPS certificate public key
         PublicKey tpsPubKey = tpsCert.getPublicKey();
         if (tpsPubKey == null) {
             // log that something is seriously wrong with the TPS
-            logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_CORRUPT", getSelfTestName());
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_TPS_IS_CORRUPT",
+                    getSelfTestName());
             mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
+            throw new Exception(logMessage);
         }
 
         // log that the TPS is present
-        logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_PRESENT", getSelfTestName());
+        String logMessage = CMS.getLogMessage(
+                "SELFTESTS_TPS_IS_PRESENT",
+                getSelfTestName());
         mSelfTestSubsystem.log(logger, logMessage);
     }
 }
diff --git a/base/tps/src/org/dogtagpki/server/tps/selftests/TPSValidity.java b/base/tps/src/org/dogtagpki/server/tps/selftests/TPSValidity.java
index f140d6e7c66613b288abcfa17513f5f60bce31ec..28ac38da22902abdcadd5eed8cdf93cc75edb3c4 100644
--- a/base/tps/src/org/dogtagpki/server/tps/selftests/TPSValidity.java
+++ b/base/tps/src/org/dogtagpki/server/tps/selftests/TPSValidity.java
@@ -144,54 +144,59 @@ public class TPSValidity extends ASelfTest {
      * <P>
      *
      * @param logger specifies logging subsystem
-     * @exception ESelfTestException self test exception
+     * @exception Exception self test exception
      */
-    public void runSelfTest(ILogEventListener logger)
-            throws ESelfTestException {
-        String logMessage = null;
+    public void runSelfTest(ILogEventListener logger) throws Exception {
+
         TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(tpsSubId);
-
         if (tps == null) {
             // log that the TPS is not installed
-            logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_NOT_PRESENT", getSelfTestName());
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_TPS_IS_NOT_PRESENT",
+                    getSelfTestName());
             mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
+            throw new Exception(logMessage);
         }
 
         // Retrieve the TPS subsystem certificate
-        X509CertImpl tpsCert = null;
+        X509CertImpl tpsCert;
         try {
             tpsCert = new X509CertImpl(tps.getSubsystemCert().getEncoded());
         } catch (Exception e) {
             // certificate is not present or has not been configured
-            // tpsCert will remain null
-        }
-
-        if (tpsCert == null) {
             // log that the TPS is not yet initialized
-            logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_NOT_INITIALIZED",
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_TPS_IS_NOT_INITIALIZED",
                     getSelfTestName());
             mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
+            throw e;
         }
 
         // Check the TPS validity period
         try {
             tpsCert.checkValidity();
+
         } catch (CertificateNotYetValidException e) {
             // log that the TPS is not yet valid
-            logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_NOT_YET_VALID", getSelfTestName());
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_TPS_IS_NOT_YET_VALID",
+                    getSelfTestName());
             mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
+            throw e;
+
         } catch (CertificateExpiredException e) {
             // log that the TPS is expired
-            logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_EXPIRED", getSelfTestName());
+            String logMessage = CMS.getLogMessage(
+                    "SELFTESTS_TPS_IS_EXPIRED",
+                    getSelfTestName());
             mSelfTestSubsystem.log(logger, logMessage);
-            throw new ESelfTestException(logMessage);
+            throw e;
         }
 
         // log that the TPS is valid
-        logMessage = CMS.getLogMessage("SELFTESTS_TPS_IS_VALID", getSelfTestName());
+        String logMessage = CMS.getLogMessage(
+                "SELFTESTS_TPS_IS_VALID",
+                getSelfTestName());
         mSelfTestSubsystem.log(logger, logMessage);
     }
 }
-- 
1.9.3



More information about the Pki-devel mailing list