From 8ea5edb6869c8d2ced94c84881b81ed62facc0a1 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 10 2020 01:28:09 +0000 Subject: import tomcatjss-7.5.0-0.2.module+el8.3.0+7178+12af6fad --- diff --git a/SOURCES/0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch b/SOURCES/0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch new file mode 100644 index 0000000..8dcf646 --- /dev/null +++ b/SOURCES/0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch @@ -0,0 +1,89 @@ +From 54e26482643023a7fcbbba25376d691980ed6471 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Thu, 25 Jun 2020 13:41:59 -0400 +Subject: [PATCH] Use factory for JSSKeyManager, JSSTrustManager + +Signed-off-by: Alexander Scheel +--- + tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java | 12 ++++++++++-- + tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java | 11 +++++++---- + 2 files changed, 17 insertions(+), 6 deletions(-) + +diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java +index 1f2082e..a3630e2 100644 +--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java ++++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java +@@ -9,6 +9,7 @@ import java.util.List; + import javax.net.ssl.KeyManager; + import javax.net.ssl.KeyManagerFactory; + import javax.net.ssl.TrustManager; ++import javax.net.ssl.TrustManagerFactory; + + import org.apache.tomcat.util.net.SSLContext; + +@@ -36,8 +37,15 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext { + + /* These KeyManagers and TrustManagers aren't used with the SSLEngine; + * they're only used to implement certain function calls below. */ +- jkm = new JSSKeyManager(); +- jtm = new JSSTrustManager(); ++ try { ++ KeyManagerFactory kmf = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS"); ++ jkm = (JSSKeyManager) kmf.getKeyManagers()[0]; ++ ++ TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509", "Mozilla-JSS"); ++ jtm = (JSSTrustManager) tmf.getTrustManagers()[0]; ++ } catch (Exception e) { ++ throw new RuntimeException(e.getMessage(), e); ++ } + } + + public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException { +diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java +index 8930bbd..cad3163 100644 +--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java ++++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java +@@ -26,7 +26,9 @@ import java.util.Set; + import java.util.HashSet; + + import javax.net.ssl.KeyManager; ++import javax.net.ssl.KeyManagerFactory; + import javax.net.ssl.TrustManager; ++import javax.net.ssl.TrustManagerFactory; + import javax.net.ssl.SSLEngine; + + import org.apache.juli.logging.Log; +@@ -39,9 +41,7 @@ import org.apache.tomcat.util.net.SSLUtilBase; + + import org.mozilla.jss.JSSProvider; + import org.mozilla.jss.crypto.Policy; +-import org.mozilla.jss.provider.javax.crypto.JSSKeyManager; + import org.mozilla.jss.provider.javax.crypto.JSSNativeTrustManager; +-import org.mozilla.jss.provider.javax.crypto.JSSTrustManager; + import org.mozilla.jss.ssl.SSLCipher; + import org.mozilla.jss.ssl.SSLVersion; + +@@ -86,15 +86,18 @@ public class JSSUtil extends SSLUtilBase { + @Override + public KeyManager[] getKeyManagers() throws Exception { + logger.debug("JSSUtil: getKeyManagers()"); +- return new KeyManager[] { new JSSKeyManager() }; ++ KeyManagerFactory jkm = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS"); ++ return jkm.getKeyManagers(); + } + + @Override + public TrustManager[] getTrustManagers() throws Exception { + logger.debug("JSSUtil: getTrustManagers()"); + if (!JSSProvider.ENABLE_JSSENGINE) { +- return new TrustManager[] { new JSSTrustManager() }; ++ TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509"); ++ return tmf.getTrustManagers(); + } ++ + return new TrustManager[] { new JSSNativeTrustManager() }; + } + +-- +2.26.2 + diff --git a/SPECS/tomcatjss.spec b/SPECS/tomcatjss.spec index 0072390..0bbe4f0 100644 --- a/SPECS/tomcatjss.spec +++ b/SPECS/tomcatjss.spec @@ -8,7 +8,7 @@ License: LGPLv2+ BuildArch: noarch Version: 7.5.0 -Release: 0.1%{?_timestamp}%{?_commit_id}%{?dist} +Release: 0.2%{?_timestamp}%{?_commit_id}%{?dist} %global _phase -a1 # To generate the source tarball: @@ -27,6 +27,7 @@ Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_ # \ # > tomcatjss-VERSION-RELEASE.patch # Patch: tomcatjss-VERSION-RELEASE.patch +Patch0: 0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch ################################################################################ # Build Dependencies @@ -185,6 +186,9 @@ ant -f build.xml \ ################################################################################ %changelog +* Thu Jun 25 2020 Red Hat PKI Team 7.5.0-0.2 +- Rebased to TomcatJSS 7.5.0-a2 + * Tue May 26 2020 Red Hat PKI Team 7.5.0-0.1 - Rebased to TomcatJSS 7.5.0-a1