Drop Tomcat JSS dependency

Tomcat JSS 8.5 has been merged into JSS 5.5 so all references
to Tomcat JSS have been updated accordingly. An upgrade script
has been added to update existing instances.

.classpath

@@ -41,9 +41,9 @@
 	<classpathentry kind="lib" path="/usr/share/java/tomcat/catalina.jar"/>
 	<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-util.jar"/>
 	<classpathentry kind="lib" path="/usr/share/java/commons-io.jar"/>
-	<classpathentry kind="lib" path="/usr/lib/java/jss.jar"/>
-	<classpathentry kind="lib" path="/usr/share/java/tomcatjss-core.jar"/>
-	<classpathentry kind="lib" path="/usr/share/java/tomcatjss-tomcat-9.0.jar"/>
+	<classpathentry kind="lib" path="/usr/share/java/jss/jss.jar"/>
+	<classpathentry kind="lib" path="/usr/share/java/jss/jss-tomcat.jar"/>
+	<classpathentry kind="lib" path="/usr/share/java/jss/jss-tomcat-9.0.jar"/>
 	<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-api.jar"/>
 	<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-util-scan.jar"/>
 	<classpathentry kind="lib" path="/usr/share/java/slf4j/slf4j-api.jar"/>

.github/workflows/server-https-nss-test.yml

@@ -73,7 +73,7 @@ jobs:
               --secure true \
               --sslEnabled true \
               --sslProtocol SSL \
-              --sslImpl org.dogtagpki.tomcat.JSSImplementation \
+              --sslImpl org.dogtagpki.jss.tomcat.JSSImplementation \
               Secure
           docker exec pki pki-server http-connector-cert-add \
               --keyAlias sslserver \

Dockerfile

@@ -59,9 +59,6 @@ ARG BUILD_OPTS
 # Import JSS packages
 COPY --from=quay.io/dogtagpki/jss-dist:latest /root/RPMS /tmp/RPMS/
 
-# Import Tomcat JSS packages
-COPY --from=quay.io/dogtagpki/tomcatjss-dist:latest /root/RPMS /tmp/RPMS/
-
 # Import LDAP SDK packages
 COPY --from=quay.io/dogtagpki/ldapjdk-dist:latest /root/RPMS /tmp/RPMS/
 
@@ -90,9 +87,6 @@ FROM pki-deps AS pki-runner
 # Import JSS packages
 COPY --from=quay.io/dogtagpki/jss-dist:latest /root/RPMS /tmp/RPMS/
 
-# Import Tomcat JSS packages
-COPY --from=quay.io/dogtagpki/tomcatjss-dist:latest /root/RPMS /tmp/RPMS/
-
 # Import LDAP SDK packages
 COPY --from=quay.io/dogtagpki/ldapjdk-dist:latest /root/RPMS /tmp/RPMS/
 
@@ -138,7 +132,7 @@ RUN pki-server http-connector-add -i tomcat@pki \
   --secure true \
   --sslEnabled true \
   --sslProtocol SSL \
-  --sslImpl org.dogtagpki.tomcat.JSSImplementation \
+  --sslImpl org.dogtagpki.jss.tomcat.JSSImplementation \
   Secure
 
 # Configure SSL server certificate

azure-pipelines.yml

@@ -28,7 +28,7 @@ jobs:
 
   - script: |
       docker exec runner dnf install -y dnf-plugins-core rpm-build maven
-      docker exec runner dnf copr enable -y @pki/master
+      docker exec runner dnf copr enable -y ${COPR_REPO:-@pki/master}
       docker exec runner dnf builddep -y --spec /root/src/pki.spec
       docker exec runner dnf install -y dogtag-console-framework
     displayName: Install PKI dependencies
@@ -93,22 +93,27 @@ jobs:
           -Dversion=$JSS_VERSION-SNAPSHOT \
           -Dpackaging=jar \
           -DgeneratePom=true
-    displayName: Install JSS into local Maven repo
 
-  - script: |
-      # get Tomcat JSS <major>.<minor>.<update> version
-      TOMCATJSS_VERSION=$(docker exec runner rpm -q --qf "%{version}" dogtag-tomcatjss)
+      docker exec runner \
+          mvn install:install-file \
+          -f /root/src \
+          -Dfile=/usr/share/java/jss/jss-tomcat.jar \
+          -DgroupId=org.dogtagpki.jss \
+          -DartifactId=jss-tomcat \
+          -Dversion=$JSS_VERSION-SNAPSHOT \
+          -Dpackaging=jar \
+          -DgeneratePom=true
 
       docker exec runner \
           mvn install:install-file \
           -f /root/src \
-          -Dfile=/usr/share/java/tomcatjss/tomcatjss-core.jar \
-          -DgroupId=org.dogtagpki.tomcatjss \
-          -DartifactId=tomcatjss-core \
-          -Dversion=$TOMCATJSS_VERSION-SNAPSHOT \
+          -Dfile=/usr/share/java/jss/jss-tomcat-9.0.jar \
+          -DgroupId=org.dogtagpki.jss \
+          -DartifactId=jss-tomcat-9.0 \
+          -Dversion=$JSS_VERSION-SNAPSHOT \
           -Dpackaging=jar \
           -DgeneratePom=true
-    displayName: Install Tomcat JSS into local Maven repo
+    displayName: Install JSS into local Maven repo
 
   - script: |
       # get LDAP JDK <major>.<minor>.<update> version

base/CMakeLists.txt

@@ -361,18 +361,18 @@ find_file(TOMCAT_UTIL_SCAN_JAR
         /usr/share/java
 )
 
-find_file(TOMCATJSS_CORE_JAR
+find_file(JSS_TOMCAT_JAR
     NAMES
-        tomcatjss-core.jar
+        jss-tomcat.jar
     PATHS
-        /usr/share/java/tomcatjss
+        /usr/share/java/jss
 )
 
-find_file(TOMCATJSS_TOMCAT_9_0_JAR
+find_file(JSS_TOMCAT_9_0_JAR
     NAMES
-        tomcatjss-tomcat-9.0.jar
+        jss-tomcat-9.0.jar
     PATHS
-        /usr/share/java/tomcatjss
+        /usr/share/java/jss
 )
 
 find_file(IDM_CONSOLE_FRAMEWORK_JAR

base/acme/Dockerfile

@@ -68,7 +68,7 @@ RUN pki-server http-connector-add -i tomcat@pki \
   --secure true \
   --sslEnabled true \
   --sslProtocol SSL \
-  --sslImpl org.dogtagpki.tomcat.JSSImplementation \
+  --sslImpl org.dogtagpki.jss.tomcat.JSSImplementation \
   Secure
 
 # Configure SSL server certificate

base/ca/CMakeLists.txt

@@ -17,12 +17,12 @@ javac(pki-ca-classes
         ${COMMONS_NET_JAR}
         ${JACKSON2_CORE_JAR} ${JACKSON2_DATABIND_JAR}
         ${JACKSON2_ANNOTATIONS_JAR}
+        ${TOMCAT_CATALINA_JAR}
         ${JSS_JAR}
         ${LDAPJDK_JAR}
         ${SERVLET_JAR}
-        ${TOMCAT_CATALINA_JAR}
-        ${TOMCATJSS_CORE_JAR}
-        ${TOMCATJSS_TOMCAT_9_0_JAR}
+        ${JSS_TOMCAT_JAR}
+        ${JSS_TOMCAT_9_0_JAR}
         ${JAXRS_API_JAR} ${RESTEASY_JAXRS_JAR}
         ${PKI_COMMON_JAR}
         ${PKI_TOMCAT_JAR}

base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertCreateCLI.java

@@ -16,11 +16,11 @@
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 import org.apache.commons.codec.binary.Hex;
-import org.apache.tomcat.util.net.jss.TomcatJSS;
 import org.dogtag.util.cert.CertUtil;
 import org.dogtagpki.cli.CLI;
 import org.dogtagpki.cli.CLIException;
 import org.dogtagpki.cli.CommandCLI;
+import org.dogtagpki.jss.tomcat.TomcatJSS;
 import org.dogtagpki.server.ca.CAConfig;
 import org.dogtagpki.server.ca.CAEngineConfig;
 import org.dogtagpki.util.logging.PKILogger;

base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertFindCLI.java

@@ -12,9 +12,9 @@
 
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
-import org.apache.tomcat.util.net.jss.TomcatJSS;
 import org.dogtagpki.cli.CLI;
 import org.dogtagpki.cli.CommandCLI;
+import org.dogtagpki.jss.tomcat.TomcatJSS;
 import org.dogtagpki.server.ca.CAConfig;
 import org.dogtagpki.server.ca.CAEngineConfig;
 import org.dogtagpki.util.logging.PKILogger;

base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertImportCLI.java

@@ -13,9 +13,9 @@
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 import org.apache.commons.io.IOUtils;
-import org.apache.tomcat.util.net.jss.TomcatJSS;
 import org.dogtagpki.cli.CLI;
 import org.dogtagpki.cli.CommandCLI;
+import org.dogtagpki.jss.tomcat.TomcatJSS;
 import org.dogtagpki.server.ca.CAEngineConfig;
 import org.dogtagpki.util.logging.PKILogger;
 import org.dogtagpki.util.logging.PKILogger.LogLevel;

base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertRemoveCLI.java

@@ -9,9 +9,9 @@
 import java.security.SecureRandom;
 
 import org.apache.commons.cli.CommandLine;
-import org.apache.tomcat.util.net.jss.TomcatJSS;
 import org.dogtagpki.cli.CLI;
 import org.dogtagpki.cli.CommandCLI;
+import org.dogtagpki.jss.tomcat.TomcatJSS;
 import org.dogtagpki.server.ca.CAEngineConfig;
 import org.dogtagpki.util.logging.PKILogger;
 import org.dogtagpki.util.logging.PKILogger.LogLevel;

base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACertRequestImportCLI.java

@@ -13,10 +13,10 @@
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 import org.apache.commons.io.IOUtils;
-import org.apache.tomcat.util.net.jss.TomcatJSS;
 import org.dogtag.util.cert.CertUtil;
 import org.dogtagpki.cli.CLI;
 import org.dogtagpki.cli.CommandCLI;
+import org.dogtagpki.jss.tomcat.TomcatJSS;
 import org.dogtagpki.server.ca.CAEngineConfig;
 import org.dogtagpki.util.logging.PKILogger;
 import org.dogtagpki.util.logging.PKILogger.LogLevel;

base/ca/src/main/java/org/dogtagpki/server/ca/cli/CAProfileImportCLI.java

@@ -10,9 +10,9 @@
 import java.util.StringTokenizer;
 
 import org.apache.commons.cli.CommandLine;
-import org.apache.tomcat.util.net.jss.TomcatJSS;
 import org.dogtagpki.cli.CLI;
 import org.dogtagpki.cli.CommandCLI;
+import org.dogtagpki.jss.tomcat.TomcatJSS;
 import org.dogtagpki.server.ca.CAEngineConfig;
 import org.dogtagpki.server.ca.ProfileEntryConfig;
 import org.dogtagpki.server.ca.ProfileSubsystemConfig;

base/javadoc/CMakeLists.txt

@@ -81,8 +81,8 @@ javadoc(pki-javadoc
         ${JAVAX_ANNOTATIONS_API_JAR}
         ${RESTEASY_JAXRS_JAR} ${RESTEASY_CLIENT_JAR}
         ${JSS_JAR}
-        ${TOMCATJSS_CORE_JAR}
-        ${TOMCATJSS_TOMCAT_9_0_JAR}
+        ${JSS_TOMCAT_JAR}
+        ${JSS_TOMCAT_9_0_JAR}
         ${PKI_COMMON_JAR}
         ${PKI_TOOLS_JAR}
         ${PKI_JAVADOC_CLASSPATH}

base/ocsp/CMakeLists.txt

@@ -15,9 +15,9 @@ javac(pki-ocsp-classes
         ${SERVLET_JAR}
         ${JAXRS_API_JAR}
         ${JSS_JAR}
+        ${JSS_TOMCAT_JAR}
+        ${JSS_TOMCAT_9_0_JAR}
         ${LDAPJDK_JAR}
-        ${TOMCATJSS_CORE_JAR}
-        ${TOMCATJSS_TOMCAT_9_0_JAR}
         ${PKI_COMMON_JAR}
         ${PKI_SERVER_JAR}
     OUTPUT_DIR

base/ocsp/src/main/java/org/dogtagpki/server/ocsp/cli/OCSPCRLIssuingPointAddCLI.java

@@ -14,9 +14,9 @@
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 import org.apache.commons.io.IOUtils;
-import org.apache.tomcat.util.net.jss.TomcatJSS;
 import org.dogtagpki.cli.CLI;
 import org.dogtagpki.cli.CommandCLI;
+import org.dogtagpki.jss.tomcat.TomcatJSS;
 import org.dogtagpki.server.ocsp.OCSPConfig;
 import org.dogtagpki.server.ocsp.OCSPEngineConfig;
 import org.mozilla.jss.netscape.security.pkcs.PKCS7;

base/ocsp/src/main/java/org/dogtagpki/server/ocsp/cli/OCSPCRLIssuingPointFindCLI.java

@@ -10,9 +10,9 @@
 
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
-import org.apache.tomcat.util.net.jss.TomcatJSS;
 import org.dogtagpki.cli.CLI;
 import org.dogtagpki.cli.CommandCLI;
+import org.dogtagpki.jss.tomcat.TomcatJSS;
 import org.dogtagpki.server.ocsp.OCSPConfig;
 import org.dogtagpki.server.ocsp.OCSPEngineConfig;
 import org.mozilla.jss.netscape.security.x509.X509CertImpl;

base/server/CMakeLists.txt

@@ -13,11 +13,11 @@ javac(pki-server-classes
         ${HTTPCORE_JAR} ${HTTPCLIENT_JAR}
         ${JACKSON2_ANNOTATIONS_JAR} ${JACKSON2_JAXB_ANNOTATIONS_JAR}
         ${JACKSON2_CORE_JAR} ${JACKSON2_DATABIND_JAR}
+        ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_JAR}
         ${JSS_JAR}
+        ${JSS_TOMCAT_JAR}
+        ${JSS_TOMCAT_9_0_JAR}
         ${LDAPJDK_JAR}
-        ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_JAR}
-        ${TOMCATJSS_CORE_JAR}
-        ${TOMCATJSS_TOMCAT_9_0_JAR}
         ${JAVAX_ANNOTATIONS_API_JAR}
         ${JAXRS_API_JAR} ${RESTEASY_JAXRS_JAR}
         ${PKI_COMMON_JAR}
@@ -147,15 +147,15 @@ add_custom_command(
     COMMAND ln -sf ../../../../../..${JAXRS_API_JAR} common/lib/jaxrs-api.jar
     COMMAND ln -sf ../../../../../..${JBOSS_LOGGING_JAR} common/lib/jboss-logging.jar
     COMMAND ln -sf ../../../../../..${JSS_JAR} common/lib/jss.jar
+    COMMAND ln -sf ../../../../../..${JSS_TOMCAT_JAR} common/lib/jss-tomcat.jar
+    COMMAND ln -sf ../../../../../..${JSS_TOMCAT_9_0_JAR} common/lib/jss-tomcat-9.0.jar
     COMMAND ln -sf ../../../../../..${LDAPJDK_JAR} common/lib/ldapjdk.jar
     COMMAND ln -sf ../../../../../..${JAVA_JAR_INSTALL_DIR}/pki/pki-common.jar common/lib/pki-common.jar
     COMMAND ln -sf ../../../../../..${JAVA_JAR_INSTALL_DIR}/pki/pki-tomcat.jar common/lib/pki-tomcat.jar
     COMMAND ln -sf ../../../../../..${JAVA_JAR_INSTALL_DIR}/pki/pki-tomcat-9.0.jar common/lib/pki-tomcat-9.0.jar
     COMMAND ln -sf ../../../../../..${RESTEASY_CLIENT_JAR} common/lib/resteasy-client.jar
     COMMAND ln -sf ../../../../../..${RESTEASY_JACKSON2_PROVIDER_JAR} common/lib/resteasy-jackson2-provider.jar
     COMMAND ln -sf ../../../../../..${RESTEASY_JAXRS_JAR} common/lib/resteasy-jaxrs.jar
-    COMMAND ln -sf ../../../../../..${TOMCATJSS_CORE_JAR} common/lib/tomcatjss-core.jar
-    COMMAND ln -sf ../../../../../..${TOMCATJSS_TOMCAT_9_0_JAR} common/lib/tomcatjss-tomcat-9.0.jar
 )
 
 add_custom_target(pki-server-man ALL

base/server/python/pki/server/cli/http.py

@@ -588,7 +588,7 @@ def execute(self, argv):
 
             connector.set(
                 'sslImplementationName',
-                'org.apache.tomcat.util.net.jss.JSSImplementation')
+                'org.dogtagpki.jss.tomcat.JSSImplementation')
 
             connector.attrib.pop('keystoreType', None)
             connector.attrib.pop('keystoreFile', None)
@@ -599,15 +599,15 @@ def execute(self, argv):
 
             HTTPConnectorCLI.set_param(connector, 'certdbDir', nss_database_dir)
             HTTPConnectorCLI.set_param(connector, 'passwordClass',
-                                       'org.apache.tomcat.util.net.jss.PlainPasswordFile')
+                                       'org.dogtagpki.jss.tomcat.PlainPasswordFile')
             HTTPConnectorCLI.set_param(connector, 'passwordFile', nss_password_file)
             HTTPConnectorCLI.set_param(connector, 'serverCertNickFile', server_cert_nickname_file)
 
         elif connector_type == 'JSSE':
 
             connector.set(
                 'protocol',
-                'org.dogtagpki.tomcat.Http11NioProtocol')
+                'org.dogtagpki.jss.tomcat.Http11NioProtocol')
 
             connector.attrib.pop('sslImplementationName', None)
 
@@ -621,7 +621,7 @@ def execute(self, argv):
 
             HTTPConnectorCLI.set_param(connector, 'certdbDir', nss_database_dir)
             HTTPConnectorCLI.set_param(connector, 'passwordClass',
-                                       'org.apache.tomcat.util.net.jss.PlainPasswordFile')
+                                       'org.dogtagpki.jss.tomcat.PlainPasswordFile')
             HTTPConnectorCLI.set_param(connector, 'passwordFile', nss_password_file)
             HTTPConnectorCLI.set_param(connector, 'serverCertNickFile', server_cert_nickname_file)
 

base/server/python/pki/server/cli/jss.py

@@ -98,7 +98,7 @@ def execute(self, argv):
         instance.store_jss_config(jss_config)
 
         server_config = instance.get_server_config()
-        server_config.create_listener('org.dogtagpki.tomcat.JSSListener')
+        server_config.create_listener('org.dogtagpki.jss.tomcat.JSSListener')
         server_config.save()
 
 
@@ -156,5 +156,5 @@ def execute(self, argv):
             sys.exit(1)
 
         server_config = instance.get_server_config()
-        server_config.remove_listener('org.dogtagpki.tomcat.JSSListener')
+        server_config.remove_listener('org.dogtagpki.jss.tomcat.JSSListener')
         server_config.save()

base/server/python/pki/server/cli/nuxwdog.py

@@ -226,7 +226,7 @@ def __init__(self):
             'com.netscape.cms.tomcat.PKIListener'
         )
         self.plain_pwstore_class = (
-            'org.apache.tomcat.util.net.jss.PlainPasswordFile'
+            'org.dogtagpki.jss.tomcat.PlainPasswordFile'
         )
         super().__init__('disable', 'Disable nuxwdog')
 

base/server/python/pki/server/deployment/__init__.py

@@ -305,9 +305,9 @@ def create_server_xml(self, instance):
         logger.info('Adding HTTPS connector')
         connector = server_config.create_connector(name='Secure', index=index)
         connector.set('port', self.mdict['pki_https_port'])
-        connector.set('protocol', 'org.dogtagpki.tomcat.Http11NioProtocol')
+        connector.set('protocol', 'org.dogtagpki.jss.tomcat.Http11NioProtocol')
         connector.set('SSLEnabled', 'true')
-        connector.set('sslImplementationName', 'org.dogtagpki.tomcat.JSSImplementation')
+        connector.set('sslImplementationName', 'org.dogtagpki.jss.tomcat.JSSImplementation')
         connector.set('scheme', 'https')
         connector.set('secure', 'true')
         connector.set('connectionTimeout', '80000')
@@ -329,7 +329,7 @@ def create_server_xml(self, instance):
         connector.set('ocspMaxCacheEntryDuration', '14400')
         connector.set('ocspTimeout', '10')
         connector.set('passwordFile', instance.password_conf)
-        connector.set('passwordClass', 'org.apache.tomcat.util.net.jss.PlainPasswordFile')
+        connector.set('passwordClass', 'org.dogtagpki.jss.tomcat.PlainPasswordFile')
         connector.set('certdbDir', instance.nssdb_dir)
 
         logger.info('Adding SSL host configuration')

base/server/python/pki/server/instance.py

@@ -343,9 +343,9 @@ def create_libs(self, force=False):
         # install PKI libraries in common/lib
         for filename in [
                 'jss.jar',
+                'jss-tomcat.jar',
+                'jss-tomcat-9.0.jar',
                 'ldapjdk.jar',
-                'tomcatjss-core.jar',
-                'tomcatjss-tomcat-9.0.jar',
                 'pki-common.jar',
                 'pki-tomcat.jar',
                 'pki-tomcat-9.0.jar']:

base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java

@@ -38,8 +38,8 @@
 import javax.servlet.http.HttpServlet;
 
 import org.apache.commons.lang3.StringUtils;
-import org.apache.tomcat.util.net.jss.TomcatJSS;
 import org.dogtag.util.cert.CertUtil;
+import org.dogtagpki.jss.tomcat.TomcatJSS;
 import org.dogtagpki.server.PKIClientSocketListener;
 import org.dogtagpki.server.PKIServerSocketListener;
 import org.dogtagpki.server.authentication.AuthenticationConfig;