==707323== 24 bytes in 1 blocks are definitely lost in loss record 181 of 1,083
==707323==    at 0x483A809: malloc (vg_replace_malloc.c:307)
==707323==    by 0x3923F496: PR_Malloc (prmem.c:448)
==707323==    by 0x391F9376: PORT_Alloc_Util (secport.c:87)
==707323==    by 0x390B131F: pk11_ParamFromIVWithLen (pk11mech.c:874)
==707323==    by 0x390B18C6: PK11_ParamFromIV (pk11mech.c:1019)
==707323==    by 0x390BA1F3: PK11_UnwrapPrivKey (pk11obj.c:1257)
==707323==    by 0x38F6CB0C: Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapPrivWithSym (PK11KeyWrapper.c:473)
==707323==    by 0x621B426: ???
==707323==    by 0x620AD7F: ???
==707323==    by 0x620AD7F: ???
==707323==    by 0x620AE53: ???
==707323==    by 0x62034E6: ???

35/77 Test #35: SSLClientAuth .....................................***Failed    6.81 sec
Jul 25, 2022 6:27:06 PM org.mozilla.jss.CryptoManager initialize
INFO: JSS CryptoManager: successfully initialized from NSS database at /github/home/build/jss/results/nssdb
***FilePasswordCallback returns m1oZilla
using port:2876
Server about to create socket
Server created socket
Server specified cert directly
Server about to accept
client about to connect
Client specified cert directly
client connected
Server accepted
Server about to read
Error: Exception in thread "main" org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8010) Unknown error
	at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
	at org.mozilla.jss.tests.SSLClientAuth.testConnection(SSLClientAuth.java:372)
	at org.mozilla.jss.tests.SSLClientAuth.doIt(SSLClientAuth.java:183)
	at org.mozilla.jss.tests.SSLClientAuth.main(SSLClientAuth.java:117)
java.io.IOException: SocketException cannot read on socket: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
	at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1511)
	at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:43)
	at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:28)
	at org.mozilla.jss.tests.SSLClientAuth.run(SSLClientAuth.java:464)
	at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: org.mozilla.jss.ssl.SSLSocketException: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
	at org.mozilla.jss.ssl.SSLSocket.socketRead(Native Method)
	at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1505)
	... 4 more
Server exiting

53/77 Test #53: SSLEngine_RSA .....................................***Failed    7.18 sec
Initializing CryptoManager...
Jul 25, 2022 6:27:34 PM org.mozilla.jss.CryptoManager initialize
INFO: JSS CryptoManager: successfully initialized from NSS database at /github/home/build/jss/results/nssdb
Jul 25, 2022 6:27:35 PM org.mozilla.jss.util.Password finalize
WARNING: Uncleared Password object created at org.mozilla.jss.JSSLoader.parsePasswords(JSSLoader.java:327)
        called by org.mozilla.jss.JSSLoader.init(JSSLoader.java:125)
        called by org.mozilla.jss.JSSLoader.init(JSSLoader.java:89)
        called by org.mozilla.jss.JSSProvider.configure(JSSProvider.java:77)
        called by java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:257)
        called by java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:248)
        called by java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
        called by java.base/sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:248)
        called by java.base/sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:226)
        called by java.base/sun.security.jca.ProviderList.getProvider(ProviderList.java:268)
        called by java.base/sun.security.jca.ProviderList.getIndex(ProviderList.java:298)
        called by java.base/sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:282)
        called by java.base/sun.security.jca.ProviderList.getProvider(ProviderList.java:288)
        called by java.base/java.security.Security.getProvider(Security.java:474)
        called by org.mozilla.jss.CryptoManager.getInstance(CryptoManager.java:395)
        called by org.mozilla.jss.tests.TestSSLEngine.initialize(TestSSLEngine.java:45)
        called by org.mozilla.jss.tests.TestSSLEngine.main(TestSSLEngine.java:1014)
Please report the above trace to your software vendors.
...
Jul 25, 2022 6:27:41 PM org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl info
INFO: [JSS Client TLSv1.2/TLS_DHE_RSA_WITH_AES_128_CBC_SHA256] JSSEngine.unwrap() - Got SSLException: javax.net.ssl.SSLException: Unexpected return from PR.Read(): SSL_ERROR_HANDSHAKE_FAILED (-12116)
Error: Exception in thread "main" javax.net.ssl.SSLException: Unexpected return from PR.Read(): SSL_ERROR_HANDSHAKE_FAILED (-12116)
	at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.unwrap(JSSEngineReferenceImpl.java:1259)
	at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)
	at org.mozilla.jss.tests.TestSSLEngine.testHandshake(TestSSLEngine.java:337)
	at org.mozilla.jss.tests.TestSSLEngine.testBasicHandshake(TestSSLEngine.java:779)
	at org.mozilla.jss.tests.TestSSLEngine.testAllHandshakes(TestSSLEngine.java:853)
	at org.mozilla.jss.tests.TestSSLEngine.testNativeClientServer(TestSSLEngine.java:1000)
	at org.mozilla.jss.tests.TestSSLEngine.main(TestSSLEngine.java:1029)

60/77 Test #60: TestBufferPRFDSSL_RSA .............................***Failed    0.30 sec
error: SSL_ForceHandshake error -8010: SEC_ERROR_ALGORITHM_MISMATCH
Found cert with nickname: Server_RSA
Trying handshake...
Client Handshake:


Server Handshake:


Client Handshake:

      Start 61: TestBufferPRFDSSL_ECDSA

62/77 Test #62: JSS_Test_BufferPRFD ...............................***Failed    0.68 sec
Calling TestCreateClose()...
Initializing CryptoManager...
Jul 25, 2022 6:27:45 PM org.mozilla.jss.CryptoManager initialize
INFO: JSS CryptoManager: successfully initialized from NSS database at /github/home/build/jss/results/nssdb
Calling TestSSLHandshake(Server_RSA, null)...
Initial: (TLS_1_2:32, TLS_1_3:35)
Actual: (TLS_1_2:32, TLS_1_3:35)
Initial: (TLS_1_2:32, TLS_1_3:35)
Actual: (TLS_1_2:32, TLS_1_3:35)
Unexpected error: SEC_ERROR_ALGORITHM_MISMATCH (-8010)

67/77 Test #67: SSLClientAuth_FIPSMODE ............................***Failed    6.96 sec
Jul 25, 2022 6:27:53 PM org.mozilla.jss.CryptoManager initialize
INFO: JSS CryptoManager: successfully initialized from NSS database at /github/home/build/jss/results/fips
***FilePasswordCallback returns m1oZilla
using port:2877
The NSS database is configured in FIPSmode.
Enable ony FIPS ciphersuites.
Server about to create socket
Server created socket
Server specified cert directly
Server about to accept
client about to connect
Client specified cert directly
client connected
Server accepted
Server about to read
Error: Exception in thread "main" org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8010) Unknown error
	at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
	at org.mozilla.jss.tests.SSLClientAuth.testConnection(SSLClientAuth.java:372)
	at org.mozilla.jss.tests.SSLClientAuth.doIt(SSLClientAuth.java:183)
	at org.mozilla.jss.tests.SSLClientAuth.main(SSLClientAuth.java:117)
java.io.IOException: SocketException cannot read on socket: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
	at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1511)
	at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:43)
	at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:28)
	at org.mozilla.jss.tests.SSLClientAuth.run(SSLClientAuth.java:464)
	at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: org.mozilla.jss.ssl.SSLSocketException: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
	at org.mozilla.jss.ssl.SSLSocket.socketRead(Native Method)
	at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1505)
	... 4 more
Server exiting

72/77 Test #72: SSLEngine_RSA_FIPSMODE ............................***Failed    7.07 sec
Initializing CryptoManager...
Jul 25, 2022 6:28:08 PM org.mozilla.jss.CryptoManager initialize
INFO: JSS CryptoManager: successfully initialized from NSS database at /github/home/build/jss/results/fips
Jul 25, 2022 6:28:08 PM org.mozilla.jss.util.Password finalize
WARNING: Uncleared Password object created at org.mozilla.jss.JSSLoader.parsePasswords(JSSLoader.java:327)
        called by org.mozilla.jss.JSSLoader.init(JSSLoader.java:125)
        called by org.mozilla.jss.JSSLoader.init(JSSLoader.java:89)
        called by org.mozilla.jss.JSSProvider.configure(JSSProvider.java:77)
        called by java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:257)
        called by java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:248)
        called by java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
        called by java.base/sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:248)
        called by java.base/sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:226)
        called by java.base/sun.security.jca.ProviderList.getProvider(ProviderList.java:268)
        called by java.base/sun.security.jca.ProviderList.getIndex(ProviderList.java:298)
        called by java.base/sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:282)
        called by java.base/sun.security.jca.ProviderList.getProvider(ProviderList.java:288)
        called by java.base/java.security.Security.getProvider(Security.java:474)
        called by org.mozilla.jss.CryptoManager.getInstance(CryptoManager.java:395)
        called by org.mozilla.jss.tests.TestSSLEngine.initialize(TestSSLEngine.java:45)
        called by org.mozilla.jss.tests.TestSSLEngine.main(TestSSLEngine.java:1014)
Please report the above trace to your software vendors.
...
INFO: [JSS Client TLSv1.2/TLS_DHE_RSA_WITH_AES_128_CBC_SHA256] JSSEngine.unwrap() - Got SSLException: javax.net.ssl.SSLException: Unexpected return from PR.Read(): SSL_ERROR_HANDSHAKE_FAILED (-12116)
Error: Exception in thread "main" javax.net.ssl.SSLException: Unexpected return from PR.Read(): SSL_ERROR_HANDSHAKE_FAILED (-12116)
	at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.unwrap(JSSEngineReferenceImpl.java:1259)
	at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)
	at org.mozilla.jss.tests.TestSSLEngine.testHandshake(TestSSLEngine.java:337)
	at org.mozilla.jss.tests.TestSSLEngine.testBasicHandshake(TestSSLEngine.java:779)
	at org.mozilla.jss.tests.TestSSLEngine.testAllHandshakes(TestSSLEngine.java:853)
	at org.mozilla.jss.tests.TestSSLEngine.testNativeClientServer(TestSSLEngine.java:1000)
	at org.mozilla.jss.tests.TestSSLEngine.main(TestSSLEngine.java:1029)
```

/home/ascheel/GitHub/cipherboy/jss/src/main/java/org/mozilla/jss/ssl/SSLClient.java:375: warning: [deprecation] SSL3_RSA_WITH_RC4_128_MD5 in SSLSocket has been deprecated
    SSLSocket.SSL3_RSA_WITH_RC4_128_MD5,
             ^
/home/ascheel/GitHub/cipherboy/jss/src/main/java/org/mozilla/jss/ssl/SSLClient.java:376: warning: [deprecation] SSL3_RSA_WITH_3DES_EDE_CBC_SHA in SSLSocket has been deprecated
    SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA,
             ^
/home/ascheel/GitHub/cipherboy/jss/src/main/java/org/mozilla/jss/ssl/SSLClient.java:377: warning: [deprecation] SSL3_RSA_WITH_DES_CBC_SHA in SSLSocket has been deprecated
    SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA,
             ^
/home/ascheel/GitHub/cipherboy/jss/src/main/java/org/mozilla/jss/ssl/SSLClient.java:380: warning: [deprecation] SSL3_RSA_WITH_NULL_MD5 in SSLSocket has been deprecated
    SSLSocket.SSL3_RSA_WITH_NULL_MD5,
             ^
/home/ascheel/GitHub/cipherboy/jss/src/main/java/org/mozilla/jss/ssl/SSLServer.java:255: warning: [deprecation] SSL3_RSA_WITH_RC4_128_MD5 in SSLSocket has been deprecated
    	SSLSocket.SSL3_RSA_WITH_RC4_128_MD5,
    	         ^
/home/ascheel/GitHub/cipherboy/jss/src/main/java/org/mozilla/jss/ssl/SSLServer.java:256: warning: [deprecation] SSL3_RSA_WITH_3DES_EDE_CBC_SHA in SSLSocket has been deprecated
	SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA,
	         ^
/home/ascheel/GitHub/cipherboy/jss/src/main/java/org/mozilla/jss/ssl/SSLServer.java:257: warning: [deprecation] SSL3_RSA_WITH_DES_CBC_SHA in SSLSocket has been deprecated
	SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA,
	         ^
/home/ascheel/GitHub/cipherboy/jss/src/main/java/org/mozilla/jss/ssl/SSLServer.java:260: warning: [deprecation] SSL3_RSA_WITH_NULL_MD5 in SSLSocket has been deprecated
	SSLSocket.SSL3_RSA_WITH_NULL_MD5,
	         ^

$ usermod pkiuser -a -G ods
$ runuser -u pkiuser -- softhsm2-util --init-token --label HSM --so-pin Secret.123 --pin Secret.123 --free

$ pkispawn -f /usr/share/pki/server/examples/installation/ca-hsm.cfg -s CA -v

$ pki info

SEVERE: Error running socket processor
java.lang.RuntimeException: Unable to configure certificate and key on model SSL PRFileDesc proxy: SEC_ERROR_NO_MEMORY (-8173)
        at org.mozilla.jss.ssl.javax.JSSEngine.getServerTemplate(JSSEngine.java:993)
        at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.createBufferFD(JSSEngineReferenceImpl.java:322)
        at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.init(JSSEngineReferenceImpl.java:252)
        at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.beginHandshake(JSSEngineReferenceImpl.java:634)
        at org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:348)
        at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1568)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

$ runuser -u pkiuser -- softhsm2-util --delete-token --token HSM

sudo apt-get install build-essential libcommons-lang-java libnss3-dev \
                     libslf4j-java default-jdk pkg-config zlib1g-dev \
                     libjaxb-api-java libnss3-tools cmake zip unzip \
                     junit4

me@debian:~$ git clone https://github.com/dogtagpki/jss.git
Cloning into 'jss'...
remote: Enumerating objects: 13, done.
remote: Counting objects: 100% (13/13), done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 27007 (delta 0), reused 5 (delta 0), pack-reused 26994
Receiving objects: 100% (27007/27007), 8.32 MiB | 9.08 MiB/s, done.
Resolving deltas: 100% (17917/17917), done.
me@debian:~$ cd jss/build && cmake ..
-- The C compiler identification is GNU 8.3.0
-- The CXX compiler identification is GNU 8.3.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29") 
-- Checking for module 'nspr'
--   Found nspr, version 4.20.0
-- Found NSPR: /usr/lib/x86_64-linux-gnu  
-- Checking for module 'nss'
--   Found nss, version 3.42.1
-- Found NSS: /usr/lib/x86_64-linux-gnu  
-- Found Java: /usr/bin/java (found version "11.0.8") 
-- Found JNI: /usr/lib/jvm/default-java/lib/libjawt.so  
-- Performing Test HAVE_C_FLAG
-- Performing Test HAVE_C_FLAG - Success
-- JSS C FLAGS: -O2;-Wall;-std=gnu99;-Wno-cast-function-type;-Wno-unused-parameter;-Wno-unknown-warning-option;-Werror-implicit-function-declaration;-Wno-switch;-I/home/coneix/jss/build/include/jss;-I/usr/lib/jvm/default-java/include;-I/usr/lib/jvm/default-java/include/linux;-I/usr/lib/jvm/default-java/include;-I/usr/include/nspr;-I/usr/include/nss;-L/usr/lib/x86_64-linux-gnu;-L/usr/lib/x86_64-linux-gnu
-- JSS LD FLAGS: -lsmime3;-lssl3;-lnss3;-lnssutil3;-lplc4;-lplds4;-lnspr4;-lpthread;-ldl
-- JSS LIBRARY FLAGS: -shared;-Wl,-z,defs;-Wl,-soname;-Wl,libjss4.so
-- javac classpath: /usr/share/java/slf4j-api.jar:/usr/share/java/commons-lang3.jar:/usr/share/java/jaxb-api.jar
-- tests classpath: /home/coneix/jss/build/jss4.jar:/home/coneix/jss/build/tests-jss4.jar:/usr/share/java/slf4j-api.jar:/usr/share/java/commons-lang3.jar:/usr/share/java/jaxb-api.jar:/usr/share/java/slf4j-jdk14.jar:/usr/share/java/junit4.jar:/usr/share/java/hamcrest-core.jar
-- JSS JAVAC FLAGS: -classpath;/usr/share/java/slf4j-api.jar:/usr/share/java/commons-lang3.jar:/usr/share/java/jaxb-api.jar;-sourcepath;/home/coneix/jss;-target;1.8;-source;1.8;-O
-- JSS TEST JAVAC FLAGS: -classpath;/usr/share/java/slf4j-api.jar:/usr/share/java/commons-lang3.jar:/usr/share/java/jaxb-api.jar:/usr/share/java/junit4.jar;-sourcepath;/home/coneix/jss;-target;1.8;-source;1.8;-O
-- Looking for CKM_AES_CMAC
-- Looking for CKM_AES_CMAC - not found
CMake Warning at cmake/JSSConfig.cmake:394 (message):
  Your NSS version doesn't support CMAC; some features of JSS won't work.
Call Stack (most recent call first):
  cmake/JSSConfig.cmake:21 (jss_config_symbols)
  CMakeLists.txt:78 (jss_config)


-- Looking for CKM_SP800_108_COUNTER_KDF
-- Looking for CKM_SP800_108_COUNTER_KDF - not found
CMake Warning at cmake/JSSConfig.cmake:399 (message):
  Your NSS version doesn't support NIST SP800-108 KBKDF; some features of JSS
  won't work.
Call Stack (most recent call first):
  cmake/JSSConfig.cmake:21 (jss_config_symbols)
  CMakeLists.txt:78 (jss_config)


-- Performing Test HAVE_NSS_CIPHER_SUITE_INFO_KDFHASH
-- Performing Test HAVE_NSS_CIPHER_SUITE_INFO_KDFHASH - Failed
-- Performing Test HAVE_NSS_CHANNEL_INFO_ORIGINAL_KEA_GROUP
-- Performing Test HAVE_NSS_CHANNEL_INFO_ORIGINAL_KEA_GROUP - Success
-- Performing Test HAVE_NSS_CHANNEL_INFO_PEER_DELEG_CRED
-- Performing Test HAVE_NSS_CHANNEL_INFO_PEER_DELEG_CRED - Failed
-- Performing Test HAVE_NSS_PRELIMINARY_CHANNEL_INFO_ZERO_RTT_CIPHER_SUITE
-- Performing Test HAVE_NSS_PRELIMINARY_CHANNEL_INFO_ZERO_RTT_CIPHER_SUITE - Failed
-- Performing Test HAVE_NSS_PRELIMINARY_CHANNEL_INFO_PEER_DELEG_CRED
-- Performing Test HAVE_NSS_PRELIMINARY_CHANNEL_INFO_PEER_DELEG_CRED - Failed
-- Configuring done
-- Generating done
-- Build files have been written to: /home/coneix/jss/build
me@debian:~/jss/build$ make all
Scanning dependencies of target generate_java
[  1%] Generating .targets/finished_generate_java
warning: [options] bootstrap class path not set in conjunction with -source 8
/home/coneix/jss/org/mozilla/jss/netscape/security/x509/X509Cert.java:25: warning: [removal] Certificate in java.security has been deprecated and marked for removal
import java.security.Certificate;
                    ^
/home/coneix/jss/org/mozilla/jss/netscape/security/x509/X509Cert.java:50: warning: [removal] Certificate in java.security has been deprecated and marked for removal
public class X509Cert implements Certificate, Serializable {
                                 ^
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
3 warnings
[  3%] Generating .targets/finished_tests_generate_java
warning: [options] bootstrap class path not set in conjunction with -source 8
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
1 warning
[  3%] Built target generate_java
Scanning dependencies of target generate_build_jar
[  3%] Generating staging.jar
[  3%] Built target generate_build_jar
Scanning dependencies of target generate_jar
[  5%] Generating jss4.jar
[  7%] Generating tests-jss4.jar
[  7%] Built target generate_jar
Scanning dependencies of target generate_includes
[  7%] Built target generate_includes
Scanning dependencies of target generate_c
[  9%] Generating lib/CryptoManager.o
[ 10%] Generating lib/PK11Finder.o
[ 12%] Generating lib/KeyManager.o
[ 14%] Generating lib/ASN1Util.o
[ 16%] Generating lib/Algorithm.o
[ 16%] Generating lib/KBKDF.o
[ 18%] Generating lib/PQGParams.o
[ 20%] Generating lib/Policy.o
[ 21%] Generating lib/SecretDecoderRing.o
[ 23%] Generating lib/Buffer.o
[ 25%] Generating lib/BufferProxy.o
[ 27%] Generating lib/PR.o
[ 27%] Generating lib/PRErrors.o
[ 29%] Generating lib/PRFDProxy.o
[ 30%] Generating lib/SECErrors.o
[ 32%] Generating lib/SSL.o
/home/coneix/jss/org/mozilla/jss/nss/SSL.c: In function ‘Java_org_mozilla_jss_nss_SSL_SendCertificateRequest’:
/home/coneix/jss/org/mozilla/jss/nss/SSL.c:800:12: error: implicit declaration of function ‘SSL_SendCertificateRequest’; did you mean ‘CERT_CreateCertificateRequest’? [-Werror=implicit-function-declaration]
     return SSL_SendCertificateRequest(real_fd);
            ^~~~~~~~~~~~~~~~~~~~~~~~~~
            CERT_CreateCertificateRequest
/home/coneix/jss/org/mozilla/jss/nss/SSL.c: In function ‘Java_org_mozilla_jss_nss_SSL_getSSLEnablePostHandshakeAuth’:
/home/coneix/jss/org/mozilla/jss/nss/SSL.c:1064:12: error: ‘SSL_ENABLE_POST_HANDSHAKE_AUTH’ undeclared (first use in this function); did you mean ‘SSL_REQUIRE_FIRST_HANDSHAKE’?
     return SSL_ENABLE_POST_HANDSHAKE_AUTH;
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            SSL_REQUIRE_FIRST_HANDSHAKE
/home/coneix/jss/org/mozilla/jss/nss/SSL.c:1064:12: note: each undeclared identifier is reported only once for each function it appears in
/home/coneix/jss/org/mozilla/jss/nss/SSL.c:1065:1: warning: control reaches end of non-void function [-Wreturn-type]
 }
 ^
/home/coneix/jss/org/mozilla/jss/nss/SSL.c: At top level:
cc1: warning: unrecognized command line option ‘-Wno-unknown-warning-option’
cc1: some warnings being treated as errors
make[2]: *** [CMakeFiles/generate_c.dir/build.make:171: lib/SSL.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:276: CMakeFiles/generate_c.dir/all] Error 2
make: *** [Makefile:95: all] Error 2

2021-07-02T18:29:32.7931657Z + pki -n caadmin ca-user-cert-add caagent --serial 0x7
2021-07-02T18:29:34.6674821Z WARNING: Unable to get the value of cipher: SSL2_RC4_128_WITH_MD5 (65281): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6678907Z WARNING: Unable to get the value of cipher: SSL2_RC4_128_EXPORT40_WITH_MD5 (65282): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6687405Z WARNING: Unable to get the value of cipher: SSL2_RC2_128_CBC_WITH_MD5 (65283): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6694609Z WARNING: Unable to get the value of cipher: SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 (65284): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6701624Z WARNING: Unable to get the value of cipher: SSL2_IDEA_128_CBC_WITH_MD5 (65285): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6710035Z WARNING: Unable to get the value of cipher: SSL2_DES_64_CBC_WITH_MD5 (65286): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6716870Z WARNING: Unable to get the value of cipher: SSL2_DES_192_EDE3_CBC_WITH_MD5 (65287): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6723499Z WARNING: Unable to get the value of cipher: TLS_NULL_WITH_NULL_NULL (0): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6730275Z WARNING: Unable to get the value of cipher: SSL3_RSA_EXPORT_WITH_RC4_40_MD5 (3): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6736875Z WARNING: Unable to get the value of cipher: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (3): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6745150Z WARNING: Unable to get the value of cipher: SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (6): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6752513Z WARNING: Unable to get the value of cipher: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (6): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6759308Z WARNING: Unable to get the value of cipher: SSL3_RSA_WITH_IDEA_CBC_SHA (7): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6766817Z WARNING: Unable to get the value of cipher: TLS_RSA_WITH_IDEA_CBC_SHA (7): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6773988Z WARNING: Unable to get the value of cipher: SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA (8): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6781056Z WARNING: Unable to get the value of cipher: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (8): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6787840Z WARNING: Unable to get the value of cipher: SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA (11): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6795465Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA (11): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6802294Z WARNING: Unable to get the value of cipher: SSL3_DH_DSS_WITH_DES_CBC_SHA (12): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6810407Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_DES_CBC_SHA (12): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6817064Z WARNING: Unable to get the value of cipher: SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA (13): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6824719Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (13): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6832337Z WARNING: Unable to get the value of cipher: SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA (14): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6839772Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA (14): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6848141Z WARNING: Unable to get the value of cipher: SSL3_DH_RSA_WITH_DES_CBC_SHA (15): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6854770Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_DES_CBC_SHA (15): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6861679Z WARNING: Unable to get the value of cipher: SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA (16): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6869281Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (16): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6875728Z WARNING: Unable to get the value of cipher: SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (17): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6884505Z WARNING: Unable to get the value of cipher: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (17): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6892948Z WARNING: Unable to get the value of cipher: SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (20): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6898141Z WARNING: Unable to get the value of cipher: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (20): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6906050Z WARNING: Unable to get the value of cipher: SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5 (23): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6907460Z WARNING: Unable to get the value of cipher: TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 (23): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6908913Z WARNING: Unable to get the value of cipher: SSL3_DH_ANON_WITH_RC4_128_MD5 (24): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6914677Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_RC4_128_MD5 (24): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6915963Z WARNING: Unable to get the value of cipher: SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA (25): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6917533Z WARNING: Unable to get the value of cipher: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (25): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6922800Z WARNING: Unable to get the value of cipher: SSL3_DH_ANON_WITH_DES_CBC_SHA (26): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6923985Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_DES_CBC_SHA (26): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6935102Z WARNING: Unable to get the value of cipher: SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA (27): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6936624Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (27): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6941055Z WARNING: Unable to get the value of cipher: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (65279): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6951404Z WARNING: Unable to get the value of cipher: SSL_RSA_FIPS_WITH_DES_CBC_SHA (65278): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6962297Z WARNING: Unable to get the value of cipher: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (98): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6965790Z WARNING: Unable to get the value of cipher: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (100): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7009150Z WARNING: Unable to get the value of cipher: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (99): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7010452Z WARNING: Unable to get the value of cipher: TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA (101): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7011973Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_AES_128_CBC_SHA (48): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7013186Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_AES_128_CBC_SHA (49): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7014497Z WARNING: Unable to get the value of cipher: TLS_DH_ANON_WITH_AES_128_CBC_SHA (52): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7015668Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_AES_128_CBC_SHA (52): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7016850Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_AES_256_CBC_SHA (54): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7028033Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_AES_256_CBC_SHA (55): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7032149Z WARNING: Unable to get the value of cipher: TLS_DH_ANON_WITH_AES_256_CBC_SHA (58): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7035542Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_AES_256_CBC_SHA (58): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7041164Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (66): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7045447Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (67): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7082204Z WARNING: Unable to get the value of cipher: TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA (70): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7090221Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA (70): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7095147Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (133): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7101988Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (134): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7104117Z WARNING: Unable to get the value of cipher: TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA (137): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7111440Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA (137): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7120109Z WARNING: Unable to get the value of cipher: TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 (170): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7126509Z WARNING: Unable to get the value of cipher: TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 (171): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7129847Z WARNING: Unable to get the value of cipher: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (255): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7133547Z WARNING: Unable to get the value of cipher: TLS_FALLBACK_SCSV (22016): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7141059Z WARNING: Unable to get the value of cipher: TLS_ECDH_anon_WITH_NULL_SHA (49173): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7154819Z WARNING: Unable to get the value of cipher: TLS_ECDH_anon_WITH_RC4_128_SHA (49174): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7156204Z WARNING: Unable to get the value of cipher: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (49175): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7157433Z WARNING: Unable to get the value of cipher: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (49176): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7159312Z WARNING: Unable to get the value of cipher: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (49177): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7163766Z WARNING: Unable to get the value of cipher: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (49197): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7165348Z WARNING: Unable to get the value of cipher: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (49201): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7166618Z WARNING: Unable to get the value of cipher: TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (52396): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7168036Z WARNING: Unable to get the value of cipher: TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (52397): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7181804Z WARNING: Unable to get the value of cipher: TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 (53249): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7183147Z WARNING: Unable to get the value of cipher: TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 (53250): Unknown cipher suite to get or getting its value failed

com.datastax.oss.driver.api.core.DriverExecutionException
	at com.datastax.oss.driver.internal.core.util.concurrent.CompletableFutures.getUninterruptibly(CompletableFutures.java:152)
	at com.datastax.oss.driver.api.core.session.SessionBuilder.build(SessionBuilder.java:633)
	at org.dogtagpki.acme.database.CassandraDatabase.init(CassandraDatabase.java:90)
	at org.dogtagpki.acme.server.ACMEEngine.initDatabase(ACMEEngine.java:264)
	at org.dogtagpki.acme.server.ACMEEngine.start(ACMEEngine.java:417)
	at org.dogtagpki.acme.server.ACMEEngine.contextInitialized(ACMEEngine.java:1067)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4690)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5151)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717)
	at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:129)
	at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:150)
	at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:140)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:688)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
	at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:631)
	at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1831)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
	at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
	at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:526)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:425)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309)
	at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
	at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
	at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
	at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936)
	at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
	at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134)
	at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909)
	at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
	at org.apache.catalina.core.StandardService.startInternal(StandardService.java:421)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
	at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:633)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)
Caused by: java.security.KeyStoreException: Unable to initialize JSSKeyManagerFactory with key store from non-JSS provider.
	at org.mozilla.jss.provider.javax.crypto.JSSKeyManagerFactory.engineInitKeyStore(JSSKeyManagerFactory.java:54)
	at org.mozilla.jss.provider.javax.crypto.JSSKeyManagerFactory.engineInit(JSSKeyManagerFactory.java:26)
	at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
	at com.datastax.oss.driver.internal.core.config.cloud.CloudConfigFactory.createKeyManagerFactory(CloudConfigFactory.java:212)
	at com.datastax.oss.driver.internal.core.config.cloud.CloudConfigFactory.createSslContext(CloudConfigFactory.java:198)
	at com.datastax.oss.driver.internal.core.config.cloud.CloudConfigFactory.createCloudConfig(CloudConfigFactory.java:130)
	at com.datastax.oss.driver.api.core.session.SessionBuilder.buildDefaultSessionAsync(SessionBuilder.java:671)
	at com.datastax.oss.driver.api.core.session.SessionBuilder.buildAsync(SessionBuilder.java:619)
	... 50 more
Caused by: java.security.KeyStoreException: Unable to initialize JSSKeyManagerFactory with key store from non-JSS provider.
	at org.mozilla.jss.provider.javax.crypto.JSSKeyManagerFactory.engineInitKeyStore(JSSKeyManagerFactory.java:49)
	... 57 more

    KeyFactory keyFactory = KeyFactory.getInstance("RSA", "Mozilla-JSS");
    String publickey = "11770017164903779372574829180998783872141652386640045965285794535346240910202920038507767689925485723074614440813280690507719304032614007177220836643131577";
    BigInteger modulus = new BigInteger(publickey);

    BigInteger exponent = new BigInteger("3");

    RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, exponent);
    PublicKey publicKey = keyFactory.generatePublic(keySpec);

    String signature = "GlRa+zjMjKnHH0ipUM2ojozppxDZqb2hHQnAYvsVrmhaY3RAlUy0w24zOuUYU6vgT3Lpp9OMGd4yJIEvYyjOIw==";
    byte[] data = Base64.getDecoder().decode(signature);

    Signature signer = Signature.getInstance("SHA256withRSA", "Mozilla-JSS");
    signer.initVerify(publicKey);
    signer.update(new byte[] { 0x61, 0x62, 0x63, 0x64 });

    if (!signer.verify(data)) {
        throw new RuntimeException("Expected this to be a valid signature");
    }

IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- org/mozilla/jss/pkcs11/PK11Cipher.c	(revision a7593745b6b71283c9ea6d95382edd758d3c1e3a)
+++ org/mozilla/jss/pkcs11/PK11Cipher.c	(revision 7121d4f82fa7c206fd15763e91528aabb8152396)
@@ -123,6 +123,7 @@
 {
     PK11Context *context=NULL;
     jbyte *inbuf=NULL;
+    jboolean inbufIsCopy;
     unsigned int inlen;
     unsigned char *outbuf=NULL;
     unsigned int outlen;
@@ -138,7 +139,7 @@
     /* extract input from byte array */
     inlen = (*env)->GetArrayLength(env, inputBA);
     PR_ASSERT(inlen >= 0);
-    inbuf = (*env)->GetByteArrayElements(env, inputBA, NULL);
+    inbuf = (*env)->GetByteArrayElements(env, inputBA, &inbufIsCopy);
     if(inbuf == NULL) {
         ASSERT_OUTOFMEM(env);
         goto finish;
@@ -173,6 +174,9 @@
     if(outbuf) {
         PR_Free(outbuf);
     }
+    if (inbuf && inbufIsCopy) {
+        PR_Free(inbuf);
+    }
     return outArray;
 }
 

SSLEngine_RSA (Failed)
SSLEngine_ECDSA (Failed)
SSLEngine_RSA_FIPSMODE (Failed)
SSLEngine_ECDSA_FIPSMODE (Failed)

73/77 Test #73: SSLEngine_ECDSA_FIPSMODE ..........................***Failed    0.21 sec
Initializing CryptoManager...
May 23, 2022 11:55:45 AM org.mozilla.jss.CryptoManager initialize
INFO: JSS CryptoManager: successfully initialized from NSS database at /github/home/build/jss/results/fips
Exception in thread "main" java.security.NoSuchProviderException: no such provider: SunJSSE
	at java.base/sun.security.jca.GetInstance.getService(GetInstance.java:83)
	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
	at java.base/javax.net.ssl.SSLContext.getInstance(SSLContext.java:230)
	at org.mozilla.jss.tests.TestSSLEngine.sizeBuffers(TestSSLEngine.java:210)
	at org.mozilla.jss.tests.TestSSLEngine.initialize(TestSSLEngine.java:47)
	at org.mozilla.jss.tests.TestSSLEngine.main(TestSSLEngine.java:1014)

2021-07-02T18:29:32.7931657Z + pki -n caadmin ca-user-cert-add caagent --serial 0x7
2021-07-02T18:29:36.2129529Z java.lang.NullPointerException
2021-07-02T18:29:36.2131194Z 	at org.mozilla.jss.nss.Buffer.WriteCapacity(Native Method)
2021-07-02T18:29:36.2133683Z 	at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.unwrap(JSSEngineReferenceImpl.java:1192)
2021-07-02T18:29:36.2136070Z 	at org.mozilla.jss.ssl.javax.JSSSocketChannel.read(JSSSocketChannel.java:276)
2021-07-02T18:29:36.2138079Z 	at java.base/java.nio.channels.SocketChannel.read(SocketChannel.java:486)
2021-07-02T18:29:36.2140097Z 	at org.mozilla.jss.ssl.javax.JSSSocketChannel.read(JSSSocketChannel.java:236)
2021-07-02T18:29:36.2142914Z 	at org.mozilla.jss.ssl.javax.JSSSocketChannel.implCloseSelectableChannel(JSSSocketChannel.java:381)
2021-07-02T18:29:36.2146867Z 	at java.base/java.nio.channels.spi.AbstractSelectableChannel.implCloseChannel(AbstractSelectableChannel.java:242)
2021-07-02T18:29:36.2150320Z 	at java.base/java.nio.channels.spi.AbstractInterruptibleChannel.close(AbstractInterruptibleChannel.java:112)
2021-07-02T18:29:36.2155237Z 	at org.mozilla.jss.ssl.javax.JSSSocket.close(JSSSocket.java:710)
2021-07-02T18:29:36.2156889Z 	at org.apache.http.impl.BHttpConnectionBase.close(BHttpConnectionBase.java:332)
2021-07-02T18:29:36.2159757Z 	at org.apache.http.impl.conn.LoggingManagedHttpClientConnection.close(LoggingManagedHttpClientConnection.java:81)
2021-07-02T18:29:36.2162361Z 	at org.apache.http.impl.conn.CPoolEntry.closeConnection(CPoolEntry.java:70)
2021-07-02T18:29:36.2164432Z 	at org.apache.http.impl.conn.CPoolEntry.close(CPoolEntry.java:96)
2021-07-02T18:29:36.2166083Z 	at org.apache.http.pool.AbstractConnPool.shutdown(AbstractConnPool.java:152)
2021-07-02T18:29:36.2169476Z 	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.shutdown(PoolingHttpClientConnectionManager.java:411)
2021-07-02T18:29:36.2172247Z 	at org.apache.http.impl.client.HttpClientBuilder$2.close(HttpClientBuilder.java:1244)
2021-07-02T18:29:36.2174234Z 	at org.apache.http.impl.client.InternalHttpClient.close(InternalHttpClient.java:201)
2021-07-02T18:29:36.2176300Z 	at com.netscape.certsrv.client.SubsystemClient.exists(SubsystemClient.java:99)
2021-07-02T18:29:36.2178142Z 	at com.netscape.cmstools.cli.MainCLI.createCAClient(MainCLI.java:315)
2021-07-02T18:29:36.2179958Z 	at com.netscape.cmstools.user.UserCertAddCLI.execute(UserCertAddCLI.java:96)
2021-07-02T18:29:36.2181551Z 	at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58)
2021-07-02T18:29:36.2183062Z 	at org.dogtagpki.cli.CLI.execute(CLI.java:357)
2021-07-02T18:29:36.2183981Z 	at org.dogtagpki.cli.CLI.execute(CLI.java:357)
2021-07-02T18:29:36.2184925Z 	at org.dogtagpki.cli.CLI.execute(CLI.java:357)
2021-07-02T18:29:36.2186245Z 	at com.netscape.cmstools.cli.SubsystemCLI.execute(SubsystemCLI.java:79)
2021-07-02T18:29:36.2187543Z 	at org.dogtagpki.cli.CLI.execute(CLI.java:357)
2021-07-02T18:29:36.2189007Z 	at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:665)
2021-07-02T18:29:36.2190349Z 	at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:703)

Caused by: java.security.InvalidAlgorithmParameterException
	at org.mozilla.jss.pkcs11.PK11KeyPairGenerator.initialize(PK11KeyPairGenerator.java:439)
	at org.mozilla.jss.crypto.KeyPairGenerator.initialize(KeyPairGenerator.java:75)
	at org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi.initialize(JSSKeyPairGeneratorSpi.java:46)
	at org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$EC.initialize(JSSKeyPairGeneratorSpi.java:71)
	at java.base/java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:699)
	at java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:112)
	... 39 more

mkdir yubihsm2-sdk.f33.dir
cd yubihsm2-sdk.f33.dir
wget https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-2021-03-fedora33-amd64.tar.gz
tar zxf yubihsm2-sdk-2021-03-fedora33-amd64.tar.gz
yum localinstall -y ./yubihsm2-sdk/*.rpm

# shell 1 - run yubihsm-connector
systemctl stop firewalld.service
yubihsm-connector -l 192.168.7.108:12345 -d

# shell 2 
mkdir /etc/yubico
chmod 755 /etc/yubico
chown root:root /etc/yubico
chcon system_u:object_r:etc_t:s0 /etc/yubico

cat << EOF > /etc/yubico/yubihsm_pkcs11.conf
# This is a sample configuration file for the YubiHSM PKCS#11 module
# Uncomment the various options as needed

# URL of the connector to use. This can be a comma-separated list
connector = http://192.168.7.108:12345

# Enables general debug output in the module
debug

# Enables function tracing (ingress/egress) debug output in the module
dinout

# Enables libyubihsm debug output in the module
libdebug

# Redirects the debug output to a specific file. The file is created
# if it does not exist. The content is appended
debug-file = /var/tmp/yubihsm_pkcs11_debug

# CA certificate to use for HTTPS validation. Point this variable to
# a file containing one or more certificates to use when verifying
# a peer. Currently not supported on Windows
#
# cacert = /tmp/cacert.pem

# Proxy server to use for the connector
# Currently not supported on Windows
#
# proxy = http://proxyserver.local.com:8080

# Timeout in seconds to use for the initial connection to the connector
# timeout = 5
EOF

chcon system_u:object_r:etc_t:s0 /etc/yubico/yubihsm_pkcs11.conf
ls -lZ /etc/yubico/yubihsm_pkcs11.conf
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0 991 Mar 16 15:11 /etc/yubico/yubihsm_pkcs11.conf

cat < EOF >> ~/.bashrc
export YUBIHSM_PKCS11_CONF=/etc/yubico/yubihsm_pkcs11.conf
export YUBIHSM_PKCS11_MODULE=/usr/lib64/pkcs11/yubihsm_pkcs11.so
EOF

. ~/.bashrc

ls -lZ $YUBIHSM_PKCS11_CONF $YUBIHSM_PKCS11_MODULE
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0    991 Mar 16 15:11 /etc/yubico/yubihsm_pkcs11.conf
-rwxr-xr-x. 4 root root system_u:object_r:lib_t:s0 317568 Jan  1  1970 /usr/lib64/pkcs11/yubihsm_pkcs11.so

# test
pkcs11-tool --module /usr/lib64/pkcs11/yubihsm_pkcs11.so --test --pin 0001password
pkcs11-tool --module /usr/lib64/pkcs11/yubihsm_pkcs11.so -l --pin 0001password --list-token-slots
pkcs11-tool --module /usr/lib64/pkcs11/yubihsm_pkcs11.so -l --pin 0001password --list-objects

(
FAIL example - unitialized YUBIHSM_PKCS11_CONF YUBIHSM_PKCS11_MODULE
or missing config file in YUBIHSM_PKCS11_CONF
->
echo $YUBIHSM_PKCS11_CONF $YUBIHSM_PKCS11_MODULE
[root@f33vm1 yubihsm2-sdk]#

pkcs11-tool --module /usr/lib64/pkcs11/yubihsm_pkcs11.so --pin 0001password -t
error: PKCS11 function C_Initialize failed: rv = CKR_FUNCTION_FAILED (0x6)
Aborting.
)

# test
yubihsm-shell --connector http://192.168.7.108:12345
connect
session open 1 password
list objects 0
^c

groupadd -r ldapgroup1
useradd -r -g  ldapgroup1 ldapuser1
grep ldap /etc/passwd /etc/group
dscreate create-template ~/ds.template.txt
sed -e 's/;root_password = .*/root_password = password/g' \
    -e 's/;suffix = .*/suffix = dc=example,dc=test/g'     \
    ~/ds.template.txt > ~/ds.template.inf
dscreate from-file ~/ds.template.inf
lsof -i :389 -i :636
dsctl -l
dsctl slapd-localhost status

alternatives --config java
*+ 1           java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-11.0.10.0.9-0.fc33.x86_64/bin/java)

virt guest

cat << EOF > ~/ca1.yubihsm2.cfg
[DEFAULT]
pki_server_database_password=password

# pki_hsm_enable=True
# pki_hsm_libfile=/usr/lib64/pkcs11/libsofthsm2.so
# pki_hsm_modulename=softhsm
# pki_token_name=Dogtag
# pki_token_password=redhat123

pki_hsm_enable=True
pki_hsm_libfile=/usr/lib64/pkcs11/yubihsm_pkcs11.so
pki_hsm_modulename=yubihsm2
pki_token_name=YubiHSM
pki_token_password=0001password

[CA]
[email protected]
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=password
pki_admin_uid=caadmin

pki_client_database_password=password
pki_client_database_purge=False
pki_client_pkcs12_password=password

pki_ds_hostname=f33vm1.example.test
pki_ds_ldap_port=389
pki_ds_bind_dn=cn=Directory Manager
pki_ds_password=password
pki_ds_base_dn=dc=pki,dc=example,dc=test

pki_security_domain_name=ca1hsm

pki_ca_signing_token=YubiHSM
pki_ca_signing_nickname=ca_signing
pki_ocsp_signing_token=YubiHSM
pki_ocsp_signing_nickname=ca_ocsp_signing
pki_audit_signing_token=YubiHSM
pki_audit_signing_nickname=ca_audit_signing
pki_ssl_server_token=internal
pki_sslserver_token=internal
pki_sslserver_nickname=sslserver
pki_subsystem_token=YubiHSM
pki_subsystem_nickname=subsystem

EOF

# if needed
pkidestroy -s CA --force

pkispawn -f /root/ca1.yubihsm2.cfg -s CA --debug 2>&1 | tee ~/ca1.yubihsm2.pkispawn.out.txt
...
INFO: Getting sslserver cert info from CS.cfg
INFO: Getting sslserver cert info from NSS database
DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmppupxfqmt/password.txt -n sslserver -a
DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpp9in5_bt/password.txt
INFO: Setting up signing certificate
/usr/lib/python3.9/site-packages/urllib3/connection.py:377: SubjectAltNameWarning: Certificate for f33vm1.example.test has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is
 being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.)
  warnings.warn(

Installation failed:
<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76
;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 – Interna
l Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> org.mozilla.jss.NoSuchTokenException: No such token: YubiHSM</p><p><b>Description</b> The server encountered an unexpe
cted condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>org.jboss.resteasy.spi.UnhandledException: org.mozilla.jss.NoSuchTokenException: No such token: YubiHSM
        org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:78)
        org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:222)
        org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:179)
        org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:422)
        org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
        org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
        org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
        org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:733)


less /var/log/pki/pki-ca-spawn.20210316155334.log
2021-03-16 15:53:34 INFO: Connecting to LDAP server at ldap://f33vm1.example.test:389
2021-03-16 15:53:34 INFO: Connecting to LDAP server at ldap://f33vm1.example.test:389
2021-03-16 15:53:34 DEBUG: Installing Maven dependencies: False
2021-03-16 15:53:34 INFO: BEGIN spawning CA subsystem in pki-tomcat instance
2021-03-16 15:53:34 INFO: Loading instance: pki-tomcat
...
2021-03-16 15:53:50 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/bin/env java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-profile-import --input-folder /usr/share/pki/ca/profiles/ca --debug
2021-03-16 15:53:53 INFO: Starting server
2021-03-16 15:53:53 DEBUG: Command: systemctl start [email protected]
2021-03-16 15:53:55 INFO: FIPS mode: False
2021-03-16 15:53:56 INFO: Waiting for CA subsystem to start (1s)
2021-03-16 15:53:57 INFO: Waiting for CA subsystem to start (2s)
2021-03-16 15:54:05 INFO: Subsystem status: running
2021-03-16 15:54:05 INFO: Getting sslserver cert info from CS.cfg
2021-03-16 15:54:05 INFO: Getting sslserver cert info from NSS database
2021-03-16 15:54:05 DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmppupxfqmt/password.txt -n sslserver -a
2021-03-16 15:54:06 DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpp9in5_bt/password.txt
2021-03-16 15:54:06 INFO: Setting up signing certificate
(END)


and the YubiHSM is accessible to the O.S. via pkcs11-tool and modutil:

pkcs11-tool --module /usr/lib64/pkcs11/yubihsm_pkcs11.so --pin 0001password -t
Using slot 0 with a present token (0x0)
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  SHA-1: OK
Signatures (currently only for RSA)
Signatures: no private key found in this slot
Verify (currently only for RSA)
  No private key found for testing
Decryption (currently only for RSA)
No errors
[root@f33vm1 yubihsm2-sdk]#


modutil -dbdir /etc/pki/pki-tomcat/alias -rawlist
library= name="NSS Internal PKCS #11 Module" NSS="Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})" parameters="configdir=/etc/pki/pki-tomcat/alias certPrefix= keyPrefix= secmod=secmod.db flags=readOnly "

library="/usr/lib64/pkcs11/yubihsm_pkcs11.so" name="yubihsm2"


modutil -dbdir /etc/pki/pki-tomcat/alias -list

Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
           uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.62
         slots: 2 slots attached
        status: loaded

         slot: NSS Internal Cryptographic Services
        token: NSS Generic Crypto Services
          uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

         slot: NSS User Private Key and Certificate Services
        token: NSS Certificate DB
          uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

  2. yubihsm2
        library name: /usr/lib64/pkcs11/yubihsm_pkcs11.so
           uri: pkcs11:library-manufacturer=Yubico%20(www.yubico.com);library-description=YubiHSM%20PKCS%2311%20Library;library-version=2.10
         slots: 1 slot attached
        status: loaded

         slot: YubiHSM Connector 192.168.7.108
        token: YubiHSM
          uri: pkcs11:token=YubiHSM;manufacturer=Yubico%20(www.yubico.com);serial=13200864;model=YubiHSM

  3. p11-kit-proxy
        library name: p11-kit-proxy.so
           uri: pkcs11:library-manufacturer=PKCS%2311%20Kit;library-description=PKCS%2311%20Kit%20Proxy%20Module;library-version=1.1
         slots: 1 slot attached
        status: loaded

         slot: Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface...
        token:
          uri: pkcs11:
-----------------------------------------------------------
[root@f33vm1 yubihsm2-sdk]#



certutil -L -d sql:/var/lib/pki/pki-tomcat/alias -h YubiHSM 

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

Enter Password or Pin for "YubiHSM":
[root@f33vm1 src.dir]# 


those 2 keys are from another test with the yubihsm-shell tool, so NSS can access the YubiHSM:

certutil -K -d sql:/var/lib/pki/pki-tomcat/alias -h YubiHSM
certutil: Checking token "YubiHSM" in slot "YubiHSM Connector 192.168.7.108"
Enter Password or Pin for "YubiHSM":
< 0> rsa      0401                                       label_rsa_sign
< 1> ec       0204                                       label_ecdsa_test
[root@f33vm1 src.dir]# 



./jss/org/mozilla/jss/CryptoManager.java
...  
     * Looks up the CryptoToken with the given name.  Searches all
     * loaded cryptographic modules for the token.
     *
     * @param name The name of the token.
     * @return The token.
     * @exception org.mozilla.jss.NoSuchTokenException If no token
     *  is found with the given name.
     */
    public synchronized CryptoToken getTokenByName(String name)
        throws NoSuchTokenException
    {   
        Enumeration<CryptoToken> tokens = getAllTokens();
        CryptoToken token;

        while(tokens.hasMoreElements()) {
            token = tokens.nextElement();
            try {
                if( name.equals(token.getName()) ) {
                    return token;
                }
            } catch( TokenException e ) {
                throw new RuntimeException(e);
            }
        }
        throw new NoSuchTokenException("No such token: " + name);
    }
...

# pki --debug -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://dc.ipa.test:443 --ignore-cert-status UNTRUSTED_ISSUER ca-cert-signing-export --pkcs7
INFO: PKI options: --debug -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf
INFO: PKI command: https://dc.ipa.test:443 -U https://dc.ipa.test:443 --ignore-cert-status UNTRUSTED_ISSUER ca-cert-signing-export --pkcs7
INFO: Java command: /usr/lib/jvm/jre/bin/java -cp /usr/share/pki/lib/* -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf --debug -U https://dc.ipa.test:443 --ignore-cert-status UNTRUSTED_ISSUER ca-cert-signing-export --pkcs7
INFO: Server URL: https://dc.ipa.test:443
INFO: Loading NSS password configuration from /etc/pki/pki-tomcat/password.conf
FINE: PlainPasswordFile: Initializing PlainPasswordFile
INFO: NSS database: /etc/pki/pki-tomcat/alias
INFO: Message format: null
INFO: Command: ca-cert-signing-export --pkcs7
INFO: Module: ca
INFO: Initializing NSS
INFO: Logging into internal token
INFO: Using internal token
INFO: Module: cert
INFO: Module: signing-export
INFO: Connecting to https://dc.ipa.test:443
INFO: HTTP request: GET /pki/rest/info HTTP/1.1
INFO:   Accept: application/xml
INFO:   Accept-Encoding: gzip, deflate
INFO:   Host: dc.ipa.test:443
INFO:   Connection: Keep-Alive
INFO:   User-Agent: Apache-HttpClient/4.5.7 (Java/1.8.0_212)
SEVERE: FATAL: SSL alert sent: UNEXPECTED_MESSAGE
javax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request
        at org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:287)
        at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:436)
        at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:102)
        at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
        at com.sun.proxy.$Proxy26.getInfo(Unknown Source)
        at org.dogtagpki.common.InfoClient.getInfo(InfoClient.java:45)
        at com.netscape.certsrv.client.PKIClient.getInfo(PKIClient.java:140)
        at com.netscape.cmstools.cli.MainCLI.getClient(MainCLI.java:598)
        at org.dogtagpki.cli.CLI.getClient(CLI.java:201)
        at org.dogtagpki.cli.CLI.getClient(CLI.java:201)
        at org.dogtagpki.cli.CLI.getClient(CLI.java:201)
        at com.netscape.cmstools.ca.CACertSigningExportCLI.execute(CACertSigningExportCLI.java:70)
        at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:57)
        at org.dogtagpki.cli.CLI.execute(CLI.java:352)
        at org.dogtagpki.cli.CLI.execute(CLI.java:352)
        at com.netscape.cmstools.cli.SubsystemCLI.execute(SubsystemCLI.java:76)
        at org.dogtagpki.cli.CLI.execute(CLI.java:352)
        at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:659)
        at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:695)
Caused by: java.io.IOException: SocketException cannot write on socket: Failed to write to socket: (-12251) SSL received a malformed Change Cipher Spec record.
        at org.mozilla.jss.ssl.SSLSocket.write(SSLSocket.java:1539)
        at org.mozilla.jss.ssl.SSLOutputStream.write(SSLOutputStream.java:24)
        at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:160)
        at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:168)
        at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:273)
        at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:279)
        at org.apache.http.impl.conn.ManagedClientConnectionImpl.flush(ManagedClientConnectionImpl.java:188)
        at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:241)
        at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
        at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:679)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:481)
        at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:836)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
        at org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:283)
        ... 18 more
Caused by: org.mozilla.jss.ssl.SSLSocketException: Failed to write to socket: (-12251) SSL received a malformed Change Cipher Spec record.
        at org.mozilla.jss.ssl.SSLSocket.socketWrite(Native Method)
        at org.mozilla.jss.ssl.SSLSocket.write(SSLSocket.java:1533)
        ... 32 more
ERROR: Command: /usr/lib/jvm/jre/bin/java -cp /usr/share/pki/lib/* -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf --debug -U https://dc.ipa.test:443 --ignore-cert-status UNTRUSTED_ISSUER ca-cert-signing-export --pkcs7

class=org.dogtagpki.acme.database.PostgreSQLDatabase
password=<password>
url=jdbc:postgresql://<server>:5432/<database>
user=<username>

$ certbot certonly --standalone -d $HOSTNAME \
    --server http://$HOSTNAME:8080/acme/directory \
    --register-unsafely-without-email \
    --agree-tos

sslmode=disable

2020-07-28 02:06:14 [http-nio-8080-exec-2] INFO: Connecting to jdbc:postgresql://<server>:5432/<database>
2020-07-28 02:06:15 [http-nio-8080-exec-2] SEVERE: Servlet.service() for servlet [ACME] in context with path [/acme] threw exception
org.jboss.resteasy.spi.UnhandledException: org.postgresql.util.PSQLException: SSL error: Unable to unwrap data using SSLEngine: Error duing SSL.ForceHandshake() :: SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT (-12157)
	at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:78)
	at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:222)
	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:179)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:422)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
	at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
	at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225)
	at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
	at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
	at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
	at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.postgresql.util.PSQLException: SSL error: Unable to unwrap data using SSLEngine: Error duing SSL.ForceHandshake() :: SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT (-12157)
	at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:42)
	at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:441)
	at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)
	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
	at org.postgresql.Driver.makeConnection(Driver.java:458)
	at org.postgresql.Driver.connect(Driver.java:260)
	at java.sql.DriverManager.getConnection(DriverManager.java:664)
	at java.sql.DriverManager.getConnection(DriverManager.java:208)
	at org.dogtagpki.acme.database.PostgreSQLDatabase.connect(PostgreSQLDatabase.java:95)
	at org.dogtagpki.acme.database.PostgreSQLDatabase.addNonce(PostgreSQLDatabase.java:195)
	at org.dogtagpki.acme.server.ACMEEngine.createNonce(ACMEEngine.java:485)
	at org.dogtagpki.acme.server.ACMENewNonceService.createNonce(ACMENewNonceService.java:52)
	at org.dogtagpki.acme.server.ACMENewNonceService.headNewNonce(ACMENewNonceService.java:35)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
	... 55 more
Caused by: java.io.IOException: Unable to unwrap data using SSLEngine: Error duing SSL.ForceHandshake() :: SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT (-12157)
	at org.mozilla.jss.ssl.javax.JSSSocketChannel.read(JSSSocketChannel.java:286)
	at java.nio.channels.SocketChannel.read(SocketChannel.java:481)
	at org.mozilla.jss.ssl.javax.JSSSocketChannel.read(JSSSocketChannel.java:237)
	at org.mozilla.jss.ssl.javax.JSSSocketChannel.finishConnect(JSSSocketChannel.java:149)
	at org.mozilla.jss.ssl.javax.JSSSocket.doHandshake(JSSSocket.java:277)
	at org.mozilla.jss.ssl.javax.JSSSocket.startHandshake(JSSSocket.java:425)
	at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:40)
	... 78 more
Caused by: javax.net.ssl.SSLHandshakeException: Error duing SSL.ForceHandshake() :: SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT (-12157)
	at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.updateHandshakeState(JSSEngineReferenceImpl.java:857)
	at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.unwrap(JSSEngineReferenceImpl.java:1036)
	at org.mozilla.jss.ssl.javax.JSSSocketChannel.read(JSSSocketChannel.java:268)
	... 84 more

PR_STATIC_ASSERT(PR_ARRAY_SIZE(kea_alg_defs) == ssl_kea_size);

#15 29.97 In file included from /usr/include/nspr4/pratom.h:14,
#15 29.97                  from /usr/include/nspr4/nspr.h:9,
#15 29.97                  from /root/jss/build/BUILD/jss-5.5.0-alpha3/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c:1:
#15 29.97 /usr/include/nspr4/prtypes.h:556:38: error: size of array ‘arg’ is negative
#15 29.97   556 |     extern void pr_static_assert(int arg[(condition) ? 1 : -1])
#15 29.97       |                                      ^~~
#15 29.97 /root/jss/build/BUILD/jss-5.5.0-alpha3/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c:37:1: note: in expansion of macro ‘PR_STATIC_ASSERT’
#15 29.97    37 | PR_STATIC_ASSERT(PR_ARRAY_SIZE(kea_alg_defs) == ssl_kea_size);
#15 29.97       | ^~~~~~~~~~~~~~~~
#15 29.97 /usr/include/nspr4/prtypes.h:556:38: warning: argument 1 of type ‘int *’ declared as a pointer [-Warray-parameter=]
#15 29.97   556 |     extern void pr_static_assert(int arg[(condition) ? 1 : -1])
#15 29.97       |                                  ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
#15 29.97 /root/jss/build/BUILD/jss-5.5.0-alpha3/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c:37:1: note: in expansion of macro ‘PR_STATIC_ASSERT’
#15 29.97    37 | PR_STATIC_ASSERT(PR_ARRAY_SIZE(kea_alg_defs) == ssl_kea_size);
#15 29.97       | ^~~~~~~~~~~~~~~~
#15 29.97 /usr/include/nspr4/prtypes.h:556:38: note: previously declared as an array ‘int[1]’
#15 29.97   556 |     extern void pr_static_assert(int arg[(condition) ? 1 : -1])
#15 29.97       |                                  ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
#15 29.97 /root/jss/build/BUILD/jss-5.5.0-alpha3/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c:24:1: note: in expansion of macro ‘PR_STATIC_ASSERT’
#15 29.97    24 | PR_STATIC_ASSERT(PR_ARRAY_SIZE(auth_alg_defs) == ssl_auth_size);
#15 29.97       | ^~~~~~~~~~~~~~~~
#15 29.97 cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#15 29.97 make[3]: *** [CMakeFiles/generate_c.dir/build.make:275: lib/SSLCipher.o] Error 1
#15 29.97 make[2]: *** [CMakeFiles/Makefile2:1649: CMakeFiles/generate_c.dir/all] Error 2
#15 29.97 make[1]: *** [CMakeFiles/Makefile2:2090: CMakeFiles/native.dir/rule] Error 2
#15 29.97 make: *** [Makefile:1092: native] Error 2
#15 29.97 error: Bad exit status from /var/tmp/rpm-tmp.IDpnRv (%build)
#15 29.97     Bad exit status from /var/tmp/rpm-tmp.IDpnRv (%build)
#15 29.97 
#15 29.97 RPM build errors:
#15 ERROR: process "/bin/sh -c ./build.sh --work-dir=build rpm" did not complete successfully: exit code: 1

 6328,6334d6327
<     public static final long CKK_NSS_KYBER = 0xCE534355L;
< 
<     /**
<      * Content automatically generated; see NSS documentation for more information.
<      *
<      * Source file: /usr/include/nss3/pkcs11n.h
<      */
6580,6586d6572
<     public static final long CKA_NSS_PARAMETER_SET = 0xCE534378L;
< 
<     /**
<      * Content automatically generated; see NSS documentation for more information.
<      *
<      * Source file: /usr/include/nss3/pkcs11n.h
<      */
7049,7062d7034
<     public static final long CKM_NSS_KYBER_KEY_PAIR_GEN = 0xCE53437DL;
< 
<     /**
<      * Content automatically generated; see NSS documentation for more information.
<      *
<      * Source file: /usr/include/nss3/pkcs11n.h
<      */
<     public static final long CKM_NSS_KYBER = 0xCE53437EL;
< 
<     /**
<      * Content automatically generated; see NSS documentation for more information.
<      *
<      * Source file: /usr/include/nss3/pkcs11n.h
<      */
7134,7147d7105
< 
<     /**
<      * Content automatically generated; see NSS documentation for more information.
<      *
<      * Source file: /usr/include/nss3/pkcs11n.h
<      */
<     public static final long CKP_NSS = 0xCE534350L;
< 
<     /**
<      * Content automatically generated; see NSS documentation for more information.
<      *
<      * Source file: /usr/include/nss3/pkcs11n.h
<      */
<     public static final long CKP_NSS_KYBER_768_ROUND3 = 0xCE534351L;

org/mozilla/jss/ssl/SSLClient.java:384:  public static void main(String argv[])  throws Exception
org/mozilla/jss/ssl/SSLTest.java:17:    public static void main(String[] args) {
org/mozilla/jss/ssl/SSLServer.java:264:    public static void main(String argv[]) throws Exception
org/mozilla/jss/util/Base64InputStream.java:225:    public static void main(String args[]) throws Exception {
org/mozilla/jss/util/UTF8Converter.java:221:	public static void main(String[] args) {
org/mozilla/jss/pkcs10/CertificationRequest.java:251:    public static void main(String argv[]) {
org/mozilla/jss/pkix/crmf/CertReqMsg.java:251:    public static void main(String args[]) {
org/mozilla/jss/pkix/crmf/CertTemplate.java:500:    public static void main(String args[]) {
org/mozilla/jss/pkix/cmmf/CertRepContent.java:120:    public static void main(String argv[]) {
org/mozilla/jss/pkix/primitive/Name.java:252:    public static void main(String args[]) {
org/mozilla/jss/pkix/cert/Certificate.java:264:    public static void main(String argv[]) {
org/mozilla/jss/asn1/SEQUENCE.java:626:    public static void main(String args[]) {
org/mozilla/jss/asn1/INTEGER.java:104:    public static void main(String args[]) {
org/mozilla/jss/asn1/SET.java:917:    public static void main(String args[]) {
org/mozilla/jss/pkcs12/PFX.java:320:    public static void main(String []args) {
org/mozilla/jss/netscape/security/extensions/NSCertTypeExtension.java:380:    public static void main(String[] argv) {
org/mozilla/jss/netscape/security/extensions/KerberosName.java:122:    public static void main(String[] argv) {
org/mozilla/jss/netscape/security/extensions/PresenceServerExtension.java:263:    public static void main(String args[]) {
org/mozilla/jss/netscape/security/extensions/SubjectInfoAccessExtension.java:220:    public static void main(String[] argv) {
org/mozilla/jss/netscape/security/extensions/AuthInfoAccessExtension.java:242:    public static void main(String[] argv) {
org/mozilla/jss/netscape/security/x509/CertificatePoliciesExtension.java:253:    public static void main(String args[]) {
org/mozilla/jss/netscape/security/x509/CRLDistributionPoint.java:254:    public static void main(String args[]) throws GeneralNamesException, IOException, InvalidBERException {
org/mozilla/jss/netscape/security/x509/IssuingDistributionPointExtension.java:359:    public static void main(String args[]) {
org/mozilla/jss/netscape/security/x509/CRLDistributionPointsExtension.java:237:    public static void main(String args[]) {
org/mozilla/jss/netscape/security/x509/IssuingDistributionPoint.java:274:    public static void main(String args[]) {
org/mozilla/jss/netscape/security/x509/FreshestCRLExtension.java:250:    public static void main(String args[]) {
org/mozilla/jss/provider/javax/crypto/JSSSecretKeyFactorySpi.java:275:    public static void main(String args[]) {

make -C BUILD javadoc                                                           
...

Generating /usr/src/RPM/BUILD/jss-4.6.1/BUILD/docs/org/mozilla/jss/netscape/security/x509/PolicyConstraintsExtension.html...
/usr/src/RPM/BUILD/jss-4.6.1/org/mozilla/jss/netscape/security/x509/PolicyConstraintsExtension.java:106: error: @param name not found
     * @param critical whether this extension should be critical
                                                                              
...

Generating /usr/src/RPM/BUILD/jss-4.6.1/BUILD/docs/org/mozilla/jss/netscape/security/x509/OIDMap.html...
/usr/src/RPM/BUILD/jss-4.6.1/org/mozilla/jss/netscape/security/x509/OIDMap.java:31: error: bad HTML entity
 * This class defines the mapping from OID & name to classes and vice

...   

   Generating /usr/src/RPM/BUILD/jss-4.6.1/BUILD/docs/org/mozilla/jss/netscape/security/util/BigInt.html...
/usr/src/RPM/BUILD/jss-4.6.1/org/mozilla/jss/netscape/security/util/BigInt.java:32: error: element not closed: em
 * <em><b>NOTE:</b>  This class may eventually disappear, to
   ^

...                                                                       
100 errors                                                                      
100 warnings                                                                    
make[3]: *** [CMakeFiles/javadoc.dir/build.make:537: .targets/finished_generate_javadocs] Error 1
make[3]: Leaving directory '/usr/src/RPM/BUILD/jss-4.6.1/BUILD'                 
make[2]: *** [CMakeFiles/Makefile2:808: CMakeFiles/javadoc.dir/all] Error 2        
make[1]: *** [CMakeFiles/Makefile2:815: CMakeFiles/javadoc.dir/rule] Error 2       
make: *** [Makefile:415: javadoc] Error 2

12:47:13  [  1%] Generating .targets/finished_generate_java
12:47:13  /usr/bin/javac -classpath /home/mockbuild/build/slf4j-api-1.7.26.jar:/home/mockbuild/build/commons-codec-1.12.jar:/home/mockbuild/build/commons-lang-2.6.jar:/home/mockbuild/build/jaxb-api-2.3.1.jar -sourcepath /home/mockbuild -target 1.8 -source 1.8 -O -d /home/mockbuild/build/classes/jss -h /home/mockbuild/build/include/jss/_jni /home/mockbuild/org/mozilla/jss/util/Base64OutputStream.java /home/mockbuild/org/mozilla/jss/util/Tunnel.java /home/mockbuild/org/mozilla/jss/util/NotImplementedException.java /home/mockbuild/org/mozilla/jss/util/AssertionException.java /home/mockbuild/org/mozilla/jss/util/ConsolePasswordCallback.java /home/mockbuild/org/mozilla/jss/util/IncorrectPasswordException.java /home/mockbuild/org/mozilla/jss/util/NullPasswordCallback.java /home/mockbuild/org/mozilla/jss/util/NativeProxy.java /home/mockbuild/org/mozilla/jss/util/PasswordCallback.java /home/mockbuild/org/mozilla/jss/util/Assert.java /home/mockbuild/org/mozilla/jss/util/InvalidNicknameException.java /home/mockbuild/org/mozilla/jss/util/PasswordCallbackInfo.java /home/mockbuild/org/mozilla/jss/util/NativeErrcodes.java /home/mockbuild/org/mozilla/jss/util/Password.java /home/mockbuild/org/mozilla/jss/util/UTF8Converter.java /home/mockbuild/org/mozilla/jss/util/Base64InputStream.java /home/mockbuild/org/mozilla/jss/JSSProvider.java /home/mockbuild/org/mozilla/jss/CertificateUsage.java /home/mockbuild/org/mozilla/jss/UserCertConflictException.java /home/mockbuild/org/mozilla/jss/pkcs7/Attribute.java /home/mockbuild/org/mozilla/jss/pkcs7/SignedData.java /home/mockbuild/org/mozilla/jss/pkcs7/SignedAndEnvelopedData.java /home/mockbuild/org/mozilla/jss/pkcs7/DigestInfo.java /home/mockbuild/org/mozilla/jss/pkcs7/IssuerAndSerialNumber.java /home/mockbuild/org/mozilla/jss/pkcs7/EncryptedData.java /home/mockbuild/org/mozilla/jss/pkcs7/SignerInfo.java /home/mockbuild/org/mozilla/jss/pkcs7/ContentInfo.java /home/mockbuild/org/mozilla/jss/pkcs7/EnvelopedData.java /home/mockbuild/org/mozilla/jss/pkcs7/RecipientInfo.java /home/mockbuild/org/mozilla/jss/pkcs7/DigestedData.java /home/mockbuild/org/mozilla/jss/pkcs7/EncryptedContentInfo.java /home/mockbuild/org/mozilla/jss/asn1/UTF8String.java /home/mockbuild/org/mozilla/jss/asn1/ASN1Header.java /home/mockbuild/org/mozilla/jss/asn1/UniversalString.java /home/mockbuild/org/mozilla/jss/asn1/Tag.java /home/mockbuild/org/mozilla/jss/asn1/FieldNotPresentException.java /home/mockbuild/org/mozilla/jss/asn1/OBJECT_IDENTIFIER.java /home/mockbuild/org/mozilla/jss/asn1/CharConverter.java /home/mockbuild/org/mozilla/jss/asn1/UTCTime.java /home/mockbuild/org/mozilla/jss/asn1/ASN1Value.java /home/mockbuild/org/mozilla/jss/asn1/TeletexString.java /home/mockbuild/org/mozilla/jss/asn1/NULL.java /home/mockbuild/org/mozilla/jss/asn1/OCTET_STRING.java /home/mockbuild/org/mozilla/jss/asn1/SET.java /home/mockbuild/org/mozilla/jss/asn1/INTEGER.java /home/mockbuild/org/mozilla/jss/asn1/ASN1Util.java /home/mockbuild/org/mozilla/jss/asn1/PrintableString.java /home/mockbuild/org/mozilla/jss/asn1/BIT_STRING.java /home/mockbuild/org/mozilla/jss/asn1/CountingStream.java /home/mockbuild/org/mozilla/jss/asn1/TimeBase.java /home/mockbuild/org/mozilla/jss/asn1/CharacterString.java /home/mockbuild/org/mozilla/jss/asn1/SEQUENCE.java /home/mockbuild/org/mozilla/jss/asn1/BOOLEAN.java /home/mockbuild/org/mozilla/jss/asn1/ANY.java /home/mockbuild/org/mozilla/jss/asn1/EXPLICIT.java /home/mockbuild/org/mozilla/jss/asn1/InvalidBERException.java /home/mockbuild/org/mozilla/jss/asn1/IA5String.java /home/mockbuild/org/mozilla/jss/asn1/Form.java /home/mockbuild/org/mozilla/jss/asn1/CHOICE.java /home/mockbuild/org/mozilla/jss/asn1/BMPString.java /home/mockbuild/org/mozilla/jss/asn1/ASN1Template.java /home/mockbuild/org/mozilla/jss/asn1/GeneralizedTime.java /home/mockbuild/org/mozilla/jss/asn1/ENUMERATED.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11PubKey.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11TokenCert.java /home/mockbuild/org/mozilla/jss/pkcs11/CipherContextProxy.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11ParameterSpec.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11DSAPrivateKey.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11PrivKey.java /home/mockbuild/org/mozilla/jss/pkcs11/Tunnel.java /home/mockbuild/org/mozilla/jss/pkcs11/ModuleProxy.java /home/mockbuild/org/mozilla/jss/pkcs11/TokenProxy.java /home/mockbuild/org/mozilla/jss/pkcs11/KeyProxy.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11ECPublicKey.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11Key.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11Store.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11Token.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11MessageDigest.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11SymKey.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11InternalTokenCert.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11Cipher.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11Module.java /home/mockbuild/org/mozilla/jss/pkcs11/PKCS11Constants.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11RSAPrivateKey.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11KeyWrapper.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11Signature.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11RSAPublicKey.java /home/mockbuild/org/mozilla/jss/pkcs11/KeyType.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11Cert.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11SymmetricKeyDeriver.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11InternalCert.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11SecureRandom.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11KeyGenerator.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11ECPrivateKey.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11Exception.java /home/mockbuild/org/mozilla/jss/pkcs11/PK11DSAPublicKey.java /home/mockbuild/org/mozilla/jss/pkcs10/CertificationRequest.java /home/mockbuild/org/mozilla/jss/pkcs10/CertificationRequestInfo.java /home/mockbuild/org/mozilla/jss/NotInitializedException.java /home/mockbuild/org/mozilla/jss/CryptoManager.java /home/mockbuild/org/mozilla/jss/InvalidLengthException.java /home/mockbuild/org/mozilla/jss/KeyDatabaseException.java /home/mockbuild/org/mozilla/jss/DatabaseCloser.java /home/mockbuild/org/mozilla/jss/InitializationValues.java /home/mockbuild/org/mozilla/jss/CertDatabaseException.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS9Attributes.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS10Attributes.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS8Key.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS12Util.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS12.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS12CertInfo.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS10Attribute.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/ParsingException.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS7.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/SignerInfo.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS9Attribute.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/ContentInfo.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/EncodingException.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS12KeyInfo.java /home/mockbuild/org/mozilla/jss/netscape/security/pkcs/PKCS10.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateAlgorithmId.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertException.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CRLReasonExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/KeyIdentifier.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/ACertAttrSet.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/DNSName.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CRLNumberExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateIssuerExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/OtherName.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CRLDistributionPointsExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/AVAValueConverter.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/X509AttributeName.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificatePolicySet.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/EDIPartyName.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/AlgIdDSA.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/RFC1779StrConverter.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/IA5StringConverter.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/NSCCommentExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/NoticeReference.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/PolicyConstraintsExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/InvalidityDateExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/GeneralName.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/LdapDNStrConverter.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/GeneralSubtrees.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/PrivateKeyUsageExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/Attribute.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/RDN.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificatePoliciesExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/Qualifier.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertAndKeyGen.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/OIDMap.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/X509Key.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/IssuingDistributionPoint.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/OIDName.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/X509CertImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateExtensions.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/ReasonFlags.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/X509ExtensionException.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/RevokedCertImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/AlgorithmId.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CPSuri.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/PKIXExtensions.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateVersion.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/GenericValueConverter.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/PolicyQualifierInfo.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/GeneralNamesException.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/FreshestCRLExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/GeneralSubtree.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/RevocationReasonAdapter.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/LdapV3DNStrConverter.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/X509CRLImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificatePolicyMap.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/AuthorityKeyIdentifierExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/RFC822Name.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertAttrSet.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/IssuerAlternativeNameExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/InvalidIPAddressException.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/X509CertInfo.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/KeyUsageExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/PrintableConverter.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateValidity.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/AVA.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/UserNotice.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/InvalidNetmaskException.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/HoldInstructionExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/Extension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CIDRNetmask.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/PolicyQualifiers.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateIssuerUniqueIdentity.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/Extensions.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateChain.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/SerialNumber.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/X500Name.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/NameConstraintsExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/PolicyMappingsExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertParseError.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificatePolicyInfo.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/BasicConstraintsExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/RevocationReason.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/RevokedCertificate.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateX509Key.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/SubjectAlternativeNameExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/IPAddressName.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateSubjectName.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/GeneralNames.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/DirStrConverter.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/DeltaCRLIndicatorExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/DisplayText.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/X509Cert.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/GeneralNameInterface.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateSubjectUniqueIdentity.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CRLExtensions.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/X500Signer.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/SubjectKeyIdentifierExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/PolicyConstraint.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/SubjectDirAttributesExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/IssuingDistributionPointExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificatePolicyId.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/X500NameAttrMap.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateIssuerName.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/UniqueIdentity.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/URIName.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CRLDistributionPoint.java /home/mockbuild/org/mozilla/jss/netscape/security/x509/CertificateSerialNumber.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/InhibitAnyPolicyExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/CertInfo.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/CertificateRenewalWindowExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/NSCertTypeExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/AccessDescription.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/GenericASN1Extension.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/AuthInfoAccessExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/OCSPNoCheckExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/PresenceServerExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/KerberosName.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/CertificateScopeEntry.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/ExtendedKeyUsageExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/CertificateScopeOfUseExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/extensions/SubjectInfoAccessExtension.java /home/mockbuild/org/mozilla/jss/netscape/security/util/IA5CharsetDecoder.java /home/mockbuild/org/mozilla/jss/netscape/security/util/PubKeyPrettyPrint.java /home/mockbuild/org/mozilla/jss/netscape/security/util/PrintableCharsetDecoder.java /home/mockbuild/org/mozilla/jss/netscape/security/util/PrintableCharset.java /home/mockbuild/org/mozilla/jss/netscape/security/util/BitArray.java /home/mockbuild/org/mozilla/jss/netscape/security/util/UniversalCharsetEncoder.java /home/mockbuild/org/mozilla/jss/netscape/security/util/IA5Charset.java /home/mockbuild/org/mozilla/jss/netscape/security/util/PrintableCharsetEncoder.java /home/mockbuild/org/mozilla/jss/netscape/security/util/PrettyPrintResources.java /home/mockbuild/org/mozilla/jss/netscape/security/util/BigInt.java /home/mockbuild/org/mozilla/jss/netscape/security/util/DerValue.java /home/mockbuild/org/mozilla/jss/netscape/security/util/IA5CharsetEncoder.java /home/mockbuild/org/mozilla/jss/netscape/security/util/ASN1CharsetProvider.java /home/mockbuild/org/mozilla/jss/netscape/security/util/ObjectIdentifier.java /home/mockbuild/org/mozilla/jss/netscape/security/util/Cert.java /home/mockbuild/org/mozilla/jss/netscape/security/util/ByteArrayTagOrder.java /home/mockbuild/org/mozilla/jss/netscape/security/util/ASN1CharStrConvMap.java /home/mockbuild/org/mozilla/jss/netscape/security/util/CrlPrettyPrint.java /home/mockbuild/org/mozilla/jss/netscape/security/util/DerInputStream.java /home/mockbuild/org/mozilla/jss/netscape/security/util/CertPrettyPrint.java /home/mockbuild/org/mozilla/jss/netscape/security/util/DerOutputStream.java /home/mockbuild/org/mozilla/jss/netscape/security/util/WrappingParams.java /home/mockbuild/org/mozilla/jss/netscape/security/util/UniversalCharset.java /home/mockbuild/org/mozilla/jss/netscape/security/util/PrettyPrintFormat.java /home/mockbuild/org/mozilla/jss/netscape/security/util/Utils.java /home/mockbuild/org/mozilla/jss/netscape/security/util/ByteArrayLexOrder.java /home/mockbuild/org/mozilla/jss/netscape/security/util/UniversalCharsetDecoder.java /home/mockbuild/org/mozilla/jss/netscape/security/util/DerInputBuffer.java /home/mockbuild/org/mozilla/jss/netscape/security/util/ExtPrettyPrint.java /home/mockbuild/org/mozilla/jss/netscape/security/util/DerEncoder.java /home/mockbuild/org/mozilla/jss/netscape/security/acl/PrincipalImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/acl/GroupImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/acl/AclEntryImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/acl/OwnerImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/acl/WorldGroupImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/acl/PermissionImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/acl/AclImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/acl/AllPermissionsImpl.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/SHA.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/DSAPrivateKey.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/CMS.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/Sun.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/DSAParameterGenerator.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/DSAKeyFactory.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/DSAKeyPairGenerator.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/RSAPublicKey.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/DSA.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/DSAPublicKey.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/MD5.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/DSAParameters.java /home/mockbuild/org/mozilla/jss/netscape/security/provider/X509CertificateFactory.java /home/mockbuild/org/mozilla/jss/provider/javax/crypto/JSSCipherSpi.java /home/mockbuild/org/mozilla/jss/provider/javax/crypto/JSSTrustManagerFactory.java /home/mockbuild/org/mozilla/jss/provider/javax/crypto/JSSTrustManager.java /home/mockbuild/org/mozilla/jss/provider/javax/crypto/JSSKeyGeneratorSpi.java /home/mockbuild/org/mozilla/jss/provider/javax/crypto/JSSKeyManagerFactory.java /home/mockbuild/org/mozilla/jss/provider/javax/crypto/JSSKeyManager.java /home/mockbuild/org/mozilla/jss/provider/javax/crypto/JSSMacSpi.java /home/mockbuild/org/mozilla/jss/provider/javax/crypto/JSSSecretKeyFactorySpi.java /home/mockbuild/org/mozilla/jss/provider/java/security/RC2AlgorithmParameters.java /home/mockbuild/org/mozilla/jss/provider/java/security/JSSSecureRandomSpi.java /home/mockbuild/org/mozilla/jss/provider/java/security/IvAlgorithmParameters.java /home/mockbuild/org/mozilla/jss/provider/java/security/KeyFactorySpi1_2.java /home/mockbuild/org/mozilla/jss/provider/java/security/JSSLoadStoreParameter.java /home/mockbuild/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.java /home/mockbuild/org/mozilla/jss/provider/java/security/JSSMessageDigestSpi.java /home/mockbuild/org/mozilla/jss/provider/java/security/JSSKeyPairGeneratorSpi.java /home/mockbuild/org/mozilla/jss/provider/java/security/JSSSignatureSpi.java /home/mockbuild/org/mozilla/jss/ssl/SSLTest.java /home/mockbuild/org/mozilla/jss/ssl/SocketProxy.java /home/mockbuild/org/mozilla/jss/ssl/SSLCipher.java /home/mockbuild/org/mozilla/jss/ssl/SSLVersionRange.java /home/mockbuild/org/mozilla/jss/ssl/TestCertApprovalCallback.java /home/mockbuild/org/mozilla/jss/ssl/TestClientCertificateSelectionCallback.java /home/mockbuild/org/mozilla/jss/ssl/CipherPolicy.java /home/mockbuild/org/mozilla/jss/ssl/SSLClientCertificateSelectionCallback.java /home/mockbuild/org/mozilla/jss/ssl/SSLAlertDescription.java /home/mockbuild/org/mozilla/jss/ssl/SSLProtocolVariant.java /home/mockbuild/org/mozilla/jss/ssl/PrintOutputStreamWriter.java /home/mockbuild/org/mozilla/jss/ssl/javax/JSSParameters.java /home/mockbuild/org/mozilla/jss/ssl/SSLAlertLevel.java /home/mockbuild/org/mozilla/jss/ssl/SSLHandshakeCompletedListener.java /home/mockbuild/org/mozilla/jss/ssl/SSLOutputStream.java /home/mockbuild/org/mozilla/jss/ssl/SSLSecurityStatus.java /home/mockbuild/org/mozilla/jss/ssl/SSLAlertEvent.java /home/mockbuild/org/mozilla/jss/ssl/SSLHandshakeCompletedEvent.java /home/mockbuild/org/mozilla/jss/ssl/SSLCertificateApprovalCallback.java /home/mockbuild/org/mozilla/jss/ssl/SSLSocketException.java /home/mockbuild/org/mozilla/jss/ssl/SSLSocket.java /home/mockbuild/org/mozilla/jss/ssl/SSLServer.java /home/mockbuild/org/mozilla/jss/ssl/SSLSocketListener.java /home/mockbuild/org/mozilla/jss/ssl/SocketBase.java /home/mockbuild/org/mozilla/jss/ssl/SSLClient.java /home/mockbuild/org/mozilla/jss/ssl/SSLServerSocket.java /home/mockbuild/org/mozilla/jss/ssl/SSLVersion.java /home/mockbuild/org/mozilla/jss/ssl/SSLInputStream.java /home/mockbuild/org/mozilla/jss/NoSuchTokenException.java /home/mockbuild/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java /home/mockbuild/org/mozilla/jss/pkix/primitive/Attribute.java /home/mockbuild/org/mozilla/jss/pkix/primitive/RDN.java /home/mockbuild/org/mozilla/jss/pkix/primitive/DirectoryString.java /home/mockbuild/org/mozilla/jss/pkix/primitive/TooFewElementsException.java /home/mockbuild/org/mozilla/jss/pkix/primitive/AlgorithmIdentifier.java /home/mockbuild/org/mozilla/jss/pkix/primitive/PBEParameter.java /home/mockbuild/org/mozilla/jss/pkix/primitive/PrivateKeyInfo.java /home/mockbuild/org/mozilla/jss/pkix/primitive/AVA.java /home/mockbuild/org/mozilla/jss/pkix/primitive/Name.java /home/mockbuild/org/mozilla/jss/pkix/primitive/SubjectPublicKeyInfo.java /home/mockbuild/org/mozilla/jss/pkix/cmc/IdentityProofV2.java /home/mockbuild/org/mozilla/jss/pkix/cmc/ResponseBody.java /home/mockbuild/org/mozilla/jss/pkix/cmc/PendInfo.java /home/mockbuild/org/mozilla/jss/pkix/cmc/LraPopWitness.java /home/mockbuild/org/mozilla/jss/pkix/cmc/EncryptedPOP.java /home/mockbuild/org/mozilla/jss/pkix/cmc/TaggedAttribute.java /home/mockbuild/org/mozilla/jss/pkix/cmc/PKIData.java /home/mockbuild/org/mozilla/jss/pkix/cmc/OtherInfo.java /home/mockbuild/org/mozilla/jss/pkix/cmc/TaggedCertificationRequest.java /home/mockbuild/org/mozilla/jss/pkix/cmc/BodyPartReference.java /home/mockbuild/org/mozilla/jss/pkix/cmc/CMCCertId.java /home/mockbuild/org/mozilla/jss/pkix/cmc/RevokeRequest.java /home/mockbuild/org/mozilla/jss/pkix/cmc/PopLinkWitnessV2.java /home/mockbuild/org/mozilla/jss/pkix/cmc/TaggedContentInfo.java /home/mockbuild/org/mozilla/jss/pkix/cmc/CMCStatusInfoV2.java /home/mockbuild/org/mozilla/jss/pkix/cmc/TaggedRequest.java /home/mockbuild/org/mozilla/jss/pkix/cmc/OtherMsg.java /home/mockbuild/org/mozilla/jss/pkix/cmc/OtherReqMsg.java /home/mockbuild/org/mozilla/jss/pkix/cmc/DecryptedPOP.java /home/mockbuild/org/mozilla/jss/pkix/cmc/CMCStatusInfo.java /home/mockbuild/org/mozilla/jss/pkix/cmc/ExtendedFailInfo.java /home/mockbuild/org/mozilla/jss/pkix/cmc/GetCert.java /home/mockbuild/org/mozilla/jss/pkix/cmmf/GetCRL.java /home/mockbuild/org/mozilla/jss/pkix/cmmf/PKIStatusInfo.java /home/mockbuild/org/mozilla/jss/pkix/cmmf/CertOrEncCert.java /home/mockbuild/org/mozilla/jss/pkix/cmmf/RevRepContent.java /home/mockbuild/org/mozilla/jss/pkix/cmmf/RevRequest.java /home/mockbuild/org/mozilla/jss/pkix/cmmf/CertResponse.java /home/mockbuild/org/mozilla/jss/pkix/cmmf/CertRepContent.java /home/mockbuild/org/mozilla/jss/pkix/cmmf/CertifiedKeyPair.java /home/mockbuild/org/mozilla/jss/pkix/cmmf/IssuerAndSubject.java /home/mockbuild/org/mozilla/jss/pkix/crmf/EncryptedKey.java /home/mockbuild/org/mozilla/jss/pkix/crmf/EncryptedValue.java /home/mockbuild/org/mozilla/jss/pkix/crmf/POPOPrivKey.java /home/mockbuild/org/mozilla/jss/pkix/crmf/Control.java /home/mockbuild/org/mozilla/jss/pkix/crmf/ChallengeResponseException.java /home/mockbuild/org/mozilla/jss/pkix/crmf/POPOSigningKey.java /home/mockbuild/org/mozilla/jss/pkix/crmf/PKIPublicationInfo.java /home/mockbuild/org/mozilla/jss/pkix/crmf/CertId.java /home/mockbuild/org/mozilla/jss/pkix/crmf/PKIArchiveOptions.java /home/mockbuild/org/mozilla/jss/pkix/crmf/CertTemplate.java /home/mockbuild/org/mozilla/jss/pkix/crmf/CertReqMsg.java /home/mockbuild/org/mozilla/jss/pkix/crmf/ProofOfPossession.java /home/mockbuild/org/mozilla/jss/pkix/crmf/CertRequest.java /home/mockbuild/org/mozilla/jss/pkix/cms/SignedData.java /home/mockbuild/org/mozilla/jss/pkix/cms/SignedAndEnvelopedData.java /home/mockbuild/org/mozilla/jss/pkix/cms/DigestInfo.java /home/mockbuild/org/mozilla/jss/pkix/cms/IssuerAndSerialNumber.java /home/mockbuild/org/mozilla/jss/pkix/cms/EncapsulatedContentInfo.java /home/mockbuild/org/mozilla/jss/pkix/cms/EncryptedData.java /home/mockbuild/org/mozilla/jss/pkix/cms/SignerInfo.java /home/mockbuild/org/mozilla/jss/pkix/cms/ContentInfo.java /home/mockbuild/org/mozilla/jss/pkix/cms/EnvelopedData.java /home/mockbuild/org/mozilla/jss/pkix/cms/SignerIdentifier.java /home/mockbuild/org/mozilla/jss/pkix/cms/RecipientInfo.java /home/mockbuild/org/mozilla/jss/pkix/cms/DigestedData.java /home/mockbuild/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java /home/mockbuild/org/mozilla/jss/pkix/cert/CertificateInfo.java /home/mockbuild/org/mozilla/jss/pkix/cert/SubjectKeyIdentifier.java /home/mockbuild/org/mozilla/jss/pkix/cert/Extension.java /home/mockbuild/org/mozilla/jss/pkix/cert/Certificate.java /home/mockbuild/org/mozilla/jss/pkcs12/SafeBag.java /home/mockbuild/org/mozilla/jss/pkcs12/MacData.java /home/mockbuild/org/mozilla/jss/pkcs12/PasswordConverter.java /home/mockbuild/org/mozilla/jss/pkcs12/AuthenticatedSafes.java /home/mockbuild/org/mozilla/jss/pkcs12/PFX.java /home/mockbuild/org/mozilla/jss/pkcs12/SecretBag.java /home/mockbuild/org/mozilla/jss/pkcs12/CertBag.java /home/mockbuild/org/mozilla/jss/NicknameConflictException.java /home/mockbuild/org/mozilla/jss/nss/Buffer.java /home/mockbuild/org/mozilla/jss/nss/PR.java /home/mockbuild/org/mozilla/jss/nss/SSL.java /home/mockbuild/org/mozilla/jss/nss/BufferProxy.java /home/mockbuild/org/mozilla/jss/nss/SecurityStatusResult.java /home/mockbuild/org/mozilla/jss/nss/PRFDProxy.java /home/mockbuild/org/mozilla/jss/nss/PRErrors.java /home/mockbuild/org/mozilla/jss/CRLImportException.java /home/mockbuild/org/mozilla/jss/SecretDecoderRing/KeyManager.java /home/mockbuild/org/mozilla/jss/SecretDecoderRing/Encoding.java /home/mockbuild/org/mozilla/jss/SecretDecoderRing/Encryptor.java /home/mockbuild/org/mozilla/jss/SecretDecoderRing/Decryptor.java /home/mockbuild/org/mozilla/jss/crypto/TokenException.java /home/mockbuild/org/mozilla/jss/crypto/Cipher.java /home/mockbuild/org/mozilla/jss/crypto/PBEAlgorithm.java /home/mockbuild/org/mozilla/jss/crypto/TokenSupplier.java /home/mockbuild/org/mozilla/jss/crypto/RSAParameterSpec.java /home/mockbuild/org/mozilla/jss/crypto/Algorithm.java /home/mockbuild/org/mozilla/jss/crypto/SecretKeyFacade.java /home/mockbuild/org/mozilla/jss/crypto/NoSuchPaddingException.java /home/mockbuild/org/mozilla/jss/crypto/SecretDecoderRing.java /home/mockbuild/org/mozilla/jss/crypto/KeyPairAlgorithm.java /home/mockbuild/org/mozilla/jss/crypto/KeyPairGenerator.java /home/mockbuild/org/mozilla/jss/crypto/InvalidKeyFormatException.java /home/mockbuild/org/mozilla/jss/crypto/ObjectNotFoundException.java /home/mockbuild/org/mozilla/jss/crypto/Tunnel.java /home/mockbuild/org/mozilla/jss/crypto/SignatureSpi.java /home/mockbuild/org/mozilla/jss/crypto/Signature.java /home/mockbuild/org/mozilla/jss/crypto/HMACAlgorithm.java /home/mockbuild/org/mozilla/jss/crypto/PQGParamGenException.java /home/mockbuild/org/mozilla/jss/crypto/KeyAlreadyImportedException.java /home/mockbuild/org/mozilla/jss/crypto/SymmetricKeyDeriver.java /home/mockbuild/org/mozilla/jss/crypto/TokenCertificate.java /home/mockbuild/org/mozilla/jss/crypto/DigestAlgorithm.java /home/mockbuild/org/mozilla/jss/crypto/KeyGenAlgorithm.java /home/mockbuild/org/mozilla/jss/crypto/TokenSupplierManager.java /home/mockbuild/org/mozilla/jss/crypto/BadPaddingException.java /home/mockbuild/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java /home/mockbuild/org/mozilla/jss/crypto/CryptoToken.java /home/mockbuild/org/mozilla/jss/crypto/JSSSecureRandom.java /home/mockbuild/org/mozilla/jss/crypto/IllegalBlockSizeException.java /home/mockbuild/org/mozilla/jss/crypto/KeyWrapper.java /home/mockbuild/org/mozilla/jss/crypto/CryptoStore.java /home/mockbuild/org/mozilla/jss/crypto/NoSuchItemOnTokenException.java /home/mockbuild/org/mozilla/jss/crypto/PBEKeyGenParams.java /home/mockbuild/org/mozilla/jss/crypto/IVParameterSpec.java /home/mockbuild/org/mozilla/jss/crypto/InvalidDERException.java /home/mockbuild/org/mozilla/jss/crypto/JSSMessageDigest.java /home/mockbuild/org/mozilla/jss/crypto/KeyWrapAlgorithm.java /home/mockbuild/org/mozilla/jss/crypto/PQGParams.java /home/mockbuild/org/mozilla/jss/crypto/AlreadyInitializedException.java /home/mockbuild/org/mozilla/jss/crypto/InternalCertificate.java /home/mockbuild/org/mozilla/jss/crypto/SignatureAlgorithm.java /home/mockbuild/org/mozilla/jss/crypto/ShortBufferException.java /home/mockbuild/org/mozilla/jss/crypto/X509Certificate.java /home/mockbuild/org/mozilla/jss/crypto/TokenRuntimeException.java /home/mockbuild/org/mozilla/jss/crypto/KeyGenerator.java /home/mockbuild/org/mozilla/jss/crypto/EncryptionAlgorithm.java /home/mockbuild/org/mozilla/jss/crypto/PrivateKey.java /home/mockbuild/org/mozilla/jss/crypto/SymmetricKey.java
12:47:21  Note: Some input files use or override a deprecated API.
[2019-09-12T17:47:21.313Z] Note: Recompile with -Xlint:deprecation for details.
[2019-09-12T17:47:21.313Z] touch /home/mockbuild/build/.targets/finished_generate_java
12:47:21  [  3%] Generating .targets/finished_tests_generate_java
12:47:21  /usr/bin/javac -classpath /home/mockbuild/build/slf4j-api-1.7.26.jar:/home/mockbuild/build/commons-codec-1.12.jar:/home/mockbuild/build/commons-lang-2.6.jar:/home/mockbuild/build/jaxb-api-2.3.1.jar:/home/mockbuild/build/junit-4.12.jar -sourcepath /home/mockbuild -target 1.8 -source 1.8 -O -d /home/mockbuild/build/classes/tests -h /home/mockbuild/build/include/jss/_jni /home/mockbuild/org/mozilla/jss/tests/JSSProvider.java /home/mockbuild/org/mozilla/jss/tests/ClassServer.java /home/mockbuild/org/mozilla/jss/tests/PrintableStringTest.java /home/mockbuild/org/mozilla/jss/tests/SymKeyGen.java /home/mockbuild/org/mozilla/jss/tests/UTF8StringTest.java /home/mockbuild/org/mozilla/jss/tests/SymKeyDeriving.java /home/mockbuild/org/mozilla/jss/tests/GenericASN1ExtensionTest.java /home/mockbuild/org/mozilla/jss/tests/DigestTest.java /home/mockbuild/org/mozilla/jss/tests/TestBufferPRFD.java /home/mockbuild/org/mozilla/jss/tests/TestPRFD.java /home/mockbuild/org/mozilla/jss/tests/KeyStoreTest.java /home/mockbuild/org/mozilla/jss/tests/TestPKCS11Constants.java /home/mockbuild/org/mozilla/jss/tests/FilePasswordCallback.java /home/mockbuild/org/mozilla/jss/tests/ListCerts.java /home/mockbuild/org/mozilla/jss/tests/TestCertificateApprovalCallback.java /home/mockbuild/org/mozilla/jss/tests/PrintableConverterTest.java /home/mockbuild/org/mozilla/jss/tests/X509CertTest.java /home/mockbuild/org/mozilla/jss/tests/TestKeyGen.java /home/mockbuild/org/mozilla/jss/tests/GenerateTestCert.java /home/mockbuild/org/mozilla/jss/tests/CloseDBs.java /home/mockbuild/org/mozilla/jss/tests/SetupDBs.java /home/mockbuild/org/mozilla/jss/tests/SelfTest.java /home/mockbuild/org/mozilla/jss/tests/VerifyCert.java /home/mockbuild/org/mozilla/jss/tests/JSSE_SSLServer.java /home/mockbuild/org/mozilla/jss/tests/TestBuffer.java /home/mockbuild/org/mozilla/jss/tests/ListCACerts.java /home/mockbuild/org/mozilla/jss/tests/JSS_FileUploadServer.java /home/mockbuild/org/mozilla/jss/tests/KeyFactoryTest.java /home/mockbuild/org/mozilla/jss/tests/JSS_FileUploadClient.java /home/mockbuild/org/mozilla/jss/tests/JSSUtil.java /home/mockbuild/org/mozilla/jss/tests/BMPStringTest.java /home/mockbuild/org/mozilla/jss/tests/StringTestUtil.java /home/mockbuild/org/mozilla/jss/tests/ChainSortingTest.java /home/mockbuild/org/mozilla/jss/tests/KeyWrapping.java /home/mockbuild/org/mozilla/jss/tests/DirStrConverterTest.java /home/mockbuild/org/mozilla/jss/tests/JSS_SelfServClient.java /home/mockbuild/org/mozilla/jss/tests/TestSDR.java /home/mockbuild/org/mozilla/jss/tests/ConverterTestUtil.java /home/mockbuild/org/mozilla/jss/tests/BigObjectIdentifier.java /home/mockbuild/org/mozilla/jss/tests/SigTest.java /home/mockbuild/org/mozilla/jss/tests/IA5StringConverterTest.java /home/mockbuild/org/mozilla/jss/tests/JSSPackageTest.java /home/mockbuild/org/mozilla/jss/tests/JSS_SelfServServer.java /home/mockbuild/org/mozilla/jss/tests/FipsTest.java /home/mockbuild/org/mozilla/jss/tests/IA5StringTest.java /home/mockbuild/org/mozilla/jss/tests/JCASigTest.java /home/mockbuild/org/mozilla/jss/tests/HmacTest.java /home/mockbuild/org/mozilla/jss/tests/UTF8ConverterTest.java /home/mockbuild/org/mozilla/jss/tests/UniversalStringTest.java /home/mockbuild/org/mozilla/jss/tests/JCASymKeyGen.java /home/mockbuild/org/mozilla/jss/tests/Constants.java /home/mockbuild/org/mozilla/jss/tests/GenericValueConverterTest.java /home/mockbuild/org/mozilla/jss/tests/TeletexStringTest.java /home/mockbuild/org/mozilla/jss/tests/PK10Gen.java /home/mockbuild/org/mozilla/jss/tests/DEROutputStreamTests.java /home/mockbuild/org/mozilla/jss/tests/SSLClientAuth.java /home/mockbuild/org/mozilla/jss/tests/EnumerationZeroTest.java /home/mockbuild/org/mozilla/jss/tests/TestRawSSL.java /home/mockbuild/org/mozilla/jss/tests/EmptyDerValue.java /home/mockbuild/org/mozilla/jss/tests/SDR.java /home/mockbuild/org/mozilla/jss/tests/JSSE_SSLClient.java /home/mockbuild/org/mozilla/jss/tests/JCAKeyWrap.java
12:47:21  /home/mockbuild/org/mozilla/jss/tests/TestBufferPRFD.java:8: error: package org.mozilla.jss.pkix does not exist
[2019-09-12T17:47:21.313Z] import org.mozilla.jss.pkix.*;
[2019-09-12T17:47:21.313Z] ^
[2019-09-12T17:47:24.602Z] Note: Some input files use or override a deprecated API.
[2019-09-12T17:47:24.602Z] Note: Recompile with -Xlint:deprecation for details.
[2019-09-12T17:47:24.602Z] 1 error
[2019-09-12T17:47:24.602Z] make[2]: *** [.targets/finished_tests_generate_java] Error 1
[2019-09-12T17:47:24.602Z] make[2]: Leaving directory `/home/mockbuild/build'
12:47:24  make[1]: *** [CMakeFiles/generate_java.dir/all] Error 2
[2019-09-12T17:47:24.602Z] make[1]: Leaving directory `/home/mockbuild/build'
12:47:24  make: *** [all] Error 2

$ pki client-init --force

$ pki nss-cert-request \
    --subject "CN=Certificate Authority" \
    --ext /usr/share/pki/server/certs/ca_signing.conf \
    --csr ca_signing.csr

$ pki nss-cert-issue \
    --csr ca_signing.csr \
    --ext /usr/share/pki/server/certs/ca_signing.conf \
    --cert ca_signing.crt

$ pki nss-cert-import --cert ca_signing.crt --trust CT,C,C ca_signing

$ pk12util -d ~/.dogtag/nssdb -o test.p12 -W Secret.123 -n ca_signing

$ pki --debug pkcs12-cert-find --pkcs12-file test.p12 --pkcs12-password Secret.123
...
java.lang.Exception: Unable to validate PKCS #12 file: Digests do not match
	at org.mozilla.jss.netscape.security.pkcs.PKCS12Util.loadFromByteArray(PKCS12Util.java:839)
	at org.mozilla.jss.netscape.security.pkcs.PKCS12Util.loadFromFile(PKCS12Util.java:825)
	at com.netscape.cmstools.pkcs12.PKCS12CertFindCLI.execute(PKCS12CertFindCLI.java:128)
	at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58)
	at org.dogtagpki.cli.CLI.execute(CLI.java:357)
	at org.dogtagpki.cli.CLI.execute(CLI.java:357)
	at org.dogtagpki.cli.CLI.execute(CLI.java:357)
	at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:656)
	at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:694)
...

INFO: PKISocketFactory: Creating socket for pki.example.com:389
com.netscape.certsrv.base.PKIException: LDAP error (1): Operations error
	at com.netscape.certsrv.ldap.LDAPExceptionConverter.toPKIException(LDAPExceptionConverter.java:47)
	at com.netscape.cmscore.usrgrp.UGSubsystem.modifyGroup(UGSubsystem.java:1782)
	at org.dogtagpki.server.cli.SubsystemGroupMemberAddCLI.execute(SubsystemGroupMemberAddCLI.java:76)
	at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58)
	at org.dogtagpki.cli.CLI.execute(CLI.java:353)
	at org.dogtagpki.cli.CLI.execute(CLI.java:353)
	at org.dogtagpki.cli.CLI.execute(CLI.java:353)
	at org.dogtagpki.cli.CLI.execute(CLI.java:353)
	at org.dogtagpki.server.cli.PKIServerCLI.execute(PKIServerCLI.java:93)
	at org.dogtagpki.server.cli.PKIServerCLI.main(PKIServerCLI.java:123)
Caused by: netscape.ldap.LDAPException: Operations error (1)
	at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4933)
	at netscape.ldap.LDAPConnection.modify(LDAPConnection.java:3201)
	at netscape.ldap.LDAPConnection.modify(LDAPConnection.java:3139)
	at netscape.ldap.LDAPConnection.modify(LDAPConnection.java:3149)
	at netscape.ldap.LDAPConnection.modify(LDAPConnection.java:3114)
	at com.netscape.cmscore.usrgrp.UGSubsystem.modifyGroup(UGSubsystem.java:1779)
	... 8 more
ERROR: CalledProcessError: Command '['/usr/sbin/runuser', '-u', 'pkiuser', '--', '/usr/lib/jvm/jre-17-openjdk/bin/java', '-classpath', '/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/tks/webapps/tks/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*', '-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory', '-Dcatalina.base=/var/lib/pki/pki-tomcat', '-Dcatalina.home=/usr/share/tomcat', '-Djava.endorsed.dirs=', '-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp', '-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties', '-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager', '-Dcom.redhat.fips=false', 'org.dogtagpki.server.cli.PKIServerCLI', 'tks-group-member-add', '--verbose', 'Administrators', 'tksadmin']' returned non-zero exit status 255.
  File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 568, in main
    deployer.spawn()
  File "/usr/lib/python3.12/site-packages/pki/server/deployment/__init__.py", line 4985, in spawn
    scriptlet.spawn(self)
  File "/usr/lib/python3.12/site-packages/pki/server/deployment/scriptlets/configuration.py", line 191, in spawn
    deployer.setup_admin_user(subsystem, admin_cert)
  File "/usr/lib/python3.12/site-packages/pki/server/deployment/__init__.py", line 3934, in setup_admin_user
    subsystem.add_group_member(group, uid)
  File "/usr/lib/python3.12/site-packages/pki/server/subsystem.py", line 1837, in add_group_member
    self.run(cmd, as_current_user=as_current_user)
  File "/usr/lib/python3.12/site-packages/pki/server/subsystem.py", line 2210, in run
    return subprocess.run(
           ^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,