diff --git a/Add-abstract-method-for-class-JSSUtil.patch b/Add-abstract-method-for-class-JSSUtil.patch new file mode 100644 index 0000000000000000000000000000000000000000..8568e98d0c2b3ada662baf060978accea157bd93 --- /dev/null +++ b/Add-abstract-method-for-class-JSSUtil.patch @@ -0,0 +1,62 @@ +From 2921cf92d8968fef21d3459523f0c469ac64089a Mon Sep 17 00:00:00 2001 +From: wang--ge +Date: Wed, 25 May 2022 16:47:46 +0800 +Subject: [PATCH] add abstract method for class JSSUtil + +--- + tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java +index cad3163..2f6faa3 100644 +--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java ++++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java +@@ -19,6 +19,8 @@ + + package org.dogtagpki.tomcat; + ++import java.security.NoSuchAlgorithmException; ++ + import java.util.Arrays; + import java.util.Collections; + import java.util.List; +@@ -30,6 +32,7 @@ import javax.net.ssl.KeyManagerFactory; + import javax.net.ssl.TrustManager; + import javax.net.ssl.TrustManagerFactory; + import javax.net.ssl.SSLEngine; ++import javax.net.ssl.SSLSessionContext; + + import org.apache.juli.logging.Log; + import org.apache.juli.logging.LogFactory; +@@ -101,13 +104,11 @@ public class JSSUtil extends SSLUtilBase { + return new TrustManager[] { new JSSNativeTrustManager() }; + } + +- @Override + public SSLContext createSSLContextInternal(List negotiableProtocols) throws Exception { + logger.debug("JSSUtil createSSLContextInternal(...) keyAlias=" + keyAlias); + return new JSSContext(keyAlias); + } + +- @Override + public boolean isTls13RenegAuthAvailable() { + logger.debug("JSSUtil: isTls13RenegAuthAvailable()"); + return true; +@@ -133,4 +134,14 @@ public class JSSUtil extends SSLUtilBase { + + return ciphers; + } ++ ++ @Override ++ public void configureSessionContext(SSLSessionContext sslSessionContext) { ++ logger.debug("JSSUtil: configureSessionContext"); ++ } ++ ++ @Override ++ public SSLContext createSSLContext(List negotiableProtocols) throws NoSuchAlgorithmException { ++ return new JSSContext(keyAlias); ++ } + } +-- +2.33.0 + diff --git a/Use-JSSKeyManager-and-JSSTrustManager-from-JSS.patch b/Use-JSSKeyManager-and-JSSTrustManager-from-JSS.patch deleted file mode 100644 index 34bc306fc1becd8c5e6b3f246942e6b930b020b1..0000000000000000000000000000000000000000 --- a/Use-JSSKeyManager-and-JSSTrustManager-from-JSS.patch +++ /dev/null @@ -1,387 +0,0 @@ -From fb11bcd42aed364f77cd1b07a0d3139496817dea Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Fri, 31 May 2019 15:20:46 -0400 -Subject: [PATCH] Use JSSKeyManager and JSSTrustManager from JSS - -With jss-pr#159 merged, we've added a KeyManager and TrustManager to the -JSS default provider that we should use instead of the instances -in-tree. - -Signed-off-by: Alexander Scheel ---- - src/org/dogtagpki/tomcat/JSSKeyManager.java | 146 ------------- - src/org/dogtagpki/tomcat/JSSTrustManager.java | 197 ------------------ - .../src/org/dogtagpki/tomcat/JSSUtil.java | 3 + - 3 files changed, 3 insertions(+), 343 deletions(-) - delete mode 100644 src/org/dogtagpki/tomcat/JSSKeyManager.java - delete mode 100644 src/org/dogtagpki/tomcat/JSSTrustManager.java - -diff --git a/src/org/dogtagpki/tomcat/JSSKeyManager.java b/src/org/dogtagpki/tomcat/JSSKeyManager.java -deleted file mode 100644 -index 1f94260..0000000 ---- a/src/org/dogtagpki/tomcat/JSSKeyManager.java -+++ /dev/null -@@ -1,146 +0,0 @@ --/* BEGIN COPYRIGHT BLOCK -- * This library is free software; you can redistribute it and/or -- * modify it under the terms of the GNU Lesser General Public -- * License as published by the Free Software Foundation; either -- * version 2.1 of the License, or (at your option) any later version. -- * -- * This library is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -- * Lesser General Public License for more details. -- * -- * You should have received a copy of the GNU Lesser General Public -- * License along with this library; if not, write to the Free Software -- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -- * -- * Copyright (C) 2017 Red Hat, Inc. -- * All rights reserved. -- * END COPYRIGHT BLOCK */ -- --package org.dogtagpki.tomcat; -- --import java.net.Socket; --import java.security.Principal; --import java.security.PrivateKey; --import java.security.cert.X509Certificate; --import java.util.ArrayList; --import java.util.Collection; -- --import javax.net.ssl.X509KeyManager; -- --import org.mozilla.jss.CryptoManager; --import org.mozilla.jss.crypto.ObjectNotFoundException; --import org.slf4j.Logger; --import org.slf4j.LoggerFactory; -- --import sun.security.x509.X509CertImpl; -- --public class JSSKeyManager implements X509KeyManager { -- -- final static Logger logger = LoggerFactory.getLogger(JSSKeyManager.class); -- -- @Override -- public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) { -- logger.debug("JSSKeyManager: chooseClientAlias()"); -- -- logger.debug("JSSKeyManager: key types:"); -- for (String keyType : keyTypes) { -- logger.debug("JSSKeyManager: - " + keyType); -- } -- -- logger.debug("JSSKeyManager: issuers:"); -- for (Principal issuer : issuers) { -- logger.debug("JSSKeyManager: - " + issuer.getName()); -- } -- -- return null; // not implemented -- } -- -- @Override -- public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { -- logger.debug("JSSKeyManager: chooseServerAlias()"); -- logger.debug("JSSKeyManager: key type: " + keyType); -- -- logger.debug("JSSKeyManager: issuers:"); -- for (Principal issuer : issuers) { -- logger.debug("JSSKeyManager: - " + issuer.getName()); -- } -- -- return null; // not implemented -- } -- -- @Override -- public X509Certificate[] getCertificateChain(String alias) { -- -- logger.debug("JSSKeyManager: getCertificateChain(" + alias + ")"); -- -- try { -- CryptoManager cm = CryptoManager.getInstance(); -- org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(alias); -- -- org.mozilla.jss.crypto.X509Certificate[] chain = cm.buildCertificateChain(cert); -- logger.debug("JSSKeyManager: cert chain:"); -- -- Collection list = new ArrayList<>(); -- for (org.mozilla.jss.crypto.X509Certificate c : chain) { -- logger.debug("JSSKeyManager: - " + c.getSubjectDN()); -- list.add(new X509CertImpl(c.getEncoded())); -- } -- -- return list.toArray(new X509Certificate[list.size()]); -- -- } catch (Throwable e) { -- logger.error(e.getMessage(), e); -- throw new RuntimeException(e); -- } -- } -- -- @Override -- public String[] getClientAliases(String keyType, Principal[] issuers) { -- logger.debug("JSSKeyManager: getClientAliases()"); -- logger.debug("JSSKeyManager: key type: " + keyType); -- -- logger.debug("JSSKeyManager: issuers:"); -- for (Principal issuer : issuers) { -- logger.debug("JSSKeyManager: - " + issuer.getName()); -- } -- -- return null; // not implemented -- } -- -- @Override -- public PrivateKey getPrivateKey(String alias) { -- -- logger.debug("JSSKeyManager: getPrivateKey(" + alias + ")"); -- -- try { -- CryptoManager cm = CryptoManager.getInstance(); -- org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(alias); -- PrivateKey privateKey = cm.findPrivKeyByCert(cert); -- -- logger.debug("JSSKeyManager: key found: " + alias); -- return privateKey; -- -- } catch (ObjectNotFoundException e) { -- logger.debug("JSSKeyManager: key not found: " + alias); -- return null; -- -- } catch (Throwable e) { -- logger.error(e.getMessage(), e); -- throw new RuntimeException(e); -- } -- } -- -- @Override -- public String[] getServerAliases(String keyType, Principal[] issuers) { -- logger.debug("JSSKeyManager: getServerAliases()"); -- logger.debug("JSSKeyManager: key type: " + keyType); -- -- logger.debug("JSSKeyManager: issuers:"); -- for (Principal issuer : issuers) { -- logger.debug("JSSKeyManager: - " + issuer.getName()); -- } -- -- return null; // not implemented -- } --} -diff --git a/src/org/dogtagpki/tomcat/JSSTrustManager.java b/src/org/dogtagpki/tomcat/JSSTrustManager.java -deleted file mode 100644 -index 87c7bdd..0000000 ---- a/src/org/dogtagpki/tomcat/JSSTrustManager.java -+++ /dev/null -@@ -1,197 +0,0 @@ --/* BEGIN COPYRIGHT BLOCK -- * This library is free software; you can redistribute it and/or -- * modify it under the terms of the GNU Lesser General Public -- * License as published by the Free Software Foundation; either -- * version 2.1 of the License, or (at your option) any later version. -- * -- * This library is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -- * Lesser General Public License for more details. -- * -- * You should have received a copy of the GNU Lesser General Public -- * License along with this library; if not, write to the Free Software -- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -- * -- * Copyright (C) 2017 Red Hat, Inc. -- * All rights reserved. -- * END COPYRIGHT BLOCK */ -- --package org.dogtagpki.tomcat; -- --import java.security.cert.CertificateException; --import java.security.cert.X509Certificate; --import java.util.ArrayList; --import java.util.Arrays; --import java.util.Collection; --import java.util.List; -- --import javax.net.ssl.X509TrustManager; -- --import org.mozilla.jss.CryptoManager; --import org.mozilla.jss.NotInitializedException; --import org.mozilla.jss.netscape.security.util.Cert; --import org.slf4j.Logger; --import org.slf4j.LoggerFactory; -- --import sun.security.x509.X509CertImpl; -- --public class JSSTrustManager implements X509TrustManager { -- -- final static Logger logger = LoggerFactory.getLogger(JSSTrustManager.class); -- -- final static String SERVER_AUTH_OID = "1.3.6.1.5.5.7.3.1"; -- final static String CLIENT_AUTH_OID = "1.3.6.1.5.5.7.3.2"; -- -- public void checkCertChain(X509Certificate[] certChain, String keyUsage) throws Exception { -- -- logger.debug("JSSTrustManager: checkCertChain(" + keyUsage + ")"); -- -- // sort cert chain from root to leaf -- certChain = Cert.sortCertificateChain(certChain); -- -- for (X509Certificate cert : certChain) { -- logger.debug("JSSTrustManager: - " + cert.getSubjectDN()); -- } -- -- // get CA certs -- X509Certificate[] caCerts = getAcceptedIssuers(); -- -- // validating cert chain from root to leaf -- for (int i = 0; i < certChain.length; i++) { -- -- X509Certificate cert = certChain[i]; -- -- // validating key usage on leaf cert only -- String usage; -- if (i == certChain.length - 1) { -- usage = keyUsage; -- } else { -- usage = null; -- } -- -- checkCert(cert, caCerts, usage); -- -- // use the current cert as the CA cert for the next cert in the chain -- caCerts = new X509Certificate[] { cert }; -- } -- } -- -- public void checkCert(X509Certificate cert, X509Certificate[] caCerts, String keyUsage) throws Exception { -- -- logger.debug("JSSTrustManager: checkCert(" + cert.getSubjectDN() + "):"); -- -- boolean[] aki = cert.getIssuerUniqueID(); -- logger.debug("JSSTrustManager: cert AKI: " + Arrays.toString(aki)); -- -- X509Certificate issuer = null; -- for (X509Certificate caCert : caCerts) { -- -- boolean[] ski = caCert.getSubjectUniqueID(); -- logger.debug("JSSTrustManager: SKI of " + caCert.getSubjectDN() + ": " + Arrays.toString(ski)); -- -- try { -- cert.verify(caCert.getPublicKey(), "Mozilla-JSS"); -- issuer = caCert; -- break; -- } catch (Exception e) { -- logger.debug("JSSTrustManager: invalid certificate: " + e); -- } -- } -- -- if (issuer == null) { -- throw new CertificateException("Unable to validate signature: " + cert.getSubjectDN()); -- } -- -- logger.debug("JSSTrustManager: cert signed by " + issuer.getSubjectDN()); -- -- logger.debug("JSSTrustManager: checking validity range:"); -- logger.debug("JSSTrustManager: - not before: " + cert.getNotBefore()); -- logger.debug("JSSTrustManager: - not after: " + cert.getNotAfter()); -- cert.checkValidity(); -- -- if (keyUsage != null) { -- -- List extendedKeyUsages = cert.getExtendedKeyUsage(); -- logger.debug("JSSTrustManager: checking extended key usages:"); -- -- for (String extKeyUsage : extendedKeyUsages) { -- logger.debug("JSSTrustManager: - " + extKeyUsage); -- } -- -- if (extendedKeyUsages.contains(keyUsage)) { -- logger.debug("JSSTrustManager: extended key usage found: " + keyUsage); -- } else { -- throw new CertificateException("Missing extended key usage: " + keyUsage); -- } -- } -- } -- -- @Override -- public void checkClientTrusted(X509Certificate[] certChain, String authType) throws CertificateException { -- -- logger.debug("JSSTrustManager: checkClientTrusted(" + authType + "):"); -- -- try { -- checkCertChain(certChain, CLIENT_AUTH_OID); -- logger.debug("JSSTrustManager: SSL client certificate is valid"); -- -- } catch (CertificateException e) { -- logger.warn("JSSTrustManager: Invalid SSL client certificate: " + e); -- throw e; -- -- } catch (Exception e) { -- logger.warn("JSSTrustManager: Unable to validate certificate: " + e); -- throw new CertificateException(e); -- } -- } -- -- @Override -- public void checkServerTrusted(X509Certificate[] certChain, String authType) throws CertificateException { -- -- logger.debug("JSSTrustManager: checkServerTrusted(" + certChain.length + ", " + authType + "):"); -- -- try { -- checkCertChain(certChain, SERVER_AUTH_OID); -- logger.debug("JSSTrustManager: SSL server certificate is valid"); -- -- } catch (CertificateException e) { -- logger.warn("JSSTrustManager: Invalid SSL server certificate: " + e); -- throw e; -- -- } catch (Exception e) { -- logger.warn("JSSTrustManager: Unable to validate SSL server certificate: " + e); -- throw new CertificateException(e); -- } -- } -- -- @Override -- public X509Certificate[] getAcceptedIssuers() { -- -- logger.debug("JSSTrustManager: getAcceptedIssuers():"); -- -- Collection caCerts = new ArrayList<>(); -- -- try { -- CryptoManager manager = CryptoManager.getInstance(); -- for (org.mozilla.jss.crypto.X509Certificate cert : manager.getCACerts()) { -- logger.debug("JSSTrustManager: - " + cert.getSubjectDN()); -- -- try { -- X509CertImpl caCert = new X509CertImpl(cert.getEncoded()); -- caCert.checkValidity(); -- caCerts.add(caCert); -- -- } catch (Exception e) { -- logger.debug("JSSTrustManager: invalid CA certificate: " + e); -- } -- } -- -- } catch (NotInitializedException e) { -- logger.error("JSSTrustManager: Unable to get CryptoManager: " + e, e); -- throw new RuntimeException(e); -- } -- -- return caCerts.toArray(new X509Certificate[caCerts.size()]); -- } --} -diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java -index 22c607d..a2e3cd5 100644 ---- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java -+++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java -@@ -28,6 +28,9 @@ - import org.slf4j.Logger; - import org.slf4j.LoggerFactory; - -+import org.mozilla.jss.provider.javax.crypto.JSSKeyManager; -+import org.mozilla.jss.provider.javax.crypto.JSSTrustManager; -+ - public class JSSUtil extends JSSEUtil { - - public static Logger logger = LoggerFactory.getLogger(JSSUtil.class); diff --git a/tomcatjss-7.4.1.tar.gz b/tomcatjss-7.4.1.tar.gz deleted file mode 100644 index 68d8cc537575e358c0eae2a420070dd6987da599..0000000000000000000000000000000000000000 Binary files a/tomcatjss-7.4.1.tar.gz and /dev/null differ diff --git a/tomcatjss-7.6.1.tar.gz b/tomcatjss-7.6.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..6554b55436f8c84659070e9fb37b522d00fa060e Binary files /dev/null and b/tomcatjss-7.6.1.tar.gz differ diff --git a/tomcatjss.spec b/tomcatjss.spec index 56466324cd73209f2bedafdc5670299eeff6f7b4..a074af4791d26cbf312ac4a2ce96ed1c7bd73988 100644 --- a/tomcatjss.spec +++ b/tomcatjss.spec @@ -3,14 +3,14 @@ Summary: Apache Tomcat of JSS Connector URL: http://www.dogtagpki.org/wiki/TomcatJSS License: LGPLv2+ BuildArch: noarch -Version: 7.4.1 -Release: 5 +Version: 7.6.1 +Release: 1 Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_phase}/tomcatjss-%{version}%{?_phase}.tar.gz -Patch0: Use-JSSKeyManager-and-JSSTrustManager-from-JSS.patch +Patch0: Add-abstract-method-for-class-JSSUtil.patch BuildRequires: ant apache-commons-lang java-devel jpackage-utils >= 0:1.7.5-15 slf4j -BuildRequires: slf4j-jdk14 jss >= 4.6.0 tomcat >= 1:9.0.7 -Requires: apache-commons-lang java-headless jpackage-utils >= 0:1.7.5-15 slf4j jss >= 4.6.0 tomcat >= 1:9.0.7 -Conflicts: pki-base < 10.6.5 +BuildRequires: slf4j-jdk14 jss >= 4.8.0 tomcat >= 1:9.0.7 +Requires: apache-commons-lang java-headless jpackage-utils >= 0:1.7.5-15 slf4j jss >= 4.8.0 tomcat >= 1:9.0.7 +Conflicts: pki-base < 10.10.0 %define _sharedstatedir /var/lib %description @@ -37,6 +37,9 @@ ant -f build.xml -Dversion=%{version} -Dsrc.dir=$app_server -Djnidir=%{_jnidir} %{_javadir}/* %changelog +* Tue Feb 27 2024 yaoxin - 7.6.1-1 +- Upgrade to 7.6.1 for fix build error caused by jss update to 4.9.3 + * Thu Dec 15 2022 xu_ping - 7.4.1-5 - Remove conflicts tomcat-native