From 87c37eec63da5d26d776c7ea726bce54e2e263ae Mon Sep 17 00:00:00 2001 From: rcritten Date: Fri, 5 Jun 2009 14:55:51 +0000 Subject: [PATCH] - Update to 4.2.6 - Include patch to add jss interface to PK11_GenerateKeyPairWithOpFlags() - Add javadocs subpackage --- .cvsignore | 2 +- jss-key_pair_usage_with_op_flags.patch | 544 +++++++++++++++++++++++++ jss-useragent.patch | 13 - jss.spec | 41 +- sources | 2 +- 5 files changed, 577 insertions(+), 25 deletions(-) create mode 100644 jss-key_pair_usage_with_op_flags.patch delete mode 100644 jss-useragent.patch diff --git a/.cvsignore b/.cvsignore index 1426d23..41eb57a 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -jss-4.2.5.tar.gz +jss-4.2.6.tar.gz diff --git a/jss-key_pair_usage_with_op_flags.patch b/jss-key_pair_usage_with_op_flags.patch new file mode 100644 index 0000000..a7ca9df --- /dev/null +++ b/jss-key_pair_usage_with_op_flags.patch @@ -0,0 +1,544 @@ +diff -rupN jss-4.2.5/mozilla/security/jss/lib/jss.def jss-4.2.6/mozilla/security/jss/lib/jss.def +--- jss-4.2.5/mozilla/security/jss/lib/jss.def 2007-05-08 18:40:14.000000000 -0700 ++++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2009-05-30 01:57:48.000000000 -0700 +@@ -316,3 +316,12 @@ Java_org_mozilla_jss_ssl_SSLSocket_isFip + ;+ local: + ;+ *; + ;+}; ++;+JSS_4.2.6 { # JSS 4.2.6 release ++;+ global: ++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags; ++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags; ++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags; ++;+ local: ++;+ *; ++;+}; ++ +diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java +--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java 2005-11-14 14:15:06.000000000 -0800 ++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java 2009-05-22 07:40:14.000000000 -0700 +@@ -81,7 +81,6 @@ public class KeyPairGenerator { + genKeyPair() throws TokenException { + return engine.generateKeyPair(); + } +- + /** + * @return The type of key that this generator generates. + */ +@@ -192,6 +191,15 @@ public class KeyPairGenerator { + engine.extractablePairs(extractable); + } + ++ public void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages, ++ KeyPairGeneratorSpi.Usage[] usages_mask) { ++ engine.setKeyPairUsages(usages,usages_mask); ++ } ++ ++ ++ ++ ++ + protected KeyPairAlgorithm algorithm; + protected KeyPairGeneratorSpi engine; + } +diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java +--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java 2005-11-14 14:15:06.000000000 -0800 ++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java 2009-05-30 03:24:31.000000000 -0700 +@@ -60,4 +60,38 @@ public abstract class KeyPairGeneratorSp + public abstract void extractablePairs(boolean extractable); + + public abstract boolean keygenOnInternalToken(); ++ ++ /** ++ * In PKCS #11, each keypair can be marked with the operations it will ++ * be used to perform. Some tokens require that a key be marked for ++ * an operation before the key can be used to perform that operation; ++ * other tokens don't care. NSS provides a way to specify a set of ++ * flags and a corresponding mask for these flags. If a specific usage ++ * is desired set the value for that usage. If it is not set, let NSS ++ * behave in it's default fashion. If a behavior is desired, also set ++ * that behavior in the mask as well as the flags. ++ * ++ */ ++ public final static class Usage { ++ private Usage() { } ++ private Usage(int val) { this.val = val;} ++ private int val; ++ ++ public int getVal() { return val; } ++ ++ // these enums must match the ++ // and the opFlagForUsage list in PK11KeyPairGenerator.java ++ public static final Usage ENCRYPT = new Usage(0); ++ public static final Usage DECRYPT = new Usage(1); ++ public static final Usage SIGN = new Usage(2); ++ public static final Usage SIGN_RECOVER = new Usage(3); ++ public static final Usage VERIFY = new Usage(4); ++ public static final Usage VERIFY_RECOVER = new Usage(5); ++ public static final Usage WRAP = new Usage(6); ++ public static final Usage UNWRAP = new Usage(7); ++ public static final Usage DERIVE = new Usage(8); ++ } ++ ++ public abstract void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages, ++ KeyPairGeneratorSpi.Usage[] usages_mask); + } +diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c +--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c 2006-02-22 17:21:42.000000000 -0800 ++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c 2009-06-02 10:36:46.819581000 -0700 +@@ -120,13 +120,11 @@ finish: + + int PK11_NumberObjectsFor(PK11SlotInfo*, CK_ATTRIBUTE*, int); + +-/* +- * make a common key gen function for both this file and PK11Token.c +- */ + SECStatus +-JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism, ++JSS_PK11_generateKeyPairWithOpFlags(JNIEnv *env, CK_MECHANISM_TYPE mechanism, + PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk, +- void *params, PRBool temporary, jint sensitive, jint extractable) ++ void *params, PRBool temporary, jint sensitive, jint extractable, ++ jint op_flags, jint op_flags_mask) + { + PK11AttrFlags attrFlags = 0; + *privk=NULL; +@@ -173,12 +171,16 @@ JSS_PK11_generateKeyPair(JNIEnv *env, CK + } else { + attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC); + } +- *privk = PK11_GenerateKeyPairWithFlags(slot, ++ ++ *privk = PK11_GenerateKeyPairWithOpFlags(slot, + mechanism, + params, + pubk, + attrFlags, ++ (CK_FLAGS) op_flags, ++ (CK_FLAGS) op_flags_mask/* the ones we don't want*/, + NULL /* default PW callback */ ); ++ + if( *privk == NULL ) { + int errLength; + char *errBuf; +@@ -217,13 +219,28 @@ finish: + return SECFailure; + } + ++/* ++ * make a common key gen function for both this file and PK11Token.c ++ */ ++SECStatus ++JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism, ++ PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk, ++ void *params, PRBool temporary, jint sensitive, jint extractable) ++{ ++ ++ return JSS_PK11_generateKeyPairWithOpFlags(env, mechanism, slot, pubk, privk, params, temporary, sensitive, extractable, 0, 0); ++} ++ ++ + /********************************************************************** +- * Local generic helper ++ * Local generic helpers + */ ++ + static jobject +-PK11KeyPairGenerator(JNIEnv *env, jobject this, jobject token, ++PK11KeyPairGeneratorWithOpFlags(JNIEnv *env, jobject this, jobject token, + CK_MECHANISM_TYPE mechanism, void *params, +- jboolean temporary, jint sensitive, jint extractable) ++ jboolean temporary, jint sensitive, jint extractable, ++ jint op_flags, jint op_flags_mask) + { + PK11SlotInfo* slot; + SECKEYPrivateKey *privk=NULL; +@@ -242,8 +259,8 @@ PK11KeyPairGenerator(JNIEnv *env, jobjec + } + PR_ASSERT(slot != NULL); + +- rv = JSS_PK11_generateKeyPair(env, mechanism, slot, &pubk, &privk, +- params, temporary, sensitive, extractable); ++ rv = JSS_PK11_generateKeyPairWithOpFlags(env, mechanism, slot, &pubk, &privk, ++ params, temporary, sensitive, extractable, op_flags, op_flags_mask); + if (rv != SECSuccess) { + goto finish; + } +@@ -267,6 +284,16 @@ finish: + return keyPair; + } + ++static jobject ++PK11KeyPairGenerator(JNIEnv *env, jobject this, jobject token, ++ CK_MECHANISM_TYPE mechanism, void *params, ++ jboolean temporary, jint sensitive, jint extractable) ++{ ++ return PK11KeyPairGeneratorWithOpFlags(env, this, token, mechanism, params, temporary, sensitive, extractable, 0, 0); ++} ++ ++ ++ + /********************************************************************** + * PK11KeyPairGenerator.generateRSAKeyPair + */ +@@ -289,6 +316,30 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairG + ¶ms, temporary, sensitive, extractable); + } + ++/********************************************************************** ++ * PK11KeyPairGenerator.generateRSAKeyPairWithOpFlags ++ */ ++JNIEXPORT jobject JNICALL ++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags ++ (JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent, ++ jboolean temporary, jint sensitive, jint extractable, ++ jint op_flags, jint op_flags_mask) ++{ ++ PK11RSAGenParams params; ++ ++ PR_ASSERT(env!=NULL && this!=NULL && token!=NULL); ++ ++ /************************************************** ++ * setup parameters ++ *************************************************/ ++ params.keySizeInBits = keySize; ++ params.pe = publicExponent; ++ ++ return PK11KeyPairGeneratorWithOpFlags(env, this, token, CKM_RSA_PKCS_KEY_PAIR_GEN, ++ ¶ms, temporary, sensitive, extractable, op_flags, op_flags_mask); ++} ++ ++ + #define ZERO_SECITEM(item) {(item).len=0; (item).data=NULL;} + + /********************************************************************** +@@ -339,6 +390,57 @@ finish: + return keyPair; + } + ++/********************************************************************** ++ * ++ * PK11KeyPairGenerator.generateDSAKeyPair ++ * ++ */ ++JNIEXPORT jobject JNICALL ++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags ++ (JNIEnv *env, jobject this, jobject token, jbyteArray P, jbyteArray Q, ++ jbyteArray G, jboolean temporary, jint sensitive, jint extractable, ++ jint op_flags, jint op_flags_mask) ++{ ++ SECItem p, q, g; ++ PQGParams *params=NULL; ++ jobject keyPair=NULL; ++ ++ PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && P!=NULL && Q!=NULL ++ && G!=NULL); ++ ++ /* zero these so we can free them indiscriminately later */ ++ ZERO_SECITEM(p); ++ ZERO_SECITEM(q); ++ ZERO_SECITEM(g); ++ ++ /************************************************** ++ * Setup the parameters ++ *************************************************/ ++ if( JSS_ByteArrayToOctetString(env, P, &p) || ++ JSS_ByteArrayToOctetString(env, Q, &q) || ++ JSS_ByteArrayToOctetString(env, G, &g) ) ++ { ++ PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL); ++ goto finish; ++ } ++ params = PK11_PQG_NewParams(&p, &q, &g); ++ if(params == NULL) { ++ JSS_throw(env, OUT_OF_MEMORY_ERROR); ++ goto finish; ++ } ++ keyPair = PK11KeyPairGeneratorWithOpFlags(env, this, token, CKM_DSA_KEY_PAIR_GEN, ++ params, temporary, sensitive, extractable, ++ op_flags, op_flags_mask); ++ ++finish: ++ SECITEM_FreeItem(&p, PR_FALSE); ++ SECITEM_FreeItem(&q, PR_FALSE); ++ SECITEM_FreeItem(&g, PR_FALSE); ++ PK11_PQG_DestroyParams(params); ++ return keyPair; ++} ++ ++ + void + DumpItem(SECItem *item) + { +@@ -361,6 +463,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairG + (JNIEnv *env, jobject this, jobject token, jbyteArray Curve, + jboolean temporary, jint sensitive, jint extractable) + { ++ + SECItem curve; + jobject keyPair=NULL; + +@@ -385,3 +488,39 @@ finish: + SECITEM_FreeItem(&curve, PR_FALSE); + return keyPair; + } ++ ++/********************************************************************** ++ * ++ * PK11KeyPairGenerator.generateECKeyPairWithOpFlags ++ * ++ */ ++JNIEXPORT jobject JNICALL ++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags ++ (JNIEnv *env, jobject this, jobject token, jbyteArray Curve, ++ jboolean temporary, jint sensitive, jint extractable, ++ jint op_flags, jint op_flags_mask) ++{ ++ SECItem curve; ++ jobject keyPair=NULL; ++ ++ PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && Curve!=NULL ); ++ ++ /* zero these so we can free them indiscriminately later */ ++ ZERO_SECITEM(curve); ++ ++ /************************************************** ++ * Setup the parameters ++ *************************************************/ ++ if( JSS_ByteArrayToOctetString(env, Curve, &curve)) ++ { ++ PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL); ++ goto finish; ++ } ++ keyPair = PK11KeyPairGeneratorWithOpFlags(env, this, token, CKM_EC_KEY_PAIR_GEN, ++ &curve, temporary, sensitive, extractable, ++ op_flags, op_flags_mask); ++ ++finish: ++ SECITEM_FreeItem(&curve, PR_FALSE); ++ return keyPair; ++} +diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java +--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java 2006-02-22 17:21:42.000000000 -0800 ++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java 2009-05-30 05:30:25.000000000 -0700 +@@ -55,6 +55,39 @@ public final class PK11KeyPairGenerator + extends org.mozilla.jss.crypto.KeyPairGeneratorSpi + { + ++ // opFlag constants: each of these flags specifies a crypto operation ++ // the key will support. Their values must match the same-named C ++ // preprocessor macros defined in the PKCS #11 header pkcs11t.h. ++ private static final int CKF_ENCRYPT = 0x00000100; ++ private static final int CKF_DECRYPT = 0x00000200; ++ private static final int CKF_SIGN = 0x00000800; ++ private static final int CKF_SIGN_RECOVER = 0x00001000; ++ private static final int CKF_VERIFY = 0x00002000; ++ private static final int CKF_VERIFY_RECOVER = 0x00004000; ++ private static final int CKF_WRAP = 0x00020000; ++ private static final int CKF_UNWRAP = 0x00040000; ++ private static final int CKF_DERIVE = 0x00080000; ++ ++ // A table for mapping SymmetricKey.Usage to opFlag. This must be ++ // synchronized with SymmetricKey.Usage. ++ private static final int opFlagForUsage[] = { ++ CKF_ENCRYPT, /* 0 */ ++ CKF_DECRYPT, /* 1 */ ++ CKF_SIGN, /* 2 */ ++ CKF_SIGN_RECOVER, /* 3 */ ++ CKF_VERIFY, /* 4 */ ++ CKF_VERIFY_RECOVER, /* 5 */ ++ CKF_WRAP, /* 6 */ ++ CKF_UNWRAP, /* 7 */ ++ CKF_DERIVE /* 8 */ ++ }; ++ ++ // The crypto operations the key will support. It is the logical OR ++ // of the opFlag constants, each specifying a supported operation. ++ private int opFlags = 0; ++ private int opFlagsMask = 0; ++ ++ + /////////////////////////////////////////////////////////////////////// + /////////////////////////////////////////////////////////////////////// + // Constructors +@@ -189,41 +222,45 @@ public final class PK11KeyPairGenerator + * Generates a key pair on a token. Uses parameters if they were passed + * in through a call to initialize, otherwise uses defaults. + */ ++ + public KeyPair generateKeyPair() + throws TokenException + { + if(algorithm == KeyPairAlgorithm.RSA) { + if(params != null) { + RSAParameterSpec rsaparams = (RSAParameterSpec)params; +- return generateRSAKeyPair( ++ return generateRSAKeyPairWithOpFlags( + token, + rsaparams.getKeySize(), + rsaparams.getPublicExponent().longValue(), + temporaryPairMode, + sensitivePairMode, +- extractablePairMode); ++ extractablePairMode, ++ opFlags, opFlagsMask); + } else { +- return generateRSAKeyPair( ++ return generateRSAKeyPairWithOpFlags( + token, + DEFAULT_RSA_KEY_SIZE, + DEFAULT_RSA_PUBLIC_EXPONENT.longValue(), + temporaryPairMode, + sensitivePairMode, +- extractablePairMode); ++ extractablePairMode, ++ opFlags, opFlagsMask); + } + } else if(algorithm == KeyPairAlgorithm.DSA ) { + if(params==null) { + params = PQG1024; + } + DSAParameterSpec dsaParams = (DSAParameterSpec)params; +- return generateDSAKeyPair( ++ return generateDSAKeyPairWithOpFlags( + token, + PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getP()), + PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getQ()), + PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getG()), + temporaryPairMode, + sensitivePairMode, +- extractablePairMode); ++ extractablePairMode, ++ opFlags, opFlagsMask); + } else { + Assert._assert( algorithm == KeyPairAlgorithm.EC ); + // requires JAVA 1.5 for ECParameters. +@@ -233,12 +270,14 @@ public final class PK11KeyPairGenerator + // ecParams.init(params); + PK11ParameterSpec ecParams = (PK11ParameterSpec) params; + +- return generateECKeyPair( ++ return generateECKeyPairWithOpFlags( + token, + ecParams.getEncoded(), /* curve */ + temporaryPairMode, + sensitivePairMode, +- extractablePairMode); ++ extractablePairMode, ++ opFlags, ++ opFlagsMask); + } + } + +@@ -266,6 +305,17 @@ public final class PK11KeyPairGenerator + throws TokenException; + + /** ++ * Generates an RSA key pair with the given size and public exponent. ++ * Adds the ability to specify a set of flags and masks ++ * to control how NSS generates the key pair. ++ */ ++ private native KeyPair ++ generateRSAKeyPairWithOpFlags(PK11Token token, int keySize, long publicExponent, ++ boolean temporary, int sensitive, int extractable, ++ int op_flags, int op_flags_mask) ++ throws TokenException; ++ ++ /** + * Generates a DSA key pair with the given P, Q, and G values. + * P, Q, and G are stored as big-endian twos-complement octet strings. + */ +@@ -275,6 +325,19 @@ public final class PK11KeyPairGenerator + throws TokenException; + + /** ++ * Generates a DSA key pair with the given P, Q, and G values. ++ * P, Q, and G are stored as big-endian twos-complement octet strings. ++ * Adds the ability to specify a set of flags and masks ++ * to control how NSS generates the key pair. ++ */ ++ private native KeyPair ++ generateDSAKeyPairWithOpFlags(PK11Token token, byte[] P, byte[] Q, byte[] G, ++ boolean temporary, int sensitive, int extractable, ++ int op_flags, int op_flags_mask) ++ throws TokenException; ++ ++ ++ /** + * Generates a EC key pair with the given a curve. + * Curves are stored as DER Encoded Parameters. + */ +@@ -282,6 +345,18 @@ public final class PK11KeyPairGenerator + generateECKeyPair(PK11Token token, byte[] Curve, + boolean temporary, int sensitive, int extractable) + throws TokenException; ++ /** ++ * Generates a EC key pair with the given a curve. ++ * Curves are stored as DER Encoded Parameters. ++ * Adds the ability to specify a set of flags and masks ++ * to control how NSS generates the key pair. ++ */ ++ ++ private native KeyPair ++ generateECKeyPairWithOpFlags(PK11Token token, byte[] Curve, ++ boolean temporary, int sensitive, int extractable, ++ int op_flags, int op_flags_mask) ++ throws TokenException; + + /////////////////////////////////////////////////////////////////////// + /////////////////////////////////////////////////////////////////////// +@@ -397,6 +472,38 @@ public final class PK11KeyPairGenerator + extractablePairMode = extractable ? 1 : 0; + } + ++ /** ++ * Sets the requested key usages desired for the ++ * generated key pair. ++ * This allows the caller to suggest how NSS generates the key pair. ++ * @param usages List of desired key usages. ++ * @param usages_mask Corresponding mask for the key usages. ++ * if a usages is desired, make sure it is in the mask as well. ++ */ ++ ++ public void setKeyPairUsages(org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usages, ++ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usages_mask) { ++ ++ this.opFlags = 0; ++ this.opFlagsMask = 0; ++ ++ if(usages != null) { ++ for( int i = 0; i < usages.length; i++ ) { ++ if( usages[i] != null ) { ++ this.opFlags |= opFlagForUsage[usages[i].getVal()]; ++ } ++ } ++ } ++ ++ if(usages_mask != null) { ++ for( int i = 0; i < usages_mask.length; i++ ) { ++ if( usages_mask[i] != null ) { ++ this.opFlagsMask |= opFlagForUsage[usages_mask[i].getVal()]; ++ } ++ } ++ } ++ } ++ + // + // requires JAVA 1.5 + // +diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h +--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h 2006-02-22 17:21:42.000000000 -0800 ++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h 2009-05-29 08:34:24.000000000 -0700 +@@ -157,6 +157,12 @@ JSS_PK11_generateKeyPair(JNIEnv *env, CK + PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privK, + void *params, PRBool temporary, jint senstive, jint extractable); + ++SECStatus ++JSS_PK11_generateKeyPair_withOpFlags(JNIEnv *env, CK_MECHANISM_TYPE mechanism, ++ PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk, ++ void *params, PRBool temporary, jint sensitive, jint extractable, ++ jint op_flags, jint op_flags_mask); ++ + /*===================================================================== + C E R T I F I C A T E S + =====================================================================*/ diff --git a/jss-useragent.patch b/jss-useragent.patch deleted file mode 100644 index fa4ff7e..0000000 --- a/jss-useragent.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- jss-4.2.4/mozilla/security/jss/org/mozilla/jss/tests/JSSE_SSLClient.java.orig 2007-02-27 09:20:28.000000000 -0500 -+++ jss-4.2.4/mozilla/security/jss/org/mozilla/jss/tests/JSSE_SSLClient.java 2007-02-27 09:22:32.000000000 -0500 -@@ -480,8 +480,8 @@ - throws IOException { - OutputStream out = tunnel.getOutputStream(); - String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n" -- + "User-Agent: " -- + sun.net.www.protocol.http.HttpURLConnection.userAgent -+ + "User-Agent: Java/" -+ + System.getProperty("java.runtime.version") - + "\r\n\r\n"; - byte b[]; - try { diff --git a/jss.spec b/jss.spec index a3044a3..75084e6 100644 --- a/jss.spec +++ b/jss.spec @@ -1,6 +1,6 @@ Name: jss -Version: 4.2.5 -Release: 4%{?dist} +Version: 4.2.6 +Release: 1%{?dist} Summary: Java Security Services (JSS) Group: System Environment/Libraries @@ -8,27 +8,33 @@ License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/jss/ # The source for this package was pulled from upstream's cvs. Use the # following commands to generate the tarball: -# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot export -r JSS_4_2_5_RTM -d jss-4.2.5 -N mozilla/security/coreconf mozilla/security/jss -# tar -czvf jss-4.2.5.tar.gz jss-4.2.5 +# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot export -r JSS_4_2_6_RTM -d jss-4.2.6 -N mozilla/security/coreconf mozilla/security/jss +# tar -czvf jss-4.2.6.tar.gz jss-4.2.6 Source0: %{name}-%{version}.tar.gz Source1: MPL-1.1.txt Source2: gpl.txt Source3: lgpl.txt BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: nss-devel >= 3.11.4 -BuildRequires: nspr-devel >= 4.6.4 +BuildRequires: nss-devel >= 3.12.0 +BuildRequires: nspr-devel >= 4.6.99 BuildRequires: java-devel Requires: java -# don't use sun.net.www.protocol.http.HttpURLConnection.userAgent -Patch1: jss-useragent.patch +Patch1: jss-key_pair_usage_with_op_flags.patch %description Java Security Services (JSS) is a java native interface which provides a bridge for java-based applications to use native Network Security Services (NSS). This only works with gcj. Other JREs require that JCE providers be signed. +%package javadoc +Summary: Java Security Services (JSS) Javadocs +Group: Documentation +Requires: jss = %{version}-%{release} + +%description javadoc +This package contains the API documentation for JSS. %prep %setup -q @@ -70,6 +76,7 @@ export USE_64 # The Makefile is not thread-safe make -C mozilla/security/coreconf make -C mozilla/security/jss +make -C mozilla/security/jss javadoc %install rm -rf $RPM_BUILD_ROOT docdir @@ -106,6 +113,10 @@ install -m 0755 mozilla/dist/Linux*.OBJ/lib/libjss4.so ${RPM_BUILD_ROOT}%{_libdi # Behavior of other JVMs is not known but they probably enforce the signature # as well. +# javadoc +install -d -m 0755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} +cp -rp mozilla/dist/jssdoc/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} + %clean rm -rf $RPM_BUILD_ROOT @@ -116,11 +127,21 @@ rm -rf $RPM_BUILD_ROOT %{_jnidir}/* %{_libdir}/lib*.so +%files javadoc +%defattr(-,root,root,-) +%dir %{_javadocdir}/%{name}-%{version} +%{_javadocdir}/%{name}-%{version}/* + %changelog +* Fri Jun 5 2009 Rob Crittenden 4.2.6-1 +- Update to 4.2.6 +- Include patch to add jss interface to PK11_GenerateKeyPairWithOpFlags() +- Add javadocs subpackage + * Wed Feb 25 2009 Fedora Release Engineering - 4.2.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - + * Tue Aug 5 2008 Tom "spot" Callaway - 4.2.5-3 - fix license tag @@ -149,7 +170,7 @@ rm -rf $RPM_BUILD_ROOT * Thu Mar 15 2007 Rob Crittenden 4.2.4-2 - Added RPM_OPT_FLAGS to XCFLAGS - - Added link to Sun JCE information + * Mon Feb 27 2007 Rob Crittenden 4.2.4-1 - Initial build diff --git a/sources b/sources index 6180d02..8e021c1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -efa77dd4dad52d588f85906d88ea4311 jss-4.2.5.tar.gz +ad1c59a92ddac35cce35f16341d3cd55 jss-4.2.6.tar.gz