.gitignore

@@ -1 +1,52 @@
-SOURCES/jss-4.9.4.tar.gz
+# Local build files
+jss-*.src.rpm
+jss-*/
+x86_64/
+.build-*.log
+
+# Releases
+jss-4.2.6.tar.gz
+/jss-4.2.6.tar.gz
+/jss-4.4.0.tar.gz
+/jss-4.4.1.tar.gz
+/jss-4.4.2.tar.gz
+/jss-4.4.3.tar.gz
+/jss-4.4.4.tar.gz
+/jss-4.5.0-a1.tar.gz
+/jss-4.5.0-a2.tar.gz
+/jss-4.5.0-a3.tar.gz
+/jss-4.5.0-a4.tar.gz
+/jss-4.5.0-b1.tar.gz
+/jss-4.5.0.tar.gz
+/jss-4.5.1.tar.gz
+/jss-4.5.2.tar.gz
+/jss-4.5.3.tar.gz
+/jss-4.6.1.tar.gz
+/jss-4.6.2.tar.gz
+/jss-4.6.3.tar.gz
+/jss-4.6.4.tar.gz
+/jss-4.7.0-b2.tar.gz
+/jss-4.7.0-b4.tar.gz
+/jss-4.7.0.tar.gz
+/jss-4.7.2.tar.gz
+/jss-4.7.3.tar.gz
+/jss-4.8.0-b1.tar.gz
+/jss-4.8.0.tar.gz
+/jss-4.8.1.tar.gz
+/jss-4.9.0-alpha1.tar.gz
+/jss-5.0.0-alpha1.tar.gz
+/jss-5.0.0-beta1.tar.gz
+/jss-5.0.0.tar.gz
+/jss-5.0.1.tar.gz
+/jss-5.0.2.tar.gz
+/jss-5.0.3.tar.gz
+/jss-5.2.0-beta1.tar.gz
+/jss-5.2.0-beta2.tar.gz
+/jss-5.2.0.tar.gz
+/jss-5.2.1.tar.gz
+/jss-5.3.0-beta1.tar.gz
+/jss-5.3.0-beta2.tar.gz
+/jss-5.3.0.tar.gz
+/jss-5.4.1.tar.gz
+/jss-5.5.0-alpha3.tar.gz
+/jss-5.5.0.tar.gz

.jss.metadata

@@ -1 +1 @@
-b99d8fd7a9296f7cf480ca92a097dcf18c41eb53 SOURCES/jss-4.9.4.tar.gz
+6676c7d420ad45f610e9f5ba7513e77186ddb5be jss-5.5.0.tar.gz

SPECS/jss.spec

@@ -1,296 +0,0 @@
-################################################################################
-Name:           jss
-################################################################################
-
-%global         major_version 4
-%global         minor_version 9
-%global         update_version 4
-
-Summary:        Java Security Services (JSS)
-URL:            http://www.dogtagpki.org/wiki/JSS
-License:        MPLv1.1 or GPLv2+ or LGPLv2+
-
-# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
-# For official (i.e. supported) releases, use x.y.z-r where r >=1.
-Version:        %{major_version}.%{minor_version}.%{update_version}
-Release:        1%{?_timestamp}%{?_commit_id}%{?dist}
-#global         _phase -alpha1
-
-# To generate the source tarball:
-# $ git clone https://github.com/dogtagpki/jss.git
-# $ cd jss
-# $ git tag v4.5.<z>
-# $ git push origin v4.5.<z>
-# Then go to https://github.com/dogtagpki/jss/releases and download the source
-# tarball.
-Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phase}/%{name}-%{version}%{?_phase}.tar.gz
-
-# To create a patch for all changes since a version tag:
-# $ git format-patch \
-#     --stdout \
-#     <version tag> \
-#     > jss-VERSION-RELEASE.patch
-# Patch: jss-VERSION-RELEASE.patch
-
-################################################################################
-# Java
-################################################################################
-
-%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
-%define java_devel java-1.8.0-openjdk-devel
-%define java_headless java-1.8.0-openjdk-headless
-%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
-%else
-%define java_devel java-11-openjdk-devel
-%define java_headless java-11-openjdk-headless
-%define java_home /usr/lib/jvm/jre-11-openjdk
-%endif
-
-################################################################################
-# Build Options
-################################################################################
-
-# By default the build will execute unit tests unless --without test
-# option is specified.
-
-%bcond_without test
-
-################################################################################
-# Build Dependencies
-################################################################################
-
-BuildRequires:  make
-BuildRequires:  cmake >= 3.14
-BuildRequires:  zip
-BuildRequires:  unzip
-
-BuildRequires:  gcc-c++
-BuildRequires:  nss-devel >= 3.44
-BuildRequires:  nss-tools >= 3.44
-BuildRequires:  %{java_devel}
-BuildRequires:  jpackage-utils
-BuildRequires:  slf4j
-BuildRequires:  glassfish-jaxb-api
-BuildRequires:  slf4j-jdk14
-BuildRequires:  apache-commons-lang3
-
-BuildRequires:  junit
-
-Requires:       nss >= 3.44
-Requires:       %{java_headless}
-Requires:       jpackage-utils
-Requires:       slf4j
-Requires:       glassfish-jaxb-api
-Requires:       slf4j-jdk14
-Requires:       apache-commons-lang3
-
-Provides:       jss = %{major_version}.%{minor_version}
-
-Conflicts:      ldapjdk < 4.20
-Conflicts:      idm-console-framework < 1.2
-Conflicts:      tomcatjss < 7.6.0
-Conflicts:      pki-base < 10.10.0
-
-%description
-Java Security Services (JSS) is a java native interface which provides a bridge
-for java-based applications to use native Network Security Services (NSS).
-This only works with gcj. Other JREs require that JCE providers be signed.
-
-################################################################################
-%package javadoc
-################################################################################
-
-Summary:        Java Security Services (JSS) Javadocs
-
-Provides:       javadoc = %{major_version}.%{minor_version}
-
-%description javadoc
-This package contains the API documentation for JSS.
-
-################################################################################
-%prep
-
-%autosetup -n %{name}-%{version}%{?_phase} -p 1
-
-################################################################################
-%build
-
-%set_build_flags
-
-# Enable compiler optimizations
-export BUILD_OPT=1
-
-# Generate symbolic info for debuggers
-CFLAGS="-g $RPM_OPT_FLAGS"
-export CFLAGS
-
-# Check if we're in FIPS mode
-modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1
-
-# The Makefile is not thread-safe
-%cmake \
-    -DVERSION=%{version} \
-    -DJAVA_HOME=%{java_home} \
-    -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
-    -DJSS_LIB_INSTALL_DIR=%{_libdir}/jss \
-    -B %{_vpath_builddir}
-
-cd %{_vpath_builddir}
-
-%{__make} \
-    VERBOSE=%{?_verbose} \
-    CMAKE_NO_VERBOSE=1 \
-    --no-print-directory \
-    all
-
-%{__make} \
-    VERBOSE=%{?_verbose} \
-    CMAKE_NO_VERBOSE=1 \
-    --no-print-directory \
-    javadoc
-
-%if %{with test}
-ctest --output-on-failure
-%endif
-
-################################################################################
-%install
-
-cd %{_vpath_builddir}
-
-%{__make} \
-    VERBOSE=%{?_verbose} \
-    CMAKE_NO_VERBOSE=1 \
-    DESTDIR=%{buildroot} \
-    INSTALL="install -p" \
-    --no-print-directory \
-    install
-
-################################################################################
-%files
-
-%defattr(-,root,root,-)
-%doc jss.html
-%license MPL-1.1.txt gpl.txt lgpl.txt
-%{_libdir}/*
-%{_jnidir}/*
-
-################################################################################
-%files javadoc
-
-%defattr(-,root,root,-)
-%{_javadocdir}/%{name}-%{version}/
-
-################################################################################
-%changelog
-* Wed Jun 01 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.4-1
-- Rebase to JSS 4.9.4
-- Bug 2013674 - JSS cannot be properly initialized after using another NSS-backed security provider
-
-* Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.3-1
-- Rebase to JSS 4.9.3
-- Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8]
-
-* Mon Nov 15 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.2-1
-- Rebase to JSS 4.9.2
-
-* Tue Sep 21 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.1-1
-- Rebase to JSS 4.9.1
-
-* Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-1
-- Rebase to JSS 4.9.0
-
-* Fri Jun 11 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.2
-- Rebase to JSS 4.9.0-alpha2
-
-* Wed Jun 02 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.1
-- Rebase to JSS 4.9.0-alpha1
-
-* Thu Jan 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.1-1
-- Rebase to upstream JSS v4.8.1
-- Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class
-- Red Hat Bugilla #1489256 - [RFE] jss should support RSA with OAEP padding
-
-* Wed Nov 18 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-2
-- Only check PKCS11Constants on beta builds
-- Bump tomcatjss, pki-core conflicts due to lang3
-
-* Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-1
-- Rebase to upstream JSS v4.8.0
-
-* Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-0.1
-- Rebase to upstream JSS v4.8.0-b1
-
-* Fri Sep 11 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.3-1
-- Rebase to upstream stable release JSS v4.7.3
-- Red Hat Bugzilla #1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add
-
-* Thu Aug 06 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.2-1
-- Rebase to upstream stable release JSS v4.7.2
-- Red Hat Bugzilla #1822246 - Fix SSLSocket NULL pointer deference after close
-
-* Fri Jul 31 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.1-1
-- Rebase to upstream stable release JSS v4.7.1
-
-* Thu Jul 09 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-1
-- Rebase to upstream stable release JSS v4.7.0
-- Fixed TestSSLEngine
-
-* Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.4
-- Rebased to JSS 4.7.0-b4
-
-* Mon Jun 22 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.3
-- Rebased to JSS 4.7.0-b3
-
-* Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.1
-- Rebased to JSS 4.7.0-b1
-
-* Mon Mar 23 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-4
-- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing
-
-* Mon Mar 02 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-3
-- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing
-
-* Tue Oct 29 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-2
-- Red Hat Bugzilla #1730767 - JSS: Wrap NSS CMAC + KDF implementations
-- Rebased to JSS 4.6.2
-
-* Wed Sep 11 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-5
-- Red Hat Bugzilla #1747987 - CVE 2019-14823 jss: OCSP policy "Leaf and Chain" implicitly trusts the root certificate
-
-* Wed Aug 14 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-4
-- Red Hat Bugzilla #1698059 - pki-core implements crypto
-
-* Tue Jul 16 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-3
-- Red Hat Bugzilla #1721135 - JSS - LD_FLAGS support
-
-* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-2
-- Minor updates to release
-
-* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-1
-- Rebased to JSS 4.6.0
-
-* Thu Apr 25 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.3-1
-- Rebased to JSS 4.5.3
-
-* Fri Aug 10 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-1
-- Rebased to JSS 4.5.0
-
-* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.6
-- Rebased to JSS 4.5.0-b1
-
-* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.5
-- Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3)
-
-* Fri Jul 20 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.4
-- Rebased to JSS 4.5.0-a4
-- Red Hat Bugzilla #1604462 - jss: FTBFS in Fedora rawhide
-
-* Thu Jul 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.3
-- Rebased to JSS 4.5.0-a3
-
-* Fri Jun 22 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.2
-- Rebased to JSS 4.5.0-a2
-
-* Fri Jun 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.1
-- Rebased to JSS 4.5.0-a1

copr-build.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+REPO=$1
+
+if [ "$REPO" == "" ]; then
+    REPO="pki-10.6"
+fi
+
+fedpkg copr-build --nowait $REPO

gating.yaml

@@ -0,0 +1,7 @@
+# recipients: rhcs-team
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

jss.rpmlintrc

@@ -0,0 +1,5 @@
+addFilter('W: spelling-error')
+addFilter('W: dangling-symlink')
+addFilter('W: no-manual-page-for-binary')
+addFilter('W: log-files-without-logrotate')
+

jss.spec

@@ -0,0 +1,422 @@
+################################################################################
+Name:           jss
+################################################################################
+
+%global         product_id idm-jss
+
+# Upstream version number:
+%global         major_version 5
+%global         minor_version 5
+%global         update_version 0
+
+# Downstream release number:
+# - development/stabilization (unsupported): 0.<n> where n >= 1
+# - GA/update (supported): <n> where n >= 1
+%global         release_number 1
+
+# Development phase:
+# - development (unsupported): alpha<n> where n >= 1
+# - stabilization (unsupported): beta<n> where n >= 1
+# - GA/update (supported): <none>
+#global         phase
+
+%undefine       timestamp
+%undefine       commit_id
+
+Summary:        Java Security Services (JSS)
+URL:            https://github.com/dogtagpki/jss
+License:        (MPL-1.1 or GPL-2.0-or-later or LGPL-2.1-or-later) and Apache-2.0
+Version:        %{major_version}.%{minor_version}.%{update_version}
+Release:        %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
+
+# To generate the source tarball:
+# $ git clone https://github.com/dogtagpki/jss.git
+# $ cd jss
+# $ git tag v4.5.<z>
+# $ git push origin v4.5.<z>
+# Then go to https://github.com/dogtagpki/jss/releases and download the source
+# tarball.
+Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?phase:-}%{?phase}/jss-%{version}%{?phase:-}%{?phase}.tar.gz
+
+# To create a patch for all changes since a version tag:
+# $ git format-patch \
+#     --stdout \
+#     <version tag> \
+#     > jss-VERSION-RELEASE.patch
+# Patch: jss-VERSION-RELEASE.patch
+
+%if 0%{?java_arches:1}
+ExclusiveArch: %{java_arches}
+%else
+ExcludeArch: i686
+%endif
+
+################################################################################
+# Java
+################################################################################
+
+%define java_devel java-17-openjdk-devel
+%define java_headless java-17-openjdk-headless
+%define java_home %{_jvmdir}/jre-17-openjdk
+
+################################################################################
+# Build Options
+################################################################################
+
+# By default the javadoc package will be built unless --without javadoc
+# option is specified.
+
+%bcond_without javadoc
+
+# By default the build will not execute unit tests unless --with tests
+# option is specified.
+
+%bcond_with tests
+
+################################################################################
+# Build Dependencies
+################################################################################
+
+BuildRequires:  make
+BuildRequires:  cmake >= 3.14
+BuildRequires:  zip
+BuildRequires:  unzip
+
+BuildRequires:  gcc-c++
+BuildRequires:  nss-devel >= 3.66
+BuildRequires:  nss-tools >= 3.66
+
+BuildRequires:  %{java_devel}
+BuildRequires:  maven-local
+BuildRequires:  mvn(org.apache.commons:commons-lang3)
+BuildRequires:  mvn(org.slf4j:slf4j-api)
+BuildRequires:  mvn(org.slf4j:slf4j-jdk14)
+BuildRequires:  mvn(junit:junit)
+
+%description
+Java Security Services (JSS) is a java native interface which provides a bridge
+for java-based applications to use native Network Security Services (NSS).
+This only works with gcj. Other JREs require that JCE providers be signed.
+
+################################################################################
+%package -n %{product_id}
+################################################################################
+
+Summary:        Java Security Services (JSS)
+
+Requires:       nss >= 3.66
+
+Requires:       %{java_headless}
+Requires:       mvn(org.apache.commons:commons-lang3)
+Requires:       mvn(org.slf4j:slf4j-api)
+Requires:       mvn(org.slf4j:slf4j-jdk14)
+
+Obsoletes:      jss < %{version}-%{release}
+Provides:       jss = %{version}-%{release}
+Provides:       jss = %{major_version}.%{minor_version}
+Provides:       %{product_id} = %{major_version}.%{minor_version}
+
+Conflicts:      ldapjdk < 4.20
+Conflicts:      idm-console-framework < 1.2
+Conflicts:      pki-base < 10.10.0
+
+%description -n %{product_id}
+Java Security Services (JSS) is a java native interface which provides a bridge
+for java-based applications to use native Network Security Services (NSS).
+This only works with gcj. Other JREs require that JCE providers be signed.
+
+################################################################################
+%package -n %{product_id}-tomcat
+################################################################################
+
+Summary:        Java Security Services (JSS) Connector for Tomcat
+
+# Tomcat
+BuildRequires:  mvn(org.apache.tomcat:tomcat-catalina) >= 9.0.62
+BuildRequires:  mvn(org.apache.tomcat:tomcat-coyote) >= 9.0.62
+BuildRequires:  mvn(org.apache.tomcat:tomcat-juli) >= 9.0.62
+
+Requires:       %{product_id} = %{version}-%{release}
+Requires:       mvn(org.apache.tomcat:tomcat-catalina) >= 9.0.62
+Requires:       mvn(org.apache.tomcat:tomcat-coyote) >= 9.0.62
+Requires:       mvn(org.apache.tomcat:tomcat-juli) >= 9.0.62
+
+# Tomcat JSS has been replaced with JSS Connector for Tomcat.
+# This will remove installed Tomcat JSS packages.
+Obsoletes:      tomcatjss <= 8.5
+Conflicts:      tomcatjss <= 8.5
+Obsoletes:      idm-tomcatjss <= 8.5
+Conflicts:      idm-tomcatjss <= 8.5
+
+%if 0%{?rhel} <= 8
+# PKI Servlet Engine has been replaced with Tomcat.
+# This will remove installed PKI Servlet Engine packages.
+Obsoletes:      pki-servlet-engine <= 9.0
+Conflicts:      pki-servlet-engine <= 9.0
+%endif
+
+%description -n %{product_id}-tomcat
+JSS Connector for Tomcat is a Java Secure Socket Extension (JSSE)
+module for Apache Tomcat that uses Java Security Services (JSS),
+a Java interface to Network Security Services (NSS).
+
+%if %{with javadoc}
+################################################################################
+%package -n %{product_id}-javadoc
+################################################################################
+
+Summary:        Java Security Services (JSS) Javadocs
+
+Obsoletes:      jss-javadoc < %{version}-%{release}
+Provides:       jss-javadoc = %{version}-%{release}
+Provides:       jss-javadoc = %{major_version}.%{minor_version}
+Provides:       %{product_id}-javadoc = %{major_version}.%{minor_version}
+
+%description -n %{product_id}-javadoc
+This package contains the API documentation for JSS.
+%endif
+
+%if %{with tests}
+################################################################################
+%package -n %{product_id}-tests
+################################################################################
+
+Summary:        Java Security Services (JSS) Tests
+
+BuildRequires:  mvn(org.junit.jupiter:junit-jupiter)
+BuildRequires:  mvn(org.opentest4j:opentest4j)
+
+%description -n %{product_id}-tests
+This package provides test suite for JSS.
+
+# with tests
+%endif
+
+################################################################################
+%prep
+################################################################################
+
+%autosetup -n jss-%{version}%{?phase:-}%{?phase} -p 1
+
+# disable native modules since they will be built by CMake
+%pom_disable_module native
+%pom_disable_module symkey
+
+# do not ship examples
+%pom_disable_module examples
+
+# flatten-maven-plugin is not available in RPM
+%pom_remove_plugin org.codehaus.mojo:flatten-maven-plugin
+
+# specify Maven artifact locations
+%mvn_file org.dogtagpki.jss:jss-tomcat         jss/jss-tomcat
+%mvn_file org.dogtagpki.jss:jss-tomcat-9.0     jss/jss-tomcat-9.0
+
+# specify Maven artifact packages
+%mvn_package org.dogtagpki.jss:jss-tomcat      jss-tomcat
+%mvn_package org.dogtagpki.jss:jss-tomcat-9.0  jss-tomcat
+
+################################################################################
+%build
+################################################################################
+
+# Set build flags for CMake
+# (see /usr/lib/rpm/macros.d/macros.cmake)
+%set_build_flags
+
+export JAVA_HOME=%{java_home}
+
+# Enable compiler optimizations
+export BUILD_OPT=1
+
+# Generate symbolic info for debuggers
+CFLAGS="-g $RPM_OPT_FLAGS"
+export CFLAGS
+
+# Check if we're in FIPS mode
+modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1
+
+# build Java code, run Java tests, and build Javadoc with Maven
+%mvn_build %{!?with_tests:-f} %{!?with_javadoc:-j}
+
+# create links to Maven-built classes for CMake
+mkdir -p %{_vpath_builddir}/classes/jss
+ln -sf ../../../base/target/classes/org %{_vpath_builddir}/classes/jss
+%if %{with tests}
+mkdir -p %{_vpath_builddir}/classes/tests
+ln -sf ../../../base/target/test-classes/org %{_vpath_builddir}/classes/tests
+%endif
+
+# create links to Maven-built JAR files for CMake
+ln -sf ../base/target/jss.jar %{_vpath_builddir}
+%if %{with tests}
+ln -sf ../base/target/jss-tests.jar %{_vpath_builddir}
+%endif
+
+# create links to Maven-built headers for CMake
+mkdir -p %{_vpath_builddir}/include/jss
+ln -sf ../../../base/target/include/_jni %{_vpath_builddir}/include/jss/_jni
+
+# mark Maven-built targets so that CMake will not rebuild them
+mkdir -p %{_vpath_builddir}/.targets
+touch %{_vpath_builddir}/.targets/finished_generate_java
+%if %{with tests}
+touch %{_vpath_builddir}/.targets/finished_tests_generate_java
+%endif
+%if %{with javadoc}
+touch %{_vpath_builddir}/.targets/finished_generate_javadocs
+%endif
+
+# build native code and run native tests with CMake
+./build.sh \
+    %{?_verbose:-v} \
+    --work-dir=%{_vpath_builddir} \
+    --prefix-dir=%{_prefix} \
+    --include-dir=%{_includedir} \
+    --lib-dir=%{_libdir} \
+    --sysconf-dir=%{_sysconfdir} \
+    --share-dir=%{_datadir} \
+    --cmake=%{__cmake} \
+    --java-home=%{java_home} \
+    --jni-dir=%{_jnidir} \
+    --version=%{version} \
+    --without-java \
+    --without-javadoc \
+    %{!?with_tests:--without-tests} \
+    dist
+
+################################################################################
+%install
+################################################################################
+
+# install Java binaries and Javadoc
+%mvn_install
+
+# install jss.jar
+mkdir -p %{buildroot}%{_javadir}/jss
+cp base/target/jss.jar %{buildroot}%{_javadir}/jss/jss.jar
+
+# create links for backward compatibility
+mkdir -p %{buildroot}%{_jnidir}
+ln -sf ../../..%{_javadir}/jss/jss.jar %{buildroot}%{_jnidir}/jss.jar
+
+mkdir -p %{buildroot}%{_libdir}/jss
+ln -sf ../../..%{_javadir}/jss/jss.jar %{buildroot}%{_libdir}/jss/jss.jar
+
+# install native binaries
+./build.sh \
+    %{?_verbose:-v} \
+    --work-dir=%{_vpath_builddir} \
+    --install-dir=%{buildroot} \
+    --without-java \
+    install
+
+# install tests binaries
+%if %{with tests}
+mkdir -p %{buildroot}%{_datadir}/jss/tests/lib
+cp base/target/jss-tests.jar %{buildroot}%{_datadir}/jss/tests/lib
+%endif
+
+################################################################################
+%files -n %{product_id} -f .mfiles
+################################################################################
+
+%doc jss.html
+%license MPL-1.1.txt gpl.txt lgpl.txt symkey/LICENSE
+%{_javadir}/jss/jss.jar
+%{_jnidir}/jss.jar
+%{_libdir}/jss/jss.jar
+%{_libdir}/jss/libjss.so
+%{_libdir}/jss/libjss-symkey.so
+
+################################################################################
+%files -n %{product_id}-tomcat -f .mfiles-jss-tomcat
+################################################################################
+
+%if %{with javadoc}
+################################################################################
+%files -n %{product_id}-javadoc -f .mfiles-javadoc
+################################################################################
+%endif
+
+%if %{with tests}
+################################################################################
+%files -n %{product_id}-tests
+################################################################################
+
+%{_datadir}/jss/tests/
+
+# with tests
+%endif
+
+################################################################################
+%changelog
+* Wed Feb 21 2024 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.5.0-1
+- Rebase to JSS 5.5.0
+
+* Thu Feb 01 2024 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.5.0-0.4
+- Rebuild with side tag
+
+* Mon Jan 29 2024 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.5.0-0.3
+- Add Obsoletes/Conflicts for idm-tomcatjss
+
+* Mon Dec 11 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.5.0-0.2
+- Rebuild with side tag
+
+* Wed Dec 06 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.5.0-0.1
+- Rebase to JSS 5.5.0-alpha3
+
+* Thu Feb 09 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-1
+- Rebase to JSS 5.3.0
+
+* Thu Jan 05 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-0.3.beta2
+- Rebase to JSS 5.3.0-beta2
+- Bug 2017098 - pki pkcs12-cert-add command failing with 'Unable to validate PKCS #12 file: Digests do not match' exception
+
+* Wed Nov 30 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-0.2.beta1
+- Rebase to JSS 5.3.0-beta1
+
+* Fri Sep 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.1-1
+- Rebase to JSS 5.2.1
+- Bug 2100807 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled
+
+* Wed Jun 29 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-1
+- Rebase to JSS 5.2.0
+
+* Mon May 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-0.3.beta2
+- Rebase to JSS 5.2.0-beta2
+- Rename packages to idm-jss
+
+* Wed Apr 13 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-0.2.beta1
+- Rebase to JSS 5.2.0-beta1
+
+* Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.3-1
+- Rebase to JSS 5.0.3
+- Bug 2046023 - CVE-2021-4213 jss: memory leak in TLS connection leads to OOM [rhel-9.0]
+
+* Wed Feb 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.2-1
+- Rebase to JSS 5.0.2
+- Bug 2029838 - SHA1withRSA being listed in signing certificates while approving certificate via Agent page in browser
+
+* Fri Nov 19 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.1-1
+- Rebase to JSS 5.0.1
+
+* Tue Oct 05 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-1
+- Rebase to JSS 5.0.0
+
+* Thu Sep 16 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.5.beta1
+- Rebase to JSS 5.0.0-beta1
+
+* Thu Sep 09 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.4.alpha1
+- Drop BuildRequires and Requires on glassfish-jaxb-api
+  Resolves #2002576
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.0.0-0.3.alpha1
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Mon Aug  2 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.2
+- Drop javadoc package
+
+* Fri Jun 25 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.1
+- Rebase to JSS 5.0.0-alpha1

rpminspect.yaml

@@ -0,0 +1,3 @@
+---
+inspections:
+    javabytecode: off

sources

@@ -0,0 +1 @@
+SHA512 (jss-5.5.0.tar.gz) = bda0b4df1ef08a264525c9124a29f57945e3a24adadda609b54032d840a1c311d522e34f29bb2246d03d493d108d425a64e4826edcc8a296a2f55b1cdd8a95c0

sources-update.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+SOURCE=$1
+TARGET=`basename $1`
+
+cp $SOURCE $TARGET
+sha512sum --tag $TARGET > sources

tests/roles/Test_Setup/files/ca.cfg

@@ -0,0 +1,25 @@
+[DEFAULT]
+pki_server_database_password=Secret.123
+
+[CA]
+pki_admin_email=caadmin@example.com
+pki_admin_name=caadmin
+pki_admin_nickname=caadmin
+pki_admin_password=Secret.123
+pki_admin_uid=caadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
+pki_ds_database=ca
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+
+pki_ca_signing_nickname=ca_signing
+pki_ocsp_signing_nickname=ca_ocsp_signing
+pki_audit_signing_nickname=ca_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem

tests/roles/Test_Setup/files/ds-create.sh

@@ -0,0 +1,24 @@
+#!/bin/bash -ex
+
+# This command needs to be executed as it pulls the machine name
+# dynamically.
+dscreate create-template /tmp/test_dir/ds.inf
+
+sed -i \
+    -e "s/;instance_name = .*/instance_name = localhost/g" \
+    -e "s/;root_password = .*/root_password = Secret.123/g" \
+    -e "s/;suffix = .*/suffix = dc=example,dc=com/g" \
+    -e "s/;self_sign_cert = .*/self_sign_cert = False/g" \
+    /tmp/test_dir/ds.inf
+
+dscreate from-file /tmp/test_dir/ds.inf
+
+ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
+dn: dc=example,dc=com
+objectClass: domain
+dc: example
+
+dn: dc=pki,dc=example,dc=com
+objectClass: domain
+dc: pki
+EOF

tests/roles/Test_Setup/files/kra.cfg

@@ -0,0 +1,27 @@
+[DEFAULT]
+pki_server_database_password=Secret.123
+
+[KRA]
+pki_admin_email=kraadmin@example.com
+pki_admin_name=kraadmin
+pki_admin_nickname=kraadmin
+pki_admin_password=Secret.123
+pki_admin_uid=kraadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
+pki_ds_database=kra
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret.123
+
+pki_storage_nickname=kra_storage
+pki_transport_nickname=kra_transport
+pki_audit_signing_nickname=kra_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem

tests/roles/Test_Setup/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Install jss
+  dnf:
+    name: >
+      jss
+
+- name: Install required packages
+  dnf:
+    name: >
+      389-ds-base, pki-ca, pki-kra
+
+- name: Creates directory
+  file: path=/tmp/test_files state=directory
+
+- name: Copying templates to /tmp folder
+  copy : src=.  dest=/tmp/test_dir
+
+- name: Setup DS Service
+  shell: sh /tmp/test_dir/ds-create.sh
+
+- name: Install CA subsystem
+  shell: pkispawn -f /tmp/test_dir/ca.cfg -s CA -v
+
+- name: Install KRA subsystem
+  shell: pkispawn -f /tmp/test_dir/kra.cfg -s KRA -v

tests/tests.yml

@@ -0,0 +1,30 @@
+- hosts: localhost
+  remote_user: root
+  tags:
+    - classic
+  roles:
+  - role: Test_Setup
+  - role: standard-test-basic
+    tests:
+    - verify_spawn_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep '\"Status\" : \"running\"'"
+    - verify_spawn_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep '\"Status\" : \"running\"'"
+    - destroy_kra:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s KRA && sleep 5"
+    - verify_destroy_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'"
+    - destroy_ca:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s CA"
+    - verify_destroy_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus  &> testfile.log || true && grep 'Connection refused' testfile.log"
+    required_packages:
+    - jss
+    - pki-ca
+    - pki-kra