From f7dc87a2d0d7261e01f8eea3b2f4b13dc84b03ef Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 1 Dec 2015 23:34:41 +0100 Subject: [PATCH] Fixed selftest error handling. The selftest has been modified to throw an exception and provide more specific error message if a test fails in order to help troubleshoot the problem. https://fedorahosted.org/pki/ticket/1328 --- base/common/src/com/netscape/certsrv/apps/CMS.java | 12 +-- .../src/com/netscape/certsrv/apps/ICMSEngine.java | 28 ++--- .../selftests/common/SystemCertsVerification.java | 18 ++-- .../cms/selftests/tks/TKSKnownSessionKey.java | 2 - .../cms/servlet/admin/CMSAdminServlet.java | 25 +++-- .../src/com/netscape/cmscore/apps/CMSEngine.java | 57 +++++----- .../src/com/netscape/cmscore/cert/CertUtils.java | 120 ++++++++++----------- .../cmscore/selftests/SelfTestSubsystem.java | 30 ++++-- .../netscape/cmscore/app/CMSEngineDefaultStub.java | 27 +++-- 9 files changed, 161 insertions(+), 158 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/apps/CMS.java b/base/common/src/com/netscape/certsrv/apps/CMS.java index 84fc3f743a7c6fed0206404019df8cb440b97a74..94f5c1687322cbe4a4b194b22e0f483bc8e012dc 100644 --- a/base/common/src/com/netscape/certsrv/apps/CMS.java +++ b/base/common/src/com/netscape/certsrv/apps/CMS.java @@ -1377,23 +1377,23 @@ public final class CMS { * Verifies all system certs * with tags defined in .cert.list */ - public static boolean verifySystemCerts() { - return _engine.verifySystemCerts(); + public static void verifySystemCerts() throws Exception { + _engine.verifySystemCerts(); } /** * Verify a system cert by tag name * with tags defined in .cert.list */ - public static boolean verifySystemCertByTag(String tag) { - return _engine.verifySystemCertByTag(tag); + public static void verifySystemCertByTag(String tag) throws Exception { + _engine.verifySystemCertByTag(tag); } /** * Verify a system cert by certificate nickname */ - public static boolean verifySystemCertByNickname(String nickname, String certificateUsage) { - return _engine.verifySystemCertByNickname(nickname, certificateUsage); + public static void verifySystemCertByNickname(String nickname, String certificateUsage) throws Exception { + _engine.verifySystemCertByNickname(nickname, certificateUsage); } /** diff --git a/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java b/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java index e9b5b765fca2c949db0db91494f48c12b4fee35a..e024208fdcfdf83d3cf25478355d1a6d867a9ab3 100644 --- a/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java +++ b/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java @@ -29,14 +29,6 @@ import java.util.Hashtable; import java.util.Locale; import java.util.Vector; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPSSLSocketFactoryExt; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.Extension; -import netscape.security.x509.GeneralName; -import netscape.security.x509.X509CertInfo; - import org.mozilla.jss.CryptoManager.CertificateUsage; import org.mozilla.jss.util.PasswordCallback; @@ -80,6 +72,14 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cmsutil.net.ISocketFactory; import com.netscape.cmsutil.password.IPasswordStore; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPSSLSocketFactoryExt; +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.Extension; +import netscape.security.x509.GeneralName; +import netscape.security.x509.X509CertInfo; + /** * This interface represents the CMS core framework. The * framework contains a set of services that provide @@ -798,24 +798,24 @@ public interface ICMSEngine extends ISubsystem { /** * Verifies all system certificates * - * @return true if all passed, false otherwise + * @throws Exception if something is wrong */ - public boolean verifySystemCerts(); + public void verifySystemCerts() throws Exception; /** * Verifies a system certificate by its tag name * as defined in .cert.list * - * @return true if passed, false otherwise + * @throws Exception if something is wrong */ - public boolean verifySystemCertByTag(String tag); + public void verifySystemCertByTag(String tag) throws Exception; /** * Verifies a system certificate by its nickname * - * @return true if passed, false otherwise + * @throws Exception if something is wrong */ - public boolean verifySystemCertByNickname(String nickname, String certificateUsage); + public void verifySystemCertByNickname(String nickname, String certificateUsage) throws Exception; /** * get the CertificateUsage as defined in JSS CryptoManager diff --git a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java index 5c1e97bfaa558ba9394eca0b88543482c6bece9a..e4fc1cbe2554180762dbdd331ab08de2cf9052bb 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java +++ b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java @@ -189,18 +189,20 @@ public class SystemCertsVerification */ public void runSelfTest(ILogEventListener logger) throws Exception { - boolean status = CMS.verifySystemCerts(); - if (!status) { + try { + CMS.verifySystemCerts(); + + String logMessage = CMS.getLogMessage( + "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", + getSelfTestName()); + mSelfTestSubsystem.log(logger, logMessage); + + } catch (Exception e) { String logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", getSelfTestName()); mSelfTestSubsystem.log(logger, logMessage); - throw new Exception(logMessage); + throw e; } - - String logMessage = CMS.getLogMessage( - "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS", - getSelfTestName()); - mSelfTestSubsystem.log(logger, logMessage); } } diff --git a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java index 1686ba564be428a35ad4c5d0aa42def09e97c5e8..f734f67c003420f73194d71877a6537e7b122e68 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java +++ b/base/server/cms/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java @@ -363,8 +363,6 @@ public class TKSKnownSessionKey mSelfTestSubsystem.log(logger, logMessage); throw e; } - - return; } private void generateSessionKey(String sharedSecretName) throws Exception { diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index b6325b71d0bceac9589775cbaf1643400775abf8..18be8a854f148ab682aabe5d731b3dfe6d73aee1 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -38,11 +38,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.PQGParams; @@ -80,6 +75,11 @@ import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.util.Utils; import com.netscape.symkey.SessionKey; +import netscape.security.x509.BasicConstraintsExtension; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + /** * A class representings an administration servlet. This * servlet is responsible to serve Certificate Server @@ -2191,9 +2191,12 @@ public final class CMSAdminServlet extends AdminServlet { modifyRADMCert(nickname); } - boolean verified = CMS.verifySystemCertByNickname(nickname, null); - if (verified == true) { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded: " + nickname); + boolean verified = false; + try { + CMS.debug("CMSAdminServlet: verifying system certificate " + nickname); + CMS.verifySystemCertByNickname(nickname, null); + verified = true; + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, auditSubjectID, @@ -2201,8 +2204,9 @@ public final class CMSAdminServlet extends AdminServlet { nickname); audit(auditMessage); - } else { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed: " + nickname); + + } catch (Exception e) { + CMS.debug(e); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, auditSubjectID, @@ -2211,6 +2215,7 @@ public final class CMSAdminServlet extends AdminServlet { audit(auditMessage); } + // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java index 77f913636bda6a490755d3ea88b9d6c56b341c74..1e1f844cd85d444703ae81ee273c14f7b1170834 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java @@ -24,7 +24,6 @@ import java.io.FileReader; import java.io.IOException; import java.math.BigInteger; import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; import java.security.SignatureException; import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; @@ -44,32 +43,15 @@ import java.util.Vector; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPSSLSocketFactoryExt; -import netscape.security.extensions.CertInfo; -import netscape.security.pkcs.ContentInfo; -import netscape.security.pkcs.PKCS7; -import netscape.security.pkcs.SignerInfo; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateChain; -import netscape.security.x509.Extension; -import netscape.security.x509.GeneralName; -import netscape.security.x509.X509CRLImpl; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import org.apache.commons.lang.StringUtils; import org.apache.xerces.parsers.DOMParser; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.CryptoManager.CertificateUsage; -import org.mozilla.jss.util.PasswordCallback; +import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.crypto.Signature; import org.mozilla.jss.crypto.SignatureAlgorithm; -import org.mozilla.jss.crypto.CryptoToken; - +import org.mozilla.jss.util.PasswordCallback; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -184,8 +166,24 @@ import com.netscape.cmscore.util.Debug; import com.netscape.cmsutil.net.ISocketFactory; import com.netscape.cmsutil.password.IPasswordStore; import com.netscape.cmsutil.password.NuxwdogPasswordStore; -import com.netscape.cmsutil.util.Utils; import com.netscape.cmsutil.util.Cert; +import com.netscape.cmsutil.util.Utils; + +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPSSLSocketFactoryExt; +import netscape.security.extensions.CertInfo; +import netscape.security.pkcs.ContentInfo; +import netscape.security.pkcs.PKCS7; +import netscape.security.pkcs.SignerInfo; +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.CertificateChain; +import netscape.security.x509.Extension; +import netscape.security.x509.GeneralName; +import netscape.security.x509.X509CRLImpl; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; public class CMSEngine implements ICMSEngine { private static final String ID = "MAIN"; @@ -1259,7 +1257,7 @@ public class CMSEngine implements ICMSEngine { return; } CMS.debug(method + "autoShutdown allowed"); - CryptoToken token = + CryptoToken token = ((org.mozilla.jss.pkcs11.PK11PrivKey) mSigningKey).getOwningToken(); SignatureAlgorithm signAlg = Cert.mapAlgorithmToJss("SHA256withRSA"); Signature signer = token.getSignatureContext(signAlg); @@ -1731,17 +1729,16 @@ public class CMSEngine implements ICMSEngine { } } - public boolean verifySystemCerts() { - return CertUtils.verifySystemCerts(); + public void verifySystemCerts() throws Exception { + CertUtils.verifySystemCerts(); } - public boolean verifySystemCertByTag(String tag) { - return CertUtils.verifySystemCertByTag(tag); + public void verifySystemCertByTag(String tag) throws Exception { + CertUtils.verifySystemCertByTag(tag); } - public boolean verifySystemCertByNickname(String nickname, String certificateUsage) { - CMS.debug("CMSEngine: verifySystemCertByNickname(" + nickname + ", " + certificateUsage + ")"); - return CertUtils.verifySystemCertByNickname(nickname, certificateUsage); + public void verifySystemCertByNickname(String nickname, String certificateUsage) throws Exception { + CertUtils.verifySystemCertByNickname(nickname, certificateUsage); } public CertificateUsage getCertificateUsage(String certusage) { @@ -1995,7 +1992,7 @@ public class CMSEngine implements ICMSEngine { crumb.createNewFile(); } catch (IOException e) { CMS.debug(method + " create autoShutdown crumb file failed on " + - mAutoSD_CrumbFile + "; nothing to do...keep shutting down:" + e.toString()); + mAutoSD_CrumbFile + "; nothing to do...keep shutting down:" + e); e.printStackTrace(); } } diff --git a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java index 244c36dc7e0bbac181ce37d6344cc849a70ba873..8c5c2ccc10970426bc161c9fcfb3f0e3732ca2b8 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java +++ b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java @@ -35,6 +35,15 @@ import java.util.Arrays; import java.util.Date; import java.util.StringTokenizer; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.CryptoManager.CertificateUsage; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.cmsutil.util.Utils; + import netscape.security.extensions.NSCertTypeExtension; import netscape.security.pkcs.PKCS10; import netscape.security.pkcs.PKCS7; @@ -54,15 +63,6 @@ import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; import netscape.security.x509.X509Key; -import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.CryptoManager.CertificateUsage; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cmsutil.util.Utils; - /** * Utility class with assorted methods to check for * smime pairs, determining the type of cert - signature @@ -828,43 +828,42 @@ public class CertUtils { /* * verify a certificate by its nickname - * returns true if it verifies; false if any not + * @throws Exception if something is wrong */ - public static boolean verifySystemCertByNickname(String nickname, String certusage) { - CMS.debug("CertUtils: verifySystemCertByNickname(" + nickname + "," + certusage + ")"); - boolean r = true; - CertificateUsage cu = null; - cu = getCertificateUsage(certusage); + public static void verifySystemCertByNickname(String nickname, String certusage) throws Exception { + CMS.debug("CertUtils: verifySystemCertByNickname(" + nickname + ", " + certusage + ")"); + CertificateUsage cu = getCertificateUsage(certusage); int ccu = 0; if (cu == null) { CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + nickname + " with unsupported certusage =" + certusage); - return false; + throw new Exception("Unsupported certificate usage " + certusage + " in certificate " + nickname); } if (certusage == null || certusage.equals("")) CMS.debug("CertUtils: verifySystemCertByNickname(): required certusage not defined, getting current certusage"); + CMS.debug("CertUtils: verifySystemCertByNickname(): calling isCertValid()"); try { CryptoManager cm = CryptoManager.getInstance(); if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) { if (cm.isCertValid(nickname, true, cu)) { - r = true; CMS.debug("CertUtils: verifySystemCertByNickname() passed: " + nickname); } else { CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + nickname); - r = false; + throw new Exception("Invalid certificate " + nickname); } + } else { // find out about current cert usage ccu = cm.isCertValid(nickname, true); if (ccu == CertificateUsage.basicCertificateUsages) { /* cert is good for nothing */ - r = false; CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:" + nickname); + throw new Exception("Unusable certificate " + nickname); + } else { - r = true; CMS.debug("CertUtils: verifySystemCertByNickname() passed: " + nickname); if ((ccu & CryptoManager.CertificateUsage.SSLServer.getUsage()) != 0) @@ -893,31 +892,31 @@ public class CertUtils { CMS.debug("CertUtils: verifySystemCertByNickname(): cert is AnyCA"); } } + } catch (Exception e) { - CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + - e.toString()); - r = false; + CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + e); + throw e; } - return r; } /* * verify a certificate by its tag name - * returns true if it verifies; false if any not + * @throws Exception if something is wrong */ - public static boolean verifySystemCertByTag(String tag) { + public static void verifySystemCertByTag(String tag) throws Exception { CMS.debug("CertUtils: verifySystemCertByTag(" + tag + ")"); String auditMessage = null; IConfigStore config = CMS.getConfigStore(); - boolean r = true; + try { String subsysType = config.getString("cs.type", ""); if (subsysType.equals("")) { CMS.debug("CertUtils: verifySystemCertByTag() cs.type not defined in CS.cfg. System certificates verification not done"); - r = false; + throw new Exception("Missing cs.type in CS.cfg"); } + subsysType = toLowerCaseSubsystemType(subsysType); if (subsysType == null) { CMS.debug("CertUtils: verifySystemCerts() invalid cs.type in CS.cfg. System certificates verification not done"); @@ -928,39 +927,32 @@ public class CertUtils { ""); audit(auditMessage); - r = false; - return r; + throw new Exception("Invalid cs.type in CS.cfg"); } + String nickname = config.getString(subsysType + ".cert." + tag + ".nickname", ""); if (nickname.equals("")) { CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag " + tag + " undefined in CS.cfg"); - r = false; + throw new Exception("Missing nickname for " + tag + " certificate"); } + String certusage = config.getString(subsysType + ".cert." + tag + ".certusage", ""); if (certusage.equals("")) { CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " + tag + " undefined in CS.cfg, getting current certificate usage"); + // throw new Exception("Missing certificate usage for " + tag + " certificate"); ? } - r = verifySystemCertByNickname(nickname, certusage); - if (r == true) { - // audit here - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.SUCCESS, - nickname); - audit(auditMessage); - } else { - // audit here - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.FAILURE, - nickname); + verifySystemCertByNickname(nickname, certusage); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, + ILogger.SUCCESS, + nickname); + + audit(auditMessage); - audit(auditMessage); - } } catch (Exception e) { CMS.debug("CertUtils: verifySystemCertsByTag() failed: " + e.toString()); @@ -971,10 +963,8 @@ public class CertUtils { ""); audit(auditMessage); - r = false; + throw e; } - - return r; } /* @@ -1015,13 +1005,13 @@ public class CertUtils { /* * goes through all system certs and check to see if they are good * and audit the result - * returns true if all verifies; false if any not + * @throws Exception if something is wrong */ - public static boolean verifySystemCerts() { + public static void verifySystemCerts() throws Exception { + String auditMessage = null; IConfigStore config = CMS.getConfigStore(); - boolean verifyResult = true; - boolean r = true; /* the final return value */ + try { String subsysType = config.getString("cs.type", ""); if (subsysType.equals("")) { @@ -1033,8 +1023,9 @@ public class CertUtils { ""); audit(auditMessage); - return false; + throw new Exception("Missing cs.type in CS.cfg"); } + subsysType = toLowerCaseSubsystemType(subsysType); if (subsysType == null) { CMS.debug("CertUtils: verifySystemCerts() invalid cs.type in CS.cfg. System certificates verification not done"); @@ -1045,8 +1036,9 @@ public class CertUtils { ""); audit(auditMessage); - return false; + throw new Exception("Invalid cs.type in CS.cfg"); } + String certlist = config.getString(subsysType + ".cert.list", ""); if (certlist.equals("")) { CMS.debug("CertUtils: verifySystemCerts() " @@ -1058,17 +1050,17 @@ public class CertUtils { ""); audit(auditMessage); - return false; + throw new Exception("Missing " + subsysType + ".cert.list in CS.cfg"); } + StringTokenizer tokenizer = new StringTokenizer(certlist, ","); while (tokenizer.hasMoreTokens()) { String tag = tokenizer.nextToken(); tag = tag.trim(); CMS.debug("CertUtils: verifySystemCerts() cert tag=" + tag); - verifyResult = verifySystemCertByTag(tag); - if (verifyResult == false) - r = false; //r captures the value for final return + verifySystemCertByTag(tag); } + } catch (Exception e) { // audit here auditMessage = CMS.getLogMessage( @@ -1078,10 +1070,8 @@ public class CertUtils { ""); audit(auditMessage); - r = false; - CMS.debug("CertUtils: verifySystemCerts():" + e.toString()); + throw e; } - return r; } public static String toLowerCaseSubsystemType(String s) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java index d060f8180ff8e91cff69b3576bfedecea96fbae6..14fab26e4d3f9ffdfc305acbd94b742be6141604 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java @@ -1328,13 +1328,24 @@ public class SelfTestSubsystem loggerFullName, loggerValue)); - throw new EInvalidSelfTestException(loggerFullName, - loggerValue); + throw new EInvalidSelfTestException( + "The self test plugin named " + + loggerFullName + " contains a value " + + loggerValue + " which is not an instance of ILogEventListener."); } // initialize the self tests logger mLogger = (ILogEventListener) o; mLogger.init(this, loggerConfig); + + } catch (EMissingSelfTestException e) { + // already logged + throw e; + + } catch (EInvalidSelfTestException e) { + // already logged + throw e; + } catch (EBaseException e) { // self test property name EBaseException @@ -1351,8 +1362,8 @@ public class SelfTestSubsystem loggerFullName, loggerValue)); - throw new EInvalidSelfTestException(loggerFullName, - loggerValue); + throw e; + } catch (Exception e) { // NOTE: These messages can only be logged to the // "transactions" log, since the "selftests.log" @@ -1369,8 +1380,7 @@ public class SelfTestSubsystem CMS.debugStackTrace(); - throw new EInvalidSelfTestException(loggerFullName, - loggerValue); + throw new EBaseException(e); } } @@ -1481,6 +1491,11 @@ public class SelfTestSubsystem throw new EMissingSelfTestException(instanceFullName, instanceValue); } + + } catch (EMissingSelfTestException e) { + // already logged + throw e; + } catch (EBaseException e) { // self test property name EBaseException log(mLogger, @@ -1489,8 +1504,7 @@ public class SelfTestSubsystem instanceFullName, instanceValue)); - throw new EInvalidSelfTestException(instanceFullName, - instanceValue); + throw e; } // verify that the associated class is a valid instance of ISelfTest diff --git a/base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java b/base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java index b45b33b5feb57eaa510b3b2d239152cb48c6e740..5d43af7d136c83e1c436d0e9222338f747f5b685 100644 --- a/base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java +++ b/base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java @@ -12,14 +12,6 @@ import java.util.Hashtable; import java.util.Locale; import java.util.Vector; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPSSLSocketFactoryExt; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.Extension; -import netscape.security.x509.GeneralName; -import netscape.security.x509.X509CertInfo; - import org.mozilla.jss.CryptoManager.CertificateUsage; import org.mozilla.jss.util.PasswordCallback; @@ -65,6 +57,14 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cmsutil.net.ISocketFactory; import com.netscape.cmsutil.password.IPasswordStore; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPSSLSocketFactoryExt; +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.Extension; +import netscape.security.x509.GeneralName; +import netscape.security.x509.X509CertInfo; + /** * Default engine stub for testing. */ @@ -572,19 +572,16 @@ public class CMSEngineDefaultStub implements ICMSEngine { } @Override - public boolean verifySystemCerts() { - return false; + public void verifySystemCerts() throws Exception { } @Override - public boolean verifySystemCertByTag(String tag) { - return false; + public void verifySystemCertByTag(String tag) throws Exception { } @Override - public boolean verifySystemCertByNickname(String nickname, - String certificateUsage) { - return false; + public void verifySystemCertByNickname(String nickname, + String certificateUsage) throws Exception { } @Override -- 2.5.0