.gitignore

@@ -1 +1,40 @@
-SOURCES/tomcatjss-7.7.1.tar.gz
+tomcatjss-1.2.0.tar.gz
+/tomcatjss-2.0.0.tar.gz
+/tomcatjss-2.1.1.tar.gz
+/tomcatjss-6.0.0.tar.gz
+/tomcatjss-6.0.1.tar.gz
+/tomcatjss-6.0.2.tar.gz
+/tomcatjss-7.0.0.tar.gz
+/tomcatjss-7.1.0.tar.gz
+/tomcatjss-7.1.1.tar.gz
+/tomcatjss-7.1.2.tar.gz
+/tomcatjss-7.1.3.tar.gz
+/tomcatjss-7.1.4.tar.gz
+/tomcatjss-7.2.0.tar.gz
+/tomcatjss-7.2.1.tar.gz
+/tomcatjss-7.2.2.tar.gz
+/tomcatjss-7.2.3.tar.gz
+/tomcatjss-7.2.4.tar.gz
+/tomcatjss-7.3.0.tar.gz
+/tomcatjss-7.3.1.tar.gz
+/tomcatjss-7.3.2.tar.gz
+/tomcatjss-7.3.3.tar.gz
+/tomcatjss-7.3.4.tar.gz
+/tomcatjss-7.3.5.tar.gz
+/tomcatjss-7.3.6.tar.gz
+/tomcatjss-7.3.7.tar.gz
+/tomcatjss-7.4.0.tar.gz
+/tomcatjss-7.4.1.tar.gz
+/tomcatjss-7.5.0-a1.tar.gz
+/tomcatjss-7.5.0-b2.tar.gz
+/tomcatjss-7.5.0.tar.gz
+/tomcatjss-7.6.0.tar.gz
+/tomcatjss-7.6.1.tar.gz
+/tomcatjss-8.0.0-alpha1.tar.gz
+/tomcatjss-8.0.0.tar.gz
+/tomcatjss-8.2.0-beta1.tar.gz
+/tomcatjss-8.2.0-beta2.tar.gz
+/tomcatjss-8.2.0.tar.gz
+/tomcatjss-8.3.0-beta1.tar.gz
+/tomcatjss-8.3.0.tar.gz
+/tomcatjss-8.4.0.tar.gz

.tomcatjss.metadata

@@ -1 +0,0 @@
-a57bb5294890c2ddb5e62eb1e9c316d5deb95794 SOURCES/tomcatjss-7.7.1.tar.gz

SPECS/tomcatjss.spec

@@ -1,212 +0,0 @@
-################################################################################
-Name:             tomcatjss
-################################################################################
-
-Summary:          JSS Connector for Apache Tomcat
-URL:              http://www.dogtagpki.org/wiki/TomcatJSS
-License:          LGPLv2+
-BuildArch:        noarch
-
-# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
-# For official (i.e. supported) releases, use x.y.z-r where r >=1.
-Version:          7.7.1
-Release:          1%{?_timestamp}%{?_commit_id}%{?dist}
-#global           _phase -alpha1
-
-# To generate the source tarball:
-# $ git clone https://github.com/dogtagpki/tomcatjss.git
-# $ cd tomcatjss
-# $ git archive \
-#     --format=tar.gz \
-#     --prefix tomcatjss-VERSION/ \
-#     -o tomcatjss-VERSION.tar.gz \
-#     <version tag>
-Source:           https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_phase}/tomcatjss-%{version}%{?_phase}.tar.gz
-
-# To create a patch for all changes since a version tag:
-# $ git format-patch \
-#     --stdout \
-#     <version tag> \
-#     > tomcatjss-VERSION-RELEASE.patch
-# Patch: tomcatjss-VERSION-RELEASE.patch
-
-################################################################################
-# Java
-################################################################################
-
-%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
-%define java_devel java-1.8.0-openjdk-devel
-%define java_headless java-1.8.0-openjdk-headless
-%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
-%else
-%define java_devel java-11-openjdk-devel
-%define java_headless java-11-openjdk-headless
-%define java_home /usr/lib/jvm/jre-11-openjdk
-%endif
-
-################################################################################
-# Build Dependencies
-################################################################################
-
-# jpackage-utils requires versioning to meet both build and runtime requirements
-# jss requires versioning to meet both build and runtime requirements
-# tomcat requires versioning to meet both build and runtime requirements
-
-# Java
-BuildRequires:    ant
-BuildRequires:    apache-commons-lang3
-BuildRequires:    %{java_devel}
-BuildRequires:    jpackage-utils >= 0:1.7.5-15
-
-# SLF4J
-BuildRequires:    slf4j
-BuildRequires:    slf4j-jdk14
-
-# JSS
-BuildRequires:    jss >= 4.9.0, jss < 5.0.0
-
-# Tomcat
-%if 0%{?rhel} && ! 0%{?eln}
-BuildRequires:    pki-servlet-engine >= 1:9.0.7
-%else
-BuildRequires:    tomcat >= 1:9.0.7
-%endif
-
-################################################################################
-# Runtime Dependencies
-################################################################################
-
-# Java
-Requires:         apache-commons-lang3
-Requires:         %{java_headless}
-Requires:         jpackage-utils >= 0:1.7.5-15
-
-# SLF4J
-Requires:         slf4j
-Requires:         slf4j-jdk14
-
-# JSS
-Requires:         jss >= 4.9.0, jss < 5.0.0
-
-# Tomcat
-%if 0%{?rhel} && ! 0%{?eln}
-Requires:         pki-servlet-engine >= 1:9.0.7
-%else
-Requires:         tomcat >= 1:9.0.7
-%endif
-
-# PKI
-Conflicts:        pki-base < 10.10.0
-
-
-%if 0%{?rhel}
-# For EPEL, override the '_sharedstatedir' macro on RHEL
-%define           _sharedstatedir    /var/lib
-%endif
-
-%description
-JSS Connector for Apache Tomcat, installed via the tomcatjss package,
-is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
-uses Java Security Services (JSS), a Java interface to Network Security
-Services (NSS).
-
-################################################################################
-%prep
-################################################################################
-
-%autosetup -n tomcatjss-%{version}%{?_phase} -p 1
-
-################################################################################
-%install
-################################################################################
-
-# get Tomcat <major>.<minor> version number
-tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
-app_server=tomcat-$tomcat_version
-
-ant -f build.xml \
-    -Dversion=%{version} \
-    -Dsrc.dir=$app_server \
-    -Djnidir=%{_jnidir} \
-    -Dinstall.doc.dir=%{buildroot}%{_docdir}/%{name} \
-    -Dinstall.jar.dir=%{buildroot}%{_javadir} \
-    install
-
-################################################################################
-%files
-################################################################################
-
-%license LICENSE
-
-%defattr(-,root,root)
-%doc README
-%doc LICENSE
-%{_javadir}/*
-
-################################################################################
-%changelog
-* Mon Nov 15 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 7.7.1-1
-- Rebase to TomcatJSS 7.7.1
-
-* Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 7.7.0-1
-- Rebase to TomcatJSS 7.7.0
-
-* Fri Jun 11 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 7.7.0-0.1
-- Rebase to TomcatJSS 7.7.0-alpha1
-
-* Tue Nov 17 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.6.1-1
-- Rebase to TomcatJSS 7.6.1
-
-* Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.6.0-2
-- Bump dependency to JSS 4.8.0
-- Remove unsupported platforms
-
-* Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.6.0-1
-- Rebase to TomcatJSS 7.6.0
-
-* Thu Jul 09 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-1
-- Rebase to TomcatJSS 7.5.0
-
-* Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-0.2
-- Rebase to TomcatJSS 7.5.0-a2
-
-* Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-0.1
-- Rebase to TomcatJSS 7.5.0-a1
-
-* Thu Oct 31 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 7.4.1-2
-- Bump dependency to JSS 4.6.0
-
-* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 7.4.1-1
-- Rebase to TomcatJSS 7.4.1
-
-* Wed Apr 24 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 7.4.0-1
-- Rebase to TomcatJSS 7.4.0
-
-* Fri Oct 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.6-1
-- Rebase to TomcatJSS 7.3.6
-
-* Mon Aug 13 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.5-1
-- Rebase to TomcatJSS 7.3.5
-
-* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.4-1
-- Rebase to TomcatJSS 7.3.4
-
-* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.3-2
-- Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3)
-
-* Fri Jul 20 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.3-1
-- Rebase to TomcatJSS 7.3.3
-
-* Thu Jul 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.2-1
-- Rebase to TomcatJSS 7.3.2
-
-* Fri Jun 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.1-1
-- Fix Tomcat dependencies
-- Rebase to TomcatJSS 7.3.1
-
-* Thu Apr 12 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.0-1
-- Clean up spec file
-- Rebase to TomcatJSS 7.3.0 final
-
-* Thu Mar 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.0-0.2
-- Rebase to TomcatJSS 7.3.0 beta

copr-build.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+REPO=$1
+
+if [ "$REPO" == "" ]; then
+    REPO="pki-10.6"
+fi
+
+fedpkg copr-build --nowait $REPO

gating.yaml

@@ -0,0 +1,7 @@
+# recipients: rhcs-team
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

rpminspect.yaml

@@ -0,0 +1,3 @@
+---
+inspections:
+    javabytecode: off

sources

@@ -0,0 +1 @@
+SHA512 (tomcatjss-8.4.0.tar.gz) = 799d3b36d5b7f6193450a8e9d9d3d14856c915343d3eff11f5121174f7379e2db0209d5a8cbf6de0fc834cd4843ae586ee48137195b6a70e15f89031462601ad

sources-update.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+SOURCE=$1
+TARGET=`basename $1`
+
+cp $SOURCE $TARGET
+sha512sum --tag $TARGET > sources

tests/roles/Test_Setup/files/ca.cfg

@@ -0,0 +1,25 @@
+[DEFAULT]
+pki_server_database_password=Secret.123
+
+[CA]
+pki_admin_email=caadmin@example.com
+pki_admin_name=caadmin
+pki_admin_nickname=caadmin
+pki_admin_password=Secret.123
+pki_admin_uid=caadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
+pki_ds_database=ca
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+
+pki_ca_signing_nickname=ca_signing
+pki_ocsp_signing_nickname=ca_ocsp_signing
+pki_audit_signing_nickname=ca_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem

tests/roles/Test_Setup/files/ds-create.sh

@@ -0,0 +1,24 @@
+#!/bin/bash -ex
+
+# This command needs to be executed as it pulls the machine name
+# dynamically.
+dscreate create-template /tmp/test_dir/ds.inf
+
+sed -i \
+    -e "s/;instance_name = .*/instance_name = localhost/g" \
+    -e "s/;root_password = .*/root_password = Secret.123/g" \
+    -e "s/;suffix = .*/suffix = dc=example,dc=com/g" \
+    -e "s/;self_sign_cert = .*/self_sign_cert = False/g" \
+    /tmp/test_dir/ds.inf
+
+dscreate from-file /tmp/test_dir/ds.inf
+
+ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
+dn: dc=example,dc=com
+objectClass: domain
+dc: example
+
+dn: dc=pki,dc=example,dc=com
+objectClass: domain
+dc: pki
+EOF

tests/roles/Test_Setup/files/kra.cfg

@@ -0,0 +1,27 @@
+[DEFAULT]
+pki_server_database_password=Secret.123
+
+[KRA]
+pki_admin_email=kraadmin@example.com
+pki_admin_name=kraadmin
+pki_admin_nickname=kraadmin
+pki_admin_password=Secret.123
+pki_admin_uid=kraadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
+pki_ds_database=kra
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret.123
+
+pki_storage_nickname=kra_storage
+pki_transport_nickname=kra_transport
+pki_audit_signing_nickname=kra_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem

tests/roles/Test_Setup/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Install tomcatjss
+  dnf:
+    name: >
+      tomcatjss
+
+- name: Install required packages
+  dnf:
+    name: >
+      389-ds-base, pki-ca, pki-kra
+
+- name: Creates directory
+  file: path=/tmp/test_files state=directory
+
+- name: Copying templates to /tmp folder
+  copy : src=.  dest=/tmp/test_dir
+
+- name: Setup DS Service
+  shell: sh /tmp/test_dir/ds-create.sh
+
+- name: Install CA subsystem
+  shell: pkispawn -f /tmp/test_dir/ca.cfg -s CA -v
+
+- name: Install KRA subsystem
+  shell: pkispawn -f /tmp/test_dir/kra.cfg -s KRA -v

tests/tests.yml

@@ -0,0 +1,30 @@
+- hosts: localhost
+  remote_user: root
+  tags:
+    - classic
+  roles:
+  - role: Test_Setup
+  - role: standard-test-basic
+    tests:
+    - verify_spawn_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep '<Status>running</Status>'"
+    - verify_spawn_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep '<Status>running</Status>'"
+    - destroy_kra:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s KRA && sleep 5"
+    - verify_destroy_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'"
+    - destroy_ca:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s CA"
+    - verify_destroy_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus  &> testfile.log || true && grep 'Connection refused' testfile.log"
+    required_packages:
+    - tomcatjss
+    - pki-ca
+    - pki-kra

tomcatjss.spec

@@ -0,0 +1,212 @@
+################################################################################
+Name:             tomcatjss
+################################################################################
+
+%global           product_id idm-tomcatjss
+
+# Upstream version number:
+%global           major_version 8
+%global           minor_version 4
+%global           update_version 0
+
+# Downstream release number:
+# - development/stabilization (unsupported): 0.<n> where n >= 1
+# - GA/update (supported): <n> where n >= 1
+%global           release_number 1
+
+# Development phase:
+# - development (unsupported): alpha<n> where n >= 1
+# - stabilization (unsupported): beta<n> where n >= 1
+# - GA/update (supported): <none>
+#global           phase
+
+%undefine         timestamp
+%undefine         commit_id
+
+Summary:          JSS Connector for Apache Tomcat
+URL:              https://github.com/dogtagpki/tomcatjss
+License:          LGPLv2+
+Version:          %{major_version}.%{minor_version}.%{update_version}
+Release:          %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
+
+# To generate the source tarball:
+# $ git clone https://github.com/dogtagpki/tomcatjss.git
+# $ cd tomcatjss
+# $ git archive \
+#     --format=tar.gz \
+#     --prefix tomcatjss-VERSION/ \
+#     -o tomcatjss-VERSION.tar.gz \
+#     <version tag>
+Source:           https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?phase:-}%{?phase}/tomcatjss-%{version}%{?phase:-}%{?phase}.tar.gz
+
+# To create a patch for all changes since a version tag:
+# $ git format-patch \
+#     --stdout \
+#     <version tag> \
+#     > tomcatjss-VERSION-RELEASE.patch
+# Patch: tomcatjss-VERSION-RELEASE.patch
+
+BuildArch:        noarch
+
+################################################################################
+# Java
+################################################################################
+
+%define java_devel java-17-openjdk-devel
+%define java_headless java-17-openjdk-headless
+%define java_home %{_jvmdir}/jre-17-openjdk
+
+################################################################################
+# Build Dependencies
+################################################################################
+
+# jpackage-utils requires versioning to meet both build and runtime requirements
+# jss requires versioning to meet both build and runtime requirements
+# tomcat requires versioning to meet both build and runtime requirements
+
+# Java
+BuildRequires:    ant
+BuildRequires:    apache-commons-lang3
+BuildRequires:    %{java_devel}
+BuildRequires:    jpackage-utils >= 0:1.7.5-15
+
+# SLF4J
+BuildRequires:    slf4j
+BuildRequires:    slf4j-jdk14
+
+# JSS
+BuildRequires:    jss = 5.4
+
+# Tomcat
+%if 0%{?rhel} && ! 0%{?eln}
+BuildRequires:    pki-servlet-engine >= 1:9.0.7
+%else
+BuildRequires:    tomcat >= 1:9.0.7
+%endif
+
+%description
+JSS Connector for Apache Tomcat, installed via the tomcatjss package,
+is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
+uses Java Security Services (JSS), a Java interface to Network Security
+Services (NSS).
+
+################################################################################
+%package -n %{product_id}
+################################################################################
+
+Summary:          JSS Connector for Apache Tomcat
+
+# Java
+Requires:         apache-commons-lang3
+Requires:         %{java_headless}
+Requires:         jpackage-utils >= 0:1.7.5-15
+
+# SLF4J
+Requires:         slf4j
+Requires:         slf4j-jdk14
+
+# JSS
+Requires:         jss = 5.4
+
+# Tomcat
+%if 0%{?rhel} && ! 0%{?eln}
+Requires:         pki-servlet-engine >= 1:9.0.7
+%else
+Requires:         tomcat >= 1:9.0.7
+%endif
+
+Obsoletes:        tomcatjss < %{version}-%{release}
+Provides:         tomcatjss = %{version}-%{release}
+Provides:         tomcatjss = %{major_version}.%{minor_version}
+Provides:         %{product_id} = %{major_version}.%{minor_version}
+
+# PKI
+Conflicts:        pki-base < 10.10.0
+
+
+%if 0%{?rhel}
+# For EPEL, override the '_sharedstatedir' macro on RHEL
+%define           _sharedstatedir    /var/lib
+%endif
+
+%description -n %{product_id}
+JSS Connector for Apache Tomcat, installed via the tomcatjss package,
+is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
+uses Java Security Services (JSS), a Java interface to Network Security
+Services (NSS).
+
+################################################################################
+%prep
+################################################################################
+
+%autosetup -n tomcatjss-%{version}%{?phase:-}%{?phase} -p 1
+
+################################################################################
+%build
+################################################################################
+
+export JAVA_HOME=%{java_home}
+
+./build.sh \
+    %{?_verbose:-v} \
+    --name=%{product_id} \
+    --work-dir=%{_vpath_builddir} \
+    --version=%{version} \
+    --jni-dir=%{_jnidir} \
+    dist
+
+################################################################################
+%install
+################################################################################
+
+./build.sh \
+    %{?_verbose:-v} \
+    --name=%{product_id} \
+    --work-dir=%{_vpath_builddir} \
+    --version=%{version} \
+    --java-dir=%{_javadir} \
+    --doc-dir=%{_docdir} \
+    --install-dir=%{buildroot} \
+    install
+
+################################################################################
+%files -n %{product_id}
+################################################################################
+
+%license LICENSE
+
+%defattr(-,root,root)
+%doc README
+%doc LICENSE
+%{_javadir}/*
+
+################################################################################
+%changelog
+* Wed May 31 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 8.4.0-1
+- Rebase to Tomcat JSS 8.4.0
+
+* Fri Feb 10 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 8.3.0-1
+- Rebase to Tomcat JSS 8.3.0
+
+* Wed Nov 30 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 8.3.0-0.2.beta1
+- Rebase to Tomcat JSS 8.3.0-beta1
+
+* Thu Jun 30 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 8.2.0-1
+- Rebase to Tomcat JSS 8.2.0
+
+* Mon May 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 8.2.0-0.3.beta2
+- Rebase to Tomcat JSS 8.2.0-beta2
+- Rename packages to idm-tomcatjss
+
+* Mon Apr 18 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 8.2.0-0.2.beta1
+- Rebase to Tomcat JSS 8.2.0-beta1
+
+* Tue Oct 05 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 8.0.0-1
+- Rebase to Tomcat JSS 8.0.0
+
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 8.0.0-0.2.alpha1
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Jun 25 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 8.0.0-0.1
+- Rebase to Tomcat JSS 8.0.0-alpha1