14 changed files with 56 additions and 230 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
-SOURCES/jss-4.9.4.tar.gz
+SOURCES/jss-4.11.0.tar.gz
 /jss-4.9.4.tar.gz
--- a/.jss.metadata
+++ b/.jss.metadata
@ -0,0 +1 @@
 a068537cd958000dcd3b34847533101f95fc792b SOURCES/jss-4.11.0.tar.gz
--- a/0001-Fix-certificate-signature-algorithm-not-valid-904.patch
+++ b/0001-Fix-certificate-signature-algorithm-not-valid-904.patch
@ -1,48 +0,0 @@
 From 8df7456ada0da95cfbaef4b4b8ecf4487f586c1b Mon Sep 17 00:00:00 2001
 From: Marco Fargetta <fmarco76@users.noreply.github.com>
 Date: Fri, 11 Nov 2022 10:15:32 +0100
 Subject: [PATCH] Fix certificate signature algorithm not valid (#904)
 ---
 .../java/org/mozilla/jss/tests/GenerateTestCert.java     | 9 +++++++--
 src/test/java/org/mozilla/jss/tests/SSLClientAuth.java   | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)
 diff --git a/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java b/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java
 index 7af6125a2..623fe8385 100755
 --- a/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java
 +++ b/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java
@@ -302,8 +302,13 @@ public class GenerateTestCert {
         int rand,
         SEQUENCE extensions) throws Exception {
 -        AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(sigAlg.toOID());
 -
 +        AlgorithmIdentifier sigAlgID = null;
 +        if(keyType.equals("RSA")) {
 +            sigAlgID = new AlgorithmIdentifier(sigAlg.toOID(), null);
 +        }
 +        else {
 +            sigAlgID = new AlgorithmIdentifier(sigAlg.toOID());
 +        }
         Name issuer = new Name();
         issuer.addCountryName("US");
         issuer.addOrganizationName("Mozilla");
 diff --git a/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java b/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java
 index 53fc218d3..80fbe6b05 100644
 --- a/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java
 +++ b/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java
@@ -46,8 +46,8 @@ public class SSLClientAuth implements Runnable {
     public static Certificate makeCert(String issuerName, String subjectName,
             int serialNumber, PrivateKey privKey, PublicKey pubKey, int rand,
             SEQUENCE extensions) throws Exception {
 -        AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier( sigAlg.toOID());
 -        
 +        AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier( sigAlg.toOID(), null);
 +
         Name issuer = new Name();
         issuer.addCountryName("US");
         issuer.addOrganizationName("Mozilla");
 -- 
 2.42.0
--- a/SPECS/jss.spec
+++ b/SPECS/jss.spec
@ -2,18 +2,22 @@
 Name:           jss
 ################################################################################
 %global         product_id idm-jss
 # Upstream version number:
 %global         major_version 4
-%global         minor_version 9
+%global         minor_version 11
-%global         update_version 4
+%global         update_version 0
 Summary:        Java Security Services (JSS)
-URL:            http://www.dogtagpki.org/wiki/JSS
+URL:            https://github.com/dogtagpki/jss
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 # For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
 # For official (i.e. supported) releases, use x.y.z-r where r >=1.
 %global         release_number 1
 Version:        %{major_version}.%{minor_version}.%{update_version}
-Release:        2%{?_timestamp}%{?_commit_id}%{?dist}
+Release:        %{release_number}%{?_timestamp}%{?_commit_id}%{?dist}
 #global         _phase -alpha1
 # To generate the source tarball:
@ -23,7 +27,11 @@ Release:        2%{?_timestamp}%{?_commit_id}%{?dist}
 # $ git push origin v4.5.<z>
 # Then go to https://github.com/dogtagpki/jss/releases and download the source
 # tarball.
-Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phase}/%{name}-%{version}%{?_phase}.tar.gz
+Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?_phase}/jss-%{version}%{?_phase}.tar.gz
 # md2man not available on i686
 ExcludeArch: i686
 # To create a patch for all changes since a version tag:
 # $ git format-patch \
@ -31,7 +39,6 @@ Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phas
 #     <version tag> \
 #     > jss-VERSION-RELEASE.patch
 # Patch: jss-VERSION-RELEASE.patch
 Patch: 0001-Fix-certificate-signature-algorithm-not-valid-904.patch
 ################################################################################
 # Java
@ -51,10 +58,10 @@ Patch: 0001-Fix-certificate-signature-algorithm-not-valid-904.patch
 # Build Options
 ################################################################################
-# By default the build will execute unit tests unless --without test
+# By default the build will execute unit tests unless --without tests
 # option is specified.
-%bcond_without test
+%bcond_without tests
 ################################################################################
 # Build Dependencies
@ -77,6 +84,17 @@ BuildRequires:  apache-commons-lang3
 BuildRequires:  junit
 %description
 Java Security Services (JSS) is a java native interface which provides a bridge
 for java-based applications to use native Network Security Services (NSS).
 This only works with gcj. Other JREs require that JCE providers be signed.
 ################################################################################
 %package -n %{product_id}
 ################################################################################
 Summary:        Java Security Services (JSS)
 Requires:       nss >= 3.44
 Requires:       %{java_headless}
 Requires:       jpackage-utils
@ -85,36 +103,44 @@ Requires:       glassfish-jaxb-api
 Requires:       slf4j-jdk14
 Requires:       apache-commons-lang3
 Obsoletes:      jss < %{version}-%{release}
 Provides:       jss = %{version}-%{release}
 Provides:       jss = %{major_version}.%{minor_version}
 Provides:       %{product_id} = %{major_version}.%{minor_version}
 Conflicts:      ldapjdk < 4.20
 Conflicts:      idm-console-framework < 1.2
 Conflicts:      tomcatjss < 7.6.0
 Conflicts:      pki-base < 10.10.0
-%description
+%description -n %{product_id}
 Java Security Services (JSS) is a java native interface which provides a bridge
 for java-based applications to use native Network Security Services (NSS).
 This only works with gcj. Other JREs require that JCE providers be signed.
 ################################################################################
-%package javadoc
+%package -n %{product_id}-javadoc
 ################################################################################
 Summary:        Java Security Services (JSS) Javadocs
-Provides:       javadoc = %{major_version}.%{minor_version}
+Obsoletes:      jss-javadoc < %{version}-%{release}
 Provides:       jss-javadoc = %{version}-%{release}
 Provides:       jss-javadoc = %{major_version}.%{minor_version}
 Provides:       %{product_id}-javadoc = %{major_version}.%{minor_version}
-%description javadoc
+%description -n %{product_id}-javadoc
 This package contains the API documentation for JSS.
 ################################################################################
 %prep
 ################################################################################
-%autosetup -n %{name}-%{version}%{?_phase} -p 1
+%autosetup -n jss-%{version}%{?_phase} -p 1
 ################################################################################
 %build
 ################################################################################
 %set_build_flags
@ -150,12 +176,13 @@ cd %{_vpath_builddir}
    --no-print-directory \
    javadoc
-%if %{with test}
+%if %{with tests}
 ctest --output-on-failure
 %endif
 ################################################################################
 %install
 ################################################################################
 cd %{_vpath_builddir}
@ -168,7 +195,8 @@ cd %{_vpath_builddir}
    install
 ################################################################################
-%files
+%files -n %{product_id}
 ################################################################################
 %defattr(-,root,root,-)
 %doc jss.html
@ -177,15 +205,22 @@ cd %{_vpath_builddir}
 %{_jnidir}/*
 ################################################################################
-%files javadoc
+%files -n %{product_id}-javadoc
 ################################################################################
 %defattr(-,root,root,-)
-%{_javadocdir}/%{name}-%{version}/
+%{_javadocdir}/jss-%{version}/
 ################################################################################
 %changelog
-* Tue Apr 16 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.4-2
+* Thu Feb 08 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.11.0-1
- RHEL-30062: Fix SSL_ERROR_HANDSHAKE_FAILED in unit test
+- Rebase to JSS 4.11.0
 * Tue Jan 16 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.10.0-0.1
 - Rebase to JSS 4.10.0-alpha1
 * Fri Jan 12 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.8-1
 - Rebase to JSS 4.9.8
 * Wed Jun 01 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.4-1
 - Rebase to JSS 4.9.4
--- a/copr-build.sh
+++ b/copr-build.sh
@ -1,9 +0,0 @@
 #!/bin/sh
 REPO=$1
 if [ "$REPO" == "" ]; then
    REPO="pki-10.6"
 fi
 fedpkg copr-build --nowait $REPO
--- a/gating.yaml
+++ b/gating.yaml
@ -1,7 +0,0 @@
 # recipients: rhcs-team
 --- !Policy
 product_versions:
  - rhel-9
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/jss.rpmlintrc
+++ b/jss.rpmlintrc
@ -1,5 +0,0 @@
 addFilter('W: spelling-error')
 addFilter('W: dangling-symlink')
 addFilter('W: no-manual-page-for-binary')
 addFilter('W: log-files-without-logrotate')
--- a/1
+++ b/1
@ -1 +0,0 @@
 SHA512 (jss-4.9.4.tar.gz) = 64ee1776e83c0ab70a492397d61853f690d65f14786798f810dd1ba8d096282102096ddad4b7c6317440d4a8f50e853d4db2604697165b3e0350ab642f186a5c
--- a/sources-update.sh
+++ b/sources-update.sh
@ -1,7 +0,0 @@
 #!/bin/sh
 SOURCE=$1
 TARGET=`basename $1`
 cp $SOURCE $TARGET
 sha512sum --tag $TARGET > sources
--- a/tests/roles/Test_Setup/files/ca.cfg
+++ b/tests/roles/Test_Setup/files/ca.cfg
@ -1,25 +0,0 @@
 [DEFAULT]
 pki_server_database_password=Secret.123
 [CA]
 pki_admin_email=caadmin@example.com
 pki_admin_name=caadmin
 pki_admin_nickname=caadmin
 pki_admin_password=Secret.123
 pki_admin_uid=caadmin
 pki_client_database_password=Secret.123
 pki_client_database_purge=False
 pki_client_pkcs12_password=Secret.123
 pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
 pki_ds_database=ca
 pki_ds_password=Secret.123
 pki_security_domain_name=EXAMPLE
 pki_ca_signing_nickname=ca_signing
 pki_ocsp_signing_nickname=ca_ocsp_signing
 pki_audit_signing_nickname=ca_audit_signing
 pki_sslserver_nickname=sslserver
 pki_subsystem_nickname=subsystem
--- a/tests/roles/Test_Setup/files/ds-create.sh
+++ b/tests/roles/Test_Setup/files/ds-create.sh
@ -1,24 +0,0 @@
 #!/bin/bash -ex
 # This command needs to be executed as it pulls the machine name
 # dynamically.
 dscreate create-template /tmp/test_dir/ds.inf
 sed -i \
    -e "s/;instance_name = .*/instance_name = localhost/g" \
    -e "s/;root_password = .*/root_password = Secret.123/g" \
    -e "s/;suffix = .*/suffix = dc=example,dc=com/g" \
    -e "s/;self_sign_cert = .*/self_sign_cert = False/g" \
    /tmp/test_dir/ds.inf
 dscreate from-file /tmp/test_dir/ds.inf
 ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
 dn: dc=example,dc=com
 objectClass: domain
 dc: example
 dn: dc=pki,dc=example,dc=com
 objectClass: domain
 dc: pki
 EOF
--- a/tests/roles/Test_Setup/files/kra.cfg
+++ b/tests/roles/Test_Setup/files/kra.cfg
@ -1,27 +0,0 @@
 [DEFAULT]
 pki_server_database_password=Secret.123
 [KRA]
 pki_admin_email=kraadmin@example.com
 pki_admin_name=kraadmin
 pki_admin_nickname=kraadmin
 pki_admin_password=Secret.123
 pki_admin_uid=kraadmin
 pki_client_database_password=Secret.123
 pki_client_database_purge=False
 pki_client_pkcs12_password=Secret.123
 pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
 pki_ds_database=kra
 pki_ds_password=Secret.123
 pki_security_domain_name=EXAMPLE
 pki_security_domain_user=caadmin
 pki_security_domain_password=Secret.123
 pki_storage_nickname=kra_storage
 pki_transport_nickname=kra_transport
 pki_audit_signing_nickname=kra_audit_signing
 pki_sslserver_nickname=sslserver
 pki_subsystem_nickname=subsystem
--- a/tests/roles/Test_Setup/tasks/main.yml
+++ b/tests/roles/Test_Setup/tasks/main.yml
@ -1,26 +0,0 @@
 ---
 - name: Install jss
  dnf:
    name: >
      jss
 - name: Install required packages
  dnf:
    name: >
      389-ds-base, pki-ca, pki-kra
 - name: Creates directory
  file: path=/tmp/test_files state=directory
 - name: Copying templates to /tmp folder
  copy : src=.  dest=/tmp/test_dir
 - name: Setup DS Service
  shell: sh /tmp/test_dir/ds-create.sh
 - name: Install CA subsystem
  shell: pkispawn -f /tmp/test_dir/ca.cfg -s CA -v
 - name: Install KRA subsystem
  shell: pkispawn -f /tmp/test_dir/kra.cfg -s KRA -v
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,30 +0,0 @@
 - hosts: localhost
  remote_user: root
  tags:
    - classic
  roles:
  - role: Test_Setup
  - role: standard-test-basic
    tests:
    - verify_spawn_ca:
        dir: .
        run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep '\"Status\" : \"running\"'"
    - verify_spawn_kra:
        dir: .
        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep '\"Status\" : \"running\"'"
    - destroy_kra:
        dir: .
        run: "pkidestroy -i pki-tomcat -s KRA && sleep 5"
    - verify_destroy_kra:
        dir: .
        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'"
    - destroy_ca:
        dir: .
        run: "pkidestroy -i pki-tomcat -s CA"
    - verify_destroy_ca:
        dir: .
        run: "curl http://localhost:8080/ca/admin/ca/getStatus  &> testfile.log || true && grep 'Connection refused' testfile.log"
    required_packages:
    - jss
    - pki-ca
    - pki-kra
`@ -1,2 +1 @@`
	`SOURCES/jss-4.9.4.tar.gz`	`SOURCES/jss-4.11.0.tar.gz`
	`/jss-4.9.4.tar.gz`
		`@ -0,0 +1 @@`
							`a068537cd958000dcd3b34847533101f95fc792b SOURCES/jss-4.11.0.tar.gz`
		`@ -1 +0,0 @@`
			`SHA512 (jss-4.9.4.tar.gz) = 64ee1776e83c0ab70a492397d61853f690d65f14786798f810dd1ba8d096282102096ddad4b7c6317440d4a8f50e853d4db2604697165b3e0350ab642f186a5c`