From 4a14e08b18a3f12ca6ec1588084e7ad726455a50 Mon Sep 17 00:00:00 2001
From: Shalini Khandelwal <skhandel@redhat.com>
Date: Thu, 3 Jun 2021 13:45:49 +0530
Subject: [PATCH 1/2] Added tier0 gating tests for RHEL9

Resolves: #1954562

Signed-off-by: Shalini Khandelwal <skhandel@redhat.com>
---
 gating.yaml                               |  7 ++++++
 tests/roles/Test_Setup/files/ca.cfg       | 25 +++++++++++++++++++
 tests/roles/Test_Setup/files/ds-create.sh | 24 ++++++++++++++++++
 tests/roles/Test_Setup/files/kra.cfg      | 27 ++++++++++++++++++++
 tests/roles/Test_Setup/tasks/main.yml     | 26 ++++++++++++++++++++
 tests/tests.yml                           | 30 +++++++++++++++++++++++
 6 files changed, 139 insertions(+)
 create mode 100644 gating.yaml
 create mode 100644 tests/roles/Test_Setup/files/ca.cfg
 create mode 100644 tests/roles/Test_Setup/files/ds-create.sh
 create mode 100644 tests/roles/Test_Setup/files/kra.cfg
 create mode 100644 tests/roles/Test_Setup/tasks/main.yml
 create mode 100644 tests/tests.yml

diff --git a/gating.yaml b/gating.yaml
new file mode 100644
index 0000000..388958f
--- /dev/null
+++ b/gating.yaml
@@ -0,0 +1,7 @@
+# recipients: rhcs-team
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
diff --git a/tests/roles/Test_Setup/files/ca.cfg b/tests/roles/Test_Setup/files/ca.cfg
new file mode 100644
index 0000000..158c1d5
--- /dev/null
+++ b/tests/roles/Test_Setup/files/ca.cfg
@@ -0,0 +1,25 @@
+[DEFAULT]
+pki_server_database_password=Secret.123
+
+[CA]
+pki_admin_email=caadmin@example.com
+pki_admin_name=caadmin
+pki_admin_nickname=caadmin
+pki_admin_password=Secret.123
+pki_admin_uid=caadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
+pki_ds_database=ca
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+
+pki_ca_signing_nickname=ca_signing
+pki_ocsp_signing_nickname=ca_ocsp_signing
+pki_audit_signing_nickname=ca_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem
diff --git a/tests/roles/Test_Setup/files/ds-create.sh b/tests/roles/Test_Setup/files/ds-create.sh
new file mode 100644
index 0000000..825d83f
--- /dev/null
+++ b/tests/roles/Test_Setup/files/ds-create.sh
@@ -0,0 +1,24 @@
+#!/bin/bash -ex
+
+# This command needs to be executed as it pulls the machine name
+# dynamically.
+dscreate create-template /tmp/test_dir/ds.inf
+
+sed -i \
+    -e "s/;instance_name = .*/instance_name = localhost/g" \
+    -e "s/;root_password = .*/root_password = Secret.123/g" \
+    -e "s/;suffix = .*/suffix = dc=example,dc=com/g" \
+    -e "s/;self_sign_cert = .*/self_sign_cert = False/g" \
+    /tmp/test_dir/ds.inf
+
+dscreate from-file /tmp/test_dir/ds.inf
+
+ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
+dn: dc=example,dc=com
+objectClass: domain
+dc: example
+
+dn: dc=pki,dc=example,dc=com
+objectClass: domain
+dc: pki
+EOF
diff --git a/tests/roles/Test_Setup/files/kra.cfg b/tests/roles/Test_Setup/files/kra.cfg
new file mode 100644
index 0000000..d93f4bb
--- /dev/null
+++ b/tests/roles/Test_Setup/files/kra.cfg
@@ -0,0 +1,27 @@
+[DEFAULT]
+pki_server_database_password=Secret.123
+
+[KRA]
+pki_admin_email=kraadmin@example.com
+pki_admin_name=kraadmin
+pki_admin_nickname=kraadmin
+pki_admin_password=Secret.123
+pki_admin_uid=kraadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
+pki_ds_database=kra
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret.123
+
+pki_storage_nickname=kra_storage
+pki_transport_nickname=kra_transport
+pki_audit_signing_nickname=kra_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem
diff --git a/tests/roles/Test_Setup/tasks/main.yml b/tests/roles/Test_Setup/tasks/main.yml
new file mode 100644
index 0000000..7d50663
--- /dev/null
+++ b/tests/roles/Test_Setup/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Install jss
+  dnf:
+    name: >
+      tomcatjss
+
+- name: Install required packages
+  dnf:
+    name: >
+      389-ds-base, pki-ca, pki-kra
+
+- name: Creates directory
+  file: path=/tmp/test_files state=directory
+
+- name: Copying templates to /tmp folder
+  copy : src=.  dest=/tmp/test_dir
+
+- name: Setup DS Service
+  shell: sh /tmp/test_dir/ds-create.sh
+
+- name: Install CA subsystem
+  shell: pkispawn -f /tmp/test_dir/ca.cfg -s CA -v
+
+- name: Install KRA subsystem
+  shell: pkispawn -f /tmp/test_dir/kra.cfg -s KRA -v
diff --git a/tests/tests.yml b/tests/tests.yml
new file mode 100644
index 0000000..248a117
--- /dev/null
+++ b/tests/tests.yml
@@ -0,0 +1,30 @@
+- hosts: localhost
+  remote_user: root
+  roles:
+  - role: Test_Setup
+  - role: standard-test-basic
+    tags:
+    - classic
+    tests:
+    - verify_spawn_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep '<Status>running</Status>'"
+    - verify_spawn_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep '<Status>running</Status>'"
+    - destroy_kra:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s KRA && sleep 5"
+    - verify_destroy_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'"
+    - destroy_ca:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s CA"
+    - verify_destroy_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus  &> testfile.log || true && grep 'Connection refused' testfile.log"
+    required_packages:
+    - tomcatjss
+    - pki-ca
+    - pki-kra

From 46d4c3c749eac6214f07ec001019b96fad2a6d3c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Fri, 25 Jun 2021 19:02:13 -0500
Subject: [PATCH 2/2] Rebase to TomcatJSS 8.0.0-alpha1

Resolves: #1975905
---
 .gitignore     |   1 +
 sources        |   2 +-
 tomcatjss.spec | 125 +++++++++----------------------------------------
 3 files changed, 23 insertions(+), 105 deletions(-)

diff --git a/.gitignore b/.gitignore
index fc01b9f..8fce6da 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,4 @@ tomcatjss-1.2.0.tar.gz
 /tomcatjss-7.5.0.tar.gz
 /tomcatjss-7.6.0.tar.gz
 /tomcatjss-7.6.1.tar.gz
+/tomcatjss-8.0.0-alpha1.tar.gz
diff --git a/sources b/sources
index aa1efdb..f29684b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (tomcatjss-7.6.1.tar.gz) = 3945475d53a21aa680efe87ae71523692f9441bf820b9d9680b1f5b1bda53bdf628ab4edd4f4af2c40a778a529b72a45f16f5dcbd92d87ae7c999b190b8c0059
+SHA512 (tomcatjss-8.0.0-alpha1.tar.gz) = 8a81631fedf593f27fb4343737300eef28f42dc6d7efca56a726a77c6523adbace52fd56f074fedadfbba1e5110228da60182835d7f1a4c219bd29c926fbe7b9
diff --git a/tomcatjss.spec b/tomcatjss.spec
index 54fe90b..4e83ced 100644
--- a/tomcatjss.spec
+++ b/tomcatjss.spec
@@ -7,9 +7,11 @@ URL:              http://www.dogtagpki.org/wiki/TomcatJSS
 License:          LGPLv2+
 BuildArch:        noarch
 
-Version:          7.6.1
-Release:          3%{?_timestamp}%{?_commit_id}%{?dist}
-#global           _phase -a1
+# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
+# For official (i.e. supported) releases, use x.y.z-r where r >=1.
+Version:          8.0.0
+Release:          0.1.alpha1%{?_timestamp}%{?_commit_id}%{?dist}
+%global           _phase -alpha1
 
 # To generate the source tarball:
 # $ git clone https://github.com/dogtagpki/tomcatjss.git
@@ -28,6 +30,14 @@ Source:           https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_
 #     > tomcatjss-VERSION-RELEASE.patch
 # Patch: tomcatjss-VERSION-RELEASE.patch
 
+################################################################################
+# Java
+################################################################################
+
+%define java_devel java-11-openjdk-devel
+%define java_headless java-11-openjdk-headless
+%define java_home /usr/lib/jvm/jre-11-openjdk
+
 ################################################################################
 # Build Dependencies
 ################################################################################
@@ -36,13 +46,10 @@ Source:           https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_
 # jss requires versioning to meet both build and runtime requirements
 # tomcat requires versioning to meet both build and runtime requirements
 
-# autosetup
-BuildRequires:    git
-
 # Java
 BuildRequires:    ant
 BuildRequires:    apache-commons-lang3
-BuildRequires:    java-devel
+BuildRequires:    %{java_devel}
 BuildRequires:    jpackage-utils >= 0:1.7.5-15
 
 # SLF4J
@@ -50,7 +57,7 @@ BuildRequires:    slf4j
 BuildRequires:    slf4j-jdk14
 
 # JSS
-BuildRequires:    jss >= 4.8.0
+BuildRequires:    jss >= 5.0.0
 
 # Tomcat
 %if 0%{?rhel} && ! 0%{?eln}
@@ -65,11 +72,7 @@ BuildRequires:    tomcat >= 1:9.0.7
 
 # Java
 Requires:         apache-commons-lang3
-%if 0%{?fedora} >= 21
-Requires:         java-headless
-%else
-Requires:         java
-%endif
+Requires:         %{java_headless}
 Requires:         jpackage-utils >= 0:1.7.5-15
 
 # SLF4J
@@ -77,7 +80,7 @@ Requires:         slf4j
 Requires:         slf4j-jdk14
 
 # JSS
-Requires:         jss >= 4.8.0
+Requires:         jss >= 5.0.0
 
 # Tomcat
 %if 0%{?rhel} && ! 0%{?eln}
@@ -105,7 +108,7 @@ Services (NSS).
 %prep
 ################################################################################
 
-%autosetup -n tomcatjss-%{version}%{?_phase} -p 1 -S git
+%autosetup -n tomcatjss-%{version}%{?_phase} -p 1
 
 ################################################################################
 %install
@@ -113,12 +116,7 @@ Services (NSS).
 
 # get Tomcat <major>.<minor> version number
 tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
-
-if [ $tomcat_version == "9.0" ]; then
-    app_server=tomcat-8.5
-else
-    app_server=tomcat-$tomcat_version
-fi
+app_server=tomcat-$tomcat_version
 
 ant -f build.xml \
     -Dversion=%{version} \
@@ -141,86 +139,5 @@ ant -f build.xml \
 
 ################################################################################
 %changelog
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 7.6.1-3
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.6.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Thu Jan 14 2021 Dogtag PKI Team <pki-devel@redhat.com> - 7.6.1-1
-- Rebase to latest stable release v7.6.1
-
-* Thu Dec 10 2020 Merlin Mathesius <mmathesi@redhat.com> - 7.6.0-3
-- Minor conditional updates to SPEC so package will build for ELN
-
-* Thu Nov 05 2020 Dogtag PKI Team <pki-devel@redhat.com> - 7.6.0-2
-- Conflict with older PKI versions due to ACL3
-
-* Wed Oct 21 2020 Dogtag PKI Team <pki-devel@redhat.com> - 7.6.0-1
-- Rebase to match latest upstream stable version v7.6.0
-
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.0-0.6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 7.5.0-0.5
-- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
-
-* Wed Jun 10 2020 Dogtag PKI Team <pki-devel@redhat.com> - 7.5.0-0.4
-- Rebase to match latest upstream version v7.5.0-b2
-
-* Wed Jun 10 2020 Dogtag PKI Team <pki-devel@redhat.com> - 7.5.0-0.1
-- Rebase to match latest upstream version v7.5.0-a1
-- Make TomcatJSS use both SunJSSE and Mozilla-JSS
-
-* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.4.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Aug 08 2019 Dogtag PKI Team <pki-team@redhat.com> - 7.4.1-2
-- Bumping min requirement for jss to 4.6.0
-
-* Thu Aug 08 2019 Dogtag PKI Team <pki-team@redhat.com> - 7.4.1-1
-- Rebased to TomcatJSS 7.4.1
-
-* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.4.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Mon May 06 2019 Dogtag PKI Team <pki-team@redhat.com> - 7.4.0-1
-- Rebased to TomcatJSS 7.4.0
-
-* Mon May 06 2019 Dogtag PKI Team <pki-team@redhat.com> - 7.3.7-1
-- Rebased to Tomcatjss 7.3.7
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.6-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Wed Oct 03 2018 Dogtag PKI Team <pki-team@redhat.com> 7.3.6-1
-- Rebased to TomcatJSS 7.3.6
-
-* Mon Aug 13 2018 Dogtag PKI Team <pki-team@redhat.com> 7.3.5-1
-- Rebased to TomcatJSS 7.3.5
-
-* Tue Aug 07 2018 Dogtag PKI Team <pki-devel@redhat.com> 7.3.4-1
-- Rebased to TomcatJSS 7.3.4
-
-* Tue Aug 07 2018 Dogtag PKI Team <pki-devel@redhat.com> 7.3.3-2
-- Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3)
-
-* Fri Jul 20 2018 Dogtag PKI Team <pki-devel@redhat.com> 7.3.3-1
-- Rebased to TomcatJSS 7.3.3
-
-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Thu Jul 05 2018 Dogtag PKI Team <pki-devel@redhat.com> 7.3.2-1
-- Rebased to TomcatJSS 7.3.2
-
-* Fri Jun 15 2018 Dogtag PKI Team <pki-devel@redhat.com> 7.3.1-1
-- Fixed Tomcat dependencies
-- Rebased to TomcatJSS 7.3.1
-
-* Thu Apr 12 2018 Dogtag PKI Team <pki-devel@redhat.com> 7.3.0-1
-- Cleaned up spec file
-- Rebased to TomcatJSS 7.3.0 final
-
-* Thu Mar 15 2018 Dogtag PKI Team <pki-devel@redhat.com> 7.3.0-0.2
-- Rebased to TomcatJSS 7.3.0 beta
+* Fri Jun 25 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 8.0.0-0.1
+- Rebase to TomcatJSS 8.0.0-alpha1