import tomcatjss-7.5.0-0.2.module+el8.3.0+7178+12af6fad
This commit is contained in:
commit
301f9b7dcc
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
SOURCES/tomcatjss-7.5.0-a1.tar.gz
|
1
.tomcatjss.metadata
Normal file
1
.tomcatjss.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
731bf76056488deb18c0794f921606af7a428900 SOURCES/tomcatjss-7.5.0-a1.tar.gz
|
@ -0,0 +1,89 @@
|
|||||||
|
From 54e26482643023a7fcbbba25376d691980ed6471 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexander Scheel <ascheel@redhat.com>
|
||||||
|
Date: Thu, 25 Jun 2020 13:41:59 -0400
|
||||||
|
Subject: [PATCH] Use factory for JSSKeyManager, JSSTrustManager
|
||||||
|
|
||||||
|
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||||
|
---
|
||||||
|
tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java | 12 ++++++++++--
|
||||||
|
tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java | 11 +++++++----
|
||||||
|
2 files changed, 17 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
|
||||||
|
index 1f2082e..a3630e2 100644
|
||||||
|
--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
|
||||||
|
+++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
|
||||||
|
@@ -9,6 +9,7 @@ import java.util.List;
|
||||||
|
import javax.net.ssl.KeyManager;
|
||||||
|
import javax.net.ssl.KeyManagerFactory;
|
||||||
|
import javax.net.ssl.TrustManager;
|
||||||
|
+import javax.net.ssl.TrustManagerFactory;
|
||||||
|
|
||||||
|
import org.apache.tomcat.util.net.SSLContext;
|
||||||
|
|
||||||
|
@@ -36,8 +37,15 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
|
||||||
|
|
||||||
|
/* These KeyManagers and TrustManagers aren't used with the SSLEngine;
|
||||||
|
* they're only used to implement certain function calls below. */
|
||||||
|
- jkm = new JSSKeyManager();
|
||||||
|
- jtm = new JSSTrustManager();
|
||||||
|
+ try {
|
||||||
|
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
|
||||||
|
+ jkm = (JSSKeyManager) kmf.getKeyManagers()[0];
|
||||||
|
+
|
||||||
|
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509", "Mozilla-JSS");
|
||||||
|
+ jtm = (JSSTrustManager) tmf.getTrustManagers()[0];
|
||||||
|
+ } catch (Exception e) {
|
||||||
|
+ throw new RuntimeException(e.getMessage(), e);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException {
|
||||||
|
diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
|
||||||
|
index 8930bbd..cad3163 100644
|
||||||
|
--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
|
||||||
|
+++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
|
||||||
|
@@ -26,7 +26,9 @@ import java.util.Set;
|
||||||
|
import java.util.HashSet;
|
||||||
|
|
||||||
|
import javax.net.ssl.KeyManager;
|
||||||
|
+import javax.net.ssl.KeyManagerFactory;
|
||||||
|
import javax.net.ssl.TrustManager;
|
||||||
|
+import javax.net.ssl.TrustManagerFactory;
|
||||||
|
import javax.net.ssl.SSLEngine;
|
||||||
|
|
||||||
|
import org.apache.juli.logging.Log;
|
||||||
|
@@ -39,9 +41,7 @@ import org.apache.tomcat.util.net.SSLUtilBase;
|
||||||
|
|
||||||
|
import org.mozilla.jss.JSSProvider;
|
||||||
|
import org.mozilla.jss.crypto.Policy;
|
||||||
|
-import org.mozilla.jss.provider.javax.crypto.JSSKeyManager;
|
||||||
|
import org.mozilla.jss.provider.javax.crypto.JSSNativeTrustManager;
|
||||||
|
-import org.mozilla.jss.provider.javax.crypto.JSSTrustManager;
|
||||||
|
import org.mozilla.jss.ssl.SSLCipher;
|
||||||
|
import org.mozilla.jss.ssl.SSLVersion;
|
||||||
|
|
||||||
|
@@ -86,15 +86,18 @@ public class JSSUtil extends SSLUtilBase {
|
||||||
|
@Override
|
||||||
|
public KeyManager[] getKeyManagers() throws Exception {
|
||||||
|
logger.debug("JSSUtil: getKeyManagers()");
|
||||||
|
- return new KeyManager[] { new JSSKeyManager() };
|
||||||
|
+ KeyManagerFactory jkm = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
|
||||||
|
+ return jkm.getKeyManagers();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public TrustManager[] getTrustManagers() throws Exception {
|
||||||
|
logger.debug("JSSUtil: getTrustManagers()");
|
||||||
|
if (!JSSProvider.ENABLE_JSSENGINE) {
|
||||||
|
- return new TrustManager[] { new JSSTrustManager() };
|
||||||
|
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509");
|
||||||
|
+ return tmf.getTrustManagers();
|
||||||
|
}
|
||||||
|
+
|
||||||
|
return new TrustManager[] { new JSSNativeTrustManager() };
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
231
SPECS/tomcatjss.spec
Normal file
231
SPECS/tomcatjss.spec
Normal file
@ -0,0 +1,231 @@
|
|||||||
|
################################################################################
|
||||||
|
Name: tomcatjss
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
Summary: JSS Connector for Apache Tomcat
|
||||||
|
URL: http://www.dogtagpki.org/wiki/TomcatJSS
|
||||||
|
License: LGPLv2+
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
Version: 7.5.0
|
||||||
|
Release: 0.2%{?_timestamp}%{?_commit_id}%{?dist}
|
||||||
|
%global _phase -a1
|
||||||
|
|
||||||
|
# To generate the source tarball:
|
||||||
|
# $ git clone https://github.com/dogtagpki/tomcatjss.git
|
||||||
|
# $ cd tomcatjss
|
||||||
|
# $ git archive \
|
||||||
|
# --format=tar.gz \
|
||||||
|
# --prefix tomcatjss-VERSION/ \
|
||||||
|
# -o tomcatjss-VERSION.tar.gz \
|
||||||
|
# <version tag>
|
||||||
|
Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_phase}/tomcatjss-%{version}%{?_phase}.tar.gz
|
||||||
|
|
||||||
|
# To create a patch for all changes since a version tag:
|
||||||
|
# $ git format-patch \
|
||||||
|
# --stdout \
|
||||||
|
# <version tag> \
|
||||||
|
# > tomcatjss-VERSION-RELEASE.patch
|
||||||
|
# Patch: tomcatjss-VERSION-RELEASE.patch
|
||||||
|
Patch0: 0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# Build Dependencies
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
# jpackage-utils requires versioning to meet both build and runtime requirements
|
||||||
|
# jss requires versioning to meet both build and runtime requirements
|
||||||
|
# tomcat requires versioning to meet both build and runtime requirements
|
||||||
|
|
||||||
|
# autosetup
|
||||||
|
BuildRequires: git
|
||||||
|
|
||||||
|
# Java
|
||||||
|
BuildRequires: ant
|
||||||
|
BuildRequires: apache-commons-lang
|
||||||
|
BuildRequires: java-devel
|
||||||
|
BuildRequires: jpackage-utils >= 0:1.7.5-15
|
||||||
|
|
||||||
|
# SLF4J
|
||||||
|
BuildRequires: slf4j
|
||||||
|
%if 0%{?rhel} && 0%{?rhel} <= 7
|
||||||
|
# no slf4j-jdk14
|
||||||
|
%else
|
||||||
|
BuildRequires: slf4j-jdk14
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# JSS
|
||||||
|
%if 0%{?rhel} && 0%{?rhel} <= 7
|
||||||
|
BuildRequires: jss >= 4.4.0-7
|
||||||
|
%else
|
||||||
|
BuildRequires: jss >= 4.7.0
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Tomcat
|
||||||
|
%if 0%{?rhel} && 0%{?rhel} <= 7
|
||||||
|
BuildRequires: tomcat >= 7.0.69
|
||||||
|
%else
|
||||||
|
%if 0%{?fedora} && 0%{?fedora} <= 27
|
||||||
|
BuildRequires: tomcat >= 8.0.49
|
||||||
|
%else
|
||||||
|
%if 0%{?fedora} && 0%{?fedora} <= 28
|
||||||
|
BuildRequires: tomcat >= 1:8.5.23
|
||||||
|
%else
|
||||||
|
%if 0%{?rhel}
|
||||||
|
BuildRequires: pki-servlet-engine >= 1:9.0.7
|
||||||
|
%else
|
||||||
|
BuildRequires: tomcat >= 1:9.0.7
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# Runtime Dependencies
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
# Java
|
||||||
|
Requires: apache-commons-lang
|
||||||
|
%if 0%{?fedora} >= 21
|
||||||
|
Requires: java-headless
|
||||||
|
%else
|
||||||
|
Requires: java
|
||||||
|
%endif
|
||||||
|
Requires: jpackage-utils >= 0:1.7.5-15
|
||||||
|
|
||||||
|
# SLF4J
|
||||||
|
Requires: slf4j
|
||||||
|
%if 0%{?rhel}
|
||||||
|
# no slf4j-jdk14
|
||||||
|
%else
|
||||||
|
Requires: slf4j-jdk14
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# JSS
|
||||||
|
%if 0%{?rhel} && 0%{?rhel} <= 7
|
||||||
|
Requires: jss >= 4.4.0-7
|
||||||
|
%else
|
||||||
|
Requires: jss >= 4.7.0
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Tomcat
|
||||||
|
%if 0%{?rhel} && 0%{?rhel} <= 7
|
||||||
|
Requires: tomcat >= 7.0.69
|
||||||
|
%else
|
||||||
|
%if 0%{?fedora} && 0%{?fedora} <= 27
|
||||||
|
Requires: tomcat >= 8.0.49
|
||||||
|
%else
|
||||||
|
%if 0%{?fedora} && 0%{?fedora} <= 28
|
||||||
|
Requires: tomcat >= 1:8.5.23
|
||||||
|
%else
|
||||||
|
%if 0%{?rhel}
|
||||||
|
Requires: pki-servlet-engine >= 1:9.0.7
|
||||||
|
%else
|
||||||
|
Requires: tomcat >= 1:9.0.7
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# PKI
|
||||||
|
Conflicts: pki-base < 10.6.5
|
||||||
|
|
||||||
|
|
||||||
|
%if 0%{?rhel}
|
||||||
|
# For EPEL, override the '_sharedstatedir' macro on RHEL
|
||||||
|
%define _sharedstatedir /var/lib
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%description
|
||||||
|
JSS Connector for Apache Tomcat, installed via the tomcatjss package,
|
||||||
|
is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
|
||||||
|
uses Java Security Services (JSS), a Java interface to Network Security
|
||||||
|
Services (NSS).
|
||||||
|
|
||||||
|
NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
|
||||||
|
because it uses an underlying NSS security model rather than the
|
||||||
|
OpenSSL security model, so these two packages may not co-exist.
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
%prep
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
%autosetup -n tomcatjss-%{version}%{?_phase} -p 1 -S git
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
%install
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
# get Tomcat <major>.<minor> version number
|
||||||
|
tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
|
||||||
|
|
||||||
|
if [ $tomcat_version == "9.0" ]; then
|
||||||
|
app_server=tomcat-8.5
|
||||||
|
else
|
||||||
|
app_server=tomcat-$tomcat_version
|
||||||
|
fi
|
||||||
|
|
||||||
|
ant -f build.xml \
|
||||||
|
-Dversion=%{version} \
|
||||||
|
-Dsrc.dir=$app_server \
|
||||||
|
-Djnidir=%{_jnidir} \
|
||||||
|
-Dinstall.doc.dir=%{buildroot}%{_docdir}/%{name} \
|
||||||
|
-Dinstall.jar.dir=%{buildroot}%{_javadir} \
|
||||||
|
install
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
%files
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
%license LICENSE
|
||||||
|
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%doc README
|
||||||
|
%doc LICENSE
|
||||||
|
%{_javadir}/*
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
%changelog
|
||||||
|
* Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-0.2
|
||||||
|
- Rebased to TomcatJSS 7.5.0-a2
|
||||||
|
|
||||||
|
* Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-0.1
|
||||||
|
- Rebased to TomcatJSS 7.5.0-a1
|
||||||
|
|
||||||
|
* Thu Oct 31 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 7.4.1-2
|
||||||
|
- Bumping min requirement for jss to 4.6.0
|
||||||
|
|
||||||
|
* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 7.4.1-1
|
||||||
|
- Rebased to TomcatJSS 7.4.1
|
||||||
|
|
||||||
|
* Wed Apr 24 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 7.4.0-1
|
||||||
|
- Rebased to TomcatJSS 7.4.0
|
||||||
|
|
||||||
|
* Fri Oct 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.6-1
|
||||||
|
- Rebased to TomcatJSS 7.3.6
|
||||||
|
|
||||||
|
* Mon Aug 13 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.5-1
|
||||||
|
- Rebased to TomcatJSS 7.3.5
|
||||||
|
|
||||||
|
* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.4-1
|
||||||
|
- Rebased to TomcatJSS 7.3.4
|
||||||
|
|
||||||
|
* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.3-2
|
||||||
|
- Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3)
|
||||||
|
|
||||||
|
* Fri Jul 20 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.3-1
|
||||||
|
- Rebased to TomcatJSS 7.3.3
|
||||||
|
|
||||||
|
* Thu Jul 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.2-1
|
||||||
|
- Rebased to TomcatJSS 7.3.2
|
||||||
|
|
||||||
|
* Fri Jun 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.1-1
|
||||||
|
- Fixed Tomcat dependencies
|
||||||
|
- Rebased to TomcatJSS 7.3.1
|
||||||
|
|
||||||
|
* Thu Apr 12 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.0-1
|
||||||
|
- Cleaned up spec file
|
||||||
|
- Rebased to TomcatJSS 7.3.0 final
|
||||||
|
|
||||||
|
* Thu Mar 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.0-0.2
|
||||||
|
- Rebased to TomcatJSS 7.3.0 beta
|
Loading…
Reference in New Issue
Block a user