9ab493e3 · 92341c5b · c2f41579 · d56a5543 · e8e504c9 · fd842db8
--- a/.classpath
+++ b/.classpath
@@ -2,7 +2,7 @@
 <classpath>
 	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/test/src"/>
 	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/server/tomcat/src"/>
-	<classpathentry kind="src" output="tests/dogtag/dev_java_tests/bin" path="tests/dogtag/dev_java_tests/src"/>
+	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="tests/dogtag/dev_java_tests/src"/>
 	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/symkey/src"/>
 	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/util/src"/>
 	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/util/test"/>
@@ -19,9 +19,9 @@
 	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/ocsp/src"/>
 	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/tks/src"/>
 	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/tps/src"/>
-	<classpathentry kind="src" path="base/server/tomcat8/src"/>
-	<classpathentry kind="src" path="base/common/examples/java"/>
-	<classpathentry kind="src" path="base/console/src"/>
+	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/common/examples/java"/>
+	<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/console/src"/>
+	<classpathentry kind="src" path="base/server/tomcat-8.5/src"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry kind="lib" path="/usr/share/java/apache-commons-cli.jar"/>
 	<classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
@@ -67,5 +67,7 @@
 	<classpathentry kind="lib" path="/usr/share/java/hamcrest/core.jar"/>
 	<classpathentry kind="lib" path="/usr/share/java/jboss-logging/jboss-logging.jar"/>
 	<classpathentry kind="lib" path="/usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar"/>
+	<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-juli.jar"/>
+	<classpathentry kind="lib" path="/usr/share/java/tomcat/jaspic-api.jar"/>
 	<classpathentry kind="output" path="build/classes"/>
 </classpath>
--- a/.gitignore
+++ b/.gitignore
 .metadata/
 build/
-tests/dogtag/dev_java_tests/bin/
-.tox
-dist
+.tox/
+dist/
 MANIFEST
 *.pyc
 __pycache__
-
-/base/common/python/build/
-/base/common/python/dist/
-/base/common/python/dogtag_pki.egg-info/
-
+.pytest_cache/
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,68 +4,97 @@ language: python
 services:
  - docker
 cache: pip
-env:
-  global:
-    - CONTAINER=pkitest
-    - SCRIPTDIR=/tmp/workdir/pki/.travis
-    - PKI_LOG=pki_log.log
-    - CI_RESULTS_LOG="ci_results_${TRAVIS_BRANCH}.log"
-    - CI_RUNNER_LOG_ARCHIVE="dogtag-ci-job-${TRAVIS_JOB_NUMBER}.tar.gz"
-    - IMAGE=dogtagpki/pki-ci:f26_105
-    # F25 is outdated
-    # - IMAGE=dogtagpki/pki-ci:f25_104

-    # rawhide repo is unstable
-    # - IMAGE=dogtagpki/pki-ci:rawhide
-  matrix:
-    - TASK_TO_RUN="run-dogtag-build"
-
-    - TASK_TO_RUN="run-ipa-test"
-      IPA_TEST_RUNNER_IMAGE="dogtagpki/pki-ci:f26_ipa_4-5"
-      RPMS_LOCATION=/tmp/workdir/packages/RPMS
-      DOGTAG_PKI_RPMS=${TRAVIS_BUILD_DIR}/dogtag_rpms
+jobs:
+  include:

+    # F27 Image
+    - env:
+        - TASK="PKI Test on F27"
+        - IMAGE=f27_106_46
      before_install:
-  - pyenv global system 3.5
-  - docker pull ${IMAGE}
-  - >
-    docker run
-    --detach
-    --name=${CONTAINER}
-    --hostname='pki.test'
-    --privileged
-    --tmpfs /tmp
-    --tmpfs /run
-    -v /sys/fs/cgroup:/sys/fs/cgroup:ro
-    -v $(pwd):/tmp/workdir/pki
-    -e BUILDUSER_UID=$(id -u)
-    -e BUILDUSER_GID=$(id -g)
-    -e TRAVIS=${TRAVIS}
-    -e TRAVIS_JOB_NUMBER=${TRAVIS_JOB_NUMBER}
-    -ti
-    ${IMAGE}
-
+        - set -a && source travis/global_variables
+        - echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
+        - touch ${LOGS}
+        - travis/post-test-started.sh
      install:
-  - docker exec -ti ${CONTAINER} /bin/ls -la /tmp/workdir
-
-  - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/00-init
-  - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/10-compose-rpms
-
-  # IPA related installs
-  - pip install --upgrade pip
-  - pip3 install --upgrade pip
-  - pip install pep8
+        - travis/builder-init.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-build.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-install.sh
+      script:
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ds-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ca-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/kra-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ocsp-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/tks-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/tps-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/tps-remove.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/tks-remove.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ocsp-remove.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/kra-remove.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ca-remove.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ds-remove.sh
+      after_failure:
+        - travis/post-test-failed.sh
+      after_script:
+        - cat ${LOGS}
+        - docker kill ${CONTAINER}
+        - docker rm ${CONTAINER}

+    - env:
+        - TASK="IPA Test on F27"
+        - IMAGE=f27_106_46
+      before_install:
+        - set -a && source travis/global_variables
+        - echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
+        - touch ${LOGS}
+      install:
+        - travis/builder-init.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-build.sh --with-pkgs=base,server,ca,kra
+        - travis/ipa-init.sh
      script:
-  # It is time to run FreeIPA tests with new Dogtag RPMS built
-  - travis_wait 20 ./.travis_run_task.sh
+        - travis_wait 20 travis/ipa-test.sh
+      after_failure:
+        - travis/post-test-failed.sh
      after_script:
+        - cat ${LOGS}
        - docker kill ${CONTAINER}
        - docker rm ${CONTAINER}

-# The errors can be in either dogtag container or freeipa container
+    # F28 image
+    - env:
+        - TASK="PKI Test on F28"
+        - IMAGE=f28_106_46
+      before_install:
+        - set -a && source travis/global_variables
+        - echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
+        - touch ${LOGS}
+      install:
+        - travis/builder-init.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-build.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-install.sh
+      script:
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ds-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ca-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/kra-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ocsp-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/tks-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/tps-create.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/tps-remove.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/tks-remove.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ocsp-remove.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/kra-remove.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ca-remove.sh
+        - docker exec -i ${CONTAINER} ${SCRIPTDIR}/ds-remove.sh
      after_failure:
-  - docker exec ${CONTAINER} journalctl  -l > ${PKI_LOG}
-  - echo "Uploading CI Logs to transfer.sh ..."
-  - curl --upload-file ./${PKI_LOG} https://transfer.sh/dogtag_build_logs.txt
-  - curl --upload-file ./${CI_RESULTS_LOG} https://transfer.sh/freeipa-integration.txt
+        - travis/post-test-failed.sh
+      after_script:
+        - cat ${LOGS}
+        - docker kill ${CONTAINER}
+        - docker rm ${CONTAINER}
+
+    - stage: Verification Label
+      before_install:
+        - echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
+      script:
+        - travis/post-test-passed.sh
--- a/.travis/10-compose-rpms
+++ b/.travis/10-compose-rpms
-#!/bin/bash
-set -e
-
-BUILDLOG=/tmp/compose.log
-
-function compose {
-    pushd ${BUILDDIR}/pki
-    # run make with --quiet to reduce log verbosity.
-    sudo -u ${BUILDUSER} MAKEFLAGS="-j2 --quiet" -- \
-        ./scripts/compose_pki_core_packages rpms
-    popd
-}
-
-function upload {
-    if test -f $BUILDLOG; then
-        echo "Uploading build log to transfer"
-        curl --upload-file $BUILDLOG https://transfer.sh/pkitravis.txt
-    fi
-}
-
-if test "${TRAVIS}" != "true"; then
-    compose
-else
-    trap upload EXIT
-    echo "Runing compose_pki_core_packages rpms."
-    echo "Build log will be posted to transfer.sh"
-    echo $(date) > $BUILDLOG
-    echo "Travis job ${TRAVIS_JOB_NUMBER}" >> $BUILDLOG
-    compose >>$BUILDLOG 2>&1
-fi
-
--- a/.travis/20-install-rpms
+++ b/.travis/20-install-rpms
-#!/bin/bash
-set -e
-
-find ${BUILDDIR}/packages/RPMS/ -name '*.rpm' -and -not -name '*debuginfo*' \
-    | xargs dnf install -y --best --allowerasing
-
--- a/.travis/40-spawn-ca
+++ b/.travis/40-spawn-ca
-#!/bin/bash
-set -e
-
-pkispawn -vv -f ${BUILDDIR}/pki/.travis/pki.cfg -s CA
--- a/.travis/50-spawn-kra
+++ b/.travis/50-spawn-kra
-#!/bin/bash
-set -e
-
-pkispawn -vv -f ${BUILDDIR}/pki/.travis/pki.cfg -s KRA
--- a/.travis/99-destroy
+++ b/.travis/99-destroy
-#!/bin/bash
-set -e
-
-if [ -d /etc/pki/pkitest/kra ]; then
-    pkidestroy -v -i pkitest -s KRA
-fi
-
-pkidestroy -v -i pkitest -s CA
-
-remove-ds.pl -f -i slapd-pkitest
-
--- a/.travis/py3rewrite
+++ b/.travis/py3rewrite
-#!/usr/bin/python3
-import os
-import shutil
-
-from distutils.sysconfig import get_python_lib
-
-
-BUILDDIR = os.environ['BUILDDIR']
-PKIBASE = os.path.join(BUILDDIR, 'pki', 'base')
-PKICLIENT = os.path.join(PKIBASE, 'common', 'python', 'pki')
-PKISERVER = os.path.join(PKIBASE, 'server', 'python', 'pki', 'server')
-PKISBIN = os.path.join(PKIBASE, 'server', 'sbin')
-
-SITEPACKAGES = get_python_lib()
-
-
-def copyscript(src, dst):
-    with open(src) as f:
-        lines = f.readlines()
-    lines[0] = '#!/usr/bin/python3\n'
-    with open(dst, 'w') as f:
-        os.fchmod(f.fileno(), 0o755)
-        f.writelines(lines)
-
-
-def copyfiles():
-    shutil.rmtree(os.path.join(SITEPACKAGES, 'pki'))
-    shutil.copytree(
-        PKICLIENT,
-        os.path.join(SITEPACKAGES, 'pki')
-    )
-    shutil.copytree(
-        PKISERVER,
-        os.path.join(SITEPACKAGES, 'pki', 'server')
-    )
-    copyscript(
-        os.path.join(PKISBIN, 'pkispawn'),
-        '/usr/sbin/pkispawn'
-    )
-    copyscript(
-        os.path.join(PKISBIN, 'pkidestroy'),
-        '/usr/sbin/pkidestroy'
-    )
-
-if __name__ == '__main__':
-    copyfiles()
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -6,31 +6,36 @@ cmake_minimum_required(VERSION 2.6.0)
 # global needed variables
 set(APPLICATION_NAME ${PROJECT_NAME})

+# Suppress install messages
+set(CMAKE_INSTALL_MESSAGE NEVER)
+
 # Un-comment the following line to add 'javac' options (e. g. - "-g" debugging)
-#set(CMAKE_JAVA_COMPILE_FLAGS "-g")
+set(CMAKE_JAVA_COMPILE_FLAGS "-Xlint:deprecation")

 if (NOT DEFINED VERSION)
    set(VERSION "10.0.0")
 endif(NOT DEFINED VERSION)

+if (NOT DEFINED NSS_DEFAULT_DB_TYPE)
+    set(NSS_DEFAULT_DB_TYPE "dbm")
+endif(NOT DEFINED NSS_DEFAULT_DB_TYPE)
+
+if (NOT DEFINED THEME)
+    set(VERSION "dogtag")
+endif(NOT DEFINED THEME)
+
 string(REGEX REPLACE "^([0-9]+).*" "\\1" APPLICATION_VERSION_MAJOR ${VERSION})
 string(REGEX REPLACE "^[0-9]+\\.([0-9]+).*" "\\1" APPLICATION_VERSION_MINOR ${VERSION})
 string(REGEX REPLACE "^[0-9]+\\.[0-9]+\\.([0-9]+).*" "\\1" APPLICATION_VERSION_PATCH ${VERSION})

-option(WITH_TOMCAT7 "Build Tomcat 7" ON)
-option(WITH_TOMCAT8 "Build Tomcat 8" ON)
-option(WITH_SERVER "Build Server" ON)
-option(WITH_JAVADOC "Build Javadoc" ON)
-
-if (BUILD_DOGTAG_PKI_THEME)
-    set(APPLICATION_FLAVOR_DOGTAG_PKI_THEME TRUE)
-elseif (BUILD_REDHAT_PKI_THEME)
-    set(APPLICATION_FLAVOR_REDHAT_PKI_THEME TRUE)
-elseif (BUILD_PKI_CORE)
-    set(APPLICATION_FLAVOR_PKI_CORE TRUE)
-elseif (BUILD_PKI_CONSOLE)
-    set(APPLICATION_FLAVOR_PKI_CONSOLE TRUE)
-endif ()
+set(APP_SERVER "tomcat-8.0" CACHE STRING "Application server")
+
+option(WITH_SERVER "Build server package" ON)
+option(WITH_JAVADOC "Build Javadoc package" ON)
+option(WITH_TEST "Run unit tests" ON)
+option(WITH_PYTHON2 "Build with Python 2 support" ON)
+option(WITH_PYTHON3 "Build with Python 3 support" ON)
+option(WITH_PYTHON3_DEFAULT "Build server and scripts with Python 3" OFF)

 set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}")

@@ -43,8 +48,8 @@ include(DefineCMakeDefaults)
 include(DefinePlatformDefaults)
 include(DefineCompilerFlags)
 include(DefineInstallationPaths)
-include(DefineOptions.cmake)
-include(CPackConfig.cmake)
+include(DefineOptions)
+include(CPackConfig)

 # disallow in-source build
 include(MacroEnsureOutOfSourceBuild)
@@ -59,28 +64,19 @@ file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/dist)
 # required for all PKI components
 include(JUnit)

-add_custom_target(unit-test)
-
 # search for libraries

 # required for all PKI components EXCEPT Theme-based components
-if (NOT APPLICATION_FLAVOR_DOGTAG_PKI_THEME   AND
-    NOT APPLICATION_FLAVOR_REDHAT_PKI_THEME)
+if (BUILD_PKI_CORE OR BUILD_PKI_CONSOLE)
    find_package(NSPR REQUIRED)
    find_package(NSS REQUIRED)
 endif ()

-# ONLY required for Java-based PKI components
-if (APPLICATION_FLAVOR_PKI_CORE         OR
-    APPLICATION_FLAVOR_PKI_CONSOLE      OR
-    APPLICATION_FLAVOR_DOGTAG_PKI_THEME OR
-    APPLICATION_FLAVOR_REDHAT_PKI_THEME)
 find_package(Java REQUIRED)
 find_package(JNI REQUIRED)
-endif ()

 # ONLY required for PKI_CORE
-if (APPLICATION_FLAVOR_PKI_CORE)
+if (BUILD_PKI_CORE)
    find_package(Ldap REQUIRED)
    # required for native 'tpsclient' utility
    find_package(APR REQUIRED)
@@ -90,48 +86,29 @@ endif ()
 set(CMAKE_THREAD_PREFER_PTHREADS ON)
 find_package(Threads)

-find_package(PythonInterp REQUIRED)
-execute_process(
-    COMMAND
-        ${PYTHON_EXECUTABLE} -c
-        "from distutils.sysconfig import get_python_lib; print get_python_lib()"
-    OUTPUT_VARIABLE
-        PYTHON2_SITE_PACKAGES
-    OUTPUT_STRIP_TRAILING_WHITESPACE
-)
-
-# CMake doesn't support multiple PythonInterp
-execute_process(
-    COMMAND
-        python3 -c
-        "from distutils.sysconfig import get_python_lib; print(get_python_lib())"
-    OUTPUT_VARIABLE
-        PYTHON3_SITE_PACKAGES
-    ERROR_VARIABLE
-        PYTHON3_ERROR
-    RESULT_VARIABLE
-        PYTHON3_RESULT
-    OUTPUT_STRIP_TRAILING_WHITESPACE
-)
-
-if(PYTHON3_RESULT)
-    message(WARNING "python3 not found: ${PYTHON3_RESULT}")
-    if(PYTHON3_ERROR)
-        message(WARNING ${PYTHON3_ERROR})
+# NSS default database type
+if (NSS_DEFAULT_DB_TYPE STREQUAL "dbm")
+    message(STATUS "Using old 'dbm' format for NSS_DEFAULT_DB_TYPE")
+elseif (NSS_DEFAULT_DB_TYPE STREQUAL "sql")
+    message(STATUS "Using new 'sql' format for NSS_DEFAULT_DB_TYPE")
+else()
+    message(FATAL_ERROR "Unsupported NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}")
 endif()
-    unset(PYTHON3_SITE_PACKAGES)
+
+# Detect default Python interpreter
+# Set PYTHON2_SITE_PACKAGES, PYTHON3_SITE_PACKAGES
+if (BUILD_PKI_CORE OR BUILD_PKI_CONSOLE)
+    include(DefinePythonSitePackages)
 endif ()
-unset(PYTHON3_RESULT)
-unset(PYTHON3_ERROR)

 # config.h checks
-include(ConfigureChecks.cmake)
-configure_file(config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h)
+include(ConfigureChecks)
+configure_file(cmake/config.h.in ${CMAKE_CURRENT_BINARY_DIR}/config.h)

 add_definitions(-DHAVE_CONFIG_H)

 # uninstall target
-configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
+configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake/cmake_uninstall.cmake.in"
               "${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
               IMMEDIATE @ONLY)

@@ -164,14 +141,10 @@ add_custom_target(clean-cmake
 )

 # check subdirectories
-if (APPLICATION_FLAVOR_PKI_CORE      OR
-    APPLICATION_FLAVOR_PKI_CONSOLE)
+if (BUILD_PKI_CORE OR BUILD_PKI_CONSOLE)
    add_subdirectory(base)
 endif ()

-# 'Themes' MUST be "mutually-exclusive"!
-if (APPLICATION_FLAVOR_DOGTAG_PKI_THEME)
-    add_subdirectory(dogtag)
-elseif (APPLICATION_FLAVOR_REDHAT_PKI_THEME)
-    add_subdirectory(redhat)
+if (NOT "${THEME}" STREQUAL "")
+    add_subdirectory(themes)
 endif ()
--- a/COPYING
+++ b/COPYING
--- a/README
+++ b/README
-# BEGIN COPYRIGHT BLOCK
-# (C) 2008 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-
-This Certificate System is open-source software.
-
-Please comply with the LICENSE contained in each of
-the individual components, and the EXPORT CONTROL
-regulations defined at:
-
-    http://pki.fedoraproject.org/wiki/PKI_Download
-
-
-These directories contain the following:
-
-   CMakeLists.txt
-   COPYING
-   CPackConfig.cmake
-   ConfigureChecks.cmake
-   DefineOptions.cmake
-   cmake_uninstall.cmake.in
-   config.h.cmake
-   cmake/    - These files and this directory contain
-               the top-level files necessary to integrate
-               the CMake build system in pki.
-
-    README   - This file.
-
-    base/    - Contains most of the base source code
-               needed to build this project.  Note that
-               this directory does NOT contain
-               implementation specific user-interface
-               components required to build a working
-               Certificate System.
-
-    dogtag/  - Contains the scripts and user-interface
-               components necessary to build a sample
-               working "Dogtag Certificate System".
-               The scripts in this directory leverage
-               the base source code located in the
-               "base/" directory, and are known to
-               work on both 32-bit and 64-bit
-               "Fedora" operating systems.  Users
-               who wish to experiment with this project
-               should focus on this directory first.
-
-    patches/ - Contains "patches" needed for specific
-               versions of this certificate system.
-
-    scripts/ - Contains "scripts" used by this
-               certificate system.  This directory
-               contains numerous "compose" scripts
-               useful for building RPMS/SRPMS of the
-               various certificate system components.
-
-    specs/   - Contains RPM spec files used for
-               building RPMS/SRPMS of the various
-               certificate system components.
-
-    tools/   - Contains utilities useful to
-               certificate system components.
-
-Detailed instructions for building, installing, and
-running this project are located at:
-
-    http://pki.fedoraproject.org/wiki/PKI_Main_Page
-
--- a/README.md
+++ b/README.md
+Dogtag PKI
+==========
+
+[![Build Status](https://travis-ci.org/dogtagpki/pki-nightly-test.svg?branch=master)](https://travis-ci.org/dogtagpki/pki-nightly-test)
+
+(C) 2008 Red Hat, Inc.
+All rights reserved.
+
+This Certificate System is open-source software.
+
+Please comply with the LICENSE contained in each of
+the individual components, and the EXPORT CONTROL
+regulations defined at:
+
+http://www.dogtagpki.org/wiki/PKI_Download
+
+These directories contain the following:
+
+* CMakeLists.txt
+* LICENSE
+* cmake
+
+  These files and this directory contain
+  the top-level files necessary to integrate
+  the CMake build system in pki.
+
+* README.md
+
+  This file.
+
+* base
+
+  Contains most of the base source code
+  needed to build this project.  Note that
+  this directory does NOT contain
+  implementation specific user-interface
+  components required to build a working
+  Certificate System.
+
+* themes
+
+  Contains the scripts and user-interface
+  components to customize PKI web UI and
+  console.
+
+* scripts
+
+  Contains "scripts" used by this
+  certificate system.  This directory
+  contains numerous "compose" scripts
+  useful for building RPMS/SRPMS of the
+  various certificate system components.
+
+* tools
+
+  Contains utilities useful to
+  certificate system components.
+
+Detailed instructions for building, installing, and
+running this project are located at:
+
+http://www.dogtagpki.org/wiki/PKI_Main_Page
+
--- a/base/CMakeLists.txt
+++ b/base/CMakeLists.txt
@@ -3,6 +3,7 @@ project(base)
 find_file(SERVLET_JAR
    NAMES
        servlet.jar
+        servlet-api-3.1.jar
    PATHS
        /usr/share/java
 )
@@ -11,6 +12,7 @@ find_file(JAXRS_API_JAR
    NAMES
        jaxrs-api.jar
        jboss-jaxrs-2.0-api.jar
+        javax.ws.rs-api.jar
    PATHS
        ${RESTEASY_LIB}
        /usr/share/java
@@ -21,6 +23,7 @@ find_file(SLF4J_API_JAR
        slf4j-api.jar
    PATHS
        /usr/share/java/slf4j
+        /usr/share/java
 )

 find_file(SLF4J_JDK14_JAR
@@ -28,6 +31,14 @@ find_file(SLF4J_JDK14_JAR
        slf4j-jdk14.jar
    PATHS
        /usr/share/java/slf4j
+        /usr/share/java
+)
+
+find_file(COMMONS_CLI_JAR
+    NAMES
+        commons-cli.jar
+    PATHS
+        /usr/share/java
 )

 find_file(COMMONS_CODEC_JAR
@@ -37,6 +48,14 @@ find_file(COMMONS_CODEC_JAR
        /usr/share/java
 )

+find_file(COMMONS_COLLECTIONS_JAR
+    NAMES
+        commons-collections.jar
+        commons-collections3.jar
+    PATHS
+        /usr/share/java
+)
+
 find_file(COMMONS_HTTPCLIENT_JAR
    NAMES
        commons-httpclient.jar
@@ -58,6 +77,13 @@ find_file(COMMONS_LANG_JAR
        /usr/share/java
 )

+find_file(COMMONS_LOGGING_JAR
+    NAMES
+        commons-logging.jar
+    PATHS
+        /usr/share/java
+)
+
 find_file(HAMCREST_JAR
    NAMES
        core.jar
@@ -70,6 +96,7 @@ find_file(HTTPCLIENT_JAR
        httpclient.jar
    PATHS
        /usr/share/java/httpcomponents
+        /usr/share/java
 )

 find_file(HTTPCORE_JAR
@@ -77,6 +104,7 @@ find_file(HTTPCORE_JAR
        httpcore.jar
    PATHS
        /usr/share/java/httpcomponents
+        /usr/share/java
 )

 find_file(JACKSON_CORE_JAR
@@ -84,6 +112,15 @@ find_file(JACKSON_CORE_JAR
        jackson-core-asl.jar
    PATHS
        /usr/share/java/jackson
+        /usr/share/java
+)
+
+find_file(JACKSON_JAXRS_JAR
+    NAMES
+        jackson-jaxrs.jar
+    PATHS
+        /usr/share/java/jackson
+        /usr/share/java
 )

 find_file(JACKSON_MAPPER_JAR
@@ -91,6 +128,38 @@ find_file(JACKSON_MAPPER_JAR
        jackson-mapper-asl.jar
    PATHS
        /usr/share/java/jackson
+        /usr/share/java
+)
+
+find_file(JACKSON_MRBEAN_JAR
+    NAMES
+        jackson-mrbean.jar
+    PATHS
+        /usr/share/java/jackson
+        /usr/share/java
+)
+
+find_file(JACKSON_SMILE_JAR
+    NAMES
+        jackson-smile.jar
+    PATHS
+        /usr/share/java/jackson
+        /usr/share/java
+)
+
+find_file(JACKSON_XC_JAR
+    NAMES
+        jackson-xc.jar
+    PATHS
+        /usr/share/java/jackson
+        /usr/share/java
+)
+
+find_file(JAXB_API_JAR
+    NAMES
+        jaxb-api.jar
+    PATHS
+        /usr/share/java
 )

 find_file(JSS_JAR
@@ -104,6 +173,7 @@ find_file(JSS_JAR
 find_file(JUNIT_JAR
    NAMES
        junit.jar
+        junit4.jar
    PATHS
        /usr/share/java
 )
@@ -138,39 +208,58 @@ find_file(RESTEASY_ATOM_PROVIDER_JAR
        ${RESTEASY_LIB}
 )

+find_file(JASPIC_API_JAR
+    NAMES
+        jaspic-api.jar
+        tomcat8-jaspic-api.jar
+    PATHS
+        /usr/share/java/tomcat
+        /usr/share/java
+)
+
 find_file(TOMCAT_API_JAR
    NAMES
        tomcat-api.jar
+        tomcat8-api.jar
    PATHS
        /usr/share/java/tomcat
+        /usr/share/java
 )

 find_file(TOMCAT_CATALINA_JAR
    NAMES
        catalina.jar
+        tomcat8-catalina.jar
    PATHS
        /usr/share/java/tomcat
+        /usr/share/java
 )

 find_file(TOMCAT_COYOTE_JAR
    NAMES
        tomcat-coyote.jar
+        tomcat8-coyote.jar
    PATHS
        /usr/share/java/tomcat
+        /usr/share/java
 )

 find_file(TOMCAT_UTIL_JAR
    NAMES
        tomcat-util.jar
+        tomcat8-util.jar
    PATHS
        /usr/share/java/tomcat
+        /usr/share/java
 )

 find_file(TOMCAT_UTIL_SCAN_JAR
    NAMES
        tomcat-util-scan.jar
+        tomcat8-util-scan.jar
    PATHS
        /usr/share/java/tomcat
+        /usr/share/java
 )

 find_file(TOMCATJSS_JAR
@@ -191,6 +280,7 @@ find_file(VELOCITY_JAR
 find_file(XALAN_JAR
    NAMES
        xalan-j2.jar
+        xalan2.jar
    PATHS
        ${JAVA_LIB_INSTALL_DIR}
        /usr/share/java
@@ -199,14 +289,30 @@ find_file(XALAN_JAR
 find_file(XERCES_JAR
    NAMES
        xerces-j2.jar
+        xercesImpl.jar
    PATHS
        ${JAVA_LIB_INSTALL_DIR}
        /usr/share/java
 )

-# The order is important!
-if (APPLICATION_FLAVOR_PKI_CORE)
+find_file(XML_COMMONS_APIS_JAR
+    NAMES
+        xml-commons-apis.jar
+        xml-apis.jar
+    PATHS
+        /usr/share/java
+)
+
+find_file(XML_COMMONS_RESOLVER_JAR
+    NAMES
+        xml-commons-resolver.jar
+        xml-resolver.jar
+    PATHS
+        /usr/share/java
+)

+# The order is important!
+if (BUILD_PKI_CORE OR BUILD_PKI_CONSOLE)
    add_subdirectory(test)
    add_subdirectory(symkey)
    add_subdirectory(util)
@@ -224,12 +330,33 @@ if (APPLICATION_FLAVOR_PKI_CORE)
        # required for native 'tpsclient' utility
        add_subdirectory(tps-client)

+        list(APPEND PKI_JAVADOC_SOURCEPATH
+            ${CMAKE_SOURCE_DIR}/base/server/cms/src)
+
+        list(APPEND PKI_JAVADOC_SUBPACKAGES
+            com.netscape.cms)
+
+        list(APPEND PKI_JAVADOC_CLASSPATH
+            ${PKI_TOMCAT_JAR}
+            ${PKI_CMS_JAR}
+            ${PKI_CMSCORE_JAR})
+
+        list(APPEND PKI_JAVADOC_DEPENDS
+            pki-tomcat-jar
+            pki-cms-jar
+            pki-cmscore-jar
+            pki-ca-jar
+            pki-kra-jar
+            pki-ocsp-jar
+            pki-tks-jar
+            pki-tps-jar)
+
+    endif(WITH_SERVER)
+
    if(WITH_JAVADOC)
        add_subdirectory(javadoc)
    endif(WITH_JAVADOC)

-    endif(WITH_SERVER)
-
    configure_file(
        ${CMAKE_CURRENT_SOURCE_DIR}/VERSION
        ${CMAKE_CURRENT_BINARY_DIR}/VERSION
@@ -242,9 +369,8 @@ if (APPLICATION_FLAVOR_PKI_CORE)
            ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}
    )

-endif (APPLICATION_FLAVOR_PKI_CORE)
+endif (BUILD_PKI_CORE OR BUILD_PKI_CONSOLE)

-if (APPLICATION_FLAVOR_PKI_CONSOLE)
-    add_subdirectory(test)
+if (BUILD_PKI_CONSOLE)
    add_subdirectory(console)
-endif (APPLICATION_FLAVOR_PKI_CONSOLE)
+endif (BUILD_PKI_CONSOLE)
--- a/base/ca/CMakeLists.txt
+++ b/base/ca/CMakeLists.txt
@@ -3,29 +3,26 @@ project(ca NONE)
 add_subdirectory(src)
 add_subdirectory(setup)
 add_subdirectory(shared/conf)
+add_subdirectory(${APP_SERVER})

-if(WITH_TOMCAT7)
-    add_subdirectory(tomcat7)
-endif(WITH_TOMCAT7)
+# Create links at /usr/share/pki/ca/webapps/ca/admin/console.
+# Create links in /usr/share/pki/ca/webapps/ca/WEB-INF/lib.
+# This can be customized for different platforms in RPM spec.

-if(WITH_TOMCAT8)
-    add_subdirectory(tomcat8)
-endif(WITH_TOMCAT8)
-
-# Create /usr/share/pki/ca/webapps/ca/WEB-INF/lib. This can be customized for different platforms in RPM spec.
-
-add_custom_target(pki-ca-lib ALL)
+add_custom_target(pki-ca-links ALL)

 add_custom_command(
-    TARGET pki-ca-lib
+    TARGET pki-ca-links
+    COMMAND ${CMAKE_COMMAND} -E make_directory webapp/admin
+    COMMAND ln -sf ${DATA_INSTALL_DIR}/server/webapps/pki/admin/console ${CMAKE_CURRENT_BINARY_DIR}/webapp/admin
    COMMAND ${CMAKE_COMMAND} -E make_directory webapp/lib
-    COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-nsutil.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-nsutil.jar
-    COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-cmsutil.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cmsutil.jar
-    COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-certsrv.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-certsrv.jar
-    COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-cms.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cms.jar
-    COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-cmscore.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cmscore.jar
-    COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-cmsbundle.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cmsbundle.jar
-    COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-ca.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-ca.jar
+    COMMAND ${CMAKE_COMMAND} -E create_symlink ${SLF4J_API_JAR} webapp/lib/slf4j-api.jar
+    COMMAND ${CMAKE_COMMAND} -E create_symlink ${SLF4J_JDK14_JAR} webapp/lib/slf4j-jdk14.jar
+    COMMAND ln -sf /usr/share/java/pki/pki-certsrv.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-certsrv.jar
+    COMMAND ln -sf /usr/share/java/pki/pki-cms.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cms.jar
+    COMMAND ln -sf /usr/share/java/pki/pki-cmscore.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cmscore.jar
+    COMMAND ln -sf /usr/share/java/pki/pki-cmsbundle.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cmsbundle.jar
+    COMMAND ln -sf /usr/share/java/pki/pki-ca.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-ca.jar
 )

 # install directories
@@ -38,6 +35,13 @@ install(
        "CMakeLists.txt" EXCLUDE
 )

+install(
+    FILES
+        ${CMAKE_CURRENT_BINARY_DIR}/webapp/admin/
+    DESTINATION
+        ${DATA_INSTALL_DIR}/ca/webapps/ca/admin
+)
+
 install(
    DIRECTORY
        ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/

--- a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java
+++ b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java
@@ -31,8 +31,8 @@ import org.mozilla.jss.crypto.AlreadyInitializedException;
 import org.mozilla.jss.crypto.CryptoToken;
 import org.mozilla.jss.util.Password;

-import com.netscape.certsrv.ca.CAClient;
 import com.netscape.certsrv.ca.CACertClient;
+import com.netscape.certsrv.ca.CAClient;
 import com.netscape.certsrv.cert.CertData;
 import com.netscape.certsrv.cert.CertDataInfo;
 import com.netscape.certsrv.cert.CertDataInfos;
@@ -158,7 +158,7 @@ public class CATest {

        try {
            ClientConfig config = new ClientConfig();
-            config.setServerURI(protocol + "://" + host + ":" + port);
+            config.setServerURL(protocol + "://" + host + ":" + port);
            config.setCertNickname(clientCertNickname);

            client = new CAClient(new PKIClient(config, null));

--- a/base/ca/shared/conf/CS.cfg
+++ b/base/ca/shared/conf/CS.cfg
--- a/base/ca/shared/conf/ECadminCert.profile
+++ b/base/ca/shared/conf/ECadminCert.profile
+#
+# Admin Certificate
+#
+id=adminCert.profile
+name=All Purpose admin cert with ECC keys Profile
+description=This profile creates an administrator's certificate with ECC keys
+profileIDMapping=caAdminCert
+profileSetIDMapping=adminCertSet
+list=2,4,5,6,7
+2.default.class=com.netscape.cms.profile.def.ValidityDefault
+2.default.name=Validity Default
+2.default.params.range=720
+2.default.params.startTime=0
+4.default.class=com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault
+4.default.name=Authority Key Identifier Default
+5.default.class=com.netscape.cms.profile.def.AuthInfoAccessExtDefault
+5.default.name=AIA Extension Default
+5.default.params.authInfoAccessADEnable_0=true
+5.default.params.authInfoAccessADLocationType_0=URIName
+5.default.params.authInfoAccessADLocation_0=
+5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
+5.default.params.authInfoAccessCritical=false
+5.default.params.authInfoAccessNumADs=1
+6.default.class=com.netscape.cms.profile.def.KeyUsageExtDefault
+6.default.name=Key Usage Default
+6.default.params.keyUsageCritical=true
+6.default.params.keyUsageDigitalSignature=true
+6.default.params.keyUsageNonRepudiation=true
+6.default.params.keyUsageDataEncipherment=true
+6.default.params.keyUsageKeyEncipherment=false
+6.default.params.keyUsageKeyAgreement=true
+6.default.params.keyUsageKeyCertSign=false
+6.default.params.keyUsageCrlSign=false
+6.default.params.keyUsageEncipherOnly=false
+6.default.params.keyUsageDecipherOnly=false
+7.default.class=com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault
+7.default.name=Extended Key Usage Extension Default
+7.default.params.exKeyUsageCritical=false
+7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
--- a/base/ca/shared/conf/ECserverCert.profile
+++ b/base/ca/shared/conf/ECserverCert.profile
+#
+# ECC Server Certificate
+#
+id=serverCert.profile
+name=All Purpose SSL server cert with ECC keys Profile
+description=This profile creates an SSL server certificate with ECC keys that is valid for SSL servers
+profileIDMapping=caECServerCert
+profileSetIDMapping=serverCertSet
+list=2,4,5,6,7
+2.default.class=com.netscape.cms.profile.def.ValidityDefault
+2.default.name=Validity Default
+2.default.params.range=720
+2.default.params.startTime=0
+4.default.class=com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault
+4.default.name=Authority Key Identifier Default
+5.default.class=com.netscape.cms.profile.def.AuthInfoAccessExtDefault
+5.default.name=AIA Extension Default
+5.default.params.authInfoAccessADEnable_0=true
+5.default.params.authInfoAccessADLocationType_0=URIName
+5.default.params.authInfoAccessADLocation_0=
+5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
+5.default.params.authInfoAccessCritical=false
+5.default.params.authInfoAccessNumADs=1
+6.default.class=com.netscape.cms.profile.def.KeyUsageExtDefault
+6.default.name=Key Usage Default
+6.default.params.keyUsageCritical=true
+6.default.params.keyUsageDigitalSignature=true
+6.default.params.keyUsageNonRepudiation=false
+6.default.params.keyUsageDataEncipherment=true
+6.default.params.keyUsageKeyEncipherment=false
+6.default.params.keyUsageKeyAgreement=true
+6.default.params.keyUsageKeyCertSign=false
+6.default.params.keyUsageCrlSign=false
+6.default.params.keyUsageEncipherOnly=false
+6.default.params.keyUsageDecipherOnly=false
+7.default.class=com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault
+7.default.name=Extended Key Usage Extension Default
+7.default.params.exKeyUsageCritical=false
+7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1
--- a/base/ca/shared/conf/ECsubsystemCert.profile
+++ b/base/ca/shared/conf/ECsubsystemCert.profile
+#
+# ECC Subsystem Certificate
+#
+id=subsystemCert.profile
+name=Subsystem cert with ECC keys Profile
+description=This profile creates a subsystem certificate with ECC keys that is valid for SSL clients
+profileIDMapping=caECSubsystemCert
+profileSetIDMapping=serverCertSet
+list=2,4,5,6,7
+2.default.class=com.netscape.cms.profile.def.ValidityDefault
+2.default.name=Validity Default
+2.default.params.range=720
+2.default.params.startTime=0
+4.default.class=com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault
+4.default.name=Authority Key Identifier Default
+5.default.class=com.netscape.cms.profile.def.AuthInfoAccessExtDefault
+5.default.name=AIA Extension Default
+5.default.params.authInfoAccessADEnable_0=true
+5.default.params.authInfoAccessADLocationType_0=URIName
+5.default.params.authInfoAccessADLocation_0=
+5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
+5.default.params.authInfoAccessCritical=false
+5.default.params.authInfoAccessNumADs=1
+6.default.class=com.netscape.cms.profile.def.KeyUsageExtDefault
+6.default.name=Key Usage Default
+6.default.params.keyUsageCritical=true
+6.default.params.keyUsageDigitalSignature=true
+6.default.params.keyUsageNonRepudiation=false
+6.default.params.keyUsageDataEncipherment=true
+6.default.params.keyUsageKeyEncipherment=false
+6.default.params.keyUsageKeyAgreement=true
+6.default.params.keyUsageKeyCertSign=false
+6.default.params.keyUsageCrlSign=false
+6.default.params.keyUsageEncipherOnly=false
+6.default.params.keyUsageDecipherOnly=false
+7.default.class=com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault
+7.default.name=Extended Key Usage Extension Default
+7.default.params.exKeyUsageCritical=false
+7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2