[Pkg-freeipa-devel] dogtag-pki: Changes to 'master'

Timo Aaltonen tjaalton at moszumanska.debian.org
Wed Feb 15 09:08:40 UTC 2017


 CMakeLists.txt                                                                     |    1 
 base/ca/shared/conf/logging.properties                                             |   70 
 base/ca/src/CMakeLists.txt                                                         |    4 
 base/ca/src/com/netscape/ca/CertificateAuthority.java                              |  131 
 base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java                       |    7 
 base/ca/src/com/netscape/ca/SigningUnit.java                                       |   26 
 base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java                     |    2 
 base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java                   |   50 
 base/common/man/man5/pki-logging.5                                                 |   94 
 base/common/python/pki/nssdb.py                                                    |   64 
 base/common/share/etc/logging.properties                                           |    3 
 base/common/src/CMakeLists.txt                                                     |    4 
 base/common/src/com/netscape/certsrv/account/AccountInfo.java                      |    8 
 base/common/src/com/netscape/certsrv/apps/CMS.java                                 |    5 
 base/common/src/com/netscape/certsrv/apps/ICMSEngine.java                          |    8 
 base/common/src/com/netscape/certsrv/base/ResourceMessage.java                     |   11 
 base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java                 |    2 
 base/common/src/com/netscape/certsrv/client/PKIConnection.java                     |    8 
 base/common/src/com/netscape/certsrv/client/SubsystemClient.java                   |   26 
 base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java              |    6 
 base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java                 |    3 
 base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java             |    4 
 base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java              |   32 
 base/common/src/org/dogtagpki/tps/apdu/APDU.java                                   |    3 
 base/common/src/org/dogtagpki/tps/apdu/GetLifecycleAPDU.java                       |   35 
 base/console/src/CMakeLists.txt                                                    |    5 
 base/java-tools/man/man1/CMCEnroll.1                                               |  570 +
 base/java-tools/man/man1/pki-cert.1                                                |    5 
 base/java-tools/man/man1/pki-pkcs12-cert.1                                         |  122 
 base/java-tools/man/man1/pki-pkcs12-key.1                                          |   76 
 base/java-tools/man/man1/pki-pkcs12.1                                              |  114 
 base/java-tools/src/CMakeLists.txt                                                 |    4 
 base/java-tools/src/com/netscape/cmstools/CMCEnroll.java                           |   13 
 base/java-tools/src/com/netscape/cmstools/CMCRequest.java                          |    4 
 base/java-tools/src/com/netscape/cmstools/CMCRevoke.java                           |   11 
 base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java                       |    8 
 base/java-tools/src/com/netscape/cmstools/HttpClient.java                          |    2 
 base/java-tools/src/com/netscape/cmstools/PKCS10Client.java                        |   11 
 base/javadoc/CMakeLists.txt                                                        |    1 
 base/kra/shared/conf/logging.properties                                            |   70 
 base/kra/src/CMakeLists.txt                                                        |    4 
 base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java                     |   30 
 base/ocsp/shared/conf/logging.properties                                           |   70 
 base/ocsp/src/CMakeLists.txt                                                       |    4 
 base/ocsp/src/com/netscape/ocsp/SigningUnit.java                                   |   44 
 base/server/cms/src/CMakeLists.txt                                                 |    4 
 base/server/cms/src/com/netscape/cms/authentication/UserPwdDirAuthentication.java  |    2 
 base/server/cms/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java   |   22 
 base/server/cms/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java      |   22 
 base/server/cms/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java |   22 
 base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java |    2 
 base/server/cms/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java      |   11 
 base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestDAO.java              |   17 
 base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestInfoFactory.java      |   15 
 base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java                 |   15 
 base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java               |    2 
 base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java       |   73 
 base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java             |   21 
 base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java        |    3 
 base/server/cms/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java     |    1 
 base/server/cms/src/com/netscape/cms/servlet/request/QueryReq.java                 |    6 
 base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java        |    4 
 base/server/cms/src/org/dogtagpki/server/rest/AccountService.java                  |   46 
 base/server/cms/src/org/dogtagpki/server/rest/SelfTestService.java                 |    2 
 base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java             |   11 
 base/server/cms/src/org/dogtagpki/server/rest/UserService.java                     |    2 
 base/server/cmsbundle/src/LogMessages.properties                                   |    2 
 base/server/cmscore/src/CMakeLists.txt                                             |    4 
 base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java                   |   15 
 base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java      |    2 
 base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java     |    8 
 base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java |  117 
 base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java        |  211 
 base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java     |   13 
 base/server/cmscore/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java      |   18 
 base/server/etc/default.cfg                                                        |   54 
 base/server/man/man5/pki-server-logging.5                                          |  191 
 base/server/man/man5/pki_default.cfg.5                                             |    2 
 base/server/python/pki/server/__init__.py                                          |    3 
 base/server/python/pki/server/cli/subsystem.py                                     |   74 
 base/server/python/pki/server/deployment/pkihelper.py                              |   16 
 base/server/python/pki/server/deployment/pkiparser.py                              |   33 
 base/server/python/pki/server/deployment/scriptlets/instance_layout.py             |   23 
 base/server/sbin/pki-server-nuxwdog                                                |   12 
 base/server/share/conf/log4j.properties                                            |   45 
 base/server/share/conf/logging.properties                                          |   24 
 base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java                |    5 
 base/server/upgrade/10.3.5/02-FixDeploymentDescriptor                              |  110 
 base/server/upgrade/10.3.5/02-FixSELinuxContexts                                   |   36 
 base/server/upgrade/10.3.5/03-UpdateAJPLoopbackAddress                             |   62 
 base/symkey/src/CMakeLists.txt                                                     |    4 
 base/symkey/src/com/netscape/symkey/CMakeLists.txt                                 |    2 
 base/tks/shared/conf/logging.properties                                            |   70 
 base/tks/src/CMakeLists.txt                                                        |    4 
 base/tps-client/src/CMakeLists.txt                                                 |    1 
 base/tps-client/src/apdu/Get_Lifecycle_APDU.cpp                                    |   41 
 base/tps-client/src/include/apdu/APDU.h                                            |    3 
 base/tps-client/src/include/apdu/Get_Lifecycle_APDU.h                              |   58 
 base/tps-client/src/main/ConfigStore.cpp                                           |    2 
 base/tps-client/src/main/RollingLogFile.cpp                                        |    2 
 base/tps-client/tools/raclient/RA_Conn.cpp                                         |   14 
 base/tps-client/tools/raclient/RA_Token.cpp                                        |    4 
 base/tps/shared/conf/CS.cfg                                                        |   36 
 base/tps/shared/conf/logging.properties                                            |   70 
 base/tps/shared/webapps/tps/js/profile.js                                          |   85 
 base/tps/shared/webapps/tps/js/tps.js                                              |  132 
 base/tps/shared/webapps/tps/ui/index.html                                          |   60 
 base/tps/shared/webapps/tps/ui/user-certs.html                                     |    2 
 base/tps/src/CMakeLists.txt                                                        |    4 
 base/tps/src/org/dogtagpki/server/tps/TPSAccountService.java                       |   80 
 base/tps/src/org/dogtagpki/server/tps/TPSTokenPolicy.java                          |    8 
 base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java                              |  109 
 base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java              |   48 
 base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java             |   45 
 base/tps/src/org/dogtagpki/server/tps/dbs/TokenCertStatus.java                     |   43 
 base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java                        |   15 
 base/tps/src/org/dogtagpki/server/tps/main/ExternalRegAttrs.java                   |   35 
 base/tps/src/org/dogtagpki/server/tps/main/ExternalRegCertToRecover.java           |   27 
 base/tps/src/org/dogtagpki/server/tps/main/PKCS11Obj.java                          |    3 
 base/tps/src/org/dogtagpki/server/tps/processor/EnrolledCertsInfo.java             |   32 
 base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java            |  337 
 base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java          |   34 
 base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java                  |   54 
 base/tps/src/org/dogtagpki/server/tps/rest/TPSApplication.java                     |    4 
 base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java                |    2 
 base/util/src/CMakeLists.txt                                                       |    8 
 base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java                          |   23 
 base/util/src/netscape/security/pkcs/PKCS12.java                                   |    6 
 base/util/src/netscape/security/x509/AlgorithmId.java                              |   41 
 debian/changelog                                                                   |   10 
 debian/control                                                                     |    2 
 debian/patches/series                                                              |    2 
 debian/patches/sync-rpm-10.3.5-7.diff                                              | 3687 ----------
 debian/patches/use-resteasy-legacy.diff                                            |  357 
 specs/pki-console.spec                                                             |   10 
 specs/pki-core.spec                                                                |  364 
 136 files changed, 4095 insertions(+), 5043 deletions(-)

New commits:
commit 8f581e0968d37191d88aec9483857c3dfc4d0670
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Wed Feb 15 11:06:59 2017 +0200

    releasing package dogtag-pki version 10.3.5+12-1

diff --git a/debian/changelog b/debian/changelog
index 3bbcda4..1cb5253 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-dogtag-pki (10.3.5+12-1) UNRELEASED; urgency=medium
+dogtag-pki (10.3.5+12-1) unstable; urgency=medium
 
   * New upstream snapshot. Version number is derived from the Fedora
     release, 10.3.5+12 maps to pki-core 10.3.5-12 on Fedora.
@@ -6,7 +6,7 @@ dogtag-pki (10.3.5+12-1) UNRELEASED; urgency=medium
   * use-resteasy-legacy.diff, control: Port to resteasy 3.1.0-2 which
     ships resteasy-legacy.jar. (LP: #1664457)
 
- -- Timo Aaltonen <tjaalton at debian.org>  Wed, 15 Feb 2017 09:53:23 +0200
+ -- Timo Aaltonen <tjaalton at debian.org>  Wed, 15 Feb 2017 11:06:47 +0200
 
 dogtag-pki (10.3.5-7) unstable; urgency=medium
 

commit d53747700a49d855cd7cc5147401098d44d7852d
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Wed Feb 15 11:06:23 2017 +0200

    use-resteasy-legacy.diff, control: Port to resteasy 3.1.0-2 which ships resteasy-legacy.jar. (LP: #1664457)

diff --git a/debian/changelog b/debian/changelog
index d251248..3bbcda4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ dogtag-pki (10.3.5+12-1) UNRELEASED; urgency=medium
   * New upstream snapshot. Version number is derived from the Fedora
     release, 10.3.5+12 maps to pki-core 10.3.5-12 on Fedora.
   * sync-rpm-10.3.5-7.diff: Dropped.
+  * use-resteasy-legacy.diff, control: Port to resteasy 3.1.0-2 which
+    ships resteasy-legacy.jar. (LP: #1664457)
 
  -- Timo Aaltonen <tjaalton at debian.org>  Wed, 15 Feb 2017 09:53:23 +0200
 
diff --git a/debian/control b/debian/control
index 046061d..c37ea43 100644
--- a/debian/control
+++ b/debian/control
@@ -25,7 +25,7 @@ Build-Depends:
  libnspr4-dev,
  libnss3-dev,
  libnuxwdog-java,
- libresteasy-java,
+ libresteasy-java (>= 3.1.0-2),
  libservlet3.1-java,
  libsvrcore-dev,
  libtomcat8-java,
diff --git a/debian/patches/series b/debian/patches/series
index 1786c23..940bea5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,3 +12,4 @@ fix-cli-migrate.diff
 use-bash.diff
 fix-cve-2016-1240.diff
 create-target-wants.diff
+use-resteasy-legacy.diff
diff --git a/debian/patches/use-resteasy-legacy.diff b/debian/patches/use-resteasy-legacy.diff
new file mode 100644
index 0000000..b9dab5b
--- /dev/null
+++ b/debian/patches/use-resteasy-legacy.diff
@@ -0,0 +1,357 @@
+--- a/.classpath
++++ b/.classpath
+@@ -45,6 +45,7 @@
+ 	<classpathentry kind="lib" path="/usr/share/java/resteasy/resteasy-jaxb-provider.jar"/>
+ 	<classpathentry kind="lib" path="/usr/share/java/resteasy/resteasy-jaxrs.jar"/>
+ 	<classpathentry kind="lib" path="/usr/share/java/resteasy/resteasy-jackson-provider.jar"/>
++	<classpathentry kind="lib" path="/usr/share/java/resteasy/resteasy-legacy.jar"/>
+ 	<classpathentry kind="lib" path="/usr/share/java/scannotation.jar"/>
+ 	<classpathentry kind="lib" path="/usr/share/java/servlet.jar"/>
+ 	<classpathentry kind="lib" path="/usr/share/java/velocity.jar"/>
+--- a/base/common/CMakeLists.txt
++++ b/base/common/CMakeLists.txt
+@@ -46,6 +46,7 @@ add_custom_command(
+     COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/javax.ws.rs-api.jar lib/javax.ws.rs-api.jar
+     COMMAND ${CMAKE_COMMAND} -E create_symlink ${RESTEASY_LIB}/resteasy-jaxrs-jandex.jar lib/resteasy-jaxrs-jandex.jar
+     COMMAND ${CMAKE_COMMAND} -E create_symlink ${RESTEASY_LIB}/resteasy-jaxrs.jar lib/resteasy-jaxrs.jar
++    COMMAND ${CMAKE_COMMAND} -E create_symlink ${RESTEASY_LIB}/resteasy-legacy.jar lib/resteasy-legacy.jar
+     COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/servlet-api-3.1.jar lib/servlet.jar
+ )
+ 
+--- a/base/common/src/CMakeLists.txt
++++ b/base/common/src/CMakeLists.txt
+@@ -104,6 +104,13 @@ find_file(RESTEASY_CLIENT_JAR
+         ${RESTEASY_LIB}
+ )
+ 
++find_file(RESTEASY_LEGACY_JAR
++    NAMES
++        resteasy-legacy.jar
++    PATHS
++        ${RESTEASY_LIB}
++)
++
+ find_file(HTTPCLIENT_JAR
+     NAMES
+         httpclient.jar
+@@ -129,7 +136,7 @@ javac(pki-certsrv-classes
+         ${APACHE_COMMONS_LANG_JAR}
+         ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_JAR} ${SYMKEY_JAR}
+         ${JAXRS_API_JAR} ${RESTEASY_JAXRS_JAR} ${RESTEASY_ATOM_PROVIDER_JAR} ${RESTEASY_CLIENT_JAR}
+-        ${HTTPCLIENT_JAR} ${HTTPCORE_JAR}
++        ${RESTEASY_LEGACY_JAR} ${HTTPCLIENT_JAR} ${HTTPCORE_JAR}
+     OUTPUT_DIR
+         ${CMAKE_CURRENT_BINARY_DIR}/classes
+     DEPENDS
+diff --git a/base/common/src/com/netscape/certsrv/account/AccountResource.java b/base/common/src/com/netscape/certsrv/account/AccountResource.java
+index 95440cf..46edfdf 100644
+--- a/base/common/src/com/netscape/certsrv/account/AccountResource.java
++++ b/base/common/src/com/netscape/certsrv/account/AccountResource.java
+@@ -22,7 +22,7 @@ import javax.ws.rs.GET;
+ import javax.ws.rs.Path;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
+index 0f8b70a..1429ae5 100644
+--- a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
++++ b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
+@@ -9,7 +9,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.Produces;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
+index 493f6f5..d8a10a2 100644
+--- a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
++++ b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
+@@ -24,7 +24,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/cert/CertResource.java b/base/common/src/com/netscape/certsrv/cert/CertResource.java
+index 9d6a7c8..267ba52 100644
+--- a/base/common/src/com/netscape/certsrv/cert/CertResource.java
++++ b/base/common/src/com/netscape/certsrv/cert/CertResource.java
+@@ -7,7 +7,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/group/GroupResource.java b/base/common/src/com/netscape/certsrv/group/GroupResource.java
+index 27fa90b..f04eaa7 100644
+--- a/base/common/src/com/netscape/certsrv/group/GroupResource.java
++++ b/base/common/src/com/netscape/certsrv/group/GroupResource.java
+@@ -26,7 +26,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
+index 26ab990..938c494 100644
+--- a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
++++ b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java
+@@ -10,7 +10,7 @@ import javax.ws.rs.core.MediaType;
+ import javax.ws.rs.core.MultivaluedMap;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/key/KeyResource.java b/base/common/src/com/netscape/certsrv/key/KeyResource.java
+index 71a3556..211ed6e 100644
+--- a/base/common/src/com/netscape/certsrv/key/KeyResource.java
++++ b/base/common/src/com/netscape/certsrv/key/KeyResource.java
+@@ -10,7 +10,7 @@ import javax.ws.rs.core.MediaType;
+ import javax.ws.rs.core.MultivaluedMap;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/logging/ActivityResource.java b/base/common/src/com/netscape/certsrv/logging/ActivityResource.java
+index 3e0a050..d3db3bc 100644
+--- a/base/common/src/com/netscape/certsrv/logging/ActivityResource.java
++++ b/base/common/src/com/netscape/certsrv/logging/ActivityResource.java
+@@ -23,7 +23,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ 
+ /**
+diff --git a/base/common/src/com/netscape/certsrv/logging/AuditResource.java b/base/common/src/com/netscape/certsrv/logging/AuditResource.java
+index 9b14986..607c0cc 100644
+--- a/base/common/src/com/netscape/certsrv/logging/AuditResource.java
++++ b/base/common/src/com/netscape/certsrv/logging/AuditResource.java
+@@ -23,7 +23,7 @@ import javax.ws.rs.Path;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/profile/ProfileResource.java b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java
+index 410f98a..37fa524 100644
+--- a/base/common/src/com/netscape/certsrv/profile/ProfileResource.java
++++ b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java
+@@ -9,7 +9,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/selftests/SelfTestResource.java b/base/common/src/com/netscape/certsrv/selftests/SelfTestResource.java
+index 2238beb..101d595 100644
+--- a/base/common/src/com/netscape/certsrv/selftests/SelfTestResource.java
++++ b/base/common/src/com/netscape/certsrv/selftests/SelfTestResource.java
+@@ -24,7 +24,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/system/FeatureResource.java b/base/common/src/com/netscape/certsrv/system/FeatureResource.java
+index 16413f7..47f441b 100644
+--- a/base/common/src/com/netscape/certsrv/system/FeatureResource.java
++++ b/base/common/src/com/netscape/certsrv/system/FeatureResource.java
+@@ -22,7 +22,7 @@ import javax.ws.rs.Path;
+ import javax.ws.rs.PathParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ /**
+  * @author alee
+diff --git a/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java b/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java
+index cf52c66..5f88c4b 100644
+--- a/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java
++++ b/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java
+@@ -23,7 +23,7 @@ import javax.ws.rs.Path;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java b/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java
+index 7ad8755..85d784e 100644
+--- a/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java
++++ b/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java
+@@ -22,7 +22,7 @@ import javax.ws.rs.Path;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/system/SystemCertResource.java b/base/common/src/com/netscape/certsrv/system/SystemCertResource.java
+index 3a9d6e1..b8886ee 100644
+--- a/base/common/src/com/netscape/certsrv/system/SystemCertResource.java
++++ b/base/common/src/com/netscape/certsrv/system/SystemCertResource.java
+@@ -4,7 +4,7 @@ import javax.ws.rs.GET;
+ import javax.ws.rs.Path;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.cert.CertData;
+ 
+diff --git a/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java b/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java
+index af440d3..c6fa0e2 100644
+--- a/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java
++++ b/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java
+@@ -26,7 +26,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java b/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java
+index c94dd8a..f639ad1 100644
+--- a/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java
+@@ -25,7 +25,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/cert/TPSCertResource.java b/base/common/src/com/netscape/certsrv/tps/cert/TPSCertResource.java
+index 90deaaa..d7a07d9 100644
+--- a/base/common/src/com/netscape/certsrv/tps/cert/TPSCertResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/cert/TPSCertResource.java
+@@ -23,7 +23,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ 
+ /**
+diff --git a/base/common/src/com/netscape/certsrv/tps/config/ConfigResource.java b/base/common/src/com/netscape/certsrv/tps/config/ConfigResource.java
+index 1461b06..bae3022 100644
+--- a/base/common/src/com/netscape/certsrv/tps/config/ConfigResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/config/ConfigResource.java
+@@ -21,7 +21,7 @@ import javax.ws.rs.GET;
+ import javax.ws.rs.Path;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java b/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java
+index bede85c..e7a38be 100644
+--- a/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java
+@@ -25,7 +25,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java b/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java
+index 0308615..dc1c2b8 100644
+--- a/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java
+@@ -25,7 +25,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java b/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java
+index 8f0ebd0..f80cb0e 100644
+--- a/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java
+@@ -25,7 +25,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java b/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java
+index c37b027..c454c90 100644
+--- a/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java
++++ b/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java
+@@ -26,7 +26,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;
+diff --git a/base/common/src/com/netscape/certsrv/user/UserResource.java b/base/common/src/com/netscape/certsrv/user/UserResource.java
+index 8668221..4a957b5 100644
+--- a/base/common/src/com/netscape/certsrv/user/UserResource.java
++++ b/base/common/src/com/netscape/certsrv/user/UserResource.java
+@@ -27,7 +27,7 @@ import javax.ws.rs.PathParam;
+ import javax.ws.rs.QueryParam;
+ import javax.ws.rs.core.Response;
+ 
+-import org.jboss.resteasy.annotations.ClientResponseType;
++import org.jboss.resteasy.annotations.legacy.ClientResponseType;
+ 
+ import com.netscape.certsrv.acls.ACLMapping;
+ import com.netscape.certsrv.authentication.AuthMethodMapping;

commit 6f9fb1ad6f1e17b50d70942b1565ce64fabdef71
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Wed Feb 15 10:30:02 2017 +0200

    sync-rpm-10.3.5-7.diff: Dropped.

diff --git a/debian/changelog b/debian/changelog
index c380961..d251248 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ dogtag-pki (10.3.5+12-1) UNRELEASED; urgency=medium
 
   * New upstream snapshot. Version number is derived from the Fedora
     release, 10.3.5+12 maps to pki-core 10.3.5-12 on Fedora.
+  * sync-rpm-10.3.5-7.diff: Dropped.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Wed, 15 Feb 2017 09:53:23 +0200
 
diff --git a/debian/patches/series b/debian/patches/series
index 6016342..1786c23 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,5 +11,4 @@ use-root-homedir.diff
 fix-cli-migrate.diff
 use-bash.diff
 fix-cve-2016-1240.diff
-sync-rpm-10.3.5-7.diff
 create-target-wants.diff
diff --git a/debian/patches/sync-rpm-10.3.5-7.diff b/debian/patches/sync-rpm-10.3.5-7.diff
deleted file mode 100644
index 660c0b8..0000000
--- a/debian/patches/sync-rpm-10.3.5-7.diff
+++ /dev/null
@@ -1,3687 +0,0 @@
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index c746056..457e144 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -54,7 +54,6 @@ macro_ensure_out_of_source_build("${PROJECT_NAME} requires an out of source buil
- include(MacroCopyFile)
- include(Java)
- 
--file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/classes)
- file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/dist)
- 
- # required for all PKI components
-diff --git a/base/ca/src/CMakeLists.txt b/base/ca/src/CMakeLists.txt
-index 854ce28..e612d72 100644
---- a/base/ca/src/CMakeLists.txt
-+++ b/base/ca/src/CMakeLists.txt
-@@ -96,7 +96,7 @@ javac(pki-ca-classes
-         ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
-         ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
-     OUTPUT_DIR
--        ${CMAKE_BINARY_DIR}/classes
-+        ${CMAKE_CURRENT_BINARY_DIR}/classes
-     DEPENDS
-         symkey-jar pki-nsutil-jar pki-cmsutil-jar pki-certsrv-jar pki-cms-jar pki-cmscore-jar
- )
-@@ -114,7 +114,7 @@ jar(pki-ca-jar
-     PARAMS
-         ${CMAKE_CURRENT_BINARY_DIR}/pki-ca.mf
-     INPUT_DIR
--        ${CMAKE_BINARY_DIR}/classes
-+        ${CMAKE_CURRENT_BINARY_DIR}/classes
-     FILES
-         com/netscape/ca/*.class
-         org/dogtagpki/server/ca/*.class
-diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
-index a5397da..ae90d3a 100644
---- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
-+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
-@@ -124,6 +124,7 @@ import com.netscape.certsrv.util.IStatsSubsystem;
- import com.netscape.cms.servlet.cert.CertEnrollmentRequestFactory;
- import com.netscape.cms.servlet.cert.EnrollmentProcessor;
- import com.netscape.cms.servlet.cert.RenewalProcessor;
-+import com.netscape.cms.servlet.cert.RevocationProcessor;
- import com.netscape.cms.servlet.processors.CAProcessor;
- import com.netscape.cmscore.base.ArgBlock;
- import com.netscape.cmscore.dbs.CRLRepository;
-@@ -178,6 +179,7 @@ import netscape.security.x509.CertificateChain;
- import netscape.security.x509.CertificateIssuerName;
- import netscape.security.x509.CertificateSubjectName;
- import netscape.security.x509.CertificateVersion;
-+import netscape.security.x509.RevocationReason;
- import netscape.security.x509.X500Name;
- import netscape.security.x509.X500Signer;
- import netscape.security.x509.X509CRLImpl;
-@@ -677,6 +679,24 @@ public class CertificateAuthority
-         }
-     }
- 
-+    private boolean entryUSNPluginEnabled() {
-+        try {
-+            LDAPConnection conn = dbFactory.getConn();
-+            try {
-+                LDAPSearchResults results = conn.search(
-+                    "cn=usn,cn=plugins,cn=config", LDAPConnection.SCOPE_BASE,
-+                    "(nsslapd-pluginEnabled=on)", null, false);
-+                return results != null && results.hasMoreElements();
-+            } catch (LDAPException e) {
-+                return false;
-+            } finally {
-+                dbFactory.returnConn(conn);
-+            }
-+        } catch (ELdapException e) {
-+            return false;  // oh well
-+        }
-+    }
-+
-     private void initCRLPublisher() throws EBaseException {
-         // instantiate CRL publisher
-         if (!isHostAuthority()) {
-@@ -1549,7 +1569,12 @@ public class CertificateAuthority
-                 CMS.debug("CA signing key and cert not (yet) present in NSSDB");
-                 signingUnitException = e;
-                 if (retrieveKeys == true) {
--                    if (!keyRetrieverThreads.containsKey(authorityID)) {
-+                    if (authorityID == null) {
-+                        // Only the host authority should ever see a
-+                        // null authorityID, e.g. during two-step
-+                        // installation of externally-signed CA.
-+                        CMS.debug("null authorityID -> host authority; not starting KeyRetriever");
-+                    } else if (!keyRetrieverThreads.containsKey(authorityID)) {
-                         CMS.debug("Starting KeyRetrieverRunner thread");
-                         Thread t = new Thread(
-                             new KeyRetrieverRunner(authorityID, mNickname, authorityKeyHosts),
-@@ -2964,7 +2989,8 @@ public class CertificateAuthority
-         authorityKeyHosts.add(thisClone);
-     }
- 
--    public synchronized void deleteAuthority() throws EBaseException {
-+    public synchronized void deleteAuthority(HttpServletRequest httpReq)
-+            throws EBaseException {
-         if (isHostAuthority())
-             throw new CATypeException("Cannot delete the host CA");
- 
-@@ -2984,13 +3010,54 @@ public class CertificateAuthority
- 
-         shutdown();
- 
-+        revokeAuthority(httpReq);
-         deleteAuthorityEntry(authorityID);
-         deleteAuthorityNSSDB();
-     }
- 
-+    /** Revoke the authority's certificate
-+     *
-+     * TODO: revocation reason, invalidity date parameters
-+     */
-+    private void revokeAuthority(HttpServletRequest httpReq)
-+            throws EBaseException {
-+        CMS.debug("revokeAuthority: checking serial " + authoritySerial);
-+        ICertRecord certRecord = mCertRepot.readCertificateRecord(authoritySerial);
-+        String curStatus = certRecord.getStatus();
-+        CMS.debug("revokeAuthority: current cert status: " + curStatus);
-+        if (curStatus.equals(CertRecord.STATUS_REVOKED)
-+                || curStatus.equals(CertRecord.STATUS_REVOKED_EXPIRED)) {
-+            return;  // already revoked
-+        }
-+
-+        CMS.debug("revokeAuthority: revoking cert");
-+        RevocationProcessor processor = new RevocationProcessor(
-+                "CertificateAuthority.revokeAuthority", httpReq.getLocale());
-+        processor.setSerialNumber(new CertId(authoritySerial));
-+        processor.setRevocationReason(RevocationReason.UNSPECIFIED);
-+        processor.setAuthority(this);
-+        try {
-+            processor.createCRLExtension();
-+        } catch (IOException e) {
-+            throw new ECAException("Unable to create CRL extensions", e);
-+        }
-+        processor.addCertificateToRevoke(mCaCert);
-+        processor.createRevocationRequest();
-+        processor.auditChangeRequest(ILogger.SUCCESS);
-+        processor.processRevocationRequest();
-+        processor.auditChangeRequestProcessed(ILogger.SUCCESS);
-+    }
-+
-     /** Delete keys and certs of this authority from NSSDB.
-      */
-     private void deleteAuthorityNSSDB() throws ECAException {
-+        if (isHostAuthority()) {
-+            String msg = "Attempt to delete host authority signing key; not proceeding";
-+            log(ILogger.LL_WARN, msg);
-+            CMS.debug(msg);
-+            return;
-+        }
-+
-         CryptoManager cryptoManager;
-         try {
-             cryptoManager = CryptoManager.getInstance();
-@@ -3177,24 +3244,6 @@ public class CertificateAuthority
-         AuthorityID aid = new AuthorityID((String)
-             aidAttr.getStringValues().nextElement());
- 
--        LDAPAttribute entryUSN = entry.getAttribute("entryUSN");
--        if (entryUSN == null) {
--            log(ILogger.LL_FAILURE, "Authority entry has no entryUSN.  " +
--                "This is likely because the USN plugin is not enabled in the database");
--            return;
--        }
--
--        Integer newEntryUSN = new Integer(entryUSN.getStringValueArray()[0]);
--        CMS.debug("readAuthority: new entryUSN = " + newEntryUSN);
--        Integer knownEntryUSN = entryUSNs.get(aid);
--        if (knownEntryUSN != null) {
--            CMS.debug("readAuthority: known entryUSN = " + knownEntryUSN);
--            if (newEntryUSN <= knownEntryUSN) {
--                CMS.debug("readAuthority: data is current");
--                return;
--            }
--        }
--
-         X500Name dn = null;
-         try {
-             dn = new X500Name((String) dnAttr.getStringValues().nextElement());
-@@ -3207,7 +3256,13 @@ public class CertificateAuthority
-         if (descAttr != null)
-             desc = (String) descAttr.getStringValues().nextElement();
- 
--        if (dn.equals(mName)) {
-+        /* Determine if it is the host authority's entry, by
-+         * comparing DNs.  DNs must be serialised in case different
-+         * encodings are used for AVA values, e.g. PrintableString
-+         * from LDAP vs UTF8String in certificate.
-+         */
-+        if (dn.toString().equals(mName.toString())) {
-+            CMS.debug("Found host authority");
-             foundHostAuthority = true;
-             this.authorityID = aid;
-             this.authorityDescription = desc;
-@@ -3215,6 +3270,36 @@ public class CertificateAuthority
-             return;
-         }
- 
-+        Integer newEntryUSN = null;
-+        LDAPAttribute entryUSNAttr = entry.getAttribute("entryUSN");
-+        if (entryUSNAttr == null) {
-+            CMS.debug("readAuthority: no entryUSN");
-+            if (!entryUSNPluginEnabled()) {
-+                CMS.debug("readAuthority: dirsrv USN plugin is not enabled; skipping entry");
-+                log(ILogger.LL_FAILURE, "Lightweight authority entry has no"
-+                        + " entryUSN attribute and USN plugin not enabled;"
-+                        + " skipping.  Enable dirsrv USN plugin.");
-+                return;
-+            } else {
-+                CMS.debug("readAuthority: dirsrv USN plugin is enabled; continuing");
-+                // entryUSN plugin is enabled, but no entryUSN attribute. We
-+                // can proceed because future modifications will result in the
-+                // entryUSN attribute being added.
-+            }
-+        } else {
-+            newEntryUSN = new Integer(entryUSNAttr.getStringValueArray()[0]);
-+            CMS.debug("readAuthority: new entryUSN = " + newEntryUSN);
-+        }
-+
-+        Integer knownEntryUSN = entryUSNs.get(aid);
-+        if (newEntryUSN != null && knownEntryUSN != null) {
-+            CMS.debug("readAuthority: known entryUSN = " + knownEntryUSN);
-+            if (newEntryUSN <= knownEntryUSN) {
-+                CMS.debug("readAuthority: data is current");
-+                return;
-+            }
-+        }
-+
-         @SuppressWarnings("unused")
-         X500Name parentDN = null;
-         if (parentDNAttr != null) {
-diff --git a/base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java b/base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java
-index a1b7748..736d870 100644
---- a/base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java
-+++ b/base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java
-@@ -20,16 +20,11 @@ package com.netscape.ca;
- 
- import java.io.IOException;
- import java.io.InputStream;
--import java.lang.Process;
--import java.lang.ProcessBuilder;
- import java.util.Collection;
- import java.util.Stack;
- 
--import org.apache.commons.io.IOUtils;
--import org.apache.commons.lang.ArrayUtils;
--
--import org.codehaus.jackson.map.ObjectMapper;
- import org.codehaus.jackson.JsonNode;
-+import org.codehaus.jackson.map.ObjectMapper;
- 
- import com.netscape.certsrv.apps.CMS;
- import com.netscape.certsrv.base.EBaseException;
-diff --git a/base/ca/src/com/netscape/ca/SigningUnit.java b/base/ca/src/com/netscape/ca/SigningUnit.java
-index f708e55..405f20c 100644
---- a/base/ca/src/com/netscape/ca/SigningUnit.java
-+++ b/base/ca/src/com/netscape/ca/SigningUnit.java
-@@ -171,6 +171,7 @@ public final class SigningUnit implements ISigningUnit {
-                 mCert = mManager.findCertByNickname(mNickname);
-                 CMS.debug("Found cert by nickname: '" + mNickname + "' with serial number: " + mCert.getSerialNumber());
-             } catch (ObjectNotFoundException e) {
-+                CMS.debug("Unable to find certificate " + mNickname);
-                 throw new CAMissingCertException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"), e);
-             }
- 
-@@ -181,6 +182,7 @@ public final class SigningUnit implements ISigningUnit {
-                 mPrivk = mManager.findPrivKeyByCert(mCert);
-                 CMS.debug("Got private key from cert");
-             } catch (ObjectNotFoundException e) {
-+                CMS.debug("Unable to find private key for " + mNickname);
-                 throw new CAMissingKeyException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"), e);
-             }
- 
-@@ -257,16 +259,16 @@ public final class SigningUnit implements ISigningUnit {
-         } catch (NoSuchAlgorithmException e) {
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
-             throw new ECAException(
--                    CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
-+                    CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname), e);
-         } catch (TokenException e) {
-             // from get signature context or from initSign
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
-             throw new ECAException(
--                    CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
-+                    CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname), e);
-         } catch (InvalidKeyException e) {
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
-             throw new ECAException(
--                    CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED_FOR_KEY", algname));
-+                    CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED_FOR_KEY", algname), e);
-         }
-     }
- 
-@@ -311,21 +313,21 @@ public final class SigningUnit implements ISigningUnit {
-         } catch (NoSuchAlgorithmException e) {
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-             throw new ECAException(
--                    CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
-+                    CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname), e);
-         } catch (TokenException e) {
-             // from get signature context or from initSign
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-             // XXX fix this exception later.
--            throw new EBaseException(e.toString());
-+            throw new EBaseException(e);
-         } catch (InvalidKeyException e) {
-             // XXX fix this exception later.
--            throw new EBaseException(e.toString());
-+            throw new EBaseException(e);
-         } catch (SignatureException e) {
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-             CMS.debug("SigningUnit.sign: " + e.toString());
-             CMS.checkForAndAutoShutdown();
-             // XXX fix this exception later.
--            throw new EBaseException(e.toString());
-+            throw new EBaseException(e);
-         }
-     }
- 
-@@ -351,21 +353,21 @@ public final class SigningUnit implements ISigningUnit {
-         } catch (NoSuchAlgorithmException e) {
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-             // XXX fix this exception later.
--            throw new EBaseException(e.toString());
-+            throw new EBaseException(e);
-         } catch (TokenException e) {
-             // from get signature context or from initSign
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-             // XXX fix this exception later.
--            throw new EBaseException(e.toString());
-+            throw new EBaseException(e);
-         } catch (InvalidKeyException e) {
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-             // XXX fix this exception later.
--            throw new EBaseException(e.toString());
-+            throw new EBaseException(e);
-         } catch (SignatureException e) {
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-             CMS.checkForAndAutoShutdown();
-             // XXX fix this exception later.
--            throw new EBaseException(e.toString());
-+            throw new EBaseException(e);
-         }
-     }
- 
-@@ -410,7 +412,7 @@ public final class SigningUnit implements ISigningUnit {
-             String msg = "Invalid encoding in CA signing key.";
- 
-             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", msg));
--            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
-+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg), e);
-         }
- 
-         if (key.getAlgorithmId().getOID().equals(AlgorithmId.DSA_oid)) {
-diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java b/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
-index 246a3f0..584ab6e 100644
---- a/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
-+++ b/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
-@@ -329,7 +329,7 @@ public class AuthorityService extends PKIService implements AuthorityResource {
-         Map<String, String> auditParams = new LinkedHashMap<>();
- 
-         try {
--            ca.deleteAuthority();
-+            ca.deleteAuthority(servletRequest);
-             audit(ILogger.SUCCESS, OpDef.OP_DELETE, aidString, null);
-             return createNoContentResponse();
-         } catch (CATypeException e) {
-diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py
-index ed45654..c044ba1 100644
---- a/base/common/python/pki/nssdb.py
-+++ b/base/common/python/pki/nssdb.py
-@@ -105,7 +105,11 @@ class NSSDatabase(object):
-             directory = os.path.join(os.path.expanduser("~"), '.dogtag', 'nssdb')
- 
-         self.directory = directory
--        self.token = token
-+
-+        if token == 'internal' or token == 'Internal Key Storage Token':
-+            self.token = None
-+        else:
-+            self.token = token
- 
-         self.tmpdir = tempfile.mkdtemp()
- 
-@@ -233,7 +237,7 @@ class NSSDatabase(object):
- 
-             if basic_constraints_ext:
- 
--                cmd.extend(['-2', hash_alg])
-+                cmd.extend(['-2'])
- 
-                 # Is this a CA certificate [y/N]?



More information about the Pkg-freeipa-devel mailing list