[Pkg-freeipa-devel] [Git][freeipa-team/tomcatjss][upstream] 29 commits: Update version number to 8.3.0-alpha1
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Fri Feb 10 07:39:58 GMT 2023
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / tomcatjss
Commits:
6912715c by Endi S. Dewata at 2022-05-10T14:51:16-05:00
Update version number to 8.3.0-alpha1
- - - - -
0a0529a1 by Endi S. Dewata at 2022-05-10T14:51:56-05:00
Update project URL
- - - - -
43a336a2 by Endi S. Dewata at 2022-06-07T15:16:24+01:00
Update OpenLDAP clients to use -H option
The latest OpenLDAP clients no longer have the -h option so the
the tests have been updated to use the -H option instead.
- - - - -
c0a7f5c6 by Endi S. Dewata at 2022-06-15T15:01:56-05:00
Add missing JAVA_HOME
- - - - -
7611a99c by Marco Fargetta at 2022-06-21T14:20:22+02:00
Sonar cloud (#49)
* Add Sonarcloud
* Add Sonarcloud
* Add build
* Fix image name
* Add pull fork
* Fix workflow name
* Add dogtag references
- - - - -
194c3b15 by Edward Betts at 2022-07-05T13:00:09+01:00
Correct spelling mistake
- - - - -
afb63487 by Endi S. Dewata at 2022-07-06T10:47:22-05:00
Add Maven project
New pom.xml files have been added to define the Maven project
for Tomcat JSS. The project consists of a module that contains
the core classes, a module that contains Tomcat 9.0-specific
classes, and another module that contains all of these classes.
A new CI test has been added to compare the original Ant build
artifacts with the new Maven build artifacts.
- - - - -
9d31116b by Marco Fargetta at 2022-07-06T18:18:08+02:00
Fix Sonarcloud error for maven config (#51)
The introduction of the pom.xml makes the sonarcloud scan fail so it is
removed for the scan
- - - - -
abe9dbde by Chris Kelley at 2022-07-12T17:14:07+01:00
Fix modifier order to match JLS and make fields final where approproate
- - - - -
9f313222 by Chris Kelley at 2022-07-12T17:14:07+01:00
Replace deprecated constructors.
- - - - -
3f459b91 by Chris Kelley at 2022-07-12T17:14:07+01:00
Use string formatting when constructing log messages.
- - - - -
47fae97c by Chris Kelley at 2022-07-12T17:14:07+01:00
Rename local variables to not name shadow already declared variables.
- - - - -
fa8d8fd3 by Chris Kelley at 2022-07-12T17:14:07+01:00
Use try-with-resources in loadJSSConfig
- - - - -
6be6263b by Chris Kelley at 2022-07-12T17:14:07+01:00
Disable access to external entities when parsing XML
- - - - -
3ab36f45 by Chris Kelley at 2022-07-12T17:14:07+01:00
Throw more specific exceptions
- - - - -
f8d4b6c2 by Chris Kelley at 2022-07-12T17:14:07+01:00
Clean up small code issues.
* Give logger class it is defined in.
* Replace redundant return with boolean check
* Define a property for "catalina.base" so it is not duplicated
- - - - -
a8dc3a5b by Chris Kelley at 2022-07-21T12:34:19+01:00
Run shellcheck as GitHub action in tomcatjss CI
* Rename sonarcloud.yml to code-analysis.yml, add any additonal future
linters/scanners into this workflow.
- - - - -
a0a67649 by Marco Fargetta at 2022-07-21T14:46:58+02:00
Rebase to master before analyse the pull request (#53)
- - - - -
ae305481 by Chris Kelley at 2022-07-21T16:18:23+01:00
Rename sonarcloud.yml to code-analysis.yml
- - - - -
77846f15 by Marco Fargetta at 2022-07-22T16:06:01+02:00
Fix repository name error
- - - - -
d68ab839 by Chris Kelley at 2022-07-25T06:53:54+01:00
Fix shellcheck issues in build.sh
- - - - -
78c977ca by Marco Fargetta at 2022-07-26T15:32:54+02:00
Make the base branch generic (#55)
* Make the base branch generic
* Fix space
- - - - -
a3343581 by Endi S. Dewata at 2022-07-26T21:02:40-05:00
Update TomcatJSS.init()
The TomcatJSS.init() has been modified to check for null or
empty serverCertNickFile before using the value.
- - - - -
c1cd3dac by Chris Kelley at 2022-10-31T15:56:44+00:00
Introduce new scripts to automate the build process
A new script update_version.sh is introduced, to start to reduce some
of the manual burden of building packages. Usage is as:
./update_version.sh <major> <minor> <update> <phase>
...where phase is optional.
In this first iteration, it does the following:
* Updates the spec version to the new version provided
* Commits that change
* Creates a tag based on the new version provided
* Creates a source tarball based on the new version provided
A companion script is also included to revert the version update, if
required.
- - - - -
1497fc6b by Chris Kelley at 2022-11-14T09:59:45+00:00
Run RPMInspect in tomcatjss CI
- - - - -
0a69c8c1 by Endi S. Dewata at 2022-11-30T00:14:55+07:00
Update version number to 8.3.0-beta1
- - - - -
147cece4 by Endi S. Dewata at 2022-12-06T11:25:48+07:00
Update runner-init.sh to no longer map cgroup folder
- - - - -
d4d85aa0 by Endi S. Dewata at 2022-12-06T11:25:48+07:00
Update COPR repo to @pki/11.3
- - - - -
014f6017 by Endi S. Dewata at 2023-02-07T13:39:07-06:00
Updating version to v8.3.0
- - - - -
20 changed files:
- + .github/workflows/build-tests.yml
- + .github/workflows/code-analysis.yml
- + .github/workflows/sonarcloud-pull.yml
- Dockerfile
- build.sh
- + core/pom.xml
- core/src/main/java/org/apache/tomcat/util/net/jss/TomcatJSS.java
- + main/pom.xml
- + pom.xml
- + revert_update_version.sh
- + sonar-project.properties
- tests/bin/ds-create.sh
- tests/bin/init-workflow.sh
- + tests/bin/rpminspect.sh
- tests/bin/runner-init.sh
- + tomcat-9.0/pom.xml
- tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSContext.java
- tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSImplementation.java
- tomcatjss.spec
- + update_version.sh
Changes:
=====================================
.github/workflows/build-tests.yml
=====================================
@@ -0,0 +1,76 @@
+name: Build Tests
+
+on: [push, pull_request]
+
+jobs:
+ init:
+ name: Initializing Workflow
+ runs-on: ubuntu-latest
+ outputs:
+ matrix: ${{ steps.init.outputs.matrix }}
+ repo: ${{ steps.init.outputs.repo }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Initialize workflow
+ id: init
+ env:
+ BASE64_MATRIX: ${{ secrets.BASE64_MATRIX }}
+ BASE64_REPO: ${{ secrets.BASE64_REPO }}
+ run: |
+ tests/bin/init-workflow.sh
+
+ build-test:
+ name: Build Test
+ needs: init
+ runs-on: ubuntu-latest
+ strategy:
+ matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+ container: fedora:${{ matrix.os }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Install dependencies
+ run: |
+ dnf install -y dnf-plugins-core maven rpm-build
+ dnf copr enable -y ${{ needs.init.outputs.repo }}
+ dnf builddep -y --spec tomcatjss.spec
+
+ - name: Build Tomcat JSS with Ant
+ run: |
+ ./build.sh
+
+ - name: Install JSS into Maven repo
+ run: |
+ mvn install:install-file \
+ -Dfile=/usr/lib/java/jss.jar \
+ -DgroupId=org.dogtagpki \
+ -DartifactId=jss \
+ -Dversion=5.3.0-SNAPSHOT \
+ -Dpackaging=jar \
+ -DgeneratePom=true
+
+ - name: Build Tomcat JSS with Maven
+ run: |
+ mvn package
+
+ - name: Compare tomcatjss.jar
+ run: |
+ jar tvf ~/build/tomcatjss/jars/tomcatjss.jar | awk '{print $8;}' | sort | tee ant.out
+ jar tvf main/target/tomcatjss-main-8.3.0-SNAPSHOT.jar | awk '{print $8;}' | grep -v '^META-INF/maven/' | sort > maven.out
+ diff ant.out maven.out
+
+ - name: Build Tomcat JSS RPMS with Ant
+ run: |
+ ./build.sh --work-dir=build rpm
+
+ - name: Install RPMInspect
+ run: |
+ dnf install -y dnf-plugins-core
+ dnf copr enable -y copr.fedorainfracloud.org/dcantrell/rpminspect
+ dnf install -y rpminspect rpminspect-data-fedora
+
+ - name: Run RPMInspect on SRPM and RPMs
+ run: ./tests/bin/rpminspect.sh
=====================================
.github/workflows/code-analysis.yml
=====================================
@@ -0,0 +1,123 @@
+name: Code Analysis
+on: [push, pull_request]
+jobs:
+ init:
+ if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
+ name: Initializing Workflow
+ runs-on: ubuntu-latest
+ outputs:
+ matrix: ${{ steps.init.outputs.matrix }}
+ repo: ${{ steps.init.outputs.repo }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Initialize workflow
+ id: init
+ env:
+ BASE64_MATRIX: ${{ secrets.BASE64_MATRIX }}
+ BASE64_REPO: ${{ secrets.BASE64_REPO }}
+ run: |
+ tests/bin/init-workflow.sh
+
+ build:
+ name: Building TomcatJSS
+ needs: init
+ runs-on: ubuntu-latest
+ strategy:
+ matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action at v1
+
+ - name: Build runner image
+ uses: docker/build-push-action at v2
+ with:
+ context: .
+ build-args: |
+ OS_VERSION=${{ matrix.os }}
+ COPR_REPO=${{ needs.init.outputs.repo }}
+ BUILD_OPTS=--with-timestamp --with-commit-id
+ tags: tomcatjss-runner
+ target: tomcatjss-runner
+ outputs: type=docker,dest=sonar-runner.tar
+
+ - name: Store runner image
+ uses: actions/cache at v3
+ with:
+ key: sonar-runner-${{ matrix.os }}-${{ github.run_id }}
+ path: sonar-runner.tar
+
+
+ sonarcloud:
+ name: SonarCloud
+ needs: [init, build]
+ runs-on: ubuntu-latest
+ env:
+ SHARED: /tmp/workdir/tomcatjss
+ strategy:
+ matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+ steps:
+ - uses: actions/checkout at v2
+ with:
+ fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+
+
+ - name: Retrieve runner image
+ uses: actions/cache at v3
+ with:
+ key: sonar-runner-${{ matrix.os }}-${{ github.run_id }}
+ path: sonar-runner.tar
+
+ - name: Load runner image
+ run: docker load --input sonar-runner.tar
+
+ - name: Run container
+ run: |
+ IMAGE=tomcatjss-runner \
+ NAME=pki \
+ tests/bin/runner-init.sh
+
+ - name: Copy builds in current folder
+ run: |
+ mkdir build
+ docker cp pki:/usr/share/java/tomcatjss.jar build/
+
+ - name: Remove maven related file
+ run: rm -f pom.xml
+
+ - name: SonarCloud Scan
+ uses: SonarSource/sonarcloud-github-action at master
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+ get-pr-ref:
+ if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository
+ name: Sonar cloud PR fork analyses deferring
+ runs-on: ubuntu-latest
+ steps:
+ - name: Save PR information
+ run: |
+ mkdir -p ./pr
+ echo ${{ github.event.number }} > ./pr/NR
+ echo ${{ github.event.pull_request.base.ref }} > ./pr/BaseBranch
+
+ - name: Upload pr as artifact
+ uses: actions/upload-artifact at v2
+ with:
+ name: pr
+ path: pr/
+
+ shellcheck:
+ name: Shellcheck
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout at v2
+ - name: Run ShellCheck
+ uses: ludeeus/action-shellcheck at master
+ with:
+ severity: warning
=====================================
.github/workflows/sonarcloud-pull.yml
=====================================
@@ -0,0 +1,188 @@
+name: Sonarcloud-Pull
+on:
+ workflow_run:
+ workflows: ["Code Analysis"]
+ types:
+ - completed
+
+jobs:
+ retrieve-pr:
+ if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
+ runs-on: ubuntu-latest
+ outputs:
+ pr-number: ${{ steps.pr-artifact-script.outputs.result }}
+ pr-base: ${{ steps.pr-base-script.outputs.result }}
+ steps:
+ - name: 'Download PR artifact'
+ uses: actions/github-script at v3.1.0
+ id: download-pr
+ with:
+ result-encoding: string
+ script: |
+ var artifacts = await github.actions.listWorkflowRunArtifacts({
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ run_id: context.payload.workflow_run.id,
+ });
+ var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+ return artifact.name == "pr"
+ })[0];
+ if (matchArtifact == null){
+ core.setFailed("No PR artifact");
+ return "False";
+ }
+ var download = await github.actions.downloadArtifact({
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ artifact_id: matchArtifact.id,
+ archive_format: 'zip',
+ });
+ var fs = require('fs');
+ fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
+ return "True";
+
+ - name: Unzip the pr
+ if: steps.download-pr.outputs.result == 'True'
+ run: unzip pr.zip
+
+ - name: Retrieve the pr number
+ if: success()
+ id: pr-artifact-script
+ uses: actions/github-script at v3.1.0
+ with:
+ result-encoding: string
+ script: |
+ var fs = require('fs');
+ var pr_number = Number(fs.readFileSync('./NR'));
+ return pr_number;
+
+ - name: Retrieve the pr base
+ if: success()
+ id: pr-base-script
+ uses: actions/github-script at v3.1.0
+ with:
+ result-encoding: string
+ script: |
+ var fs = require('fs');
+ var pr_base = fs.readFileSync('./BaseBranch');
+ return pr_base;
+
+ init:
+ name: Initializing Workflow
+ runs-on: ubuntu-latest
+ needs: retrieve-pr
+ outputs:
+ matrix: ${{ steps.init.outputs.matrix }}
+ repo: ${{ steps.init.outputs.repo }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Initialize workflow
+ id: init
+ env:
+ BASE64_MATRIX: ${{ secrets.BASE64_MATRIX }}
+ BASE64_REPO: ${{ secrets.BASE64_REPO }}
+ run: |
+ tests/bin/init-workflow.sh
+
+ build:
+ name: Building TomcatJSS
+ needs: [init, retrieve-pr]
+ runs-on: ubuntu-latest
+ strategy:
+ matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+ steps:
+ - name: Clone the repository
+ uses: actions/checkout at v2
+ with:
+ repository: ${{ github.event.workflow_run.head_repository.full_name }}
+ ref: ${{ github.event.workflow_run.head_branch }}
+ fetch-depth: 0
+
+ - name: Rebase to master
+ run: |
+ git config user.name "GitHub Workflow Action"
+ git remote add tomcatjss ${{ github.event.repository.clone_url }}
+ git fetch tomcatjss
+ git rebase tomcatjss/${{ needs.retrieve-pr.outputs.pr-base }}
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action at v1
+
+ - name: Build runner image
+ uses: docker/build-push-action at v2
+ with:
+ context: .
+ build-args: |
+ OS_VERSION=${{ matrix.os }}
+ COPR_REPO=${{ needs.init.outputs.repo }}
+ BUILD_OPTS=--with-timestamp --with-commit-id
+ tags: tomcatjss-runner
+ target: tomcatjss-runner
+ outputs: type=docker,dest=sonar-runner.tar
+
+ - name: Store runner image
+ uses: actions/cache at v3
+ with:
+ key: sonar-runner-${{ matrix.os }}-${{ github.event.workflow_run.id }}
+ path: sonar-runner.tar
+
+ sonarcloud:
+ name: SonarCloud
+ needs: [retrieve-pr, init, build]
+ if: needs.retrieve-pr.outputs.pr-number != ''
+ runs-on: ubuntu-latest
+ env:
+ SHARED: /tmp/workdir/ldapjdk
+ strategy:
+ matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+ steps:
+ - name: Retrieve runner image
+ uses: actions/cache at v3
+ with:
+ key: sonar-runner-${{ matrix.os }}-${{ github.event.workflow_run.id }}
+ path: sonar-runner.tar
+
+ - name: Load runner image
+ run: docker load --input sonar-runner.tar
+
+ - name: Clone the repository
+ uses: actions/checkout at v2
+ with:
+ repository: ${{ github.event.workflow_run.head_repository.full_name }}
+ ref: ${{ github.event.workflow_run.head_branch }}
+ fetch-depth: 0
+
+ - name: Rebase to master
+ run: |
+ git config user.name "GitHub Workflow Action"
+ git remote add tomcatjss ${{ github.event.repository.clone_url }}
+ git fetch tomcatjss
+ git rebase tomcatjss/${{ needs.retrieve-pr.outputs.pr-base }}
+
+ - name: Run container
+ run: |
+ IMAGE=tomcatjss-runner \
+ NAME=pki \
+ tests/bin/runner-init.sh
+
+ - name: Copy builds in current folder
+ run: |
+ mkdir build
+ docker cp pki:/usr/share/java/tomcatjss.jar build/
+
+ - name: Remove maven related file
+ run: rm -f pom.xml
+
+ - name: SonarCloud Scan
+ uses: SonarSource/sonarcloud-github-action at master
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ with:
+ args: >
+ -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
+ -Dsonar.pullrequest.key=${{ needs.retrieve-pr.outputs.pr-number }}
+ -Dsonar.pullrequest.branch=${{ github.event.workflow_run.head_branch }}
+ -Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}
=====================================
Dockerfile
=====================================
@@ -5,7 +5,7 @@
#
ARG OS_VERSION="latest"
-ARG COPR_REPO="@pki/master"
+ARG COPR_REPO="@pki/11.3"
################################################################################
FROM registry.fedoraproject.org/fedora:$OS_VERSION AS tomcatjss-builder
=====================================
build.sh
=====================================
@@ -81,11 +81,11 @@ generate_rpm_sources() {
--format=tar.gz \
--prefix "$PREFIX/" \
-o "$WORK_DIR/SOURCES/$TARBALL" \
- $SOURCE_TAG
+ "$SOURCE_TAG"
if [ "$SOURCE_TAG" != "HEAD" ] ; then
- TAG_ID="$(git -C "$SRC_DIR" rev-parse $SOURCE_TAG)"
+ TAG_ID="$(git -C "$SRC_DIR" rev-parse "$SOURCE_TAG")"
HEAD_ID="$(git -C "$SRC_DIR" rev-parse HEAD)"
if [ "$TAG_ID" != "$HEAD_ID" ] ; then
@@ -122,7 +122,7 @@ generate_patch() {
git -C "$SRC_DIR" \
format-patch \
--stdout \
- $SOURCE_TAG \
+ "$SOURCE_TAG" \
> "$WORK_DIR/SOURCES/$PATCH"
}
@@ -296,7 +296,7 @@ if [ "$BUILD_TARGET" = "dist" ] ; then
fi
# get Tomcat <major>.<minor> version number
- TOMCAT_VERSION=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
+ TOMCAT_VERSION=$(/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p')
if [ "$VERBOSE" = "true" ] ; then
echo "Tomcat: $TOMCAT_VERSION"
@@ -308,18 +308,18 @@ if [ "$BUILD_TARGET" = "dist" ] ; then
OPTIONS+=(-v)
fi
- OPTIONS+=(-f $SRC_DIR/build.xml)
- OPTIONS+=(-Dversion=$VERSION)
- OPTIONS+=(-Djnidir=$JNI_DIR)
- OPTIONS+=(-Dsrc.dir=tomcat-$TOMCAT_VERSION)
- OPTIONS+=(-Dbuild.dir=$WORK_DIR)
+ OPTIONS+=(-f "$SRC_DIR/build.xml")
+ OPTIONS+=(-Dversion="$VERSION")
+ OPTIONS+=(-Djnidir="$JNI_DIR")
+ OPTIONS+=(-Dsrc.dir="tomcat-$TOMCAT_VERSION")
+ OPTIONS+=(-Dbuild.dir="$WORK_DIR")
echo ant "${OPTIONS[@]}" compile package
ant "${OPTIONS[@]}" compile package
echo
echo "Build artifacts:"
- echo "- Java archive: $WORK_DIR/build/jars/tomcatjss.jar"
+ echo "- Java archive: $WORK_DIR/jars/tomcatjss.jar"
echo
echo "To install the build: $0 install"
echo "To create RPM packages: $0 rpm"
@@ -344,12 +344,12 @@ if [ "$BUILD_TARGET" = "install" ] ; then
OPTIONS+=(-v)
fi
- OPTIONS+=(-f $SRC_DIR/build.xml)
- OPTIONS+=(-Dversion=$VERSION)
- OPTIONS+=(-Dbuild.dir=$WORK_DIR)
- OPTIONS+=(-Dpackage=$NAME)
- OPTIONS+=(-Dinstall.doc.dir=$INSTALL_DIR$DOC_DIR)
- OPTIONS+=(-Dinstall.jar.dir=$INSTALL_DIR$JAVA_DIR)
+ OPTIONS+=(-f "$SRC_DIR"/build.xml)
+ OPTIONS+=(-Dversion="$VERSION")
+ OPTIONS+=(-Dbuild.dir="$WORK_DIR")
+ OPTIONS+=(-Dpackage="$NAME")
+ OPTIONS+=(-Dinstall.doc.dir="$INSTALL_DIR$DOC_DIR")
+ OPTIONS+=(-Dinstall.jar.dir="$INSTALL_DIR$JAVA_DIR")
echo ant "${OPTIONS[@]}" install
ant "${OPTIONS[@]}" install
=====================================
core/pom.xml
=====================================
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.dogtagpki</groupId>
+ <artifactId>tomcatjss-core</artifactId>
+ <version>8.3.0-SNAPSHOT</version>
+
+ <dependencies>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>1.7.32</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>3.12.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>tomcat-catalina</artifactId>
+ <version>9.0.50</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.dogtagpki</groupId>
+ <artifactId>jss</artifactId>
+ <version>5.3.0-SNAPSHOT</version>
+ </dependency>
+
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>3.8.1</version>
+ <configuration>
+ <release>17</release>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
=====================================
core/src/main/java/org/apache/tomcat/util/net/jss/TomcatJSS.java
=====================================
@@ -21,24 +21,35 @@ package org.apache.tomcat.util.net.jss;
import java.io.File;
import java.io.FileReader;
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
import java.nio.file.Files;
import java.nio.file.Paths;
+import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Properties;
+import javax.naming.ConfigurationException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.commons.lang3.StringUtils;
+import org.mozilla.jss.CertDatabaseException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.InitializationValues;
+import org.mozilla.jss.KeyDatabaseException;
+import org.mozilla.jss.NoSuchTokenException;
+import org.mozilla.jss.NotInitializedException;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.ssl.SSLAlertEvent;
import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
import org.mozilla.jss.ssl.SSLServerSocket;
@@ -49,13 +60,15 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
public class TomcatJSS implements SSLSocketListener {
- public static Logger logger = LoggerFactory.getLogger(TomcatJSS.class);
+ public static final Logger logger = LoggerFactory.getLogger(TomcatJSS.class);
- public final static TomcatJSS INSTANCE = new TomcatJSS();
+ public static final TomcatJSS INSTANCE = new TomcatJSS();
public static final int MAX_LOGIN_ATTEMPTS = 3;
+ public static final String CATALINA_BASE = "catalina.base";
public static TomcatJSS getInstance() { return INSTANCE; }
@@ -226,77 +239,81 @@ public class TomcatJSS implements SSLSocketListener {
this.ocspTimeout = ocspTimeout;
}
- public void loadJSSConfig(String jssConf) throws Exception {
+ public void loadJSSConfig(String jssConf) throws IOException {
File configFile = new File(jssConf);
loadJSSConfig(configFile);
}
- public void loadJSSConfig(File configFile) throws Exception {
+ public void loadJSSConfig(File configFile) throws IOException {
Properties config = new Properties();
- config.load(new FileReader(configFile));
-
- loadJSSConfig(config);
+ try (FileReader fr = new FileReader(configFile)) {
+ config.load(fr);
+ loadJSSConfig(config);
+ }
}
- public void loadJSSConfig(Properties config) throws Exception {
+ public void loadJSSConfig(Properties config) {
- String certDb = config.getProperty("certdbDir");
- if (certDb != null)
- setCertdbDir(certDb);
+ String certdbDirProp = config.getProperty("certdbDir");
+ if (certdbDirProp != null)
+ setCertdbDir(certdbDirProp);
- String passwordClass = config.getProperty("passwordClass");
- if (passwordClass != null)
- setPasswordClass(passwordClass);
+ String passwordClassProp = config.getProperty("passwordClass");
+ if (passwordClassProp != null)
+ setPasswordClass(passwordClassProp);
- String passwordFile = config.getProperty("passwordFile");
- if (passwordFile != null)
- setPasswordFile(passwordFile);
+ String passwordFileProp = config.getProperty("passwordFile");
+ if (passwordFileProp != null)
+ setPasswordFile(passwordFileProp);
- String enableOCSP = config.getProperty("enableOCSP");
- if (enableOCSP != null)
- setEnableOCSP(Boolean.parseBoolean(enableOCSP));
+ String enableOCSPProp = config.getProperty("enableOCSP");
+ if (enableOCSPProp != null)
+ setEnableOCSP(Boolean.parseBoolean(enableOCSPProp));
- String ocspResponderURL = config.getProperty("ocspResponderURL");
- if (ocspResponderURL != null)
- setOcspResponderURL(ocspResponderURL);
+ String ocspResponderURLProp = config.getProperty("ocspResponderURL");
+ if (ocspResponderURLProp != null)
+ setOcspResponderURL(ocspResponderURLProp);
- String ocspResponderCertNickname = config.getProperty("ocspResponderCertNickname");
- if (ocspResponderCertNickname != null)
- setOcspResponderCertNickname(ocspResponderCertNickname);
+ String ocspResponderCertNicknameProp = config.getProperty("ocspResponderCertNickname");
+ if (ocspResponderCertNicknameProp != null)
+ setOcspResponderCertNickname(ocspResponderCertNicknameProp);
- String ocspCacheSize = config.getProperty("ocspCacheSize");
- if (StringUtils.isNotEmpty(ocspCacheSize))
- setOcspCacheSize(Integer.parseInt(ocspCacheSize));
+ String ocspCacheSizeProp = config.getProperty("ocspCacheSize");
+ if (StringUtils.isNotEmpty(ocspCacheSizeProp))
+ setOcspCacheSize(Integer.parseInt(ocspCacheSizeProp));
- String ocspMinCacheEntryDuration = config.getProperty("ocspMinCacheEntryDuration");
- if (StringUtils.isNotEmpty(ocspMinCacheEntryDuration))
- setOcspMinCacheEntryDuration(Integer.parseInt(ocspMinCacheEntryDuration));
+ String ocspMinCacheEntryDurationProp = config.getProperty("ocspMinCacheEntryDuration");
+ if (StringUtils.isNotEmpty(ocspMinCacheEntryDurationProp))
+ setOcspMinCacheEntryDuration(Integer.parseInt(ocspMinCacheEntryDurationProp));
- String ocspMaxCacheEntryDuration = config.getProperty("ocspMaxCacheEntryDuration");
- if (StringUtils.isNotEmpty(ocspMaxCacheEntryDuration))
- setOcspMaxCacheEntryDuration(Integer.parseInt(ocspMaxCacheEntryDuration));
+ String ocspMaxCacheEntryDurationProp = config.getProperty("ocspMaxCacheEntryDuration");
+ if (StringUtils.isNotEmpty(ocspMaxCacheEntryDurationProp))
+ setOcspMaxCacheEntryDuration(Integer.parseInt(ocspMaxCacheEntryDurationProp));
- String ocspTimeout = config.getProperty("ocspTimeout");
- if (StringUtils.isNotEmpty(ocspTimeout))
- setOcspTimeout(Integer.parseInt(ocspTimeout));
+ String ocspTimeoutProp = config.getProperty("ocspTimeout");
+ if (StringUtils.isNotEmpty(ocspTimeoutProp))
+ setOcspTimeout(Integer.parseInt(ocspTimeoutProp));
}
- public void loadTomcatConfig(String serverXml) throws Exception {
+ public void loadTomcatConfig(String serverXml)
+ throws ParserConfigurationException, SAXException, IOException, XPathExpressionException {
File configFile = new File(serverXml);
loadTomcatConfig(configFile);
}
- public void loadTomcatConfig(File configFile) throws Exception {
+ public void loadTomcatConfig(File configFile)
+ throws ParserConfigurationException, SAXException, IOException, XPathExpressionException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.parse(configFile);
loadTomcatConfig(document);
}
- public void loadTomcatConfig(Document document) throws Exception {
+ public void loadTomcatConfig(Document document) throws XPathExpressionException {
XPathFactory xPathfactory = XPathFactory.newInstance();
XPath xpath = xPathfactory.newXPath();
@@ -305,71 +322,78 @@ public class TomcatJSS implements SSLSocketListener {
"/Server/Service[@name='Catalina']/Connector[@SSLEnabled='true']",
document, XPathConstants.NODE);
- String certDb = connector.getAttribute("certdbDir");
- if (certDb != null)
- setCertdbDir(certDb);
+ String certDbProp = connector.getAttribute("certdbDir");
+ if (certDbProp != null)
+ setCertdbDir(certDbProp);
- String passwordClass = connector.getAttribute("passwordClass");
- if (passwordClass != null)
- setPasswordClass(passwordClass);
+ String passwordClassProp = connector.getAttribute("passwordClass");
+ if (passwordClassProp != null)
+ setPasswordClass(passwordClassProp);
- String passwordFile = connector.getAttribute("passwordFile");
- if (passwordFile != null)
- setPasswordFile(passwordFile);
+ String passwordFileProp = connector.getAttribute("passwordFile");
+ if (passwordFileProp != null)
+ setPasswordFile(passwordFileProp);
- String serverCertNickFile = connector.getAttribute("serverCertNickFile");
- if (serverCertNickFile != null)
- setServerCertNickFile(serverCertNickFile);
+ String serverCertNickFileProp = connector.getAttribute("serverCertNickFile");
+ if (serverCertNickFileProp != null)
+ setServerCertNickFile(serverCertNickFileProp);
- String enableOCSP = connector.getAttribute("enableOCSP");
- if (enableOCSP != null)
- setEnableOCSP(Boolean.parseBoolean(enableOCSP));
+ String enableOCSPProp = connector.getAttribute("enableOCSP");
+ if (enableOCSPProp != null)
+ setEnableOCSP(Boolean.parseBoolean(enableOCSPProp));
- String ocspResponderURL = connector.getAttribute("ocspResponderURL");
- if (ocspResponderURL != null)
- setOcspResponderURL(ocspResponderURL);
+ String ocspResponderURLProp = connector.getAttribute("ocspResponderURL");
+ if (ocspResponderURLProp != null)
+ setOcspResponderURL(ocspResponderURLProp);
- String ocspResponderCertNickname = connector.getAttribute("ocspResponderCertNickname");
- if (ocspResponderCertNickname != null)
- setOcspResponderCertNickname(ocspResponderCertNickname);
+ String ocspResponderCertNicknameProp = connector.getAttribute("ocspResponderCertNickname");
+ if (ocspResponderCertNicknameProp != null)
+ setOcspResponderCertNickname(ocspResponderCertNicknameProp);
- String ocspCacheSize = connector.getAttribute("ocspCacheSize");
- if (StringUtils.isNotEmpty(ocspCacheSize))
- setOcspCacheSize(Integer.parseInt(ocspCacheSize));
+ String ocspCacheSizeProp = connector.getAttribute("ocspCacheSize");
+ if (StringUtils.isNotEmpty(ocspCacheSizeProp))
+ setOcspCacheSize(Integer.parseInt(ocspCacheSizeProp));
- String ocspMinCacheEntryDuration = connector.getAttribute("ocspMinCacheEntryDuration");
- if (StringUtils.isNotEmpty(ocspMinCacheEntryDuration))
- setOcspMinCacheEntryDuration(Integer.parseInt(ocspMinCacheEntryDuration));
+ String ocspMinCacheEntryDurationProp = connector.getAttribute("ocspMinCacheEntryDuration");
+ if (StringUtils.isNotEmpty(ocspMinCacheEntryDurationProp))
+ setOcspMinCacheEntryDuration(Integer.parseInt(ocspMinCacheEntryDurationProp));
- String ocspMaxCacheEntryDuration = connector.getAttribute("ocspMaxCacheEntryDuration");
- if (StringUtils.isNotEmpty(ocspMaxCacheEntryDuration))
- setOcspMaxCacheEntryDuration(Integer.parseInt(ocspMaxCacheEntryDuration));
+ String ocspMaxCacheEntryDurationProp = connector.getAttribute("ocspMaxCacheEntryDuration");
+ if (StringUtils.isNotEmpty(ocspMaxCacheEntryDurationProp))
+ setOcspMaxCacheEntryDuration(Integer.parseInt(ocspMaxCacheEntryDurationProp));
- String ocspTimeout = connector.getAttribute("ocspTimeout");
- if (StringUtils.isNotEmpty(ocspTimeout))
- setOcspTimeout(Integer.parseInt(ocspTimeout));
+ String ocspTimeoutProp = connector.getAttribute("ocspTimeout");
+ if (StringUtils.isNotEmpty(ocspTimeoutProp))
+ setOcspTimeout(Integer.parseInt(ocspTimeoutProp));
}
/**
* Load configuration from jss.conf (if available) or server.xml.
+ * @throws IOException
+ * @throws SAXException
+ * @throws ParserConfigurationException
+ * @throws XPathExpressionException
*/
- public void loadConfig() throws Exception {
- String catalinaBase = System.getProperty("catalina.base");
+ public void loadConfig() throws IOException, XPathExpressionException, ParserConfigurationException, SAXException {
+ String catalinaBase = System.getProperty(CATALINA_BASE);
String jssConf = catalinaBase + "/conf/jss.conf";
File configFile = new File(jssConf);
if (configFile.exists()) {
- logger.info("TomcatJSS: Loading JSS configuration from " + jssConf);
+ logger.info("TomcatJSS: Loading JSS configuration from {}", jssConf);
loadJSSConfig(configFile);
} else {
String serverXml = catalinaBase + "/conf/server.xml";
- logger.info("TomcatJSS: Loading JSS configuration from " + serverXml);
+ logger.info("TomcatJSS: Loading JSS configuration from {}", serverXml);
loadTomcatConfig(serverXml);
}
}
- public void init() throws Exception {
+ public void init() throws KeyDatabaseException, CertDatabaseException, GeneralSecurityException,
+ NotInitializedException, InstantiationException, IllegalAccessException, IllegalArgumentException,
+ InvocationTargetException, NoSuchMethodException, SecurityException, ClassNotFoundException, IOException,
+ NoSuchTokenException, TokenException, ConfigurationException {
if (initialized) {
return;
@@ -378,26 +402,26 @@ public class TomcatJSS implements SSLSocketListener {
logger.info("TomcatJSS: initialization");
if (certdbDir == null) {
- certdbDir = System.getProperty("catalina.base") + File.separator + "alias";
+ certdbDir = System.getProperty(CATALINA_BASE) + File.separator + "alias";
}
- logger.debug("TomcatJSS: certdbDir: " + certdbDir);
+ logger.debug("TomcatJSS: certdbDir: {}", certdbDir);
if (passwordClass == null) {
passwordClass = PlainPasswordFile.class.getName();
}
- logger.debug("TomcatJSS: passwordClass: " + passwordClass);
+ logger.debug("TomcatJSS: passwordClass: {}", passwordClass);
if (passwordFile == null) {
- passwordFile = System.getProperty("catalina.base") + File.separator +
+ passwordFile = System.getProperty(CATALINA_BASE) + File.separator +
"conf" + File.separator + "password.conf";
}
- logger.debug("TomcatJSS: passwordFile: " + passwordFile);
+ logger.debug("TomcatJSS: passwordFile: {}", passwordFile);
- if (serverCertNickFile != null) {
- logger.debug("TomcatJSS: serverCertNickFile: " + serverCertNickFile);
+ if (StringUtils.isNotEmpty(serverCertNickFile)) {
+ logger.debug("TomcatJSS: serverCertNickFile: {}", serverCertNickFile);
}
InitializationValues vals = new InitializationValues(certdbDir);
@@ -409,22 +433,22 @@ public class TomcatJSS implements SSLSocketListener {
CryptoManager.initialize(vals);
} catch (AlreadyInitializedException e) {
- logger.warn("TomcatJSS: " + e);
+ logger.warn("TomcatJSS: {}", e, e);
}
manager = CryptoManager.getInstance();
- passwordStore = (IPasswordStore) Class.forName(passwordClass).newInstance();
+ passwordStore = (IPasswordStore) Class.forName(passwordClass).getDeclaredConstructor().newInstance();
passwordStore.init(passwordFile);
login();
- if (serverCertNickFile != null) {
+ if (StringUtils.isNotEmpty(serverCertNickFile)) {
serverCertNick = new String(Files.readAllBytes(Paths.get(serverCertNickFile))).trim();
- logger.debug("serverCertNick: " + serverCertNick);
+ logger.debug("serverCertNick: {}", serverCertNick);
}
- logger.debug("clientAuth: " + clientAuth);
+ logger.debug("clientAuth: {}", clientAuth);
if (clientAuth.equalsIgnoreCase("true")) {
requireClientAuth = true;
@@ -436,8 +460,8 @@ public class TomcatJSS implements SSLSocketListener {
wantClientAuth = true;
}
- logger.debug("requireClientAuth: " + requireClientAuth);
- logger.debug("wantClientAuth: " + wantClientAuth);
+ logger.debug("requireClientAuth: {}", requireClientAuth);
+ logger.debug("wantClientAuth: {}", wantClientAuth);
if (requireClientAuth || wantClientAuth) {
configureOCSP();
@@ -451,7 +475,7 @@ public class TomcatJSS implements SSLSocketListener {
initialized = true;
}
- public void login() throws Exception {
+ public void login() throws NoSuchTokenException, TokenException {
logger.debug("TomcatJSS: logging into tokens");
@@ -468,23 +492,23 @@ public class TomcatJSS implements SSLSocketListener {
}
}
- public void login(String tag) throws Exception {
+ public void login(String tag) throws NoSuchTokenException, TokenException {
CryptoToken token = getToken(tag);
if (token.isLoggedIn()) {
- logger.debug("TomcatJSS: already logged into " + tag);
+ logger.debug("TomcatJSS: already logged into {}", tag);
return;
}
- logger.debug("TomcatJSS: logging into " + tag);
+ logger.debug("TomcatJSS: logging into {}", tag);
int iteration = 0;
do {
String strPassword = passwordStore.getPassword(tag, iteration);
if (strPassword == null) {
- logger.debug("TomcatJSS: no password for " + tag);
+ logger.debug("TomcatJSS: no password for {}", tag);
return;
}
@@ -492,22 +516,20 @@ public class TomcatJSS implements SSLSocketListener {
try {
token.login(password);
- return;
-
+ return; //NOSONAR - Not a redundant return, break will print the final error message even on success.
} catch (IncorrectPasswordException e) {
logger.warn("TomcatJSS: incorrect password");
iteration ++;
-
} finally {
password.clear();
}
} while (iteration < MAX_LOGIN_ATTEMPTS);
- logger.error("TomcatJSS: failed to log into " + tag);
+ logger.error("TomcatJSS: failed to log into {}", tag);
}
- public CryptoToken getToken(String tag) throws Exception {
+ public CryptoToken getToken(String tag) throws NoSuchTokenException {
if (tag.equals("internal")) {
return manager.getInternalKeyStorageToken();
@@ -522,22 +544,22 @@ public class TomcatJSS implements SSLSocketListener {
return null;
}
- public void configureOCSP() throws Exception {
+ public void configureOCSP() throws GeneralSecurityException, ConfigurationException {
logger.info("configuring OCSP");
- logger.debug("enableOCSP: " + enableOCSP);
+ logger.debug("enableOCSP: {}", enableOCSP);
if (!enableOCSP) {
return;
}
- logger.debug("ocspResponderURL: " + ocspResponderURL);
+ logger.debug("ocspResponderURL: {}", ocspResponderURL);
if (StringUtils.isEmpty(ocspResponderURL)) {
ocspResponderURL = null;
}
- logger.debug("ocspResponderCertNickname: " + ocspResponderCertNickname);
+ logger.debug("ocspResponderCertNickname: {}", ocspResponderCertNickname);
if (StringUtils.isEmpty(ocspResponderCertNickname)) {
ocspResponderCertNickname = null;
}
@@ -545,11 +567,11 @@ public class TomcatJSS implements SSLSocketListener {
// Check to see if the ocsp url and nickname are both set or not set
if (ocspResponderURL == null && ocspResponderCertNickname != null) {
- throw new Exception("Missing OCSP responder URL");
+ throw new ConfigurationException("Missing OCSP responder URL");
}
if (ocspResponderURL != null && ocspResponderCertNickname == null) {
- throw new Exception("Missing OCSP responder certificate nickname");
+ throw new ConfigurationException("Missing OCSP responder certificate nickname");
}
manager.configureOCSP(
@@ -557,15 +579,15 @@ public class TomcatJSS implements SSLSocketListener {
ocspResponderURL,
ocspResponderCertNickname);
- logger.debug("ocspCacheSize: " + ocspCacheSize);
- logger.debug("ocspMinCacheEntryDuration: " + ocspMinCacheEntryDuration);
- logger.debug("ocspMaxCacheEntryDuration: " + ocspMaxCacheEntryDuration);
+ logger.debug("ocspCacheSize: {}", ocspCacheSize);
+ logger.debug("ocspMinCacheEntryDuration: {}", ocspMinCacheEntryDuration);
+ logger.debug("ocspMaxCacheEntryDuration: {}", ocspMaxCacheEntryDuration);
manager.OCSPCacheSettings(ocspCacheSize,
ocspMinCacheEntryDuration,
ocspMaxCacheEntryDuration);
- logger.debug("ocspTimeout: " + ocspTimeout);
+ logger.debug("ocspTimeout: {}", ocspTimeout);
manager.setOCSPTimeout(ocspTimeout);
}
=====================================
main/pom.xml
=====================================
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.dogtagpki</groupId>
+ <artifactId>tomcatjss-main</artifactId>
+ <version>8.3.0-SNAPSHOT</version>
+
+ <dependencies>
+
+ <dependency>
+ <groupId>org.dogtagpki</groupId>
+ <artifactId>tomcatjss-core</artifactId>
+ <version>8.3.0-SNAPSHOT</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.dogtagpki</groupId>
+ <artifactId>tomcatjss-tomcat-9.0</artifactId>
+ <version>8.3.0-SNAPSHOT</version>
+ </dependency>
+
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-shade-plugin</artifactId>
+ <version>1.2.2</version>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>shade</goal>
+ </goals>
+ <configuration>
+ <artifactSet>
+ <excludes>
+ <exclude>org.slf4j:slf4j-api</exclude>
+ <exclude>org.apache.commons:commons-lang3</exclude>
+ <exclude>org.apache.tomcat:tomcat-catalina</exclude>
+ <exclude>org.apache.tomcat:tomcat-servlet-api</exclude>
+ <exclude>org.apache.tomcat:tomcat-jsp-api</exclude>
+ <exclude>org.apache.tomcat:tomcat-el-api</exclude>
+ <exclude>org.apache.tomcat:tomcat-juli</exclude>
+ <exclude>org.apache.tomcat:tomcat-annotations-api</exclude>
+ <exclude>org.apache.tomcat:tomcat-api</exclude>
+ <exclude>org.apache.tomcat:tomcat-jni</exclude>
+ <exclude>org.apache.tomcat:tomcat-coyote</exclude>
+ <exclude>org.apache.tomcat:tomcat-util</exclude>
+ <exclude>org.apache.tomcat:tomcat-util-scan</exclude>
+ <exclude>org.apache.tomcat:tomcat-jaspic-api</exclude>
+ <exclude>org.dogtagpki:jss</exclude>
+ </excludes>
+ </artifactSet>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
=====================================
pom.xml
=====================================
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.dogtagpki</groupId>
+ <artifactId>tomcatjss</artifactId>
+ <version>8.3.0-SNAPSHOT</version>
+ <packaging>pom</packaging>
+
+ <modules>
+ <module>core</module>
+ <module>tomcat-9.0</module>
+ <module>main</module>
+ </modules>
+
+</project>
=====================================
revert_update_version.sh
=====================================
@@ -0,0 +1,19 @@
+#!/bin/bash -e
+
+# Use this script to revert the commit and delete the tag created using the update_version.sh script.
+
+HEAD_TAG=$(git tag --points-at HEAD)
+
+HEAD_COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD)
+UPDATE_COMMIT_MESSAGE="Updating version to"
+
+# Only proceed if the HEAD commit is a version update
+
+if [[ "$HEAD_COMMIT_MESSAGE=" == *"$UPDATE_COMMIT_MESSAGE"* ]]; then
+ git tag -d "$HEAD_TAG"
+ git reset --hard HEAD~1
+else
+ echo "The HEAD commit is not a version update, aborting."
+ exit 1
+fi
+
=====================================
sonar-project.properties
=====================================
@@ -0,0 +1,15 @@
+sonar.projectKey=dogtagpki_tomcatjss
+sonar.organization=dogtagpki
+
+# This is the name and version displayed in the SonarCloud UI.
+#sonar.projectName=tomcatjss
+#sonar.projectVersion=1.0
+
+# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
+
+sonar.sources=core/src/main/java/
+
+sonar.java.binaries=build/
+
+# Encoding of the source code. Default is default system encoding
+#sonar.sourceEncoding=UTF-8
=====================================
tests/bin/ds-create.sh
=====================================
@@ -13,7 +13,7 @@ sed -i \
dscreate from-file ds.inf
-ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
+ldapadd -H ldap://$HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: dc=example,dc=com
objectClass: domain
dc: example
=====================================
tests/bin/init-workflow.sh
=====================================
@@ -12,7 +12,7 @@ echo "::set-output name=matrix::$MATRIX"
if [ "$BASE64_REPO" == "" ]
then
- REPO="@pki/master"
+ REPO="@pki/11.3"
else
REPO=$(echo "$BASE64_REPO" | base64 -d)
fi
=====================================
tests/bin/rpminspect.sh
=====================================
@@ -0,0 +1,14 @@
+#!/bin/bash -e
+
+# Don't run metadata check as we can't know the build host subdomain
+# of CI runners in advance to add to an allow list
+
+echo "Running RPMInspect on SRPM"
+rpminspect-fedora -E metadata build/SRPMS/*.rpm
+
+# Run RPMInspect on RPMs
+for f in build/RPMS/*rpm; do
+ echo "::group::Running RPMInspect on $f"
+ rpminspect-fedora -E metadata,javabytecode "$f"
+ echo "::endgroup::"
+done
=====================================
tests/bin/runner-init.sh
=====================================
@@ -7,7 +7,6 @@ docker run \
--privileged \
--tmpfs /tmp \
--tmpfs /run \
- -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-v ${GITHUB_WORKSPACE}:${SHARED} \
-i \
${IMAGE}
=====================================
tomcat-9.0/pom.xml
=====================================
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.dogtagpki</groupId>
+ <artifactId>tomcatjss-tomcat-9.0</artifactId>
+ <version>8.3.0-SNAPSHOT</version>
+
+ <dependencies>
+
+ <dependency>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>tomcat-catalina</artifactId>
+ <version>9.0.50</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.dogtagpki</groupId>
+ <artifactId>jss</artifactId>
+ <version>5.3.0-SNAPSHOT</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.dogtagpki</groupId>
+ <artifactId>tomcatjss-core</artifactId>
+ <version>8.3.0-SNAPSHOT</version>
+ </dependency>
+
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>3.8.1</version>
+ <configuration>
+ <release>17</release>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
=====================================
tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSContext.java
=====================================
@@ -119,6 +119,6 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
@Override
public void destroy() {
- logger.debug("JSSContext.destory()");
+ logger.debug("JSSContext.destroy()");
}
}
=====================================
tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSImplementation.java
=====================================
@@ -21,19 +21,18 @@ package org.dogtagpki.tomcat;
import javax.net.ssl.SSLSession;
-import org.apache.tomcat.util.net.jsse.JSSESupport;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SSLUtil;
-
+import org.apache.tomcat.util.net.jsse.JSSESupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class JSSImplementation extends SSLImplementation {
- public static Logger logger = LoggerFactory.getLogger(JSSUtil.class);
+ public static final Logger logger = LoggerFactory.getLogger(JSSImplementation.class);
public JSSImplementation() {
logger.debug("JSSImplementation: instance created");
@@ -42,19 +41,19 @@ public class JSSImplementation extends SSLImplementation {
@Override
public SSLSupport getSSLSupport(SSLSession session) {
logger.debug("JSSImplementation.getSSLSupport()");
- return new JSSESupport(session);
+ return new JSSESupport(session, null);
}
@Override
public SSLUtil getSSLUtil(SSLHostConfigCertificate cert) {
logger.debug("JSSImplementation: getSSLUtil()");
- logger.debug("JSSImplementation: key alias: " + cert.getCertificateKeyAlias());
- logger.debug("JSSImplementation: keystore provider: " + cert.getCertificateKeystoreProvider());
+ logger.debug("JSSImplementation: key alias: {}", cert.getCertificateKeyAlias());
+ logger.debug("JSSImplementation: keystore provider: {}", cert.getCertificateKeystoreProvider());
SSLHostConfig hostConfig = cert.getSSLHostConfig();
- logger.debug("JSSImplementation: key manager alg: " + hostConfig.getKeyManagerAlgorithm());
- logger.debug("JSSImplementation: truststore alg: " + hostConfig.getTruststoreAlgorithm());
- logger.debug("JSSImplementation: truststore provider: " + hostConfig.getTruststoreProvider());
+ logger.debug("JSSImplementation: key manager alg: {}", hostConfig.getKeyManagerAlgorithm());
+ logger.debug("JSSImplementation: truststore alg: {}", hostConfig.getTruststoreAlgorithm());
+ logger.debug("JSSImplementation: truststore provider: {}", hostConfig.getTruststoreProvider());
return new JSSUtil(cert);
}
=====================================
tomcatjss.spec
=====================================
@@ -6,27 +6,26 @@ Name: tomcatjss
# Upstream version number:
%global major_version 8
-%global minor_version 2
+%global minor_version 3
%global update_version 0
# Downstream release number:
# - development/stabilization (unsupported): 0.<n> where n >= 1
# - GA/update (supported): <n> where n >= 1
-%global release_number 0.3
+%global release_number 1
# Development phase:
# - development (unsupported): alpha<n> where n >= 1
# - stabilization (unsupported): beta<n> where n >= 1
# - GA/update (supported): <none>
-%global phase beta2
+#global phase
%undefine timestamp
%undefine commit_id
Summary: JSS Connector for Apache Tomcat
-URL: https://www.dogtagpki.org/wiki/Tomcat_JSS
+URL: https://github.com/dogtagpki/tomcatjss
License: LGPLv2+
-BuildArch: noarch
Version: %{major_version}.%{minor_version}.%{update_version}
Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
@@ -47,6 +46,9 @@ Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?p
# > tomcatjss-VERSION-RELEASE.patch
# Patch: tomcatjss-VERSION-RELEASE.patch
+BuildArch: noarch
+ExclusiveArch: %{java_arches} noarch
+
################################################################################
# Java
################################################################################
@@ -74,7 +76,7 @@ BuildRequires: slf4j
BuildRequires: slf4j-jdk14
# JSS
-BuildRequires: jss >= 5.2.0
+BuildRequires: jss = 5.3
# Tomcat
%if 0%{?rhel} && ! 0%{?eln}
@@ -105,7 +107,7 @@ Requires: slf4j
Requires: slf4j-jdk14
# JSS
-Requires: jss >= 5.2.0
+Requires: jss = 5.3
# Tomcat
%if 0%{?rhel} && ! 0%{?eln}
@@ -116,6 +118,8 @@ Requires: tomcat >= 1:9.0.7
Obsoletes: tomcatjss < %{version}-%{release}
Provides: tomcatjss = %{version}-%{release}
+Provides: tomcatjss = %{major_version}.%{minor_version}
+Provides: %{product_id} = %{major_version}.%{minor_version}
# PKI
Conflicts: pki-base < 10.10.0
@@ -142,6 +146,8 @@ Services (NSS).
%build
################################################################################
+export JAVA_HOME=%{java_home}
+
./build.sh \
%{?_verbose:-v} \
--name=%{product_id} \
=====================================
update_version.sh
=====================================
@@ -0,0 +1,92 @@
+#!/bin/bash -e
+
+# Use this script to automate updating tomcatjss version.
+#
+# Usage: ./update_version.sh <major> <minor> <update> <phase> # (phase is optional)
+#
+# Explanation:
+# - change_spec_version
+# - Updates the spec version to the new version provided
+# - commit_version_change
+# - Commits that change
+# - create_tag
+# - Creates a tag based on the new version provided
+# - create_source_tarball
+# - Creates a source tarball based on the new version provided
+
+NEXT_MAJOR=$1
+NEXT_MINOR=$2
+NEXT_UPDATE=$3
+NEXT_PHASE=$4
+
+if [ -z "$NEXT_PHASE" ] ; then
+ NEXT_VERSION=$NEXT_MAJOR.$NEXT_MINOR.$NEXT_UPDATE
+else
+ NEXT_VERSION=$NEXT_MAJOR.$NEXT_MINOR.$NEXT_UPDATE-$NEXT_PHASE
+fi
+echo "New version is $NEXT_VERSION"
+
+verify_phase() {
+ if [[ "$NEXT_PHASE" =~ ^(alpha|beta)[0-9]+$ ]] ; then
+ echo "$NEXT_PHASE is a valid phase"
+ elif [ -z "$NEXT_PHASE" ] ; then
+ echo "Empty phase"
+ else
+ echo "$NEXT_PHASE is an invalid phase, aborting"
+ exit 1
+ fi
+}
+
+change_spec_version() {
+ CURRENT_PHASE=$(grep "phase " tomcatjss.spec | grep -E 'alpha|beta' | awk '{print $(NF)}')
+ CURRENT_RELEASE_NUMBER=$(grep "release_number " tomcatjss.spec | grep -Eo '[0-9]+(\.[0-9]+)?$')
+
+ echo "Update major version to $NEXT_MAJOR"
+ sed -i "/major_version /c\%global major_version $NEXT_MAJOR" tomcatjss.spec
+ echo "Update minor version to $NEXT_MINOR"
+ sed -i "/minor_version /c\%global minor_version $NEXT_MINOR" tomcatjss.spec
+ echo "Update update version to $NEXT_UPDATE"
+ sed -i "/update_version /c\%global update_version $NEXT_UPDATE" tomcatjss.spec
+
+ if [[ "$CURRENT_PHASE" != "$NEXT_PHASE" ]] ; then
+ if [ -z "$NEXT_PHASE" ] ; then
+ echo "Remove phase"
+ sed -i "/phase /c\#global phase" tomcatjss.spec
+ echo "Update release_number"
+ sed -i "/release_number /c\%global release_number 1" tomcatjss.spec
+ elif [ -z "$CURRENT_PHASE" ] ; then
+ echo "Add phase, set to $NEXT_PHASE"
+ sed -i "/#global phase/c\%global phase $NEXT_PHASE" tomcatjss.spec
+ echo "Update release_number"
+ sed -i "/release_number /c\%global release_number 0.1" tomcatjss.spec
+ else
+ echo "Update phase to $NEXT_PHASE"
+ sed -i "/phase /c\%global phase $NEXT_PHASE" tomcatjss.spec
+ echo "Update release_number"
+ IFS='.' read -ra CRL <<< "$CURRENT_RELEASE_NUMBER"
+ (( CRL[1]++ ))
+ sed -i "/release_number /c\%global release_number ${CRL[0]}.${CRL[1]}" tomcatjss.spec
+ fi
+ fi
+}
+
+commit_version_change() {
+ git add tomcatjss.spec
+ git commit -m "Updating version to v$NEXT_VERSION"
+ }
+
+create_tag() {
+ git tag v"$NEXT_VERSION"
+}
+
+create_source_tarball() {
+ ./build.sh --source-tag=v"$NEXT_VERSION" src
+}
+
+### Perform operations
+
+verify_phase
+change_spec_version
+commit_version_change
+create_tag
+create_source_tarball
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/-/compare/80a1fc7d23dd928b5b0bacc8b0a31ff3941ac711...014f601770958b250eac50605201baa6e4d4fc8e
--
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/-/compare/80a1fc7d23dd928b5b0bacc8b0a31ff3941ac711...014f601770958b250eac50605201baa6e4d4fc8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20230210/86af1fb2/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list