system-tests: verify machine trusts dCache Test CA

The system test uses certificates issued by the dCache Test CA.  For 
this to work, the client must trust this CA.

Currently there is no verification that the machine has the dCache Test 
CA in the trust store.  If the CA certificates are not trusted then 
transfers will fail.

This patch adds a check that the dCache CA's certificates are trusted.  
If they are not present then the populate script will fail, so failing 
the build.

Target: trunk
Require-notes: no
Require-book: no
Patch: http://rb.dcache.org/r/5122/
Acked-by: Gerd Behrmann

modules/system-test/src/main/skel/bin/populate

@@ -79,3 +79,35 @@ LinkGroup sm-group
 $username
 EOF
 fi
+
+scan_missing_ca_files() {
+    for path in "$@"; do
+        file=$(basename $path)
+
+        if [ ! -f ~/.globus/certificates/$file -a ! -f /etc/grid-security/certificates/$file ]; then
+            echo $path
+        fi
+    done
+}
+
+missing=$(scan_missing_ca_files etc/grid-security/certificates/*)
+
+if [ ! -z "$missing" ]; then
+    echo
+    echo "**"
+    echo "**  ERROR"
+    echo "**"
+    echo "**  The following files are missing from your OpenSSL trust-store.  This will"
+    echo "**  result in secure clients being unable to use dCache doors as they will not"
+    echo "**  trust the certificate dCache presents.  To fix this, copy these files"
+    echo "**  into either the /etc/grid-security/certificates or"
+    echo "**  ~/.globus/certificates directory:"
+    echo "**"
+    for file in $missing; do
+        echo "**    $file"
+        echo "**"
+    done
+    echo
+    exit 1
+fi
+