[Pkg-freeipa-devel] [Git][freeipa-team/jss][upstream] 62 commits: Add missing annotations in org.mozilla.jss
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Mon Oct 18 20:18:23 BST 2021
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / jss
Commits:
70be09f3 by Chris Kelley at 2021-05-25T22:45:01+01:00
Add missing annotations in org.mozilla.jss
- - - - -
e16f729b by emaldona at 2021-05-25T17:36:40-05:00
Capabilities (#704)
Co-authored-by: Alexander Scheel <alexander.m.scheel at gmail.com>
- - - - -
b7cf59ca by Endi S. Dewata at 2021-05-26T10:49:57-05:00
Add logger for build_pkcs11_constants.py
The build_pkcs11_constants.py has been modified to
send log messages to the screen instead of storing
them in the output file. This way the output file
will remain constant regardless how the tool was
executed, and the log messages can be viewed without
having to open the output file which will make it
easier to troubleshoot issues.
- - - - -
08d325ce by Endi S. Dewata at 2021-05-26T11:40:09-05:00
Add PKCS11Constants test for Fedora 34
The CI test for Fedora 34 has been modified to
execute the PKCS11Constants test.
The check_output() has been modified to define
NSS_PKCS11_2_0_COMPAT due to NSS changes:
https://fedoraproject.org/wiki/Changes/NssGCMParams
- - - - -
5d2431c2 by Chris Kelley at 2021-05-26T19:34:00+01:00
Refactor SSLCLient.cmp() to not check for string equivalence twice
The object refences where being checked, as well as the object reference
values. The latter is what we actually care about, we don't care if the
objects are identical only that he values are. Also, this code is only
ever called through isInvalid whch checks for null, so we don't require
the null check so we can simplify even further.
- - - - -
b42f2eed by Chris Kelley at 2021-05-26T19:34:00+01:00
Clean up Sonar-discovered issues in various files
- - - - -
a789bb98 by Chris Kelley at 2021-05-26T19:34:00+01:00
Simplify equals() impl in Password class
Instanceof checks for null, so no need to explicitly do so.
- - - - -
588641a8 by Chris Kelley at 2021-05-26T19:34:00+01:00
Implement hashCode() in Password class
Password overrides equals(), so it should override hashCode() too
- - - - -
c461266b by Chris Kelley at 2021-05-26T20:25:00+01:00
Add missing annotations to org.mozilla.jss.ssl.javax
- - - - -
18f0f9e9 by Chris Kelley at 2021-05-26T21:19:08+01:00
Remove deprecated Integer constructor from IPAddressName
- - - - -
f9e362f9 by Endi S. Dewata at 2021-05-26T15:34:32-05:00
Reorganize examples
The examples have been converted to become
a sample Maven project that depends on JSS.
The Maven group ID for JSS has been changed
such that it doesn't include the artifact
ID itself.
- - - - -
8a54eb3b by Endi S. Dewata at 2021-05-26T15:50:15-05:00
Drop git dependency
The jss.spec has been modified to drop git dependency so
it's no longer required for building the official binaries,
but git is still needed during development to call build.sh
--with-commit-id.
- - - - -
cecfd710 by Chris Kelley at 2021-05-26T21:57:44+01:00
Add missing annotations in org.mozilla.jss.pkcs11
- - - - -
d9a9e316 by Endi S. Dewata at 2021-05-26T20:15:10-05:00
Fix F33 and F34 tests
- - - - -
5835a99b by Chris Kelley at 2021-06-01T22:51:18+01:00
Autoformat .java and .c files in org.mozilla.jss.asn1
- - - - -
ace4edfc by Endi S. Dewata at 2021-06-03T13:17:37-05:00
Clean up Java dependency
The spec file has been modified to explicitly require Java 11.
- - - - -
27f2d844 by Endi S. Dewata at 2021-06-03T22:07:47-05:00
Fix JAVA_HOME
- - - - -
c7e30a31 by Endi S. Dewata at 2021-06-03T22:46:57-05:00
Update version number to 4.9.0-alpha2
- - - - -
cd4f54e7 by Endi S. Dewata at 2021-06-08T10:16:41-05:00
Update contact information
- - - - -
efeac291 by Endi S. Dewata at 2021-06-09T13:06:14-05:00
Convert RPM install script into CMake script
- - - - -
d0b5aaeb by Endi S. Dewata at 2021-06-09T14:49:55-05:00
Update build.sh --without-test option
The build.sh --without-test option has been modified
to convert the %bcond_without into %bcond_with such
that the condition can be checked using %{with test}.
- - - - -
144921df by Endi S. Dewata at 2021-06-10T20:16:29-05:00
Add jss.jar and libjss.so symlinks
- - - - -
0865c666 by Endi S. Dewata at 2021-06-10T20:50:40-05:00
Fix HAMCREST_JAR for Rawhide
- - - - -
d349aa30 by Endi S. Dewata at 2021-06-11T11:25:37-05:00
Update version number to 5.0.0-alpha1
Recently JSS 4.9 was modified to require Java 11. However,
older platforms that use JSS 4.8 might have other libraries
that will not work with Java 11, so it will not be able to
be upgraded to JSS 4.9.
To address the problem, the current JSS 4.9 has been renamed
into JSS 5.0 which will only work on newer platforms, and a
new JSS 4.9 branch will be created from JSS 4.8 to provide
updates for older platforms.
The binaries have also been renamed to jss.jar and libjss.so
to simplify future upgrades.
- - - - -
a27a9fee by Endi S. Dewata at 2021-06-11T14:57:53-05:00
Clean up jss.spec
- - - - -
eb574700 by Endi S. Dewata at 2021-06-18T21:55:45-05:00
Clean up Dockerfile
- - - - -
f858cdcf by Endi S. Dewata at 2021-06-18T21:55:45-05:00
Add configurable test matrix
The test workflow have been modified to load the test
matrix from MATRIX secret variable. If the secret is
not defined, it will use the latest Fedora version
and the previous version.
- - - - -
fabd99d0 by Endi S. Dewata at 2021-06-21T18:04:56-05:00
Add build.sh target to build JSS binaries
- - - - -
8e650448 by Endi S. Dewata at 2021-06-21T18:04:56-05:00
Add build.sh target to install JSS binaries
- - - - -
40483f1f by Endi S. Dewata at 2021-06-25T15:22:39-05:00
Update build.sh messages
- - - - -
650ca79a by Endi S. Dewata at 2021-07-07T19:11:12-05:00
Fix source paths in docs
- - - - -
24624072 by Endi S. Dewata at 2021-07-07T19:11:15-05:00
Rename build.yml to code-analysis.yml
- - - - -
491f7850 by Endi S. Dewata at 2021-07-07T19:11:15-05:00
Update Fedora Dockerfiles
The Dockerfiles for Fedora 33 and 34 have been modified
to compare the PKCS11Constants.java generated by Python 2
directly against the stored PKCS11Constants.java.
- - - - -
8d7d5b52 by Endi S. Dewata at 2021-07-08T10:43:55-05:00
Update PKCS11Constants
The PKCS11Constants class has been updated to include
the new constants introduced in NSS 3.66. The NSPR
dependency has been dropped since it's already required
by NSS.
https://bugzilla.mozilla.org/show_bug.cgi?id=1710773
- - - - -
e0032959 by Endi S. Dewata at 2021-07-08T10:45:12-05:00
Move PKI build test
The PKI build test has been moved from a Dockerfile
into a job in pki-tests.yml workflow such that it can
be run on multiple Fedora versions.
- - - - -
081c6deb by Endi S. Dewata at 2021-07-08T18:22:21-05:00
Update PKI CA test
- - - - -
b46f9149 by Endi S. Dewata at 2021-07-16T14:45:04-05:00
Add GitLab synchronization job
The .gitlab-ci.yml has been added to define a job to
synchronize a branch from an upstream repository to a
GitLab repository.
- - - - -
1a0d5e42 by Endi S. Dewata at 2021-07-28T10:01:17-05:00
Reorganize PKCS #11 constants tests
The PKCS #11 constants tests for Fedora 33 and 34 have
been converted into a new workflow such that the platform
versions will update automatically and can be configured
using the test MATRIX.
- - - - -
55f22f16 by Endi S. Dewata at 2021-07-28T15:08:21-05:00
Add init-workflow.sh
The init-workflow.sh has been added to configure the test
matrix based on the BASE64_MATRIX variable. The test matrix
needs to be base64-encoded since otherwise GitHub will mask
the value rendering it unusable.
- - - - -
05dbc99c by Endi S. Dewata at 2021-07-29T15:15:58-05:00
Add test repository configuration
The init-workflow.sh has been modified to load the test
repository from BASE64_REPO variable. The test repository
will be configured in the runner image so all tests using
the same image will automatically use the same repository.
- - - - -
ee64f6b2 by Endi S. Dewata at 2021-07-29T17:51:30-05:00
Update default test matrix
The init-workflow.sh has been modified to test
against the latest Fedora version by default.
- - - - -
62c8eb29 by Endi S. Dewata at 2021-07-30T08:58:02-05:00
Convert symbol test
The symbol test has been converted from a Dockerfile
into a GH workflow.
- - - - -
2e4a0e7e by Endi S. Dewata at 2021-07-30T16:39:25-05:00
Convert build tests
The build tests for Fedora, Debian, and Ubuntu have been
converted from Dockerfiles into a GH workflow.
- - - - -
b78a929d by Endi S. Dewata at 2021-08-02T15:16:39-05:00
Remove redundant code in build.sh
- - - - -
9c46079a by Endi S. Dewata at 2021-08-03T15:36:29-05:00
Rename Required Tests to Build Tests
- - - - -
99fe84e1 by Endi S. Dewata at 2021-08-03T15:36:36-05:00
Avoid rpmspec for non-RPM build
- - - - -
234ebad8 by Endi S. Dewata at 2021-08-03T17:53:27-05:00
Add option to build without Javadoc
- - - - -
c1ce6789 by Endi S. Dewata at 2021-08-03T19:55:18-05:00
Reformat PFX.verifyAuthSafes()
- - - - -
cb43d163 by Endi S. Dewata at 2021-08-05T19:14:18-05:00
Drop deprecated methods in CertAndKeyGen
- - - - -
8a648edc by Endi S. Dewata at 2021-08-10T12:32:58-05:00
Drop deprecated X509Cert class
- - - - -
493a9cc1 by Endi S. Dewata at 2021-08-11T11:45:26-05:00
Fix warnings in JSSEngine.queryEnabledCipherSuites()
The JSSEngine.queryEnabledCipherSuites() has been modified
to check whether a cipher is supported by NSS before getting
its default preference.
The SSLCipher constructor has been modified to always call
checkSupportedStatus() to determine whether the cipher is
supported by NSS.
- - - - -
f59c89af by Endi S. Dewata at 2021-08-11T15:31:42-05:00
Add build tests for Azure pipeline
- - - - -
9c1d8d1b by Endi S. Dewata at 2021-08-11T20:42:04-05:00
Fix Javadoc directory
- - - - -
d1ee7cc6 by Endi S. Dewata at 2021-08-11T20:42:04-05:00
Update version number to 5.0.0-alpha2
- - - - -
eb229b88 by Endi S. Dewata at 2021-08-11T21:11:31-05:00
Drop Java 1.8 compatibility
- - - - -
060961a4 by Chris Kelley at 2021-08-12T09:40:02+01:00
Remove redundant superinterface implementation statements
- - - - -
b14b3c78 by Endi S. Dewata at 2021-08-20T18:48:24-05:00
Drop RevocationReasonAdapter and JAXB dependency
- - - - -
87748b7e by Jack Magne at 2021-08-27T10:14:47-07:00
Fix: Bug 1964176 - KRA PKCS12 support for nCipher sw v12.60+.
Note much of this work is based on original work by Alex Scheel.
aka, cipherboy : alexander.m.scheel at gmail.com
This bug has it's jss portion reflected here. The gist of this fix
is to register 3 new secoids into nss in a dynamic fashion. The 3
new algs are 128, 192, and 256 bit variants of the machanism,
CKM_AES_KEY_WRAP_KWP.
We have to provide support for these algs because we need a common algorithm
that works the same in the nss software db as well as in the hsm.
The key jss method that is failing is one that is reponsible for creating the
so called EncryptedPrivateKeyInfo blob, which is packaged in the final p12 file.
In order to accomplish we have had to create our own version of the nss routine,
PK11_ExportEncryptedPrivateKeyInfo, which is able to use one of the 3 new encryptiion
algs to wrap the private key in the final blob. Jss is also implemting a new version of the
routine in nss which is reponsible for performing a key exchange of a session key between
the softeare db and the hsm. This code will use the oaep wrapping alg on the hsm to do the
heavy lifting, while creating a temp private key on the hsm to unwrap the session key from
the nss software db to the hsm. As a final step the p12 code will encode one of the 3 new oids
to indicate that one of the 3 new algorithms have been used.
Here are the declarations of the 3 new algs:
public static final EncryptionAlgorithm
AES_128_KEY_WRAP_KWP = new EncryptionAlgorithm(SEC_OID_AES_128_KEY_WRAP_KWP,
Alg.AES,Mode.NONE,
Padding.PKCS5, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(8), 128,"AES/None/PKCS5Padding/Kwp/128");
public static final EncryptionAlgorithm
AES_192_KEY_WRAP_KWP = new EncryptionAlgorithm(SEC_OID_AES_192_KEY_WRAP_KWP,
Alg.AES,Mode.NONE,
Padding.PKCS5, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(28), 192,"AES/None/PKCSPadding/Kwp/192");
public static final EncryptionAlgorithm
AES_256_KEY_WRAP_KWP = new EncryptionAlgorithm(SEC_OID_AES_256_KEY_WRAP_KWP,
Alg.AES,Mode.NONE,
Padding.PKCS5, IVParameterSpecClasses, 16,
AES_ROOT_OID.subBranch(48), 256,"AES/None/PKCS5Padding/Kwp/256");
Note that we have to provide kind of a custom name for each of these algs, to differentiate
between the 3 variants. When actually referring to these algs from jss, we can use that name
to look up the proper alg. Also note the 3 new SEC_OID values. Since these are not yet in nss,
we have dynamically added these 3 sec oids into jss for use.
The rest of this code is devoted to the support for adding dynmic oids into nss on behalf of jss.
Note that in the routine JSS_KeyExchange, we explain that the isPerm param is not currently observed
since the nss unwrap function we need has no permanent variant and defaults to false or temporary.
- - - - -
d37c933f by Chris Kelley at 2021-09-03T23:01:13+01:00
Update version number to 5.0.0-beta1
- - - - -
80a71429 by Endi S. Dewata at 2021-09-30T14:17:59-05:00
Fix java_home path
- - - - -
391ac57f by Endi S. Dewata at 2021-09-30T14:17:59-05:00
Update version number to 5.0.0
- - - - -
21af2aae by Endi S. Dewata at 2021-09-30T22:33:50-05:00
Revert java_home path
- - - - -
30 changed files:
- .classpath
- + .github/workflows/build-tests.yml
- .github/workflows/build.yml → .github/workflows/code-analysis.yml
- − .github/workflows/informational.yml
- .github/workflows/maven-tests.yml
- + .github/workflows/pkcs11-tests.yml
- .github/workflows/pki-tests.yml
- − .github/workflows/required.yml
- + .gitlab-ci.yml
- CMakeLists.txt
- Dockerfile
- README.md
- + azure-pipelines.yml
- build.sh
- cmake/JSSCommon.cmake
- cmake/JSSConfig.cmake
- cmake/JSSTests.cmake
- docs/build_system.md
- docs/building.md
- + docs/changes/v5.0.0/API-Changes.adoc
- docs/contributing.md
- docs/dependencies.md
- + docs/development/Synchronizing-GitLab-Branch.adoc
- docs/legacy_building.md
- docs/pkcs11_constants.md
- + docs/usage/capabilities_list.md
- docs/using_jss.md
- + examples/README.adoc
- + examples/pom.xml
- samples/PQGGen.java → examples/src/main/java/examples/PQGGen.java
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/3807b29576fb382e262108057988bf883e939451...21af2aaec9e8948019e5189fa3fa5d2417f9eafa
--
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/3807b29576fb382e262108057988bf883e939451...21af2aaec9e8948019e5189fa3fa5d2417f9eafa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20211018/3f30129a/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list