[Pkg-freeipa-devel] [Git][freeipa-team/tomcatjss][upstream] 29 commits: Update version number to 8.3.0-alpha1

Timo Aaltonen (@tjaalton) gitlab at salsa.debian.org
Fri Feb 10 07:39:58 GMT 2023



Timo Aaltonen pushed to branch upstream at FreeIPA packaging / tomcatjss


Commits:
6912715c by Endi S. Dewata at 2022-05-10T14:51:16-05:00
Update version number to 8.3.0-alpha1

- - - - -
0a0529a1 by Endi S. Dewata at 2022-05-10T14:51:56-05:00
Update project URL

- - - - -
43a336a2 by Endi S. Dewata at 2022-06-07T15:16:24+01:00
Update OpenLDAP clients to use -H option

The latest OpenLDAP clients no longer have the -h option so the
the tests have been updated to use the -H option instead.

- - - - -
c0a7f5c6 by Endi S. Dewata at 2022-06-15T15:01:56-05:00
Add missing JAVA_HOME

- - - - -
7611a99c by Marco Fargetta at 2022-06-21T14:20:22+02:00
Sonar cloud (#49)

* Add Sonarcloud

* Add Sonarcloud

* Add build

* Fix image name

* Add pull fork

* Fix workflow name

* Add dogtag references
- - - - -
194c3b15 by Edward Betts at 2022-07-05T13:00:09+01:00
Correct spelling mistake
- - - - -
afb63487 by Endi S. Dewata at 2022-07-06T10:47:22-05:00
Add Maven project

New pom.xml files have been added to define the Maven project
for Tomcat JSS. The project consists of a module that contains
the core classes, a module that contains Tomcat 9.0-specific
classes, and another module that contains all of these classes.

A new CI test has been added to compare the original Ant build
artifacts with the new Maven build artifacts.

- - - - -
9d31116b by Marco Fargetta at 2022-07-06T18:18:08+02:00
Fix Sonarcloud error for maven config (#51)

The introduction of the pom.xml makes the sonarcloud scan fail so it is
removed for the scan
- - - - -
abe9dbde by Chris Kelley at 2022-07-12T17:14:07+01:00
Fix modifier order to match JLS and make fields final where approproate
- - - - -
9f313222 by Chris Kelley at 2022-07-12T17:14:07+01:00
Replace deprecated constructors.
- - - - -
3f459b91 by Chris Kelley at 2022-07-12T17:14:07+01:00
Use string formatting when constructing log messages.
- - - - -
47fae97c by Chris Kelley at 2022-07-12T17:14:07+01:00
Rename local variables to not name shadow already declared variables.
- - - - -
fa8d8fd3 by Chris Kelley at 2022-07-12T17:14:07+01:00
Use try-with-resources in loadJSSConfig
- - - - -
6be6263b by Chris Kelley at 2022-07-12T17:14:07+01:00
Disable access to external entities when parsing XML
- - - - -
3ab36f45 by Chris Kelley at 2022-07-12T17:14:07+01:00
Throw more specific exceptions
- - - - -
f8d4b6c2 by Chris Kelley at 2022-07-12T17:14:07+01:00
Clean up small code issues.

* Give logger class it is defined in.
* Replace redundant return with boolean check
* Define a property for "catalina.base" so it is not duplicated

- - - - -
a8dc3a5b by Chris Kelley at 2022-07-21T12:34:19+01:00
Run shellcheck as GitHub action in tomcatjss CI

* Rename sonarcloud.yml to code-analysis.yml, add any additonal future
linters/scanners into this workflow.
- - - - -
a0a67649 by Marco Fargetta at 2022-07-21T14:46:58+02:00
Rebase to master before analyse the pull request (#53)


- - - - -
ae305481 by Chris Kelley at 2022-07-21T16:18:23+01:00
Rename sonarcloud.yml to code-analysis.yml

- - - - -
77846f15 by Marco Fargetta at 2022-07-22T16:06:01+02:00
Fix repository name error
- - - - -
d68ab839 by Chris Kelley at 2022-07-25T06:53:54+01:00
Fix shellcheck issues in build.sh
- - - - -
78c977ca by Marco Fargetta at 2022-07-26T15:32:54+02:00
Make the base branch generic (#55)

* Make the base branch generic

* Fix space
- - - - -
a3343581 by Endi S. Dewata at 2022-07-26T21:02:40-05:00
Update TomcatJSS.init()

The TomcatJSS.init() has been modified to check for null or
empty serverCertNickFile before using the value.

- - - - -
c1cd3dac by Chris Kelley at 2022-10-31T15:56:44+00:00
Introduce new scripts to automate the build process

A new script update_version.sh is introduced, to start to reduce some
of the manual burden of building packages. Usage is as:

./update_version.sh <major> <minor> <update> <phase>

...where phase is optional.

In this first iteration, it does the following:

* Updates the spec version to the new version provided
* Commits that change
* Creates a tag based on the new version provided
* Creates a source tarball based on the new version provided

A companion script is also included to revert the version update, if
required.

- - - - -
1497fc6b by Chris Kelley at 2022-11-14T09:59:45+00:00
Run RPMInspect in tomcatjss CI

- - - - -
0a69c8c1 by Endi S. Dewata at 2022-11-30T00:14:55+07:00
Update version number to 8.3.0-beta1

- - - - -
147cece4 by Endi S. Dewata at 2022-12-06T11:25:48+07:00
Update runner-init.sh to no longer map cgroup folder

- - - - -
d4d85aa0 by Endi S. Dewata at 2022-12-06T11:25:48+07:00
Update COPR repo to @pki/11.3

- - - - -
014f6017 by Endi S. Dewata at 2023-02-07T13:39:07-06:00
Updating version to v8.3.0

- - - - -


20 changed files:

- + .github/workflows/build-tests.yml
- + .github/workflows/code-analysis.yml
- + .github/workflows/sonarcloud-pull.yml
- Dockerfile
- build.sh
- + core/pom.xml
- core/src/main/java/org/apache/tomcat/util/net/jss/TomcatJSS.java
- + main/pom.xml
- + pom.xml
- + revert_update_version.sh
- + sonar-project.properties
- tests/bin/ds-create.sh
- tests/bin/init-workflow.sh
- + tests/bin/rpminspect.sh
- tests/bin/runner-init.sh
- + tomcat-9.0/pom.xml
- tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSContext.java
- tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSImplementation.java
- tomcatjss.spec
- + update_version.sh


Changes:

=====================================
.github/workflows/build-tests.yml
=====================================
@@ -0,0 +1,76 @@
+name: Build Tests
+
+on: [push, pull_request]
+
+jobs:
+  init:
+    name: Initializing Workflow
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.init.outputs.matrix }}
+      repo: ${{ steps.init.outputs.repo }}
+    steps:
+      - name: Clone repository
+        uses: actions/checkout at v2
+
+      - name: Initialize workflow
+        id: init
+        env:
+          BASE64_MATRIX: ${{ secrets.BASE64_MATRIX }}
+          BASE64_REPO: ${{ secrets.BASE64_REPO }}
+        run: |
+          tests/bin/init-workflow.sh
+
+  build-test:
+    name: Build Test
+    needs: init
+    runs-on: ubuntu-latest
+    strategy:
+      matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+    container: fedora:${{ matrix.os }}
+    steps:
+    - name: Clone repository
+      uses: actions/checkout at v2
+
+    - name: Install dependencies
+      run: |
+        dnf install -y dnf-plugins-core maven rpm-build
+        dnf copr enable -y ${{ needs.init.outputs.repo }}
+        dnf builddep -y --spec tomcatjss.spec
+
+    - name: Build Tomcat JSS with Ant
+      run: |
+        ./build.sh
+
+    - name: Install JSS into Maven repo
+      run: |
+        mvn install:install-file \
+            -Dfile=/usr/lib/java/jss.jar \
+            -DgroupId=org.dogtagpki \
+            -DartifactId=jss \
+            -Dversion=5.3.0-SNAPSHOT \
+            -Dpackaging=jar \
+            -DgeneratePom=true
+
+    - name: Build Tomcat JSS with Maven
+      run: |
+        mvn package
+
+    - name: Compare tomcatjss.jar
+      run: |
+        jar tvf ~/build/tomcatjss/jars/tomcatjss.jar | awk '{print $8;}' | sort | tee ant.out
+        jar tvf main/target/tomcatjss-main-8.3.0-SNAPSHOT.jar | awk '{print $8;}' | grep -v '^META-INF/maven/' | sort > maven.out
+        diff ant.out maven.out
+
+    - name: Build Tomcat JSS RPMS with Ant
+      run: |
+        ./build.sh --work-dir=build rpm
+
+    - name: Install RPMInspect
+      run: |
+        dnf install -y dnf-plugins-core
+        dnf copr enable -y copr.fedorainfracloud.org/dcantrell/rpminspect
+        dnf install -y rpminspect rpminspect-data-fedora
+
+    - name: Run RPMInspect on SRPM and RPMs
+      run: ./tests/bin/rpminspect.sh


=====================================
.github/workflows/code-analysis.yml
=====================================
@@ -0,0 +1,123 @@
+name: Code Analysis
+on: [push, pull_request]
+jobs:
+  init:
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
+    name: Initializing Workflow
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.init.outputs.matrix }}
+      repo: ${{ steps.init.outputs.repo }}
+    steps:
+      - name: Clone repository
+        uses: actions/checkout at v2
+
+      - name: Initialize workflow
+        id: init
+        env:
+          BASE64_MATRIX: ${{ secrets.BASE64_MATRIX }}
+          BASE64_REPO: ${{ secrets.BASE64_REPO }}
+        run: |
+          tests/bin/init-workflow.sh
+
+  build:
+    name: Building TomcatJSS
+    needs: init
+    runs-on: ubuntu-latest
+    strategy:
+      matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+    steps:
+      - name: Clone repository
+        uses: actions/checkout at v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action at v1
+
+      - name: Build runner image
+        uses: docker/build-push-action at v2
+        with:
+          context: .
+          build-args: |
+            OS_VERSION=${{ matrix.os }}
+            COPR_REPO=${{ needs.init.outputs.repo }}
+            BUILD_OPTS=--with-timestamp --with-commit-id
+          tags: tomcatjss-runner
+          target: tomcatjss-runner
+          outputs: type=docker,dest=sonar-runner.tar
+
+      - name: Store runner image
+        uses: actions/cache at v3
+        with:
+          key: sonar-runner-${{ matrix.os }}-${{ github.run_id }}
+          path: sonar-runner.tar
+
+
+  sonarcloud:
+    name: SonarCloud
+    needs: [init, build] 
+    runs-on: ubuntu-latest
+    env:
+      SHARED: /tmp/workdir/tomcatjss
+    strategy:
+      matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+    steps:
+      - uses: actions/checkout at v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+
+
+      - name: Retrieve runner image
+        uses: actions/cache at v3
+        with:
+          key: sonar-runner-${{ matrix.os }}-${{ github.run_id }}
+          path: sonar-runner.tar
+
+      - name: Load runner image
+        run: docker load --input sonar-runner.tar
+
+      - name: Run container
+        run: |
+          IMAGE=tomcatjss-runner \
+          NAME=pki \
+          tests/bin/runner-init.sh
+
+      - name: Copy builds in current folder
+        run: |
+          mkdir build
+          docker cp pki:/usr/share/java/tomcatjss.jar build/
+
+      - name: Remove maven related file
+        run: rm -f pom.xml
+
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action at master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  get-pr-ref:
+    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository
+    name: Sonar cloud PR fork analyses deferring
+    runs-on: ubuntu-latest
+    steps:
+      - name: Save PR information
+        run: |
+          mkdir -p ./pr
+          echo ${{ github.event.number }} > ./pr/NR
+          echo ${{ github.event.pull_request.base.ref }} > ./pr/BaseBranch
+
+      - name: Upload pr as artifact
+        uses: actions/upload-artifact at v2
+        with:
+          name: pr
+          path: pr/
+
+  shellcheck:
+    name: Shellcheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout at v2
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck at master
+        with:
+          severity: warning


=====================================
.github/workflows/sonarcloud-pull.yml
=====================================
@@ -0,0 +1,188 @@
+name: Sonarcloud-Pull
+on:
+  workflow_run:
+    workflows: ["Code Analysis"]
+    types:
+      - completed
+
+jobs:
+  retrieve-pr:
+    if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
+    runs-on: ubuntu-latest
+    outputs:
+      pr-number: ${{ steps.pr-artifact-script.outputs.result }}
+      pr-base: ${{ steps.pr-base-script.outputs.result }}
+    steps:
+      - name: 'Download PR artifact'
+        uses: actions/github-script at v3.1.0
+        id: download-pr
+        with:
+          result-encoding: string
+          script: |
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: context.payload.workflow_run.id,
+            });
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "pr"
+            })[0];
+            if (matchArtifact == null){
+              core.setFailed("No PR artifact");
+              return "False";
+            }
+            var download = await github.actions.downloadArtifact({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              artifact_id: matchArtifact.id,
+              archive_format: 'zip',
+            });
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
+            return "True";
+
+      - name: Unzip the pr
+        if: steps.download-pr.outputs.result == 'True'
+        run: unzip pr.zip
+
+      - name: Retrieve the pr number
+        if: success()
+        id: pr-artifact-script
+        uses: actions/github-script at v3.1.0
+        with:
+          result-encoding: string
+          script: |
+            var fs = require('fs');
+            var pr_number = Number(fs.readFileSync('./NR'));
+            return pr_number;
+
+      - name: Retrieve the pr base
+        if: success()
+        id: pr-base-script
+        uses: actions/github-script at v3.1.0
+        with:
+          result-encoding: string
+          script: |
+            var fs = require('fs');
+            var pr_base = fs.readFileSync('./BaseBranch');
+            return pr_base;
+
+  init:
+    name: Initializing Workflow
+    runs-on: ubuntu-latest
+    needs: retrieve-pr
+    outputs:
+      matrix: ${{ steps.init.outputs.matrix }}
+      repo: ${{ steps.init.outputs.repo }}
+    steps:
+      - name: Clone repository
+        uses: actions/checkout at v2
+
+      - name: Initialize workflow
+        id: init
+        env:
+          BASE64_MATRIX: ${{ secrets.BASE64_MATRIX }}
+          BASE64_REPO: ${{ secrets.BASE64_REPO }}
+        run: |
+          tests/bin/init-workflow.sh
+
+  build:
+    name: Building TomcatJSS
+    needs: [init, retrieve-pr]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+    steps:
+      - name: Clone the repository
+        uses: actions/checkout at v2
+        with:
+          repository: ${{ github.event.workflow_run.head_repository.full_name }}
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+
+      - name: Rebase to master
+        run: |
+          git config user.name "GitHub Workflow Action"
+          git remote add tomcatjss ${{ github.event.repository.clone_url }} 
+          git fetch tomcatjss
+          git rebase tomcatjss/${{ needs.retrieve-pr.outputs.pr-base }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action at v1
+
+      - name: Build runner image
+        uses: docker/build-push-action at v2
+        with:
+          context: .
+          build-args: |
+            OS_VERSION=${{ matrix.os }}
+            COPR_REPO=${{ needs.init.outputs.repo }}
+            BUILD_OPTS=--with-timestamp --with-commit-id
+          tags: tomcatjss-runner
+          target: tomcatjss-runner
+          outputs: type=docker,dest=sonar-runner.tar
+
+      - name: Store runner image
+        uses: actions/cache at v3
+        with:
+          key: sonar-runner-${{ matrix.os }}-${{ github.event.workflow_run.id }}
+          path: sonar-runner.tar
+
+  sonarcloud:
+    name: SonarCloud
+    needs: [retrieve-pr, init, build]
+    if: needs.retrieve-pr.outputs.pr-number != ''
+    runs-on: ubuntu-latest
+    env:
+      SHARED: /tmp/workdir/ldapjdk
+    strategy:
+      matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+    steps:
+      - name: Retrieve runner image
+        uses: actions/cache at v3
+        with:
+          key: sonar-runner-${{ matrix.os }}-${{ github.event.workflow_run.id }}
+          path: sonar-runner.tar
+
+      - name: Load runner image
+        run: docker load --input sonar-runner.tar
+
+      - name: Clone the repository
+        uses: actions/checkout at v2
+        with:
+          repository: ${{ github.event.workflow_run.head_repository.full_name }}
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+
+      - name: Rebase to master
+        run: |
+          git config user.name "GitHub Workflow Action"
+          git remote add tomcatjss ${{ github.event.repository.clone_url }} 
+          git fetch tomcatjss
+          git rebase tomcatjss/${{ needs.retrieve-pr.outputs.pr-base }}
+
+      - name: Run container
+        run: |
+          IMAGE=tomcatjss-runner \
+          NAME=pki \
+          tests/bin/runner-init.sh
+
+      - name: Copy builds in current folder
+        run: |
+          mkdir build
+          docker cp pki:/usr/share/java/tomcatjss.jar build/
+
+      - name: Remove maven related file
+        run: rm -f pom.xml
+
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action at master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
+            -Dsonar.pullrequest.key=${{ needs.retrieve-pr.outputs.pr-number }}
+            -Dsonar.pullrequest.branch=${{ github.event.workflow_run.head_branch }}
+            -Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}


=====================================
Dockerfile
=====================================
@@ -5,7 +5,7 @@
 #
 
 ARG OS_VERSION="latest"
-ARG COPR_REPO="@pki/master"
+ARG COPR_REPO="@pki/11.3"
 
 ################################################################################
 FROM registry.fedoraproject.org/fedora:$OS_VERSION AS tomcatjss-builder


=====================================
build.sh
=====================================
@@ -81,11 +81,11 @@ generate_rpm_sources() {
             --format=tar.gz \
             --prefix "$PREFIX/" \
             -o "$WORK_DIR/SOURCES/$TARBALL" \
-            $SOURCE_TAG
+            "$SOURCE_TAG"
 
         if [ "$SOURCE_TAG" != "HEAD" ] ; then
 
-            TAG_ID="$(git -C "$SRC_DIR" rev-parse $SOURCE_TAG)"
+            TAG_ID="$(git -C "$SRC_DIR" rev-parse "$SOURCE_TAG")"
             HEAD_ID="$(git -C "$SRC_DIR" rev-parse HEAD)"
 
             if [ "$TAG_ID" != "$HEAD_ID" ] ; then
@@ -122,7 +122,7 @@ generate_patch() {
     git -C "$SRC_DIR" \
         format-patch \
         --stdout \
-        $SOURCE_TAG \
+        "$SOURCE_TAG" \
         > "$WORK_DIR/SOURCES/$PATCH"
 }
 
@@ -296,7 +296,7 @@ if [ "$BUILD_TARGET" = "dist" ] ; then
     fi
 
     # get Tomcat <major>.<minor> version number
-    TOMCAT_VERSION=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
+    TOMCAT_VERSION=$(/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p')
 
     if [ "$VERBOSE" = "true" ] ; then
         echo "Tomcat: $TOMCAT_VERSION"
@@ -308,18 +308,18 @@ if [ "$BUILD_TARGET" = "dist" ] ; then
         OPTIONS+=(-v)
     fi
 
-    OPTIONS+=(-f $SRC_DIR/build.xml)
-    OPTIONS+=(-Dversion=$VERSION)
-    OPTIONS+=(-Djnidir=$JNI_DIR)
-    OPTIONS+=(-Dsrc.dir=tomcat-$TOMCAT_VERSION)
-    OPTIONS+=(-Dbuild.dir=$WORK_DIR)
+    OPTIONS+=(-f "$SRC_DIR/build.xml")
+    OPTIONS+=(-Dversion="$VERSION")
+    OPTIONS+=(-Djnidir="$JNI_DIR")
+    OPTIONS+=(-Dsrc.dir="tomcat-$TOMCAT_VERSION")
+    OPTIONS+=(-Dbuild.dir="$WORK_DIR")
 
     echo ant "${OPTIONS[@]}" compile package
     ant "${OPTIONS[@]}" compile package
 
     echo
     echo "Build artifacts:"
-    echo "- Java archive: $WORK_DIR/build/jars/tomcatjss.jar"
+    echo "- Java archive: $WORK_DIR/jars/tomcatjss.jar"
     echo
     echo "To install the build: $0 install"
     echo "To create RPM packages: $0 rpm"
@@ -344,12 +344,12 @@ if [ "$BUILD_TARGET" = "install" ] ; then
         OPTIONS+=(-v)
     fi
 
-    OPTIONS+=(-f $SRC_DIR/build.xml)
-    OPTIONS+=(-Dversion=$VERSION)
-    OPTIONS+=(-Dbuild.dir=$WORK_DIR)
-    OPTIONS+=(-Dpackage=$NAME)
-    OPTIONS+=(-Dinstall.doc.dir=$INSTALL_DIR$DOC_DIR)
-    OPTIONS+=(-Dinstall.jar.dir=$INSTALL_DIR$JAVA_DIR)
+    OPTIONS+=(-f "$SRC_DIR"/build.xml)
+    OPTIONS+=(-Dversion="$VERSION")
+    OPTIONS+=(-Dbuild.dir="$WORK_DIR")
+    OPTIONS+=(-Dpackage="$NAME")
+    OPTIONS+=(-Dinstall.doc.dir="$INSTALL_DIR$DOC_DIR")
+    OPTIONS+=(-Dinstall.jar.dir="$INSTALL_DIR$JAVA_DIR")
 
     echo ant "${OPTIONS[@]}" install
     ant "${OPTIONS[@]}" install


=====================================
core/pom.xml
=====================================
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.dogtagpki</groupId>
+    <artifactId>tomcatjss-core</artifactId>
+    <version>8.3.0-SNAPSHOT</version>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.7.32</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.12.0</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-catalina</artifactId>
+            <version>9.0.50</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.dogtagpki</groupId>
+            <artifactId>jss</artifactId>
+            <version>5.3.0-SNAPSHOT</version>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.8.1</version>
+                <configuration>
+                    <release>17</release>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>


=====================================
core/src/main/java/org/apache/tomcat/util/net/jss/TomcatJSS.java
=====================================
@@ -21,24 +21,35 @@ package org.apache.tomcat.util.net.jss;
 
 import java.io.File;
 import java.io.FileReader;
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
+import java.security.GeneralSecurityException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Enumeration;
 import java.util.Properties;
 
+import javax.naming.ConfigurationException;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpressionException;
 import javax.xml.xpath.XPathFactory;
 
 import org.apache.commons.lang3.StringUtils;
+import org.mozilla.jss.CertDatabaseException;
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.InitializationValues;
+import org.mozilla.jss.KeyDatabaseException;
+import org.mozilla.jss.NoSuchTokenException;
+import org.mozilla.jss.NotInitializedException;
 import org.mozilla.jss.crypto.AlreadyInitializedException;
 import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.TokenException;
 import org.mozilla.jss.ssl.SSLAlertEvent;
 import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
 import org.mozilla.jss.ssl.SSLServerSocket;
@@ -49,13 +60,15 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
 
 public class TomcatJSS implements SSLSocketListener {
 
-    public static Logger logger = LoggerFactory.getLogger(TomcatJSS.class);
+    public static final Logger logger = LoggerFactory.getLogger(TomcatJSS.class);
 
-    public final static TomcatJSS INSTANCE = new TomcatJSS();
+    public static final TomcatJSS INSTANCE = new TomcatJSS();
     public static final int MAX_LOGIN_ATTEMPTS = 3;
+    public static final String CATALINA_BASE = "catalina.base";
 
     public static TomcatJSS getInstance() { return INSTANCE; }
 
@@ -226,77 +239,81 @@ public class TomcatJSS implements SSLSocketListener {
         this.ocspTimeout = ocspTimeout;
     }
 
-    public void loadJSSConfig(String jssConf) throws Exception {
+    public void loadJSSConfig(String jssConf) throws IOException {
         File configFile = new File(jssConf);
         loadJSSConfig(configFile);
     }
 
-    public void loadJSSConfig(File configFile) throws Exception {
+    public void loadJSSConfig(File configFile) throws IOException {
 
         Properties config = new Properties();
-        config.load(new FileReader(configFile));
-
-        loadJSSConfig(config);
+        try (FileReader fr = new FileReader(configFile)) {
+            config.load(fr);
+            loadJSSConfig(config);
+        }
     }
 
-    public void loadJSSConfig(Properties config) throws Exception {
+    public void loadJSSConfig(Properties config) {
 
-        String certDb = config.getProperty("certdbDir");
-        if (certDb != null)
-            setCertdbDir(certDb);
+        String certdbDirProp = config.getProperty("certdbDir");
+        if (certdbDirProp != null)
+            setCertdbDir(certdbDirProp);
 
-        String passwordClass = config.getProperty("passwordClass");
-        if (passwordClass != null)
-            setPasswordClass(passwordClass);
+        String passwordClassProp = config.getProperty("passwordClass");
+        if (passwordClassProp != null)
+            setPasswordClass(passwordClassProp);
 
-        String passwordFile = config.getProperty("passwordFile");
-        if (passwordFile != null)
-            setPasswordFile(passwordFile);
+        String passwordFileProp = config.getProperty("passwordFile");
+        if (passwordFileProp != null)
+            setPasswordFile(passwordFileProp);
 
-        String enableOCSP = config.getProperty("enableOCSP");
-        if (enableOCSP != null)
-            setEnableOCSP(Boolean.parseBoolean(enableOCSP));
+        String enableOCSPProp = config.getProperty("enableOCSP");
+        if (enableOCSPProp != null)
+            setEnableOCSP(Boolean.parseBoolean(enableOCSPProp));
 
-        String ocspResponderURL = config.getProperty("ocspResponderURL");
-        if (ocspResponderURL != null)
-            setOcspResponderURL(ocspResponderURL);
+        String ocspResponderURLProp = config.getProperty("ocspResponderURL");
+        if (ocspResponderURLProp != null)
+            setOcspResponderURL(ocspResponderURLProp);
 
-        String ocspResponderCertNickname = config.getProperty("ocspResponderCertNickname");
-        if (ocspResponderCertNickname != null)
-            setOcspResponderCertNickname(ocspResponderCertNickname);
+        String ocspResponderCertNicknameProp = config.getProperty("ocspResponderCertNickname");
+        if (ocspResponderCertNicknameProp != null)
+            setOcspResponderCertNickname(ocspResponderCertNicknameProp);
 
-        String ocspCacheSize = config.getProperty("ocspCacheSize");
-        if (StringUtils.isNotEmpty(ocspCacheSize))
-            setOcspCacheSize(Integer.parseInt(ocspCacheSize));
+        String ocspCacheSizeProp = config.getProperty("ocspCacheSize");
+        if (StringUtils.isNotEmpty(ocspCacheSizeProp))
+            setOcspCacheSize(Integer.parseInt(ocspCacheSizeProp));
 
-        String ocspMinCacheEntryDuration = config.getProperty("ocspMinCacheEntryDuration");
-        if (StringUtils.isNotEmpty(ocspMinCacheEntryDuration))
-            setOcspMinCacheEntryDuration(Integer.parseInt(ocspMinCacheEntryDuration));
+        String ocspMinCacheEntryDurationProp = config.getProperty("ocspMinCacheEntryDuration");
+        if (StringUtils.isNotEmpty(ocspMinCacheEntryDurationProp))
+            setOcspMinCacheEntryDuration(Integer.parseInt(ocspMinCacheEntryDurationProp));
 
-        String ocspMaxCacheEntryDuration = config.getProperty("ocspMaxCacheEntryDuration");
-        if (StringUtils.isNotEmpty(ocspMaxCacheEntryDuration))
-            setOcspMaxCacheEntryDuration(Integer.parseInt(ocspMaxCacheEntryDuration));
+        String ocspMaxCacheEntryDurationProp = config.getProperty("ocspMaxCacheEntryDuration");
+        if (StringUtils.isNotEmpty(ocspMaxCacheEntryDurationProp))
+            setOcspMaxCacheEntryDuration(Integer.parseInt(ocspMaxCacheEntryDurationProp));
 
-        String ocspTimeout = config.getProperty("ocspTimeout");
-        if (StringUtils.isNotEmpty(ocspTimeout))
-            setOcspTimeout(Integer.parseInt(ocspTimeout));
+        String ocspTimeoutProp = config.getProperty("ocspTimeout");
+        if (StringUtils.isNotEmpty(ocspTimeoutProp))
+            setOcspTimeout(Integer.parseInt(ocspTimeoutProp));
     }
 
-    public void loadTomcatConfig(String serverXml) throws Exception {
+    public void loadTomcatConfig(String serverXml)
+            throws ParserConfigurationException, SAXException, IOException, XPathExpressionException {
         File configFile = new File(serverXml);
         loadTomcatConfig(configFile);
     }
 
-    public void loadTomcatConfig(File configFile) throws Exception {
+    public void loadTomcatConfig(File configFile)
+            throws ParserConfigurationException, SAXException, IOException, XPathExpressionException {
 
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
         DocumentBuilder builder = factory.newDocumentBuilder();
         Document document = builder.parse(configFile);
 
         loadTomcatConfig(document);
     }
 
-    public void loadTomcatConfig(Document document) throws Exception {
+    public void loadTomcatConfig(Document document) throws XPathExpressionException {
 
         XPathFactory xPathfactory = XPathFactory.newInstance();
         XPath xpath = xPathfactory.newXPath();
@@ -305,71 +322,78 @@ public class TomcatJSS implements SSLSocketListener {
                 "/Server/Service[@name='Catalina']/Connector[@SSLEnabled='true']",
                 document, XPathConstants.NODE);
 
-        String certDb = connector.getAttribute("certdbDir");
-        if (certDb != null)
-            setCertdbDir(certDb);
+        String certDbProp = connector.getAttribute("certdbDir");
+        if (certDbProp != null)
+            setCertdbDir(certDbProp);
 
-        String passwordClass = connector.getAttribute("passwordClass");
-        if (passwordClass != null)
-            setPasswordClass(passwordClass);
+        String passwordClassProp = connector.getAttribute("passwordClass");
+        if (passwordClassProp != null)
+            setPasswordClass(passwordClassProp);
 
-        String passwordFile = connector.getAttribute("passwordFile");
-        if (passwordFile != null)
-            setPasswordFile(passwordFile);
+        String passwordFileProp = connector.getAttribute("passwordFile");
+        if (passwordFileProp != null)
+            setPasswordFile(passwordFileProp);
 
-        String serverCertNickFile = connector.getAttribute("serverCertNickFile");
-        if (serverCertNickFile != null)
-            setServerCertNickFile(serverCertNickFile);
+        String serverCertNickFileProp = connector.getAttribute("serverCertNickFile");
+        if (serverCertNickFileProp != null)
+            setServerCertNickFile(serverCertNickFileProp);
 
-        String enableOCSP = connector.getAttribute("enableOCSP");
-        if (enableOCSP != null)
-            setEnableOCSP(Boolean.parseBoolean(enableOCSP));
+        String enableOCSPProp = connector.getAttribute("enableOCSP");
+        if (enableOCSPProp != null)
+            setEnableOCSP(Boolean.parseBoolean(enableOCSPProp));
 
-        String ocspResponderURL = connector.getAttribute("ocspResponderURL");
-        if (ocspResponderURL != null)
-            setOcspResponderURL(ocspResponderURL);
+        String ocspResponderURLProp = connector.getAttribute("ocspResponderURL");
+        if (ocspResponderURLProp != null)
+            setOcspResponderURL(ocspResponderURLProp);
 
-        String ocspResponderCertNickname = connector.getAttribute("ocspResponderCertNickname");
-        if (ocspResponderCertNickname != null)
-            setOcspResponderCertNickname(ocspResponderCertNickname);
+        String ocspResponderCertNicknameProp = connector.getAttribute("ocspResponderCertNickname");
+        if (ocspResponderCertNicknameProp != null)
+            setOcspResponderCertNickname(ocspResponderCertNicknameProp);
 
-        String ocspCacheSize = connector.getAttribute("ocspCacheSize");
-        if (StringUtils.isNotEmpty(ocspCacheSize))
-            setOcspCacheSize(Integer.parseInt(ocspCacheSize));
+        String ocspCacheSizeProp = connector.getAttribute("ocspCacheSize");
+        if (StringUtils.isNotEmpty(ocspCacheSizeProp))
+            setOcspCacheSize(Integer.parseInt(ocspCacheSizeProp));
 
-        String ocspMinCacheEntryDuration = connector.getAttribute("ocspMinCacheEntryDuration");
-        if (StringUtils.isNotEmpty(ocspMinCacheEntryDuration))
-            setOcspMinCacheEntryDuration(Integer.parseInt(ocspMinCacheEntryDuration));
+        String ocspMinCacheEntryDurationProp = connector.getAttribute("ocspMinCacheEntryDuration");
+        if (StringUtils.isNotEmpty(ocspMinCacheEntryDurationProp))
+            setOcspMinCacheEntryDuration(Integer.parseInt(ocspMinCacheEntryDurationProp));
 
-        String ocspMaxCacheEntryDuration = connector.getAttribute("ocspMaxCacheEntryDuration");
-        if (StringUtils.isNotEmpty(ocspMaxCacheEntryDuration))
-            setOcspMaxCacheEntryDuration(Integer.parseInt(ocspMaxCacheEntryDuration));
+        String ocspMaxCacheEntryDurationProp = connector.getAttribute("ocspMaxCacheEntryDuration");
+        if (StringUtils.isNotEmpty(ocspMaxCacheEntryDurationProp))
+            setOcspMaxCacheEntryDuration(Integer.parseInt(ocspMaxCacheEntryDurationProp));
 
-        String ocspTimeout = connector.getAttribute("ocspTimeout");
-        if (StringUtils.isNotEmpty(ocspTimeout))
-            setOcspTimeout(Integer.parseInt(ocspTimeout));
+        String ocspTimeoutProp = connector.getAttribute("ocspTimeout");
+        if (StringUtils.isNotEmpty(ocspTimeoutProp))
+            setOcspTimeout(Integer.parseInt(ocspTimeoutProp));
     }
 
     /**
      * Load configuration from jss.conf (if available) or server.xml.
+     * @throws IOException
+     * @throws SAXException
+     * @throws ParserConfigurationException
+     * @throws XPathExpressionException
      */
-    public void loadConfig() throws Exception {
-        String catalinaBase = System.getProperty("catalina.base");
+    public void loadConfig() throws IOException, XPathExpressionException, ParserConfigurationException, SAXException {
+        String catalinaBase = System.getProperty(CATALINA_BASE);
         String jssConf = catalinaBase + "/conf/jss.conf";
         File configFile = new File(jssConf);
 
         if (configFile.exists()) {
-            logger.info("TomcatJSS: Loading JSS configuration from " + jssConf);
+            logger.info("TomcatJSS: Loading JSS configuration from {}", jssConf);
             loadJSSConfig(configFile);
 
         } else {
             String serverXml = catalinaBase + "/conf/server.xml";
-            logger.info("TomcatJSS: Loading JSS configuration from " + serverXml);
+            logger.info("TomcatJSS: Loading JSS configuration from {}", serverXml);
             loadTomcatConfig(serverXml);
         }
     }
 
-    public void init() throws Exception {
+    public void init() throws KeyDatabaseException, CertDatabaseException, GeneralSecurityException,
+            NotInitializedException, InstantiationException, IllegalAccessException, IllegalArgumentException,
+            InvocationTargetException, NoSuchMethodException, SecurityException, ClassNotFoundException, IOException,
+            NoSuchTokenException, TokenException, ConfigurationException {
 
         if (initialized) {
             return;
@@ -378,26 +402,26 @@ public class TomcatJSS implements SSLSocketListener {
         logger.info("TomcatJSS: initialization");
 
         if (certdbDir == null) {
-            certdbDir = System.getProperty("catalina.base") + File.separator + "alias";
+            certdbDir = System.getProperty(CATALINA_BASE) + File.separator + "alias";
         }
 
-        logger.debug("TomcatJSS: certdbDir: " + certdbDir);
+        logger.debug("TomcatJSS: certdbDir: {}", certdbDir);
 
         if (passwordClass == null) {
             passwordClass = PlainPasswordFile.class.getName();
         }
 
-        logger.debug("TomcatJSS: passwordClass: " + passwordClass);
+        logger.debug("TomcatJSS: passwordClass: {}", passwordClass);
 
         if (passwordFile == null) {
-            passwordFile = System.getProperty("catalina.base") + File.separator +
+            passwordFile = System.getProperty(CATALINA_BASE) + File.separator +
                     "conf" + File.separator + "password.conf";
         }
 
-        logger.debug("TomcatJSS: passwordFile: " + passwordFile);
+        logger.debug("TomcatJSS: passwordFile: {}", passwordFile);
 
-        if (serverCertNickFile != null) {
-            logger.debug("TomcatJSS: serverCertNickFile: " + serverCertNickFile);
+        if (StringUtils.isNotEmpty(serverCertNickFile)) {
+            logger.debug("TomcatJSS: serverCertNickFile: {}", serverCertNickFile);
         }
 
         InitializationValues vals = new InitializationValues(certdbDir);
@@ -409,22 +433,22 @@ public class TomcatJSS implements SSLSocketListener {
             CryptoManager.initialize(vals);
 
         } catch (AlreadyInitializedException e) {
-            logger.warn("TomcatJSS: " + e);
+            logger.warn("TomcatJSS: {}", e, e);
         }
 
         manager = CryptoManager.getInstance();
 
-        passwordStore = (IPasswordStore) Class.forName(passwordClass).newInstance();
+        passwordStore = (IPasswordStore) Class.forName(passwordClass).getDeclaredConstructor().newInstance();
         passwordStore.init(passwordFile);
 
         login();
 
-        if (serverCertNickFile != null) {
+        if (StringUtils.isNotEmpty(serverCertNickFile)) {
             serverCertNick = new String(Files.readAllBytes(Paths.get(serverCertNickFile))).trim();
-            logger.debug("serverCertNick: " + serverCertNick);
+            logger.debug("serverCertNick: {}", serverCertNick);
         }
 
-        logger.debug("clientAuth: " + clientAuth);
+        logger.debug("clientAuth: {}", clientAuth);
         if (clientAuth.equalsIgnoreCase("true")) {
             requireClientAuth = true;
 
@@ -436,8 +460,8 @@ public class TomcatJSS implements SSLSocketListener {
             wantClientAuth = true;
         }
 
-        logger.debug("requireClientAuth: " + requireClientAuth);
-        logger.debug("wantClientAuth: " + wantClientAuth);
+        logger.debug("requireClientAuth: {}", requireClientAuth);
+        logger.debug("wantClientAuth: {}", wantClientAuth);
 
         if (requireClientAuth || wantClientAuth) {
             configureOCSP();
@@ -451,7 +475,7 @@ public class TomcatJSS implements SSLSocketListener {
         initialized = true;
     }
 
-    public void login() throws Exception {
+    public void login() throws NoSuchTokenException, TokenException {
 
         logger.debug("TomcatJSS: logging into tokens");
 
@@ -468,23 +492,23 @@ public class TomcatJSS implements SSLSocketListener {
         }
     }
 
-    public void login(String tag) throws Exception {
+    public void login(String tag) throws NoSuchTokenException, TokenException {
 
         CryptoToken token = getToken(tag);
 
         if (token.isLoggedIn()) {
-            logger.debug("TomcatJSS: already logged into " + tag);
+            logger.debug("TomcatJSS: already logged into {}", tag);
             return;
         }
 
-        logger.debug("TomcatJSS: logging into " + tag);
+        logger.debug("TomcatJSS: logging into {}", tag);
 
         int iteration = 0;
         do {
             String strPassword = passwordStore.getPassword(tag, iteration);
 
             if (strPassword == null) {
-                logger.debug("TomcatJSS: no password for " + tag);
+                logger.debug("TomcatJSS: no password for {}", tag);
                 return;
             }
 
@@ -492,22 +516,20 @@ public class TomcatJSS implements SSLSocketListener {
 
             try {
                 token.login(password);
-                return;
-
+                return; //NOSONAR - Not a redundant return, break will print the final error message even on success.
             } catch (IncorrectPasswordException e) {
                 logger.warn("TomcatJSS: incorrect password");
                 iteration ++;
-
             } finally {
                 password.clear();
             }
 
         } while (iteration < MAX_LOGIN_ATTEMPTS);
 
-        logger.error("TomcatJSS: failed to log into " + tag);
+        logger.error("TomcatJSS: failed to log into {}", tag);
     }
 
-    public CryptoToken getToken(String tag) throws Exception {
+    public CryptoToken getToken(String tag) throws NoSuchTokenException {
 
         if (tag.equals("internal")) {
             return manager.getInternalKeyStorageToken();
@@ -522,22 +544,22 @@ public class TomcatJSS implements SSLSocketListener {
         return null;
     }
 
-    public void configureOCSP() throws Exception {
+    public void configureOCSP() throws GeneralSecurityException, ConfigurationException {
 
         logger.info("configuring OCSP");
 
-        logger.debug("enableOCSP: " + enableOCSP);
+        logger.debug("enableOCSP: {}", enableOCSP);
         if (!enableOCSP) {
             return;
         }
 
-        logger.debug("ocspResponderURL: " + ocspResponderURL);
+        logger.debug("ocspResponderURL: {}", ocspResponderURL);
 
         if (StringUtils.isEmpty(ocspResponderURL)) {
             ocspResponderURL = null;
         }
 
-        logger.debug("ocspResponderCertNickname: " + ocspResponderCertNickname);
+        logger.debug("ocspResponderCertNickname: {}", ocspResponderCertNickname);
         if (StringUtils.isEmpty(ocspResponderCertNickname)) {
             ocspResponderCertNickname = null;
         }
@@ -545,11 +567,11 @@ public class TomcatJSS implements SSLSocketListener {
         // Check to see if the ocsp url and nickname are both set or not set
 
         if (ocspResponderURL == null && ocspResponderCertNickname != null) {
-            throw new Exception("Missing OCSP responder URL");
+            throw new ConfigurationException("Missing OCSP responder URL");
         }
 
         if (ocspResponderURL != null && ocspResponderCertNickname == null) {
-            throw new Exception("Missing OCSP responder certificate nickname");
+            throw new ConfigurationException("Missing OCSP responder certificate nickname");
         }
 
         manager.configureOCSP(
@@ -557,15 +579,15 @@ public class TomcatJSS implements SSLSocketListener {
                 ocspResponderURL,
                 ocspResponderCertNickname);
 
-        logger.debug("ocspCacheSize: " + ocspCacheSize);
-        logger.debug("ocspMinCacheEntryDuration: " + ocspMinCacheEntryDuration);
-        logger.debug("ocspMaxCacheEntryDuration: " + ocspMaxCacheEntryDuration);
+        logger.debug("ocspCacheSize: {}", ocspCacheSize);
+        logger.debug("ocspMinCacheEntryDuration: {}", ocspMinCacheEntryDuration);
+        logger.debug("ocspMaxCacheEntryDuration: {}", ocspMaxCacheEntryDuration);
 
         manager.OCSPCacheSettings(ocspCacheSize,
                 ocspMinCacheEntryDuration,
                 ocspMaxCacheEntryDuration);
 
-        logger.debug("ocspTimeout: " + ocspTimeout);
+        logger.debug("ocspTimeout: {}", ocspTimeout);
 
         manager.setOCSPTimeout(ocspTimeout);
     }


=====================================
main/pom.xml
=====================================
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.dogtagpki</groupId>
+    <artifactId>tomcatjss-main</artifactId>
+    <version>8.3.0-SNAPSHOT</version>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.dogtagpki</groupId>
+            <artifactId>tomcatjss-core</artifactId>
+            <version>8.3.0-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.dogtagpki</groupId>
+            <artifactId>tomcatjss-tomcat-9.0</artifactId>
+            <version>8.3.0-SNAPSHOT</version>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>1.2.2</version>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <configuration>
+                            <artifactSet>
+                                <excludes>
+                                    <exclude>org.slf4j:slf4j-api</exclude>
+                                    <exclude>org.apache.commons:commons-lang3</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-catalina</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-servlet-api</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-jsp-api</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-el-api</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-juli</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-annotations-api</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-api</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-jni</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-coyote</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-util</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-util-scan</exclude>
+                                    <exclude>org.apache.tomcat:tomcat-jaspic-api</exclude>
+                                    <exclude>org.dogtagpki:jss</exclude>
+                                </excludes>
+                            </artifactSet>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>


=====================================
pom.xml
=====================================
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.dogtagpki</groupId>
+    <artifactId>tomcatjss</artifactId>
+    <version>8.3.0-SNAPSHOT</version>
+    <packaging>pom</packaging>
+
+    <modules>
+        <module>core</module>
+        <module>tomcat-9.0</module>
+        <module>main</module>
+    </modules>
+
+</project>


=====================================
revert_update_version.sh
=====================================
@@ -0,0 +1,19 @@
+#!/bin/bash -e
+
+# Use this script to revert the commit and delete the tag created using the update_version.sh script.
+
+HEAD_TAG=$(git tag --points-at HEAD)
+
+HEAD_COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD)
+UPDATE_COMMIT_MESSAGE="Updating version to"
+
+# Only proceed if the HEAD commit is a version update
+
+if [[ "$HEAD_COMMIT_MESSAGE=" == *"$UPDATE_COMMIT_MESSAGE"* ]]; then
+    git tag -d "$HEAD_TAG"
+    git reset --hard HEAD~1
+else
+    echo "The HEAD commit is not a version update, aborting."
+    exit 1
+fi
+


=====================================
sonar-project.properties
=====================================
@@ -0,0 +1,15 @@
+sonar.projectKey=dogtagpki_tomcatjss
+sonar.organization=dogtagpki
+
+# This is the name and version displayed in the SonarCloud UI.
+#sonar.projectName=tomcatjss
+#sonar.projectVersion=1.0
+
+# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
+
+sonar.sources=core/src/main/java/
+
+sonar.java.binaries=build/
+
+# Encoding of the source code. Default is default system encoding
+#sonar.sourceEncoding=UTF-8


=====================================
tests/bin/ds-create.sh
=====================================
@@ -13,7 +13,7 @@ sed -i \
 
 dscreate from-file ds.inf
 
-ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
+ldapadd -H ldap://$HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
 dn: dc=example,dc=com
 objectClass: domain
 dc: example


=====================================
tests/bin/init-workflow.sh
=====================================
@@ -12,7 +12,7 @@ echo "::set-output name=matrix::$MATRIX"
 
 if [ "$BASE64_REPO" == "" ]
 then
-    REPO="@pki/master"
+    REPO="@pki/11.3"
 else
     REPO=$(echo "$BASE64_REPO" | base64 -d)
 fi


=====================================
tests/bin/rpminspect.sh
=====================================
@@ -0,0 +1,14 @@
+#!/bin/bash -e
+
+# Don't run metadata check as we can't know the build host subdomain
+# of CI runners in advance to add to an allow list
+
+echo "Running RPMInspect on SRPM"
+rpminspect-fedora -E metadata build/SRPMS/*.rpm
+
+# Run RPMInspect on RPMs
+for f in build/RPMS/*rpm; do
+  echo "::group::Running RPMInspect on $f"
+  rpminspect-fedora -E metadata,javabytecode "$f"
+  echo "::endgroup::"
+done


=====================================
tests/bin/runner-init.sh
=====================================
@@ -7,7 +7,6 @@ docker run \
     --privileged \
     --tmpfs /tmp \
     --tmpfs /run \
-    -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
     -v ${GITHUB_WORKSPACE}:${SHARED} \
     -i \
     ${IMAGE}


=====================================
tomcat-9.0/pom.xml
=====================================
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.dogtagpki</groupId>
+    <artifactId>tomcatjss-tomcat-9.0</artifactId>
+    <version>8.3.0-SNAPSHOT</version>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-catalina</artifactId>
+            <version>9.0.50</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.dogtagpki</groupId>
+            <artifactId>jss</artifactId>
+            <version>5.3.0-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.dogtagpki</groupId>
+            <artifactId>tomcatjss-core</artifactId>
+            <version>8.3.0-SNAPSHOT</version>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.8.1</version>
+                <configuration>
+                    <release>17</release>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>


=====================================
tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSContext.java
=====================================
@@ -119,6 +119,6 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
 
     @Override
     public void destroy() {
-        logger.debug("JSSContext.destory()");
+        logger.debug("JSSContext.destroy()");
     }
 }


=====================================
tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSImplementation.java
=====================================
@@ -21,19 +21,18 @@ package org.dogtagpki.tomcat;
 
 import javax.net.ssl.SSLSession;
 
-import org.apache.tomcat.util.net.jsse.JSSESupport;
 import org.apache.tomcat.util.net.SSLHostConfig;
 import org.apache.tomcat.util.net.SSLHostConfigCertificate;
 import org.apache.tomcat.util.net.SSLImplementation;
 import org.apache.tomcat.util.net.SSLSupport;
 import org.apache.tomcat.util.net.SSLUtil;
-
+import org.apache.tomcat.util.net.jsse.JSSESupport;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class JSSImplementation extends SSLImplementation {
 
-    public static Logger logger = LoggerFactory.getLogger(JSSUtil.class);
+    public static final Logger logger = LoggerFactory.getLogger(JSSImplementation.class);
 
     public JSSImplementation() {
         logger.debug("JSSImplementation: instance created");
@@ -42,19 +41,19 @@ public class JSSImplementation extends SSLImplementation {
     @Override
     public SSLSupport getSSLSupport(SSLSession session) {
         logger.debug("JSSImplementation.getSSLSupport()");
-        return new JSSESupport(session);
+        return new JSSESupport(session, null);
     }
 
     @Override
     public SSLUtil getSSLUtil(SSLHostConfigCertificate cert) {
         logger.debug("JSSImplementation: getSSLUtil()");
-        logger.debug("JSSImplementation: key alias: " + cert.getCertificateKeyAlias());
-        logger.debug("JSSImplementation: keystore provider: " + cert.getCertificateKeystoreProvider());
+        logger.debug("JSSImplementation: key alias: {}", cert.getCertificateKeyAlias());
+        logger.debug("JSSImplementation: keystore provider: {}", cert.getCertificateKeystoreProvider());
 
         SSLHostConfig hostConfig = cert.getSSLHostConfig();
-        logger.debug("JSSImplementation: key manager alg: " + hostConfig.getKeyManagerAlgorithm());
-        logger.debug("JSSImplementation: truststore alg: " + hostConfig.getTruststoreAlgorithm());
-        logger.debug("JSSImplementation: truststore provider: " + hostConfig.getTruststoreProvider());
+        logger.debug("JSSImplementation: key manager alg: {}", hostConfig.getKeyManagerAlgorithm());
+        logger.debug("JSSImplementation: truststore alg: {}", hostConfig.getTruststoreAlgorithm());
+        logger.debug("JSSImplementation: truststore provider: {}", hostConfig.getTruststoreProvider());
 
         return new JSSUtil(cert);
     }


=====================================
tomcatjss.spec
=====================================
@@ -6,27 +6,26 @@ Name:             tomcatjss
 
 # Upstream version number:
 %global           major_version 8
-%global           minor_version 2
+%global           minor_version 3
 %global           update_version 0
 
 # Downstream release number:
 # - development/stabilization (unsupported): 0.<n> where n >= 1
 # - GA/update (supported): <n> where n >= 1
-%global           release_number 0.3
+%global           release_number 1
 
 # Development phase:
 # - development (unsupported): alpha<n> where n >= 1
 # - stabilization (unsupported): beta<n> where n >= 1
 # - GA/update (supported): <none>
-%global           phase beta2
+#global           phase
 
 %undefine         timestamp
 %undefine         commit_id
 
 Summary:          JSS Connector for Apache Tomcat
-URL:              https://www.dogtagpki.org/wiki/Tomcat_JSS
+URL:              https://github.com/dogtagpki/tomcatjss
 License:          LGPLv2+
-BuildArch:        noarch
 Version:          %{major_version}.%{minor_version}.%{update_version}
 Release:          %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
 
@@ -47,6 +46,9 @@ Source:           https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?p
 #     > tomcatjss-VERSION-RELEASE.patch
 # Patch: tomcatjss-VERSION-RELEASE.patch
 
+BuildArch:        noarch
+ExclusiveArch:    %{java_arches} noarch
+
 ################################################################################
 # Java
 ################################################################################
@@ -74,7 +76,7 @@ BuildRequires:    slf4j
 BuildRequires:    slf4j-jdk14
 
 # JSS
-BuildRequires:    jss >= 5.2.0
+BuildRequires:    jss = 5.3
 
 # Tomcat
 %if 0%{?rhel} && ! 0%{?eln}
@@ -105,7 +107,7 @@ Requires:         slf4j
 Requires:         slf4j-jdk14
 
 # JSS
-Requires:         jss >= 5.2.0
+Requires:         jss = 5.3
 
 # Tomcat
 %if 0%{?rhel} && ! 0%{?eln}
@@ -116,6 +118,8 @@ Requires:         tomcat >= 1:9.0.7
 
 Obsoletes:        tomcatjss < %{version}-%{release}
 Provides:         tomcatjss = %{version}-%{release}
+Provides:         tomcatjss = %{major_version}.%{minor_version}
+Provides:         %{product_id} = %{major_version}.%{minor_version}
 
 # PKI
 Conflicts:        pki-base < 10.10.0
@@ -142,6 +146,8 @@ Services (NSS).
 %build
 ################################################################################
 
+export JAVA_HOME=%{java_home}
+
 ./build.sh \
     %{?_verbose:-v} \
     --name=%{product_id} \


=====================================
update_version.sh
=====================================
@@ -0,0 +1,92 @@
+#!/bin/bash -e
+
+# Use this script to automate updating tomcatjss version.
+#
+# Usage: ./update_version.sh <major> <minor> <update> <phase> # (phase is optional)
+#
+# Explanation:
+# -    change_spec_version
+# -        Updates the spec version to the new version provided
+# -    commit_version_change
+# -        Commits that change
+# -    create_tag
+# -        Creates a tag based on the new version provided
+# -    create_source_tarball
+# -        Creates a source tarball based on the new version provided
+
+NEXT_MAJOR=$1
+NEXT_MINOR=$2
+NEXT_UPDATE=$3
+NEXT_PHASE=$4
+
+if [ -z "$NEXT_PHASE" ] ; then
+    NEXT_VERSION=$NEXT_MAJOR.$NEXT_MINOR.$NEXT_UPDATE
+else
+    NEXT_VERSION=$NEXT_MAJOR.$NEXT_MINOR.$NEXT_UPDATE-$NEXT_PHASE
+fi
+echo "New version is $NEXT_VERSION"
+
+verify_phase() {
+    if [[ "$NEXT_PHASE" =~ ^(alpha|beta)[0-9]+$ ]] ; then
+        echo "$NEXT_PHASE is a valid phase"
+    elif [ -z "$NEXT_PHASE" ] ; then
+        echo "Empty phase"
+    else
+        echo "$NEXT_PHASE is an invalid phase, aborting"
+        exit 1
+    fi
+}
+
+change_spec_version() {
+    CURRENT_PHASE=$(grep "phase " tomcatjss.spec | grep -E 'alpha|beta' | awk '{print $(NF)}')
+    CURRENT_RELEASE_NUMBER=$(grep "release_number " tomcatjss.spec | grep -Eo '[0-9]+(\.[0-9]+)?$')
+
+    echo "Update major version to $NEXT_MAJOR"
+    sed -i "/major_version /c\%global           major_version $NEXT_MAJOR" tomcatjss.spec
+    echo "Update minor version to $NEXT_MINOR"
+    sed -i "/minor_version /c\%global           minor_version $NEXT_MINOR" tomcatjss.spec
+    echo "Update update version to $NEXT_UPDATE"
+    sed -i "/update_version /c\%global           update_version $NEXT_UPDATE" tomcatjss.spec
+
+    if [[ "$CURRENT_PHASE" != "$NEXT_PHASE" ]] ; then
+        if [ -z "$NEXT_PHASE" ] ; then
+            echo "Remove phase"
+            sed -i "/phase /c\#global           phase" tomcatjss.spec
+            echo "Update release_number"
+            sed -i "/release_number /c\%global           release_number 1" tomcatjss.spec
+        elif [ -z "$CURRENT_PHASE" ] ; then
+            echo "Add phase, set to $NEXT_PHASE"
+            sed -i "/#global         phase/c\%global           phase $NEXT_PHASE" tomcatjss.spec
+            echo "Update release_number"
+            sed -i "/release_number /c\%global           release_number 0.1" tomcatjss.spec
+        else
+            echo "Update phase to $NEXT_PHASE"
+            sed -i "/phase /c\%global           phase $NEXT_PHASE" tomcatjss.spec
+            echo "Update release_number"
+            IFS='.' read -ra CRL <<< "$CURRENT_RELEASE_NUMBER"
+            (( CRL[1]++ ))
+            sed -i "/release_number /c\%global           release_number ${CRL[0]}.${CRL[1]}" tomcatjss.spec
+        fi
+    fi
+}
+
+commit_version_change() {
+    git add tomcatjss.spec
+    git commit -m "Updating version to v$NEXT_VERSION"
+ }
+
+create_tag() {
+    git tag v"$NEXT_VERSION"
+}
+
+create_source_tarball() {
+    ./build.sh --source-tag=v"$NEXT_VERSION" src
+}
+
+### Perform operations
+
+verify_phase
+change_spec_version
+commit_version_change
+create_tag
+create_source_tarball



View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/-/compare/80a1fc7d23dd928b5b0bacc8b0a31ff3941ac711...014f601770958b250eac50605201baa6e4d4fc8e

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/-/compare/80a1fc7d23dd928b5b0bacc8b0a31ff3941ac711...014f601770958b250eac50605201baa6e4d4fc8e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20230210/86af1fb2/attachment-0001.htm>


More information about the Pkg-freeipa-devel mailing list