From 8ea5edb6869c8d2ced94c84881b81ed62facc0a1 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jul 10 2020 01:28:09 +0000
Subject: import tomcatjss-7.5.0-0.2.module+el8.3.0+7178+12af6fad


---

diff --git a/SOURCES/0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch b/SOURCES/0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch
new file mode 100644
index 0000000..8dcf646
--- /dev/null
+++ b/SOURCES/0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch
@@ -0,0 +1,89 @@
+From 54e26482643023a7fcbbba25376d691980ed6471 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel@redhat.com>
+Date: Thu, 25 Jun 2020 13:41:59 -0400
+Subject: [PATCH] Use factory for JSSKeyManager, JSSTrustManager
+
+Signed-off-by: Alexander Scheel <ascheel@redhat.com>
+---
+ tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java | 12 ++++++++++--
+ tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java    | 11 +++++++----
+ 2 files changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
+index 1f2082e..a3630e2 100644
+--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
++++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
+@@ -9,6 +9,7 @@ import java.util.List;
+ import javax.net.ssl.KeyManager;
+ import javax.net.ssl.KeyManagerFactory;
+ import javax.net.ssl.TrustManager;
++import javax.net.ssl.TrustManagerFactory;
+ 
+ import org.apache.tomcat.util.net.SSLContext;
+ 
+@@ -36,8 +37,15 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
+ 
+         /* These KeyManagers and TrustManagers aren't used with the SSLEngine;
+          * they're only used to implement certain function calls below. */
+-        jkm = new JSSKeyManager();
+-        jtm = new JSSTrustManager();
++        try {
++            KeyManagerFactory kmf = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
++            jkm = (JSSKeyManager) kmf.getKeyManagers()[0];
++
++            TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509", "Mozilla-JSS");
++            jtm = (JSSTrustManager) tmf.getTrustManagers()[0];
++        } catch (Exception e) {
++            throw new RuntimeException(e.getMessage(), e);
++        }
+     }
+ 
+     public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException {
+diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
+index 8930bbd..cad3163 100644
+--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
++++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
+@@ -26,7 +26,9 @@ import java.util.Set;
+ import java.util.HashSet;
+ 
+ import javax.net.ssl.KeyManager;
++import javax.net.ssl.KeyManagerFactory;
+ import javax.net.ssl.TrustManager;
++import javax.net.ssl.TrustManagerFactory;
+ import javax.net.ssl.SSLEngine;
+ 
+ import org.apache.juli.logging.Log;
+@@ -39,9 +41,7 @@ import org.apache.tomcat.util.net.SSLUtilBase;
+ 
+ import org.mozilla.jss.JSSProvider;
+ import org.mozilla.jss.crypto.Policy;
+-import org.mozilla.jss.provider.javax.crypto.JSSKeyManager;
+ import org.mozilla.jss.provider.javax.crypto.JSSNativeTrustManager;
+-import org.mozilla.jss.provider.javax.crypto.JSSTrustManager;
+ import org.mozilla.jss.ssl.SSLCipher;
+ import org.mozilla.jss.ssl.SSLVersion;
+ 
+@@ -86,15 +86,18 @@ public class JSSUtil extends SSLUtilBase {
+     @Override
+     public KeyManager[] getKeyManagers() throws Exception {
+         logger.debug("JSSUtil: getKeyManagers()");
+-        return new KeyManager[] { new JSSKeyManager() };
++        KeyManagerFactory jkm = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
++        return jkm.getKeyManagers();
+     }
+ 
+     @Override
+     public TrustManager[] getTrustManagers() throws Exception {
+         logger.debug("JSSUtil: getTrustManagers()");
+         if (!JSSProvider.ENABLE_JSSENGINE) {
+-            return new TrustManager[] { new JSSTrustManager() };
++            TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509");
++            return tmf.getTrustManagers();
+         }
++
+         return new TrustManager[] { new JSSNativeTrustManager() };
+     }
+ 
+-- 
+2.26.2
+
diff --git a/SPECS/tomcatjss.spec b/SPECS/tomcatjss.spec
index 0072390..0bbe4f0 100644
--- a/SPECS/tomcatjss.spec
+++ b/SPECS/tomcatjss.spec
@@ -8,7 +8,7 @@ License:          LGPLv2+
 BuildArch:        noarch
 
 Version:          7.5.0
-Release:          0.1%{?_timestamp}%{?_commit_id}%{?dist}
+Release:          0.2%{?_timestamp}%{?_commit_id}%{?dist}
 %global           _phase -a1
 
 # To generate the source tarball:
@@ -27,6 +27,7 @@ Source:           https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_
 #     <version tag> \
 #     > tomcatjss-VERSION-RELEASE.patch
 # Patch: tomcatjss-VERSION-RELEASE.patch
+Patch0: 0001-Use-factory-for-JSSKeyManager-JSSTrustManager.patch
 
 ################################################################################
 # Build Dependencies
@@ -185,6 +186,9 @@ ant -f build.xml \
 
 ################################################################################
 %changelog
+* Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-0.2
+- Rebased to TomcatJSS 7.5.0-a2
+
 * Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 7.5.0-0.1
 - Rebased to TomcatJSS 7.5.0-a1