import tomcatjss-7.5.0-0.2.module+el8.3.0+7178+12af6fad
This commit is contained in:
parent
b855acb261
commit
b5ef0dd97d
|
@ -1 +1 @@
|
|||
SOURCES/tomcatjss-7.4.1.tar.gz
|
||||
SOURCES/tomcatjss-7.5.0-a1.tar.gz
|
||||
|
|
|
@ -1 +1 @@
|
|||
f0069873f3b72269add041f926f8a24e5abeabda SOURCES/tomcatjss-7.4.1.tar.gz
|
||||
731bf76056488deb18c0794f921606af7a428900 SOURCES/tomcatjss-7.5.0-a1.tar.gz
|
||||
|
|
|
@ -0,0 +1,89 @@
|
|||
From 54e26482643023a7fcbbba25376d691980ed6471 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Thu, 25 Jun 2020 13:41:59 -0400
|
||||
Subject: [PATCH] Use factory for JSSKeyManager, JSSTrustManager
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java | 12 ++++++++++--
|
||||
tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java | 11 +++++++----
|
||||
2 files changed, 17 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
|
||||
index 1f2082e..a3630e2 100644
|
||||
--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
|
||||
+++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
|
||||
@@ -9,6 +9,7 @@ import java.util.List;
|
||||
import javax.net.ssl.KeyManager;
|
||||
import javax.net.ssl.KeyManagerFactory;
|
||||
import javax.net.ssl.TrustManager;
|
||||
+import javax.net.ssl.TrustManagerFactory;
|
||||
|
||||
import org.apache.tomcat.util.net.SSLContext;
|
||||
|
||||
@@ -36,8 +37,15 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
|
||||
|
||||
/* These KeyManagers and TrustManagers aren't used with the SSLEngine;
|
||||
* they're only used to implement certain function calls below. */
|
||||
- jkm = new JSSKeyManager();
|
||||
- jtm = new JSSTrustManager();
|
||||
+ try {
|
||||
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
|
||||
+ jkm = (JSSKeyManager) kmf.getKeyManagers()[0];
|
||||
+
|
||||
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509", "Mozilla-JSS");
|
||||
+ jtm = (JSSTrustManager) tmf.getTrustManagers()[0];
|
||||
+ } catch (Exception e) {
|
||||
+ throw new RuntimeException(e.getMessage(), e);
|
||||
+ }
|
||||
}
|
||||
|
||||
public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException {
|
||||
diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
|
||||
index 8930bbd..cad3163 100644
|
||||
--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
|
||||
+++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
|
||||
@@ -26,7 +26,9 @@ import java.util.Set;
|
||||
import java.util.HashSet;
|
||||
|
||||
import javax.net.ssl.KeyManager;
|
||||
+import javax.net.ssl.KeyManagerFactory;
|
||||
import javax.net.ssl.TrustManager;
|
||||
+import javax.net.ssl.TrustManagerFactory;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
|
||||
import org.apache.juli.logging.Log;
|
||||
@@ -39,9 +41,7 @@ import org.apache.tomcat.util.net.SSLUtilBase;
|
||||
|
||||
import org.mozilla.jss.JSSProvider;
|
||||
import org.mozilla.jss.crypto.Policy;
|
||||
-import org.mozilla.jss.provider.javax.crypto.JSSKeyManager;
|
||||
import org.mozilla.jss.provider.javax.crypto.JSSNativeTrustManager;
|
||||
-import org.mozilla.jss.provider.javax.crypto.JSSTrustManager;
|
||||
import org.mozilla.jss.ssl.SSLCipher;
|
||||
import org.mozilla.jss.ssl.SSLVersion;
|
||||
|
||||
@@ -86,15 +86,18 @@ public class JSSUtil extends SSLUtilBase {
|
||||
@Override
|
||||
public KeyManager[] getKeyManagers() throws Exception {
|
||||
logger.debug("JSSUtil: getKeyManagers()");
|
||||
- return new KeyManager[] { new JSSKeyManager() };
|
||||
+ KeyManagerFactory jkm = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
|
||||
+ return jkm.getKeyManagers();
|
||||
}
|
||||
|
||||
@Override
|
||||
public TrustManager[] getTrustManagers() throws Exception {
|
||||
logger.debug("JSSUtil: getTrustManagers()");
|
||||
if (!JSSProvider.ENABLE_JSSENGINE) {
|
||||
- return new TrustManager[] { new JSSTrustManager() };
|
||||
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509");
|
||||
+ return tmf.getTrustManagers();
|
||||
}
|
||||
+
|
||||
return new TrustManager[] { new JSSNativeTrustManager() };
|
||||
}
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -7,9 +7,9 @@ URL: http://www.dogtagpki.org/wiki/TomcatJSS
|
|||
License: LGPLv2+
|
||||
BuildArch: noarch
|
||||
|
||||
Version: 7.4.1
|
||||
Release: 2%{?_timestamp}%{?_commit_id}%{?dist}
|
||||
# global _phase -a1
|
||||
Version: 7.5.0
|
||||
Release: 0.2%{?_timestamp}%{?_commit_id}%{?dist}
|
||||
%global _phase -a1
|
||||
|
||||
# To generate the source tarball:
|
||||
# $ git clone https://github.com/dogtagpki/tomcatjss.git
|
||||
|
@ -27,6 +27,7 @@ Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_
|
|||
# <version tag> \
|
||||
# > tomcatjss-VERSION-RELEASE.patch
|
||||
# Patch: tomcatjss-VERSION-RELEASE.patch
|
||||
Patch0: 0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch
|
||||
|
||||
################################################################################
|
||||
# Build Dependencies
|
||||
|
@ -57,7 +58,7 @@ BuildRequires: slf4j-jdk14
|
|||
%if 0%{?rhel} && 0%{?rhel} <= 7
|
||||
BuildRequires: jss >= 4.4.0-7
|
||||
%else
|
||||
BuildRequires: jss >= 4.6.0
|
||||
BuildRequires: jss >= 4.7.0
|
||||
%endif
|
||||
|
||||
# Tomcat
|
||||
|
@ -104,7 +105,7 @@ Requires: slf4j-jdk14
|
|||
%if 0%{?rhel} && 0%{?rhel} <= 7
|
||||
Requires: jss >= 4.4.0-7
|
||||
%else
|
||||
Requires: jss >= 4.6.0
|
||||
Requires: jss >= 4.7.0
|
||||
%endif
|
||||
|
||||
# Tomcat
|
||||
|
@ -126,12 +127,6 @@ Requires: tomcat >= 1:9.0.7
|
|||
%endif
|
||||
%endif
|
||||
|
||||
# The 'tomcatjss' package conflicts with the 'tomcat-native' package
|
||||
# because it uses an underlying NSS security model rather than the
|
||||
# OpenSSL security model, so these two packages may not co-exist.
|
||||
# (see Bugzilla Bug #441974 for details)
|
||||
Conflicts: tomcat-native
|
||||
|
||||
# PKI
|
||||
Conflicts: pki-base < 10.6.5
|
||||
|
||||
|
@ -182,6 +177,8 @@ ant -f build.xml \
|
|||
%files
|
||||
################################################################################
|
||||
|
||||
%license LICENSE
|
||||
|
||||
%defattr(-,root,root)
|
||||
%doc README
|
||||
%doc LICENSE
|
||||
|
@ -189,6 +186,12 @@ ant -f build.xml \
|
|||
|
||||
################################################################################
|
||||
%changelog
|
||||
* Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-0.2
|
||||
- Rebased to TomcatJSS 7.5.0-a2
|
||||
|
||||
* Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-0.1
|
||||
- Rebased to TomcatJSS 7.5.0-a1
|
||||
|
||||
* Thu Oct 31 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 7.4.1-2
|
||||
- Bumping min requirement for jss to 4.6.0
|
||||
|
||||
|
|
Loading…
Reference in New Issue