.gitignore

@@ -1 +1 @@
-SOURCES/tomcatjss-7.5.0-a1.tar.gz
+SOURCES/tomcatjss-7.7.1.tar.gz

.tomcatjss.metadata

@@ -1 +1 @@
-731bf76056488deb18c0794f921606af7a428900 SOURCES/tomcatjss-7.5.0-a1.tar.gz
+a57bb5294890c2ddb5e62eb1e9c316d5deb95794 SOURCES/tomcatjss-7.7.1.tar.gz

SOURCES/0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch

@@ -1,89 +0,0 @@
-From 54e26482643023a7fcbbba25376d691980ed6471 Mon Sep 17 00:00:00 2001
-From: Alexander Scheel <ascheel@redhat.com>
-Date: Thu, 25 Jun 2020 13:41:59 -0400
-Subject: [PATCH] Use factory for JSSKeyManager, JSSTrustManager
-
-Signed-off-by: Alexander Scheel <ascheel@redhat.com>
----
- tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java | 12 ++++++++++--
- tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java    | 11 +++++++----
- 2 files changed, 17 insertions(+), 6 deletions(-)
-
-diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
-index 1f2082e..a3630e2 100644
---- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
-+++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
-@@ -9,6 +9,7 @@ import java.util.List;
- import javax.net.ssl.KeyManager;
- import javax.net.ssl.KeyManagerFactory;
- import javax.net.ssl.TrustManager;
-+import javax.net.ssl.TrustManagerFactory;
- 
- import org.apache.tomcat.util.net.SSLContext;
- 
-@@ -36,8 +37,15 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
- 
-         /* These KeyManagers and TrustManagers aren't used with the SSLEngine;
-          * they're only used to implement certain function calls below. */
--        jkm = new JSSKeyManager();
--        jtm = new JSSTrustManager();
-+        try {
-+            KeyManagerFactory kmf = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
-+            jkm = (JSSKeyManager) kmf.getKeyManagers()[0];
-+
-+            TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509", "Mozilla-JSS");
-+            jtm = (JSSTrustManager) tmf.getTrustManagers()[0];
-+        } catch (Exception e) {
-+            throw new RuntimeException(e.getMessage(), e);
-+        }
-     }
- 
-     public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException {
-diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
-index 8930bbd..cad3163 100644
---- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
-+++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
-@@ -26,7 +26,9 @@ import java.util.Set;
- import java.util.HashSet;
- 
- import javax.net.ssl.KeyManager;
-+import javax.net.ssl.KeyManagerFactory;
- import javax.net.ssl.TrustManager;
-+import javax.net.ssl.TrustManagerFactory;
- import javax.net.ssl.SSLEngine;
- 
- import org.apache.juli.logging.Log;
-@@ -39,9 +41,7 @@ import org.apache.tomcat.util.net.SSLUtilBase;
- 
- import org.mozilla.jss.JSSProvider;
- import org.mozilla.jss.crypto.Policy;
--import org.mozilla.jss.provider.javax.crypto.JSSKeyManager;
- import org.mozilla.jss.provider.javax.crypto.JSSNativeTrustManager;
--import org.mozilla.jss.provider.javax.crypto.JSSTrustManager;
- import org.mozilla.jss.ssl.SSLCipher;
- import org.mozilla.jss.ssl.SSLVersion;
- 
-@@ -86,15 +86,18 @@ public class JSSUtil extends SSLUtilBase {
-     @Override
-     public KeyManager[] getKeyManagers() throws Exception {
-         logger.debug("JSSUtil: getKeyManagers()");
--        return new KeyManager[] { new JSSKeyManager() };
-+        KeyManagerFactory jkm = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
-+        return jkm.getKeyManagers();
-     }
- 
-     @Override
-     public TrustManager[] getTrustManagers() throws Exception {
-         logger.debug("JSSUtil: getTrustManagers()");
-         if (!JSSProvider.ENABLE_JSSENGINE) {
--            return new TrustManager[] { new JSSTrustManager() };
-+            TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509");
-+            return tmf.getTrustManagers();
-         }
-+
-         return new TrustManager[] { new JSSNativeTrustManager() };
-     }
- 
--- 
-2.26.2
-

SPECS/tomcatjss.spec

@@ -7,9 +7,11 @@ URL:              http://www.dogtagpki.org/wiki/TomcatJSS
 License:          LGPLv2+
 BuildArch:        noarch
 
-Version:          7.5.0
-Release:          0.2%{?_timestamp}%{?_commit_id}%{?dist}
-%global           _phase -a1
+# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
+# For official (i.e. supported) releases, use x.y.z-r where r >=1.
+Version:          7.7.1
+Release:          1%{?_timestamp}%{?_commit_id}%{?dist}
+#global           _phase -alpha1
 
 # To generate the source tarball:
 # $ git clone https://github.com/dogtagpki/tomcatjss.git
@@ -27,7 +29,20 @@ Source:           https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_
 #     <version tag> \
 #     > tomcatjss-VERSION-RELEASE.patch
 # Patch: tomcatjss-VERSION-RELEASE.patch
-Patch0: 0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch
+
+################################################################################
+# Java
+################################################################################
+
+%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
+%define java_devel java-1.8.0-openjdk-devel
+%define java_headless java-1.8.0-openjdk-headless
+%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
+%else
+%define java_devel java-11-openjdk-devel
+%define java_headless java-11-openjdk-headless
+%define java_home /usr/lib/jvm/jre-11-openjdk
+%endif
 
 ################################################################################
 # Build Dependencies
@@ -37,98 +52,51 @@ Patch0: 0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch
 # jss requires versioning to meet both build and runtime requirements
 # tomcat requires versioning to meet both build and runtime requirements
 
-# autosetup
-BuildRequires:    git
-
 # Java
 BuildRequires:    ant
-BuildRequires:    apache-commons-lang
-BuildRequires:    java-devel
+BuildRequires:    apache-commons-lang3
+BuildRequires:    %{java_devel}
 BuildRequires:    jpackage-utils >= 0:1.7.5-15
 
 # SLF4J
 BuildRequires:    slf4j
-%if 0%{?rhel} && 0%{?rhel} <= 7
-# no slf4j-jdk14
-%else
 BuildRequires:    slf4j-jdk14
-%endif
 
 # JSS
-%if 0%{?rhel} && 0%{?rhel} <= 7
-BuildRequires:    jss >= 4.4.0-7
-%else
-BuildRequires:    jss >= 4.7.0
-%endif
+BuildRequires:    jss >= 4.9.0, jss < 5.0.0
 
 # Tomcat
-%if 0%{?rhel} && 0%{?rhel} <= 7
-BuildRequires:    tomcat >= 7.0.69
-%else
-%if 0%{?fedora} && 0%{?fedora} <= 27
-BuildRequires:    tomcat >= 8.0.49
-%else
-%if 0%{?fedora} && 0%{?fedora} <= 28
-BuildRequires:    tomcat >= 1:8.5.23
-%else
-%if 0%{?rhel}
+%if 0%{?rhel} && ! 0%{?eln}
 BuildRequires:    pki-servlet-engine >= 1:9.0.7
 %else
 BuildRequires:    tomcat >= 1:9.0.7
 %endif
-%endif
-%endif
-%endif
 
 ################################################################################
 # Runtime Dependencies
 ################################################################################
 
 # Java
-Requires:         apache-commons-lang
-%if 0%{?fedora} >= 21
-Requires:         java-headless
-%else
-Requires:         java
-%endif
+Requires:         apache-commons-lang3
+Requires:         %{java_headless}
 Requires:         jpackage-utils >= 0:1.7.5-15
 
 # SLF4J
 Requires:         slf4j
-%if 0%{?rhel}
-# no slf4j-jdk14
-%else
 Requires:         slf4j-jdk14
-%endif
 
 # JSS
-%if 0%{?rhel} && 0%{?rhel} <= 7
-Requires:         jss >= 4.4.0-7
-%else
-Requires:         jss >= 4.7.0
-%endif
+Requires:         jss >= 4.9.0, jss < 5.0.0
 
 # Tomcat
-%if 0%{?rhel} && 0%{?rhel} <= 7
-Requires:         tomcat >= 7.0.69
-%else
-%if 0%{?fedora} && 0%{?fedora} <= 27
-Requires:         tomcat >= 8.0.49
-%else
-%if 0%{?fedora} && 0%{?fedora} <= 28
-Requires:         tomcat >= 1:8.5.23
-%else
-%if 0%{?rhel}
+%if 0%{?rhel} && ! 0%{?eln}
 Requires:         pki-servlet-engine >= 1:9.0.7
 %else
 Requires:         tomcat >= 1:9.0.7
 %endif
-%endif
-%endif
-%endif
 
 # PKI
-Conflicts:        pki-base < 10.6.5
+Conflicts:        pki-base < 10.10.0
 
 
 %if 0%{?rhel}
@@ -142,15 +110,11 @@ is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
 uses Java Security Services (JSS), a Java interface to Network Security
 Services (NSS).
 
-NOTE:  The 'tomcatjss' package conflicts with the 'tomcat-native' package
-       because it uses an underlying NSS security model rather than the
-       OpenSSL security model, so these two packages may not co-exist.
-
 ################################################################################
 %prep
 ################################################################################
 
-%autosetup -n tomcatjss-%{version}%{?_phase} -p 1 -S git
+%autosetup -n tomcatjss-%{version}%{?_phase} -p 1
 
 ################################################################################
 %install
@@ -158,12 +122,7 @@ NOTE:  The 'tomcatjss' package conflicts with the 'tomcat-native' package
 
 # get Tomcat <major>.<minor> version number
 tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
-
-if [ $tomcat_version == "9.0" ]; then
-    app_server=tomcat-8.5
-else
-    app_server=tomcat-$tomcat_version
-fi
+app_server=tomcat-$tomcat_version
 
 ant -f build.xml \
     -Dversion=%{version} \
@@ -186,46 +145,68 @@ ant -f build.xml \
 
 ################################################################################
 %changelog
+* Mon Nov 15 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 7.7.1-1
+- Rebase to TomcatJSS 7.7.1
+
+* Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 7.7.0-1
+- Rebase to TomcatJSS 7.7.0
+
+* Fri Jun 11 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 7.7.0-0.1
+- Rebase to TomcatJSS 7.7.0-alpha1
+
+* Tue Nov 17 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.6.1-1
+- Rebase to TomcatJSS 7.6.1
+
+* Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.6.0-2
+- Bump dependency to JSS 4.8.0
+- Remove unsupported platforms
+
+* Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.6.0-1
+- Rebase to TomcatJSS 7.6.0
+
+* Thu Jul 09 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-1
+- Rebase to TomcatJSS 7.5.0
+
 * Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-0.2
-- Rebased to TomcatJSS 7.5.0-a2
+- Rebase to TomcatJSS 7.5.0-a2
 
 * Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-0.1
-- Rebased to TomcatJSS 7.5.0-a1
+- Rebase to TomcatJSS 7.5.0-a1
 
 * Thu Oct 31 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 7.4.1-2
-- Bumping min requirement for jss to 4.6.0
+- Bump dependency to JSS 4.6.0
 
 * Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 7.4.1-1
-- Rebased to TomcatJSS 7.4.1
+- Rebase to TomcatJSS 7.4.1
 
 * Wed Apr 24 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 7.4.0-1
-- Rebased to TomcatJSS 7.4.0
+- Rebase to TomcatJSS 7.4.0
 
 * Fri Oct 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.6-1
-- Rebased to TomcatJSS 7.3.6
+- Rebase to TomcatJSS 7.3.6
 
 * Mon Aug 13 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.5-1
-- Rebased to TomcatJSS 7.3.5
+- Rebase to TomcatJSS 7.3.5
 
 * Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.4-1
-- Rebased to TomcatJSS 7.3.4
+- Rebase to TomcatJSS 7.3.4
 
 * Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.3-2
 - Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3)
 
 * Fri Jul 20 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.3-1
-- Rebased to TomcatJSS 7.3.3
+- Rebase to TomcatJSS 7.3.3
 
 * Thu Jul 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.2-1
-- Rebased to TomcatJSS 7.3.2
+- Rebase to TomcatJSS 7.3.2
 
 * Fri Jun 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.1-1
-- Fixed Tomcat dependencies
-- Rebased to TomcatJSS 7.3.1
+- Fix Tomcat dependencies
+- Rebase to TomcatJSS 7.3.1
 
 * Thu Apr 12 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.0-1
-- Cleaned up spec file
-- Rebased to TomcatJSS 7.3.0 final
+- Clean up spec file
+- Rebase to TomcatJSS 7.3.0 final
 
 * Thu Mar 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 7.3.0-0.2
-- Rebased to TomcatJSS 7.3.0 beta
+- Rebase to TomcatJSS 7.3.0 beta