.gitignore

@@ -1,2 +1 @@
-SOURCES/jss-4.9.4.tar.gz
-/jss-4.9.4.tar.gz
+SOURCES/jss-4.11.0.tar.gz

.jss.metadata

@@ -0,0 +1 @@
+a068537cd958000dcd3b34847533101f95fc792b SOURCES/jss-4.11.0.tar.gz

0001-Fix-certificate-signature-algorithm-not-valid-904.patch

@@ -1,48 +0,0 @@
-From 8df7456ada0da95cfbaef4b4b8ecf4487f586c1b Mon Sep 17 00:00:00 2001
-From: Marco Fargetta <fmarco76@users.noreply.github.com>
-Date: Fri, 11 Nov 2022 10:15:32 +0100
-Subject: [PATCH] Fix certificate signature algorithm not valid (#904)
-
----
- .../java/org/mozilla/jss/tests/GenerateTestCert.java     | 9 +++++++--
- src/test/java/org/mozilla/jss/tests/SSLClientAuth.java   | 4 ++--
- 2 files changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java b/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java
-index 7af6125a2..623fe8385 100755
---- a/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java
-+++ b/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java
-@@ -302,8 +302,13 @@ public class GenerateTestCert {
-         int rand,
-         SEQUENCE extensions) throws Exception {
- 
--        AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(sigAlg.toOID());
--
-+        AlgorithmIdentifier sigAlgID = null;
-+        if(keyType.equals("RSA")) {
-+            sigAlgID = new AlgorithmIdentifier(sigAlg.toOID(), null);
-+        }
-+        else {
-+            sigAlgID = new AlgorithmIdentifier(sigAlg.toOID());
-+        }
-         Name issuer = new Name();
-         issuer.addCountryName("US");
-         issuer.addOrganizationName("Mozilla");
-diff --git a/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java b/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java
-index 53fc218d3..80fbe6b05 100644
---- a/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java
-+++ b/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java
-@@ -46,8 +46,8 @@ public class SSLClientAuth implements Runnable {
-     public static Certificate makeCert(String issuerName, String subjectName,
-             int serialNumber, PrivateKey privKey, PublicKey pubKey, int rand,
-             SEQUENCE extensions) throws Exception {
--        AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier( sigAlg.toOID());
--        
-+        AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier( sigAlg.toOID(), null);
-+
-         Name issuer = new Name();
-         issuer.addCountryName("US");
-         issuer.addOrganizationName("Mozilla");
--- 
-2.42.0
-

SPECS/jss.spec

@@ -2,18 +2,22 @@
 Name:           jss
 ################################################################################
 
+%global         product_id idm-jss
+
+# Upstream version number:
 %global         major_version 4
-%global         minor_version 9
-%global         update_version 4
+%global         minor_version 11
+%global         update_version 0
 
 Summary:        Java Security Services (JSS)
-URL:            http://www.dogtagpki.org/wiki/JSS
+URL:            https://github.com/dogtagpki/jss
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 
 # For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
 # For official (i.e. supported) releases, use x.y.z-r where r >=1.
+%global         release_number 1
 Version:        %{major_version}.%{minor_version}.%{update_version}
-Release:        2%{?_timestamp}%{?_commit_id}%{?dist}
+Release:        %{release_number}%{?_timestamp}%{?_commit_id}%{?dist}
 #global         _phase -alpha1
 
 # To generate the source tarball:
@@ -23,7 +27,11 @@ Release:        2%{?_timestamp}%{?_commit_id}%{?dist}
 # $ git push origin v4.5.<z>
 # Then go to https://github.com/dogtagpki/jss/releases and download the source
 # tarball.
-Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phase}/%{name}-%{version}%{?_phase}.tar.gz
+Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?_phase}/jss-%{version}%{?_phase}.tar.gz
+
+# md2man not available on i686
+ExcludeArch: i686
+
 
 # To create a patch for all changes since a version tag:
 # $ git format-patch \
@@ -31,7 +39,6 @@ Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phas
 #     <version tag> \
 #     > jss-VERSION-RELEASE.patch
 # Patch: jss-VERSION-RELEASE.patch
-Patch: 0001-Fix-certificate-signature-algorithm-not-valid-904.patch
 
 ################################################################################
 # Java
@@ -51,10 +58,10 @@ Patch: 0001-Fix-certificate-signature-algorithm-not-valid-904.patch
 # Build Options
 ################################################################################
 
-# By default the build will execute unit tests unless --without test
+# By default the build will execute unit tests unless --without tests
 # option is specified.
 
-%bcond_without test
+%bcond_without tests
 
 ################################################################################
 # Build Dependencies
@@ -77,6 +84,17 @@ BuildRequires:  apache-commons-lang3
 
 BuildRequires:  junit
 
+%description
+Java Security Services (JSS) is a java native interface which provides a bridge
+for java-based applications to use native Network Security Services (NSS).
+This only works with gcj. Other JREs require that JCE providers be signed.
+
+################################################################################
+%package -n %{product_id}
+################################################################################
+
+Summary:        Java Security Services (JSS)
+
 Requires:       nss >= 3.44
 Requires:       %{java_headless}
 Requires:       jpackage-utils
@@ -85,36 +103,44 @@ Requires:       glassfish-jaxb-api
 Requires:       slf4j-jdk14
 Requires:       apache-commons-lang3
 
+Obsoletes:      jss < %{version}-%{release}
+Provides:       jss = %{version}-%{release}
 Provides:       jss = %{major_version}.%{minor_version}
+Provides:       %{product_id} = %{major_version}.%{minor_version}
 
 Conflicts:      ldapjdk < 4.20
 Conflicts:      idm-console-framework < 1.2
 Conflicts:      tomcatjss < 7.6.0
 Conflicts:      pki-base < 10.10.0
 
-%description
+%description -n %{product_id}
 Java Security Services (JSS) is a java native interface which provides a bridge
 for java-based applications to use native Network Security Services (NSS).
 This only works with gcj. Other JREs require that JCE providers be signed.
 
 ################################################################################
-%package javadoc
+%package -n %{product_id}-javadoc
 ################################################################################
 
 Summary:        Java Security Services (JSS) Javadocs
 
-Provides:       javadoc = %{major_version}.%{minor_version}
+Obsoletes:      jss-javadoc < %{version}-%{release}
+Provides:       jss-javadoc = %{version}-%{release}
+Provides:       jss-javadoc = %{major_version}.%{minor_version}
+Provides:       %{product_id}-javadoc = %{major_version}.%{minor_version}
 
-%description javadoc
+%description -n %{product_id}-javadoc
 This package contains the API documentation for JSS.
 
 ################################################################################
 %prep
+################################################################################
 
-%autosetup -n %{name}-%{version}%{?_phase} -p 1
+%autosetup -n jss-%{version}%{?_phase} -p 1
 
 ################################################################################
 %build
+################################################################################
 
 %set_build_flags
 
@@ -150,12 +176,13 @@ cd %{_vpath_builddir}
     --no-print-directory \
     javadoc
 
-%if %{with test}
+%if %{with tests}
 ctest --output-on-failure
 %endif
 
 ################################################################################
 %install
+################################################################################
 
 cd %{_vpath_builddir}
 
@@ -168,7 +195,8 @@ cd %{_vpath_builddir}
     install
 
 ################################################################################
-%files
+%files -n %{product_id}
+################################################################################
 
 %defattr(-,root,root,-)
 %doc jss.html
@@ -177,15 +205,22 @@ cd %{_vpath_builddir}
 %{_jnidir}/*
 
 ################################################################################
-%files javadoc
+%files -n %{product_id}-javadoc
+################################################################################
 
 %defattr(-,root,root,-)
-%{_javadocdir}/%{name}-%{version}/
+%{_javadocdir}/jss-%{version}/
 
 ################################################################################
 %changelog
-* Tue Apr 16 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.4-2
-- RHEL-30062: Fix SSL_ERROR_HANDSHAKE_FAILED in unit test
+* Thu Feb 08 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.11.0-1
+- Rebase to JSS 4.11.0
+
+* Tue Jan 16 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.10.0-0.1
+- Rebase to JSS 4.10.0-alpha1
+
+* Fri Jan 12 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.8-1
+- Rebase to JSS 4.9.8
 
 * Wed Jun 01 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.4-1
 - Rebase to JSS 4.9.4

copr-build.sh

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-REPO=$1
-
-if [ "$REPO" == "" ]; then
-    REPO="pki-10.6"
-fi
-
-fedpkg copr-build --nowait $REPO

gating.yaml

@@ -1,7 +0,0 @@
-# recipients: rhcs-team
---- !Policy
-product_versions:
-  - rhel-9
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

jss.rpmlintrc

@@ -1,5 +0,0 @@
-addFilter('W: spelling-error')
-addFilter('W: dangling-symlink')
-addFilter('W: no-manual-page-for-binary')
-addFilter('W: log-files-without-logrotate')
-

sources

@@ -1 +0,0 @@
-SHA512 (jss-4.9.4.tar.gz) = 64ee1776e83c0ab70a492397d61853f690d65f14786798f810dd1ba8d096282102096ddad4b7c6317440d4a8f50e853d4db2604697165b3e0350ab642f186a5c

sources-update.sh

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-SOURCE=$1
-TARGET=`basename $1`
-
-cp $SOURCE $TARGET
-sha512sum --tag $TARGET > sources

tests/roles/Test_Setup/files/ca.cfg

@@ -1,25 +0,0 @@
-[DEFAULT]
-pki_server_database_password=Secret.123
-
-[CA]
-pki_admin_email=caadmin@example.com
-pki_admin_name=caadmin
-pki_admin_nickname=caadmin
-pki_admin_password=Secret.123
-pki_admin_uid=caadmin
-
-pki_client_database_password=Secret.123
-pki_client_database_purge=False
-pki_client_pkcs12_password=Secret.123
-
-pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
-pki_ds_database=ca
-pki_ds_password=Secret.123
-
-pki_security_domain_name=EXAMPLE
-
-pki_ca_signing_nickname=ca_signing
-pki_ocsp_signing_nickname=ca_ocsp_signing
-pki_audit_signing_nickname=ca_audit_signing
-pki_sslserver_nickname=sslserver
-pki_subsystem_nickname=subsystem

tests/roles/Test_Setup/files/ds-create.sh

@@ -1,24 +0,0 @@
-#!/bin/bash -ex
-
-# This command needs to be executed as it pulls the machine name
-# dynamically.
-dscreate create-template /tmp/test_dir/ds.inf
-
-sed -i \
-    -e "s/;instance_name = .*/instance_name = localhost/g" \
-    -e "s/;root_password = .*/root_password = Secret.123/g" \
-    -e "s/;suffix = .*/suffix = dc=example,dc=com/g" \
-    -e "s/;self_sign_cert = .*/self_sign_cert = False/g" \
-    /tmp/test_dir/ds.inf
-
-dscreate from-file /tmp/test_dir/ds.inf
-
-ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
-dn: dc=example,dc=com
-objectClass: domain
-dc: example
-
-dn: dc=pki,dc=example,dc=com
-objectClass: domain
-dc: pki
-EOF

tests/roles/Test_Setup/files/kra.cfg

@@ -1,27 +0,0 @@
-[DEFAULT]
-pki_server_database_password=Secret.123
-
-[KRA]
-pki_admin_email=kraadmin@example.com
-pki_admin_name=kraadmin
-pki_admin_nickname=kraadmin
-pki_admin_password=Secret.123
-pki_admin_uid=kraadmin
-
-pki_client_database_password=Secret.123
-pki_client_database_purge=False
-pki_client_pkcs12_password=Secret.123
-
-pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
-pki_ds_database=kra
-pki_ds_password=Secret.123
-
-pki_security_domain_name=EXAMPLE
-pki_security_domain_user=caadmin
-pki_security_domain_password=Secret.123
-
-pki_storage_nickname=kra_storage
-pki_transport_nickname=kra_transport
-pki_audit_signing_nickname=kra_audit_signing
-pki_sslserver_nickname=sslserver
-pki_subsystem_nickname=subsystem

tests/roles/Test_Setup/tasks/main.yml

@@ -1,26 +0,0 @@
----
-
-- name: Install jss
-  dnf:
-    name: >
-      jss
-
-- name: Install required packages
-  dnf:
-    name: >
-      389-ds-base, pki-ca, pki-kra
-
-- name: Creates directory
-  file: path=/tmp/test_files state=directory
-
-- name: Copying templates to /tmp folder
-  copy : src=.  dest=/tmp/test_dir
-
-- name: Setup DS Service
-  shell: sh /tmp/test_dir/ds-create.sh
-
-- name: Install CA subsystem
-  shell: pkispawn -f /tmp/test_dir/ca.cfg -s CA -v
-
-- name: Install KRA subsystem
-  shell: pkispawn -f /tmp/test_dir/kra.cfg -s KRA -v

tests/tests.yml

@@ -1,30 +0,0 @@
-- hosts: localhost
-  remote_user: root
-  tags:
-    - classic
-  roles:
-  - role: Test_Setup
-  - role: standard-test-basic
-    tests:
-    - verify_spawn_ca:
-        dir: .
-        run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep '\"Status\" : \"running\"'"
-    - verify_spawn_kra:
-        dir: .
-        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep '\"Status\" : \"running\"'"
-    - destroy_kra:
-        dir: .
-        run: "pkidestroy -i pki-tomcat -s KRA && sleep 5"
-    - verify_destroy_kra:
-        dir: .
-        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'"
-    - destroy_ca:
-        dir: .
-        run: "pkidestroy -i pki-tomcat -s CA"
-    - verify_destroy_ca:
-        dir: .
-        run: "curl http://localhost:8080/ca/admin/ca/getStatus  &> testfile.log || true && grep 'Connection refused' testfile.log"
-    required_packages:
-    - jss
-    - pki-ca
-    - pki-kra