Revision: 24931
http://sourceforge.net/p/gar/code/24931
Author: cgrzemba
Date: 2015-05-05 09:47:33 +0000 (Tue, 05 May 2015)
Log Message:
-----------
lang-java/jss/branches/fromfedora: take source from fedora srcrpm
Modified Paths:
--------------
csw/mgar/pkg/lang-java/jss/branches/fromfedora/Makefile
csw/mgar/pkg/lang-java/jss/branches/fromfedora/checksums
Added Paths:
-----------
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0001-jss-ECC-pop.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0002-jss-eliminate-native-coverity-defects.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0003-jss-undo-BadPaddingException-deprecation.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0004-jss-fixed-build-issue-on-F17-or-newer.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0005-jss-key_pair_usage_with_op_flags.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0006-jss-loadlibrary.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0007-jss-javadocs-param.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0008-jss-ipv6.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0009-jss-ocspSettings.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0010-jss-ECC_keygen_byCurveName.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0011-jss-VerifyCertificate.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0012-jss-bad-error-string-pointer.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0013-jss-VerifyCertificateReturnCU.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0014-jss-ECC-HSM-FIPS.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0015-jss-eliminate-java-compiler-warnings.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0016-jss-eliminate-native-compiler-warnings.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0017-jss-PKCS12-FIPS.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0018-jss-PBE-PKCS5-V2-secure-P12.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0019-jss-wrapInToken.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0020-jss-HSM-manufacturerID.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0021-jss-ECC-Phase2KeyArchivalRecovery.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0022-jss-undo-JCA-deprecations.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0023-jss-SHA-OID-fix.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0024-jss-RC4-strengh-verify.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0025-jss-support-TLS1_1-TLS1_2.patch
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/jss-4.2.6.tar.gz
Modified: csw/mgar/pkg/lang-java/jss/branches/fromfedora/Makefile
===================================================================
--- csw/mgar/pkg/lang-java/jss/branches/fromfedora/Makefile 2015-05-05
08:38:18 UTC (rev 24930)
+++ csw/mgar/pkg/lang-java/jss/branches/fromfedora/Makefile 2015-05-05
09:47:33 UTC (rev 24931)
@@ -4,7 +4,7 @@
NAME = jss
MAJOR_VERSION = 4
FULLVERSION = 4.3.2
-VERSION = 4
+VERSION = 4.2.6
GARTYPE = v2
CATEGORIES = java
@@ -16,39 +16,99 @@
NSS is the cryptographic module where all cryptographic operations are
performed. JSS essentially provides a Java JNI bridge to NSS C shared
libraries. When NSS is put in FIPS mode, JSS ensures FIPS compliance by
ensuring that all cryptographic operations are performed by the NSS
cryptographic module.
-https://developer.mozilla.org/En/JSS
endef
+VENDOR_URL=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/JSS
+GARFLAVOR = OPT
+BUILD64 = 1
-
-MASTER_SITES =
http://ftp.mozilla.org/pub/mozilla.org/mozilla.org/mozilla.org/mozilla.org/security/jss/releases/JSS_4_3_2_RTM
-DISTFILES = $(NAME)$(MAJOR_VERSION).jar
+# MASTER_SITES =
http://ftp.mozilla.org/pub/mozilla.org/mozilla.org/mozilla.org/mozilla.org/security/jss/releases/JSS_4_3_2_RTM/
+# DISTFILES = $(NAME)$(MAJOR_VERSION).jar
DISTFILES += COPYING
+DISTFILES += $(DISTNAME).tar.gz
PACKAGES = CSWjss4
PACKAGING_PLATFORMS += solaris10-sparc
PACKAGING_PLATFORMS += solaris10-i386
+PATCHFILES += 0005-jss-key_pair_usage_with_op_flags.patch
+PATCHFILES += 0007-jss-javadocs-param.patch
+PATCHFILES += 0008-jss-ipv6.patch
+PATCHFILES += 0001-jss-ECC-pop.patch
+PATCHFILES += 0006-jss-loadlibrary.patch
+PATCHFILES += 0009-jss-ocspSettings.patch
+PATCHFILES += 0010-jss-ECC_keygen_byCurveName.patch
+PATCHFILES += 0011-jss-VerifyCertificate.patch
+PATCHFILES += 0012-jss-bad-error-string-pointer.patch
+PATCHFILES += 0013-jss-VerifyCertificateReturnCU.patch
+PATCHFILES += 0014-jss-ECC-HSM-FIPS.patch
+PATCHFILES += 0016-jss-eliminate-native-compiler-warnings.patch
+PATCHFILES += 0015-jss-eliminate-java-compiler-warnings.patch
+PATCHFILES += 0017-jss-PKCS12-FIPS.patch
+PATCHFILES += 0002-jss-eliminate-native-coverity-defects.patch
+PATCHFILES += 0018-jss-PBE-PKCS5-V2-secure-P12.patch
+PATCHFILES += 0019-jss-wrapInToken.patch
+PATCHFILES += 0020-jss-HSM-manufacturerID.patch
+PATCHFILES += 0021-jss-ECC-Phase2KeyArchivalRecovery.patch
+PATCHFILES += 0022-jss-undo-JCA-deprecations.patch
+PATCHFILES += 0003-jss-undo-BadPaddingException-deprecation.patch
+PATCHFILES += 0004-jss-fixed-build-issue-on-F17-or-newer.patch
+PATCHFILES += 0023-jss-SHA-OID-fix.patch
+PATCHFILES += 0024-jss-RC4-strengh-verify.patch
+PATCHFILES += 0025-jss-support-TLS1_1-TLS1_2.patch
-ARCHALL = 1
-
+PACKAGES = CSWjss4
CATALOGNAME_CSWjss4 = jss4
+SPKG_DESC_CSWjss4 += $(DESCRIPTION), jss4.jar, libjss4.so
+PACKAGES = CSWjss4-doc
+CATALOGNAME_CSWjss4-doc = jss4_doc
+PKGFILES_CSWjss4-doc = $(PKGFILES_DOC)
+SPKG_DESC_CSWjss4-doc += $(DESCRIPTION), javadoc
+ARCHALL_CSWjss4-doc = 1
+
WORKSRC = $(WORKDIR)
DISTDIR = mozilla/security/jss
LICENSE = COPYING
-# JAVA_HOME = /usr/j2sdk1.4.2_17
+OBJ_PATH = $(shell uname -s)$(GAROSREL)_$(shell uname -m)_$(GARFLAVOR).OBJ
-CONFIGURE_SCRIPTS =
-BUILD_SCRIPTS =
+CONFIGURE_ARGS_OPT += BUILD_OPT=1
+CONFIGURE_ARGS += NSPR_INCLUDE_DIR=$(shell pkg-config --cflags-only-I nspr |
sed 's/-I//')
+CONFIGURE_ARGS += NSPR_LIB_DIR=$(shell pkg-config --libs-only-L nspr | sed
's/-L//')
+CONFIGURE_ARGS += NSS_INCLUDE_DIR=$(shell pkg-config --cflags-only-I nss | sed
's/-I//')
+CONFIGURE_ARGS += NSS_LIB_DIR=$(shell pkg-config --libs-only-L nss | sed
's/-L//')
+CONFIGURE_ARGS += JAVA_HOME=/usr/java
+CONFIGURE_ARGS_64 += USE_64
+CONFIGURE_ARGS += $(CONFIGURE_ARGS_$(MEMORYMODEL_$(BUILD_ISAS)))
+CONFIGURE_ARGS += $(CONFIGURE_ARGS_$(GARFLAVOR))
+
+CONFIGURE_SCRIPTS =
+BUILD_SCRIPTS = jss
TEST_SCRIPTS =
+
INSTALL_SCRIPTS = custom
+JAVA_INSTALL_DIR = $(DESTDIR)$(datadir)/java/$(MM_LIBDIR)
+EXTRA_INSTALL_ENV = PATH=$(PATH):/opt/csw/gnu
include gar/category.mk
+build-jss:
+ (cd $(WORKSRC) && \
+ gmake -C mozilla/security/coreconf $(CONFIGURE_ARGS) && \
+ gmake -C mozilla/security/jss $(CONFIGURE_ARGS) && \
+ gmake -C mozilla/security/jss javadoc $(CONFIGURE_ARGS) )
+ @$(MAKECOOKIE)
+
install-custom:
- @ginstall -d $(DESTDIR)$(datadir)/java
- @gcp -fp $(WORKSRC)/$(CATALOGNAME_CSWjss4).jar $(DESTDIR)$(datadir)/java
+ (cd $(WORKSRC) && $(EXTRA_INSTALL_ENV) gmake -C mozilla/security/jss
install $(CONFIGURE_ARGS))
+ ginstall -d $(JAVA_INSTALL_DIR)
+ ginstall -d $(DESTDIR)$(libdir)
+ (cd $(WORKSRC)/mozilla/dist && \
+ ginstall $(OBJ_PATH)/lib/libjss4.so $(DESTDIR)/$(libdir) && \
+ ginstall xpclass.jar $(JAVA_INSTALL_DIR)/jss4.jar && \
+ gcp -r jssdoc $(DESTDIR)/$(datadir))
@$(MAKECOOKIE)
+WORKSRC := $(WORKDIR)/$(DISTNAME)
+DISTNAME := $(NAME)-$(VERSION)
Modified: csw/mgar/pkg/lang-java/jss/branches/fromfedora/checksums
===================================================================
--- csw/mgar/pkg/lang-java/jss/branches/fromfedora/checksums 2015-05-05
08:38:18 UTC (rev 24930)
+++ csw/mgar/pkg/lang-java/jss/branches/fromfedora/checksums 2015-05-05
09:47:33 UTC (rev 24931)
@@ -1 +0,0 @@
-cd4b98830955491929d55ad0d7140fb7 jss4.jar
Added:
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0001-jss-ECC-pop.patch
===================================================================
--- csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0001-jss-ECC-pop.patch
(rev 0)
+++ csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0001-jss-ECC-pop.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,29 @@
+diff -rupN
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java
jss-4.2.6.cfu/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java
2004-04-25 08:02:26.000000000 -0700
++++
jss-4.2.6.cfu/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java
2009-07-27 13:38:38.197422000 -0700
+@@ -130,6 +130,16 @@ public class CertReqMsg implements ASN1V
+ ///////////////////////////////////////////////////////////////////////
+
+ public void verify() throws SignatureException,
++ InvalidKeyFormatException, NoSuchAlgorithmException,
++ org.mozilla.jss.CryptoManager.NotInitializedException,
++ TokenException, java.security.InvalidKeyException, IOException{
++
++ CryptoToken token = CryptoManager.getInstance()
++ .getInternalCryptoToken();
++ verify(token);
++ }
++
++ public void verify(CryptoToken token) throws SignatureException,
+ InvalidKeyFormatException, NoSuchAlgorithmException,
+ org.mozilla.jss.CryptoManager.NotInitializedException,
+ TokenException, java.security.InvalidKeyException, IOException{
+@@ -149,8 +159,6 @@ public class CertReqMsg implements ASN1V
+ pubkey = (PublicKey) spi.toPublicKey();
+ }
+
+- CryptoToken token = CryptoManager.getInstance()
+- .getInternalCryptoToken();
+ SignatureAlgorithm sigAlg =
+ SignatureAlgorithm.fromOID(alg.getOID());
+ Signature sig = token.getSignatureContext(sigAlg);
Added:
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0002-jss-eliminate-native-coverity-defects.patch
===================================================================
---
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0002-jss-eliminate-native-coverity-defects.patch
(rev 0)
+++
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0002-jss-eliminate-native-coverity-defects.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,253 @@
+diff -rupN jss-4.2.6.orig/mozilla/security/coreconf/nsinstall/pathsub.c
jss-4.2.6/mozilla/security/coreconf/nsinstall/pathsub.c
+--- jss-4.2.6.orig/mozilla/security/coreconf/nsinstall/pathsub.c
2004-04-25 08:02:18.000000000 -0700
++++ jss-4.2.6/mozilla/security/coreconf/nsinstall/pathsub.c 2011-09-17
18:37:39.875900000 -0700
+@@ -275,9 +275,11 @@ diagnosePath(const char * path)
+ rv = readlink(myPath, buf, sizeof buf);
+ if (rv < 0) {
+ perror("readlink");
+- buf[0] = 0;
+- } else {
++ buf[0] = 0;
++ } else if ( rv < BUFSIZ ) {
+ buf[rv] = 0;
++ } else {
++ buf[BUFSIZ-1] = 0;
+ }
+ fprintf(stderr, "%s is a link to %s\n", myPath, buf);
+ } else if (S_ISDIR(sb.st_mode)) {
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
2011-09-17 17:33:08.823975000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
2011-09-17 20:09:35.446977000 -0700
+@@ -728,14 +728,14 @@ getPWFromCallback(PK11SlotInfo *slot, PR
+ }
+
+ finish:
+- if( (exception=(*env)->ExceptionOccurred(env)) != NULL) {
+ #ifdef DEBUG
++ if( (exception=(*env)->ExceptionOccurred(env)) != NULL) {
+ jclass giveupClass;
+ jmethodID printStackTrace;
+ jclass excepClass;
+-#endif
++
+ (*env)->ExceptionClear(env);
+-#ifdef DEBUG
++
+ giveupClass = (*env)->FindClass(env, GIVE_UP_EXCEPTION);
+ PR_ASSERT(giveupClass != NULL);
+ if( ! (*env)->IsInstanceOf(env, exception, giveupClass) ) {
+@@ -746,8 +746,12 @@ finish:
+ PR_ASSERT( PR_FALSE );
+ }
+ PR_ASSERT(returnchars==NULL);
+-#endif
+ }
++#else
++ if( ((*env)->ExceptionOccurred(env)) != NULL) {
++ (*env)->ExceptionClear(env);
++ }
++#endif
+ return returnchars;
+ }
+
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/PK11Finder.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/PK11Finder.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/PK11Finder.c
2011-09-17 17:33:08.834976000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/PK11Finder.c
2011-09-19 16:51:46.438021000 -0700
+@@ -768,6 +768,10 @@ static int find_leaf_cert(
+ int *linked = NULL;
+
+ linked = PR_Malloc( sizeof(int) * numCerts );
++ if (linked == NULL) {
++ status = 0;
++ goto finish;
++ }
+
+ /* initialize the bitmap */
+ for (i = 0; i < numCerts; i++) {
+@@ -1735,7 +1739,7 @@ Java_org_mozilla_jss_CryptoManager_verif
+ {
+ SECStatus rv = SECFailure;
+ SECCertUsage certUsage;
+- SECItem *derCerts[2];
++ SECItem *derCerts[2] = { NULL, NULL };
+ CERTCertificate **certArray = NULL;
+ CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
+
+@@ -1749,7 +1753,6 @@ Java_org_mozilla_jss_CryptoManager_verif
+ }
+ PR_ASSERT(certdb != NULL);
+
+- derCerts[0] = NULL;
+ derCerts[0] = JSS_ByteArrayToSECItem(env, packageArray);
+ derCerts[1] = NULL;
+
+diff -rupN
jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c
2011-09-17 17:33:08.708976000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c
2011-09-17 19:37:52.834292000 -0700
+@@ -235,7 +235,7 @@ static PRStatus
+ getAlgInfo(JNIEnv *env, jobject alg, JSS_AlgInfo *info)
+ {
+ jint index;
+- PRStatus status;
++ PRStatus status = PR_FAILURE;
+
+ PR_ASSERT(env!=NULL && alg!=NULL && info!=NULL);
+
+diff -rupN
jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c
+---
jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c
2011-09-17 17:33:08.970975000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c
2011-09-17 19:47:21.850722000 -0700
+@@ -181,7 +181,7 @@ Java_org_mozilla_jss_pkcs11_PK11MessageD
+ PK11Context *context=NULL;
+ jbyte *bytes=NULL;
+ SECStatus status;
+- unsigned int outLen;
++ unsigned int outLen = 0;
+
+ if( JSS_PK11_getCipherContext(env, proxyObj, &context) != PR_SUCCESS) {
+ /* exception was thrown */
+diff -rupN
jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
2011-09-17 17:33:09.013977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
2011-09-17 18:16:40.231161000 -0700
+@@ -273,6 +273,7 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_g
+ break;
+ case keaKey:
+ keyTypeFieldName = KEA_KEYTYPE_FIELD;
++ break;
+ default:
+ PR_ASSERT(PR_FALSE);
+ keyTypeFieldName = NULL_KEYTYPE_FIELD;
+diff -rupN
jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c
2011-09-17 17:33:09.032977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c
2011-09-17 19:48:57.776628000 -0700
+@@ -390,12 +390,6 @@ importPrivateKey
+ SECStatus status;
+ SECItem nickname;
+
+- keyType = JSS_PK11_getKeyType(env, keyTypeObj);
+- if( keyType == nullKey ) {
+- /* exception was thrown */
+- goto finish;
+- }
+-
+ /*
+ * initialize so we can goto finish
+ */
+@@ -403,6 +397,12 @@ importPrivateKey
+ derPK.len = 0;
+
+
++ keyType = JSS_PK11_getKeyType(env, keyTypeObj);
++ if( keyType == nullKey ) {
++ /* exception was thrown */
++ goto finish;
++ }
++
+ PR_ASSERT(env!=NULL && this!=NULL);
+
+ if(keyArray == NULL) {
+diff -rupN
jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c
2011-09-17 17:33:09.050976000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c
2011-09-17 19:53:46.184339000 -0700
+@@ -962,12 +962,12 @@ JNIEXPORT jstring JNICALL Java_org_mozil
+ {
+ PK11SlotInfo *slot;
+ const char* c_subject=NULL;
+- jboolean isCopy;
++ jboolean isCopy = JNI_FALSE;
+ unsigned char *b64request=NULL;
+ SECItem p, q, g;
+ PQGParams *dsaParams=NULL;
+ const char* c_keyType;
+- jboolean k_isCopy;
++ jboolean k_isCopy = JNI_FALSE;
+ SECOidTag signType = SEC_OID_UNKNOWN;
+ PK11RSAGenParams rsaParams;
+ void *params = NULL;
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
2011-09-17 17:33:09.073977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
2011-09-17 19:56:20.428184000 -0700
+@@ -516,11 +516,6 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+ goto finish;
+ }
+
+- if( addrBAelems == NULL ) {
+- ASSERT_OUTOFMEM(env);
+- goto finish;
+- }
+-
+ if(addrBALen != 4 && addrBALen != 16) {
+ JSSL_throwSSLSocketException(env, "Invalid address in connect!");
+ goto finish;
+@@ -720,7 +715,7 @@ Java_org_mozilla_jss_ssl_SSLSocket_getCi
+ {
+ JSSL_SocketData *sock=NULL;
+ SECStatus status;
+- PRBool enabled;
++ PRBool enabled = PR_FAILURE;
+
+ /* get the fd */
+ if( JSSL_getSockData(env, sockObj, &sock) != PR_SUCCESS) {
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c
2004-09-03 11:32:03.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c
2011-09-17 18:15:07.825252000 -0700
+@@ -684,17 +684,13 @@ JSSL_ConfirmExpiredPeerCert(void *arg, P
+ * Now check the name field in the cert against the desired hostname.
+ * NB: This is our only defense against Man-In-The-Middle (MITM)
attacks!
+ */
+- if( peerCert == NULL ) {
+- rv = SECFailure;
++ char* hostname = NULL;
++ hostname = SSL_RevealURL(fd); /* really is a hostname, not a URL */
++ if (hostname && hostname[0]) {
++ rv = CERT_VerifyCertName(peerCert, hostname);
++ PORT_Free(hostname);
+ } else {
+- char* hostname = NULL;
+- hostname = SSL_RevealURL(fd); /* really is a hostname, not a URL
*/
+- if (hostname && hostname[0]) {
+- rv = CERT_VerifyCertName(peerCert, hostname);
+- PORT_Free(hostname);
+- } else {
+- rv = SECFailure;
+- }
++ rv = SECFailure;
+ }
+ }
+
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
2011-09-17 17:33:09.094977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
2011-09-17 19:16:38.546566000 -0700
+@@ -95,6 +95,10 @@ writebuf(JNIEnv *env, PRFileDesc *fd, jo
+ jint arrayLen=-1;
+ PRInt32 retval;
+
++ if( env == NULL ) {
++ goto finish;
++ }
++
+ /*
+ * get the OutputStream
+ */
+diff -rupN
jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c
2002-07-03 17:25:46.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c
2011-09-18 23:02:28.130883000 -0700
+@@ -427,6 +427,7 @@ JSS_ConvertNativeErrcodeToJava(PRErrorCo
+ #endif
+
+ key.native = nativeErrcode;
++ key.java = -1;
+ target = bsearch( &key, errcodeTable, numErrcodes, sizeof(Errcode),
+ errcodeCompare );
+
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/jssutil.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/jssutil.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/jssutil.c
2011-09-17 17:33:09.103977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/jssutil.c
2011-09-19 16:38:19.428634000 -0700
+@@ -529,7 +529,7 @@ JSS_wipeCharArray(char* array)
+ */
+ static char* getPWFromConsole()
+ {
+- char c;
++ int c;
+ char *ret;
+ int i;
+ char buf[200]; /* no buffer overflow: we bail after 200 chars */
Added:
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0003-jss-undo-BadPaddingException-deprecation.patch
===================================================================
---
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0003-jss-undo-BadPaddingException-deprecation.patch
(rev 0)
+++
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0003-jss-undo-BadPaddingException-deprecation.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,13 @@
+diff -rupN
jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/BadPaddingException.java
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/BadPaddingException.java
+---
jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/BadPaddingException.java
2004-04-25 08:02:21.000000000 -0700
++++
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/BadPaddingException.java
2012-03-30 16:17:30.748371000 -0700
+@@ -35,9 +35,6 @@
+ * ***** END LICENSE BLOCK ***** */
+ package org.mozilla.jss.crypto;
+
+-/**
+- * @deprecated Use javax.crypto.BadPaddingException.
+- */
+ public class BadPaddingException extends Exception {
+ public BadPaddingException() {
+ super();
Added:
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0004-jss-fixed-build-issue-on-F17-or-newer.patch
===================================================================
---
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0004-jss-fixed-build-issue-on-F17-or-newer.patch
(rev 0)
+++
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0004-jss-fixed-build-issue-on-F17-or-newer.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,23 @@
+diff -rupN jss-4.2.6.orig/mozilla/security/coreconf/config.mk
jss-4.2.6/mozilla/security/coreconf/config.mk
+--- jss-4.2.6.orig/mozilla/security/coreconf/config.mk 2007-05-03
23:54:05.000000000 -0700
++++ jss-4.2.6/mozilla/security/coreconf/config.mk 2013-07-22
18:42:19.000000000 -0700
+@@ -68,8 +68,19 @@ TARGET_OSES = FreeBSD BSD_OS NetBSD Open
+ ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
+ include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
+ else
++ifeq ($(OS_TARGET), Linux)
++OS_RELEASE_VER_MAJOR := $(shell echo $(OS_RELEASE) | cut -f1 -d.)
++OS_RELEASE_VER_MINOR := $(shell echo $(OS_RELEASE) | cut -f2 -d.)
++OS_RELEASE_GT_2_6 := $(shell [ $(OS_RELEASE_VER_MAJOR) -ge 2 -o \(
$(OS_RELEASE_VER_MAJOR) -eq 2 -a $(OS_RELEASE_VER_MINOR) -ge 6 \) ] && echo
true)
++ifeq ($(OS_RELEASE_GT_2_6),true)
++include $(CORE_DEPTH)/coreconf/Linux2.6.mk
++else
+ include $(CORE_DEPTH)/coreconf/$(OS_TARGET)$(OS_RELEASE).mk
+ endif
++else
++include $(CORE_DEPTH)/coreconf/$(OS_TARGET)$(OS_RELEASE).mk
++endif
++endif
+
+ #######################################################################
+ # [4.0] Master "Core Components" source and release <platform> tags #
Added:
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0005-jss-key_pair_usage_with_op_flags.patch
===================================================================
---
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0005-jss-key_pair_usage_with_op_flags.patch
(rev 0)
+++
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0005-jss-key_pair_usage_with_op_flags.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,544 @@
+diff -rupN jss-4.2.5/mozilla/security/jss/lib/jss.def
jss-4.2.6/mozilla/security/jss/lib/jss.def
+--- jss-4.2.5/mozilla/security/jss/lib/jss.def 2007-05-08 18:40:14.000000000
-0700
++++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2009-05-30 01:57:48.000000000
-0700
+@@ -316,3 +316,12 @@ Java_org_mozilla_jss_ssl_SSLSocket_isFip
+ ;+ local:
+ ;+ *;
+ ;+};
++;+JSS_4.2.6 { # JSS 4.2.6 release
++;+ global:
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags;
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags;
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags;
++;+ local:
++;+ *;
++;+};
++
+diff -rupN
jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
+---
jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
2005-11-14 14:15:06.000000000 -0800
++++
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
2009-05-22 07:40:14.000000000 -0700
+@@ -81,7 +81,6 @@ public class KeyPairGenerator {
+ genKeyPair() throws TokenException {
+ return engine.generateKeyPair();
+ }
+-
+ /**
+ * @return The type of key that this generator generates.
+ */
+@@ -192,6 +191,15 @@ public class KeyPairGenerator {
+ engine.extractablePairs(extractable);
+ }
+
++ public void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages,
++ KeyPairGeneratorSpi.Usage[] usages_mask) {
++ engine.setKeyPairUsages(usages,usages_mask);
++ }
++
++
++
++
++
+ protected KeyPairAlgorithm algorithm;
+ protected KeyPairGeneratorSpi engine;
+ }
+diff -rupN
jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
+---
jss-4.2.5/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
2005-11-14 14:15:06.000000000 -0800
++++
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
2009-05-30 03:24:31.000000000 -0700
+@@ -60,4 +60,38 @@ public abstract class KeyPairGeneratorSp
+ public abstract void extractablePairs(boolean extractable);
+
+ public abstract boolean keygenOnInternalToken();
++
++ /**
++ * In PKCS #11, each keypair can be marked with the operations it will
++ * be used to perform. Some tokens require that a key be marked for
++ * an operation before the key can be used to perform that operation;
++ * other tokens don't care. NSS provides a way to specify a set of
++ * flags and a corresponding mask for these flags. If a specific usage
++ * is desired set the value for that usage. If it is not set, let NSS
++ * behave in it's default fashion. If a behavior is desired, also set
++ * that behavior in the mask as well as the flags.
++ *
++ */
++ public final static class Usage {
++ private Usage() { }
++ private Usage(int val) { this.val = val;}
++ private int val;
++
++ public int getVal() { return val; }
++
++ // these enums must match the
++ // and the opFlagForUsage list in PK11KeyPairGenerator.java
++ public static final Usage ENCRYPT = new Usage(0);
++ public static final Usage DECRYPT = new Usage(1);
++ public static final Usage SIGN = new Usage(2);
++ public static final Usage SIGN_RECOVER = new Usage(3);
++ public static final Usage VERIFY = new Usage(4);
++ public static final Usage VERIFY_RECOVER = new Usage(5);
++ public static final Usage WRAP = new Usage(6);
++ public static final Usage UNWRAP = new Usage(7);
++ public static final Usage DERIVE = new Usage(8);
++ }
++
++ public abstract void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages,
++ KeyPairGeneratorSpi.Usage[]
usages_mask);
+ }
+diff -rupN
jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
+---
jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
2006-02-22 17:21:42.000000000 -0800
++++
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
2009-06-02 10:36:46.819581000 -0700
+@@ -120,13 +120,11 @@ finish:
+
+ int PK11_NumberObjectsFor(PK11SlotInfo*, CK_ATTRIBUTE*, int);
+
+-/*
+- * make a common key gen function for both this file and PK11Token.c
+- */
+ SECStatus
+-JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
++JSS_PK11_generateKeyPairWithOpFlags(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
+ PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk,
+- void *params, PRBool temporary, jint sensitive, jint extractable)
++ void *params, PRBool temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask)
+ {
+ PK11AttrFlags attrFlags = 0;
+ *privk=NULL;
+@@ -173,12 +171,16 @@ JSS_PK11_generateKeyPair(JNIEnv *env, CK
+ } else {
+ attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
+ }
+- *privk = PK11_GenerateKeyPairWithFlags(slot,
++
++ *privk = PK11_GenerateKeyPairWithOpFlags(slot,
+ mechanism,
+ params,
+ pubk,
+ attrFlags,
++ (CK_FLAGS) op_flags,
++ (CK_FLAGS) op_flags_mask/* the ones
we don't want*/,
+ NULL /* default PW callback */ );
++
+ if( *privk == NULL ) {
+ int errLength;
+ char *errBuf;
+@@ -217,13 +219,28 @@ finish:
+ return SECFailure;
+ }
+
++/*
++ * make a common key gen function for both this file and PK11Token.c
++ */
++SECStatus
++JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
++ PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk,
++ void *params, PRBool temporary, jint sensitive, jint extractable)
++{
++
++ return JSS_PK11_generateKeyPairWithOpFlags(env, mechanism, slot, pubk,
privk, params, temporary, sensitive, extractable, 0, 0);
++}
++
++
+ /**********************************************************************
+- * Local generic helper
++ * Local generic helpers
+ */
++
+ static jobject
+-PK11KeyPairGenerator(JNIEnv *env, jobject this, jobject token,
++PK11KeyPairGeneratorWithOpFlags(JNIEnv *env, jobject this, jobject token,
+ CK_MECHANISM_TYPE mechanism, void *params,
+- jboolean temporary, jint sensitive, jint extractable)
++ jboolean temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask)
+ {
+ PK11SlotInfo* slot;
+ SECKEYPrivateKey *privk=NULL;
+@@ -242,8 +259,8 @@ PK11KeyPairGenerator(JNIEnv *env, jobjec
+ }
+ PR_ASSERT(slot != NULL);
+
+- rv = JSS_PK11_generateKeyPair(env, mechanism, slot, &pubk, &privk,
+- params, temporary, sensitive, extractable);
++ rv = JSS_PK11_generateKeyPairWithOpFlags(env, mechanism, slot, &pubk,
&privk,
++ params, temporary, sensitive, extractable, op_flags, op_flags_mask);
+ if (rv != SECSuccess) {
+ goto finish;
+ }
+@@ -267,6 +284,16 @@ finish:
+ return keyPair;
+ }
+
++static jobject
++PK11KeyPairGenerator(JNIEnv *env, jobject this, jobject token,
++ CK_MECHANISM_TYPE mechanism, void *params,
++ jboolean temporary, jint sensitive, jint extractable)
++{
++ return PK11KeyPairGeneratorWithOpFlags(env, this, token, mechanism,
params, temporary, sensitive, extractable, 0, 0);
++}
++
++
++
+ /**********************************************************************
+ * PK11KeyPairGenerator.generateRSAKeyPair
+ */
+@@ -289,6 +316,30 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairG
+ ¶ms, temporary, sensitive, extractable);
+ }
+
++/**********************************************************************
++ * PK11KeyPairGenerator.generateRSAKeyPairWithOpFlags
++ */
++JNIEXPORT jobject JNICALL
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags
++ (JNIEnv *env, jobject this, jobject token, jint keySize, jlong
publicExponent,
++ jboolean temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask)
++{
++ PK11RSAGenParams params;
++
++ PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
++
++ /**************************************************
++ * setup parameters
++ *************************************************/
++ params.keySizeInBits = keySize;
++ params.pe = publicExponent;
++
++ return PK11KeyPairGeneratorWithOpFlags(env, this, token,
CKM_RSA_PKCS_KEY_PAIR_GEN,
++ ¶ms, temporary, sensitive, extractable, op_flags, op_flags_mask);
++}
++
++
+ #define ZERO_SECITEM(item) {(item).len=0; (item).data=NULL;}
+
+ /**********************************************************************
+@@ -339,6 +390,57 @@ finish:
+ return keyPair;
+ }
+
++/**********************************************************************
++ *
++ * PK11KeyPairGenerator.generateDSAKeyPair
++ *
++ */
++JNIEXPORT jobject JNICALL
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags
++ (JNIEnv *env, jobject this, jobject token, jbyteArray P, jbyteArray Q,
++ jbyteArray G, jboolean temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask)
++{
++ SECItem p, q, g;
++ PQGParams *params=NULL;
++ jobject keyPair=NULL;
++
++ PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && P!=NULL && Q!=NULL
++ && G!=NULL);
++
++ /* zero these so we can free them indiscriminately later */
++ ZERO_SECITEM(p);
++ ZERO_SECITEM(q);
++ ZERO_SECITEM(g);
++
++ /**************************************************
++ * Setup the parameters
++ *************************************************/
++ if( JSS_ByteArrayToOctetString(env, P, &p) ||
++ JSS_ByteArrayToOctetString(env, Q, &q) ||
++ JSS_ByteArrayToOctetString(env, G, &g) )
++ {
++ PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
++ goto finish;
++ }
++ params = PK11_PQG_NewParams(&p, &q, &g);
++ if(params == NULL) {
++ JSS_throw(env, OUT_OF_MEMORY_ERROR);
++ goto finish;
++ }
++ keyPair = PK11KeyPairGeneratorWithOpFlags(env, this, token,
CKM_DSA_KEY_PAIR_GEN,
++ params, temporary, sensitive, extractable,
++ op_flags, op_flags_mask);
++
++finish:
++ SECITEM_FreeItem(&p, PR_FALSE);
++ SECITEM_FreeItem(&q, PR_FALSE);
++ SECITEM_FreeItem(&g, PR_FALSE);
++ PK11_PQG_DestroyParams(params);
++ return keyPair;
++}
++
++
+ void
+ DumpItem(SECItem *item)
+ {
+@@ -361,6 +463,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairG
+ (JNIEnv *env, jobject this, jobject token, jbyteArray Curve,
+ jboolean temporary, jint sensitive, jint extractable)
+ {
++
+ SECItem curve;
+ jobject keyPair=NULL;
+
+@@ -385,3 +488,39 @@ finish:
+ SECITEM_FreeItem(&curve, PR_FALSE);
+ return keyPair;
+ }
++
++/**********************************************************************
++ *
++ * PK11KeyPairGenerator.generateECKeyPairWithOpFlags
++ *
++ */
++JNIEXPORT jobject JNICALL
++Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags
++ (JNIEnv *env, jobject this, jobject token, jbyteArray Curve,
++ jboolean temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask)
++{
++ SECItem curve;
++ jobject keyPair=NULL;
++
++ PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && Curve!=NULL );
++
++ /* zero these so we can free them indiscriminately later */
++ ZERO_SECITEM(curve);
++
++ /**************************************************
++ * Setup the parameters
++ *************************************************/
++ if( JSS_ByteArrayToOctetString(env, Curve, &curve))
++ {
++ PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
++ goto finish;
++ }
++ keyPair = PK11KeyPairGeneratorWithOpFlags(env, this, token,
CKM_EC_KEY_PAIR_GEN,
++ &curve, temporary, sensitive, extractable,
++ op_flags, op_flags_mask);
++
++finish:
++ SECITEM_FreeItem(&curve, PR_FALSE);
++ return keyPair;
++}
+diff -rupN
jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
+---
jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
2006-02-22 17:21:42.000000000 -0800
++++
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
2009-05-30 05:30:25.000000000 -0700
+@@ -55,6 +55,39 @@ public final class PK11KeyPairGenerator
+ extends org.mozilla.jss.crypto.KeyPairGeneratorSpi
+ {
+
++ // opFlag constants: each of these flags specifies a crypto operation
++ // the key will support. Their values must match the same-named C
++ // preprocessor macros defined in the PKCS #11 header pkcs11t.h.
++ private static final int CKF_ENCRYPT = 0x00000100;
++ private static final int CKF_DECRYPT = 0x00000200;
++ private static final int CKF_SIGN = 0x00000800;
++ private static final int CKF_SIGN_RECOVER = 0x00001000;
++ private static final int CKF_VERIFY = 0x00002000;
++ private static final int CKF_VERIFY_RECOVER = 0x00004000;
++ private static final int CKF_WRAP = 0x00020000;
++ private static final int CKF_UNWRAP = 0x00040000;
++ private static final int CKF_DERIVE = 0x00080000;
++
++ // A table for mapping SymmetricKey.Usage to opFlag. This must be
++ // synchronized with SymmetricKey.Usage.
++ private static final int opFlagForUsage[] = {
++ CKF_ENCRYPT, /* 0 */
++ CKF_DECRYPT, /* 1 */
++ CKF_SIGN, /* 2 */
++ CKF_SIGN_RECOVER, /* 3 */
++ CKF_VERIFY, /* 4 */
++ CKF_VERIFY_RECOVER, /* 5 */
++ CKF_WRAP, /* 6 */
++ CKF_UNWRAP, /* 7 */
++ CKF_DERIVE /* 8 */
++ };
++
++ // The crypto operations the key will support. It is the logical OR
++ // of the opFlag constants, each specifying a supported operation.
++ private int opFlags = 0;
++ private int opFlagsMask = 0;
++
++
+ ///////////////////////////////////////////////////////////////////////
+ ///////////////////////////////////////////////////////////////////////
+ // Constructors
+@@ -189,41 +222,45 @@ public final class PK11KeyPairGenerator
+ * Generates a key pair on a token. Uses parameters if they were passed
+ * in through a call to <code>initialize</code>, otherwise uses defaults.
+ */
++
+ public KeyPair generateKeyPair()
+ throws TokenException
+ {
+ if(algorithm == KeyPairAlgorithm.RSA) {
+ if(params != null) {
+ RSAParameterSpec rsaparams = (RSAParameterSpec)params;
+- return generateRSAKeyPair(
++ return generateRSAKeyPairWithOpFlags(
+ token,
+ rsaparams.getKeySize(),
+ rsaparams.getPublicExponent().longValue(),
+ temporaryPairMode,
+ sensitivePairMode,
+- extractablePairMode);
++ extractablePairMode,
++ opFlags, opFlagsMask);
+ } else {
+- return generateRSAKeyPair(
++ return generateRSAKeyPairWithOpFlags(
+ token,
+ DEFAULT_RSA_KEY_SIZE,
+ DEFAULT_RSA_PUBLIC_EXPONENT.longValue(),
+ temporaryPairMode,
+ sensitivePairMode,
+- extractablePairMode);
++ extractablePairMode,
++ opFlags, opFlagsMask);
+ }
+ } else if(algorithm == KeyPairAlgorithm.DSA ) {
+ if(params==null) {
+ params = PQG1024;
+ }
+ DSAParameterSpec dsaParams = (DSAParameterSpec)params;
+- return generateDSAKeyPair(
++ return generateDSAKeyPairWithOpFlags(
+ token,
+ PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getP()),
+ PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getQ()),
+ PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getG()),
+ temporaryPairMode,
+ sensitivePairMode,
+- extractablePairMode);
++ extractablePairMode,
++ opFlags, opFlagsMask);
+ } else {
+ Assert._assert( algorithm == KeyPairAlgorithm.EC );
+ // requires JAVA 1.5 for ECParameters.
+@@ -233,12 +270,14 @@ public final class PK11KeyPairGenerator
+ // ecParams.init(params);
+ PK11ParameterSpec ecParams = (PK11ParameterSpec) params;
+
+- return generateECKeyPair(
++ return generateECKeyPairWithOpFlags(
+ token,
+ ecParams.getEncoded(), /* curve */
+ temporaryPairMode,
+ sensitivePairMode,
+- extractablePairMode);
++ extractablePairMode,
++ opFlags,
++ opFlagsMask);
+ }
+ }
+
+@@ -266,6 +305,17 @@ public final class PK11KeyPairGenerator
+ throws TokenException;
+
+ /**
++ * Generates an RSA key pair with the given size and public exponent.
++ * Adds the ability to specify a set of flags and masks
++ * to control how NSS generates the key pair.
++ */
++ private native KeyPair
++ generateRSAKeyPairWithOpFlags(PK11Token token, int keySize, long
publicExponent,
++ boolean temporary, int sensitive, int extractable,
++ int op_flags, int op_flags_mask)
++ throws TokenException;
++
++ /**
+ * Generates a DSA key pair with the given P, Q, and G values.
+ * P, Q, and G are stored as big-endian twos-complement octet strings.
+ */
+@@ -275,6 +325,19 @@ public final class PK11KeyPairGenerator
+ throws TokenException;
+
+ /**
++ * Generates a DSA key pair with the given P, Q, and G values.
++ * P, Q, and G are stored as big-endian twos-complement octet strings.
++ * Adds the ability to specify a set of flags and masks
++ * to control how NSS generates the key pair.
++ */
++ private native KeyPair
++ generateDSAKeyPairWithOpFlags(PK11Token token, byte[] P, byte[] Q, byte[]
G,
++ boolean temporary, int sensitive, int extractable,
++ int op_flags, int op_flags_mask)
++ throws TokenException;
++
++
++ /**
+ * Generates a EC key pair with the given a curve.
+ * Curves are stored as DER Encoded Parameters.
+ */
+@@ -282,6 +345,18 @@ public final class PK11KeyPairGenerator
+ generateECKeyPair(PK11Token token, byte[] Curve,
+ boolean temporary, int sensitive, int extractable)
+ throws TokenException;
++ /**
++ * Generates a EC key pair with the given a curve.
++ * Curves are stored as DER Encoded Parameters.
++ * Adds the ability to specify a set of flags and masks
++ * to control how NSS generates the key pair.
++ */
++
++ private native KeyPair
++ generateECKeyPairWithOpFlags(PK11Token token, byte[] Curve,
++ boolean temporary, int sensitive, int extractable,
++ int op_flags, int op_flags_mask)
++ throws TokenException;
+
+ ///////////////////////////////////////////////////////////////////////
+ ///////////////////////////////////////////////////////////////////////
+@@ -397,6 +472,38 @@ public final class PK11KeyPairGenerator
+ extractablePairMode = extractable ? 1 : 0;
+ }
+
++ /**
++ * Sets the requested key usages desired for the
++ * generated key pair.
++ * This allows the caller to suggest how NSS generates the key pair.
++ * @param usages List of desired key usages.
++ * @param usages_mask Corresponding mask for the key usages.
++ * if a usages is desired, make sure it is in the mask as well.
++ */
++
++ public void
setKeyPairUsages(org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usages,
++
org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usages_mask) {
++
++ this.opFlags = 0;
++ this.opFlagsMask = 0;
++
++ if(usages != null) {
++ for( int i = 0; i < usages.length; i++ ) {
++ if( usages[i] != null ) {
++ this.opFlags |= opFlagForUsage[usages[i].getVal()];
++ }
++ }
++ }
++
++ if(usages_mask != null) {
++ for( int i = 0; i < usages_mask.length; i++ ) {
++ if( usages_mask[i] != null ) {
++ this.opFlagsMask |=
opFlagForUsage[usages_mask[i].getVal()];
++ }
++ }
++ }
++ }
++
+ //
+ // requires JAVA 1.5
+ //
+diff -rupN jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h
+--- jss-4.2.5/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h
2006-02-22 17:21:42.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h
2009-05-29 08:34:24.000000000 -0700
+@@ -157,6 +157,12 @@ JSS_PK11_generateKeyPair(JNIEnv *env, CK
+ PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privK,
+ void *params, PRBool temporary, jint senstive, jint extractable);
+
++SECStatus
++JSS_PK11_generateKeyPair_withOpFlags(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
++ PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk,
++ void *params, PRBool temporary, jint sensitive, jint extractable,
++ jint op_flags, jint op_flags_mask);
++
+ /*=====================================================================
+ C E R T I F I C A T E S
+ =====================================================================*/
Added:
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0006-jss-loadlibrary.patch
===================================================================
---
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0006-jss-loadlibrary.patch
(rev 0)
+++
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0006-jss-loadlibrary.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,29 @@
+diff -uN --recursive
jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
2008-01-31 17:29:16.000000000 -0500
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
2010-01-07 10:47:04.000000000 -0500
+@@ -1334,11 +1334,20 @@
+ */
+ synchronized static void loadNativeLibraries()
+ {
+- if( ! mNativeLibrariesLoaded )
+- {
+- System.loadLibrary("jss4");
+- Debug.trace(Debug.VERBOSE, "jss library loaded");
+- mNativeLibrariesLoaded = true;
++ if( ! mNativeLibrariesLoaded ) {
++ try {
++ System.load( "/usr/lib64/jss/libjss4.so" );
++ Debug.trace(Debug.VERBOSE, "jss library loaded");
++ mNativeLibrariesLoaded = true;
++ } catch( UnsatisfiedLinkError e ) {
++ try {
++ System.load( "/usr/lib/jss/libjss4.so" );
++ Debug.trace(Debug.VERBOSE, "jss library loaded");
++ mNativeLibrariesLoaded = true;
++ } catch( UnsatisfiedLinkError f ) {
++ Debug.trace(Debug.VERBOSE, "jss library load failed");
++ }
++ }
+ }
+ }
+ static private boolean mNativeLibrariesLoaded = false;
Added:
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0007-jss-javadocs-param.patch
===================================================================
---
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0007-jss-javadocs-param.patch
(rev 0)
+++
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0007-jss-javadocs-param.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,13 @@
+---
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/tests/JCASymKeyGen.java.orig
2008-01-18 16:39:46.000000000 -0500
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/tests/JCASymKeyGen.java
2009-06-05 11:08:54.000000000 -0400
+@@ -116,7 +116,9 @@
+ }
+ /**
+ *
+- * @param
++ * @param key
++ * @param kg
++ * @return
+ */
+ public javax.crypto.SecretKey genSecretKey(String keyType, String
provider){
+ javax.crypto.SecretKey key = null;
Added: csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0008-jss-ipv6.patch
===================================================================
--- csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0008-jss-ipv6.patch
(rev 0)
+++ csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0008-jss-ipv6.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,623 @@
+diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/lib/jss.def
jss-4.2.6/mozilla/security/jss/lib/jss.def
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/lib/jss.def 2009-06-24
17:08:59.784371000 -0700
++++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2009-06-19 17:56:00.000000000
-0700
+@@ -175,6 +175,7 @@ Java_org_mozilla_jss_ssl_SSLServerSocket
+ Java_org_mozilla_jss_ssl_SSLSocket_forceHandshake;
+ Java_org_mozilla_jss_ssl_SSLSocket_getKeepAlive;
+ Java_org_mozilla_jss_ssl_SSLSocket_getLocalAddressNative;
++Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressByteArrayNative;
+ Java_org_mozilla_jss_ssl_SSLSocket_getPort;
+ Java_org_mozilla_jss_ssl_SSLSocket_getReceiveBufferSize;
+ Java_org_mozilla_jss_ssl_SSLSocket_getSendBufferSize;
+@@ -199,6 +200,7 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+ Java_org_mozilla_jss_ssl_SSLSocket_socketWrite;
+ Java_org_mozilla_jss_ssl_SocketBase_getLocalPortNative;
+ Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative;
++Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressByteArrayNative;
+ Java_org_mozilla_jss_ssl_SocketBase_setClientCertNicknameNative;
+ Java_org_mozilla_jss_ssl_SocketBase_requestClientAuthNoExpiryCheckNative;
+ Java_org_mozilla_jss_ssl_SocketBase_setSSLOption;
+diff -rupN
jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java
+---
jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java
2007-03-20 15:39:28.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java
2009-06-24 13:46:49.000000000 -0700
+@@ -36,7 +36,8 @@
+
+ package org.mozilla.jss.ssl;
+
+-import java.net.InetAddress;
++import java.util.*;
++import java.net.*;
+ import java.io.IOException;
+ import java.net.Socket;
+ import java.net.SocketException;
+@@ -138,34 +139,34 @@ public class SSLServerSocket extends jav
+ super.close();
+
+ // create the socket
++
++ int socketFamily = SocketBase.SSL_AF_INET;
++ if(SocketBase.supportsIPV6()) {
++ socketFamily = SocketBase.SSL_AF_INET6;
++ }
++
+ sockProxy = new SocketProxy(
+- base.socketCreate(this, certApprovalCallback, null) );
++ base.socketCreate(this, certApprovalCallback, null,socketFamily)
);
+
+ base.setProxy(sockProxy);
+
+ setReuseAddress(reuseAddr);
+
+- // bind it to the local address and port
+- if( bindAddr == null ) {
+- bindAddr = anyLocalAddr;
+- }
+ byte[] bindAddrBA = null;
+ if( bindAddr != null ) {
+ bindAddrBA = bindAddr.getAddress();
+ }
+ base.socketBind(bindAddrBA, port);
++
++ String hostName = null;
++ if(bindAddr != null) {
++ hostName = bindAddr.getCanonicalHostName();
++ }
+ socketListen(backlog);
+ }
+
+ private native void socketListen(int backlog) throws SocketException;
+
+- private static InetAddress anyLocalAddr;
+- static {
+- try {
+- anyLocalAddr = InetAddress.getByName("0.0.0.0");
+- } catch (java.net.UnknownHostException e) { }
+- }
+-
+ /**
+ * Accepts a connection. This call will block until a connection is made
+ * or the timeout is reached.
+diff -rupN
jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
2007-05-08 18:40:14.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
2009-06-24 13:27:15.000000000 -0700
+@@ -460,10 +460,15 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+ JSSL_SocketData *sock;
+ PRNetAddr addr;
+ jbyte *addrBAelems = NULL;
++ int addrBALen = 0;
+ PRStatus status;
+ int stat;
+ const char *hostnameStr=NULL;
+
++ jmethodID supportsIPV6ID;
++ jclass socketBaseClass;
++ jboolean supportsIPV6 = 0;
++
+ if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
+ /* exception was thrown */
+ goto finish;
+@@ -472,16 +477,32 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+ /*
+ * setup the PRNetAddr structure
+ */
+- addr.inet.family = AF_INET;
+- addr.inet.port = htons(port);
+- PR_ASSERT(sizeof(addr.inet.ip) == 4);
+- PR_ASSERT( (*env)->GetArrayLength(env, addrBA) == 4);
++
++ socketBaseClass = (*env)->FindClass(env, SOCKET_BASE_NAME);
++ if( socketBaseClass == NULL ) {
++ ASSERT_OUTOFMEM(env);
++ goto finish;
++ }
++ supportsIPV6ID = (*env)->GetStaticMethodID(env, socketBaseClass,
++ SUPPORTS_IPV6_NAME, SUPPORTS_IPV6_SIG);
++
++ if( supportsIPV6ID == NULL ) {
++ ASSERT_OUTOFMEM(env);
++ goto finish;
++ }
++
++ supportsIPV6 = (*env)->CallStaticBooleanMethod(env, socketBaseClass,
++ supportsIPV6ID);
++
+ addrBAelems = (*env)->GetByteArrayElements(env, addrBA, NULL);
++ addrBALen = (*env)->GetArrayLength(env, addrBA);
++
++ PR_ASSERT(addrBALen != 0);
++
+ if( addrBAelems == NULL ) {
+ ASSERT_OUTOFMEM(env);
+ goto finish;
+ }
+- memcpy(&addr.inet.ip, addrBAelems, 4);
+
+ /*
+ * Tell SSL the URL we think we want to connect to.
+@@ -495,6 +516,38 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+ goto finish;
+ }
+
++ if( addrBAelems == NULL ) {
++ ASSERT_OUTOFMEM(env);
++ goto finish;
++ }
++
++ if(addrBALen != 4 && addrBALen != 16) {
++ JSSL_throwSSLSocketException(env, "Invalid address in connect!");
++ goto finish;
++ }
++
++ if( addrBALen == 4) {
++ addr.inet.family = AF_INET;
++ addr.inet.port = PR_htons(port);
++ memcpy(&addr.inet.ip, addrBAelems, 4);
++
++ if(supportsIPV6) {
++ addr.ipv6.family = AF_INET6;
++ addr.ipv6.port = PR_htons(port);
++ PR_ConvertIPv4AddrToIPv6(addr.inet.ip,&addr.ipv6.ip);
++ }
++
++ } else { /* Must be 16 and ipv6 */
++ if(supportsIPV6) {
++ addr.ipv6.family = AF_INET6;
++ addr.ipv6.port = PR_htons(port);
++ memcpy(&addr.ipv6.ip,addrBAelems, 16);
++ } else {
++ JSSL_throwSSLSocketException(env, "Invalid address in
connect!");
++ goto finish;
++ }
++ }
++
+ /*
+ * make the connect call
+ */
+diff -rupN
jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
2007-05-08 18:40:14.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
2009-06-24 13:45:59.000000000 -0700
+@@ -243,11 +243,16 @@ public class SSLSocket extends java.net.
+ SSLClientCertificateSelectionCallback clientCertSelectionCallback)
+ throws IOException
+ {
++
++ int socketFamily = SocketBase.SSL_AF_INET;
++ if(SocketBase.supportsIPV6()) {
++ socketFamily = SocketBase.SSL_AF_INET6;
++ }
+ // create the socket
+ sockProxy =
+ new SocketProxy(
+ base.socketCreate(
+- this, certApprovalCallback, clientCertSelectionCallback)
);
++ this, certApprovalCallback,
clientCertSelectionCallback,socketFamily) );
+
+ base.setProxy(sockProxy);
+
+@@ -288,7 +293,7 @@ public class SSLSocket extends java.net.
+ new SocketProxy(
+ base.socketCreate(
+ this, certApprovalCallback, clientCertSelectionCallback,
+- s, host ) );
++ s, host,SocketBase.SSL_AF_INET ) );
+
+ base.setProxy(sockProxy);
+ resetHandshake();
+diff -rupN
jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java
+---
jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java
2007-03-20 15:39:28.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java
2009-06-24 13:50:32.000000000 -0700
+@@ -70,16 +70,16 @@ class SocketBase {
+ native byte[] socketCreate(Object socketObject,
+ SSLCertificateApprovalCallback certApprovalCallback,
+ SSLClientCertificateSelectionCallback clientCertSelectionCallback,
+- java.net.Socket javaSock, String host)
++ java.net.Socket javaSock, String host,int family)
+ throws SocketException;
+
+ byte[] socketCreate(Object socketObject,
+ SSLCertificateApprovalCallback certApprovalCallback,
+- SSLClientCertificateSelectionCallback clientCertSelectionCallback)
++ SSLClientCertificateSelectionCallback clientCertSelectionCallback,int
family)
+ throws SocketException
+ {
+ return socketCreate(socketObject, certApprovalCallback,
+- clientCertSelectionCallback, null, null);
++ clientCertSelectionCallback, null, null,family);
+ }
+
+ native void socketBind(byte[] addrBA, int port) throws SocketException;
+@@ -115,6 +115,10 @@ class SocketBase {
+ static final int SSL_REQUIRE_FIRST_HANDSHAKE = 20;
+ static final int SSL_REQUIRE_NO_ERROR = 21;
+
++
++ static final int SSL_AF_INET = 50;
++ static final int SSL_AF_INET6 = 51;
++
+ void close() throws IOException {
+ socketClose();
+ }
+@@ -281,13 +285,25 @@ class SocketBase {
+ return in;
+ }
+
++ private native byte[] getLocalAddressByteArrayNative() throws
SocketException;
++ private native byte[] getPeerAddressByteArrayNative() throws
SocketException;
+ /**
+ * @return the InetAddress of the peer end of the socket.
+ */
+ InetAddress getInetAddress()
+ {
+ try {
+- return convertIntToInetAddress( getPeerAddressNative() );
++ byte[] address = getPeerAddressByteArrayNative();
++
++ InetAddress iAddr = null;
++
++ try {
++
++ iAddr = InetAddress.getByAddress(address);
++ } catch(UnknownHostException e) {
++ }
++
++ return iAddr;
+ } catch(SocketException e) {
+ return null;
+ }
+@@ -299,7 +315,17 @@ class SocketBase {
+ */
+ InetAddress getLocalAddress() {
+ try {
+- return convertIntToInetAddress( getLocalAddressNative() );
++ byte[] address = getLocalAddressByteArrayNative();
++
++ InetAddress lAddr = null;
++
++ try {
++
++ lAddr = InetAddress.getByAddress(address);
++ } catch(UnknownHostException e) {
++ }
++
++ return lAddr;
+ } catch(SocketException e) {
+ return null;
+ }
+@@ -378,4 +404,45 @@ class SocketBase {
+ return topException;
+ }
+ }
++
++ static private int supportsIPV6 = -1;
++ static boolean supportsIPV6() {
++
++ if(supportsIPV6 >= 0) {
++ if(supportsIPV6 > 0) {
++ return true;
++ } else {
++ return false;
++ }
++ }
++
++ Enumeration netInter;
++ try {
++ netInter = NetworkInterface.getNetworkInterfaces();
++ } catch (SocketException e) {
++
++ return false;
++ }
++ while ( netInter.hasMoreElements() )
++ {
++ NetworkInterface ni = (NetworkInterface)netInter.nextElement();
++ Enumeration addrs = ni.getInetAddresses();
++ while ( addrs.hasMoreElements() )
++ {
++ Object o = addrs.nextElement();
++ if ( o.getClass() == InetAddress.class ||
++ o.getClass() == Inet4Address.class ||
++ o.getClass() == Inet6Address.class )
++ {
++ InetAddress iaddr = (InetAddress) o;
++ if(o.getClass() == Inet6Address.class) {
++ supportsIPV6 = 1;
++ return true;
++ }
++ }
++ }
++ }
++ supportsIPV6 = 0;
++ return false;
++ }
+ }
+diff -rupN
jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/common.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/common.c
2007-04-24 11:34:58.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c
2009-06-24 14:22:02.000000000 -0700
+@@ -33,7 +33,6 @@
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+-
+ #include <nspr.h>
+ #include <jni.h>
+ #include <pk11func.h>
+@@ -51,6 +50,9 @@
+ #include <winsock.h>
+ #endif
+
++#define SSL_AF_INET 50
++#define SSL_AF_INET6 51
++
+ void
+ JSSL_throwSSLSocketException(JNIEnv *env, char *message)
+ {
+@@ -142,7 +144,7 @@ finish:
+ JNIEXPORT jbyteArray JNICALL
+ Java_org_mozilla_jss_ssl_SocketBase_socketCreate(JNIEnv *env, jobject self,
+ jobject sockObj, jobject certApprovalCallback,
+- jobject clientCertSelectionCallback, jobject javaSock, jstring host)
++ jobject clientCertSelectionCallback, jobject javaSock, jstring host,jint
family)
+ {
+ jbyteArray sdArray = NULL;
+ JSSL_SocketData *sockdata = NULL;
+@@ -150,10 +152,21 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
+ PRFileDesc *newFD;
+ PRFileDesc *tmpFD;
+ PRFilePrivate *priv = NULL;
++ int socketFamily = 0;
++
++ if (family != SSL_AF_INET6 && family != SSL_AF_INET) {
++ JSSL_throwSSLSocketException(env,
++ "socketCreate() Invalid family!");
++ goto finish;
++ }
++ if( family == SSL_AF_INET)
++ socketFamily = PR_AF_INET;
++ else
++ socketFamily = PR_AF_INET6;
+
+ if( javaSock == NULL ) {
+ /* create a TCP socket */
+- newFD = PR_NewTCPSocket();
++ newFD = PR_OpenTCPSocket(socketFamily);
+ if( newFD == NULL ) {
+ JSSL_throwSSLSocketException(env,
+ "PR_NewTCPSocket() returned NULL");
+@@ -394,10 +407,10 @@ PRInt32 JSSL_enums[] = {
+ SSL_REQUIRE_ALWAYS, /* 19 */ /* ssl.h */
+ SSL_REQUIRE_FIRST_HANDSHAKE,/* 20 */ /* ssl.h */
+ SSL_REQUIRE_NO_ERROR, /* 21 */ /* ssl.h */
+-
+ 0
+ };
+
++
+ JNIEXPORT void JNICALL
+ Java_org_mozilla_jss_ssl_SocketBase_socketBind
+ (JNIEnv *env, jobject self, jbyteArray addrBA, jint port)
+@@ -405,8 +418,13 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
+ JSSL_SocketData *sock;
+ PRNetAddr addr;
+ jbyte *addrBAelems = NULL;
++ int addrBALen = 0;
+ PRStatus status;
+
++ jmethodID supportsIPV6ID;
++ jclass socketBaseClass;
++ jboolean supportsIPV6 = 0;
++
+ if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
+ /* exception was thrown */
+ goto finish;
+@@ -415,19 +433,72 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
+ /*
+ * setup the PRNetAddr structure
+ */
+- addr.inet.family = AF_INET;
+- addr.inet.port = htons(port);
++
++ /*
++ * Do we support IPV6?
++ */
++
++ socketBaseClass = (*env)->FindClass(env, SOCKET_BASE_NAME);
++ if( socketBaseClass == NULL ) {
++ ASSERT_OUTOFMEM(env);
++ goto finish;
++ }
++ supportsIPV6ID = (*env)->GetStaticMethodID(env, socketBaseClass,
++ SUPPORTS_IPV6_NAME, SUPPORTS_IPV6_SIG);
++
++ if( supportsIPV6ID == NULL ) {
++ ASSERT_OUTOFMEM(env);
++ goto finish;
++ }
++
++ supportsIPV6 = (*env)->CallStaticBooleanMethod(env, socketBaseClass,
++ supportsIPV6ID);
++
++ memset( &addr, 0, sizeof( PRNetAddr ));
++
+ if( addrBA != NULL ) {
+- PR_ASSERT(sizeof(addr.inet.ip) == 4);
+- PR_ASSERT( (*env)->GetArrayLength(env, addrBA) == 4);
+ addrBAelems = (*env)->GetByteArrayElements(env, addrBA, NULL);
++ addrBALen = (*env)->GetArrayLength(env, addrBA);
++
+ if( addrBAelems == NULL ) {
+ ASSERT_OUTOFMEM(env);
+ goto finish;
+ }
+- memcpy(&addr.inet.ip, addrBAelems, 4);
++
++ if(addrBALen != 4 && addrBALen != 16) {
++ JSS_throwMsgPrErr(env, BIND_EXCEPTION,
++ "Invalid address in bind!");
++ goto finish;
++ }
++
++ if( addrBALen == 4) {
++ addr.inet.family = PR_AF_INET;
++ addr.inet.port = PR_htons(port);
++ memcpy(&addr.inet.ip, addrBAelems, 4);
++
++ if(supportsIPV6) {
++ addr.inet.family = PR_AF_INET6;
++ addr.ipv6.port = PR_htons(port);
++ PR_ConvertIPv4AddrToIPv6(addr.inet.ip,&addr.ipv6.ip);
++ }
++
++ } else { /* Must be 16 and ipv6 */
++ if(supportsIPV6) {
++ addr.ipv6.family = PR_AF_INET6;
++ addr.ipv6.port = PR_htons(port);
++ memcpy(&addr.ipv6.ip,addrBAelems, 16);
++ } else {
++ JSS_throwMsgPrErr(env, BIND_EXCEPTION,
++ "Invalid address in bind!");
++ goto finish;
++ }
++ }
+ } else {
+- addr.inet.ip = PR_htonl(INADDR_ANY);
++ if(supportsIPV6) {
++ status = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr);
++ } else {
++ status = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET, port, &addr);
++ }
+ }
+
+ /* do the bind() call */
+@@ -601,6 +672,78 @@ finish:
+ return status;
+ }
+
++JNIEXPORT jbyteArray JNICALL
++Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressByteArrayNative
++ (JNIEnv *env, jobject self)
++{
++ jbyteArray byteArray=NULL;
++ PRNetAddr addr;
++ jbyte *address=NULL;
++ int size=4;
++
++ if( JSSL_getSockAddr(env, self, &addr, PEER_SOCK) != PR_SUCCESS) {
++ goto finish;
++ }
++
++ if( PR_NetAddrFamily(&addr) == PR_AF_INET6) {
++ size = 16;
++ address = (jbyte *) &addr.ipv6.ip;
++ } else {
++ address = (jbyte *) &addr.inet.ip;
++ }
++
++ byteArray = (*env)->NewByteArray(env,size);
++ if(byteArray == NULL) {
++ ASSERT_OUTOFMEM(env);
++ goto finish;
++ }
++ (*env)->SetByteArrayRegion(env, byteArray, 0,size ,address);
++ if( (*env)->ExceptionOccurred(env) != NULL) {
++ PR_ASSERT(PR_FALSE);
++ goto finish;
++ }
++
++finish:
++ return byteArray;
++}
++
++JNIEXPORT jbyteArray JNICALL
++Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressByteArrayNative
++ (JNIEnv *env, jobject self)
++{
++ jbyteArray byteArray=NULL;
++ PRNetAddr addr;
++ jbyte *address=NULL;
++ int size=4;
++
++ if( JSSL_getSockAddr(env, self, &addr, LOCAL_SOCK) != PR_SUCCESS) {
++ goto finish;
++ }
++
++ if( PR_NetAddrFamily(&addr) == PR_AF_INET6) {
++ size = 16;
++ address = (jbyte *) &addr.ipv6.ip;
++ } else {
++ address = (jbyte *) &addr.inet.ip;
++ }
++
++ byteArray = (*env)->NewByteArray(env,size);
++ if(byteArray == NULL) {
++ ASSERT_OUTOFMEM(env);
++ goto finish;
++ }
++ (*env)->SetByteArrayRegion(env, byteArray, 0,size,address);
++ if( (*env)->ExceptionOccurred(env) != NULL) {
++ PR_ASSERT(PR_FALSE);
++ goto finish;
++ }
++
++finish:
++ return byteArray;
++}
++
++/* Leave the original versions of these functions for compatibility */
++
+ JNIEXPORT jint JNICALL
+ Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative
+ (JNIEnv *env, jobject self)
+diff -rupN
jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
2007-04-24 11:34:58.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
2009-06-24 13:43:13.000000000 -0700
+@@ -290,6 +290,7 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
+ jobject inetAddress;
+ jbyteArray addrByteArray;
+ jint port;
++ int addrBALen = 0;
+
+ if( GET_ENV(fd->secret->javaVM, env) ) goto finish;
+
+@@ -377,8 +378,9 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
+
+ memset(addr, 0, sizeof(PRNetAddr));
+
+- /* we only handle IPV4 */
+- PR_ASSERT( (*env)->GetArrayLength(env, addrByteArray) == 4 );
++ addrBALen = (*env)->GetArrayLength(env, addrByteArray);
++
++ PR_ASSERT( (addrBALen == 4) || (addrBALen == 16 ) );
+
+ /* make sure you release them later */
+ addrBytes = (*env)->GetByteArrayElements(env, addrByteArray, NULL);
+@@ -388,9 +390,16 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
+ }
+
+ /* ip field is in network byte order */
+- memcpy( (void*) &addr->inet.ip, addrBytes, 4);
+- addr->inet.family = PR_AF_INET;
+- addr->inet.port = port;
++
++ if (addrBALen == 4) {
++ memcpy( (void*) &addr->inet.ip, addrBytes, 4);
++ addr->inet.family = PR_AF_INET;
++ addr->inet.port = port;
++ } else {
++ memcpy( (void*) &addr->ipv6.ip,addrBytes, 16);
++ addr->inet.family = PR_AF_INET6;
++ addr->inet.port = port;
++ }
+
+ (*env)->ReleaseByteArrayElements(env, addrByteArray, addrBytes,
+ JNI_ABORT);
+diff -rupN
jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h
2006-02-22 17:21:52.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h
2009-06-19 17:56:00.000000000 -0700
+@@ -312,6 +312,8 @@ PR_BEGIN_EXTERN_C
+ #define SOCKET_BASE_NAME "org/mozilla/jss/ssl/SocketBase"
+ #define PROCESS_EXCEPTIONS_NAME "processExceptions"
+ #define PROCESS_EXCEPTIONS_SIG
"(Ljava/lang/Throwable;Ljava/lang/Throwable;)Ljava/lang/Throwable;"
++#define SUPPORTS_IPV6_NAME "supportsIPV6"
++#define SUPPORTS_IPV6_SIG "()Z"
+
+ /*
+ * SSLCertificateApprovalCallback
Added:
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0009-jss-ocspSettings.patch
===================================================================
---
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0009-jss-ocspSettings.patch
(rev 0)
+++
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0009-jss-ocspSettings.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,106 @@
+diff -up jss-4.2.6/mozilla/security/jss/lib/jss.def.orig
jss-4.2.6/mozilla/security/jss/lib/jss.def
+--- jss-4.2.6/mozilla/security/jss/lib/jss.def.orig 2009-11-04
14:26:26.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2009-11-04 14:11:05.000000000
-0800
+@@ -329,6 +329,8 @@ Java_org_mozilla_jss_pkcs11_PK11Token_ne
+ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags;
+
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags;
+
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags;
++Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative;
++Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative;
+ ;+ local:
+ ;+ *;
+ ;+};
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c.orig
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c.orig
2009-11-04 14:20:43.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
2009-11-05 10:48:32.590000000 -0800
+@@ -976,3 +976,45 @@ Java_org_mozilla_jss_CryptoManager_confi
+ }
+ }
+
++
++/**********************************************************************
++* OCSPCacheSettingsNative
++*
++* Allows configuration of the OCSP responder cache during runtime.
++*/
++JNIEXPORT void JNICALL
++Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative(
++ JNIEnv *env, jobject this,
++ jint ocsp_cache_size,
++ jint ocsp_min_cache_entry_duration,
++ jint ocsp_max_cache_entry_duration)
++{
++ SECStatus rv = SECFailure;
++
++ rv = CERT_OCSPCacheSettings(
++ ocsp_cache_size, ocsp_min_cache_entry_duration,
++ ocsp_max_cache_entry_duration);
++
++ if (rv != SECSuccess) {
++ JSS_throwMsgPrErr(env,
++ GENERAL_SECURITY_EXCEPTION,
++ "Failed to set OCSP cache: error "+ PORT_GetError());
++ }
++}
++
++JNIEXPORT void JNICALL
++Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative(
++ JNIEnv *env, jobject this,
++ jint ocsp_timeout )
++{
++ SECStatus rv = SECFailure;
++
++ rv = CERT_SetOCSPTimeout(ocsp_timeout);
++
++ if (rv != SECSuccess) {
++ JSS_throwMsgPrErr(env,
++ GENERAL_SECURITY_EXCEPTION,
++ "Failed to set OCSP timeout: error "+ PORT_GetError());
++ }
++}
++
+diff -up
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.orig
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.orig
2009-11-04 14:20:33.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
2009-11-05 10:48:59.415001000 -0800
+@@ -1479,4 +1479,41 @@ public final class CryptoManager impleme
+ String ocspResponderCertNickname )
+ throws GeneralSecurityException;
+
++ /**
++ * change OCSP cache settings
++ * * @param ocsp_cache_size max cache entries
++ * * @param ocsp_min_cache_entry_duration minimum seconds to next
fetch attempt
++ * * @param ocsp_max_cache_entry_duration maximum seconds to next
fetch attempt
++ */
++ public void OCSPCacheSettings(
++ int ocsp_cache_size,
++ int ocsp_min_cache_entry_duration,
++ int ocsp_max_cache_entry_duration)
++ throws GeneralSecurityException
++ {
++ OCSPCacheSettingsNative(ocsp_cache_size,
++ ocsp_min_cache_entry_duration,
++ ocsp_max_cache_entry_duration);
++ }
++
++ private native void OCSPCacheSettingsNative(
++ int ocsp_cache_size,
++ int ocsp_min_cache_entry_duration,
++ int ocsp_max_cache_entry_duration)
++ throws GeneralSecurityException;
++
++ /**
++ * set OCSP timeout value
++ * * @param ocspTimeout OCSP timeout in seconds
++ */
++ public void setOCSPTimeout(
++ int ocsp_timeout )
++ throws GeneralSecurityException
++ {
++ setOCSPTimeoutNative( ocsp_timeout);
++ }
++
++ private native void setOCSPTimeoutNative(
++ int ocsp_timeout )
++ throws GeneralSecurityException;
+ }
Added:
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0010-jss-ECC_keygen_byCurveName.patch
===================================================================
---
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0010-jss-ECC_keygen_byCurveName.patch
(rev 0)
+++
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0010-jss-ECC_keygen_byCurveName.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,490 @@
+diff -up
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java.fix
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
+---
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java.fix
2010-10-20 09:54:35.189680000 -0700
++++
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
2010-10-20 10:54:53.154835000 -0700
+@@ -196,7 +196,10 @@ public class KeyPairGenerator {
+ engine.setKeyPairUsages(usages,usages_mask);
+ }
+
+-
++ public int getCurveCodeByName(String curveName)
++ throws InvalidParameterException {
++ return engine.getCurveCodeByName(curveName);
++ }
+
+
+
+diff -up
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java.fix
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
+---
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java.fix
2010-10-20 09:54:52.393628000 -0700
++++
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
2010-10-20 10:55:39.441698000 -0700
+@@ -94,4 +94,6 @@ public abstract class KeyPairGeneratorSp
+
+ public abstract void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages,
+ KeyPairGeneratorSpi.Usage[]
usages_mask);
++
++ public abstract int getCurveCodeByName(String curveName) throws
InvalidParameterException;
+ }
+diff -up
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java.fix
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
+---
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java.fix
2010-10-15 10:30:57.832196000 -0700
++++
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
2010-10-20 11:09:30.523208000 -0700
+@@ -44,6 +44,7 @@ import java.security.*;
+ import java.security.SecureRandom;
+ import java.security.spec.AlgorithmParameterSpec;
+ import java.security.spec.DSAParameterSpec;
++import java.util.Hashtable;
+
+
+ /**
+@@ -55,6 +56,246 @@ public final class PK11KeyPairGenerator
+ extends org.mozilla.jss.crypto.KeyPairGeneratorSpi
+ {
+
++ // curve code for getting the actual EC curve
++ private enum ECCurve_Code {
++ // NIST, SEC2 Prime curves
++ secp521r1 , // == nistp521
++ nistp521 ,
++ secp384r1 , // == nistp384
++ nistp384 ,
++ secp256r1 , // == nistp256
++ nistp256 ,
++ secp256k1 ,
++ secp224r1 , // == nistp224
++ nistp224 ,
++ secp224k1 ,
++ secp192r1 , // == nistp192
++ nistp192 ,
++ secp192k1 ,
++ secp160r2 ,
++ secp160r1 ,
++ secp160k1 ,
++ secp128r2 ,
++ secp128r1 ,
++ secp112r2 ,
++ secp112r1 ,
++ // NIST, SEC2 Binary curves
++ sect571r1 , // == nistb571
++ nistb571 ,
++ sect571k1 , // == nistk571
++ nistk571 ,
++ sect409r1 , // == nistb409
++ nistb409 ,
++ sect409k1 , // == nistk409
++ nistk409 ,
++ sect283r1 , // == nistb283
++ nistb283 ,
++ sect283k1 , // == nistk283
++ nistk283 ,
++ sect239k1 ,
++ sect233r1 , // == nistb233
++ nistb233 ,
++ sect233k1 , // == nistk233
++ nistk233 ,
++ sect193r2 ,
++ sect193r1 ,
++ nistb163 ,
++ sect163r2 , // == nistb163
++ sect163r1 ,
++ sect163k1 , // == nistk163
++ nistk163 ,
++ sect131r2 ,
++ sect131r1 ,
++ sect113r2 ,
++ sect113r1 ,
++ // ANSI X9.62 Prime curves
++ prime239v3 ,
++ prime239v2 ,
++ prime239v1 ,
++ prime192v3 ,
++ prime192v2 ,
++ prime192v1 , // == nistp192
++ // prime256v1 == nistp256
++ // ANSI X9.62 Binary curves
++ c2pnb163v1 ,
++ c2pnb163v2 ,
++ c2pnb163v3 ,
++ c2pnb176v1 ,
++ c2tnb191v1 ,
++ c2tnb191v2 ,
++ c2tnb191v3 ,
++ //c2onb191v4 ,
++ //c2onb191v5 ,
++ c2pnb208w1 ,
++ c2tnb239v1 ,
++ c2tnb239v2 ,
++ c2tnb239v3 ,
++ //c2onb239v4 ,
++ //c2onb239v5 ,
++ c2pnb272w1 ,
++ c2pnb304w1 ,
++ c2tnb359v1 ,
++ c2pnb368w1 ,
++ c2tnb431r1
++ // no WTLS curves fo now
++ };
++
++ private static Hashtable ECCurve_NameToCode = new Hashtable();
++ static {
++ // NIST, SEC2 Prime curves
++ ECCurve_NameToCode.put(
++ "secp521r1", ECCurve_Code.secp521r1);
++ ECCurve_NameToCode.put(
++ "nistp521", ECCurve_Code.nistp521);
++ ECCurve_NameToCode.put(
++ "secp384r1", ECCurve_Code.secp384r1);
++ ECCurve_NameToCode.put(
++ "nistp384", ECCurve_Code.nistp384);
++ ECCurve_NameToCode.put(
++ "secp256r1", ECCurve_Code.secp256r1);
++ ECCurve_NameToCode.put(
++ "nistp256", ECCurve_Code.nistp256);
++ ECCurve_NameToCode.put(
++ "secp256k1", ECCurve_Code.secp256k1);
++ ECCurve_NameToCode.put(
++ "secp224r1", ECCurve_Code.secp224r1);
++ ECCurve_NameToCode.put(
++ "nistp224", ECCurve_Code.nistp224);
++ ECCurve_NameToCode.put(
++ "secp224k1", ECCurve_Code.secp224k1);
++ ECCurve_NameToCode.put(
++ "secp192r1", ECCurve_Code.secp192r1);
++ ECCurve_NameToCode.put(
++ "nistp192", ECCurve_Code.nistp192);
++ ECCurve_NameToCode.put(
++ "secp192k1", ECCurve_Code.secp192k1);
++ ECCurve_NameToCode.put(
++ "secp160r2", ECCurve_Code.secp160r2);
++ ECCurve_NameToCode.put(
++ "secp160r1", ECCurve_Code.secp160r1);
++ ECCurve_NameToCode.put(
++ "secp160k1", ECCurve_Code.secp160k1);
++ ECCurve_NameToCode.put(
++ "secp128r2", ECCurve_Code.secp128r2);
++ ECCurve_NameToCode.put(
++ "secp128r1", ECCurve_Code.secp128r1);
++ ECCurve_NameToCode.put(
++ "secp112r2", ECCurve_Code.secp112r2);
++ ECCurve_NameToCode.put(
++ "secp112r1", ECCurve_Code.secp112r1);
++ // NIST, SEC2 Binary curves
++ ECCurve_NameToCode.put(
++ "sect571r1", ECCurve_Code.sect571r1);
++ ECCurve_NameToCode.put(
++ "nistb571", ECCurve_Code.nistb571);
++ ECCurve_NameToCode.put(
++ "sect571k1", ECCurve_Code.sect571k1);
++ ECCurve_NameToCode.put(
++ "nistk571", ECCurve_Code.nistk571);
++ ECCurve_NameToCode.put(
++ "sect409r1", ECCurve_Code.sect409r1);
++ ECCurve_NameToCode.put(
++ "nistb409", ECCurve_Code.nistb409);
++ ECCurve_NameToCode.put(
++ "sect409k1", ECCurve_Code.sect409k1);
++ ECCurve_NameToCode.put(
++ "nistk409", ECCurve_Code.nistk409);
++ ECCurve_NameToCode.put(
++ "sect283r1", ECCurve_Code.sect283r1);
++ ECCurve_NameToCode.put(
++ "nistb283", ECCurve_Code.nistb283);
++ ECCurve_NameToCode.put(
++ "sect283k1", ECCurve_Code.sect283k1);
++ ECCurve_NameToCode.put(
++ "nistk283", ECCurve_Code.nistk283);
++ ECCurve_NameToCode.put(
++ "sect239k1", ECCurve_Code.sect239k1);
++ ECCurve_NameToCode.put(
++ "sect233r1", ECCurve_Code.sect233r1);
++ ECCurve_NameToCode.put(
++ "nistb233", ECCurve_Code.nistb233);
++ ECCurve_NameToCode.put(
++ "sect233k1", ECCurve_Code.sect233k1);
++ ECCurve_NameToCode.put(
++ "nistk233", ECCurve_Code.nistk233);
++ ECCurve_NameToCode.put(
++ "sect193r2", ECCurve_Code.sect193r2);
++ ECCurve_NameToCode.put(
++ "sect193r1", ECCurve_Code.sect193r1);
++ ECCurve_NameToCode.put(
++ "nistb163", ECCurve_Code.nistb163);
++ ECCurve_NameToCode.put(
++ "sect163r2", ECCurve_Code.sect163r2);
++ ECCurve_NameToCode.put(
++ "sect163r1", ECCurve_Code.sect163r1);
++ ECCurve_NameToCode.put(
++ "sect163k1", ECCurve_Code.sect163k1);
++ ECCurve_NameToCode.put(
++ "nistk163", ECCurve_Code.nistk163);
++ ECCurve_NameToCode.put(
++ "sect131r2", ECCurve_Code.sect131r2);
++ ECCurve_NameToCode.put(
++ "sect131r1", ECCurve_Code.sect131r1);
++ ECCurve_NameToCode.put(
++ "sect113r2", ECCurve_Code.sect113r2);
++ ECCurve_NameToCode.put(
++ "sect113r1", ECCurve_Code.sect113r1);
++ // ANSI Prime curves
++ ECCurve_NameToCode.put(
++ "prime239v3", ECCurve_Code.prime239v3);
++ ECCurve_NameToCode.put(
++ "prime239v2", ECCurve_Code.prime239v2);
++ ECCurve_NameToCode.put(
++ "prime239v1", ECCurve_Code.prime239v1);
++ ECCurve_NameToCode.put(
++ "prime192v3", ECCurve_Code.prime192v3);
++ ECCurve_NameToCode.put(
++ "prime192v2", ECCurve_Code.prime192v2);
++ ECCurve_NameToCode.put(
++ "prime192v1", ECCurve_Code.prime192v1);
++ // ANSI Binary curves
++ ECCurve_NameToCode.put(
++ "c2pnb163v1", ECCurve_Code.c2pnb163v1);
++ ECCurve_NameToCode.put(
++ "c2pnb163v2", ECCurve_Code.c2pnb163v2);
++ ECCurve_NameToCode.put(
++ "c2pnb163v3", ECCurve_Code.c2pnb163v3);
++ ECCurve_NameToCode.put(
++ "c2pnb176v1", ECCurve_Code.c2pnb176v1);
++ ECCurve_NameToCode.put(
++ "c2tnb191v1", ECCurve_Code.c2tnb191v1);
++ ECCurve_NameToCode.put(
++ "c2tnb191v2", ECCurve_Code.c2tnb191v2);
++ ECCurve_NameToCode.put(
++ "c2tnb191v3", ECCurve_Code.c2tnb191v3);
++ //ECCurve_NameToCode.put(
++ // "c2onb191v4", ECCurve_Code.c2onb191v4);
++ //ECCurve_NameToCode.put(
++ // "c2onb191v5", ECCurve_Code.c2onb191v5);
++ ECCurve_NameToCode.put(
++ "c2pnb208w1", ECCurve_Code.c2pnb208w1);
++ ECCurve_NameToCode.put(
++ "c2tnb239v1", ECCurve_Code.c2tnb239v1);
++ ECCurve_NameToCode.put(
++ "c2tnb239v2", ECCurve_Code.c2tnb239v2);
++ ECCurve_NameToCode.put(
++ "c2tnb239v3", ECCurve_Code.c2tnb239v3);
++ //ECCurve_NameToCode.put(
++ // "c2onb239v4", ECCurve_Code.c2onb239v4);
++ //ECCurve_NameToCode.put(
++ // "c2onb239v5", ECCurve_Code.c2onb239v5);
++ ECCurve_NameToCode.put(
++ "c2pnb272w1", ECCurve_Code.c2pnb272w1);
++ ECCurve_NameToCode.put(
++ "c2pnb304w1", ECCurve_Code.c2pnb304w1);
++ ECCurve_NameToCode.put(
++ "c2tnb359v1", ECCurve_Code.c2tnb359v1);
++ ECCurve_NameToCode.put(
++ "c2pnb368w1", ECCurve_Code.c2pnb368w1);
++ ECCurve_NameToCode.put(
++ "c2tnb431r1", ECCurve_Code.c2tnb431r1);
++ }
++
+ // opFlag constants: each of these flags specifies a crypto operation
+ // the key will support. Their values must match the same-named C
+ // preprocessor macros defined in the PKCS #11 header pkcs11t.h.
+@@ -165,7 +406,15 @@ public final class PK11KeyPairGenerator
+ }
+ } else {
+ Assert._assert( algorithm == KeyPairAlgorithm.EC );
+- params = getCurve(strength);
++ if (strength < 112) {
++ // for EC, "strength" is actually a code for curves defined
in
++ // ECCurve_Code
++ params = getECCurve(strength);
++ } else {
++ // this is the old method of strength to curve mapping,
++ // which is somewhat defective
++ params = getCurve(strength);
++ }
+ }
+ }
+
+@@ -642,6 +891,189 @@ public final class PK11KeyPairGenerator
+ static final OBJECT_IDENTIFIER CURVE_SECG_T571R1
+ = SECG_EC_CURVE.subBranch(39);
+
++ // the EC curvecode to oid hash table
++ private static Hashtable mECCurve_CodeToCurve = new Hashtable();
++ static {
++ // SEG Prime curves
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp521r1.ordinal(), (Object) CURVE_SECG_P521R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistp521.ordinal(), (Object) CURVE_SECG_P521R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp384r1.ordinal(), (Object) CURVE_SECG_P384R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistp384.ordinal(), (Object) CURVE_SECG_P384R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp256r1.ordinal(), (Object) CURVE_ANSI_P256V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistp256.ordinal(), (Object) CURVE_ANSI_P256V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp256k1.ordinal(), (Object) CURVE_SECG_P256K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp224r1.ordinal(), (Object) CURVE_SECG_P224R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistp224.ordinal(), (Object) CURVE_SECG_P224R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp224k1.ordinal(), (Object) CURVE_SECG_P224K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp192r1.ordinal(), (Object) CURVE_ANSI_P192V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistp192.ordinal(), (Object) CURVE_ANSI_P192V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp192k1.ordinal(), (Object) CURVE_SECG_P192K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp160r2.ordinal(), (Object) CURVE_SECG_P160R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp160r1.ordinal(), (Object) CURVE_SECG_P160R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp160k1.ordinal(), (Object) CURVE_SECG_P160K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp128r2.ordinal(), (Object) CURVE_SECG_P128R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp128r1.ordinal(), (Object) CURVE_SECG_P128R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp112r2.ordinal(), (Object) CURVE_SECG_P112R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp112r1.ordinal(), (Object) CURVE_SECG_P112R1);
++ // SEG Binary curves
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect571r1.ordinal(), (Object) CURVE_SECG_T571R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistb571.ordinal(), (Object) CURVE_SECG_T571R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect571k1.ordinal(), (Object) CURVE_SECG_T571K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistk571.ordinal(), (Object) CURVE_SECG_T571K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect409r1.ordinal(), (Object) CURVE_SECG_T409R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistb409.ordinal(), (Object) CURVE_SECG_T409R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect409k1.ordinal(), (Object) CURVE_SECG_T409K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistk409.ordinal(), (Object) CURVE_SECG_T409K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect283r1.ordinal(), (Object) CURVE_SECG_T283R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistb283.ordinal(), (Object) CURVE_SECG_T283R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect283k1.ordinal(), (Object) CURVE_SECG_T283K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistk283.ordinal(), (Object) CURVE_SECG_T283K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect239k1.ordinal(), (Object) CURVE_SECG_T239K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect233r1.ordinal(), (Object) CURVE_SECG_T233R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistb233.ordinal(), (Object) CURVE_SECG_T233R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect233k1.ordinal(), (Object) CURVE_SECG_T233K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistk233.ordinal(), (Object) CURVE_SECG_T233K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect193r2.ordinal(), (Object) CURVE_SECG_T193R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect193r1.ordinal(), (Object) CURVE_SECG_T193R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistb163.ordinal(), (Object) CURVE_SECG_T163K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect163r2.ordinal(), (Object) CURVE_SECG_T163R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect163r1.ordinal(), (Object) CURVE_SECG_T163R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect163k1.ordinal(), (Object) CURVE_SECG_T163K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistk163.ordinal(), (Object) CURVE_SECG_T163K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect131r2.ordinal(), (Object) CURVE_SECG_T131R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect131r1.ordinal(), (Object) CURVE_SECG_T131R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect113r2.ordinal(), (Object) CURVE_SECG_T113R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect113r1.ordinal(), (Object) CURVE_SECG_T113R1);
++ // ANSI Prime curves
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime239v3.ordinal(), (Object) CURVE_ANSI_P239V3);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime239v2.ordinal(), (Object) CURVE_ANSI_P239V2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime239v1.ordinal(), (Object) CURVE_ANSI_P239V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime192v3.ordinal(), (Object) CURVE_ANSI_P192V3);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime192v2.ordinal(), (Object) CURVE_ANSI_P192V2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime192v1.ordinal(), (Object) CURVE_ANSI_P192V1);
++ // ANSI Binary curves
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb163v1.ordinal(), (Object) CURVE_ANSI_PNB163V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb163v2.ordinal(), (Object) CURVE_ANSI_PNB163V2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb163v3.ordinal(), (Object) CURVE_ANSI_PNB163V3);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb176v1.ordinal(), (Object) CURVE_ANSI_PNB176V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb191v1.ordinal(), (Object) CURVE_ANSI_TNB191V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb191v2.ordinal(), (Object) CURVE_ANSI_TNB191V2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb191v3.ordinal(), (Object) CURVE_ANSI_TNB191V3);
++ //mECCurve_CodeToCurve.put(
++ // ECCurve_Code.c2onb191v4.ordinal(), (Object)
CURVE_ANSI_ONB191V4);
++ //mECCurve_CodeToCurve.put(
++ // ECCurve_Code.c2onb191v5.ordinal(), (Object)
CURVE_ANSI_ONB191V5);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb208w1.ordinal(), (Object) CURVE_ANSI_PNB208W1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb239v1.ordinal(), (Object) CURVE_ANSI_TNB239V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb239v2.ordinal(), (Object) CURVE_ANSI_TNB239V2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb239v3.ordinal(), (Object) CURVE_ANSI_TNB239V3);
++ //mECCurve_CodeToCurve.put(
++ // ECCurve_Code.c2onb239v4.ordinal(), (Object)
CURVE_ANSI_ONB239V4);
++ //mECCurve_CodeToCurve.put(
++ // ECCurve_Code.c2onb239v5.ordinal(), (Object)
CURVE_ANSI_ONB239V5);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb272w1.ordinal(), (Object) CURVE_ANSI_PNB272W1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb304w1.ordinal(), (Object) CURVE_ANSI_PNB304W1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb359v1.ordinal(), (Object) CURVE_ANSI_TNB359V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb368w1.ordinal(), (Object) CURVE_ANSI_PNB368W1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb431r1.ordinal(), (Object) CURVE_ANSI_TNB431R1);
++ }
++
++ public int getCurveCodeByName(String curveName)
++ throws InvalidParameterException {
++ if (curveName == null)
++ throw new InvalidParameterException();
++ ECCurve_Code c = (ECCurve_Code) ECCurve_NameToCode.get(curveName);
++ if (c == null)
++ throw new InvalidParameterException(curveName);
++ return c.ordinal();
++ }
++
++ /*
++ * getECCurve
++ * maps curvecode to the actual oid of the curve and
++ * returns the PK11ParameterSpec
++ */
++ private AlgorithmParameterSpec getECCurve(int curvecode)
++ throws InvalidParameterException
++ {
++ OBJECT_IDENTIFIER oid;
++
++ oid = (OBJECT_IDENTIFIER) mECCurve_CodeToCurve.get(curvecode);
++ if (oid == null)
++ throw new IllegalArgumentException("curvecode ="+curvecode);
++ return new PK11ParameterSpec(ASN1Util.encode(oid));
++ }
++
+ private AlgorithmParameterSpec getCurve(int strength)
+ throws InvalidParameterException
+ {
Added:
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0011-jss-VerifyCertificate.patch
===================================================================
---
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0011-jss-VerifyCertificate.patch
(rev 0)
+++
csw/mgar/pkg/lang-java/jss/branches/fromfedora/files/0011-jss-VerifyCertificate.patch
2015-05-05 09:47:33 UTC (rev 24931)
@@ -0,0 +1,220 @@
+diff -up jss-4.2.6/mozilla/security/jss/lib/jss.def.fix
jss-4.2.6/mozilla/security/jss/lib/jss.def
+--- jss-4.2.6/mozilla/security/jss/lib/jss.def.fix 2010-10-20
09:53:10.288935000 -0700
++++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2010-10-29 10:29:48.664212000
-0700
+@@ -331,6 +331,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairG
+
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags;
+ Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative;
+ Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative;
++Java_org_mozilla_jss_CryptoManager_verifyCertificateNowNative;
+ ;+ local:
+ ;+ *;
+ ;+};
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.fix
jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.fix
2010-10-28 16:44:46.366082000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
2010-10-31 17:30:25.502670000 -0700
+@@ -61,6 +61,7 @@ import org.mozilla.jss.provider.java.sec
+ public final class CryptoManager implements TokenSupplier
+ {
+ /**
++ * note: this is obsolete in NSS
+ * CertUsage options for validation
+ */
+ public final static class CertUsage {
+@@ -86,8 +87,6 @@ public final class CryptoManager impleme
+ return name;
+ }
+
+-
+-
+ // certUsage, these must be kept in sync with nss/lib/certdb/certt.h
+ public static final CertUsage SSLClient = new CertUsage(0,
"SSLClient");
+ public static final CertUsage SSLServer = new CertUsage(1,
"SSLServer");
+@@ -103,6 +102,63 @@ public final class CryptoManager impleme
+ public static final CertUsage AnyCA = new CertUsage(11, "AnyCA");
+ }
+
++ /**
++ * CertificateUsage options for validation
++ */
++ public final static class CertificateUsage {
++ private int usage;
++ private String name;
++
++ // certificateUsage, these must be kept in sync with
nss/lib/certdb/certt.h
++ private static final int certificateUsageCheckAllUsages = 0x0000;
++ private static final int certificateUsageSSLClient = 0x0001;
++ private static final int certificateUsageSSLServer = 0x0002;
++ private static final int certificateUsageSSLServerWithStepUp = 0x0004;
++ private static final int certificateUsageSSLCA = 0x0008;
++ private static final int certificateUsageEmailSigner = 0x0010;
++ private static final int certificateUsageEmailRecipient = 0x0020;
++ private static final int certificateUsageObjectSigner = 0x0040;
++ private static final int certificateUsageUserCertImport = 0x0080;
++ private static final int certificateUsageVerifyCA = 0x0100;
++ private static final int certificateUsageProtectedObjectSigner =
0x0200;
++ private static final int certificateUsageStatusResponder = 0x0400;
++ private static final int certificateUsageAnyCA = 0x0800;
++
++ static private ArrayList list = new ArrayList();
++ private CertificateUsage() {};
++ private CertificateUsage(int usage, String name) {
++ this.usage = usage;
++ this.name = name;
++ this.list.add(this);
++
++ }
++ public int getUsage() {
++ return usage;
++ }
++
++ static public Iterator getCertificateUsages() {
++ return list.iterator();
++
++ }
++ public String toString() {
++ return name;
++ }
++
++ public static final CertificateUsage CheckAllUsages = new
CertificateUsage(certificateUsageCheckAllUsages, "CheckAllUsages");
++ public static final CertificateUsage SSLClient = new
CertificateUsage(certificateUsageSSLClient, "SSLClient");
++ public static final CertificateUsage SSLServer = new
CertificateUsage(certificateUsageSSLServer, "SSLServer");
++ public static final CertificateUsage SSLServerWithStepUp = new
CertificateUsage(certificateUsageSSLServerWithStepUp, "SSLServerWithStepUp");
++ public static final CertificateUsage SSLCA = new
CertificateUsage(certificateUsageSSLCA, "SSLCA");
++ public static final CertificateUsage EmailSigner = new
CertificateUsage(certificateUsageEmailSigner, "EmailSigner");
++ public static final CertificateUsage EmailRecipient = new
CertificateUsage(certificateUsageEmailRecipient, "EmailRecipient");
++ public static final CertificateUsage ObjectSigner = new
CertificateUsage(certificateUsageObjectSigner, "ObjectSigner");
++ public static final CertificateUsage UserCertImport = new
CertificateUsage(certificateUsageUserCertImport, "UserCertImport");
++ public static final CertificateUsage VerifyCA = new
CertificateUsage(certificateUsageVerifyCA, "VerifyCA");
++ public static final CertificateUsage ProtectedObjectSigner = new
CertificateUsage(certificateUsageProtectedObjectSigner,
"ProtectedObjectSigner");
@@ Diff output truncated at 100000 characters. @@
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
