diff -Nru jss-4.9.1/azure-pipelines.yml jss-5.0.0/azure-pipelines.yml --- jss-4.9.1/azure-pipelines.yml 1970-01-01 00:00:00.000000000 +0000 +++ jss-5.0.0/azure-pipelines.yml 2021-10-01 03:33:50.000000000 +0000 @@ -0,0 +1,72 @@ +# Workaround to install sudo +# https://github.com/Microsoft/azure-pipelines-agent/issues/2043#issuecomment-687983301 +resources: + containers: + - container: debian_testing + image: debian:testing + options: '--name ci-container -v /usr/bin/docker:/tmp/docker:ro' + - container: ubuntu_rolling + image: ubuntu:rolling + options: '--name ci-container -v /usr/bin/docker:/tmp/docker:ro' + +jobs: +- job: BuildTest + pool: + vmImage: ubuntu-latest + strategy: + matrix: + fedora_latest: + image: fedora:latest + debian_testing: + image: debian_testing + ubuntu_rolling: + image: ubuntu_rolling + # Disable CentOS due to missing dependencies + # centos_7: + # image: centos:7 + # centos_8: + # image: centos:8 + container: $[variables['image']] + steps: + - script: | + sudo dnf install -y dnf-plugins-core rpm-build + sudo dnf builddep -y --spec jss.spec + condition: or(startsWith(variables.image, 'fedora:'), startsWith(variables.image, 'centos:')) + displayName: Install Fedora/CentOS dependencies + + - script: | + # Workaround to install sudo + # https://github.com/Microsoft/azure-pipelines-agent/issues/2043#issuecomment-687983301 + /tmp/docker exec -t -u 0 ci-container \ + apt-get update + /tmp/docker exec -t -u 0 -e DEBIAN_FRONTEND=noninteractive ci-container \ + apt-get -o Dpkg::Options::="--force-confold" -y install sudo + sudo apt-get install -y \ + cmake zip unzip \ + g++ libnss3-dev libnss3-tools \ + openjdk-11-jdk libcommons-lang3-java libslf4j-java junit4 + condition: or(startsWith(variables.image, 'debian_'), startsWith(variables.image, 'ubuntu_')) + displayName: Install Debian/Ubuntu dependencies + + - script: ./build.sh + displayName: Build JSS binaries, Javadoc, and run tests + +- job: SymbolTest + pool: + vmImage: ubuntu-latest + steps: + - script: | + grep -iroh '^Java_org_mozilla[^(;]*' src/main/java/ | sort -u > /tmp/functions.txt + cat /tmp/functions.txt + displayName: Get JNI symbols in the code + + - script: | + grep -iroh '^Java_org_mozilla[^(;]*' lib/ | sort -u > /tmp/version.txt + cat /tmp/version.txt + displayName: Get JNI symbols in the version script + + - script: | + diff /tmp/functions.txt /tmp/version.txt || true + comm -23 --check-order /tmp/functions.txt /tmp/version.txt > /tmp/diff.txt + test ! -s /tmp/diff.txt + displayName: Compare JNI symbols diff -Nru jss-4.9.1/build.sh jss-5.0.0/build.sh --- jss-4.9.1/build.sh 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/build.sh 2021-10-01 03:33:50.000000000 +0000 @@ -5,21 +5,32 @@ # All rights reserved. # END COPYRIGHT BLOCK -NAME=jss - SCRIPT_PATH="$(readlink -f "$0")" SCRIPT_NAME="$(basename "$SCRIPT_PATH")" - SRC_DIR="$(dirname "$SCRIPT_PATH")" + +NAME=jss WORK_DIR="$HOME/build/$NAME" +JAVA_LIB_DIR="/usr/lib/java" + +if [ "$HOSTTYPE" = "x86_64" ]; then + JSS_LIB_DIR="/usr/lib64/jss" +else + JSS_LIB_DIR="/usr/lib/jss" +fi + +INSTALL_DIR= SOURCE_TAG= SPEC_TEMPLATE= +VERSION= +RELEASE= WITH_TIMESTAMP= WITH_COMMIT_ID= DIST= +WITHOUT_JAVADOC= WITHOUT_TEST= VERBOSE= @@ -30,21 +41,29 @@ echo echo "Options:" echo " --work-dir= Working directory (default: $WORK_DIR)." + echo " --java-lib-dir= Java library directory (default: $JAVA_LIB_DIR)." + echo " --jss-lib-dir= JSS library directory (default: $JSS_LIB_DIR)." + echo " --install-dir= Installation directory." echo " --source-tag= Generate RPM sources from a source tag." echo " --spec= Use the specified RPM spec." + echo " --version= Use the specified version." + echo " --release= Use the specified release." echo " --with-timestamp Append timestamp to release number." echo " --with-commit-id Append commit ID to release number." echo " --dist= Distribution name (e.g. fc28)." + echo " --without-javadoc Do not build Javadoc package." echo " --without-test Do not run unit tests." echo " -v,--verbose Run in verbose mode." echo " --debug Run in debug mode." echo " --help Show help message." echo echo "Target:" - echo " src Generate RPM sources." - echo " spec Generate RPM spec." - echo " srpm Build SRPM package." - echo " rpm Build RPM packages (default)." + echo " dist Build JSS binaries (default)." + echo " install Install JSS binaries." + echo " src Generate RPM sources." + echo " spec Generate RPM spec." + echo " srpm Build SRPM package." + echo " rpm Build RPM packages." } generate_rpm_sources() { @@ -126,6 +145,12 @@ commands="${commands}; s/# Patch: jss-VERSION-RELEASE.patch/Patch: $PATCH/g" fi + # hard-code Javadoc option + if [ "$WITHOUT_JAVADOC" = true ] ; then + # convert bcond_without into bcond_with such that Javadoc package is not built by default + commands="${commands}; s/%\(bcond_without *javadoc\)\$/# \1\n%bcond_with javadoc/g" + fi + # hard-code test option if [ "$WITHOUT_TEST" = true ] ; then # convert bcond_without into bcond_with such that unit tests do not run by default @@ -149,12 +174,27 @@ work-dir=?*) WORK_DIR="$(readlink -f "$LONG_OPTARG")" ;; + java-lib-dir=?*) + JAVA_LIB_DIR="$(readlink -f "$LONG_OPTARG")" + ;; + jss-lib-dir=?*) + JSS_LIB_DIR="$(readlink -f "$LONG_OPTARG")" + ;; + install-dir=?*) + INSTALL_DIR="$(readlink -f "$LONG_OPTARG")" + ;; source-tag=?*) SOURCE_TAG="$LONG_OPTARG" ;; spec=?*) SPEC_TEMPLATE="$LONG_OPTARG" ;; + version=?*) + VERSION="$LONG_OPTARG" + ;; + release=?*) + RELEASE="$LONG_OPTARG" + ;; with-timestamp) WITH_TIMESTAMP=true ;; @@ -164,6 +204,9 @@ dist=?*) DIST="$LONG_OPTARG" ;; + without-javadoc) + WITHOUT_JAVADOC=true + ;; without-test) WITHOUT_TEST=true ;; @@ -181,7 +224,7 @@ '') break # "--" terminates argument processing ;; - work-dir* | source-tag* | spec* | dist*) + work-dir* | java-lib-dir* | jss-lib-dir* | install-dir* | source-tag* | spec* | version* | release* | dist*) echo "ERROR: Missing argument for --$OPTARG option" >&2 exit 1 ;; @@ -201,17 +244,22 @@ shift $((OPTIND-1)) if [ "$#" -lt 1 ] ; then - BUILD_TARGET=rpm + BUILD_TARGET=dist else BUILD_TARGET=$1 fi if [ "$DEBUG" = true ] ; then echo "WORK_DIR: $WORK_DIR" + echo "JAVA_LIB_DIR: $JAVA_LIB_DIR" + echo "JSS_LIB_DIR: $JSS_LIB_DIR" + echo "INSTALL_DIR: $INSTALL_DIR" echo "BUILD_TARGET: $BUILD_TARGET" fi -if [ "$BUILD_TARGET" != "src" ] && +if [ "$BUILD_TARGET" != "dist" ] && + [ "$BUILD_TARGET" != "install" ] && + [ "$BUILD_TARGET" != "src" ] && [ "$BUILD_TARGET" != "spec" ] && [ "$BUILD_TARGET" != "srpm" ] && [ "$BUILD_TARGET" != "rpm" ] ; then @@ -219,17 +267,110 @@ exit 1 fi +mkdir -p "$WORK_DIR" +cd "$WORK_DIR" + +if [ "$BUILD_TARGET" = "dist" ] ; then + + if [ "$VERBOSE" = true ] ; then + echo "Building $NAME" + fi + + OPTIONS=() + OPTIONS+=(-DVERSION=$VERSION) + + if [ "$JAVA_HOME" != "" ] ; then + OPTIONS+=(-DJAVA_HOME=$JAVA_HOME) + fi + + OPTIONS+=(-DCMAKE_INSTALL_PREFIX=/usr) + OPTIONS+=(-DJAVA_LIB_INSTALL_DIR=$JAVA_LIB_DIR ) + OPTIONS+=(-DJSS_LIB_INSTALL_DIR=$JSS_LIB_DIR) + + if [ "$WITHOUT_JAVADOC" = true ] ; then + OPTIONS+=(-DWITH_JAVADOC=FALSE) + fi + + OPTIONS+=(-S $SRC_DIR) + OPTIONS+=(-B .) + + cmake "${OPTIONS[@]}" + + OPTIONS=() + + if [ "$VERBOSE" = true ] ; then + OPTIONS+=(VERBOSE=1) + fi + + OPTIONS+=(CMAKE_NO_VERBOSE=1) + OPTIONS+=(--no-print-directory) + + make "${OPTIONS[@]}" all + + if [ "$WITHOUT_JAVADOC" != true ] ; then + make "${OPTIONS[@]}" javadoc + fi + + if [ "$WITHOUT_TEST" != true ] ; then + ctest --output-on-failure + fi + + echo + echo "Build artifacts:" + echo "- Java archive: $WORK_DIR/jss.jar" + echo "- shared library: $WORK_DIR/libjss.so" + echo "- documentation: $WORK_DIR/docs" + echo + echo "To install the build: $0 install" + echo "To create RPM packages: $0 rpm" + echo + + exit +fi + +if [ "$BUILD_TARGET" = "install" ] ; then + + if [ "$VERBOSE" = true ] ; then + echo "Installing $NAME" + fi + + OPTIONS=() + + if [ "$VERBOSE" = true ] ; then + OPTIONS+=(VERBOSE=1) + fi + + OPTIONS+=(CMAKE_NO_VERBOSE=1) + OPTIONS+=(DESTDIR=$INSTALL_DIR) + OPTIONS+=(INSTALL="install -p") + OPTIONS+=(--no-print-directory) + + make "${OPTIONS[@]}" install + + exit +fi + +################################################################################ +# Prepare RPM build +################################################################################ + if [ "$SPEC_TEMPLATE" = "" ] ; then SPEC_TEMPLATE="$SRC_DIR/$NAME.spec" fi -VERSION="$(rpmspec -P "$SPEC_TEMPLATE" | grep "^Version:" | awk '{print $2;}')" +if [ "$VERSION" = "" ] ; then + # if version not specified, get from spec template + VERSION="$(rpmspec -P "$SPEC_TEMPLATE" | grep "^Version:" | awk '{print $2;}')" +fi if [ "$DEBUG" = true ] ; then echo "VERSION: $VERSION" fi -RELEASE="$(rpmspec -P "$SPEC_TEMPLATE" --undefine dist | grep "^Release:" | awk '{print $2;}')" +if [ "$RELEASE" = "" ] ; then + # if release not specified, get from spec template + RELEASE="$(rpmspec -P "$SPEC_TEMPLATE" --undefine dist | grep "^Release:" | awk '{print $2;}')" +fi if [ "$DEBUG" = true ] ; then echo "RELEASE: $RELEASE" @@ -265,17 +406,6 @@ echo "Building $NAME-$VERSION-$RELEASE${_TIMESTAMP}${_COMMIT_ID}" -################################################################################ -# Initialize working directory -################################################################################ - -if [ "$VERBOSE" = true ] ; then - echo "Initializing $WORK_DIR" -fi - -mkdir -p "$WORK_DIR" -cd "$WORK_DIR" - rm -rf BUILD rm -rf RPMS rm -rf SOURCES @@ -335,10 +465,6 @@ OPTIONS+=(--define "dist .$DIST") fi -if [ "$WITHOUT_TEST" = true ] ; then - OPTIONS+=(--without test) -fi - if [ "$DEBUG" = true ] ; then echo rpmbuild -bs "${OPTIONS[@]}" "$WORK_DIR/SPECS/$RPM_SPEC" fi diff -Nru jss-4.9.1/.classpath jss-5.0.0/.classpath --- jss-4.9.1/.classpath 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/.classpath 2021-10-01 03:33:50.000000000 +0000 @@ -9,7 +9,6 @@ - diff -Nru jss-4.9.1/cmake/JSSCommon.cmake jss-5.0.0/cmake/JSSCommon.cmake --- jss-4.9.1/cmake/JSSCommon.cmake 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/cmake/JSSCommon.cmake 2021-10-01 03:33:50.000000000 +0000 @@ -54,7 +54,7 @@ # We exclude any C files in the tests directory because they shouldn't # contribute to our library. They should instead be built as part of the # test suite and probably be built as stand alone binaries which link - # against libjss4.so (at most). + # against libjss.so (at most). file(GLOB_RECURSE C_SOURCES src/main/java/*.c) file(GLOB_RECURSE C_TEST_SOURCES src/test/java/*.c) endmacro() @@ -215,7 +215,7 @@ add_custom_command( OUTPUT ${JAVADOCS_OUTPUTS} - COMMAND "${Java_JAVADOC_EXECUTABLE}" -source 1.8 -overview "${PROJECT_SOURCE_DIR}/tools/javadoc/overview.html" -windowtitle "${JSS_WINDOW_TITLE}" -notimestamp -breakiterator -classpath ${JAVAC_CLASSPATH} -sourcepath ${PROJECT_SOURCE_DIR} -d ${DOCS_OUTPUT_DIR} @${JAVA_SOURCES_FILE} + COMMAND "${Java_JAVADOC_EXECUTABLE}" -overview "${PROJECT_SOURCE_DIR}/tools/javadoc/overview.html" -windowtitle "${JSS_WINDOW_TITLE}" -notimestamp -breakiterator -classpath ${JAVAC_CLASSPATH} -sourcepath ${PROJECT_SOURCE_DIR} -d ${DOCS_OUTPUT_DIR} @${JAVA_SOURCES_FILE} COMMAND touch "${JAVADOCS_OUTPUTS}" DEPENDS ${JAVA_SOURCES} ) diff -Nru jss-4.9.1/cmake/JSSConfig.cmake jss-5.0.0/cmake/JSSConfig.cmake --- jss-4.9.1/cmake/JSSConfig.cmake 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/cmake/JSSConfig.cmake 2021-10-01 03:33:50.000000000 +0000 @@ -3,7 +3,7 @@ # MAJOR MINOR PATCH BETA # When BETA is 1, it is a pre-release (it enables some tests). # When BETA is 0, it is a final release. - jss_config_version(4 9 0 0) + jss_config_version(5 0 0 0) # Configure output directories jss_config_outputs() @@ -91,8 +91,8 @@ set(REPRODUCIBLE_TEMP_DIR "${CMAKE_BINARY_DIR}/reproducible") set(JSS_BUILD_JAR "staging.jar") - set(JSS_JAR "jss${JSS_VERSION_MAJOR}.jar") - set(JSS_SO "libjss${JSS_VERSION_MAJOR}.so") + set(JSS_JAR "jss.jar") + set(JSS_SO "libjss.so") set(JSS_BUILD_JAR_PATH "${CMAKE_BINARY_DIR}/${JSS_BUILD_JAR}") set(JSS_JAR_PATH "${CMAKE_BINARY_DIR}/${JSS_JAR}") set(JSS_SO_PATH "${CMAKE_BINARY_DIR}/${JSS_SO}") @@ -104,7 +104,7 @@ set(TESTS_CLASSES_OUTPUT_DIR "${CMAKE_BINARY_DIR}/classes/tests") set(TESTS_INCLUDE_OUTPUT_DIR "${CMAKE_BINARY_DIR}/include/tests") set(TESTS_JNI_OUTPUT_DIR "${CMAKE_BINARY_DIR}/include/jss/_jni") - set(JSS_TESTS_JAR "tests-jss${JSS_VERSION_MAJOR}.jar") + set(JSS_TESTS_JAR "tests-jss.jar") set(JSS_TESTS_SO "${JSS_SO}") set(JSS_TESTS_JAR_PATH "${CMAKE_BINARY_DIR}/${JSS_TESTS_JAR}") set(JSS_TESTS_SO_PATH "${LIB_OUTPUT_DIR}/${JSS_TESTS_SO}") @@ -224,10 +224,6 @@ NAMES apache-commons-lang3 commons-lang3 ) find_jar( - JAXB_JAR - NAMES jaxb-api - ) - find_jar( SLF4J_JDK14_JAR NAMES jdk14 slf4j/jdk14 slf4j-jdk14 ) @@ -249,10 +245,6 @@ message(FATAL_ERROR "Required dependency apache-commons-lang.jar not found by find_jar!") endif() - if(JAXB_JAR STREQUAL "JAXB_JAR-NOTFOUND") - message(FATAL_ERROR "Required dependency javaee-jaxb-api.jar not found by find_jar!") - endif() - if(SLF4J_JDK14_JAR STREQUAL "SLF4J_JDK14_JAR-NOTFOUND") message(WARNING "Test dependency sfl4j-jdk14.jar not found by find_jar! Tests might not run properly.") endif() @@ -266,7 +258,7 @@ endif() # Set class paths - set(JAVAC_CLASSPATH "${SLF4J_API_JAR}:${LANG_JAR}:${JAXB_JAR}") + set(JAVAC_CLASSPATH "${SLF4J_API_JAR}:${LANG_JAR}") set(TEST_CLASSPATH "${JSS_JAR_PATH}:${JSS_TESTS_JAR_PATH}:${JAVAC_CLASSPATH}:${SLF4J_JDK14_JAR}:${JUNIT4_JAR}:${HAMCREST_JAR}") message(STATUS "javac classpath: ${JAVAC_CLASSPATH}") diff -Nru jss-4.9.1/cmake/JSSTests.cmake jss-5.0.0/cmake/JSSTests.cmake --- jss-4.9.1/cmake/JSSTests.cmake 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/cmake/JSSTests.cmake 2021-10-01 03:33:50.000000000 +0000 @@ -470,7 +470,7 @@ add_custom_command( OUTPUT "${C_OUTPUT}" - COMMAND ${CMAKE_C_COMPILER} ${JSS_C_FLAGS} -o ${C_OUTPUT} ${C_FILE} -L${LIB_OUTPUT_DIR} -ljss4 ${JSS_LD_FLAGS} + COMMAND ${CMAKE_C_COMPILER} ${JSS_C_FLAGS} -o ${C_OUTPUT} ${C_FILE} -L${LIB_OUTPUT_DIR} -ljss ${JSS_LD_FLAGS} WORKING_DIRECTORY ${C_DIR} DEPENDS "${C_FILE}" DEPENDS "${JSS_TESTS_SO_PATH}" diff -Nru jss-4.9.1/CMakeLists.txt jss-5.0.0/CMakeLists.txt --- jss-4.9.1/CMakeLists.txt 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/CMakeLists.txt 2021-10-01 03:33:50.000000000 +0000 @@ -43,6 +43,8 @@ endif() option(TEST_WITH_INTERNET "When enabled, runs various tests which require an internet connection. " ${TEST_WITH_INTERNET_ENV}) +option(WITH_JAVADOC "Build Javadoc package." TRUE) + # Find NSPR and NSS Libraries. find_package(NSPR REQUIRED) find_package(NSS REQUIRED) @@ -81,14 +83,14 @@ install( FILES - ${CMAKE_CURRENT_BINARY_DIR}/jss4.jar + ${CMAKE_CURRENT_BINARY_DIR}/jss.jar DESTINATION ${JAVA_LIB_INSTALL_DIR} ) install( FILES - ${CMAKE_CURRENT_BINARY_DIR}/libjss4.so + ${CMAKE_CURRENT_BINARY_DIR}/libjss.so DESTINATION ${JSS_LIB_INSTALL_DIR} PERMISSIONS @@ -99,23 +101,22 @@ install( CODE "execute_process( - COMMAND ln -sf ${JAVA_LIB_INSTALL_DIR}/jss4.jar \$ENV{DESTDIR}${JSS_LIB_INSTALL_DIR}/jss4.jar - COMMAND ln -sf jss4.jar \$ENV{DESTDIR}${JAVA_LIB_INSTALL_DIR}/jss.jar - COMMAND ln -sf jss4.jar \$ENV{DESTDIR}${JSS_LIB_INSTALL_DIR}/jss.jar - COMMAND ln -sf libjss4.so \$ENV{DESTDIR}${JSS_LIB_INSTALL_DIR}/libjss.so + COMMAND ln -sf ${JAVA_LIB_INSTALL_DIR}/jss.jar \$ENV{DESTDIR}${JSS_LIB_INSTALL_DIR}/jss.jar )" ) -install( - DIRECTORY - ${CMAKE_CURRENT_BINARY_DIR}/docs/ - DESTINATION - ${CMAKE_INSTALL_PREFIX}/share/javadoc/jss-${VERSION} -) - -install( - FILES - jss.html MPL-1.1.txt gpl.txt lgpl.txt - DESTINATION - ${CMAKE_INSTALL_PREFIX}/share/javadoc/jss-${VERSION} -) +if(WITH_JAVADOC) + install( + DIRECTORY + ${CMAKE_CURRENT_BINARY_DIR}/docs/ + DESTINATION + ${CMAKE_INSTALL_PREFIX}/share/javadoc/jss + ) + + install( + FILES + jss.html MPL-1.1.txt gpl.txt lgpl.txt + DESTINATION + ${CMAKE_INSTALL_PREFIX}/share/javadoc/jss + ) +endif(WITH_JAVADOC) diff -Nru jss-4.9.1/debian/changelog jss-5.0.0/debian/changelog --- jss-4.9.1/debian/changelog 2021-09-06 08:35:55.000000000 +0000 +++ jss-5.0.0/debian/changelog 2021-10-18 19:17:45.000000000 +0000 @@ -1,3 +1,17 @@ +jss (5.0.0-1) unstable; urgency=medium + + * New upstream release. + * control: libjaxb-api-java is no longer needed, drop it from (build- + )depends. + * control: Drop obsolete breaks. + * use-release-8.diff: Dropped. + * install: Version number got dropped from the build, so fix the + install. + * control: Add Breaks for current versions of libtomcatjss-java, + libldap-java and libidm-console-framework-java. + + -- Timo Aaltonen Mon, 18 Oct 2021 22:17:45 +0300 + jss (4.9.1-1) unstable; urgency=medium * New upstream release. diff -Nru jss-4.9.1/debian/control jss-5.0.0/debian/control --- jss-4.9.1/debian/control 2021-09-06 08:07:17.000000000 +0000 +++ jss-5.0.0/debian/control 2021-10-18 19:17:12.000000000 +0000 @@ -9,7 +9,6 @@ junit4, libcommons-codec-java, libcommons-lang3-java, - libjaxb-api-java, libnss3-dev, libnss3-tools, libslf4j-java, @@ -26,9 +25,10 @@ Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libcommons-lang3-java, - libjaxb-api-java, -Breaks: libidm-console-framework-java (<< 1.2.0), - libldap-java (<< 4.20.0), +Breaks: + libidm-console-framework-java (<< 2.0.0), + libldap-java (<< 5.0.0), + libtomcatjss-java (<< 8.0.0), Description: Network Security Services for Java Network Security Services for Java (JSS) is a Java interface to NSS. It supports most of the security standards and diff -Nru jss-4.9.1/debian/libjss-java.install jss-5.0.0/debian/libjss-java.install --- jss-4.9.1/debian/libjss-java.install 2021-09-06 08:07:17.000000000 +0000 +++ jss-5.0.0/debian/libjss-java.install 2021-10-18 18:59:48.000000000 +0000 @@ -1,2 +1,2 @@ -usr/share/java/jss*.jar -usr/lib/jss/libjss4.so +usr/share/java/jss.jar +usr/lib/jss/libjss.so diff -Nru jss-4.9.1/debian/patches/series jss-5.0.0/debian/patches/series --- jss-4.9.1/debian/patches/series 2021-09-06 08:07:17.000000000 +0000 +++ jss-5.0.0/debian/patches/series 2021-10-18 18:34:48.000000000 +0000 @@ -1 +1 @@ -use-release-8.diff +#placeholder diff -Nru jss-4.9.1/debian/patches/use-release-8.diff jss-5.0.0/debian/patches/use-release-8.diff --- jss-4.9.1/debian/patches/use-release-8.diff 2021-09-06 08:26:25.000000000 +0000 +++ jss-5.0.0/debian/patches/use-release-8.diff 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ ---- a/cmake/JSSConfig.cmake -+++ b/cmake/JSSConfig.cmake -@@ -279,10 +279,8 @@ macro(jss_config_java) - list(APPEND JSS_JAVAC_FLAGS "${PROJECT_SOURCE_DIR}/src/main/java") - - # Ensure we're compatible with JDK 8 -- list(APPEND JSS_JAVAC_FLAGS "-target") -- list(APPEND JSS_JAVAC_FLAGS "1.8") -- list(APPEND JSS_JAVAC_FLAGS "-source") -- list(APPEND JSS_JAVAC_FLAGS "1.8") -+ list(APPEND JSS_JAVAC_FLAGS "--release") -+ list(APPEND JSS_JAVAC_FLAGS "8") - - # Handle passed-in javac flags as well; assume they are valid. - separate_arguments(PASSED_JAVAC_FLAGS UNIX_COMMAND "$ENV{JAVACFLAGS}") diff -Nru jss-4.9.1/debian/rules jss-5.0.0/debian/rules --- jss-4.9.1/debian/rules 2021-09-06 08:07:17.000000000 +0000 +++ jss-5.0.0/debian/rules 2021-10-18 19:14:02.000000000 +0000 @@ -24,15 +24,8 @@ override_dh_auto_install: mkdir -p $(CURDIR)/debian/tmp/usr/lib/jss mkdir -p $(CURDIR)/debian/tmp/usr/share/java - install -m 644 build/jss4.jar $(CURDIR)/debian/tmp/usr/share/java/jss-$(MOD_MAJOR_VERSION).$(MOD_MINOR_VERSION).$(MOD_PATCH_VERSION).jar - install -m 0755 build/libjss4.so $(CURDIR)/debian/tmp/usr/lib/jss - - # Required by ldapjdk - ln -s jss-$(MOD_MAJOR_VERSION).$(MOD_MINOR_VERSION).$(MOD_PATCH_VERSION).jar \ - $(CURDIR)/debian/tmp/usr/share/java/jss.jar - # Required by idm-console-framework - ln -s jss-$(MOD_MAJOR_VERSION).$(MOD_MINOR_VERSION).$(MOD_PATCH_VERSION).jar \ - $(CURDIR)/debian/tmp/usr/share/java/jss4.jar + install -m 644 build/jss.jar $(CURDIR)/debian/tmp/usr/share/java/jss.jar + install -m 0755 build/libjss.so $(CURDIR)/debian/tmp/usr/lib/jss override_dh_auto_test: cd build && ctest --output-on-failure diff -Nru jss-4.9.1/Dockerfile jss-5.0.0/Dockerfile --- jss-4.9.1/Dockerfile 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/Dockerfile 2021-10-01 03:33:50.000000000 +0000 @@ -5,7 +5,7 @@ # ARG OS_VERSION="latest" -ARG COPR_REPO="@pki/10.11" +ARG COPR_REPO="@pki/master" ################################################################################ FROM registry.fedoraproject.org/fedora:$OS_VERSION AS jss-builder diff -Nru jss-4.9.1/docs/building.md jss-5.0.0/docs/building.md --- jss-4.9.1/docs/building.md 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/docs/building.md 2021-10-01 03:33:50.000000000 +0000 @@ -64,20 +64,20 @@ ### Installation -To install JSS, place `jss4.jar` and `libjss4.so` in places where the system +To install JSS, place `jss.jar` and `libjss.so` in places where the system can find them. We recommend the following locations on a 64-bit system: cd jss/build - sudo cp jss4.jar /usr/lib/java/jss4.jar - sudo chown root:root /usr/lib/java/jss4.jar - sudo chmod 644 /usr/lib/java/jss4.jar - - sudo cp libjss4.so /usr/lib64/jss/libjss4.so - sudo chown root:root /usr/lib64/jss/libjss4.so - sudo chmod 755 /usr/lib64/jss/libjss4.so + sudo cp jss.jar /usr/lib/java/jss.jar + sudo chown root:root /usr/lib/java/jss.jar + sudo chmod 644 /usr/lib/java/jss.jar + + sudo cp libjss.so /usr/lib64/jss/libjss.so + sudo chown root:root /usr/lib64/jss/libjss.so + sudo chmod 755 /usr/lib64/jss/libjss.so -To uninstall, simply remove the created files (`/usr/lib/java/jss4.jar` and -`/usr/lib64/jss/libjss4.so`). +To uninstall, simply remove the created files (`/usr/lib/java/jss.jar` and +`/usr/lib64/jss/libjss.so`). Note that the preferred way to install JSS is from your distribution or via an RPM built with `build.sh`. @@ -92,7 +92,7 @@ Then, issue a build using the `build.sh` interface: - ./build.sh + ./build.sh rpm This will build RPMS and place them in `$HOME/build/jss` by default. For more information about this build script, refer to its help text: diff -Nru jss-4.9.1/docs/build_system.md jss-5.0.0/docs/build_system.md --- jss-4.9.1/docs/build_system.md 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/docs/build_system.md 2021-10-01 03:33:50.000000000 +0000 @@ -12,10 +12,10 @@ 1. Classes are built from Java source and JNI headers are generated. This is done in a single pass of the `javac` compiler. All Java source files under - `org/` are currently compiled to the `build/classes/` folder. + `src/main/java/` are currently compiled to the `build/classes/` folder. 2. Any C header files are moved to the `build/includes/` folder. -3. C source files are compiled to objects and linked to form `libjss4.so`, - excluding any C source files in `org/mozilla/jss/tests`. If any exist, +3. C source files are compiled to objects and linked to form `libjss.so`, + excluding any C source files in `src/test/java/`. If any exist, they'll be compiled at a later stage for `ctest`. This step is dependent on steps 1 and 2. 4. Build the JAR archive from compiled Java classes. Note that at this time, @@ -99,7 +99,7 @@ optional set of dependencies (`DEPENDS ...`) on other tests. We use this because `add_test` doesn't itself handle dependencies or set environment variables (we need to inject `LD_LIBRARY_PATH` to handle testing our built -`libjss4.so`). +`libjss.so`). `jss_test_java` is a wrapper over `jss_test_exec` which handles setting up the JVM and passing required arguments to it (`-classpath`, `-enableasserts`, diff -Nru jss-4.9.1/docs/changes/v4.9.1/API-Changes.adoc jss-5.0.0/docs/changes/v4.9.1/API-Changes.adoc --- jss-4.9.1/docs/changes/v4.9.1/API-Changes.adoc 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/docs/changes/v4.9.1/API-Changes.adoc 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -= API Changes = - -== Changes in org.mozilla.jss.netscape.security.x509.RevocationReasonAdapter == - -The class has been deprecated in JSS 4 and will be dropped in JSS 5. Use the revocation reason code or label instead. diff -Nru jss-4.9.1/docs/changes/v5.0.0/API-Changes.adoc jss-5.0.0/docs/changes/v5.0.0/API-Changes.adoc --- jss-4.9.1/docs/changes/v5.0.0/API-Changes.adoc 1970-01-01 00:00:00.000000000 +0000 +++ jss-5.0.0/docs/changes/v5.0.0/API-Changes.adoc 2021-10-01 03:33:50.000000000 +0000 @@ -0,0 +1,14 @@ += API Changes = + +== Changes in org.mozilla.jss.netscape.security.x509.CertAndKeyGen == + +* The `getSelfCert()` has been deprecated in JSS 4 and dropped in JSS 5. Use `getSelfCertificate()` instead. +* The `setRandom()` has been deprecated in JSS 4 and dropped in JSS 5. It is no longer used. + +== Changes in org.mozilla.jss.netscape.security.x509.X509Cert == + +The class has been deprecated in JSS 4 and dropped in JSS 5. Use `java.security.cert.Certificate` instead. + +== Changes in org.mozilla.jss.netscape.security.x509.RevocationReasonAdapter == + +The class has been deprecated in JSS 4 and dropped in JSS 5. Use the revocation reason code or label instead. diff -Nru jss-4.9.1/docs/dependencies.md jss-5.0.0/docs/dependencies.md --- jss-4.9.1/docs/dependencies.md 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/docs/dependencies.md 2021-10-01 03:33:50.000000000 +0000 @@ -11,7 +11,6 @@ - [OpenJDK 1.8.0 or newer](http://openjdk.java.net/) - [CMake](https://cmake.org/) - [Apache Commons Lang](https://commons.apache.org/proper/commons-lang/) - - [JavaEE JAXB](https://github.com/eclipse-ee4j/jaxb-ri) - [SLF4J](https://www.slf4j.org/) Additionally, a zipping and unzipping program is required to create @@ -20,14 +19,14 @@ To install these dependencies on Fedora, execute the following: sudo dnf install apache-commons-lang gcc-c++ java-devel jpackage-utils \ - slf4j zlib-devel glassfish-jaxb-api nss-tools nss-devel \ + slf4j zlib-devel nss-tools nss-devel \ cmake junit To install these dependencies on Debian, execute the following: sudo apt-get install build-essential libcommons-lang-java libnss3-dev \ libslf4j-java default-jdk pkg-config zlib1g-dev \ - libjaxb-api-java libnss3-tools cmake zip unzip \ + libnss3-tools cmake zip unzip \ junit4 ## Test Suite Dependencies: @@ -53,10 +52,9 @@ At run time, the following JARs are required to be specified on the `CLASSPATH` of anyone wishing to use JSS: - - `jss4.jar` + - `jss.jar` - `slf4j-api.jar` - `apache-commons-lang.jar` - - `jaxb-api.jar` Note that these should already be installed when building JSS. For more information, please refer to our documentation on using JSS: diff -Nru jss-4.9.1/docs/legacy_building.md jss-5.0.0/docs/legacy_building.md --- jss-4.9.1/docs/legacy_building.md 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/docs/legacy_building.md 2021-10-01 03:33:50.000000000 +0000 @@ -129,31 +129,31 @@ following command(s): ``` -# sudo mv /usr/lib/java/jss4.jar /usr/lib/java/jss4.jar.orig +# sudo mv /usr/lib/java/jss.jar /usr/lib/java/jss.jar.orig ``` If the platform is 32-bit Linux: ``` -# sudo mv /usr/lib/jss/libjss4.so /usr/lib/jss/libjss4.so.orig +# sudo mv /usr/lib/jss/libjss.so /usr/lib/jss/libjss.so.orig ``` else if the platform is 64-bit Linux: ``` -# sudo mv /usr/lib64/jss/libjss4.so /usr/lib64/jss/libjss4.so.orig +# sudo mv /usr/lib64/jss/libjss.so /usr/lib64/jss/libjss.so.orig ``` Then install the new JSS binaries: ``` -# sudo cp sandbox/dist/xpclass.jar /usr/lib/java/jss4.jar -# sudo chown root:root /usr/lib/java/jss4.jar -# sudo chmod 644 /usr/lib/java/jss4.jar - -# sudo cp sandbox/jss/lib/Linux*.OBJ/libjss4.so /usr/lib64/jss/libjss4.so -# sudo chown root:root /usr/lib64/jss/libjss4.so -# sudo chmod 755 /usr/lib64/jss/libjss4.so +# sudo cp sandbox/dist/xpclass.jar /usr/lib/java/jss.jar +# sudo chown root:root /usr/lib/java/jss.jar +# sudo chmod 644 /usr/lib/java/jss.jar + +# sudo cp sandbox/jss/lib/Linux*.OBJ/libjss.so /usr/lib64/jss/libjss.so +# sudo chown root:root /usr/lib64/jss/libjss.so +# sudo chmod 755 /usr/lib64/jss/libjss.so ``` ### 5. Run JSS Tests (Optional, but only if build method (1)(a) was utilized) @@ -185,19 +185,19 @@ by running the following commands: ``` -# sudo mv /usr/lib/java/jss4.jar.orig /usr/lib/java/jss4.jar +# sudo mv /usr/lib/java/jss.jar.orig /usr/lib/java/jss.jar ``` If the platform is 32-bit Linux: ``` -# sudo mv /usr/lib/jss/libjss4.so.orig /usr/lib/jss/libjss4.so +# sudo mv /usr/lib/jss/libjss.so.orig /usr/lib/jss/libjss.so ``` else if the platform is 64-bit Linux: ``` -# sudo mv /usr/lib64/jss/libjss4.so.orig /usr/lib64/jss/libjss4.so +# sudo mv /usr/lib64/jss/libjss.so.orig /usr/lib64/jss/libjss.so ``` NOTE: For this procedure, no ownership or permission changes should diff -Nru jss-4.9.1/docs/pkcs11_constants.md jss-5.0.0/docs/pkcs11_constants.md --- jss-4.9.1/docs/pkcs11_constants.md 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/docs/pkcs11_constants.md 2021-10-01 03:33:50.000000000 +0000 @@ -43,7 +43,7 @@ python3 ./tools/build_pkcs11_constants.py --system \ --pkcs11t /usr/include/nss3/pkcs11t.h \ --pkcs11n /usr/include/nss3/pkcs11n.h \ - --output org/mozilla/jss/pkcs11/PKCS11Constants.java + --output src/main/java/org/mozilla/jss/pkcs11/PKCS11Constants.java While not required, it is suggested to use the `--system` flag to ensure the values of `PKCS11Constants.java` are the same as the installed NSS @@ -106,7 +106,7 @@ ## Java Test Included in the test suite when run on a JDK8 machine is a test called -[`TestPKCS11Constants`](../org/mozilla/jss/tests/TestPKCS11Constants.java). +[`TestPKCS11Constants`](../src/test/java/org/mozilla/jss/tests/TestPKCS11Constants.java). This uses reflection to compare the values of the PKCS11Constants.java provided by JSS and the version provided by Sun, reporting constants in four categories: diff -Nru jss-4.9.1/docs/usage/capabilities_list.md jss-5.0.0/docs/usage/capabilities_list.md --- jss-4.9.1/docs/usage/capabilities_list.md 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/docs/usage/capabilities_list.md 2021-10-01 03:33:50.000000000 +0000 @@ -20,7 +20,7 @@ ======================================== First build jss according to the instructions here [README](../../README.md) -You should see in the build directory tests_jss4.jar which is what +You should see in the build directory tests_jss.jar which is what contains the application along with the regular tests. From the `jss/build` directory execute diff -Nru jss-4.9.1/docs/using_jss.md jss-5.0.0/docs/using_jss.md --- jss-4.9.1/docs/using_jss.md 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/docs/using_jss.md 2021-10-01 03:33:50.000000000 +0000 @@ -1,10 +1,10 @@ # Using JSS -Please make sure `libjss4.so` is included in your library path or set it via +Please make sure `libjss.so` is included in your library path or set it via the `LD_LIBRARY_PATH` environment variable. See `man 8 ld.so` for more information. Alternatively, this can be done by setting `-Djava.library.path` -to the directory with `libjss4.so` on the command line of all Java programs -using JSS. Note that without `libjss4.so`, using JSS in nearly any capacity +to the directory with `libjss.so` on the command line of all Java programs +using JSS. Note that without `libjss.so`, using JSS in nearly any capacity will fail. ## Classpath Dependencies @@ -12,14 +12,12 @@ To use JSS in your project after installation, you'll need to ensure the following dependencies are available in your `CLASSPATH`: - - `jss4.jar` -- provided by the `jss` package and installed to - `/usr/lib/java/jss4.jar`. + - `jss.jar` -- provided by the `jss` package and installed to + `/usr/lib/java/jss.jar`. - `slf4j-api.jar` -- provided by the `slf4j` package and installed to `/usr/share/java/slf4j/slf4j-api.jar`. - `apache-commons-lang.jar` -- provided by the `apache-commons-lang` package and installed to `/usr/share/java/apache-commons-lang.jar`. - - `jaxb-api.jar` -- provided by the `glassfish-jaxb-api` package - and installed to `/usr/share/java/jaxb-api.jar`. Note that the above paths and packages are for Fedora; for a list of packages in Debian, please see the [dependencies document](dependencies.md). Note that diff -Nru jss-4.9.1/examples/pom.xml jss-5.0.0/examples/pom.xml --- jss-4.9.1/examples/pom.xml 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/examples/pom.xml 2021-10-01 03:33:50.000000000 +0000 @@ -6,13 +6,13 @@ 4.0.0 org.dogtagpki jss-example - 4.9.0-SNAPSHOT + 5.0.0-SNAPSHOT org.dogtagpki jss - 4.9.0-SNAPSHOT + 5.0.0-SNAPSHOT diff -Nru jss-4.9.1/.github/workflows/build-tests.yml jss-5.0.0/.github/workflows/build-tests.yml --- jss-4.9.1/.github/workflows/build-tests.yml 1970-01-01 00:00:00.000000000 +0000 +++ jss-5.0.0/.github/workflows/build-tests.yml 2021-10-01 03:33:50.000000000 +0000 @@ -0,0 +1,64 @@ +name: Build Tests + +on: [push, pull_request] + +jobs: + build-test: + name: Build Test + runs-on: ubuntu-latest + strategy: + matrix: + os: + - 'fedora:latest' + - 'debian:testing' + - 'ubuntu:rolling' + # Disable CentOS due to missing dependencies + # - 'centos:7' + # - 'centos:8' + container: ${{ matrix.os }} + steps: + - name: Clone repository + uses: actions/checkout@v2 + + - name: Install Fedora/CentOS dependencies + if: ${{ startsWith(matrix.os, 'fedora:') || startsWith(matrix.os, 'centos:') }} + run: | + dnf install -y dnf-plugins-core rpm-build + dnf builddep -y --spec jss.spec + + - name: Install Debian/Ubuntu dependencies + if: ${{ startsWith(matrix.os, 'debian:') || startsWith(matrix.os, 'ubuntu:') }} + run: | + apt-get update + apt-get install -y \ + cmake zip unzip \ + g++ libnss3-dev libnss3-tools \ + openjdk-11-jdk libcommons-lang3-java libslf4j-java junit4 + + - name: Build JSS binaries, Javadoc, and run tests + run: ./build.sh + + # Compare JNI symbols in the code and in the version script. + # If there are JNI symbols in the code but not in the version script -> fail. + symbol-test: + name: Symbol Test + runs-on: ubuntu-latest + steps: + - name: Clone repository + uses: actions/checkout@v2 + + - name: Get JNI symbols in the code + run: | + grep -iroh '^Java_org_mozilla[^(;]*' src/main/java/ | sort -u > /tmp/functions.txt + cat /tmp/functions.txt + + - name: Get JNI symbols in the version script + run: | + grep -iroh '^Java_org_mozilla[^(;]*' lib/ | sort -u > /tmp/version.txt + cat /tmp/version.txt + + - name: Compare JNI symbols + run: | + diff /tmp/functions.txt /tmp/version.txt || true + comm -23 --check-order /tmp/functions.txt /tmp/version.txt > /tmp/diff.txt + test ! -s /tmp/diff.txt diff -Nru jss-4.9.1/.github/workflows/informational.yml jss-5.0.0/.github/workflows/informational.yml --- jss-4.9.1/.github/workflows/informational.yml 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/.github/workflows/informational.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -name: Optional Tests - -on: [push, pull_request] - -jobs: - test: - runs-on: ubuntu-latest - strategy: - matrix: - image: - - 'pki_build' - - steps: - - name: Clone the repository - uses: actions/checkout@v2 - - - name: Build and Run the Docker Image - run: bash tools/run_container.sh "${{ matrix.image }}" diff -Nru jss-4.9.1/.github/workflows/pkcs11-tests.yml jss-5.0.0/.github/workflows/pkcs11-tests.yml --- jss-4.9.1/.github/workflows/pkcs11-tests.yml 1970-01-01 00:00:00.000000000 +0000 +++ jss-5.0.0/.github/workflows/pkcs11-tests.yml 2021-10-01 03:33:50.000000000 +0000 @@ -0,0 +1,102 @@ +name: PKCS11 Tests + +on: [push, pull_request] + +jobs: + init: + name: Initializing Workflow + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.init.outputs.matrix }} + repo: ${{ steps.init.outputs.repo }} + steps: + - name: Clone repository + uses: actions/checkout@v2 + + - name: Initialize workflow + id: init + env: + BASE64_MATRIX: ${{ secrets.BASE64_MATRIX }} + BASE64_REPO: ${{ secrets.BASE64_REPO }} + run: | + tests/bin/init-workflow.sh + + build: + name: Building JSS + needs: init + runs-on: ubuntu-latest + strategy: + matrix: ${{ fromJSON(needs.init.outputs.matrix) }} + steps: + - name: Clone repository + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Build runner image + uses: docker/build-push-action@v2 + with: + context: . + build-args: | + OS_VERSION=${{ matrix.os }} + COPR_REPO=${{ needs.init.outputs.repo }} + BUILD_OPTS=--with-timestamp --with-commit-id + tags: jss-runner + target: jss-runner + outputs: type=docker,dest=/tmp/jss-runner.tar + + - name: Upload runner image + uses: actions/cache@v2 + with: + key: jss-runner-${{ matrix.os }} + path: /tmp/jss-runner.tar + + pkcs11-constants-test: + name: Testing PKCS11 Constants + needs: [init, build] + runs-on: ubuntu-latest + env: + SHARED: /tmp/workdir/jss + strategy: + matrix: ${{ fromJSON(needs.init.outputs.matrix) }} + steps: + - name: Clone repository + uses: actions/checkout@v2 + + - name: Download runner image + uses: actions/cache@v2 + with: + key: jss-runner-${{ matrix.os }} + path: /tmp/jss-runner.tar + + - name: Load runner image + run: docker load --input /tmp/jss-runner.tar + + - name: Run container + run: | + IMAGE=jss-runner \ + NAME=jss \ + HOSTNAME=jss.example.com \ + tests/bin/runner-init.sh + + - name: Install dependencies + run: docker exec jss dnf install -y nss-util-devel python2 python3 java-devel + + - name: Generate PKCS11 constants with Python 2 + run: | + docker exec jss python2 $SHARED/tools/build_pkcs11_constants.py \ + --pkcs11t /usr/include/nss3/pkcs11t.h \ + --pkcs11n /usr/include/nss3/pkcs11n.h \ + -o PKCS11Constants-py2.java \ + --verbose + docker exec jss diff PKCS11Constants-py2.java $SHARED/src/main/java/org/mozilla/jss/pkcs11/PKCS11Constants.java + + - name: Generate PKCS11 constants with Python 3 + run: | + docker exec jss python3 $SHARED/tools/build_pkcs11_constants.py \ + --pkcs11t /usr/include/nss3/pkcs11t.h \ + --pkcs11n /usr/include/nss3/pkcs11n.h \ + -o PKCS11Constants-py3.java \ + --verbose + docker exec jss diff PKCS11Constants-py3.java $SHARED/src/main/java/org/mozilla/jss/pkcs11/PKCS11Constants.java diff -Nru jss-4.9.1/.github/workflows/pki-tests.yml jss-5.0.0/.github/workflows/pki-tests.yml --- jss-4.9.1/.github/workflows/pki-tests.yml 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/.github/workflows/pki-tests.yml 2021-10-01 03:33:50.000000000 +0000 @@ -6,29 +6,25 @@ init: name: Initializing Workflow runs-on: ubuntu-latest - container: fedora:latest outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} + matrix: ${{ steps.init.outputs.matrix }} + repo: ${{ steps.init.outputs.repo }} steps: - - name: Set up test matrix - id: set-matrix + - name: Clone repository + uses: actions/checkout@v2 + + - name: Initialize workflow + id: init + env: + BASE64_MATRIX: ${{ secrets.BASE64_MATRIX }} + BASE64_REPO: ${{ secrets.BASE64_REPO }} run: | - export latest=$(cat /etc/fedora-release | awk '{ print $3 }') - export previous=$(cat /etc/fedora-release | awk '{ print $3 - 1 }') - echo "Running CI against Fedora $previous and $latest" - if [ "${{ secrets.MATRIX }}" == "" ] - then - echo "::set-output name=matrix::{\"os\":[\"$previous\", \"$latest\"]}" - else - echo "::set-output name=matrix::${{ secrets.MATRIX }}" - fi + tests/bin/init-workflow.sh build: name: Building JSS needs: init runs-on: ubuntu-latest - env: - COPR_REPO: "@pki/10.11" strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} steps: @@ -44,7 +40,7 @@ context: . build-args: | OS_VERSION=${{ matrix.os }} - COPR_REPO=${{ env.COPR_REPO }} + COPR_REPO=${{ needs.init.outputs.repo }} BUILD_OPTS=--with-timestamp --with-commit-id tags: jss-runner target: jss-runner @@ -56,13 +52,48 @@ name: jss-runner-${{ matrix.os }} path: /tmp/jss-runner.tar + pki-build-test: + name: Building PKI + needs: [init, build] + runs-on: ubuntu-latest + env: + SHARED: /tmp/workdir/jss + strategy: + matrix: ${{ fromJSON(needs.init.outputs.matrix) }} + steps: + - name: Clone repository + uses: actions/checkout@v2 + + - name: Download runner image + uses: actions/download-artifact@v2 + with: + name: jss-runner-${{ matrix.os }} + path: /tmp + + - name: Load runner image + run: docker load --input /tmp/jss-runner.tar + + - name: Run container + run: | + IMAGE=jss-runner \ + NAME=pki \ + HOSTNAME=pki.example.com \ + tests/bin/runner-init.sh + + - name: Build PKI + run: | + docker exec pki dnf install -y git rpm-build + docker exec pki git clone https://github.com/dogtagpki/pki + docker exec pki dnf build-dep -y --spec pki/pki.spec + docker exec pki pki/build.sh --with-timestamp --with-commit-id rpm + docker exec pki bash -c "dnf install -y /root/build/pki/RPMS/*.rpm" + ca-test: name: Installing CA needs: [init, build] runs-on: ubuntu-latest env: SHARED: /tmp/workdir/jss - COPR_REPO: "@pki/10.11" strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} steps: @@ -86,26 +117,56 @@ tests/bin/runner-init.sh - name: Install DS and PKI packages - run: docker exec pki dnf install -y 389-ds-base pki-ca + run: docker exec pki dnf install -y 389-ds-base pki-ca pki-tests - name: Install DS run: docker exec pki ${SHARED}/tests/bin/ds-create.sh - name: Install CA - run: docker exec pki pkispawn -f /usr/share/pki/server/examples/installation/ca.cfg -s CA -v + run: | + docker exec pki pkispawn -f /usr/share/pki/server/examples/installation/ca.cfg -s CA -v + # set buffer size to 0 so that revocation takes effect immediately + docker exec pki pki-server ca-config-set auths.revocationChecking.bufferSize 0 + # enable signed audit log + docker exec pki pki-server ca-config-set log.instance.SignedAudit.logSigning true + # restart PKI server + docker exec pki pki-server restart --wait - name: Run PKI healthcheck run: docker exec pki pki-healthcheck --debug - - name: Verify CA admin + - name: Initialize PKI client run: | docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt + docker exec pki pki info + + - name: Test CA certs + run: | + docker exec pki /usr/share/pki/tests/ca/bin/test-ca-signing-cert.sh + docker exec pki /usr/share/pki/tests/ca/bin/test-subsystem-cert.sh + docker exec pki /usr/share/pki/tests/ca/bin/test-ca-certs.sh + + - name: Test CA admin + run: | docker exec pki pki client-cert-import \ --pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \ --pkcs12-password-file /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf docker exec pki pki -n caadmin ca-user-show caadmin + - name: Test CA agent + run: | + docker exec pki /usr/share/pki/tests/ca/bin/ca-agent-create.sh + docker exec pki /usr/share/pki/tests/ca/bin/ca-agent-cert-create.sh + docker exec pki /usr/share/pki/tests/ca/bin/ca-agent-cert-revoke.sh + docker exec pki /usr/share/pki/tests/ca/bin/ca-agent-cert-unrevoke.sh + + - name: Test CA auditor + run: | + docker exec pki /usr/share/pki/tests/ca/bin/test-ca-auditor-create.sh + docker exec pki /usr/share/pki/tests/ca/bin/test-ca-auditor-cert.sh + docker exec pki /usr/share/pki/tests/ca/bin/test-ca-auditor-logs.sh + - name: Gather artifacts if: always() run: | diff -Nru jss-4.9.1/.github/workflows/required.yml jss-5.0.0/.github/workflows/required.yml --- jss-4.9.1/.github/workflows/required.yml 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/.github/workflows/required.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -name: Required Tests - -on: [push, pull_request] - -jobs: - test: - runs-on: ubuntu-latest - strategy: - matrix: - image: - - 'fedora_33' - - 'fedora_34' - - 'fedora_latest_jdk11' - - 'symbolcheck' - - 'debian_jdk11' - - 'ubuntu_jdk11' - # Disable tests due to missing dependencies - # - 'centos_7' - # - 'centos_8' - - steps: - - name: Clone the repository - uses: actions/checkout@v2 - - - name: Build and Run the Docker Image - run: bash tools/run_container.sh "${{ matrix.image }}" diff -Nru jss-4.9.1/jss.spec jss-5.0.0/jss.spec --- jss-4.9.1/jss.spec 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/jss.spec 2021-10-01 03:33:50.000000000 +0000 @@ -8,7 +8,7 @@ # For development (i.e. unsupported) releases, use x.y.z-0.n.. # For official (i.e. supported) releases, use x.y.z-r where r >=1. -Version: 4.9.1 +Version: 5.0.0 Release: 1%{?_timestamp}%{?_commit_id}%{?dist} #global _phase -alpha1 @@ -32,20 +32,19 @@ # Java ################################################################################ -%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8 -%define java_devel java-1.8.0-openjdk-devel -%define java_headless java-1.8.0-openjdk-headless -%define java_home /usr/lib/jvm/jre-1.8.0-openjdk -%else %define java_devel java-11-openjdk-devel %define java_headless java-11-openjdk-headless %define java_home /usr/lib/jvm/jre-11-openjdk -%endif ################################################################################ # Build Options ################################################################################ +# By default the javadoc package will be built unless --without javadoc +# option is specified. + +%bcond_without javadoc + # By default the build will execute unit tests unless --without test # option is specified. @@ -61,22 +60,20 @@ BuildRequires: unzip BuildRequires: gcc-c++ -BuildRequires: nss-devel >= 3.44 -BuildRequires: nss-tools >= 3.44 +BuildRequires: nss-devel >= 3.66 +BuildRequires: nss-tools >= 3.66 BuildRequires: %{java_devel} BuildRequires: jpackage-utils BuildRequires: slf4j -BuildRequires: glassfish-jaxb-api BuildRequires: slf4j-jdk14 BuildRequires: apache-commons-lang3 BuildRequires: junit -Requires: nss >= 3.44 +Requires: nss >= 3.66 Requires: %{java_headless} Requires: jpackage-utils Requires: slf4j -Requires: glassfish-jaxb-api Requires: slf4j-jdk14 Requires: apache-commons-lang3 @@ -90,6 +87,7 @@ for java-based applications to use native Network Security Services (NSS). This only works with gcj. Other JREs require that JCE providers be signed. +%if %{with javadoc} ################################################################################ %package javadoc ################################################################################ @@ -99,6 +97,7 @@ %description javadoc This package contains the API documentation for JSS. +%endif ################################################################################ %prep @@ -110,6 +109,8 @@ %set_build_flags +export JAVA_HOME=%{java_home} + # Enable compiler optimizations export BUILD_OPT=1 @@ -120,43 +121,23 @@ # Check if we're in FIPS mode modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1 -# The Makefile is not thread-safe -%cmake \ - -DVERSION=%{version} \ - -DJAVA_HOME=%{java_home} \ - -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ - -DJSS_LIB_INSTALL_DIR=%{_libdir}/jss \ - -B %{_vpath_builddir} - -cd %{_vpath_builddir} - -%{__make} \ - VERBOSE=%{?_verbose} \ - CMAKE_NO_VERBOSE=1 \ - --no-print-directory \ - all - -%{__make} \ - VERBOSE=%{?_verbose} \ - CMAKE_NO_VERBOSE=1 \ - --no-print-directory \ - javadoc - -%if %{with test} -ctest --output-on-failure -%endif +./build.sh \ + %{?_verbose:-v} \ + --work-dir=%{_vpath_builddir} \ + --java-lib-dir=%{_jnidir} \ + --jss-lib-dir=%{_libdir}/jss \ + --version=%{version} \ + %{!?with_javadoc:--without-javadoc} \ + %{!?with_test:--without-test} \ + dist ################################################################################ %install -cd %{_vpath_builddir} - -%{__make} \ - VERBOSE=%{?_verbose} \ - CMAKE_NO_VERBOSE=1 \ - DESTDIR=%{buildroot} \ - INSTALL="install -p" \ - --no-print-directory \ +./build.sh \ + %{?_verbose:-v} \ + --work-dir=%{_vpath_builddir} \ + --install-dir=%{buildroot} \ install ################################################################################ @@ -168,11 +149,13 @@ %{_libdir}/* %{_jnidir}/* +%if %{with javadoc} ################################################################################ %files javadoc %defattr(-,root,root,-) -%{_javadocdir}/%{name}-%{version}/ +%{_javadocdir}/%{name}/ +%endif ################################################################################ %changelog diff -Nru jss-4.9.1/pom.xml jss-5.0.0/pom.xml --- jss-4.9.1/pom.xml 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/pom.xml 2021-10-01 03:33:50.000000000 +0000 @@ -6,17 +6,11 @@ 4.0.0 org.dogtagpki jss - 4.9.0-SNAPSHOT + 5.0.0-SNAPSHOT - javax.xml.bind - jaxb-api - 2.2.12 - - - junit junit 4.13.2 diff -Nru jss-4.9.1/README.md jss-5.0.0/README.md --- jss-4.9.1/README.md 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/README.md 2021-10-01 03:33:50.000000000 +0000 @@ -30,21 +30,20 @@ - [OpenJDK 1.8.0 or newer](https://openjdk.java.net/) - [CMake](https://cmake.org/) - [Apache Commons Lang](https://commons.apache.org/proper/commons-lang/) - - [JavaEE JAXB](https://github.com/eclipse-ee4j/jaxb-ri) - [SLF4J](https://www.slf4j.org/) - [JUnit 4](https://junit.org/junit4/) To install these dependencies on Fedora, execute the following: sudo dnf install apache-commons-lang gcc-c++ java-devel jpackage-utils \ - slf4j zlib-devel glassfish-jaxb-api nss-tools nss-devel \ + slf4j zlib-devel nss-tools nss-devel \ cmake junit To install these dependencies on Debian, execute the following: sudo apt-get install build-essential libcommons-lang-java libnss3-dev \ libslf4j-java default-jdk pkg-config zlib1g-dev \ - libjaxb-api-java libnss3-tools cmake zip unzip \ + libnss3-tools cmake zip unzip \ junit4 @@ -61,7 +60,7 @@ git clone https://github.com/dogtagpki/jss cd jss - ./build.sh + ./build.sh rpm To view more detailed instructions for building JSS, please refer to the build documentation: [`docs/building.md`](docs/building.md). diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/asn1/BMPString.java jss-5.0.0/src/main/java/org/mozilla/jss/asn1/BMPString.java --- jss-4.9.1/src/main/java/org/mozilla/jss/asn1/BMPString.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/asn1/BMPString.java 2021-10-01 03:33:50.000000000 +0000 @@ -10,11 +10,11 @@ * The ASN.1 type BMPString. BMPStrings use the Unicode character set. * They are encoded and decoded in big-endian format using two octets. */ -public class BMPString extends CharacterString implements ASN1Value { +public class BMPString extends CharacterString { /** * Creates a new BMPString from an array of Java characters. - * + * * @param chars Input characters. * @throws CharConversionException If an error occurred. */ @@ -24,7 +24,7 @@ /** * Creates a new BMPString from a Java String. - * + * * @param s Input string. * @throws CharConversionException If an error occurred. */ @@ -35,7 +35,7 @@ /** * Returns the conversion object for converting between an encoded byte * array an an array of Java characters. - * + * * @return Character converter. */ @Override @@ -56,7 +56,7 @@ /** * Returns a singleton instance of BMPString.Template. This is more * efficient than creating a new BMPString.Template. - * + * * @return BMSString template. */ public static Template getTemplate() { @@ -66,8 +66,7 @@ private static final Template templateInstance = new Template(); // nested class - public static class Template - extends CharacterString.Template implements ASN1Template { + public static class Template extends CharacterString.Template { @Override protected Tag getTag() { return TAG; diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/asn1/ENUMERATED.java jss-5.0.0/src/main/java/org/mozilla/jss/asn1/ENUMERATED.java --- jss-4.9.1/src/main/java/org/mozilla/jss/asn1/ENUMERATED.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/asn1/ENUMERATED.java 2021-10-01 03:33:50.000000000 +0000 @@ -10,7 +10,7 @@ * Represents an ASN.1 ENUMERATED value. This has the same * interface as INTEGER */ -public class ENUMERATED extends INTEGER implements ASN1Value { +public class ENUMERATED extends INTEGER { private static final long serialVersionUID = 1L; public static final Tag TAG = new Tag(Tag.Class.UNIVERSAL, 10); @@ -22,7 +22,7 @@ /** * Creates a new ENUMERATED value from a long int. - * + * * @param val Input value. */ public ENUMERATED(long val) { @@ -52,7 +52,7 @@ * is a valid value for the ENUMERATED type. */ public static class Template - extends INTEGER.Template implements ASN1Template { + extends INTEGER.Template { @Override Tag getTag() { return ENUMERATED.TAG; diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/asn1/GeneralizedTime.java jss-5.0.0/src/main/java/org/mozilla/jss/asn1/GeneralizedTime.java --- jss-4.9.1/src/main/java/org/mozilla/jss/asn1/GeneralizedTime.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/asn1/GeneralizedTime.java 2021-10-01 03:33:50.000000000 +0000 @@ -8,7 +8,7 @@ /** * The ASN.1 type GeneralizedTime */ -public class GeneralizedTime extends TimeBase implements ASN1Value { +public class GeneralizedTime extends TimeBase { public static final Tag TAG = new Tag(Tag.UNIVERSAL, 24); @@ -19,7 +19,7 @@ /** * Creates a GeneralizedTime from a Date. - * + * * @param date Input date. */ public GeneralizedTime(Date date) { diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/asn1/IA5String.java jss-5.0.0/src/main/java/org/mozilla/jss/asn1/IA5String.java --- jss-4.9.1/src/main/java/org/mozilla/jss/asn1/IA5String.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/asn1/IA5String.java 2021-10-01 03:33:50.000000000 +0000 @@ -5,7 +5,7 @@ import java.io.CharConversionException; -public class IA5String extends CharacterString implements ASN1Value { +public class IA5String extends CharacterString { public IA5String(char[] chars) throws CharConversionException { super(chars); @@ -35,7 +35,7 @@ // nested class public static class Template - extends CharacterString.Template implements ASN1Template { + extends CharacterString.Template { @Override public Tag getTag() { return IA5String.TAG; diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/asn1/PrintableString.java jss-5.0.0/src/main/java/org/mozilla/jss/asn1/PrintableString.java --- jss-4.9.1/src/main/java/org/mozilla/jss/asn1/PrintableString.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/asn1/PrintableString.java 2021-10-01 03:33:50.000000000 +0000 @@ -5,7 +5,7 @@ import java.io.CharConversionException; -public class PrintableString extends CharacterString implements ASN1Value { +public class PrintableString extends CharacterString { public PrintableString(char[] chars) throws CharConversionException { super(chars); @@ -30,7 +30,7 @@ /** * Returns a singleton instance of the decoding template for this class. - * + * * @return The template. */ public static Template getTemplate() { @@ -41,7 +41,7 @@ // nested class public static class Template - extends CharacterString.Template implements ASN1Template { + extends CharacterString.Template { @Override protected Tag getTag() { return TAG; diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/asn1/SEQUENCE.java jss-5.0.0/src/main/java/org/mozilla/jss/asn1/SEQUENCE.java --- jss-4.9.1/src/main/java/org/mozilla/jss/asn1/SEQUENCE.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/asn1/SEQUENCE.java 2021-10-01 03:33:50.000000000 +0000 @@ -15,7 +15,7 @@ * It has an interface similar to a Java Vector. * Null entries may be added; they will be skipped when encoded. */ -public class SEQUENCE extends SET implements ASN1Value { +public class SEQUENCE extends SET { public static final Tag TAG = new Tag(Tag.Class.UNIVERSAL, 16); @@ -71,19 +71,19 @@ /** * Adds a sub-template to the end of this SEQUENCE template. For example, * if the ASN.1 included: - * + * * 
          * MySequence ::= SEQUENCE {
          *      item        SubType,
          *      ... }
          *
- * + * * the "item" element would be added to the MySequence template with: - * + * * 
          * mySequence.addElement(new SubType.Template());
          *
- * + * * @param t Sub-template. */ public void addElement(ASN1Template t) { @@ -92,7 +92,7 @@ /** * Inserts the template at the given index. - * + * * @param t Sub-template. * @param index Index. */ @@ -103,19 +103,19 @@ /** * Adds a sub-template to the end of this SEQUENCE template, with the * given implicit tag. For example, if the ASN.1 were: - * + * * 
          * MySequence ::= SEQUENCE {
          *      item        [0] IMPLICIT  SubType,
          *      ... }
          *
- * + * * the "item" element would be added to the MySequence template with: - * + * * 
          * mySequence.addElement(new Tag(0), new SubType.Template());
          *
- * + * * @param implicitTag Implicit tag. * @param t Sub-template. */ @@ -125,7 +125,7 @@ /** * Inserts the template with the given implicit tag at the given index. - * + * * @param implicit Implicit tag. * @param t Sub-Template. * @param index Index. @@ -137,19 +137,19 @@ /** * Adds an optional sub-template. For example, if the ASN.1 were: - * + * * 
          * MySequence ::= SEQUENCE {
          *      item        SubType OPTIONAL,
          *      ... }
          *
- * + * * the "item" element would be added to the MySequence template with: - * + * * 
          * mySequence.addOptionalElement(new SubType.Template());
          *
- * + * * @param t Optional sub-template. */ public void addOptionalElement(ASN1Template t) { @@ -158,7 +158,7 @@ /** * Inserts the optional template at the given index. - * + * * @param t Optional sub-template. * @param index Index. */ @@ -169,19 +169,19 @@ /** * Adds an optional sub-template with an implicit tag. For example, * if the ASN.1 were: - * + * * 
          * MySequence ::= SEQUENCE {
          *      item        [0] IMPLICIT SubType OPTIONAL,
          *      ... }
          *
- * + * * the "item" element would be added to the MySequence template with: - * + * * 
          * mySequence.addOptionalElement(new SubType.Template());
          *
- * + * * @param implicitTag Implicit tag. * @param t Optional sub-template. */ @@ -192,7 +192,7 @@ /** * Inserts the optional template with the given default * value at the given index. - * + * * @param implicit Implicit tag. * @param t Optional sub-template. * @param index Index. @@ -205,19 +205,19 @@ /** * Adds a sub-template with a default value. For example, * if the ASN.1 were: - * + * * 
          * MySequence ::= SEQUENCE {
          *      version     INTEGER DEFAULT 1,
          *      ... }
          *
- * + * * the "item" element would be added to the MySequence template with: - * + * * 
          * mySequence.addElement(new INTEGER.Template(), new INTEGER(1));
          *
- * + * * @param t Sub-template. * @param def The default value for this field, which will be used if * no value is supplied by the encoded structure. It must be of @@ -230,7 +230,7 @@ /** * Inserts the template with the given default * value at the given index. - * + * * @param t Sub-template. * @param def Default value. * @param index Index. @@ -242,20 +242,20 @@ /** * Adds a sub-template with a default value and an implicit tag. * For example, if the ASN.1 were: - * + * * 
          * MySequence ::= SEQUENCE {
          *      version     [0] IMPLICIT INTEGER DEFAULT 1,
          *      ... }
          *
- * + * * the "item" element would be added to the MySequence template with: - * + * * 
          * mySequence.addElement(new Tag(0), new INTEGER.Template(),
          *         new INTEGER(1));
          *
- * + * * @param implicitTag Implicit tag. * @param t Sub-template. * @param def The default value for this field, which will be used if @@ -269,7 +269,7 @@ /** * Inserts the template with the given implicit tag and given default * value at the given index. - * + * * @param implicit Implicit tag. * @param t Sub-template. * @param def Default value. @@ -283,7 +283,7 @@ /** * Returns the implicit tag of the item stored at the given index. * May be NULL if no implicit tag was specified. - * + * * @param index Index. * @return Tag. */ @@ -293,7 +293,7 @@ /** * Returns the sub-template stored at the given index. - * + * * @param index Index. * @return Sub-template. */ @@ -303,7 +303,7 @@ /** * Returns whether the sub-template at the given index is optional. - * + * * @param index Index. * @return True if the sub-template is optional. */ @@ -314,7 +314,7 @@ /** * Returns the default value for the sub-template at the given index. * May return NULL if no default value was specified. - * + * * @param index Index. * @return Default value. */ @@ -338,7 +338,7 @@ /** * Removes the sub-template at the given index. - * + * * @param index Index. */ public void removeElementAt(int index) { @@ -356,7 +356,7 @@ /** * Decodes a SEQUENCE from its BER encoding. - * + * * @param istream Input stream. */ @Override @@ -368,7 +368,7 @@ /** * Decodes a SEQUENCE from its BER encoding, where the SEQUENCE itself has * an implicit tag. - * + * * @param tag Tag. * @param istream Input stream. */ @@ -506,7 +506,7 @@ /** * Creates a new element, which may or may not be optional. - * + * * @param implicitTag Implicit tag. * @param type Type. * @param optional Optional. @@ -517,7 +517,7 @@ /** * Creates a new element, which may or may not be optional. - * + * * @param implicitTag Implicit tag. * @param type Type. * @param optional Optional. @@ -534,7 +534,7 @@ /** * Creates a new element with a default value. - * + * * @param implicitTag Implicit tag. * @param type Type. * @param defaultVal Default value. @@ -605,19 +605,19 @@ * while * an OF_Template has an indefinite number of elements, all the same type. * For example, given: - * + * * 
      * MyType ::= SEQUENCE OF Extension
      *
- * + * * a MyType could be decoded with: - * + * * 
      *  SEQUENCE.OF_Template myTypeTemplate = new SEQUENCE.OF_Template( new
      *      Extension.Template) );
      *  SEQUENCE seq = (SEQUENCE) myTypeTemplate.decode(someInputStream);
      *
- * + * * The number of Extensions actually decoded could be found * with seq.size(). */ diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/asn1/TeletexString.java jss-5.0.0/src/main/java/org/mozilla/jss/asn1/TeletexString.java --- jss-4.9.1/src/main/java/org/mozilla/jss/asn1/TeletexString.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/asn1/TeletexString.java 2021-10-01 03:33:50.000000000 +0000 @@ -8,7 +8,7 @@ /** * The ASN.1 type TeletexString. */ -public class TeletexString extends CharacterString implements ASN1Value { +public class TeletexString extends CharacterString { public static final Tag TAG = new Tag(Tag.UNIVERSAL, 20); @@ -32,7 +32,7 @@ /** * Returns a singleton instance of the decoding template for this class. - * + * * @return Template. */ public static Template getTemplate() { @@ -43,7 +43,7 @@ // nested class public static class Template - extends CharacterString.Template implements ASN1Template { + extends CharacterString.Template { @Override protected Tag getTag() { diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/asn1/UniversalString.java jss-5.0.0/src/main/java/org/mozilla/jss/asn1/UniversalString.java --- jss-4.9.1/src/main/java/org/mozilla/jss/asn1/UniversalString.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/asn1/UniversalString.java 2021-10-01 03:33:50.000000000 +0000 @@ -10,7 +10,7 @@ /** * A UCS4 string. */ -public class UniversalString extends CharacterString implements ASN1Value { +public class UniversalString extends CharacterString { public static final Tag TAG = new Tag(Tag.UNIVERSAL, 28); @@ -34,7 +34,7 @@ /** * Returns a singleton instance of the decoding template for this class. - * + * * @return Template. */ public static Template getTemplate() { @@ -45,7 +45,7 @@ // nested class public static class Template - extends CharacterString.Template implements ASN1Template { + extends CharacterString.Template { @Override protected Tag getTag() { return TAG; diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/asn1/UTCTime.java jss-5.0.0/src/main/java/org/mozilla/jss/asn1/UTCTime.java --- jss-4.9.1/src/main/java/org/mozilla/jss/asn1/UTCTime.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/asn1/UTCTime.java 2021-10-01 03:33:50.000000000 +0000 @@ -5,7 +5,7 @@ import java.util.Date; -public class UTCTime extends TimeBase implements ASN1Value { +public class UTCTime extends TimeBase { public static final Tag TAG = new Tag(Tag.UNIVERSAL, 23); diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/asn1/UTF8String.java jss-5.0.0/src/main/java/org/mozilla/jss/asn1/UTF8String.java --- jss-4.9.1/src/main/java/org/mozilla/jss/asn1/UTF8String.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/asn1/UTF8String.java 2021-10-01 03:33:50.000000000 +0000 @@ -6,7 +6,7 @@ import java.io.CharConversionException; import java.io.UnsupportedEncodingException; -public class UTF8String extends CharacterString implements ASN1Value { +public class UTF8String extends CharacterString { public UTF8String(char[] chars) throws CharConversionException { super(chars); @@ -34,7 +34,7 @@ /** * Returns a singleton instance of UTF8String.Template. This is more * efficient than creating a new UTF8String.Template. - * + * * @return Template. */ public static Template getTemplate() { @@ -43,7 +43,7 @@ // nested class public static class Template - extends CharacterString.Template implements ASN1Template { + extends CharacterString.Template { @Override protected Tag getTag() { return TAG; diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/CryptoManager.java jss-5.0.0/src/main/java/org/mozilla/jss/CryptoManager.java --- jss-4.9.1/src/main/java/org/mozilla/jss/CryptoManager.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/CryptoManager.java 2021-10-01 03:33:50.000000000 +0000 @@ -3,8 +3,8 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ package org.mozilla.jss; -import java.security.Security; import java.security.GeneralSecurityException; +import java.security.Security; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.util.ArrayList; @@ -57,22 +57,22 @@ logger.debug("CryptoManager: loading JSS library"); try { - System.loadLibrary("jss4"); + System.loadLibrary("jss"); logger.debug("CryptoManager: loaded JSS library from java.library.path"); } catch (UnsatisfiedLinkError e) { try { - System.load("/usr/lib64/jss/libjss4.so"); - logger.debug("CryptoManager: loaded JSS library from /usr/lib64/jss/libjss4.so"); + System.load("/usr/lib64/jss/libjss.so"); + logger.debug("CryptoManager: loaded JSS library from /usr/lib64/jss/libjss.so"); } catch (UnsatisfiedLinkError e1) { try { - System.load("/usr/lib/jss/libjss4.so"); - logger.debug("CryptoManager: loaded JSS library from /usr/lib/jss/libjss4.so"); + System.load("/usr/lib/jss/libjss.so"); + logger.debug("CryptoManager: loaded JSS library from /usr/lib/jss/libjss.so"); } catch (UnsatisfiedLinkError e2) { - logger.warn("Unable to load jss4 via loadLibrary: " + e.toString()); - logger.warn("Unable to load /usr/lib64/jss/libjss4.so: " + e1.toString()); + logger.warn("Unable to load jss via loadLibrary: " + e.toString()); + logger.warn("Unable to load /usr/lib64/jss/libjss.so: " + e1.toString()); throw e2; } } @@ -1352,7 +1352,7 @@ * @param policy - Either cert and chain or normal default processing. * */ - + public static synchronized void setOCSPPolicy(OCSPPolicy policy) { ocspPolicy = policy; } @@ -1378,8 +1378,8 @@ { /* set the ocsp policy */ - if(ocspCheckingEnabled && - ocspResponderURL == null && + if(ocspCheckingEnabled && + ocspResponderURL == null && ocspResponderCertNickname == null) { setOCSPPolicy(OCSPPolicy.LEAF_AND_CHAIN); } else { diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/JSSProvider.java jss-5.0.0/src/main/java/org/mozilla/jss/JSSProvider.java --- jss-4.9.1/src/main/java/org/mozilla/jss/JSSProvider.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/JSSProvider.java 2021-10-01 03:33:50.000000000 +0000 @@ -61,6 +61,7 @@ * * If the JSSProvider is already loaded, this is a no-op. */ + @Override public Provider configure(String arg) { try { cm = JSSLoader.init(arg); diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/provider/DSAPrivateKey.java jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/provider/DSAPrivateKey.java --- jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/provider/DSAPrivateKey.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/provider/DSAPrivateKey.java 2021-10-01 03:33:50.000000000 +0000 @@ -18,7 +18,6 @@ package org.mozilla.jss.netscape.security.provider; import java.io.IOException; -import java.io.Serializable; import java.math.BigInteger; import java.security.AlgorithmParameters; import java.security.InvalidKeyException; @@ -43,7 +42,7 @@ */ public final class DSAPrivateKey extends PKCS8Key - implements java.security.interfaces.DSAPrivateKey, Serializable { + implements java.security.interfaces.DSAPrivateKey { /** use serialVersionUID from JDK 1.1. for interoperability */ private static final long serialVersionUID = -3244453684193605938L; diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/provider/DSAPublicKey.java jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/provider/DSAPublicKey.java --- jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/provider/DSAPublicKey.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/provider/DSAPublicKey.java 2021-10-01 03:33:50.000000000 +0000 @@ -18,7 +18,6 @@ package org.mozilla.jss.netscape.security.provider; import java.io.IOException; -import java.io.Serializable; import java.math.BigInteger; import java.security.AlgorithmParameters; import java.security.InvalidKeyException; @@ -44,7 +43,7 @@ */ public final class DSAPublicKey extends X509Key - implements java.security.interfaces.DSAPublicKey, Serializable { + implements java.security.interfaces.DSAPublicKey { /** use serialVersionUID from JDK 1.1. for interoperability */ private static final long serialVersionUID = -2994193307391104133L; diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/provider/RSAPublicKey.java jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/provider/RSAPublicKey.java --- jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/provider/RSAPublicKey.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/provider/RSAPublicKey.java 2021-10-01 03:33:50.000000000 +0000 @@ -18,7 +18,6 @@ package org.mozilla.jss.netscape.security.provider; import java.io.IOException; -import java.io.Serializable; import java.security.InvalidKeyException; import org.mozilla.jss.netscape.security.util.BigInt; @@ -38,7 +37,7 @@ * */ -public final class RSAPublicKey extends X509Key implements Serializable { +public final class RSAPublicKey extends X509Key { /* XXX This currently understands only PKCS#1 RSA Encryption OID and parameter format diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/x509/CertAndKeyGen.java jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/x509/CertAndKeyGen.java --- jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/x509/CertAndKeyGen.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/x509/CertAndKeyGen.java 2021-10-01 03:33:50.000000000 +0000 @@ -25,7 +25,6 @@ import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.PublicKey; -import java.security.SecureRandom; import java.security.Signature; import java.security.SignatureException; import java.security.cert.CertificateEncodingException; @@ -76,20 +75,6 @@ this.sigAlg = sigAlg; } - /** - * Sets the source of random numbers used when generating keys. - * If you do not provide one, a system default facility is used. - * You may wish to provide your own source of random numbers - * to get a reproducible sequence of keys and signatures, or - * because you may be able to take advantage of strong sources - * of randomness/entropy in your environment. - * - * @deprecated All random numbers come from PKCS #11 now. - */ - @Deprecated - public void setRandom(SecureRandom generator) { - } - // want "public void generate (X509Certificate)" ... inherit DSA/D-H param /** @@ -153,37 +138,6 @@ } /** - * Returns a self-signed X.509v1 certificate for the public key. - * The certificate is immediately valid. - * - *

- * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always - * be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security - * infrastructure, or deploying system prototypes. - * - * @deprecated Use the new {@link #getSelfCertificate(X500Name, long)} - * - * @param myname X.500 name of the subject (who is also the issuer) - * @param validity how long the certificate should be valid, in seconds - */ - @Deprecated - public X509Cert getSelfCert(X500Name myname, long validity) - throws InvalidKeyException, SignatureException, NoSuchAlgorithmException { - X509Certificate cert; - - try { - cert = getSelfCertificate(myname, validity); - return new X509Cert(cert.getEncoded()); - } catch (CertificateException e) { - throw new SignatureException(e.getMessage()); - } catch (NoSuchProviderException e) { - throw new NoSuchAlgorithmException(e.getMessage()); - } catch (IOException e) { - throw new SignatureException(e.getMessage()); - } - } - - /** * Returns a self-signed X.509v3 certificate for the public key. * The certificate is immediately valid. No extensions. * @@ -238,7 +192,7 @@ return cert; } catch (IOException e) { - throw new CertificateEncodingException("getSelfCert: " + + throw new CertificateEncodingException("getSelfCertificate: " + e.getMessage()); } } diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/x509/CertificateExtensions.java jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/x509/CertificateExtensions.java --- jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/x509/CertificateExtensions.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/x509/CertificateExtensions.java 2021-10-01 03:33:50.000000000 +0000 @@ -22,7 +22,6 @@ import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.OutputStream; -import java.io.Serializable; import java.lang.reflect.Array; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; @@ -45,7 +44,7 @@ * @see CertAttrSet */ public class CertificateExtensions extends Vector - implements CertAttrSet, Serializable { + implements CertAttrSet { /** * */ diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/x509/RevocationReasonAdapter.java jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/x509/RevocationReasonAdapter.java --- jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/x509/RevocationReasonAdapter.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/x509/RevocationReasonAdapter.java 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2012 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package org.mozilla.jss.netscape.security.x509; - -import javax.xml.bind.annotation.adapters.XmlAdapter; - -import org.apache.commons.lang3.StringUtils; - -/** - * The RevocationReasonAdapter class provides custom marshaling for RevocationReason. - * - * @deprecated Use the revocation reason code or label instead. - * @author Endi S. Dewata - */ -@Deprecated -public class RevocationReasonAdapter extends XmlAdapter { - - @Override - public RevocationReason unmarshal(String value) throws Exception { - return StringUtils.isEmpty(value) ? null : RevocationReason.valueOf(value); - } - - @Override - public String marshal(RevocationReason value) throws Exception { - return value == null ? null : value.toString(); - } -} diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/x509/X509CertImpl.java jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/x509/X509CertImpl.java --- jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/x509/X509CertImpl.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/x509/X509CertImpl.java 2021-10-01 03:33:50.000000000 +0000 @@ -22,7 +22,6 @@ import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.OutputStream; -import java.io.Serializable; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -81,7 +80,7 @@ * @see X509CertInfo */ public class X509CertImpl extends X509Certificate - implements Serializable, DerEncoder { + implements DerEncoder { // Serialization compatibility with the X509CertImpl in x509v1.jar // supporting the subset of X509Certificate on JDK1.1.x platforms. static final long serialVersionUID = -2048442350420423405L; diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/x509/X509Cert.java jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/x509/X509Cert.java --- jss-4.9.1/src/main/java/org/mozilla/jss/netscape/security/x509/X509Cert.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/netscape/security/x509/X509Cert.java 1970-01-01 00:00:00.000000000 +0000 @@ -1,857 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package org.mozilla.jss.netscape.security.x509; - -import java.io.IOException; -import java.io.InputStream; -import java.io.ObjectInputStream; -import java.io.OutputStream; -import java.io.Serializable; -import java.security.Certificate; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.util.Date; - -import org.mozilla.jss.netscape.security.util.BigInt; -import org.mozilla.jss.netscape.security.util.DerInputStream; -import org.mozilla.jss.netscape.security.util.DerOutputStream; -import org.mozilla.jss.netscape.security.util.DerValue; - -/** - * @author David Brownell - * @version 1.5 - * - * @see CertAndKeyGen - * @deprecated Use the new X509Certificate class. - * This class is only restored for backwards compatibility. - */ -@Deprecated -public class X509Cert implements Certificate, Serializable { - - /** - * - */ - private static final long serialVersionUID = -6968141532738786900L; - /* The algorithm id */ - protected AlgorithmId algid; - - /** - * Construct a uninitialized X509 Cert on which - * decode must later be called (or which may be deserialized). - */ - // XXX deprecated, delete this - public X509Cert() { - } - - /** - * Unmarshals a certificate from its encoded form, parsing the - * encoded bytes. This form of constructor is used by agents which - * need to examine and use certificate contents. That is, this is - * one of the more commonly used constructors. Note that the buffer - * must include only a certificate, and no "garbage" may be left at - * the end. If you need to ignore data at the end of a certificate, - * use another constructor. - * - * @param cert the encoded bytes, with no terminatu (CONSUMED) - * @exception IOException when the certificate is improperly encoded. - */ - public X509Cert( - byte cert[]) throws IOException { - DerValue in = new DerValue(cert); - - parse(in); - if (in.data.available() != 0) - throw new CertParseError("garbage at end"); - signedCert = cert; - } - - /** - * Unmarshals a certificate from its encoded form, parsing the - * encoded bytes. This form of constructor is used by agents which - * need to examine and use certificate contents. That is, this is - * one of the most commonly used constructors. - * - * @param buf the buffer holding the encoded bytes - * @param offset the offset in the buffer where the bytes begin - * @param len how many bytes of certificate exist - * - * @exception IOException when the certificate is improperly encoded. - */ - public X509Cert( - byte buf[], - int offset, - int len) throws IOException { - DerValue in = new DerValue(buf, offset, len); - - parse(in); - if (in.data.available() != 0) - throw new CertParseError("garbage at end"); - signedCert = new byte[len]; - System.arraycopy(buf, offset, signedCert, 0, len); - } - - /** - * Unmarshal a certificate from its encoded form, parsing a DER value. - * This form of constructor is used by agents which need to examine - * and use certificate contents. - * - * @param derVal the der value containing the encoded cert. - * @exception IOException when the certificate is improperly encoded. - */ - public X509Cert(DerValue derVal) throws IOException { - parse(derVal); - if (derVal.data.available() != 0) - throw new CertParseError("garbage at end"); - signedCert = derVal.toByteArray(); - } - - /** - * Partially constructs a certificate from descriptive parameters. - * This constructor may be used by Certificate Authority (CA) code, - * which later signs and encodes the - * certificate. Also, self-signed certificates serve as CA certificates, - * and are sometimes used as certificate requests. - * - *

- * Until the certificate has been signed and encoded, some of the mandatory fields in the certificate will not be - * available via accessor functions: the serial number, issuer name and signing algorithm, and of course the signed - * certificate. The fields passed to this constructor are available, and must be non-null. - * - *

- * Note that the public key being signed is generally independent of the signature algorithm being used. So for - * example Diffie-Hellman keys (which do not support signatures) can be placed in X.509 certificates when some other - * signature algorithm (e.g. DSS/DSA, or one of the RSA based algorithms) is used. - * - * @see CertAndKeyGen - * - * @param subjectName the X.500 distinguished name being certified - * @param subjectPublicKey the public key being certified. This - * must be an "X509Key" implementing the "PublicKey" interface. - * @param notBefore the first time the certificate is valid - * @param notAfter the last time the certificate is valid - * - * @exception CertException if the public key is inappropriate - */ - public X509Cert( - X500Name subjectName, - X509Key subjectPublicKey, - Date notBefore, - Date notAfter) throws CertException { - subject = subjectName; - - if (subjectPublicKey == null) - throw new CertException(CertException.err_INVALID_PUBLIC_KEY, - "Public Key is NULL"); - - /* - * The X509 cert API requires X509 keys, else things break. - */ - pubkey = subjectPublicKey; - notbefore = notBefore; - notafter = notAfter; - version = 0; - } - - /** - * Decode an X.509 certificate from an input stream. - * - * @param in an input stream holding at least one certificate - * @exception IOException when the certificate is improperly encoded. - */ - @Override - public void decode(InputStream in) throws IOException { - DerValue val = new DerValue(in); - - parse(val); - if (val.data.available() != 0) - throw new CertParseError("garbage at end"); - signedCert = val.toByteArray(); - } - - /** - * Appends the certificate to an output stream. - * - * @param out an input stream to which the certificate is appended. - * @exception IOException when appending fails. - */ - @Override - public void encode(OutputStream out) throws IOException { - out.write(getSignedCert()); - } - - /** - * Compares two certificates. This is false if the - * certificates are not both X.509 certs, otherwise it - * compares them as binary data. - * - * @param other the object being compared with this one - * @return true iff the certificates are equivalent - */ - @Override - public boolean equals(Object other) { - if (other instanceof X509Cert) - return equals((X509Cert) other); - else - return false; - } - - /** - * Compares two certificates, returning false if any data - * differs between the two. - * - * @param src the object being compared with this one - * @return true iff the certificates are equivalent - */ - public boolean equals(X509Cert src) { - if (this == src) - return true; - if (signedCert == null || src.signedCert == null) - return false; - if (signedCert.length != src.signedCert.length) - return false; - for (int i = 0; i < signedCert.length; i++) - if (signedCert[i] != src.signedCert[i]) - return false; - return true; - } - - /** Returns the "X.509" format identifier. */ - @Override - public String getFormat() // for Certificate - { - return "X.509"; - } - - /** Returns getIssuerName */ - @Override - public Principal getGuarantor() // for Certificate - { - return getIssuerName(); - } - - /** Returns getSubjectName */ - @Override - public Principal getPrincipal() { - return getSubjectName(); - } - - /** - * Throws an exception if the certificate is invalid because it is - * now outside of the certificate's validity period, or because it - * was not signed using the verification key provided. Successfully - * verifying a certificate does not indicate that one should - * trust the entity which it represents. - * - *

- * Note that since this class represents only a single X.509 - * certificate, it cannot know anything about the certificate chain - * which is used to provide the verification key and to establish trust. - * Other code must manage and use those cert chains. - * - * For now, you must walk the cert chain being used to verify any - * given cert. Start at the root, which is a self-signed certificate; - * verify it using the key inside the certificate. Then use that to - * verify the next certificate in the chain, issued by that CA. In - * this manner, verify each certificate until you reach the particular - * certificate you wish to verify. You should not use a certificate - * if any of the verification operations for its certificate chain - * were unsuccessful. - * - * - * @param issuerPublicKey the public key of the issuing CA - * @exception CertException when the certificate is not valid. - */ - public void verify(PublicKey issuerPublicKey) - throws CertException { - Date now = new Date(); - - if (now.before(notbefore)) - throw new CertException(CertException.verf_INVALID_NOTBEFORE); - if (now.after(notafter)) - throw new CertException(CertException.verf_INVALID_EXPIRED); - if (signedCert == null) - throw new CertException(CertException.verf_INVALID_SIG, - "?? certificate is not signed yet ??"); - - // - // Verify the signature ... - // - String algName = null; - - try { - Signature sigVerf = null; - - algName = issuerSigAlg.getName(); - sigVerf = Signature.getInstance(algName); - sigVerf.initVerify(issuerPublicKey); - sigVerf.update(rawCert, 0, rawCert.length); - - if (!sigVerf.verify(signature)) { - throw new CertException(CertException.verf_INVALID_SIG, - "Signature ... by <" + issuer + "> for <" + subject + ">"); - } - - // Gag -- too many catch clauses, let most through. - - } catch (NoSuchAlgorithmException e) { - throw new CertException(CertException.verf_INVALID_SIG, - "Unsupported signature algorithm (" + algName + ")"); - - } catch (InvalidKeyException e) { - // e.printStackTrace(); - throw new CertException(CertException.err_INVALID_PUBLIC_KEY, - "Algorithm (" + algName + ") rejected public key"); - - } catch (SignatureException e) { - throw new CertException(CertException.verf_INVALID_SIG, - "Signature by <" + issuer + "> for <" + subject + ">"); - } - } - - /** - * Creates an X.509 certificate, and signs it using the issuer - * passed (associating a signature algorithm and an X.500 name). - * This operation is used to implement the certificate generation - * functionality of a certificate authority. - * - * @see #getSignedCert - * @see #getSigner - * @see CertAndKeyGen - * - * @param serial the serial number of the certificate (non-null) - * @param issuer the certificate issuer (CA) (non-null) - * @return the signed certificate, as returned by getSignedCert - * - * @exception IOException if any of the data could not be encoded, - * or when any mandatory data was omitted - * @exception SignatureException on signing failures - */ - public byte[] - encodeAndSign( - BigInt serial, - X500Signer issuer - ) throws IOException, SignatureException { - rawCert = null; - - /* - * Get the remaining cert parameters, and make sure we have enough. - * - * We deduce version based on what attribute data are available - * For now, we have no attributes, so we always deduce X.509v1 ! - */ - version = 0; - serialnum = serial; - this.issuer = issuer.getSigner(); - issuerSigAlg = issuer.getAlgorithmId(); - - if (subject == null || pubkey == null - || notbefore == null || notafter == null) - throw new IOException("not enough cert parameters"); - - /* - * Encode the raw cert, create its signature and put it - * into the envelope. - */ - rawCert = DERencode(); - signedCert = sign(issuer, rawCert); - return signedCert; - } - - /** - * Returns an X500Signer that may be used to create signatures. Those - * signature may in turn be verified using this certificate (or a - * copy of it). - * - *

- * NOTE: If the private key is by itself capable of - * creating signatures, this fact may not be recognized at this time. - * Specifically, the case of DSS/DSA keys which get their algorithm - * parameters from higher in the certificate chain is not supportable - * without using an X509CertChain API, and there is no current support - * for other sources of algorithm parameters. - * - * @param algorithmId the signature algorithm to be used. Note that a - * given public/private key pair may support several such algorithms. - * @param privateKey the private key used to create the signature, - * which must correspond to the public key in this certificate - * @return the Signer object - * - * @exception NoSuchAlgorithmException if the signature - * algorithm is not supported - * @exception InvalidKeyException if either the key in the certificate, - * or the private key parameter, does not support the requested - * signature algorithm - */ - public X500Signer getSigner(AlgorithmId algorithmId, - PrivateKey privateKey) - throws NoSuchAlgorithmException, InvalidKeyException { - String algorithm; - Signature sig; - - if (privateKey != null) { - Key key = privateKey; - algorithm = key.getAlgorithm(); - } else { - throw new InvalidKeyException("Private Key is NULL"); - } - - sig = Signature.getInstance(algorithmId.getName()); - - if (!pubkey.getAlgorithm().equals(algorithm)) { - - throw new InvalidKeyException("Private key algorithm " + - algorithm + - " incompatible with certificate " + - pubkey.getAlgorithm()); - } - sig.initSign(privateKey); - return new X500Signer(sig, subject); - } - - /** - * Returns a signature object that may be used to verify signatures - * created using a specified signature algorithm and the public key - * contained in this certificate. - * - *

- * NOTE: If the public key in this certificate is not by - * itself capable of verifying signatures, this may not be recognized - * at this time. Specifically, the case of DSS/DSA keys which get - * their algorithm parameters from higher in the certificate chain - * is not supportable without using an X509CertChain API, and there - * is no current support for other sources of algorithm parameters. - * - * @param algorithm the algorithm of the signature to be verified - * @return the Signature object - * @exception NoSuchAlgorithmException if the signature - * algorithm is not supported - * @exception InvalidKeyException if the key in the certificate - * does not support the requested signature algorithm - */ - public Signature getVerifier(String algorithm) - throws NoSuchAlgorithmException, InvalidKeyException { - Signature sig; - - sig = Signature.getInstance(algorithm); - sig.initVerify(pubkey); - return sig; - } - - /** - * Return the signed X.509 certificate as a byte array. - * The bytes are in standard DER marshaled form. - * Null is returned in the case of a partially constructed cert. - */ - public byte[] getSignedCert() { - return signedCert; - } - - /** - * Returns the certificate's serial number. - * Null is returned in the case of a partially constructed cert. - */ - public BigInt getSerialNumber() { - return serialnum; - } - - /** - * Returns the subject's X.500 distinguished name. - */ - public X500Name getSubjectName() { - return subject; - } - - /** - * Returns the certificate issuer's X.500 distinguished name. - * Null is returned in the case of a partially constructed cert. - */ - public X500Name getIssuerName() { - return issuer; - } - - /** - * Returns the algorithm used by the issuer to sign the certificate. - * Null is returned in the case of a partially constructed cert. - */ - public AlgorithmId getIssuerAlgorithmId() { - return issuerSigAlg; - } - - /** - * Returns the first time the certificate is valid. - */ - public Date getNotBefore() { - return notbefore; - } - - /** - * Returns the last time the certificate is valid. - */ - public Date getNotAfter() { - return notafter; - } - - /** - * Returns the subject's public key. Note that some public key - * algorithms support an optional certificate generation policy - * where the keys in the certificates are not in themselves sufficient - * to perform a public key operation. Those keys need to be augmented - * by algorithm parameters, which the certificate generation policy - * chose not to place in the certificate. - * - *

- * Two such public key algorithms are: DSS/DSA, where algorithm parameters could be acquired from a CA certificate - * in the chain of issuers; and Diffie-Hellman, with a similar solution although the CA then needs both a - * Diffie-Hellman certificate and a signature capable certificate. - */ - @Override - public PublicKey getPublicKey() { - return pubkey; - } - - /** - * Returns the X.509 version number of this certificate, zero based. - * That is, "2" indicates an X.509 version 3 (1993) certificate, - * and "0" indicates X.509v1 (1988). - * Zero is returned in the case of a partially constructed cert. - */ - public int getVersion() { - return version; - } - - /** - * Calculates a hash code value for the object. Objects - * which are equal will also have the same hashcode. - */ - @Override - public int hashCode() { - int retval = 0; - - for (int i = 0; i < signedCert.length; i++) - retval += signedCert[i] * i; - return retval; - } - - /** - * Returns a printable representation of the certificate. This does not - * contain all the information available to distinguish this from any - * other certificate. The certificate must be fully constructed - * before this function may be called; in particular, if you are - * creating certificates you must call encodeAndSign() before calling - * this function. - */ - @Override - public String toString() { - String s; - - if (subject == null || pubkey == null - || notbefore == null || notafter == null - || issuer == null || issuerSigAlg == null - || serialnum == null) - throw new NullPointerException("X.509 cert is incomplete"); - - s = " X.509v" + (version + 1) + " certificate,\n"; - s += " Subject is " + subject + "\n"; - s += " Key: " + pubkey; - s += " Validity <" + notbefore + "> until <" + notafter + ">\n"; - s += " Issuer is " + issuer + "\n"; - s += " Issuer signature used " + issuerSigAlg.toString() + "\n"; - s += " Serial number = " + serialnum + "\n"; - - // optional v2, v3 extras - - return "[\n" + s + "]"; - } - - /** - * Returns a printable representation of the certificate. - * - * @param detailed true iff lots of detail is requested - */ - @Override - public String toString(boolean detailed) { - return toString(); - } - - /* - * Certificate data, and its envelope - */ - private byte rawCert[]; - private byte signature[]; - private byte signedCert[]; - - /* - * X509.v1 data (parsed) - */ - private X500Name subject; // from subject - private X509Key pubkey; - - private Date notafter; // from CA (constructor) - private Date notbefore; - - private int version; // from CA (signAndEncode) - private BigInt serialnum; - private X500Name issuer; - private AlgorithmId issuerSigAlg; - - /* - * X509.v2 extensions - */ - - /* - * X509.v3 extensions - */ - - /* - * Other extensions ... Netscape, Verisign, SET, etc - */ - - /************************************************************/ - - /* - * Cert is a SIGNED ASN.1 macro, a three elment sequence: - * - * - Data to be signed (ToBeSigned) -- the "raw" cert - * - Signature algorithm (SigAlgId) - * - The signature bits - * - * This routine unmarshals the certificate, saving the signature - * parts away for later verification. - */ - private void parse(DerValue val) - throws IOException { - DerValue seq[] = new DerValue[3]; - - seq[0] = val.data.getDerValue(); - seq[1] = val.data.getDerValue(); - seq[2] = val.data.getDerValue(); - - if (val.data.available() != 0) - throw new CertParseError("signed overrun, bytes = " - + val.data.available()); - if (seq[0].tag != DerValue.tag_Sequence) - throw new CertParseError("signed fields invalid"); - - rawCert = seq[0].toByteArray(); // XXX slow; fixme! - - issuerSigAlg = AlgorithmId.parse(seq[1]); - signature = seq[2].getBitString(); - - if (seq[1].data.available() != 0) { - // XXX why was this error check commented out? - // It was originally part of the next check. - throw new CertParseError("algid field overrun"); - } - - if (seq[2].data.available() != 0) - throw new CertParseError("signed fields overrun"); - - /* - * Let's have fun parsing the cert itself. - */ - DerInputStream in; - DerValue tmp; - - in = seq[0].data; - - /* - * Version -- this is optional (default zero). If it's there it's - * the first field and is specially tagged. - * - * Both branches leave "tmp" holding a value for the serial - * number that comes next. - */ - version = 0; - tmp = in.getDerValue(); - if (tmp.isConstructed() && tmp.isContextSpecific()) { - version = tmp.data.getInteger().toInt(); - if (tmp.data.available() != 0) - throw new IOException("X.509 version, bad format"); - tmp = in.getDerValue(); - } - - /* - * serial number ... an integer - */ - serialnum = tmp.getInteger(); - - /* - * algorithm type for CA's signature ... needs to match the - * one on the envelope, and that's about it! different IDs - * may represent a signature attack. In general we want to - * inherit parameters. - */ - tmp = in.getDerValue(); - { - AlgorithmId algid; - - algid = AlgorithmId.parse(tmp); - - if (!algid.equals(issuerSigAlg)) - throw new CertParseError("CA Algorithm mismatch!"); - - this.algid = algid; - } - - /* - * issuer name - */ - issuer = new X500Name(in); - - /* - * validity: SEQUENCE { start date, end date } - */ - tmp = in.getDerValue(); - if (tmp.tag != DerValue.tag_Sequence) - throw new CertParseError("corrupt validity field"); - - notbefore = tmp.data.getUTCTime(); - notafter = tmp.data.getUTCTime(); - if (tmp.data.available() != 0) - throw new CertParseError("excess validity data"); - - /* - * subject name and public key - */ - subject = new X500Name(in); - - tmp = in.getDerValue(); - pubkey = X509Key.parse(tmp); - - /* - * XXX for v2 and later, a bunch of tagged options follow - */ - - if (in.available() != 0) { - /* - * Until we parse V2/V3 data ... ignore it. - * - // throw new CertParseError ("excess cert data"); - System.out.println ( - "@end'o'cert, optional V2/V3 data unparsed: " - + in.available () - + " bytes" - ); - */ - } - } - - /* - * Encode only the parts that will later be signed. - */ - private byte[] DERencode() throws IOException { - DerOutputStream raw = new DerOutputStream(); - - encode(raw); - return raw.toByteArray(); - } - - /* - * Marshal the contents of a "raw" certificate into a DER sequence. - */ - private void encode(DerOutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - - /* - * encode serial number, issuer signing algorithm, - * and issuer name into the data we'll return - */ - tmp.putInteger(serialnum); - issuerSigAlg.encode(tmp); - issuer.encode(tmp); - - /* - * Validity is a two element sequence ... encode the - * elements, then wrap them into the data we'll return - */ - { - DerOutputStream seq = new DerOutputStream(); - - seq.putUTCTime(notbefore); - seq.putUTCTime(notafter); - tmp.write(DerValue.tag_Sequence, seq); - } - - /* - * Encode subject (principal) and associated key - */ - subject.encode(tmp); - pubkey.encode(tmp); - - /* - * Wrap the data; encoding of the "raw" cert is now complete. - */ - out.write(DerValue.tag_Sequence, tmp); - } - - /* - * Calculate the signature of the "raw" certificate, - * and marshal the cert with the signature and a - * description of the signing algorithm. - */ - private byte[] sign(X500Signer issuer, byte data[]) - throws IOException, SignatureException { - /* - * Encode the to-be-signed data, then the algorithm used - * to create the signature. - */ - try (DerOutputStream out = new DerOutputStream()) { - DerOutputStream tmp = new DerOutputStream(); - - tmp.write(data); - issuer.getAlgorithmId().encode(tmp); - - /* - * Create and encode the signature itself. - */ - issuer.update(data, 0, data.length); - signature = issuer.sign(); - tmp.putBitString(signature); - - /* - * Wrap the signed data in a SEQUENCE { data, algorithm, sig } - */ - out.write(DerValue.tag_Sequence, tmp); - return out.toByteArray(); - } - } - - /** - * Serialization write ... X.509 certificates serialize as - * themselves, and they're parsed when they get read back. - * (Actually they serialize as some type data from the - * serialization subsystem, then the cert data.) - */ - private void writeObject(java.io.ObjectOutputStream stream) throws IOException { - encode(stream); - } - - /** - * Serialization read ... X.509 certificates serialize as - * themselves, and they're parsed when they get read back. - */ - private void readObject(ObjectInputStream stream) throws IOException { - decode(stream); - } -} diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/pkcs12/PFX.java jss-5.0.0/src/main/java/org/mozilla/jss/pkcs12/PFX.java --- jss-4.9.1/src/main/java/org/mozilla/jss/pkcs12/PFX.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/pkcs12/PFX.java 2021-10-01 03:33:50.000000000 +0000 @@ -128,53 +128,54 @@ * this PFX does not contain a MacData, returns false. */ public boolean verifyAuthSafes(Password password, StringBuffer reason) - throws NotInitializedException - { - try { - - if(reason == null) { - // this is just so we don't get a null pointer exception - reason = new StringBuffer(); - } + throws NotInitializedException { - if( macData == null ) { - reason.append("No MAC present in PFX"); + try { + if (reason == null) { + // this is just so we don't get a null pointer exception + reason = new StringBuffer(); + } + + if (macData == null) { + reason.append("No MAC present in PFX"); + return false; + } + + if (encodedAuthSafes == null) { + // We weren't decoded from a template, we were constructed, + // so just verify the encoding of the AuthSafes provided to + // the constructor. + encodedAuthSafes = ASN1Util.encode(authSafes); + } + + // create a new MacData based on the encoded Auth Safes + DigestInfo macDataMac = macData.getMac(); + MacData testMac = new MacData(password, + macData.getMacSalt().toByteArray(), + macData.getMacIterationCount().intValue(), + encodedAuthSafes); + + if (testMac.getMac().equals(macDataMac)) { + return true; + + } else { + reason.append("Digests do not match"); + return false; + } + + } catch (java.security.DigestException e) { + e.printStackTrace(); + reason.append("A DigestException occurred"); return false; - } - if( encodedAuthSafes == null ) { - // We weren't decoded from a template, we were constructed, - // so just verify the encoding of the AuthSafes provided to - // the constructor. - encodedAuthSafes = ASN1Util.encode(authSafes); - } + } catch (TokenException e) { + reason.append("A TokenException occurred"); + return false; - // create a new MacData based on the encoded Auth Safes - DigestInfo macDataMac = macData.getMac(); - MacData testMac = new MacData( password, - macData.getMacSalt().toByteArray(), - macData.getMacIterationCount().intValue(), - encodedAuthSafes ); - - if( testMac.getMac().equals(macDataMac) ) { - return true; - } else { - reason.append("Digests do not match"); + } catch (CharConversionException e) { + reason.append("An exception occurred converting the password from chars to bytes"); return false; } - - } catch( java.security.DigestException e ) { - e.printStackTrace(); - reason.append("A DigestException occurred"); - return false; - } catch( TokenException e ) { - reason.append("A TokenException occurred"); - return false; - } catch( CharConversionException e ) { - reason.append("An exception occurred converting the password from"+ - " chars to bytes"); - return false; - } } /////////////////////////////////////////////////////////////////////// diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/pkix/crmf/Control.java jss-5.0.0/src/main/java/org/mozilla/jss/pkix/crmf/Control.java --- jss-4.9.1/src/main/java/org/mozilla/jss/pkix/crmf/Control.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/pkix/crmf/Control.java 2021-10-01 03:33:50.000000000 +0000 @@ -4,14 +4,22 @@ package org.mozilla.jss.pkix.crmf; -import org.mozilla.jss.asn1.*; -import java.io.*; +import java.io.IOException; +import java.io.InputStream; + +import org.mozilla.jss.asn1.ANY; +import org.mozilla.jss.asn1.ASN1Value; +import org.mozilla.jss.asn1.InvalidBERException; +import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; +import org.mozilla.jss.asn1.SEQUENCE; +import org.mozilla.jss.asn1.Tag; +import org.mozilla.jss.asn1.UTF8String; import org.mozilla.jss.pkix.primitive.AVA; /** * A CRMF Control. */ -public class Control extends AVA implements ASN1Value { +public class Control extends AVA { // general CRMF OIDs public static final OBJECT_IDENTIFIER @@ -20,7 +28,7 @@ id_pkip = id_pkix.subBranch( 5 ); public static final OBJECT_IDENTIFIER id_regCtrl = id_pkip.subBranch( 1 ); - + // Control OIDs public static final OBJECT_IDENTIFIER @@ -70,7 +78,7 @@ /** * A template class for decoding a Control from a BER stream. */ - public static class Template extends AVA.Template implements ASN1Template { + public static class Template extends AVA.Template { private SEQUENCE.Template seqTemplate; public Template() { diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/ssl/javax/JSSServerSocket.java jss-5.0.0/src/main/java/org/mozilla/jss/ssl/javax/JSSServerSocket.java --- jss-4.9.1/src/main/java/org/mozilla/jss/ssl/javax/JSSServerSocket.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/ssl/javax/JSSServerSocket.java 2021-10-01 03:33:50.000000000 +0000 @@ -568,15 +568,18 @@ /* == stubs for Java 9 Socket == */ + @Override public ServerSocket setOption(SocketOption name, T value) throws IOException { getInternalChannel().setOption(name, value); return this; } + @Override public T getOption(SocketOption name) throws IOException { return getInternalChannel().getOption(name); } + @Override public Set> supportedOptions() { return getInternalChannel().supportedOptions(); } diff -Nru jss-4.9.1/src/main/java/org/mozilla/jss/ssl/javax/JSSSocket.java jss-5.0.0/src/main/java/org/mozilla/jss/ssl/javax/JSSSocket.java --- jss-4.9.1/src/main/java/org/mozilla/jss/ssl/javax/JSSSocket.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/main/java/org/mozilla/jss/ssl/javax/JSSSocket.java 2021-10-01 03:33:50.000000000 +0000 @@ -891,15 +891,18 @@ /* == stubs for Java 9 Socket == */ + @Override public Socket setOption(SocketOption name, T value) throws IOException { getInternalChannel().setOption(name, value); return this; } + @Override public T getOption(SocketOption name) throws IOException { return getInternalChannel().getOption(name); } + @Override public Set> supportedOptions() { return getInternalChannel().supportedOptions(); } diff -Nru jss-4.9.1/src/test/java/org/mozilla/jss/tests/JSSPackageTest.java jss-5.0.0/src/test/java/org/mozilla/jss/tests/JSSPackageTest.java --- jss-4.9.1/src/test/java/org/mozilla/jss/tests/JSSPackageTest.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/test/java/org/mozilla/jss/tests/JSSPackageTest.java 2021-10-01 03:33:50.000000000 +0000 @@ -28,9 +28,9 @@ "from CryptoManager"); System.out.println("\n\t" + org.mozilla.jss.CryptoManager.JAR_JSS_VERSION); - System.out.println("\n\tTo check the JNI version in libjss4.so:"); - System.out.println("\n\ttry: strings libjss4.so | grep -i header"); - System.out.println("\n\tor : ident libjss4.so"); + System.out.println("\n\tTo check the JNI version in libjss.so:"); + System.out.println("\n\ttry: strings libjss.so | grep -i header"); + System.out.println("\n\tor : ident libjss.so"); System.exit(0); } catch (Exception e) { diff -Nru jss-4.9.1/src/test/java/org/mozilla/jss/tests/JSS_SelfServClient.java jss-5.0.0/src/test/java/org/mozilla/jss/tests/JSS_SelfServClient.java --- jss-4.9.1/src/test/java/org/mozilla/jss/tests/JSS_SelfServClient.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/test/java/org/mozilla/jss/tests/JSS_SelfServClient.java 2021-10-01 03:33:50.000000000 +0000 @@ -38,19 +38,19 @@ * For debugging purposes you should modify Constant.java debug_level to 4. * * First create db's and certificates - * java -cp jss4.jar org.mozilla.jss.tests.SetupDBs . ./passwords - * java -cp jss4.jar org.mozilla.jss.tests.GenerateTestCert . /passwords + * java -cp jss.jar org.mozilla.jss.tests.SetupDBs . ./passwords + * java -cp jss.jar org.mozilla.jss.tests.GenerateTestCert . /passwords * localhost SHA-256/RSA CA_RSA Client_RSA Server_RSA * * Start the server: * - * java -cp ./jss4.jar org.mozilla.jss.tests.JSS_SelfServServer . passwords + * java -cp ./jss.jar org.mozilla.jss.tests.JSS_SelfServServer . passwords * localhost false 2921 verboseoff * * Start the client with 4 threads using ciphersuite 0x33. * Look at the file Constant.java for the ciphersuites values. * - * java -cp jss4.jar org.mozilla.jss.tests.JSS_SelfServClient 2 0x33 + * java -cp jss.jar org.mozilla.jss.tests.JSS_SelfServClient 2 0x33 * . localhost 2921 verboseoff JSS Client_RSA * * If you envoke the client with a ciphersuite value -1 @@ -59,7 +59,7 @@ * will closed all client SSLSockets and then tell the server to * shutdown. This case is for the nightly automated tests. * - * java -cp jss4.jar org.mozilla.jss.tests.JSS_SelfServClient 4 -1 + * java -cp jss.jar org.mozilla.jss.tests.JSS_SelfServClient 4 -1 * . passwords localhost 2921 verboseoff JSS */ diff -Nru jss-4.9.1/src/test/java/org/mozilla/jss/tests/JSS_SelfServServer.java jss-5.0.0/src/test/java/org/mozilla/jss/tests/JSS_SelfServServer.java --- jss-4.9.1/src/test/java/org/mozilla/jss/tests/JSS_SelfServServer.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/test/java/org/mozilla/jss/tests/JSS_SelfServServer.java 2021-10-01 03:33:50.000000000 +0000 @@ -33,19 +33,19 @@ * For debugging purposes you should modify Constant.java debug_level to 4. * * First create db's and certificates - * java -cp jss4.jar org.mozilla.jss.tests.SetupDBs . ./passwords - * java -cp jss4.jar org.mozilla.jss.tests.GenerateTestCert . /passwords + * java -cp jss.jar org.mozilla.jss.tests.SetupDBs . ./passwords + * java -cp jss.jar org.mozilla.jss.tests.GenerateTestCert . /passwords * localhost SHA-256/RSA CA_RSA Client_RSA Server_RSA * * Start the server: * - * java -cp ./jss4.jar org.mozilla.jss.tests.JSS_SelfServServer . passwords localhost + * java -cp ./jss.jar org.mozilla.jss.tests.JSS_SelfServServer . passwords localhost * false 2921 verboseoff * * Start the client with 4 threads using ciphersuite 0x33. * Look at the file Constant.java for the ciphersuites values. * - * java -cp jss4.jar org.mozilla.jss.tests.JSS_SelfServClient 2 0x33 + * java -cp jss.jar org.mozilla.jss.tests.JSS_SelfServClient 2 0x33 * . localhost 2921 verboseoff JSS Client_RSA * * If you envoke the client with a ciphersuite value -1 @@ -54,7 +54,7 @@ * will closed all client SSLSockets and then tell the server to * shutdown. This case is for the nightly automated tests. * - * java -cp jss4.jar org.mozilla.jss.tests.JSS_SelfServClient 4 -1 + * java -cp jss.jar org.mozilla.jss.tests.JSS_SelfServClient 4 -1 * . passwords localhost 2921 verboseoff JSS */ diff -Nru jss-4.9.1/src/test/java/org/mozilla/jss/tests/TestBuffer.java jss-5.0.0/src/test/java/org/mozilla/jss/tests/TestBuffer.java --- jss-4.9.1/src/test/java/org/mozilla/jss/tests/TestBuffer.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/test/java/org/mozilla/jss/tests/TestBuffer.java 2021-10-01 03:33:50.000000000 +0000 @@ -72,7 +72,7 @@ } public static void main(String[] args) { - System.loadLibrary("jss4"); + System.loadLibrary("jss"); System.out.println("Calling TestCreateFree()..."); TestCreateFree(); diff -Nru jss-4.9.1/src/test/java/org/mozilla/jss/tests/TestBufferPRFD.java jss-5.0.0/src/test/java/org/mozilla/jss/tests/TestBufferPRFD.java --- jss-4.9.1/src/test/java/org/mozilla/jss/tests/TestBufferPRFD.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/test/java/org/mozilla/jss/tests/TestBufferPRFD.java 2021-10-01 03:33:50.000000000 +0000 @@ -1,10 +1,20 @@ package org.mozilla.jss.tests; -import org.mozilla.jss.*; -import org.mozilla.jss.pkcs11.*; -import org.mozilla.jss.nss.*; -import org.mozilla.jss.ssl.*; -import org.mozilla.jss.util.*; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.nss.Buffer; +import org.mozilla.jss.nss.BufferProxy; +import org.mozilla.jss.nss.PR; +import org.mozilla.jss.nss.PRErrors; +import org.mozilla.jss.nss.PRFDProxy; +import org.mozilla.jss.nss.SSL; +import org.mozilla.jss.nss.SSLFDProxy; +import org.mozilla.jss.nss.SecurityStatusResult; +import org.mozilla.jss.pkcs11.PK11Cert; +import org.mozilla.jss.pkcs11.PK11PrivKey; +import org.mozilla.jss.ssl.SSLAlertEvent; +import org.mozilla.jss.ssl.SSLVersion; +import org.mozilla.jss.ssl.SSLVersionRange; +import org.mozilla.jss.util.Password; public class TestBufferPRFD { public static void TestCreateClose() { @@ -259,7 +269,7 @@ } public static void main(String[] args) throws Exception { - System.loadLibrary("jss4"); + System.loadLibrary("jss"); System.out.println("Calling TestCreateClose()..."); TestCreateClose(); diff -Nru jss-4.9.1/src/test/java/org/mozilla/jss/tests/TestPRFD.java jss-5.0.0/src/test/java/org/mozilla/jss/tests/TestPRFD.java --- jss-4.9.1/src/test/java/org/mozilla/jss/tests/TestPRFD.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/test/java/org/mozilla/jss/tests/TestPRFD.java 2021-10-01 03:33:50.000000000 +0000 @@ -81,7 +81,7 @@ } public static void main(String[] args) { - System.loadLibrary("jss4"); + System.loadLibrary("jss"); System.out.println("Calling TestPROpenNoCreate()..."); TestPROpenNoCreate(); diff -Nru jss-4.9.1/src/test/java/org/mozilla/jss/tests/TestRawSSL.java jss-5.0.0/src/test/java/org/mozilla/jss/tests/TestRawSSL.java --- jss-4.9.1/src/test/java/org/mozilla/jss/tests/TestRawSSL.java 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/src/test/java/org/mozilla/jss/tests/TestRawSSL.java 2021-10-01 03:33:50.000000000 +0000 @@ -2,12 +2,11 @@ import org.mozilla.jss.nss.PR; import org.mozilla.jss.nss.PRFDProxy; -import org.mozilla.jss.nss.SSLFDProxy; import org.mozilla.jss.nss.SSL; -import org.mozilla.jss.nss.SecurityStatusResult; import org.mozilla.jss.nss.SSLChannelInfo; +import org.mozilla.jss.nss.SSLFDProxy; import org.mozilla.jss.nss.SSLPreliminaryChannelInfo; - +import org.mozilla.jss.nss.SecurityStatusResult; import org.mozilla.jss.ssl.SSLCipher; public class TestRawSSL { @@ -155,7 +154,7 @@ } public static void main(String[] args) throws Exception { - System.loadLibrary("jss4"); + System.loadLibrary("jss"); if (args.length != 1) { System.out.println("Usage: TestRawSSL /path/to/nssdb"); diff -Nru jss-4.9.1/tests/bin/init-workflow.sh jss-5.0.0/tests/bin/init-workflow.sh --- jss-4.9.1/tests/bin/init-workflow.sh 1970-01-01 00:00:00.000000000 +0000 +++ jss-5.0.0/tests/bin/init-workflow.sh 2021-10-01 03:33:50.000000000 +0000 @@ -0,0 +1,21 @@ +#!/bin/bash -e + +if [ "$BASE64_MATRIX" == "" ] +then + MATRIX="{\"os\":[\"latest\"]}" +else + MATRIX=$(echo "$BASE64_MATRIX" | base64 -d) +fi + +echo "MATRIX: $MATRIX" +echo "::set-output name=matrix::$MATRIX" + +if [ "$BASE64_REPO" == "" ] +then + REPO="@pki/master" +else + REPO=$(echo "$BASE64_REPO" | base64 -d) +fi + +echo "REPO: $REPO" +echo "::set-output name=repo::$REPO" diff -Nru jss-4.9.1/tools/Dockerfiles/debian_jdk11 jss-5.0.0/tools/Dockerfiles/debian_jdk11 --- jss-4.9.1/tools/Dockerfiles/debian_jdk11 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/tools/Dockerfiles/debian_jdk11 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -FROM debian:testing - -# Install generic dependencies to build jss -RUN true \ - && export DEBIAN_FRONTEND=noninteractive \ - && apt-get update \ - && apt-get dist-upgrade -y \ - && apt-get install -y debhelper libnss3-dev libnss3-tools libnss3 \ - openjdk-11-jdk pkg-config quilt g++ mercurial \ - zlib1g-dev libslf4j-java liblog4j2-java \ - libcommons-lang3-java libjaxb-api-java cmake \ - zip unzip junit4 \ - && mkdir -p /home/sandbox \ - && apt-get autoremove -y \ - && apt-get clean -y \ - && apt-get autoclean -y \ - && rm -rf /usr/share/doc /usr/share/doc-base \ - /usr/share/man /usr/share/locale /usr/share/zoneinfo \ - && true - -# Link in the current version of jss from the git repository -WORKDIR /home/sandbox -COPY . /home/sandbox/jss - -# Perform the actual build -WORKDIR /home/sandbox/jss -CMD true \ - && export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64 \ - && rm -rf build \ - && mkdir build \ - && cd build \ - && cmake .. \ - && make all \ - && ctest --output-on-failure \ - && make javadoc \ - && true diff -Nru jss-4.9.1/tools/Dockerfiles/fedora_33 jss-5.0.0/tools/Dockerfiles/fedora_33 --- jss-4.9.1/tools/Dockerfiles/fedora_33 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/tools/Dockerfiles/fedora_33 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -FROM registry.fedoraproject.org/fedora:33 - -# Install generic dependencies to build jss -RUN true \ - && dnf update -y --refresh \ - && dnf install -y dnf-plugins-core git gcc make rpm-build \ - java-devel python2 python3 diffutils \ - && dnf copr -y enable ${JSS_4_6_REPO:-@pki/10.11} \ - && dnf build-dep -y jss \ - && mkdir -p /home/sandbox \ - && dnf clean -y all \ - && rm -rf /usr/share/doc /usr/share/doc-base \ - /usr/share/man /usr/share/locale /usr/share/zoneinfo \ - && true - -# Link in the current version of jss from the git repository -WORKDIR /home/sandbox -COPY . /home/sandbox/jss - -# Install dependencies from the spec file in case they've changed -# since the last release on this platform. -RUN true \ - && dnf build-dep -y --spec /home/sandbox/jss/jss.spec \ - && true - -# Perform the actual RPM build -# Generate a new PKCS11Constants.java and compare the differences -WORKDIR /home/sandbox/jss -CMD true \ - && bash ./build.sh --with-timestamp --with-commit-id rpm \ - && dnf install -y /root/build/jss/RPMS/*.rpm \ - && echo "############################################################" \ - && echo "## Generating PKCS #11 constants with Python 2" \ - && python2 ./tools/build_pkcs11_constants.py \ - --pkcs11t /usr/include/nss3/pkcs11t.h \ - --pkcs11n /usr/include/nss3/pkcs11n.h \ - -o PKCS11Constants-py2.java \ - --verbose \ - && echo "############################################################" \ - && echo "## Generating PKCS #11 constants with Python 3" \ - && python3 ./tools/build_pkcs11_constants.py -s \ - --pkcs11t /usr/include/nss3/pkcs11t.h \ - --pkcs11n /usr/include/nss3/pkcs11n.h \ - -o PKCS11Constants-py3.java \ - --verbose \ - && diff PKCS11Constants-py2.java PKCS11Constants-py3.java \ - && diff PKCS11Constants-py3.java src/main/java/org/mozilla/jss/pkcs11/PKCS11Constants.java \ - && true diff -Nru jss-4.9.1/tools/Dockerfiles/fedora_34 jss-5.0.0/tools/Dockerfiles/fedora_34 --- jss-4.9.1/tools/Dockerfiles/fedora_34 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/tools/Dockerfiles/fedora_34 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -FROM registry.fedoraproject.org/fedora:34 - -# Install generic dependencies to build jss -RUN true \ - && dnf update -y --refresh \ - && dnf install -y dnf-plugins-core git gcc make rpm-build \ - java-devel python2 python3 diffutils \ - && dnf copr -y enable ${JSS_4_6_REPO:-@pki/10.11} \ - && dnf build-dep -y jss \ - && mkdir -p /home/sandbox \ - && dnf clean -y all \ - && rm -rf /usr/share/doc /usr/share/doc-base \ - /usr/share/man /usr/share/locale /usr/share/zoneinfo \ - && true - -# Link in the current version of jss from the git repository -WORKDIR /home/sandbox -COPY . /home/sandbox/jss - -# Install dependencies from the spec file in case they've changed -# since the last release on this platform. -RUN true \ - && dnf build-dep -y --spec /home/sandbox/jss/jss.spec \ - && true - -# Perform the actual RPM build -# Generate a new PKCS11Constants.java and compare the differences -WORKDIR /home/sandbox/jss -CMD true \ - && bash ./build.sh --with-timestamp --with-commit-id rpm \ - && dnf install -y /root/build/jss/RPMS/*.rpm \ - && echo "############################################################" \ - && echo "## Generating PKCS #11 constants with Python 2" \ - && python2 ./tools/build_pkcs11_constants.py \ - --pkcs11t /usr/include/nss3/pkcs11t.h \ - --pkcs11n /usr/include/nss3/pkcs11n.h \ - -o PKCS11Constants-py2.java \ - --verbose \ - && echo "############################################################" \ - && echo "## Generating PKCS #11 constants with Python 3" \ - && python3 ./tools/build_pkcs11_constants.py -s \ - --pkcs11t /usr/include/nss3/pkcs11t.h \ - --pkcs11n /usr/include/nss3/pkcs11n.h \ - -o PKCS11Constants-py3.java \ - --verbose \ - && diff PKCS11Constants-py2.java PKCS11Constants-py3.java \ - && diff PKCS11Constants-py3.java src/main/java/org/mozilla/jss/pkcs11/PKCS11Constants.java \ - && true diff -Nru jss-4.9.1/tools/Dockerfiles/fedora_latest_jdk11 jss-5.0.0/tools/Dockerfiles/fedora_latest_jdk11 --- jss-4.9.1/tools/Dockerfiles/fedora_latest_jdk11 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/tools/Dockerfiles/fedora_latest_jdk11 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ -FROM registry.fedoraproject.org/fedora:latest - -# Install generic dependencies to build jss -RUN true \ - && dnf update -y --refresh \ - && dnf install -y dnf-plugins-core gcc make rpm-build cmake \ - glassfish-jaxb-api java-11-openjdk nss-tools \ - apache-commons-lang3 gcc-c++ java-11-openjdk-devel \ - jpackage-utils slf4j nss zlib-devel nss-devel \ - nspr-devel perl slf4j-jdk14 junit \ - && mkdir -p /home/sandbox \ - && dnf clean -y all \ - && rm -rf /usr/share/doc /usr/share/doc-base \ - /usr/share/man /usr/share/locale /usr/share/zoneinfo \ - && true - -# Link in the current version of jss from the git repository -WORKDIR /home/sandbox -COPY . /home/sandbox/jss - -# Perform the actual RPM build -WORKDIR /home/sandbox/jss -CMD true \ - && export JAVA_HOME=/usr/lib/jvm/jre-11-openjdk \ - && rm -rf build \ - && mkdir build \ - && cd build \ - && cmake .. \ - && make all \ - && ctest --output-on-failure \ - && true diff -Nru jss-4.9.1/tools/Dockerfiles/fedora_rawhide jss-5.0.0/tools/Dockerfiles/fedora_rawhide --- jss-4.9.1/tools/Dockerfiles/fedora_rawhide 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/tools/Dockerfiles/fedora_rawhide 2021-10-01 03:33:50.000000000 +0000 @@ -4,7 +4,7 @@ RUN true \ && dnf update -y --refresh \ && dnf install -y dnf-plugins-core gcc make rpm-build cmake \ - glassfish-jaxb-api java-11-openjdk nss-tools \ + java-11-openjdk nss-tools \ apache-commons-lang3 gcc-c++ java-11-openjdk-devel \ jpackage-utils slf4j nss zlib-devel nss-devel \ nspr-devel slf4j-jdk14 junit \ diff -Nru jss-4.9.1/tools/Dockerfiles/fedora_sandbox jss-5.0.0/tools/Dockerfiles/fedora_sandbox --- jss-4.9.1/tools/Dockerfiles/fedora_sandbox 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/tools/Dockerfiles/fedora_sandbox 2021-10-01 03:33:50.000000000 +0000 @@ -4,7 +4,7 @@ RUN true \ && dnf update -y --refresh \ && dnf install -y dnf-plugins-core gcc make rpm-build cmake \ - glassfish-jaxb-api nss-tools apache-commons-lang3 \ + nss-tools apache-commons-lang3 \ gcc-c++ jpackage-utils slf4j zlib-devel perl \ slf4j-jdk14 junit ninja-build gyp gtest mercurial \ python-unversioned-command \ diff -Nru jss-4.9.1/tools/Dockerfiles/pki_build jss-5.0.0/tools/Dockerfiles/pki_build --- jss-4.9.1/tools/Dockerfiles/pki_build 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/tools/Dockerfiles/pki_build 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ -FROM registry.fedoraproject.org/fedora:latest - -# Install generic dependencies to build jss and pki -RUN true \ - && dnf update -y --refresh \ - && dnf install -y dnf-plugins-core gcc make rpm-build \ - && dnf copr -y enable ${JSS_4_6_REPO:-@pki/10.11} \ - && dnf build-dep -y jss pki-core \ - && mkdir -p /home/sandbox \ - && git clone -b v10.11 https://github.com/dogtagpki/pki /home/sandbox/pki \ - && dnf clean -y all \ - && true - -# Link in the current version of jss from the git repository -WORKDIR /home/sandbox -COPY . /home/sandbox/jss - -# Install dependencies from the spec file in case they've changed -# since the last release on this platform. -RUN true \ - && dnf build-dep -y --spec /home/sandbox/jss/jss.spec \ - && dnf build-dep -y --spec /home/sandbox/pki/pki.spec \ - && true - -# Perform the actual RPM build -WORKDIR /home/sandbox/jss -CMD true \ - && bash ./build.sh --with-timestamp --with-commit-id rpm \ - && dnf install -y /root/build/jss/RPMS/*.rpm \ - && cd /home/sandbox/pki \ - && bash ./build.sh --with-timestamp --with-commit-id rpm \ - && dnf install -y /root/build/pki/RPMS/*.rpm \ - && true diff -Nru jss-4.9.1/tools/Dockerfiles/symbolcheck jss-5.0.0/tools/Dockerfiles/symbolcheck --- jss-4.9.1/tools/Dockerfiles/symbolcheck 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/tools/Dockerfiles/symbolcheck 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -FROM registry.fedoraproject.org/fedora:latest - -# Install generic dependencies to check symbols -RUN true \ - && dnf update -y --refresh \ - && dnf install -y diffutils grep coreutils \ - && mkdir -p /home/sandbox \ - && dnf clean -y all \ - && rm -rf /usr/share/doc /usr/share/doc-base \ - /usr/share/man /usr/share/locale /usr/share/zoneinfo \ - && true - -# Link in the current version of jss from the git repository -WORKDIR /home/sandbox -COPY . /home/sandbox/jss - -# List all JNI symbols in the code and in the version script, comparing them, -# and if the difference is non-empty (test ! -s /tmp/diff.txt), exit with -# an error. -WORKDIR /home/sandbox/jss -CMD true \ - && grep -iroh '^Java_org_mozilla[^(;]*' org/ | sort -u > /tmp/functions.txt \ - && grep -iroh '^Java_org_mozilla[^(;]*' lib/ | sort -u > /tmp/version.txt \ - && comm -23 --check-order /tmp/functions.txt /tmp/version.txt > /tmp/diff.txt \ - && ( diff /tmp/functions.txt /tmp/version.txt || true ) \ - && test ! -s /tmp/diff.txt \ - && true diff -Nru jss-4.9.1/tools/Dockerfiles/ubuntu_jdk11 jss-5.0.0/tools/Dockerfiles/ubuntu_jdk11 --- jss-4.9.1/tools/Dockerfiles/ubuntu_jdk11 2021-08-26 19:32:19.000000000 +0000 +++ jss-5.0.0/tools/Dockerfiles/ubuntu_jdk11 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -FROM ubuntu:rolling - -# Install generic dependencies to build jss -RUN true \ - && export DEBIAN_FRONTEND=noninteractive \ - && apt-get update \ - && apt-get dist-upgrade -y \ - && apt-get install -y debhelper libnss3-dev libnss3-tools libnss3 \ - openjdk-11-jdk pkg-config quilt g++ mercurial \ - zlib1g-dev libslf4j-java liblog4j2-java \ - libcommons-lang3-java libjaxb-api-java cmake \ - zip unzip junit4 \ - && mkdir -p /home/sandbox \ - && apt-get autoremove -y \ - && apt-get clean -y \ - && apt-get autoclean -y \ - && rm -rf /usr/share/doc /usr/share/doc-base \ - /usr/share/man /usr/share/locale /usr/share/zoneinfo \ - && true - -# Link in the current version of jss from the git repository -WORKDIR /home/sandbox -COPY . /home/sandbox/jss - -# Perform the actual build -WORKDIR /home/sandbox/jss -CMD true \ - && rm -rf build \ - && mkdir build \ - && cd build \ - && CFLAGS="-Wall -Wextra -Werror" cmake .. \ - && make all \ - && ctest --output-on-failure \ - && true