[Pkg-freeipa-devel] [Git][freeipa-team/tomcatjss][upstream] 145 commits: Initial import of tomcatjss

Timo Aaltonen gitlab at salsa.debian.org
Sat Aug 4 22:34:36 BST 2018 

Timo Aaltonen pushed to branch upstream at FreeIPA packaging / tomcatjss


Commits:
ba07cdfd by rcritten at 2007-03-05T22:48:08Z
Initial import of tomcatjss

- - - - -
6c0055e2 by nkwan at 2007-04-05T00:11:36Z
bugzilla #59448 - called into the new JSS for client auth

- - - - -
025817f8 by nkwan at 2007-04-05T01:17:48Z
called new JSS api for client authentication

- - - - -
537a163a by nkwan at 2007-04-20T20:05:13Z
added Solaris logic back to the spec file

- - - - -
54e0d5f2 by nkwan at 2007-04-20T20:57:38Z
bumped release number to 8 after updating the spec file with solaris logic

- - - - -
511aded5 by kmccarth at 2007-04-27T16:28:36Z
Port tomcatjss to RHEL5.  The build.xml now invokes tomcatjss.el5.spec.

- - - - -
4f202e68 by kmccarth at 2007-05-01T22:12:46Z
Bugzilla #236964: Create RHEL4 and RHEL5 build scripts.  Parameterize jss.home and specfile in build.xml

- - - - -
3c575519 by kmccarth at 2007-05-02T17:30:37Z
Bugzilla #236964.  Chain jss.home through the spec file for invocation of ant.

- - - - -
faef9e75 by kmccarth at 2007-05-02T18:09:06Z
Bugzilla #236964 fix to build properly on x86_64 arch.

- - - - -
9819756b by kmccarth at 2007-05-03T18:00:02Z
Bugzilla #236964 - Added more error checking for build scripts

- - - - -
f0fac919 by nkwan at 2007-05-31T00:48:51Z
added build_fc6

- - - - -
37e2b9f4 by nkwan at 2007-07-20T21:14:29Z
moved build and spec into the internal svn tree

- - - - -
0cb13b25 by nkwan at 2007-07-20T21:20:25Z
renamed build script to build_fedora

- - - - -
cfc0ecc5 by nkwan at 2007-08-01T17:52:26Z
bugzilla #240933 - changed path to jss4.jar on 64-bit

- - - - -
36ad944d by nkwan at 2007-08-02T21:34:58Z
bugzilla #250655 - changed spec to build requires jss 4.2.5

- - - - -
5ae84eff by nobody at 2008-01-30T00:00:06Z
Bugzilla Bug #430828:  Fixed to work with Tomcat5 on Fedora 8.

- - - - -
c69ab6b0 by nobody at 2008-02-24T04:24:45Z
Added an additional non-fedora flavored build script.

- - - - -
55711f19 by nobody at 2009-04-04T19:09:38Z
Renamed "build_linux" to "build_dogtag"; removed "build_fedora".

- - - - -
d8d4c31e by nobody at 2009-05-01T18:06:02Z
Bugzilla 498652 - SSL Handshake Failure on RHCS Java subsystems with nethsm2000

- - - - -
3d926fa0 by nobody at 2009-05-01T18:19:23Z
Renamed build script to something more generic.

- - - - -
5440979f by nobody at 2009-05-01T18:24:48Z
Added in logic to build on Fedora 8 platforms -- did not roll release number.

- - - - -
01f320df by nobody at 2009-06-03T21:03:45Z
Bugzilla Bug #455305 - CA ECC signing Key Failure
Bugzilla Bug #223279 - ECC: Ca: unable to perform agent auth on a machine with nCipher ECC HSM

- - - - -
d4b412fa by nobody at 2009-07-07T18:41:57Z
flagged change log comment as invalid

- - - - -
29906f26 by nobody at 2009-07-16T22:14:50Z
Release Candidate 4 build.

- - - - -
64c682ec by nobody at 2009-09-14T20:59:37Z
Bugzilla Bug #521979 -  New Fedora Package for Dogtag PKI: tomcatjss.

- - - - -
a446386f by nobody at 2009-10-28T20:20:42Z
Bugzilla Bug #529945 -  CS 8,0 GA release -- DRM and TKS do not seem to have CRL checking enabled.
- - - - -
d786c2f7 by nobody at 2010-01-14T21:55:02Z
Bugzilla Bug #441974 -  CA Setup Wizard cannot create new Security Domain.
Added 'Conflicts: tomcat-native' plus descriptive comment
Updated 'description' section with this information

- - - - -
939c29e0 by nobody at 2010-04-07T20:32:37Z
Bugzilla Bug #568787 - pki-ca fails to create SSL connectors
Bugzilla Bug #573038 - Unable to login on Dogtag EPEL installation

- - - - -
bf5b6ca0 by nobody at 2010-04-19T23:36:43Z
New Source tarball.

- - - - -
285e4579 by mharmsen at 2010-08-10T23:05:30Z
Updated Dogtag 1.3.x --> Dogtag 2.0.0.

- - - - -
b3539391 by cfu at 2010-11-03T18:52:43Z
Bugzilla 529945 - CS subsystems do not have CRL or OCSP checking enabled

- - - - -
3e35f9b6 by John R. Dennis at 2010-12-15T15:02:27Z
Bug 588323 - Failed to enable cipher 0xc001

The major purpose of this patch is correct the error reporting related
to SSL ciphers. While addressing that some other clean up and
robustness fixes were introduced.

Errors of this type were showing up in catalina.out:

JSSSocketFactory init - exception
thrown:org.mozilla.jss.ssl.SSLSocketException: Failed to disable cipher 0xc005

This would lead one to believe the socket initialization failed, when
in fact it didn't.

Background: ECC support in NSS has been disabled by default. ECC
support in NSS can be optionally enabled via a loadable pkcs11
module. We don't know if NSS has been configured to support ECC or
not. If a ECC cipher preference has been specified in the tomcat
connectors cipher list (which is often the case) and we try set that
cipher preference in NSS then JSS will throw an execption due to the
unknown cipher.

The reason why these exceptions had not been causing run time problems
is because the cipher preference setting is the last thing done in the
socket init code and the ECC ciphers have traditionally been the last
ciphers in the cipher list. Thus with the existing code and config
files the exception didn't cause necessary code to be
skipped. However the assumptions about being "last" are dangerous
assumptions and logging execptions leads on to believe there are
actual serious problems when in fact there aren't.

The basic fix to the code was to wrap the cipher preference setting
code in it's own try/catch block and not let the exception percolate
up. If NSS thows an exception we check to see if the cipher is a ECC
cipher, if so we emit a warning with the clarification that this is
probably O.K. unless you've configured NSS to support ECC. For non-ECC
ciphers we emit an error message. In either case the cipher list
continues to be processed until it's exhausted instead of taking a
non-local exit via an exception potentially leaving other ciphers
unprocessed.

The other minor fixes included:

The logic for reading a cipher as a hex value was broken, it didn't
account for a leading + or - flag, it didn't catch exceptions if
parseInt() failed, it didn't specify the radix to ParseInt().

The logic for detecting the enable/disable flag via a leading + or -
was flawed.

The toCipherID() method was poorly implemented. It consisted of 76
string equality tests. Instead it's much more efficient to perform the
lookup via a hash table. The cipher names were put into a statically
initialized hash map and now the cipher string conversion is done via
a hash lookup.

A statically initialized hash table of ECC ciphers was added. The test
to see if a cipher is a ECC cipher is performed by testing if the
cipher is in the table.

There were a number cipher values which had been hardcoded into the
Java source, those are now available in JSS and the local hardcoded
values removed.

The new version of the code now produces this instead:

Warning: SSL ECC cipher "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" unsupported by
NSS. This is probably O.K. unless ECC support has been installed.

This patch also includes one non-cipher fix. The debug log file was
not opened in append mode. Thus if there are more than one connector
the debug log file would be overwritten by every subsequent connector
in the server when the server initialized. This meant the debug log
file contained only the debug information from the last connector
initialized. Now the debug log file is opened in append mode.
The debugWrite() function was enhanced to add a timestamp and thread
name to the debug output, formatting matches the existing CS debug
formatting.

- - - - -
8fc726e2 by John R. Dennis at 2010-12-15T22:32:20Z
Resolves: Bug #634375 - tomcatjss rpm depends on tomcat5

A better description of this is: build tomcatjss against
tomcat6 rather than tomcat5.

- - - - -
a130165b by John R. Dennis at 2010-12-29T15:06:07Z
Bugzilla bug #655915

Disable socket timeouts when socket is first created.

- - - - -
17b45883 by John R. Dennis at 2011-01-12T23:16:35Z
- bump version to 2.1.0
  Bug #588323 - Failed to enable cipher 0xc001 (svn rev 105)
  Bug #634375 - Build tomcatjss against tomcat6 (svn rev 106)
  Bug #655915 - Disable socket timeouts when socket is first created. (svn rev 107)

- - - - -
47716803 by mharmsen at 2011-03-26T21:10:17Z
Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)

- - - - -
2d1988c3 by jmagne at 2011-05-13T21:48:06Z
Fix Bugzilla Bug #702716 - rhcs80 cannot do client auth with pkiconsole (ok with 7.3)
- - - - -
b43008ef by mharmsen at 2011-07-15T00:13:04Z
Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15

- - - - -
e0c2aaf9 by cfu at 2011-08-26T00:05:29Z
Bugzilla 730146 - SSL handshake picks non-FIPS ciphers in FIPS mode

- - - - -
3830b135 by mharmsen at 2011-09-13T02:48:10Z
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .

- - - - -
a63116f3 by mharmsen at 2011-09-29T22:27:48Z
Bugzilla Bug #737761 - Update Dogtag Packages for Fedora 16

- - - - -
64b0c825 by mharmsen at 2011-09-30T01:28:18Z
SPEC FILE CHANGE:  Changed "%elseif" to "%else", "%if", and "%endif".

- - - - -
bb51bbc9 by mharmsen at 2012-07-19T22:06:29Z
Resolves Dogtag TRAC Ticket #205
Branch 'tomcatjss' and port it from using Tomcat 6 to using Tomcat 7 . . .

- - - - -
24f45b9a by mharmsen at 2012-07-26T23:28:58Z
Fixed runtime 'Requires' cut/paste typos

- - - - -
e3107de2 by mharmsen at 2012-08-03T23:44:03Z
PKI TRAC Ticket #283 - Dogtag 10: Integrate Tomcat 6 'tomcatjss.jar' and
Tomcat 7 'tomcat7jss.jar' in Fedora 18 tomcatjss package

- - - - -
13bf5423 by cfu at 2012-12-20T04:29:24Z
Bug 819554 - tomcatjss: Please migrate from tomcat6 to tomcat7

- - - - -
a9517756 by cfu at 2013-01-04T21:21:07Z
changed version number from 7.0.1 to 7.1.0

- - - - -
1b2200cc by cfu at 2013-01-04T21:45:45Z
restored 7.0.0-3 history

- - - - -
bad3b869 by Endi S. Dewata at 2013-06-14T16:03:30Z
Updated tomcatjss for Fedora 19.

The JSSSocketFactory has been modified to implement new abstract methods added
to the base class in recent Tomcat 7 update.

The JNIDIR on Fedora 19 has been changed to /usr/lib/java.
- - - - -
d9367bad by vakwetu at 2013-06-14T17:15:13Z
fixing spec file
- - - - -
c1257c58 by mharmsen at 2014-01-10T01:15:30Z
* Fri Aug  2 2013 Ville Skytt?? <ville.skytta at iki.fi> - 7.1.0-4
- Simplify installation of docs.

- - - - -
9095b020 by cfu at 2014-09-26T21:26:19Z
Bug 1052417  - NullPointerException in tomcatjss searching for attribute "clientauth"

- - - - -
c7182f18 by cfu at 2014-09-30T04:18:00Z
back out to create as a patch

- - - - -
b2fedea2 by cfu at 2014-09-30T18:43:39Z
Bugzilla Bug #1058366 NullPointerException in tomcatjss searching for attribute "clientauth"

- - - - -
584b53e0 by cfu at 2014-09-30T18:45:40Z
Bugzilla Bug #871171 - Provide Tomcat support for TLS v1.1 and TLS v1.2

- - - - -
cd3558c3 by cfu at 2014-09-30T20:20:55Z
Bumped revision to 7.1.1.

- - - - -
30185375 by cfu at 2014-09-30T21:08:20Z
updated JSS dependencies

- - - - -
910b96e2 by Endi S. Dewata at 2015-03-05T06:38:36Z
Support for Tomcat 8

The tomcatjss has been modified to support both Tomcat 7 and 8.
In this particular case the changes to support Tomcat 8 is
backward compatible with Tomcat 7, so the code remains shared.
In the future it may be necessary to store the files for each
Tomcat version in separate folders.

https://bugzilla.redhat.com/show_bug.cgi?id=1198450
- - - - -
6a9f8b8f by vakwetu at 2015-04-20T17:41:47Z
Added tomcatjss to eclipse

Also reformat code, cleaned up imports and inferred some
generic args.

- - - - -
fdae94b6 by vakwetu at 2015-04-20T18:35:52Z
Fix formatting preferences

- - - - -
d5ff24ff by vakwetu at 2015-04-22T01:43:00Z
Add nuxwdog support

General cleanup and changes to the IPasswordStore interface
to handle NuxwdogPasswordStore instances.

- - - - -
ea008d59 by vakwetu at 2015-04-22T03:26:36Z
Adding missing dependencies in spec file on apache-commons-lang
- - - - -
f4d6a2d0 by vakwetu at 2015-04-22T18:17:28Z
Re-add getPassword(tag) function

- - - - -
da26db33 by vakwetu at 2015-04-23T17:57:34Z
add bz to spec file
- - - - -
165c3392 by Endi S. Dewata at 2015-07-22T23:32:11Z
Added JSSSupport.getProtocol().

A dummy getProtocol() has been added to JSSSupport in order
to build with newer Tomcat.

https://bugzilla.redhat.com/show_bug.cgi?id=1245786
- - - - -
32dbaa61 by Endi S. Dewata at 2015-07-22T23:32:13Z
Updated version number to 7.1.3.
- - - - -
558b176e by mharmsen at 2015-08-05T21:10:22Z
Fixed date typo in changelog; added in Mass Rebuild comment.

- - - - -
3baa67ae by cfu at 2016-07-05T19:00:41Z
Bugzilla Bug #1203407 missing ciphers (cfu)

- - - - -
0a7a56ae by Matthew Harmsen at 2017-01-26T23:46:50Z
This comment is a test of the fedorahosted SVN ==> github GIT migration.

- - - - -
b249f11c by Endi S. Dewata at 2017-01-30T19:34:15Z
Revert "This comment is a test of the fedorahosted SVN ==> github GIT migration."

This reverts commit 0a7a56ae5dce36119aa09ec94e4b5fbb765485be.

- - - - -
dab0592d by Endi S. Dewata at 2017-01-30T19:37:07Z
Removed redundant tomcatjss folder.

- - - - -
8eb9f17b by Endi S. Dewata at 2017-03-01T00:39:21Z
Updated build.xml.

To simplify the build process the build.xml has been modified to
define default build properties that match Fedora platform. This
way the build can be done simply as follows:

 $ ant

For other platform the build properties can be defined in a file,
for example:

 $ ant -propertyfile rhel.properties

A new build target has also been added to install the binaries
directly on the system without building an RPM file.

- - - - -
ebe9fe92 by Endi S. Dewata at 2017-03-01T16:06:30Z
Added .gitignore.

A new .gitignore file has been added to ignore build artifacts
such as bin, build, and dist folders.

- - - - -
57505661 by Endi S. Dewata at 2017-03-01T16:14:52Z
Added support for tomcatjss.conf.

The JSSSocketFactory has been modified to support an optional
config file located at <catalina.base>/conf/tomcatjss.conf. If
the code cannot find a config param in server.xml, it will fall
back to tomcatjss.conf.

https://pagure.io/tomcatjss/issue/5

- - - - -
a75fe28e by Matthew Harmsen at 2017-03-13T03:48:46Z
Resolves: rhbz #1394416

- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.0 in Fedora 25+
- Bugzilla Bug #1394416 - Rebase tomcatjss to 7.2.0 in RHEL 7.4

- - - - -
61333ae5 by Matthew Harmsen at 2017-03-13T05:06:09Z
Fixed a typo and upgraded Tomcat to match minimum version required.

- - - - -
b9722e2c by Matthew Harmsen at 2017-03-13T22:53:58Z
Changed build so that it did not package and depend upon the specfile being
included inside the tarball

- - - - -
5fbd778f by Matthew Harmsen at 2017-03-14T17:22:16Z
Updated jss build and runtime dependencies
Bumped version due to corrupted tarball

- - - - -
50943437 by Matthew Harmsen at 2017-03-21T21:29:40Z
Resolves: rhbz #1434541

- Bugzilla Bug #1434541 - tomcatjss 7.2.1 is incompatible with versions of
  pki-base < 10.4.0

- - - - -
48b7cd2b by Matthew Harmsen at 2017-03-21T21:42:47Z
Updated jss build and runtime dependencies

- - - - -
c410c7a3 by Endi S. Dewata at 2017-03-22T20:23:06Z
Renamed getEndpointAttribute().

The getEndpointAttribute() in JSSSocketFactory has been renamed
to getProperty() for clarity.

- - - - -
7612272a by Endi S. Dewata at 2017-03-23T19:58:01Z
Added SSLSocketListener registry.

A new TomcatJSS class has been added as a mechanism to register
SSLSocketListeners for all SSLSockets created by TomcatJSS.

https://pagure.io/tomcatjss/issue/4

- - - - -
6fdbd3da by Matthew Harmsen at 2017-03-30T23:55:30Z
Bumped version to 7.2.2.

- - - - -
0985ae5a by Matthew Harmsen at 2017-04-01T00:31:36Z
Fixed XML typo

- - - - -
c14c8ec6 by Endi S. Dewata at 2017-05-31T23:19:19Z
Fixed SSL cipher list parser.

The SSL cipher list parsers have been modified to ignore spaces
to allow more user-friendly formatting.

https://pagure.io/tomcatjss/issue/9

Change-Id: Ic21f0347e06e20f64ef37de95f9d1f1ac3d1f0d2

- - - - -
926034fa by Matthew Harmsen at 2017-06-05T21:52:32Z
Bumped version to 7.2.3.

- - - - -
7ace773a by Matthew Harmsen at 2017-06-12T22:05:21Z
Comply with ASF trademark rules

- tomcatjss Pagure Issue #10 - Comply with ASF trademark rules (mharmsen)

- - - - -
d839bcef by Endi S. Dewata at 2017-12-06T18:08:03Z
Fixed various compiler warnings.

Some classes have been modified to remove compiler warnings.

https://pagure.io/tomcatjss/issue/1

Change-Id: I6397bff2d87f6de818617bec76ab37e9b288f6c0

- - - - -
52713e24 by Endi S. Dewata at 2017-12-07T22:07:02Z
Remove redundant version number in build.xml.

The build.xml has been modified to remove duplicate version number.

https://pagure.io/tomcatjss/issue/1

Change-Id: Ifbaee66dfd9c5da73030446208a39ad21b34d22a

- - - - -
4fa07470 by Endi S. Dewata at 2017-12-07T22:07:30Z
Updated tomcatjss.spec.

The tomcatjss.spec has been modified to provide a version number
to override the one specified in build.xml.

https://pagure.io/tomcatjss/issue/1

Change-Id: I351c8296cff1146b9001d7ae71d4df042f6ddc8e

- - - - -
bb76d84a by Endi S. Dewata at 2017-12-11T22:40:39Z
Updated logging framework.

TomcatJSS has been modified to use JUL logging framework which is
used by Tomcat. The log messages will now be redirected to Tomcat
console/systemd journal instead of /tmp/tomcatjss.log, and the
configuration will be located in Tomcat's logging.properties.

https://pagure.io/tomcatjss/issue/1

Change-Id: I466d442767f80c5e49510c704c056731c2648f93

- - - - -
ba9fc8f5 by Endi S. Dewata at 2017-12-16T23:40:24Z
Refactored JSSSocketFactory fields.

Some fields in JSSSocketFactory have been moved to TomcatJSS and
renamed to match the corresponding connector attribute names.

https://pagure.io/tomcatjss/issue/1

Change-Id: I26d13d6db472e5d54b8dceda111f0ecbe2dac4ed

- - - - -
d15ef511 by Endi S. Dewata at 2017-12-17T00:39:56Z
Refactored JSSSocketFactory.initializePasswordStore().

The code that validates connector attributes and creates password
store has been moved from JSSSocketFactory.initializePasswordStore()
into TomcatJSS.init().

https://pagure.io/tomcatjss/issue/1

Change-Id: I4ab554c4ed9c68e481dd7cc4b0cf94888a6acb62

- - - - -
bc80dfaf by Endi S. Dewata at 2017-12-17T00:49:29Z
Refactored JSSSocketFactory.getCryptoManager().

The code that validates connector attributes and creates crypto
manager has been moved from JSSSocketFactory.getCryptoManager()
into TomcatJSS.init().

https://pagure.io/tomcatjss/issue/1

Change-Id: Iff5c3d93de7f885db9bbacf67f4ffcc22cf65c75

- - - - -
b0b1d77d by Endi S. Dewata at 2017-12-17T00:51:35Z
Refactored JSSSocketFactory.getToken().

The JSSSocketFactory.getToken() method has been moved into TomcatJSS
class.

https://pagure.io/tomcatjss/issue/1

Change-Id: I51489e1cfe7abfa76c8fedfba0f303dcf0690ff4

- - - - -
f6377d80 by Endi S. Dewata at 2017-12-17T01:48:26Z
Refactored JSSSocketFactory.logIntoToken() (part 1).

The code for token login has been reorganized into loginIntoToken()
methods and cleaned up.

https://pagure.io/tomcatjss/issue/1

Change-Id: I26d18f6abddbdbc74f179de17a058e00805b31ea

- - - - -
04bd31c3 by Endi S. Dewata at 2017-12-17T01:53:55Z
Refactored JSSSocketFactory.logIntoToken() (part 2).

The JSSSocketFactory.logIntoToken() methods have been moved into
TomcatJSS.login() methods.

https://pagure.io/tomcatjss/issue/1

Change-Id: I5622f1d0acffa1e0a3b8ac019cba5a39df7deb47

- - - - -
709f6980 by Endi S. Dewata at 2017-12-17T04:09:40Z
Refactored server cert nickname loading.

The code that loads the server cert nickname from a file has been
simplified and moved into TomcatJSS.init().

https://pagure.io/tomcatjss/issue/1

Change-Id: Iab8bb69038072e6b7a4087582ea99b1702e970ea

- - - - -
dee9e700 by Endi S. Dewata at 2017-12-18T02:31:56Z
Refactored JSSSocketFactory initialization.

The JSSSocketFactory.init() has been modified to be called
by JSSSocketFactory constructor instead of createSocket().

https://pagure.io/tomcatjss/issue/1

Change-Id: Ide6790f64b1b1b117247d7ec38aecb12511e4b72

- - - - -
9d19b34d by Endi S. Dewata at 2017-12-18T02:36:29Z
Removed redundant ocspConfigured field.

The ocspConfigured field has been removed from JSSSocketFactory
since it's only used in init() which is only executed once.

Change-Id: I3aa12a2486e890d3719fea3153d08f0dbd8b1701

- - - - -
f41eb259 by Endi S. Dewata at 2017-12-18T02:52:03Z
Updated version number to 7.3.0-0.1.

Change-Id: I67a372a6fa9a0341fa7bdcbd0ff6ccce34f721f3

- - - - -
53413288 by Endi S. Dewata at 2017-12-18T03:13:16Z
Added TomcatJSS fields for OCSP configuration.

New fields have been added in TomcatJSS to store OCSP configuration
parameters and their default values.

https://pagure.io/tomcatjss/issue/1

Change-Id: Idff494e6767c84db05d64973c33bfd73429cd437

- - - - -
73f5a3bd by Endi S. Dewata at 2017-12-18T04:12:42Z
Cleaned up OCSP configuration parameter parsing.

The code that parses the OCSP configuration parameters has been
cleaned up and moved earlier.

https://pagure.io/tomcatjss/issue/1

Change-Id: Ic01245055349d9fed7392573eda5ef069c3c0a91

- - - - -
755dd0a8 by Endi S. Dewata at 2017-12-18T04:14:30Z
Removed redundant try-catch block.

The try-catch block surrounding the OCSP cache and timeout
configuration has been removed so that the original exceptions
can bubble up.

https://pagure.io/tomcatjss/issue/1

Change-Id: If9d275aa4d8fcb9c1a1ff4e156b1c7fc9f93831f

- - - - -
bb48e462 by Endi S. Dewata at 2017-12-18T04:36:43Z
Refactored OCSP configuration (part 1).

The code that configures OCSP has been modified to terminate
early by throwing an exceptions if the responder URL or the cert
nickname parameters is missing.

https://pagure.io/tomcatjss/issue/1

Change-Id: I67d3422cc8502b7c2632a913b20ede0f18756c56

- - - - -
8345da57 by Endi S. Dewata at 2017-12-18T04:49:15Z
Refactored OCSP configuration (part 2).

The code that configures OCSP has been moved into configureOCSP()
method in TomcatJSS class. The code that parses the parameters has
been modified to use the default values defined in TomcatJSS class.

https://pagure.io/tomcatjss/issue/1

Change-Id: I655e972d8145ce7cc2d34933d786904ef95394bb

- - - - -
87b5e49d by Endi S. Dewata at 2018-01-02T18:00:13Z
Refactored client auth configuration.

The code that configures client auth and related fields have been
moved into TomcatJSS class.

https://pagure.io/tomcatjss/issue/1

Change-Id: I99071cb480781859d07c28d1a51d217866ff6502

- - - - -
c538034b by Endi S. Dewata at 2018-01-03T16:48:09Z
Simplified cipher name mapping.

The code that converts cipher name into ID has been changed to use
SSLCipher.valueOf() instead of a map. The map is no longer used so
it has been removed.

https://pagure.io/tomcatjss/issue/1

Change-Id: Iab0f084042f33ee3eae4fbe8d5b41ed530c477f6

- - - - -
f44aa023 by Endi S. Dewata at 2018-01-03T17:00:48Z
Refactored JSSSocketFactory.setSSLCiphers().

The loop in JSSSocketFactory.setSSLCiphers() that sets the
cipher preferences has been modified to continue early if the
cipher is unknown.

https://pagure.io/tomcatjss/issue/1

Change-Id: I191e1fe8817c93a562e290722c8a7b8b447a3c14

- - - - -
7aeea931 by Endi S. Dewata at 2018-01-03T17:13:02Z
Simplified ECC cipher checking.

The code that checks whether a cipher is ECC has been changed to
use SSLCipher.isECC() instead of a map. The map is no longer used
so it has been removed.

https://pagure.io/tomcatjss/issue/1

Change-Id: I57f7b5cb9845e52964eb428e96e36a782c56d53a

- - - - -
4cc025e9 by Endi S. Dewata at 2018-01-03T18:47:55Z
Refactored cipher configuration (part 1).

The code that handles strictCipher parameter has been moved into
TomcatJSS.init().

https://pagure.io/tomcatjss/issue/1

Change-Id: Icb3799b54e735b1dc8a22a607507bfa30d14e396

- - - - -
ca5684f6 by Endi S. Dewata at 2018-01-03T18:50:22Z
Refactored cipher configuration (part 2).

The code that handles SSL version range parameters has been moved into
TomcatJSS.init().

https://pagure.io/tomcatjss/issue/1

Change-Id: Ic6658033c471af1347e1accc61f3a1dfb9187d25

- - - - -
49feae89 by Endi S. Dewata at 2018-01-04T02:27:49Z
Refactored cipher configuration (part 3).

The code that retrieves SSL cipher parameters has been moved
forward. New fields have been added to TomcatJSS class to store
the parameters.

https://pagure.io/tomcatjss/issue/1

Change-Id: I26487bc3be0fb6ae017165e214f12d3254a727b6

- - - - -
5a9372d4 by Endi S. Dewata at 2018-01-04T02:39:10Z
Refactored cipher configuration (part 4).

The code that parses and configures SSL ciphers has been moved into
TomcatJSS.init().

https://pagure.io/tomcatjss/issue/1

Change-Id: I8443bcba8ddd8bccbb194558ea41d56b41226e4a

- - - - -
5244acfc by Endi S. Dewata at 2018-01-05T11:47:16Z
Added Http11NioProtocol wrapper.

A subclass of Http11NioProtocol has been added to wrap the original
class with additional support for JSS parameters.

https://pagure.io/tomcatjss/issue/3

Change-Id: I5fc9fdc8487c3cedd9c2addbc1478d1e8796f610

- - - - -
4224bcb0 by Endi S. Dewata at 2018-01-05T17:05:22Z
Added Http11Protocol wrapper.

A subclass of Http11Protocol has been added to wrap the original
class with additional support for JSS parameters.

https://pagure.io/tomcatjss/issue/3

Change-Id: Ib7c230c310879ff20d82b2c98fa109ae304dcbe8

- - - - -
24adba77 by Endi S. Dewata at 2018-01-05T18:39:35Z
Fixed TomcatJSS.init() to avoid NPE.

The code that checks the value of strictCiphers in TomcatJSS.init()
has been modified to avoid NPE.

https://pagure.io/tomcatjss/issue/1

Change-Id: I13900b5a453c4caeb45f7f31a008f64a0bd5f0be

- - - - -
be51353a by Endi S. Dewata at 2018-01-06T13:34:19Z
Added support for multiple Tomcat versions.

To support multiple Tomcat versions, the sources have been
reorganized into multiple folders. Common sources are stored
in src folder and Tomcat-specific sources are stored in
tomcat-x.y/src folders. The Tomcat-specific folder can be
selected using src.dir property when invoking ant build tool.

https://fedorahosted.org/tomcatjss/ticket/1

Change-Id: I107e7a09c5fbca0ca1ceacc80a7c1465aa8c11cd

- - - - -
e90223cb by Endi S. Dewata at 2018-01-06T18:03:07Z
Added separate code for Tomcat 7.0.

The source code in tomcat-8.0 folder has been copied into
tomcat-7.0 folder so it can be maintained separately.

https://fedorahosted.org/tomcatjss/ticket/1

Change-Id: I60115434dd4096cb9c9da9dd9ac025615f558df5

- - - - -
8e2d3dd8 by Endi S. Dewata at 2018-01-06T18:19:46Z
Added skeleton code for Tomcat 8.5.

A skeleton code has been added as a basis for future Tomcat 8.5
development.

https://fedorahosted.org/tomcatjss/ticket/1

Change-Id: Ia5d2539f39f80363e54deee7f13f845f75fc1c5f

- - - - -
926b3bd1 by Endi S. Dewata at 2018-01-06T18:46:19Z
Updated tomcatjss.spec.

The tomcatjss.spec has been updated to use Tomcat 8.5 on Fedora 28.
The redundant ant invocation has been removed.

https://fedorahosted.org/tomcatjss/ticket/1

Change-Id: I8074af7c64b2ba7de5c8ffe328fd28aff73f0a9a

- - - - -
9f94905a by Endi S. Dewata at 2018-02-14T19:07:56Z
Updated tomcatjss.spec (part 2).

Due to PKI CI, the dependency on Tomcat 8.5 will be added in
multiple phases. Initially, TomcatJSS 7.3.0 will be released
with Tomcat 8.0 only. After PKI has been modified to use the
new API, TomcatJSS can be released with Tomcat 8.5.

https://fedorahosted.org/tomcatjss/ticket/1

Change-Id: I13a569921e4209d643558fa58e53081ae7691a57

- - - - -
a4a233f1 by Christian Heimes at 2018-03-15T14:01:01Z
Bump Tomcat requirements to 8.5 for Fedora >= 27

Closes: https://pagure.io/tomcatjss/issue/1
Signed-off-by: Christian Heimes <cheimes at redhat.com>

- - - - -
22ddc583 by Endi S. Dewata at 2018-03-15T16:33:13Z
Fixed setServerCertNickFile()

The setServerCertNickFile() in Http11NioProtocol and Http11Protocol
has been fixed to no longer call setKeyAlias() since the key alias
in the keystore may be different from the certificate nickname in
the NSS database.

https://fedorahosted.org/tomcatjss/ticket/1

Change-Id: I99dac852ee9912b0dfd02efb7972bd399c8cfd84

- - - - -
74efe678 by Endi S. Dewata at 2018-03-15T19:24:17Z
Renamed RPM spec template.

The RPM spec template has been renamed into tomcatjss.spec.in.

Change-Id: I9d1375b20b35b585c17bdefba015ac927698e2e4

- - - - -
ad728503 by Endi S. Dewata at 2018-03-15T19:27:28Z
Cleaned up RPM spec template

The tomcatjss.spec.in has been modified to remove the code that
prepares and cleans up buildroot. Change log messages have been
removed as well since they should be stored in the actual RPM spec.

Change-Id: I26aa7ef082cc13c106ed1d0c0c8d5e1d37ed34e7

- - - - -
9d3a89e8 by Endi S. Dewata at 2018-03-15T21:52:27Z
Fixed source URL in RPM spec template

The RPM spec template has been modified to use the source tarball
automatically generated by GitHub.

Change-Id: I609c05f3cb83a9103f80dadeb95d136bd8809eee

- - - - -
fa96cc95 by Endi S. Dewata at 2018-04-12T20:18:43Z
Updated build script

The build script has been updated to provide a parameter to
customize the doc install location.

The spec template has been modified to use the new parameter.

Change-Id: I0088a7a281b7ab70fac8b7e7c32b750b2b1f94eb

- - - - -
be1784da by Endi S. Dewata at 2018-04-12T20:27:04Z
Updated version number to 7.3.0-1

The version number in the spec template has been updated to
7.3.0-1. The template has been cleaned up as well to make it
more legible.

Change-Id: I42a13fbb90652240a302fb1144c13cdf4c2602bd

- - - - -
7e983bc7 by Endi S. Dewata at 2018-05-13T11:09:01Z
Updated version number to 7.3.0-2

the spec template has been modified to use the standard Tomcat
8.0 on F27, Tomcat 8.5 on F28, and Tomcat 9.0 on F29.

Change-Id: Ic65ae7c2a1bdbf7beed14870076afff96db04ee1

- - - - -
6d7929d6 by Endi S. Dewata at 2018-06-01T04:19:17Z
Updated JSS dependency

- - - - -
dae7a1c9 by Endi S. Dewata at 2018-06-01T04:19:41Z
Added build.sh

- - - - -
f0bbbac0 by Endi S. Dewata at 2018-06-01T06:00:56Z
Added .travis.yml

Change-Id: I686e29707f134a98a11ba810788ee034ad4ed97f

- - - - -
7628f226 by Endi S. Dewata at 2018-06-01T06:23:43Z
Enabled CI for F27 and F28

Change-Id: Id453a8d77a1782859d6c2b5856dc97ea4bd8e03d

- - - - -
1cf5e518 by Endi S. Dewata at 2018-06-01T06:29:13Z
Added dependency on SLF4J

Change-Id: Ic17d1e4a4f47f0e33f65165b3f424a4451bb25b5

- - - - -
4f26ac6c by Endi S. Dewata at 2018-06-01T06:44:45Z
Updated loggers in TomcatJSS class

The TomcatJSS class has been modified to use SLF4J loggers.

Change-Id: I6489e168f68ca35616734259988ff73d237770cd

- - - - -
31f89f10 by Endi S. Dewata at 2018-06-01T07:18:13Z
Updated remaining loggers

The remaining loggers in various classes have been replaced with
SLF4J loggers.

Change-Id: I0c18ab80de2a234c23ba75851c0d33b79d95b811

- - - - -
4378ec45 by Endi S. Dewata at 2018-06-12T16:23:19Z
Added default build target

Change-Id: Ia1332a4613f90570e32c2b9b129432ac52237cdc

- - - - -
dd4755a8 by Endi S. Dewata at 2018-06-15T14:46:03Z
Updated Tomcat dependencies

Change-Id: I03819e987fef2b7255ecff1e6c947f6149f6e8bc

- - - - -
6986a366 by Endi S. Dewata at 2018-06-23T04:13:23Z
Clearing Password object

The TomcatJSS class has been modified to clear the Password object
explicitly.

Change-Id: I58576fc8b12876970d094203c4cca6f90abbf020

- - - - -
a3ebc75d by Endi S. Dewata at 2018-07-05T20:55:43Z
Updated references to InitializationValues

Change-Id: I39831c14bff6430427a45cf7f200e8925c1e9b81

- - - - -
f94783ee by Endi S. Dewata at 2018-07-05T20:55:44Z
Added support for pre-release phases

The build script and spec templates have been modified to support
pre-release phases (e.g. a1, b2).

Change-Id: I8622cba53f2197e7c3170696ed2af371e571ebbf

- - - - -
d1e7d0c0 by Endi S. Dewata at 2018-07-05T20:55:44Z
Updated version number to TomcatJSS 7.3.2

Change-Id: I766e50359ceeae3ac2514eb1b060ed827df15eab

- - - - -
d0a6523e by Endi S. Dewata at 2018-07-06T23:23:25Z
Fixed JSS dependency

Change-Id: Ie9be2d7ff471c11da4df11ca66fa0d32401e77f5

- - - - -
a2febd0f by Endi S. Dewata at 2018-07-20T22:45:41Z
Updated SLF4J and JSS dependencies

Change-Id: I9a261671000c5b9e0a680dadaad879447822ff69

- - - - -


25 changed files:

- + .classpath
- + .gitignore
- + .project
- + .settings/org.eclipse.jdt.core.prefs
- + .settings/org.eclipse.jdt.ui.prefs
- + .travis.yml
- + LICENSE
- + README
- + build.sh
- + build.xml
- + build_tomcatjss
- + rhel.properties
- + src/org/apache/tomcat/util/net/jss/IPasswordStore.java
- + src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
- + src/org/apache/tomcat/util/net/jss/TomcatJSS.java
- + src/org/dogtagpki/tomcat/Http11NioProtocol.java
- + tomcat-7.0/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
- + tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSFactory.java
- + tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
- + tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
- + tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSSupport.java
- + tomcat-7.0/src/org/dogtagpki/tomcat/Http11Protocol.java
- + tomcat-8.0/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
- + tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSFactory.java
- + tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSImplementation.java


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/compare/c5af32b76ba01258ea5931637a66d2fc8bf78204...a2febd0f3be71fa0925ad2988db1161cfb07cc4f

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/compare/c5af32b76ba01258ea5931637a66d2fc8bf78204...a2febd0f3be71fa0925ad2988db1161cfb07cc4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20180804/b572ccf5/attachment-0001.html>

More information about the Pkg-freeipa-devel mailing list