Endi S. Dewata · Dinesh Prasanth M K · Jack Magne · Alexander Scheel · a84bdfcc · a84bdfcc
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,7 +20,7 @@ install:
      registry.fedoraproject.org/fedora:$FEDORA
  - docker exec container dnf install -y dnf-plugins-core gcc make rpm-build
  - docker exec container dnf copr -y enable ${TOMCATJSS_7_3_REPO:-@pki/10.6}
-  - docker exec container dnf builddep -y --spec /root/tomcatjss/tomcatjss.spec.in
+  - docker exec container dnf builddep -y --spec /root/tomcatjss/tomcatjss.spec
  - docker exec container dnf remove -y tomcat-native
  - docker exec container /root/tomcatjss/build.sh --with-timestamp --with-commit-id rpm


--- a/build.sh
+++ b/build.sh
@@ -202,7 +202,7 @@ if [ "$BUILD_TARGET" != "src" ] &&
    exit 1
 fi

-SPEC_TEMPLATE="$SRC_DIR/$NAME.spec.in"
+SPEC_TEMPLATE="$SRC_DIR/$NAME.spec"
 VERSION="`rpmspec -P "$SPEC_TEMPLATE" | grep "^Version:" | awk '{print $2;}'`"

 if [ "$DEBUG" = true ] ; then

--- a/src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
+++ b/src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
@@ -19,27 +19,96 @@

 package org.apache.tomcat.util.net.jss;

+import java.io.BufferedReader;
+import java.io.BufferedWriter;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
 import java.util.Enumeration;
 import java.util.Properties;

 public class PlainPasswordFile implements IPasswordStore {
    private String mPwdPath = "";
    private Properties mPwdStore;
-    private static final String PASSWORD_WRITER_HEADER = "";
+    private static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(PlainPasswordFile.class);

    public PlainPasswordFile() {
+        mPwdStore = new Properties();
    }

+    /**
+     * Initialization method to read passwords(key and element pairs) from a file.
+     * <p>
+     * Every property occupies one line of the input stream. Each line is terminated by a line terminator (
+     * <code>\n</code> or <code>\r</code> or <code>\r\n</code>). Lines are processed until end of
+     * file is reached.
+     * <p>
+     * A line that contains only whitespace or whose first non-whitespace character is an ASCII <code>#</code>
+     * is ignored (thus, <code>#</code> indicates comment line).
+     * <p>
+     * Every line other than a blank line or a comment line describes one property to be added to the table.
+     * The characters before the delimiter <code>=</code> forms the <code>key</code> and the characters after
+     * the <code>=</code> is assigned as <code>value</code> to the key.
+     * <p>
+     * As an example, each of the following lines specify the key <code>"Truth"</code> and the associated element
+     * value <code>"Beauty"</code>:
+     * <p>
+     *
+     * <pre>
+     * Truth = Beauty
+     * Truth= Beauty
+     * Truth                    =Beauty
+     * </pre>
+     *
+     * <p>
+     * Note that the space appearing before/after <code>=</code> is ignored. However, the space appearing in between are
+     * stored.
+     * <p>
+     * Example:
+     *
+     * <pre>
+     * Welcome Message  = Hello World
+     * </pre>
+     *
+     * assigns value <code>Hello World</code> to key <code>Welcome Message</code>
+     * <p>
+     *
+     * If the line doesn't have the delimiter <code>=</code>, the method throws an IOException
+     *
+     * @param pwdPath the input file path.
+     * @exception IOException if an error occurred when reading from the
+     *                input stream.
+     */
    public void init(String pwdPath) throws IOException {
-        mPwdStore = new Properties();
+        logger.debug("PlainPasswordFile: Initializing PlainPasswordFile");
        // initialize mPwdStore
        mPwdPath = pwdPath;

-        FileInputStream file = new FileInputStream(mPwdPath);
-        mPwdStore.load(file);
+        try (FileInputStream file = new FileInputStream(mPwdPath);
+                InputStreamReader isr = new InputStreamReader(file);
+                BufferedReader br = new BufferedReader(isr)) {
+
+            String line;
+            int index = 1;
+            while ((line = br.readLine()) != null) {
+                // Remove any leading or trailing spaces
+                line = line.trim();
+
+                if (line.startsWith("#") || line.isEmpty())
+                    continue;
+
+                String[] parts = line.split("=", 2);
+                if (parts.length < 2) {
+                    throw new IOException("Missing delimiter '=' in file " + mPwdPath + " in line " + index);
+                }
+
+                // Load key value into the password store
+                mPwdStore.put(parts[0].trim(), parts[1].trim());
+                index++;
+            }
+        }
    }

    public String getPassword(String tag) {
@@ -60,9 +129,22 @@ public class PlainPasswordFile implements IPasswordStore {
        return mPwdStore.setProperty(tag, password);
    }

-    public void commit() throws IOException, ClassCastException,
-            NullPointerException {
-        FileOutputStream file = new FileOutputStream(mPwdPath);
-        mPwdStore.store(file, PASSWORD_WRITER_HEADER);
+    public synchronized void commit()
+            throws IOException, ClassCastException, NullPointerException {
+        try (FileOutputStream file = new FileOutputStream(mPwdPath);
+                OutputStreamWriter osw = new OutputStreamWriter(file);
+                BufferedWriter bw = new BufferedWriter(osw)) {
+
+            for (Enumeration<?> e = mPwdStore.keys(); e.hasMoreElements();) {
+                String key = ((String) e.nextElement()).trim();
+                String val = ((String) mPwdStore.get(key)).trim();
+                bw.write(key + "=" + val);
+                bw.newLine();
+            }
+        }
+    }
+
+    public int getSize() {
+        return mPwdStore.size();
    }
 }
--- a/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
+++ b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
@@ -500,13 +500,24 @@ public class TomcatJSS implements SSLSocketListener {
        }

        logger.debug("ocspResponderURL: " + ocspResponderURL);
+ 
        if (StringUtils.isEmpty(ocspResponderURL)) {
-            throw new Exception("Missing ocspResponderURL");
+            ocspResponderURL = null;
        }

        logger.debug("ocspResponderCertNickname: " + ocspResponderCertNickname);
        if (StringUtils.isEmpty(ocspResponderCertNickname)) {
-            throw new Exception("Missing ocspResponderCertNickname");
+            ocspResponderCertNickname = null;
+        }
+
+        // Check to see if the ocsp url and nickname are both set or not set
+
+        if (ocspResponderURL == null && ocspResponderCertNickname != null) {
+            throw new Exception("Missing OCSP responder URL");
+        }
+
+        if (ocspResponderURL != null && ocspResponderCertNickname == null) {
+            throw new Exception("Missing OCSP responder certificate nickname");
        }

        manager.configureOCSP(

--- a/tomcatjss.spec.in
+++ b/tomcatjss.spec.in
@@ -7,7 +7,7 @@ URL:              http://www.dogtagpki.org/wiki/TomcatJSS
 License:          LGPLv2+
 BuildArch:        noarch

-Version:          7.3.4
+Version:          7.3.6
 Release:          1%{?_timestamp}%{?_commit_id}%{?dist}
 # global           _phase -a1

@@ -57,7 +57,7 @@ BuildRequires:    slf4j-jdk14
 %if 0%{?rhel} && 0%{?rhel} <= 7
 BuildRequires:    jss >= 4.4.0-7
 %else
-BuildRequires:    jss >= 4.5.0-0.6
+BuildRequires:    jss >= 4.5.0-1
 %endif

 # Tomcat
@@ -100,7 +100,7 @@ Requires:         slf4j-jdk14
 %if 0%{?rhel} && 0%{?rhel} <= 7
 Requires:         jss >= 4.4.0-7
 %else
-Requires:         jss >= 4.5.0-0.6
+Requires:         jss >= 4.5.0-1
 %endif

 # Tomcat