[Pki-devel] [PATCH] 756 Updated system certificate selftests.

[Endi Sukma Dewata]

The CertUtils.verifySystemCertByNickname() has been modified to call
CryptoManager.verifyCertificate() to validate the system certificates
which will provide better information (i.e. NSS error message and
stack trace) to troubleshoot validation issues.

https://fedorahosted.org/pki/ticket/850

--
Endi S. Dewata

>From 197743bdabeee8890eb22005a799e80d51cc66f0 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edew...@redhat.com>
Date: Tue, 8 Dec 2015 21:47:58 +0100
Subject: [PATCH] Updated system certificate selftests.

The CertUtils.verifySystemCertByNickname() has been modified to call
CryptoManager.verifyCertificate() to validate the system certificates
which will provide better information (i.e. NSS error message and
stack trace) to troubleshoot validation issues.

https://fedorahosted.org/pki/ticket/850
---
 .../cmscore/src/com/netscape/cmscore/cert/CertUtils.java     | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java
index d780cba7375280e1b490415173f9aa00f62a557d..5b6382e00ac7d735dca17e0ff89efa8077eed875 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java
@@ -834,18 +834,18 @@ public class CertUtils {
         if (certusage == null || certusage.equals(""))
             CMS.debug("CertUtils: verifySystemCertByNickname(): required certusage not defined, getting current certusage");
 
-        CMS.debug("CertUtils: verifySystemCertByNickname(): calling isCertValid()");
         try {
             CryptoManager cm = CryptoManager.getInstance();
             if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) {
-                if (cm.isCertValid(nickname, true, cu)) {
-                    CMS.debug("CertUtils: verifySystemCertByNickname() passed: " + nickname);
-                } else {
-                    CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + nickname);
-                    throw new Exception("Invalid certificate " + nickname);
+                CMS.debug("CertUtils: verifySystemCertByNickname(): calling verifyCertificate(" + nickname + ", true, " + cu + ")");
+                try {
+                    cm.verifyCertificate(nickname, true, cu);
+                } catch (CertificateException e) {
+                    throw new Exception("Certificate " + nickname + " is invalid: " + e.getMessage(), e);
                 }
 
             } else {
+                CMS.debug("CertUtils: verifySystemCertByNickname(): calling isCertValid(" + nickname + ", true)");
                 // find out about current cert usage
                 ccu = cm.isCertValid(nickname, true);
                 if (ccu == CertificateUsage.basicCertificateUsages) {
-- 
2.4.11


_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel