diff --git a/.cvsignore b/.cvsignore
index 1426d23..41eb57a 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-jss-4.2.5.tar.gz
+jss-4.2.6.tar.gz
diff --git a/jss-key_pair_usage_with_op_flags.patch b/jss-key_pair_usage_with_op_flags.patch
new file mode 100644
index 0000000..a7ca9df
--- /dev/null
+++ b/jss-key_pair_usage_with_op_flags.patch
@@ -0,0 +1,544 @@
+diff -rupN jss-4.2.5/mozilla/security/jss/lib/jss.def jss-4.2.6/mozilla/security/jss/lib/jss.def
+--- jss-4.2.5/mozilla/security/jss/lib/jss.def 2007-05-08 18:40:14.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2009-05-30 01:57:48.000000000 -0700
+@@ -316,3 +316,12 @@ Java_org_mozilla_jss_ssl_SSLSocket_isFip
+ ;+ local:
+ ;+ *;
+ ;+};
++;+JSS_4.2.6 { # JSS 4.2.6 release
++;+ global:
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags;
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags;
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags;
++;+ local:
++;+ *;
++;+};
++
+diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
+--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java 2005-11-14 14:15:06.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java 2009-05-22 07:40:14.000000000 -0700
+@@ -81,7 +81,6 @@ public class KeyPairGenerator {
+ genKeyPair() throws TokenException {
+ return engine.generateKeyPair();
+ }
+-
+ /**
+ * @return The type of key that this generator generates.
+ */
+@@ -192,6 +191,15 @@ public class KeyPairGenerator {
+ engine.extractablePairs(extractable);
+ }
+
++ public void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages,
++ KeyPairGeneratorSpi.Usage[] usages_mask) {
++ engine.setKeyPairUsages(usages,usages_mask);
++ }
++
++
++
++
++
+ protected KeyPairAlgorithm algorithm;
+ protected KeyPairGeneratorSpi engine;
+ }
+diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
+--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java 2005-11-14 14:15:06.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java 2009-05-30 03:24:31.000000000 -0700
+@@ -60,4 +60,38 @@ public abstract class KeyPairGeneratorSp
+ public abstract void extractablePairs(boolean extractable);
+
+ public abstract boolean keygenOnInternalToken();
++
++ /**
++ * In PKCS #11, each keypair can be marked with the operations it will
++ * be used to perform. Some tokens require that a key be marked for
++ * an operation before the key can be used to perform that operation;
++ * other tokens don't care. NSS provides a way to specify a set of
++ * flags and a corresponding mask for these flags. If a specific usage
++ * is desired set the value for that usage. If it is not set, let NSS
++ * behave in it's default fashion. If a behavior is desired, also set
++ * that behavior in the mask as well as the flags.
++ *
++ */
++ public final static class Usage {
++ private Usage() { }
++ private Usage(int val) { this.val = val;}
++ private int val;
++
++ public int getVal() { return val; }
++
++ // these enums must match the
++ // and the opFlagForUsage list in PK11KeyPairGenerator.java
++ public static final Usage ENCRYPT = new Usage(0);
++ public static final Usage DECRYPT = new Usage(1);
++ public static final Usage SIGN = new Usage(2);
++ public static final Usage SIGN_RECOVER = new Usage(3);
++ public static final Usage VERIFY = new Usage(4);
++ public static final Usage VERIFY_RECOVER = new Usage(5);
++ public static final Usage WRAP = new Usage(6);
++ public static final Usage UNWRAP = new Usage(7);
++ public static final Usage DERIVE = new Usage(8);
++ }
++
++ public abstract void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages,
++ KeyPairGeneratorSpi.Usage[] usages_mask);
+ }
+diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
+--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c 2006-02-22 17:21:42.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c 2009-06-02 10:36:46.819581000 -0700
+@@ -120,13 +120,11 @@ finish:
+
+ int PK11_NumberObjectsFor(PK11SlotInfo*, CK_ATTRIBUTE*, int);
+
+-/*
+- * make a common key gen function for both this file and PK11Token.c
+- */
+ SECStatus
+-JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
++JSS_PK11_generateKeyPairWithOpFlags(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
+ PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk,
+- void *params, PRBool temporary, jint sensitive, jint extractable)
++ void *params, PRBool temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask)
+ {
+ PK11AttrFlags attrFlags = 0;
+ *privk=NULL;
+@@ -173,12 +171,16 @@ JSS_PK11_generateKeyPair(JNIEnv *env, CK
+ } else {
+ attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
+ }
+- *privk = PK11_GenerateKeyPairWithFlags(slot,
++
++ *privk = PK11_GenerateKeyPairWithOpFlags(slot,
+ mechanism,
+ params,
+ pubk,
+ attrFlags,
++ (CK_FLAGS) op_flags,
++ (CK_FLAGS) op_flags_mask/* the ones we don't want*/,
+ NULL /* default PW callback */ );
++
+ if( *privk == NULL ) {
+ int errLength;
+ char *errBuf;
+@@ -217,13 +219,28 @@ finish:
+ return SECFailure;
+ }
+
++/*
++ * make a common key gen function for both this file and PK11Token.c
++ */
++SECStatus
++JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
++ PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk,
++ void *params, PRBool temporary, jint sensitive, jint extractable)
++{
++
++ return JSS_PK11_generateKeyPairWithOpFlags(env, mechanism, slot, pubk, privk, params, temporary, sensitive, extractable, 0, 0);
++}
++
++
+ /**********************************************************************
+- * Local generic helper
++ * Local generic helpers
+ */
++
+ static jobject
+-PK11KeyPairGenerator(JNIEnv *env, jobject this, jobject token,
++PK11KeyPairGeneratorWithOpFlags(JNIEnv *env, jobject this, jobject token,
+ CK_MECHANISM_TYPE mechanism, void *params,
+- jboolean temporary, jint sensitive, jint extractable)
++ jboolean temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask)
+ {
+ PK11SlotInfo* slot;
+ SECKEYPrivateKey *privk=NULL;
+@@ -242,8 +259,8 @@ PK11KeyPairGenerator(JNIEnv *env, jobjec
+ }
+ PR_ASSERT(slot != NULL);
+
+- rv = JSS_PK11_generateKeyPair(env, mechanism, slot, &pubk, &privk,
+- params, temporary, sensitive, extractable);
++ rv = JSS_PK11_generateKeyPairWithOpFlags(env, mechanism, slot, &pubk, &privk,
++ params, temporary, sensitive, extractable, op_flags, op_flags_mask);
+ if (rv != SECSuccess) {
+ goto finish;
+ }
+@@ -267,6 +284,16 @@ finish:
+ return keyPair;
+ }
+
++static jobject
++PK11KeyPairGenerator(JNIEnv *env, jobject this, jobject token,
++ CK_MECHANISM_TYPE mechanism, void *params,
++ jboolean temporary, jint sensitive, jint extractable)
++{
++ return PK11KeyPairGeneratorWithOpFlags(env, this, token, mechanism, params, temporary, sensitive, extractable, 0, 0);
++}
++
++
++
+ /**********************************************************************
+ * PK11KeyPairGenerator.generateRSAKeyPair
+ */
+@@ -289,6 +316,30 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairG
+ ¶ms, temporary, sensitive, extractable);
+ }
+
++/**********************************************************************
++ * PK11KeyPairGenerator.generateRSAKeyPairWithOpFlags
++ */
++JNIEXPORT jobject JNICALL
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags
++ (JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent,
++ jboolean temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask)
++{
++ PK11RSAGenParams params;
++
++ PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
++
++ /**************************************************
++ * setup parameters
++ *************************************************/
++ params.keySizeInBits = keySize;
++ params.pe = publicExponent;
++
++ return PK11KeyPairGeneratorWithOpFlags(env, this, token, CKM_RSA_PKCS_KEY_PAIR_GEN,
++ ¶ms, temporary, sensitive, extractable, op_flags, op_flags_mask);
++}
++
++
+ #define ZERO_SECITEM(item) {(item).len=0; (item).data=NULL;}
+
+ /**********************************************************************
+@@ -339,6 +390,57 @@ finish:
+ return keyPair;
+ }
+
++/**********************************************************************
++ *
++ * PK11KeyPairGenerator.generateDSAKeyPair
++ *
++ */
++JNIEXPORT jobject JNICALL
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags
++ (JNIEnv *env, jobject this, jobject token, jbyteArray P, jbyteArray Q,
++ jbyteArray G, jboolean temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask)
++{
++ SECItem p, q, g;
++ PQGParams *params=NULL;
++ jobject keyPair=NULL;
++
++ PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && P!=NULL && Q!=NULL
++ && G!=NULL);
++
++ /* zero these so we can free them indiscriminately later */
++ ZERO_SECITEM(p);
++ ZERO_SECITEM(q);
++ ZERO_SECITEM(g);
++
++ /**************************************************
++ * Setup the parameters
++ *************************************************/
++ if( JSS_ByteArrayToOctetString(env, P, &p) ||
++ JSS_ByteArrayToOctetString(env, Q, &q) ||
++ JSS_ByteArrayToOctetString(env, G, &g) )
++ {
++ PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
++ goto finish;
++ }
++ params = PK11_PQG_NewParams(&p, &q, &g);
++ if(params == NULL) {
++ JSS_throw(env, OUT_OF_MEMORY_ERROR);
++ goto finish;
++ }
++ keyPair = PK11KeyPairGeneratorWithOpFlags(env, this, token, CKM_DSA_KEY_PAIR_GEN,
++ params, temporary, sensitive, extractable,
++ op_flags, op_flags_mask);
++
++finish:
++ SECITEM_FreeItem(&p, PR_FALSE);
++ SECITEM_FreeItem(&q, PR_FALSE);
++ SECITEM_FreeItem(&g, PR_FALSE);
++ PK11_PQG_DestroyParams(params);
++ return keyPair;
++}
++
++
+ void
+ DumpItem(SECItem *item)
+ {
+@@ -361,6 +463,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairG
+ (JNIEnv *env, jobject this, jobject token, jbyteArray Curve,
+ jboolean temporary, jint sensitive, jint extractable)
+ {
++
+ SECItem curve;
+ jobject keyPair=NULL;
+
+@@ -385,3 +488,39 @@ finish:
+ SECITEM_FreeItem(&curve, PR_FALSE);
+ return keyPair;
+ }
++
++/**********************************************************************
++ *
++ * PK11KeyPairGenerator.generateECKeyPairWithOpFlags
++ *
++ */
++JNIEXPORT jobject JNICALL
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags
++ (JNIEnv *env, jobject this, jobject token, jbyteArray Curve,
++ jboolean temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask)
++{
++ SECItem curve;
++ jobject keyPair=NULL;
++
++ PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && Curve!=NULL );
++
++ /* zero these so we can free them indiscriminately later */
++ ZERO_SECITEM(curve);
++
++ /**************************************************
++ * Setup the parameters
++ *************************************************/
++ if( JSS_ByteArrayToOctetString(env, Curve, &curve))
++ {
++ PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
++ goto finish;
++ }
++ keyPair = PK11KeyPairGeneratorWithOpFlags(env, this, token, CKM_EC_KEY_PAIR_GEN,
++ &curve, temporary, sensitive, extractable,
++ op_flags, op_flags_mask);
++
++finish:
++ SECITEM_FreeItem(&curve, PR_FALSE);
++ return keyPair;
++}
+diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
+--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java 2006-02-22 17:21:42.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java 2009-05-30 05:30:25.000000000 -0700
+@@ -55,6 +55,39 @@ public final class PK11KeyPairGenerator
+ extends org.mozilla.jss.crypto.KeyPairGeneratorSpi
+ {
+
++ // opFlag constants: each of these flags specifies a crypto operation
++ // the key will support. Their values must match the same-named C
++ // preprocessor macros defined in the PKCS #11 header pkcs11t.h.
++ private static final int CKF_ENCRYPT = 0x00000100;
++ private static final int CKF_DECRYPT = 0x00000200;
++ private static final int CKF_SIGN = 0x00000800;
++ private static final int CKF_SIGN_RECOVER = 0x00001000;
++ private static final int CKF_VERIFY = 0x00002000;
++ private static final int CKF_VERIFY_RECOVER = 0x00004000;
++ private static final int CKF_WRAP = 0x00020000;
++ private static final int CKF_UNWRAP = 0x00040000;
++ private static final int CKF_DERIVE = 0x00080000;
++
++ // A table for mapping SymmetricKey.Usage to opFlag. This must be
++ // synchronized with SymmetricKey.Usage.
++ private static final int opFlagForUsage[] = {
++ CKF_ENCRYPT, /* 0 */
++ CKF_DECRYPT, /* 1 */
++ CKF_SIGN, /* 2 */
++ CKF_SIGN_RECOVER, /* 3 */
++ CKF_VERIFY, /* 4 */
++ CKF_VERIFY_RECOVER, /* 5 */
++ CKF_WRAP, /* 6 */
++ CKF_UNWRAP, /* 7 */
++ CKF_DERIVE /* 8 */
++ };
++
++ // The crypto operations the key will support. It is the logical OR
++ // of the opFlag constants, each specifying a supported operation.
++ private int opFlags = 0;
++ private int opFlagsMask = 0;
++
++
+ ///////////////////////////////////////////////////////////////////////
+ ///////////////////////////////////////////////////////////////////////
+ // Constructors
+@@ -189,41 +222,45 @@ public final class PK11KeyPairGenerator
+ * Generates a key pair on a token. Uses parameters if they were passed
+ * in through a call to initialize, otherwise uses defaults.
+ */
++
+ public KeyPair generateKeyPair()
+ throws TokenException
+ {
+ if(algorithm == KeyPairAlgorithm.RSA) {
+ if(params != null) {
+ RSAParameterSpec rsaparams = (RSAParameterSpec)params;
+- return generateRSAKeyPair(
++ return generateRSAKeyPairWithOpFlags(
+ token,
+ rsaparams.getKeySize(),
+ rsaparams.getPublicExponent().longValue(),
+ temporaryPairMode,
+ sensitivePairMode,
+- extractablePairMode);
++ extractablePairMode,
++ opFlags, opFlagsMask);
+ } else {
+- return generateRSAKeyPair(
++ return generateRSAKeyPairWithOpFlags(
+ token,
+ DEFAULT_RSA_KEY_SIZE,
+ DEFAULT_RSA_PUBLIC_EXPONENT.longValue(),
+ temporaryPairMode,
+ sensitivePairMode,
+- extractablePairMode);
++ extractablePairMode,
++ opFlags, opFlagsMask);
+ }
+ } else if(algorithm == KeyPairAlgorithm.DSA ) {
+ if(params==null) {
+ params = PQG1024;
+ }
+ DSAParameterSpec dsaParams = (DSAParameterSpec)params;
+- return generateDSAKeyPair(
++ return generateDSAKeyPairWithOpFlags(
+ token,
+ PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getP()),
+ PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getQ()),
+ PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getG()),
+ temporaryPairMode,
+ sensitivePairMode,
+- extractablePairMode);
++ extractablePairMode,
++ opFlags, opFlagsMask);
+ } else {
+ Assert._assert( algorithm == KeyPairAlgorithm.EC );
+ // requires JAVA 1.5 for ECParameters.
+@@ -233,12 +270,14 @@ public final class PK11KeyPairGenerator
+ // ecParams.init(params);
+ PK11ParameterSpec ecParams = (PK11ParameterSpec) params;
+
+- return generateECKeyPair(
++ return generateECKeyPairWithOpFlags(
+ token,
+ ecParams.getEncoded(), /* curve */
+ temporaryPairMode,
+ sensitivePairMode,
+- extractablePairMode);
++ extractablePairMode,
++ opFlags,
++ opFlagsMask);
+ }
+ }
+
+@@ -266,6 +305,17 @@ public final class PK11KeyPairGenerator
+ throws TokenException;
+
+ /**
++ * Generates an RSA key pair with the given size and public exponent.
++ * Adds the ability to specify a set of flags and masks
++ * to control how NSS generates the key pair.
++ */
++ private native KeyPair
++ generateRSAKeyPairWithOpFlags(PK11Token token, int keySize, long publicExponent,
++ boolean temporary, int sensitive, int extractable,
++ int op_flags, int op_flags_mask)
++ throws TokenException;
++
++ /**
+ * Generates a DSA key pair with the given P, Q, and G values.
+ * P, Q, and G are stored as big-endian twos-complement octet strings.
+ */
+@@ -275,6 +325,19 @@ public final class PK11KeyPairGenerator
+ throws TokenException;
+
+ /**
++ * Generates a DSA key pair with the given P, Q, and G values.
++ * P, Q, and G are stored as big-endian twos-complement octet strings.
++ * Adds the ability to specify a set of flags and masks
++ * to control how NSS generates the key pair.
++ */
++ private native KeyPair
++ generateDSAKeyPairWithOpFlags(PK11Token token, byte[] P, byte[] Q, byte[] G,
++ boolean temporary, int sensitive, int extractable,
++ int op_flags, int op_flags_mask)
++ throws TokenException;
++
++
++ /**
+ * Generates a EC key pair with the given a curve.
+ * Curves are stored as DER Encoded Parameters.
+ */
+@@ -282,6 +345,18 @@ public final class PK11KeyPairGenerator
+ generateECKeyPair(PK11Token token, byte[] Curve,
+ boolean temporary, int sensitive, int extractable)
+ throws TokenException;
++ /**
++ * Generates a EC key pair with the given a curve.
++ * Curves are stored as DER Encoded Parameters.
++ * Adds the ability to specify a set of flags and masks
++ * to control how NSS generates the key pair.
++ */
++
++ private native KeyPair
++ generateECKeyPairWithOpFlags(PK11Token token, byte[] Curve,
++ boolean temporary, int sensitive, int extractable,
++ int op_flags, int op_flags_mask)
++ throws TokenException;
+
+ ///////////////////////////////////////////////////////////////////////
+ ///////////////////////////////////////////////////////////////////////
+@@ -397,6 +472,38 @@ public final class PK11KeyPairGenerator
+ extractablePairMode = extractable ? 1 : 0;
+ }
+
++ /**
++ * Sets the requested key usages desired for the
++ * generated key pair.
++ * This allows the caller to suggest how NSS generates the key pair.
++ * @param usages List of desired key usages.
++ * @param usages_mask Corresponding mask for the key usages.
++ * if a usages is desired, make sure it is in the mask as well.
++ */
++
++ public void setKeyPairUsages(org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usages,
++ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usages_mask) {
++
++ this.opFlags = 0;
++ this.opFlagsMask = 0;
++
++ if(usages != null) {
++ for( int i = 0; i < usages.length; i++ ) {
++ if( usages[i] != null ) {
++ this.opFlags |= opFlagForUsage[usages[i].getVal()];
++ }
++ }
++ }
++
++ if(usages_mask != null) {
++ for( int i = 0; i < usages_mask.length; i++ ) {
++ if( usages_mask[i] != null ) {
++ this.opFlagsMask |= opFlagForUsage[usages_mask[i].getVal()];
++ }
++ }
++ }
++ }
++
+ //
+ // requires JAVA 1.5
+ //
+diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h
+--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h 2006-02-22 17:21:42.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h 2009-05-29 08:34:24.000000000 -0700
+@@ -157,6 +157,12 @@ JSS_PK11_generateKeyPair(JNIEnv *env, CK
+ PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privK,
+ void *params, PRBool temporary, jint senstive, jint extractable);
+
++SECStatus
++JSS_PK11_generateKeyPair_withOpFlags(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
++ PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk,
++ void *params, PRBool temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask);
++
+ /*=====================================================================
+ C E R T I F I C A T E S
+ =====================================================================*/
diff --git a/jss-useragent.patch b/jss-useragent.patch
deleted file mode 100644
index fa4ff7e..0000000
--- a/jss-useragent.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- jss-4.2.4/mozilla/security/jss/org/mozilla/jss/tests/JSSE_SSLClient.java.orig 2007-02-27 09:20:28.000000000 -0500
-+++ jss-4.2.4/mozilla/security/jss/org/mozilla/jss/tests/JSSE_SSLClient.java 2007-02-27 09:22:32.000000000 -0500
-@@ -480,8 +480,8 @@
- throws IOException {
- OutputStream out = tunnel.getOutputStream();
- String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
-- + "User-Agent: "
-- + sun.net.www.protocol.http.HttpURLConnection.userAgent
-+ + "User-Agent: Java/"
-+ + System.getProperty("java.runtime.version")
- + "\r\n\r\n";
- byte b[];
- try {
diff --git a/jss.spec b/jss.spec
index a3044a3..75084e6 100644
--- a/jss.spec
+++ b/jss.spec
@@ -1,6 +1,6 @@
Name: jss
-Version: 4.2.5
-Release: 4%{?dist}
+Version: 4.2.6
+Release: 1%{?dist}
Summary: Java Security Services (JSS)
Group: System Environment/Libraries
@@ -8,27 +8,33 @@ License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/jss/
# The source for this package was pulled from upstream's cvs. Use the
# following commands to generate the tarball:
-# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot export -r JSS_4_2_5_RTM -d jss-4.2.5 -N mozilla/security/coreconf mozilla/security/jss
-# tar -czvf jss-4.2.5.tar.gz jss-4.2.5
+# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot export -r JSS_4_2_6_RTM -d jss-4.2.6 -N mozilla/security/coreconf mozilla/security/jss
+# tar -czvf jss-4.2.6.tar.gz jss-4.2.6
Source0: %{name}-%{version}.tar.gz
Source1: MPL-1.1.txt
Source2: gpl.txt
Source3: lgpl.txt
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: nss-devel >= 3.11.4
-BuildRequires: nspr-devel >= 4.6.4
+BuildRequires: nss-devel >= 3.12.0
+BuildRequires: nspr-devel >= 4.6.99
BuildRequires: java-devel
Requires: java
-# don't use sun.net.www.protocol.http.HttpURLConnection.userAgent
-Patch1: jss-useragent.patch
+Patch1: jss-key_pair_usage_with_op_flags.patch
%description
Java Security Services (JSS) is a java native interface which provides a bridge
for java-based applications to use native Network Security Services (NSS).
This only works with gcj. Other JREs require that JCE providers be signed.
+%package javadoc
+Summary: Java Security Services (JSS) Javadocs
+Group: Documentation
+Requires: jss = %{version}-%{release}
+
+%description javadoc
+This package contains the API documentation for JSS.
%prep
%setup -q
@@ -70,6 +76,7 @@ export USE_64
# The Makefile is not thread-safe
make -C mozilla/security/coreconf
make -C mozilla/security/jss
+make -C mozilla/security/jss javadoc
%install
rm -rf $RPM_BUILD_ROOT docdir
@@ -106,6 +113,10 @@ install -m 0755 mozilla/dist/Linux*.OBJ/lib/libjss4.so ${RPM_BUILD_ROOT}%{_libdi
# Behavior of other JVMs is not known but they probably enforce the signature
# as well.
+# javadoc
+install -d -m 0755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
+cp -rp mozilla/dist/jssdoc/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -116,11 +127,21 @@ rm -rf $RPM_BUILD_ROOT
%{_jnidir}/*
%{_libdir}/lib*.so
+%files javadoc
+%defattr(-,root,root,-)
+%dir %{_javadocdir}/%{name}-%{version}
+%{_javadocdir}/%{name}-%{version}/*
+
%changelog
+* Fri Jun 5 2009 Rob Crittenden 4.2.6-1
+- Update to 4.2.6
+- Include patch to add jss interface to PK11_GenerateKeyPairWithOpFlags()
+- Add javadocs subpackage
+
* Wed Feb 25 2009 Fedora Release Engineering - 4.2.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
-
+
* Tue Aug 5 2008 Tom "spot" Callaway - 4.2.5-3
- fix license tag
@@ -149,7 +170,7 @@ rm -rf $RPM_BUILD_ROOT
* Thu Mar 15 2007 Rob Crittenden 4.2.4-2
- Added RPM_OPT_FLAGS to XCFLAGS
-
- Added link to Sun JCE information
+
* Mon Feb 27 2007 Rob Crittenden 4.2.4-1
- Initial build
diff --git a/sources b/sources
index 6180d02..8e021c1 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-efa77dd4dad52d588f85906d88ea4311 jss-4.2.5.tar.gz
+ad1c59a92ddac35cce35f16341d3cd55 jss-4.2.6.tar.gz