[Pkg-freeipa-devel] dogtag-pki: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Wed Feb 15 09:08:40 UTC 2017
CMakeLists.txt | 1
base/ca/shared/conf/logging.properties | 70
base/ca/src/CMakeLists.txt | 4
base/ca/src/com/netscape/ca/CertificateAuthority.java | 131
base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java | 7
base/ca/src/com/netscape/ca/SigningUnit.java | 26
base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java | 2
base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java | 50
base/common/man/man5/pki-logging.5 | 94
base/common/python/pki/nssdb.py | 64
base/common/share/etc/logging.properties | 3
base/common/src/CMakeLists.txt | 4
base/common/src/com/netscape/certsrv/account/AccountInfo.java | 8
base/common/src/com/netscape/certsrv/apps/CMS.java | 5
base/common/src/com/netscape/certsrv/apps/ICMSEngine.java | 8
base/common/src/com/netscape/certsrv/base/ResourceMessage.java | 11
base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java | 2
base/common/src/com/netscape/certsrv/client/PKIConnection.java | 8
base/common/src/com/netscape/certsrv/client/SubsystemClient.java | 26
base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java | 6
base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java | 3
base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java | 4
base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java | 32
base/common/src/org/dogtagpki/tps/apdu/APDU.java | 3
base/common/src/org/dogtagpki/tps/apdu/GetLifecycleAPDU.java | 35
base/console/src/CMakeLists.txt | 5
base/java-tools/man/man1/CMCEnroll.1 | 570 +
base/java-tools/man/man1/pki-cert.1 | 5
base/java-tools/man/man1/pki-pkcs12-cert.1 | 122
base/java-tools/man/man1/pki-pkcs12-key.1 | 76
base/java-tools/man/man1/pki-pkcs12.1 | 114
base/java-tools/src/CMakeLists.txt | 4
base/java-tools/src/com/netscape/cmstools/CMCEnroll.java | 13
base/java-tools/src/com/netscape/cmstools/CMCRequest.java | 4
base/java-tools/src/com/netscape/cmstools/CMCRevoke.java | 11
base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java | 8
base/java-tools/src/com/netscape/cmstools/HttpClient.java | 2
base/java-tools/src/com/netscape/cmstools/PKCS10Client.java | 11
base/javadoc/CMakeLists.txt | 1
base/kra/shared/conf/logging.properties | 70
base/kra/src/CMakeLists.txt | 4
base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java | 30
base/ocsp/shared/conf/logging.properties | 70
base/ocsp/src/CMakeLists.txt | 4
base/ocsp/src/com/netscape/ocsp/SigningUnit.java | 44
base/server/cms/src/CMakeLists.txt | 4
base/server/cms/src/com/netscape/cms/authentication/UserPwdDirAuthentication.java | 2
base/server/cms/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java | 22
base/server/cms/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java | 22
base/server/cms/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java | 22
base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java | 2
base/server/cms/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java | 11
base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestDAO.java | 17
base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestInfoFactory.java | 15
base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java | 15
base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java | 2
base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 73
base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java | 21
base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java | 3
base/server/cms/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java | 1
base/server/cms/src/com/netscape/cms/servlet/request/QueryReq.java | 6
base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java | 4
base/server/cms/src/org/dogtagpki/server/rest/AccountService.java | 46
base/server/cms/src/org/dogtagpki/server/rest/SelfTestService.java | 2
base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 11
base/server/cms/src/org/dogtagpki/server/rest/UserService.java | 2
base/server/cmsbundle/src/LogMessages.properties | 2
base/server/cmscore/src/CMakeLists.txt | 4
base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java | 15
base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java | 2
base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java | 8
base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java | 117
base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java | 211
base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java | 13
base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java | 18
base/server/etc/default.cfg | 54
base/server/man/man5/pki-server-logging.5 | 191
base/server/man/man5/pki_default.cfg.5 | 2
base/server/python/pki/server/__init__.py | 3
base/server/python/pki/server/cli/subsystem.py | 74
base/server/python/pki/server/deployment/pkihelper.py | 16
base/server/python/pki/server/deployment/pkiparser.py | 33
base/server/python/pki/server/deployment/scriptlets/instance_layout.py | 23
base/server/sbin/pki-server-nuxwdog | 12
base/server/share/conf/log4j.properties | 45
base/server/share/conf/logging.properties | 24
base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java | 5
base/server/upgrade/10.3.5/02-FixDeploymentDescriptor | 110
base/server/upgrade/10.3.5/02-FixSELinuxContexts | 36
base/server/upgrade/10.3.5/03-UpdateAJPLoopbackAddress | 62
base/symkey/src/CMakeLists.txt | 4
base/symkey/src/com/netscape/symkey/CMakeLists.txt | 2
base/tks/shared/conf/logging.properties | 70
base/tks/src/CMakeLists.txt | 4
base/tps-client/src/CMakeLists.txt | 1
base/tps-client/src/apdu/Get_Lifecycle_APDU.cpp | 41
base/tps-client/src/include/apdu/APDU.h | 3
base/tps-client/src/include/apdu/Get_Lifecycle_APDU.h | 58
base/tps-client/src/main/ConfigStore.cpp | 2
base/tps-client/src/main/RollingLogFile.cpp | 2
base/tps-client/tools/raclient/RA_Conn.cpp | 14
base/tps-client/tools/raclient/RA_Token.cpp | 4
base/tps/shared/conf/CS.cfg | 36
base/tps/shared/conf/logging.properties | 70
base/tps/shared/webapps/tps/js/profile.js | 85
base/tps/shared/webapps/tps/js/tps.js | 132
base/tps/shared/webapps/tps/ui/index.html | 60
base/tps/shared/webapps/tps/ui/user-certs.html | 2
base/tps/src/CMakeLists.txt | 4
base/tps/src/org/dogtagpki/server/tps/TPSAccountService.java | 80
base/tps/src/org/dogtagpki/server/tps/TPSTokenPolicy.java | 8
base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java | 109
base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java | 48
base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java | 45
base/tps/src/org/dogtagpki/server/tps/dbs/TokenCertStatus.java | 43
base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java | 15
base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java | 35
base/tps/src/org/dogtagpki/server/tps/main/ExternalRegCertToRecover.java | 27
base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java | 3
base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java | 32
base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java | 337
base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java | 34
base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java | 54
base/tps/src/org/dogtagpki/server/tps/rest/TPSApplication.java | 4
base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java | 2
base/util/src/CMakeLists.txt | 8
base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 23
base/util/src/netscape/security/pkcs/PKCS12.java | 6
base/util/src/netscape/security/x509/AlgorithmId.java | 41
debian/changelog | 10
debian/control | 2
debian/patches/series | 2
debian/patches/sync-rpm-10.3.5-7.diff | 3687 ----------
debian/patches/use-resteasy-legacy.diff | 357
specs/pki-console.spec | 10
specs/pki-core.spec | 364
136 files changed, 4095 insertions(+), 5043 deletions(-)
New commits:
commit 8f581e0968d37191d88aec9483857c3dfc4d0670
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Wed Feb 15 11:06:59 2017 +0200
releasing package dogtag-pki version 10.3.5+12-1
diff --git a/debian/changelog b/debian/changelog
index 3bbcda4..1cb5253 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-dogtag-pki (10.3.5+12-1) UNRELEASED; urgency=medium
+dogtag-pki (10.3.5+12-1) unstable; urgency=medium
* New upstream snapshot. Version number is derived from the Fedora
release, 10.3.5+12 maps to pki-core 10.3.5-12 on Fedora.
@@ -6,7 +6,7 @@ dogtag-pki (10.3.5+12-1) UNRELEASED; urgency=medium
* use-resteasy-legacy.diff, control: Port to resteasy 3.1.0-2 which
ships resteasy-legacy.jar. (LP: #1664457)
- -- Timo Aaltonen <tjaalton at debian.org> Wed, 15 Feb 2017 09:53:23 +0200
+ -- Timo Aaltonen <tjaalton at debian.org> Wed, 15 Feb 2017 11:06:47 +0200
dogtag-pki (10.3.5-7) unstable; urgency=medium
commit d53747700a49d855cd7cc5147401098d44d7852d
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Wed Feb 15 11:06:23 2017 +0200
use-resteasy-legacy.diff, control: Port to resteasy 3.1.0-2 which ships resteasy-legacy.jar. (LP: #1664457)
diff --git a/debian/changelog b/debian/changelog
index d251248..3bbcda4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ dogtag-pki (10.3.5+12-1) UNRELEASED; urgency=medium
* New upstream snapshot. Version number is derived from the Fedora
release, 10.3.5+12 maps to pki-core 10.3.5-12 on Fedora.
* sync-rpm-10.3.5-7.diff: Dropped.
+ * use-resteasy-legacy.diff, control: Port to resteasy 3.1.0-2 which
+ ships resteasy-legacy.jar. (LP: #1664457)
-- Timo Aaltonen <tjaalton at debian.org> Wed, 15 Feb 2017 09:53:23 +0200
diff --git a/debian/control b/debian/control
index 046061d..c37ea43 100644
--- a/debian/control
+++ b/debian/control
@@ -25,7 +25,7 @@ Build-Depends:
libnspr4-dev,
libnss3-dev,
libnuxwdog-java,
- libresteasy-java,
+ libresteasy-java (>= 3.1.0-2),
libservlet3.1-java,
libsvrcore-dev,
libtomcat8-java,
diff --git a/debian/patches/series b/debian/patches/series
index 1786c23..940bea5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,3 +12,4 @@ fix-cli-migrate.diff
use-bash.diff
fix-cve-2016-1240.diff
create-target-wants.diff
+use-resteasy-legacy.diff
diff --git a/debian/patches/use-resteasy-legacy.diff b/debian/patches/use-resteasy-legacy.diff
new file mode 100644
index 0000000..b9dab5b
--- /dev/null
+++ b/debian/patches/use-resteasy-legacy.diff
@@ -0,0 +1,357 @@
+--- a/.classpath
++++ b/.classpath
+@@ -45,6 +45,7 @@
+ <classpathentry kind="lib" path="/usr/share/java/resteasy/resteasy-jaxb-provider.jar"/>
+ <classpathentry kind="lib" path="/usr/share/java/resteasy/resteasy-jaxrs.jar"/>
+ <classpathentry kind="lib" path="/usr/share/java/resteasy/resteasy-jackson-provider.jar"/>
++ <classpathentry kind="lib" path="/usr/share/java/resteasy/resteasy-legacy.jar"/>
+ <classpathentry kind="lib" path="/usr/share/java/scannotation.jar"/>
+ <classpathentry kind="lib" path="/usr/share/java/servlet.jar"/>
+ <classpathentry kind="lib" path="/usr/share/java/velocity.jar"/>
+--- a/base/common/CMakeLists.txt
++++ b/base/common/CMakeLists.txt
+@@ -46,6 +46,7 @@ add_custom_command(
+ COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/javax.ws.rs-api.jar lib/javax.ws.rs-api.jar
+ COMMAND ${CMAKE_COMMAND} -E create_symlink ${RESTEASY_LIB}/resteasy-jaxrs-jandex.jar lib/resteasy-jaxrs-jandex.jar
+ COMMAND ${CMAKE_COMMAND} -E create_symlink ${RESTEASY_LIB}/resteasy-jaxrs.jar lib/resteasy-jaxrs.jar
++ COMMAND ${CMAKE_COMMAND} -E create_symlink ${RESTEASY_LIB}/resteasy-legacy.jar lib/resteasy-legacy.jar
+ COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/servlet-api-3.1.jar lib/servlet.jar
+ )
+
+--- a/base/common/src/CMakeLists.txt
++++ b/base/common/src/CMakeLists.txt
+@@ -104,6 +104,13 @@ find_file(RESTEASY_CLIENT_JAR
+ ${RESTEASY_LIB}
+ )
+
++find_file(RESTEASY_LEGACY_JAR
++ NAMES
++ resteasy-legacy.jar
++ PATHS
++ ${RESTEASY_LIB}
++)
++
+ find_file(HTTPCLIENT_JAR
+ NAMES
+ httpclient.jar
+@@ -129,7 +136,7 @@ javac(pki-certsrv-classes
+ ${APACHE_COMMONS_LANG_JAR}
+ ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_JAR} ${SYMKEY_JAR}
+ ${JAXRS_API_JAR} ${RESTEASY_JAXRS_JAR} ${RESTEASY_ATOM_PROVIDER_JAR} ${RESTEASY_CLIENT_JAR}
+- ${HTTPCLIENT_JAR} ${HTTPCORE_JAR}
++ ${RESTEASY_LEGACY_JAR} ${HTTPCLIENT_JAR} ${HTTPCORE_JAR}
+ OUTPUT_DIR
+ ${CMAKE_CURRENT_BINARY_DIR}/classes
+ DEPENDS
+diff --git a/base/common/src/com/netscape/certsrv/account/AccountResource.java b/base/common/src/com/netscape/certsrv/account/AccountResource.java
+index 95440cf..46edfdf 100644
+--- a/base/common/src/com/netscape/certsrv/account/AccountResource.java
++++ b/base/common/src/com/netscape/certsrv/account/AccountResource.java
+@@ -22,7 +22,7 @@ import javax.ws.rs.GET;
+ import javax.ws.rs.Path;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
+index 0f8b70a..1429ae5 100644
+--- a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
++++ b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
+@@ -9,7 +9,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.Produces;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
+index 493f6f5..d8a10a2 100644
+--- a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
++++ b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
+@@ -24,7 +24,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/cert/CertResource.java b/base/common/src/com/netscape/certsrv/cert/CertResource.java
+index 9d6a7c8..267ba52 100644
+--- a/base/common/src/com/netscape/certsrv/cert/CertResource.java
++++ b/base/common/src/com/netscape/certsrv/cert/CertResource.java
+@@ -7,7 +7,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/group/GroupResource.java b/base/common/src/com/netscape/certsrv/group/GroupResource.java
+index 27fa90b..f04eaa7 100644
+--- a/base/common/src/com/netscape/certsrv/group/GroupResource.java
++++ b/base/common/src/com/netscape/certsrv/group/GroupResource.java
+@@ -26,7 +26,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
+index 26ab990..938c494 100644
+--- a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
++++ b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
+@@ -10,7 +10,7 @@ import javax.ws.rs.core.MediaType;
+ import javax.ws.rs.core.MultivaluedMap;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/key/KeyResource.java b/base/common/src/com/netscape/certsrv/key/KeyResource.java
+index 71a3556..211ed6e 100644
+--- a/base/common/src/com/netscape/certsrv/key/KeyResource.java
++++ b/base/common/src/com/netscape/certsrv/key/KeyResource.java
+@@ -10,7 +10,7 @@ import javax.ws.rs.core.MediaType;
+ import javax.ws.rs.core.MultivaluedMap;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/logging/ActivityResource.java b/base/common/src/com/netscape/certsrv/logging/ActivityResource.java
+index 3e0a050..d3db3bc 100644
+--- a/base/common/src/com/netscape/certsrv/logging/ActivityResource.java
++++ b/base/common/src/com/netscape/certsrv/logging/ActivityResource.java
+@@ -23,7 +23,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+
+ /**
+diff --git a/base/common/src/com/netscape/certsrv/logging/AuditResource.java b/base/common/src/com/netscape/certsrv/logging/AuditResource.java
+index 9b14986..607c0cc 100644
+--- a/base/common/src/com/netscape/certsrv/logging/AuditResource.java
++++ b/base/common/src/com/netscape/certsrv/logging/AuditResource.java
+@@ -23,7 +23,7 @@ import javax.ws.rs.Path;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/profile/ProfileResource.java b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java
+index 410f98a..37fa524 100644
+--- a/base/common/src/com/netscape/certsrv/profile/ProfileResource.java
++++ b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java
+@@ -9,7 +9,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/selftests/SelfTestResource.java b/base/common/src/com/netscape/certsrv/selftests/SelfTestResource.java
+index 2238beb..101d595 100644
+--- a/base/common/src/com/netscape/certsrv/selftests/SelfTestResource.java
++++ b/base/common/src/com/netscape/certsrv/selftests/SelfTestResource.java
+@@ -24,7 +24,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/system/FeatureResource.java b/base/common/src/com/netscape/certsrv/system/FeatureResource.java
+index 16413f7..47f441b 100644
+--- a/base/common/src/com/netscape/certsrv/system/FeatureResource.java
++++ b/base/common/src/com/netscape/certsrv/system/FeatureResource.java
+@@ -22,7 +22,7 @@ import javax.ws.rs.Path;
+ import javax.ws.rs.PathParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ /**
+ * @author alee
+diff --git a/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java b/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java
+index cf52c66..5f88c4b 100644
+--- a/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java
++++ b/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java
+@@ -23,7 +23,7 @@ import javax.ws.rs.Path;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java b/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java
+index 7ad8755..85d784e 100644
+--- a/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java
++++ b/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java
+@@ -22,7 +22,7 @@ import javax.ws.rs.Path;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/system/SystemCertResource.java b/base/common/src/com/netscape/certsrv/system/SystemCertResource.java
+index 3a9d6e1..b8886ee 100644
+--- a/base/common/src/com/netscape/certsrv/system/SystemCertResource.java
++++ b/base/common/src/com/netscape/certsrv/system/SystemCertResource.java
+@@ -4,7 +4,7 @@ import javax.ws.rs.GET;
+ import javax.ws.rs.Path;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.cert.CertData;
+
+diff --git a/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java b/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java
+index af440d3..c6fa0e2 100644
+--- a/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java
++++ b/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java
+@@ -26,7 +26,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java b/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java
+index c94dd8a..f639ad1 100644
+--- a/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java
+@@ -25,7 +25,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/cert/TPSCertResource.java b/base/common/src/com/netscape/certsrv/tps/cert/TPSCertResource.java
+index 90deaaa..d7a07d9 100644
+--- a/base/common/src/com/netscape/certsrv/tps/cert/TPSCertResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/cert/TPSCertResource.java
+@@ -23,7 +23,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+
+ /**
+diff --git a/base/common/src/com/netscape/certsrv/tps/config/ConfigResource.java b/base/common/src/com/netscape/certsrv/tps/config/ConfigResource.java
+index 1461b06..bae3022 100644
+--- a/base/common/src/com/netscape/certsrv/tps/config/ConfigResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/config/ConfigResource.java
+@@ -21,7 +21,7 @@ import javax.ws.rs.GET;
+ import javax.ws.rs.Path;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java b/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java
+index bede85c..e7a38be 100644
+--- a/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java
+@@ -25,7 +25,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java b/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java
+index 0308615..dc1c2b8 100644
+--- a/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java
+@@ -25,7 +25,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java b/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java
+index 8f0ebd0..f80cb0e 100644
+--- a/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java
+@@ -25,7 +25,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java b/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java
+index c37b027..c454c90 100644
+--- a/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java
+@@ -26,7 +26,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/user/UserResource.java b/base/common/src/com/netscape/certsrv/user/UserResource.java
+index 8668221..4a957b5 100644
+--- a/base/common/src/com/netscape/certsrv/user/UserResource.java
++++ b/base/common/src/com/netscape/certsrv/user/UserResource.java
+@@ -27,7 +27,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
commit 6f9fb1ad6f1e17b50d70942b1565ce64fabdef71
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Wed Feb 15 10:30:02 2017 +0200
sync-rpm-10.3.5-7.diff: Dropped.
diff --git a/debian/changelog b/debian/changelog
index c380961..d251248 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ dogtag-pki (10.3.5+12-1) UNRELEASED; urgency=medium
* New upstream snapshot. Version number is derived from the Fedora
release, 10.3.5+12 maps to pki-core 10.3.5-12 on Fedora.
+ * sync-rpm-10.3.5-7.diff: Dropped.
-- Timo Aaltonen <tjaalton at debian.org> Wed, 15 Feb 2017 09:53:23 +0200
diff --git a/debian/patches/series b/debian/patches/series
index 6016342..1786c23 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,5 +11,4 @@ use-root-homedir.diff
fix-cli-migrate.diff
use-bash.diff
fix-cve-2016-1240.diff
-sync-rpm-10.3.5-7.diff
create-target-wants.diff
diff --git a/debian/patches/sync-rpm-10.3.5-7.diff b/debian/patches/sync-rpm-10.3.5-7.diff
deleted file mode 100644
index 660c0b8..0000000
--- a/debian/patches/sync-rpm-10.3.5-7.diff
+++ /dev/null
@@ -1,3687 +0,0 @@
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index c746056..457e144 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -54,7 +54,6 @@ macro_ensure_out_of_source_build("${PROJECT_NAME} requires an out of source buil
- include(MacroCopyFile)
- include(Java)
-
--file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/classes)
- file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/dist)
-
- # required for all PKI components
-diff --git a/base/ca/src/CMakeLists.txt b/base/ca/src/CMakeLists.txt
-index 854ce28..e612d72 100644
---- a/base/ca/src/CMakeLists.txt
-+++ b/base/ca/src/CMakeLists.txt
-@@ -96,7 +96,7 @@ javac(pki-ca-classes
- ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
- ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
- OUTPUT_DIR
-- ${CMAKE_BINARY_DIR}/classes
-+ ${CMAKE_CURRENT_BINARY_DIR}/classes
- DEPENDS
- symkey-jar pki-nsutil-jar pki-cmsutil-jar pki-certsrv-jar pki-cms-jar pki-cmscore-jar
- )
-@@ -114,7 +114,7 @@ jar(pki-ca-jar
- PARAMS
- ${CMAKE_CURRENT_BINARY_DIR}/pki-ca.mf
- INPUT_DIR
-- ${CMAKE_BINARY_DIR}/classes
-+ ${CMAKE_CURRENT_BINARY_DIR}/classes
- FILES
- com/netscape/ca/*.class
- org/dogtagpki/server/ca/*.class
-diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
-index a5397da..ae90d3a 100644
---- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
-+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
-@@ -124,6 +124,7 @@ import com.netscape.certsrv.util.IStatsSubsystem;
- import com.netscape.cms.servlet.cert.CertEnrollmentRequestFactory;
- import com.netscape.cms.servlet.cert.EnrollmentProcessor;
- import com.netscape.cms.servlet.cert.RenewalProcessor;
-+import com.netscape.cms.servlet.cert.RevocationProcessor;
- import com.netscape.cms.servlet.processors.CAProcessor;
- import com.netscape.cmscore.base.ArgBlock;
- import com.netscape.cmscore.dbs.CRLRepository;
-@@ -178,6 +179,7 @@ import netscape.security.x509.CertificateChain;
- import netscape.security.x509.CertificateIssuerName;
- import netscape.security.x509.CertificateSubjectName;
- import netscape.security.x509.CertificateVersion;
-+import netscape.security.x509.RevocationReason;
- import netscape.security.x509.X500Name;
- import netscape.security.x509.X500Signer;
- import netscape.security.x509.X509CRLImpl;
-@@ -677,6 +679,24 @@ public class CertificateAuthority
- }
- }
-
-+ private boolean entryUSNPluginEnabled() {
-+ try {
-+ LDAPConnection conn = dbFactory.getConn();
-+ try {
-+ LDAPSearchResults results = conn.search(
-+ "cn=usn,cn=plugins,cn=config", LDAPConnection.SCOPE_BASE,
-+ "(nsslapd-pluginEnabled=on)", null, false);
-+ return results != null && results.hasMoreElements();
-+ } catch (LDAPException e) {
-+ return false;
-+ } finally {
-+ dbFactory.returnConn(conn);
-+ }
-+ } catch (ELdapException e) {
-+ return false; // oh well
-+ }
-+ }
-+
- private void initCRLPublisher() throws EBaseException {
- // instantiate CRL publisher
- if (!isHostAuthority()) {
-@@ -1549,7 +1569,12 @@ public class CertificateAuthority
- CMS.debug("CA signing key and cert not (yet) present in NSSDB");
- signingUnitException = e;
- if (retrieveKeys == true) {
-- if (!keyRetrieverThreads.containsKey(authorityID)) {
-+ if (authorityID == null) {
-+ // Only the host authority should ever see a
-+ // null authorityID, e.g. during two-step
-+ // installation of externally-signed CA.
-+ CMS.debug("null authorityID -> host authority; not starting KeyRetriever");
-+ } else if (!keyRetrieverThreads.containsKey(authorityID)) {
- CMS.debug("Starting KeyRetrieverRunner thread");
- Thread t = new Thread(
- new KeyRetrieverRunner(authorityID, mNickname, authorityKeyHosts),
-@@ -2964,7 +2989,8 @@ public class CertificateAuthority
- authorityKeyHosts.add(thisClone);
- }
-
-- public synchronized void deleteAuthority() throws EBaseException {
-+ public synchronized void deleteAuthority(HttpServletRequest httpReq)
-+ throws EBaseException {
- if (isHostAuthority())
- throw new CATypeException("Cannot delete the host CA");
-
-@@ -2984,13 +3010,54 @@ public class CertificateAuthority
-
- shutdown();
-
-+ revokeAuthority(httpReq);
- deleteAuthorityEntry(authorityID);
- deleteAuthorityNSSDB();
- }
-
-+ /** Revoke the authority's certificate
-+ *
-+ * TODO: revocation reason, invalidity date parameters
-+ */
-+ private void revokeAuthority(HttpServletRequest httpReq)
-+ throws EBaseException {
-+ CMS.debug("revokeAuthority: checking serial " + authoritySerial);
-+ ICertRecord certRecord = mCertRepot.readCertificateRecord(authoritySerial);
-+ String curStatus = certRecord.getStatus();
-+ CMS.debug("revokeAuthority: current cert status: " + curStatus);
-+ if (curStatus.equals(CertRecord.STATUS_REVOKED)
-+ || curStatus.equals(CertRecord.STATUS_REVOKED_EXPIRED)) {
-+ return; // already revoked
-+ }
-+
-+ CMS.debug("revokeAuthority: revoking cert");
-+ RevocationProcessor processor = new RevocationProcessor(
-+ "CertificateAuthority.revokeAuthority", httpReq.getLocale());
-+ processor.setSerialNumber(new CertId(authoritySerial));
-+ processor.setRevocationReason(RevocationReason.UNSPECIFIED);
-+ processor.setAuthority(this);
-+ try {
-+ processor.createCRLExtension();
-+ } catch (IOException e) {
-+ throw new ECAException("Unable to create CRL extensions", e);
-+ }
-+ processor.addCertificateToRevoke(mCaCert);
-+ processor.createRevocationRequest();
-+ processor.auditChangeRequest(ILogger.SUCCESS);
-+ processor.processRevocationRequest();
-+ processor.auditChangeRequestProcessed(ILogger.SUCCESS);
-+ }
-+
- /** Delete keys and certs of this authority from NSSDB.
- */
- private void deleteAuthorityNSSDB() throws ECAException {
-+ if (isHostAuthority()) {
-+ String msg = "Attempt to delete host authority signing key; not proceeding";
-+ log(ILogger.LL_WARN, msg);
-+ CMS.debug(msg);
-+ return;
-+ }
-+
- CryptoManager cryptoManager;
- try {
- cryptoManager = CryptoManager.getInstance();
-@@ -3177,24 +3244,6 @@ public class CertificateAuthority
- AuthorityID aid = new AuthorityID((String)
- aidAttr.getStringValues().nextElement());
-
-- LDAPAttribute entryUSN = entry.getAttribute("entryUSN");
-- if (entryUSN == null) {
-- log(ILogger.LL_FAILURE, "Authority entry has no entryUSN. " +
-- "This is likely because the USN plugin is not enabled in the database");
-- return;
-- }
--
-- Integer newEntryUSN = new Integer(entryUSN.getStringValueArray()[0]);
-- CMS.debug("readAuthority: new entryUSN = " + newEntryUSN);
-- Integer knownEntryUSN = entryUSNs.get(aid);
-- if (knownEntryUSN != null) {
-- CMS.debug("readAuthority: known entryUSN = " + knownEntryUSN);
-- if (newEntryUSN <= knownEntryUSN) {
-- CMS.debug("readAuthority: data is current");
-- return;
-- }
-- }
--
- X500Name dn = null;
- try {
- dn = new X500Name((String) dnAttr.getStringValues().nextElement());
-@@ -3207,7 +3256,13 @@ public class CertificateAuthority
- if (descAttr != null)
- desc = (String) descAttr.getStringValues().nextElement();
-
-- if (dn.equals(mName)) {
-+ /* Determine if it is the host authority's entry, by
-+ * comparing DNs. DNs must be serialised in case different
-+ * encodings are used for AVA values, e.g. PrintableString
-+ * from LDAP vs UTF8String in certificate.
-+ */
-+ if (dn.toString().equals(mName.toString())) {
-+ CMS.debug("Found host authority");
- foundHostAuthority = true;
- this.authorityID = aid;
- this.authorityDescription = desc;
-@@ -3215,6 +3270,36 @@ public class CertificateAuthority
- return;
- }
-
-+ Integer newEntryUSN = null;
-+ LDAPAttribute entryUSNAttr = entry.getAttribute("entryUSN");
-+ if (entryUSNAttr == null) {
-+ CMS.debug("readAuthority: no entryUSN");
-+ if (!entryUSNPluginEnabled()) {
-+ CMS.debug("readAuthority: dirsrv USN plugin is not enabled; skipping entry");
-+ log(ILogger.LL_FAILURE, "Lightweight authority entry has no"
-+ + " entryUSN attribute and USN plugin not enabled;"
-+ + " skipping. Enable dirsrv USN plugin.");
-+ return;
-+ } else {
-+ CMS.debug("readAuthority: dirsrv USN plugin is enabled; continuing");
-+ // entryUSN plugin is enabled, but no entryUSN attribute. We
-+ // can proceed because future modifications will result in the
-+ // entryUSN attribute being added.
-+ }
-+ } else {
-+ newEntryUSN = new Integer(entryUSNAttr.getStringValueArray()[0]);
-+ CMS.debug("readAuthority: new entryUSN = " + newEntryUSN);
-+ }
-+
-+ Integer knownEntryUSN = entryUSNs.get(aid);
-+ if (newEntryUSN != null && knownEntryUSN != null) {
-+ CMS.debug("readAuthority: known entryUSN = " + knownEntryUSN);
-+ if (newEntryUSN <= knownEntryUSN) {
-+ CMS.debug("readAuthority: data is current");
-+ return;
-+ }
-+ }
-+
- @SuppressWarnings("unused")
- X500Name parentDN = null;
- if (parentDNAttr != null) {
-diff --git a/base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java b/base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java
-index a1b7748..736d870 100644
---- a/base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java
-+++ b/base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java
-@@ -20,16 +20,11 @@ package com.netscape.ca;
-
- import java.io.IOException;
- import java.io.InputStream;
--import java.lang.Process;
--import java.lang.ProcessBuilder;
- import java.util.Collection;
- import java.util.Stack;
-
--import org.apache.commons.io.IOUtils;
--import org.apache.commons.lang.ArrayUtils;
--
--import org.codehaus.jackson.map.ObjectMapper;
- import org.codehaus.jackson.JsonNode;
-+import org.codehaus.jackson.map.ObjectMapper;
-
- import com.netscape.certsrv.apps.CMS;
- import com.netscape.certsrv.base.EBaseException;
-diff --git a/base/ca/src/com/netscape/ca/SigningUnit.java b/base/ca/src/com/netscape/ca/SigningUnit.java
-index f708e55..405f20c 100644
---- a/base/ca/src/com/netscape/ca/SigningUnit.java
-+++ b/base/ca/src/com/netscape/ca/SigningUnit.java
-@@ -171,6 +171,7 @@ public final class SigningUnit implements ISigningUnit {
- mCert = mManager.findCertByNickname(mNickname);
- CMS.debug("Found cert by nickname: '" + mNickname + "' with serial number: " + mCert.getSerialNumber());
- } catch (ObjectNotFoundException e) {
-+ CMS.debug("Unable to find certificate " + mNickname);
- throw new CAMissingCertException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"), e);
- }
-
-@@ -181,6 +182,7 @@ public final class SigningUnit implements ISigningUnit {
- mPrivk = mManager.findPrivKeyByCert(mCert);
- CMS.debug("Got private key from cert");
- } catch (ObjectNotFoundException e) {
-+ CMS.debug("Unable to find private key for " + mNickname);
- throw new CAMissingKeyException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"), e);
- }
-
-@@ -257,16 +259,16 @@ public final class SigningUnit implements ISigningUnit {
- } catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
- throw new ECAException(
-- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
-+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname), e);
- } catch (TokenException e) {
- // from get signature context or from initSign
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
- throw new ECAException(
-- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
-+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname), e);
- } catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
- throw new ECAException(
-- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED_FOR_KEY", algname));
-+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED_FOR_KEY", algname), e);
- }
- }
-
-@@ -311,21 +313,21 @@ public final class SigningUnit implements ISigningUnit {
- } catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
- throw new ECAException(
-- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
-+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname), e);
- } catch (TokenException e) {
- // from get signature context or from initSign
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
- // XXX fix this exception later.
-- throw new EBaseException(e.toString());
-+ throw new EBaseException(e);
- } catch (InvalidKeyException e) {
- // XXX fix this exception later.
-- throw new EBaseException(e.toString());
-+ throw new EBaseException(e);
- } catch (SignatureException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
- CMS.debug("SigningUnit.sign: " + e.toString());
- CMS.checkForAndAutoShutdown();
- // XXX fix this exception later.
-- throw new EBaseException(e.toString());
-+ throw new EBaseException(e);
- }
- }
-
-@@ -351,21 +353,21 @@ public final class SigningUnit implements ISigningUnit {
- } catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
- // XXX fix this exception later.
-- throw new EBaseException(e.toString());
-+ throw new EBaseException(e);
- } catch (TokenException e) {
- // from get signature context or from initSign
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
- // XXX fix this exception later.
-- throw new EBaseException(e.toString());
-+ throw new EBaseException(e);
- } catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
- // XXX fix this exception later.
-- throw new EBaseException(e.toString());
-+ throw new EBaseException(e);
- } catch (SignatureException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
- CMS.checkForAndAutoShutdown();
- // XXX fix this exception later.
-- throw new EBaseException(e.toString());
-+ throw new EBaseException(e);
- }
- }
-
-@@ -410,7 +412,7 @@ public final class SigningUnit implements ISigningUnit {
- String msg = "Invalid encoding in CA signing key.";
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", msg));
-- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
-+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg), e);
- }
-
- if (key.getAlgorithmId().getOID().equals(AlgorithmId.DSA_oid)) {
-diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java b/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
-index 246a3f0..584ab6e 100644
---- a/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
-+++ b/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
-@@ -329,7 +329,7 @@ public class AuthorityService extends PKIService implements AuthorityResource {
- Map<String, String> auditParams = new LinkedHashMap<>();
-
- try {
-- ca.deleteAuthority();
-+ ca.deleteAuthority(servletRequest);
- audit(ILogger.SUCCESS, OpDef.OP_DELETE, aidString, null);
- return createNoContentResponse();
- } catch (CATypeException e) {
-diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py
-index ed45654..c044ba1 100644
---- a/base/common/python/pki/nssdb.py
-+++ b/base/common/python/pki/nssdb.py
-@@ -105,7 +105,11 @@ class NSSDatabase(object):
- directory = os.path.join(os.path.expanduser("~"), '.dogtag', 'nssdb')
-
- self.directory = directory
-- self.token = token
-+
-+ if token == 'internal' or token == 'Internal Key Storage Token':
-+ self.token = None
-+ else:
-+ self.token = token
-
- self.tmpdir = tempfile.mkdtemp()
-
-@@ -233,7 +237,7 @@ class NSSDatabase(object):
-
- if basic_constraints_ext:
-
-- cmd.extend(['-2', hash_alg])
-+ cmd.extend(['-2'])
-
- # Is this a CA certificate [y/N]?
More information about the Pkg-freeipa-devel
mailing list