Skip to content
Commits on Source (22)
Show whitespace changes
Inline Side-by-side
.classpath
View file @ df2ca6ab
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
<classpathentry kind="src" path="tomcat-8.5/src"/>
<classpathentry kind="src" path="tomcat-8.0/src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-lang.jar"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
......@@ -9,5 +9,6 @@
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-coyote.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-juli.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-util.jar"/>
<classpathentry kind="lib" path="/usr/share/java/slf4j/slf4j-api.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>
.travis.yml 0 → 100644
View file @ df2ca6ab
# BEGIN COPYRIGHT BLOCK
# (C) 2018 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
services:
- docker
env:
- FEDORA=27
- FEDORA=28
install:
- docker pull registry.fedoraproject.org/fedora:$FEDORA
- docker run
--name=container
--detach
-i
-v $(pwd):/root/tomcatjss
registry.fedoraproject.org/fedora:$FEDORA
- docker exec container dnf install -y dnf-plugins-core gcc make rpm-build
- docker exec container dnf copr -y enable @pki/10.6
- docker exec container dnf builddep -y --spec /root/tomcatjss/tomcatjss.spec.in
- docker exec container dnf remove -y tomcat-native
- docker exec container /root/tomcatjss/build.sh --with-timestamp --with-commit-id rpm
script:
- docker exec container rpm -Uvh /root/build/tomcatjss/RPMS/*
build.sh 0 → 100755
View file @ df2ca6ab
#!/bin/bash -e
# BEGIN COPYRIGHT BLOCK
# (C) 2018 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
NAME=tomcatjss
SCRIPT_PATH=`readlink -f "$0"`
SCRIPT_NAME=`basename "$SCRIPT_PATH"`
SRC_DIR=`dirname "$SCRIPT_PATH"`
WORK_DIR="$HOME/build/$NAME"
SOURCE_TAG=
WITH_TIMESTAMP=
WITH_COMMIT_ID=
DIST=
VERBOSE=
DEBUG=
usage() {
echo "Usage: $SCRIPT_NAME [OPTIONS] <target>"
echo
echo "Options:"
echo " --work-dir=<path> Working directory (default: $WORK_DIR)."
echo " --source-tag=<tag> Generate RPM sources from a source tag."
echo " --with-timestamp Append timestamp to release number."
echo " --with-commit-id Append commit ID to release number."
echo " --dist=<name> Distribution name (e.g. fc28)."
echo " -v,--verbose Run in verbose mode."
echo " --debug Run in debug mode."
echo " --help Show help message."
echo
echo "Target:"
echo " src Generate RPM sources."
echo " spec Generate RPM spec."
echo " srpm Build SRPM package."
echo " rpm Build RPM packages (default)."
}
generate_rpm_sources() {
TARBALL="$NAME-$VERSION${_PHASE}.tar.gz"
if [ "$SOURCE_TAG" != "" ] ; then
if [ "$VERBOSE" = true ] ; then
echo "Generating $TARBALL from $SOURCE_TAG tag"
fi
git -C "$SRC_DIR" \
archive \
--format=tar.gz \
--prefix $NAME-$VERSION${_PHASE}/ \
-o "$WORK_DIR/SOURCES/$TARBALL" \
$SOURCE_TAG
if [ "$SOURCE_TAG" != "HEAD" ] ; then
TAG_ID=`git -C "$SRC_DIR" rev-parse $SOURCE_TAG`
HEAD_ID=`git -C "$SRC_DIR" rev-parse HEAD`
if [ "$TAG_ID" != "$HEAD_ID" ] ; then
generate_patch
fi
fi
return
fi
if [ "$VERBOSE" = true ] ; then
echo "Generating $TARBALL"
fi
tar czf "$WORK_DIR/SOURCES/$TARBALL" \
--transform "s,^./,$NAME-$VERSION${_PHASE}/," \
--exclude .git \
--exclude bin \
-C "$SRC_DIR" \
.
}
generate_patch() {
PATCH="$NAME-$VERSION-$RELEASE.patch"
if [ "$VERBOSE" = true ] ; then
echo "Generating $PATCH for all changes since $SOURCE_TAG tag"
fi
git -C "$SRC_DIR" \
format-patch \
--stdout \
$SOURCE_TAG \
> "$WORK_DIR/SOURCES/$PATCH"
}
generate_rpm_spec() {
RPM_SPEC="$NAME.spec"
if [ "$VERBOSE" = true ] ; then
echo "Generating $RPM_SPEC"
fi
# hard-code timestamp
commands="s/%{?_timestamp}/${_TIMESTAMP}/g"
# hard-code commit ID
commands="${commands}; s/%{?_commit_id}/${_COMMIT_ID}/g"
# hard-code phase
commands="${commands}; s/%{?_phase}/${_PHASE}/g"
# hard-code patch
if [ "$PATCH" != "" ] ; then
commands="${commands}; s/# Patch: tomcatjss-VERSION-RELEASE.patch/Patch: $PATCH/g"
fi
sed "$commands" "$SPEC_TEMPLATE" > "$WORK_DIR/SPECS/$RPM_SPEC"
# rpmlint "$WORK_DIR/SPECS/$RPM_SPEC"
}
while getopts v-: arg ; do
case $arg in
v)
VERBOSE=true
;;
-)
LONG_OPTARG="${OPTARG#*=}"
case $OPTARG in
work-dir=?*)
WORK_DIR=`readlink -f "$LONG_OPTARG"`
;;
source-tag=?*)
SOURCE_TAG="$LONG_OPTARG"
;;
with-timestamp)
WITH_TIMESTAMP=true
;;
with-commit-id)
WITH_COMMIT_ID=true
;;
dist=?*)
DIST="$LONG_OPTARG"
;;
verbose)
VERBOSE=true
;;
debug)
VERBOSE=true
DEBUG=true
;;
help)
usage
exit
;;
'')
break # "--" terminates argument processing
;;
work-dir* | source-tag* | dist*)
echo "ERROR: Missing argument for --$OPTARG option" >&2
exit 1
;;
*)
echo "ERROR: Illegal option --$OPTARG" >&2
exit 1
;;
esac
;;
\?)
exit 1 # getopts already reported the illegal option
;;
esac
done
# remove parsed options and args from $@ list
shift $((OPTIND-1))
if [ "$#" -lt 1 ] ; then
BUILD_TARGET=rpm
else
BUILD_TARGET=$1
fi
if [ "$DEBUG" = true ] ; then
echo "WORK_DIR: $WORK_DIR"
echo "BUILD_TARGET: $BUILD_TARGET"
fi
if [ "$BUILD_TARGET" != "src" ] &&
[ "$BUILD_TARGET" != "spec" ] &&
[ "$BUILD_TARGET" != "srpm" ] &&
[ "$BUILD_TARGET" != "rpm" ] ; then
echo "ERROR: Invalid build target: $BUILD_TARGET" >&2
exit 1
fi
SPEC_TEMPLATE="$SRC_DIR/$NAME.spec.in"
VERSION="`rpmspec -P "$SPEC_TEMPLATE" | grep "^Version:" | awk '{print $2;}'`"
if [ "$DEBUG" = true ] ; then
echo "VERSION: $VERSION"
fi
RELEASE="`rpmspec -P "$SPEC_TEMPLATE" --undefine dist | grep "^Release:" | awk '{print $2;}'`"
if [ "$DEBUG" = true ] ; then
echo "RELEASE: $RELEASE"
fi
spec=$(<"$SPEC_TEMPLATE")
regex=$'%global *_phase *([^\n]+)'
if [[ $spec =~ $regex ]] ; then
_PHASE="${BASH_REMATCH[1]}"
fi
if [ "$DEBUG" = true ] ; then
echo "PHASE: ${_PHASE}"
fi
if [ "$WITH_TIMESTAMP" = true ] ; then
TIMESTAMP="`date +"%Y%m%d%H%M%S"`"
_TIMESTAMP=".$TIMESTAMP"
fi
if [ "$DEBUG" = true ] ; then
echo "TIMESTAMP: $TIMESTAMP"
fi
if [ "$WITH_COMMIT_ID" = true ]; then
COMMIT_ID="`git -C "$SRC_DIR" rev-parse --short=8 HEAD`"
_COMMIT_ID=".$COMMIT_ID"
fi
if [ "$DEBUG" = true ] ; then
echo "COMMIT_ID: $COMMIT_ID"
fi
echo "Building $NAME-$VERSION-$RELEASE${_TIMESTAMP}${_COMMIT_ID}"
################################################################################
# Initialize working directory
################################################################################
if [ "$VERBOSE" = true ] ; then
echo "Initializing $WORK_DIR"
fi
mkdir -p $WORK_DIR
cd $WORK_DIR
rm -rf BUILD
rm -rf RPMS
rm -rf SOURCES
rm -rf SPECS
rm -rf SRPMS
mkdir BUILD
mkdir RPMS
mkdir SOURCES
mkdir SPECS
mkdir SRPMS
################################################################################
# Generate RPM sources
################################################################################
generate_rpm_sources
echo "RPM sources:"
find "$WORK_DIR/SOURCES" -type f -printf " %p\n"
if [ "$BUILD_TARGET" = "src" ] ; then
exit
fi
################################################################################
# Generate RPM spec
################################################################################
generate_rpm_spec
echo "RPM spec:"
find "$WORK_DIR/SPECS" -type f -printf " %p\n"
if [ "$BUILD_TARGET" = "spec" ] ; then
exit
fi
################################################################################
# Build source package
################################################################################
OPTIONS=()
OPTIONS+=(--quiet)
OPTIONS+=(--define "_topdir ${WORK_DIR}")
if [ "$WITH_TIMESTAMP" = true ] ; then
OPTIONS+=(--define "_timestamp ${_TIMESTAMP}")
fi
if [ "$WITH_COMMIT_ID" = true ] ; then
OPTIONS+=(--define "_commit_id ${_COMMIT_ID}")
fi
if [ "$DIST" != "" ] ; then
OPTIONS+=(--define "dist .$DIST")
fi
if [ "$DEBUG" = true ] ; then
echo "rpmbuild -bs ${OPTIONS[@]} $WORK_DIR/SPECS/$RPM_SPEC"
fi
# build SRPM with user-provided options
rpmbuild -bs "${OPTIONS[@]}" "$WORK_DIR/SPECS/$RPM_SPEC"
rc=$?
if [ $rc != 0 ]; then
echo "ERROR: Unable to build SRPM package"
exit 1
fi
SRPM=`find "$WORK_DIR/SRPMS" -type f`
echo "SRPM package:"
echo " $SRPM"
if [ "$BUILD_TARGET" = "srpm" ] ; then
exit
fi
################################################################################
# Build binary packages
################################################################################
OPTIONS=()
if [ "$VERBOSE" = true ] ; then
OPTIONS+=(--define "_verbose 1")
fi
OPTIONS+=(--define "_topdir ${WORK_DIR}")
if [ "$DEBUG" = true ] ; then
echo "rpmbuild --rebuild ${OPTIONS[@]} $SRPM"
fi
# rebuild RPM with hard-coded options in SRPM
rpmbuild --rebuild "${OPTIONS[@]}" "$SRPM"
rc=$?
if [ $rc != 0 ]; then
echo "ERROR: Unable to build RPM packages"
exit 1
fi
# install SRPM to restore sources and spec file removed during rebuild
rpm -i --define "_topdir $WORK_DIR" "$SRPM"
# flatten folder
find "$WORK_DIR/RPMS" -mindepth 2 -type f -exec mv -i '{}' "$WORK_DIR/RPMS" ';'
# remove empty subfolders
find "$WORK_DIR/RPMS" -mindepth 1 -type d -delete
echo "RPM packages:"
find "$WORK_DIR/RPMS" -type f -printf " %p\n"
build.xml
View file @ df2ca6ab
......@@ -99,6 +99,7 @@
-->
<property name="jar.home" value="/usr/share/java" />
<property name="commons-logging.jar" value="${jar.home}/commons-logging-api.jar" />
<property name="slf4j-api.jar" value="${jar.home}/slf4j/slf4j-api.jar" />
<property name="tomcat.home" value="/usr/share/tomcat" />
<property name="tomcat-coyote.jar" value="${tomcat.home}/lib/tomcat-coyote.jar" />
......@@ -119,6 +120,7 @@
<pathelement location="${tomcat-juli.jar}"/>
<pathelement location="${commons-logging.jar}"/>
<pathelement location="${commons-lang.jar}"/>
<pathelement location="${slf4j-api.jar}"/>
</path>
<!--
......
debian/changelog
View file @ df2ca6ab
tomcatjss (7.3.0-3) UNRELEASED; urgency=medium
tomcatjss (7.3.3-1) unstable; urgency=medium
* New upstream release.
* control: Fix maintainer address.
* Add dependency on libslf4j-java.
* Bump dep on libjss-java.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 03 May 2018 12:16:03 +0300
-- Timo Aaltonen <tjaalton@debian.org> Sun, 05 Aug 2018 00:27:00 +0300
tomcatjss (7.3.0-2) unstable; urgency=medium
......
debian/control
View file @ df2ca6ab
......@@ -10,7 +10,8 @@ Build-Depends:
javahelper,
libcommons-lang-java,
libcommons-logging-java,
libjss-java (>= 4.4.2),
libjss-java (>= 4.5.0~a4),
libslf4j-java,
libtomcat8-java,
Standards-Version: 4.1.4
Homepage: http://pki.fedoraproject.org
......@@ -20,7 +21,9 @@ Vcs-Browser: https://salsa.debian.org/freeipa-team/tomcatjss.git
Package: libtomcatjss-java
Architecture: all
Depends: libtomcat8-java, ${java:Depends}, ${misc:Depends},
libjss-java (>= 4.3.1-5)
libcommons-lang-java,
libjss-java (>= 4.5.0~a4),
libslf4j-java,
Conflicts: libtcnative-1
Breaks: pki-server (<< 10.3.5-2)
Description: JSSE implementation using JSS for Tomcat
......
debian/rules
View file @ df2ca6ab
......@@ -14,6 +14,7 @@ override_dh_auto_build:
-Dtomcat-juli.jar=/usr/share/java/tomcat8-juli.jar \
-Dinstall.doc.dir=build/usr/share/doc/tomcatjss \
-Dinstall.jar.dir=build/usr/share/java \
-Dslf4j-api.jar=/usr/share/java/slf4j-api.jar \
install
override_dh_auto_install:
......
src/org/apache/tomcat/util/net/jss/TomcatJSS.java
View file @ df2ca6ab
......@@ -27,10 +27,10 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.StringTokenizer;
import java.util.logging.Logger;
import org.apache.commons.lang.StringUtils;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.InitializationValues;
import org.mozilla.jss.NoSuchTokenException;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.CryptoToken;
......@@ -44,10 +44,12 @@ import org.mozilla.jss.ssl.SSLSocket.SSLVersionRange;
import org.mozilla.jss.ssl.SSLSocketListener;
import org.mozilla.jss.util.IncorrectPasswordException;
import org.mozilla.jss.util.Password;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class TomcatJSS implements SSLSocketListener {
final static Logger logger = Logger.getLogger(TomcatJSS.class.getName());
public static Logger logger = LoggerFactory.getLogger(TomcatJSS.class);
public final static TomcatJSS INSTANCE = new TomcatJSS();
public static final int MAX_LOGIN_ATTEMPTS = 3;
......@@ -295,10 +297,10 @@ public class TomcatJSS implements SSLSocketListener {
logger.info("TomcatJSS: initialization");
logger.fine("certdbDir: " + certdbDir);
logger.fine("passwordClass: " + passwordClass);
logger.fine("passwordFile: " + passwordFile);
logger.fine("serverCertNickFile: " + serverCertNickFile);
logger.debug("certdbDir: " + certdbDir);
logger.debug("passwordClass: " + passwordClass);
logger.debug("passwordFile: " + passwordFile);
logger.debug("serverCertNickFile: " + serverCertNickFile);
if (certdbDir == null) {
throw new Exception("Missing certdbDir");
......@@ -312,7 +314,7 @@ public class TomcatJSS implements SSLSocketListener {
throw new Exception("Missing serverCertNickFile");
}
CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
InitializationValues vals = new InitializationValues(
certdbDir, "", "", "secmod.db");
vals.removeSunProvider = false;
......@@ -322,7 +324,7 @@ public class TomcatJSS implements SSLSocketListener {
CryptoManager.initialize(vals);
} catch (AlreadyInitializedException e) {
logger.warning("TomcatJSS: " + e);
logger.warn("TomcatJSS: " + e);
}
manager = CryptoManager.getInstance();
......@@ -333,22 +335,22 @@ public class TomcatJSS implements SSLSocketListener {
login();
serverCertNick = new String(Files.readAllBytes(Paths.get(serverCertNickFile))).trim();
logger.fine("serverCertNick: " + serverCertNick);
logger.debug("serverCertNick: " + serverCertNick);
logger.fine("clientAuth: " + clientAuth);
logger.debug("clientAuth: " + clientAuth);
if (clientAuth.equalsIgnoreCase("true")) {
requireClientAuth = true;
} else if (clientAuth.equalsIgnoreCase("yes")) {
requireClientAuth = true;
logger.warning("The \"yes\" value for clientAuth has been deprecated. Use \"true\" instead.");
logger.warn("The \"yes\" value for clientAuth has been deprecated. Use \"true\" instead.");
} else if (clientAuth.equalsIgnoreCase("want")) {
wantClientAuth = true;
}
logger.fine("requireClientAuth: " + requireClientAuth);
logger.fine("wantClientAuth: " + wantClientAuth);
logger.debug("requireClientAuth: " + requireClientAuth);
logger.debug("wantClientAuth: " + wantClientAuth);
if (requireClientAuth || wantClientAuth) {
configureOCSP();
......@@ -357,13 +359,13 @@ public class TomcatJSS implements SSLSocketListener {
// 12 hours = 43200 seconds
SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
logger.fine("strictCiphers: " + strictCiphers);
logger.debug("strictCiphers: " + strictCiphers);
if ("true".equalsIgnoreCase(strictCiphers)) {
boolStrictCiphers = true;
} else if ("yes".equalsIgnoreCase(strictCiphers)) {
boolStrictCiphers = true;
logger.warning("The \"yes\" value for strictCiphers has been deprecated. Use \"true\" instead.");
logger.warn("The \"yes\" value for strictCiphers has been deprecated. Use \"true\" instead.");
}
if (boolStrictCiphers) {
......@@ -371,7 +373,7 @@ public class TomcatJSS implements SSLSocketListener {
unsetSSLCiphers();
}
logger.fine("sslVersionRangeStream: " + sslVersionRangeStream);
logger.debug("sslVersionRangeStream: " + sslVersionRangeStream);
if (StringUtils.isNotEmpty(sslVersionRangeStream)) {
setSSLVersionRangeDefault(
"STREAM",
......@@ -379,7 +381,7 @@ public class TomcatJSS implements SSLSocketListener {
sslVersionRangeStream);
}
logger.fine("sslVersionRangeDatagram: " + sslVersionRangeDatagram);
logger.debug("sslVersionRangeDatagram: " + sslVersionRangeDatagram);
if (StringUtils.isNotEmpty(sslVersionRangeDatagram)) {
setSSLVersionRangeDefault(
"DATA_GRAM",
......@@ -412,7 +414,7 @@ public class TomcatJSS implements SSLSocketListener {
public void login() throws Exception {
logger.fine("TomcatJSS: logging into tokens");
logger.debug("TomcatJSS: logging into tokens");
Enumeration<String> tags = passwordStore.getTags();
......@@ -433,39 +435,43 @@ public class TomcatJSS implements SSLSocketListener {
try {
token = getToken(tag);
} catch (NoSuchTokenException e) {
logger.warning("TomcatJSS: token for " + tag + " not found");
logger.warn("TomcatJSS: token for " + tag + " not found");
return;
}
if (token.isLoggedIn()) {
logger.debug("TomcatJSS: already logged into " + tag);
return;
}
logger.debug("TomcatJSS: logging into " + tag);
int iteration = 0;
do {
String strPassword = passwordStore.getPassword(tag, iteration);
if (strPassword == null) {
logger.fine("TomcatJSS: no password for " + tag);
logger.debug("TomcatJSS: no password for " + tag);
return;
}
Password password = new Password(strPassword.toCharArray());
if (token.isLoggedIn()) {
logger.fine("TomcatJSS: already logged into " + tag);
return;
}
logger.fine("TomcatJSS: logging into " + tag);
try {
token.login(password);
return;
} catch (IncorrectPasswordException e) {
logger.warning("TomcatJSS: incorrect password");
logger.warn("TomcatJSS: incorrect password");
iteration ++;
} finally {
password.clear();
}
} while (iteration < MAX_LOGIN_ATTEMPTS);
logger.severe("TomcatJSS: failed to log into " + tag);
logger.error("TomcatJSS: failed to log into " + tag);
}
public CryptoToken getToken(String tag) throws Exception {
......@@ -487,17 +493,17 @@ public class TomcatJSS implements SSLSocketListener {
logger.info("configuring OCSP");
logger.fine("enableOCSP: " + enableOCSP);
logger.debug("enableOCSP: " + enableOCSP);
if (!enableOCSP) {
return;
}
logger.fine("ocspResponderURL: " + ocspResponderURL);
logger.debug("ocspResponderURL: " + ocspResponderURL);
if (StringUtils.isEmpty(ocspResponderURL)) {
throw new Exception("Missing ocspResponderURL");
}
logger.fine("ocspResponderCertNickname: " + ocspResponderCertNickname);
logger.debug("ocspResponderCertNickname: " + ocspResponderCertNickname);
if (StringUtils.isEmpty(ocspResponderCertNickname)) {
throw new Exception("Missing ocspResponderCertNickname");
}
......@@ -507,15 +513,15 @@ public class TomcatJSS implements SSLSocketListener {
ocspResponderURL,
ocspResponderCertNickname);
logger.fine("ocspCacheSize: " + ocspCacheSize);
logger.fine("ocspMinCacheEntryDuration: " + ocspMinCacheEntryDuration);
logger.fine("ocspMaxCacheEntryDuration: " + ocspMaxCacheEntryDuration);
logger.debug("ocspCacheSize: " + ocspCacheSize);
logger.debug("ocspMinCacheEntryDuration: " + ocspMinCacheEntryDuration);
logger.debug("ocspMaxCacheEntryDuration: " + ocspMaxCacheEntryDuration);
manager.OCSPCacheSettings(ocspCacheSize,
ocspMinCacheEntryDuration,
ocspMaxCacheEntryDuration);
logger.fine("ocspTimeout: " + ocspTimeout);
logger.debug("ocspTimeout: " + ocspTimeout);
manager.setOCSPTimeout(ocspTimeout);
}
......@@ -525,7 +531,7 @@ public class TomcatJSS implements SSLSocketListener {
*/
public void unsetSSLCiphers() throws SocketException {
logger.fine("Disabling SSL ciphers:");
logger.debug("Disabling SSL ciphers:");
int[] cipherIDs = SSLSocket.getImplementedCipherSuites();
if (cipherIDs == null) return;
......@@ -542,7 +548,7 @@ public class TomcatJSS implements SSLSocketListener {
sb.append(cipher.name());
}
logger.fine(sb.toString());
logger.debug(sb.toString());
SSLSocket.setCipherPreferenceDefault(cipherID, false);
}
......@@ -573,9 +579,9 @@ public class TomcatJSS implements SSLSocketListener {
String min_s = sslVersionRange[0];
String max_s = sslVersionRange[1];
logger.fine("Setting SSL version range for " + type + ":");
logger.fine("* min: " + min_s);
logger.fine("* max: " + max_s);
logger.debug("Setting SSL version range for " + type + ":");
logger.debug("* min: " + min_s);
logger.debug("* max: " + max_s);
int min = getSSLVersionRangeEnum(min_s);
int max = getSSLVersionRangeEnum(max_s);
......@@ -616,11 +622,11 @@ public class TomcatJSS implements SSLSocketListener {
public void setSSLCiphers(String attr, String ciphers) throws SocketException, IOException {
if (StringUtils.isEmpty(ciphers)) {
logger.fine("Missing " + attr);
logger.debug("Missing " + attr);
return;
}
logger.fine("Processing " + attr + ":");
logger.debug("Processing " + attr + ":");
StringTokenizer st = new StringTokenizer(ciphers, ", ");
while (st.hasMoreTokens()) {
String cipherStr = st.nextToken();
......@@ -639,8 +645,8 @@ public class TomcatJSS implements SSLSocketListener {
name = cipherStr;
}
logger.fine("* " + name);
logger.fine(" enabled: " + enabled);
logger.debug("* " + name);
logger.debug(" enabled: " + enabled);
int cipherID;
......@@ -649,7 +655,7 @@ public class TomcatJSS implements SSLSocketListener {
try {
cipherID = Integer.parseInt(name.substring(2), 16);
} catch (Exception e) {
logger.severe("Invalid SSL cipher: " + name);
logger.error("Invalid SSL cipher: " + name);
continue;
}
} else {
......@@ -657,26 +663,26 @@ public class TomcatJSS implements SSLSocketListener {
SSLCipher cipher = SSLCipher.valueOf(name);
cipherID = cipher.getID();
} catch (IllegalArgumentException e) {
logger.severe("Unknown SSL cipher: " + name);
logger.error("Unknown SSL cipher: " + name);
continue;
}
}
logger.fine(" ID: 0x" + Integer.toHexString(cipherID));
logger.debug(" ID: 0x" + Integer.toHexString(cipherID));
try {
SSLSocket.setCipherPreferenceDefault(cipherID, enabled);
} catch (Exception e) {
logger.warning("Unable to set SSL cipher preference: " + e);
logger.warn("Unable to set SSL cipher preference: " + e);
SSLCipher cipher = SSLCipher.valueOf(cipherID);
if (cipher != null && cipher.isECC()) {
logger.warning("SSL ECC cipher \""
logger.warn("SSL ECC cipher \""
+ name
+ "\" unsupported by NSS. "
+ "This is probably O.K. unless ECC support has been installed.");
} else {
logger.severe("SSL cipher \"" + name
logger.error("SSL cipher \"" + name
+ "\" unsupported by NSS");
}
}
......@@ -692,15 +698,15 @@ public class TomcatJSS implements SSLSocketListener {
public void setSSLOptions() throws SocketException, IOException {
if (StringUtils.isEmpty(sslOptions)) {
logger.fine("JSSSocketFactory: no sslOptions specified");
logger.debug("JSSSocketFactory: no sslOptions specified");
return;
}
logger.fine("JSSSocketFactory: Processing sslOptions:");
logger.debug("JSSSocketFactory: Processing sslOptions:");
StringTokenizer st = new StringTokenizer(sslOptions, ", ");
while (st.hasMoreTokens()) {
String option = st.nextToken();
logger.fine("JSSSocketFactory: - " + option);
logger.debug("JSSSocketFactory: - " + option);
StringTokenizer st1 = new StringTokenizer(option, "=");
String name = st1.nextToken();
......
src/org/dogtagpki/tomcat/Http11NioProtocol.java
View file @ df2ca6ab
......@@ -4,13 +4,14 @@ import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.logging.Logger;
import org.apache.tomcat.util.net.jss.TomcatJSS;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class Http11NioProtocol extends org.apache.coyote.http11.Http11NioProtocol {
final static Logger logger = Logger.getLogger(Http11NioProtocol.class.getName());
public static Logger logger = LoggerFactory.getLogger(Http11NioProtocol.class);
TomcatJSS tomcatjss = TomcatJSS.getInstance();
......
tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
View file @ df2ca6ab
......@@ -24,18 +24,18 @@ import java.io.FileReader;
import java.io.IOException;
import java.net.Socket;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class JSSImplementation extends SSLImplementation {
final static Logger logger = Logger.getLogger(JSSImplementation.class.getName());
public static Logger logger = LoggerFactory.getLogger(JSSImplementation.class);
static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
......@@ -49,7 +49,7 @@ public class JSSImplementation extends SSLImplementation {
Class<?> factcl = Class.forName(JSSFactory);
factory = (JSSFactory) factcl.newInstance();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error getting factory: " + JSSFactory, e);
logger.error("Error getting factory: " + JSSFactory, e);
}
}
......
tomcat-7.0/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
View file @ df2ca6ab
......@@ -25,7 +25,6 @@ import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.util.Properties;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
......@@ -35,12 +34,14 @@ import javax.net.ssl.TrustManager;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.mozilla.jss.ssl.SSLServerSocket;
import org.mozilla.jss.ssl.SSLSocket;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class JSSSocketFactory implements
org.apache.tomcat.util.net.ServerSocketFactory,
org.apache.tomcat.util.net.SSLUtil {
final static Logger logger = Logger.getLogger(JSSSocketFactory.class.getName());
public static Logger logger = LoggerFactory.getLogger(JSSSocketFactory.class);
TomcatJSS tomcatjss = TomcatJSS.getInstance();
......@@ -165,7 +166,7 @@ public class JSSSocketFactory implements
tomcatjss.init();
} catch (Exception ex) {
logger.severe("JSSSocketFactory: " + ex);
logger.error("JSSSocketFactory: " + ex);
// The idea is, if admin take the trouble to configure the
// ocsp cache, and made a mistake, we want to make server
// unavailable until they get it right
......
tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
View file @ df2ca6ab
......@@ -24,18 +24,18 @@ import java.io.FileReader;
import java.io.IOException;
import java.net.Socket;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class JSSImplementation extends SSLImplementation {
final static Logger logger = Logger.getLogger(JSSImplementation.class.getName());
public static Logger logger = LoggerFactory.getLogger(JSSImplementation.class);
static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
......@@ -49,7 +49,7 @@ public class JSSImplementation extends SSLImplementation {
Class<?> factcl = Class.forName(JSSFactory);
factory = (JSSFactory) factcl.newInstance();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error getting factory: " + JSSFactory, e);
logger.error("Error getting factory: " + JSSFactory, e);
}
}
......
tomcat-8.0/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
View file @ df2ca6ab
......@@ -25,7 +25,6 @@ import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.util.Properties;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
......@@ -35,12 +34,14 @@ import javax.net.ssl.TrustManager;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.mozilla.jss.ssl.SSLServerSocket;
import org.mozilla.jss.ssl.SSLSocket;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class JSSSocketFactory implements
org.apache.tomcat.util.net.ServerSocketFactory,
org.apache.tomcat.util.net.SSLUtil {
final static Logger logger = Logger.getLogger(JSSSocketFactory.class.getName());
public static Logger logger = LoggerFactory.getLogger(JSSSocketFactory.class);
TomcatJSS tomcatjss = TomcatJSS.getInstance();
......@@ -165,7 +166,7 @@ public class JSSSocketFactory implements
tomcatjss.init();
} catch (Exception ex) {
logger.severe("JSSSocketFactory: " + ex);
logger.error("JSSSocketFactory: " + ex);
// The idea is, if admin take the trouble to configure the
// ocsp cache, and made a mistake, we want to make server
// unavailable until they get it right
......
tomcat-8.0/src/org/dogtagpki/tomcat/Http11Protocol.java
View file @ df2ca6ab
......@@ -4,13 +4,14 @@ import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.logging.Logger;
import org.apache.tomcat.util.net.jss.TomcatJSS;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class Http11Protocol extends org.apache.coyote.http11.Http11Protocol {
final static Logger logger = Logger.getLogger(Http11Protocol.class.getName());
public static Logger logger = LoggerFactory.getLogger(Http11Protocol.class);
TomcatJSS tomcatjss = TomcatJSS.getInstance();
......
tomcatjss.spec.in
View file @ df2ca6ab
......@@ -7,22 +7,38 @@ URL: http://www.dogtagpki.org/wiki/TomcatJSS
License: LGPLv2+
BuildArch: noarch
Version: 7.3.0
Release: 1%{?dist}
Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}/tomcatjss-%{version}.tar.gz
Version: 7.3.3
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
# global _phase -a1
# To generate the source tarball:
# $ git clone https://github.com/dogtagpki/tomcatjss.git
# $ cd tomcatjss
# $ git archive \
# --format=tar.gz \
# --prefix tomcatjss-VERSION/ \
# -o tomcatjss-VERSION.tar.gz \
# <version tag>
Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_phase}/tomcatjss-%{version}%{?_phase}.tar.gz
# To create a patch for all changes since a version tag:
# $ git format-patch \
# --stdout \
# <version tag> \
# > tomcatjss-VERSION-RELEASE.patch
# Patch: tomcatjss-VERSION-RELEASE.patch
################################################################################
# Tomcat
################################################################################
%if 0%{?fedora} >= 27 || 0%{?rhel} > 7
%global app_server tomcat-8.5
%if 0%{?rhel} && 0%{?rhel} <= 7
%global app_server tomcat-7.0
%else
%if 0%{?fedora}
%if 0%{?fedora} && 0%{?fedora} <= 27
%global app_server tomcat-8.0
%else
%global app_server tomcat-7.0
%global app_server tomcat-8.5
%endif
%endif
......@@ -33,23 +49,43 @@ Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}/tom
# jpackage-utils requires versioning to meet both build and runtime requirements
# jss requires versioning to meet both build and runtime requirements
# tomcat requires versioning to meet both build and runtime requirements
Conflicts: pki-base < 10.6.0
# autosetup
BuildRequires: git
# Java
BuildRequires: ant
BuildRequires: apache-commons-lang
BuildRequires: java-devel
BuildRequires: jpackage-utils >= 0:1.7.5-15
%if 0%{?fedora}
BuildRequires: jss >= 4.4.2-2
# SLF4J
BuildRequires: slf4j
%if 0%{?rhel} && 0%{?rhel} <= 7
# no slf4j-jdk14
%else
BuildRequires: slf4j-jdk14
%endif
# JSS
%if 0%{?rhel} && 0%{?rhel} <= 7
BuildRequires: jss >= 4.4.0-7
%else
BuildRequires: jss >= 4.5.0-0.4
%endif
%if 0%{?fedora} >= 27 || 0%{?rhel} > 7
BuildRequires: tomcat >= 8.5.23
# Tomcat
%if 0%{?rhel} && 0%{?rhel} <= 7
BuildRequires: tomcat >= 7.0.69
%else
%if 0%{?fedora}
%if 0%{?fedora} && 0%{?fedora} <= 27
BuildRequires: tomcat >= 8.0.49
%else
BuildRequires: tomcat >= 7.0.68
%if 0%{?fedora} && 0%{?fedora} <= 28
BuildRequires: tomcat >= 1:8.5.23
%else
BuildRequires: tomcat >= 1:9.0.7
%endif
%endif
%endif
......@@ -57,6 +93,7 @@ BuildRequires: tomcat >= 7.0.68
# Runtime Dependencies
################################################################################
# Java
Requires: apache-commons-lang
%if 0%{?fedora} >= 21
Requires: java-headless
......@@ -64,19 +101,35 @@ Requires: java-headless
Requires: java
%endif
Requires: jpackage-utils >= 0:1.7.5-15
%if 0%{?fedora}
Requires: jss >= 4.4.2-2
# SLF4J
Requires: slf4j
%if 0%{?rhel} && 0%{?rhel} <= 7
# no slf4j-jdk14
%else
Requires: slf4j-jdk14
%endif
# JSS
%if 0%{?rhel} && 0%{?rhel} <= 7
Requires: jss >= 4.4.0-7
%else
Requires: jss >= 4.5.0-0.4
%endif
%if 0%{?fedora} >= 27 || 0%{?rhel} > 7
Requires: tomcat >= 8.5.23
# Tomcat
%if 0%{?rhel} && 0%{?rhel} <= 7
Requires: tomcat >= 7.0.69
%else
%if 0%{?fedora}
%if 0%{?fedora} && 0%{?fedora} <= 27
Requires: tomcat >= 8.0.49
Conflicts: tomcat >= 1:8.5
%else
Requires: tomcat >= 7.0.68
%if 0%{?fedora} && 0%{?fedora} <= 28
Requires: tomcat >= 1:8.5.23
%else
Requires: tomcat >= 1:9.0.7
%endif
%endif
%endif
......@@ -86,6 +139,10 @@ Requires: tomcat >= 7.0.68
# (see Bugzilla Bug #441974 for details)
Conflicts: tomcat-native
# PKI
Conflicts: pki-base < 10.6.3
%if 0%{?rhel}
# For EPEL, override the '_sharedstatedir' macro on RHEL
%define _sharedstatedir /var/lib
......@@ -105,7 +162,7 @@ NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
%prep
################################################################################
%autosetup -n tomcatjss-%{version} -p 1
%autosetup -n tomcatjss-%{version}%{?_phase} -p 1 -S git
################################################################################
%install
......@@ -130,8 +187,6 @@ ant -f build.xml \
################################################################################
%changelog
################################################################################
* Thu Mar 15 2018 Dogtag PKI Team <pki-devel@redhat.com> 7.3.0-0
- To list changes in <branch> since <tag>:
$ git log --pretty=oneline --abbrev-commit --no-decorate <tag>..<branch>