Previous maintainers of JSS made an effort to replace JSS calls to specific NSS functions with calls to the JCA interface. As a part of this effort, they deprecated a number of JSS calls that have always been used by Dogtag Certificate System (one of the main consumers of JSS). These deprecated calls have shown up as warnings in Eclipse during the re-factoring effort taking place for the Dogtag project. Since the previous maintainers of JSS are no longer involved, this JCA effort has been abandoned, and on the advice of the NSS maintainers, we will work with the new maintainers to un-deprecate the previously deprecated NSS calls on the TIP. In the meantime, however, as it may be a while before Dogtag (as well as other Fedora products) move from JSS 4.2.6 --> JSS 4.3.3, this bug serves as a reminder that we need to un-deprecate these methods as a part of the next patch made to JSS 4.2.6.
Un-deprecate NSS classes that were originally deprecated in favor of JCA: ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/tests/SigTest.java ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/tests/all.pl (Add back the following test:) $testname = "Mozilla-JSS NSS Signature "; $command = "$java -cp $jss_classpath org.mozilla.jss.tests.SigTest $testdir $pwfile"; run_test($testname, $command); ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/JSSMessageDigest.java (CURRENTLY UNUSED?) ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Signature.java ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/JSSSecureRandom.java (CURRENTLY UNUSED?) ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyGenerator.java ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyWrapper.java ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Cipher.java Un-deprecate NSS methods that were originally deprecated in favor of JCA: ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/CryptoToken.java public abstract org.mozilla.jss.crypto.Signature getSignatureContext(SignatureAlgorithm algorithm) throws java.security.NoSuchAlgorithmException, TokenException; public abstract JSSMessageDigest getDigestContext(DigestAlgorithm algorithm) throws java.security.NoSuchAlgorithmException, DigestException; public abstract Cipher getCipherContext(EncryptionAlgorithm algorithm) throws java.security.NoSuchAlgorithmException, TokenException; public abstract KeyWrapper getKeyWrapper(KeyWrapAlgorithm algorithm) throws java.security.NoSuchAlgorithmException, TokenException; public abstract KeyGenerator getKeyGenerator(KeyGenAlgorithm algorithm) throws java.security.NoSuchAlgorithmException, TokenException; public SymmetricKey cloneKey(SymmetricKey key) throws SymmetricKey.NotExtractableException, InvalidKeyException, TokenException; public abstract KeyPairGenerator getKeyPairGenerator(KeyPairAlgorithm algorithm) throws java.security.NoSuchAlgorithmException, TokenException;
This patch will include changes agreed to in Dogtag TRAC Ticket #109 (https://fedorahosted.org/pki/ticket/109).
Created attachment 571869 [details] Removal of JCA Deprecations from JSS
Previously, in 'Bugzilla Bug #804257 - Replace deprecated JSS method/class calls in PKI 'master' GIT repo . . .', it had been suggested to replace calls to 'BadPaddingException' with 'javax.crypto.BadPaddingException'. After further investigation, it appears that 'javax.crypto.BadPaddingException' is related to JCA, and subsequently, we have determined that this JSS class should be un-deprecated as well.
Created attachment 574107 [details] Removal of BadPaddingException Class Deprecation from JSS
jss-4.2.6-24.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/jss-4.2.6-24.fc15
jss-4.2.6-24.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/jss-4.2.6-24.fc16
jss-4.2.6-24.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/jss-4.2.6-24.fc17
Package jss-4.2.6-24.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing jss-4.2.6-24.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-5114/jss-4.2.6-24.fc17 then log in and leave karma (feedback).
jss-4.2.6-24.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
jss-4.2.6-24.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
jss-4.2.6-24.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.