Dogtag-pki

See changes [since v7.2.4](https://github.com/dogtagpki/tomcatjss/compare/v7.2.4...v7.2.5).

This release features many improvements over the `v4.6.x` series:

Features:

- Support for `javax.net.ssl` interfaces, including `SSLContext`, [`SSLEngine`](https://github.com/dogtagpki/jss/blob/master/docs/usage/jssengine.md), and `SSLSocket`,
- Support for loading JSS via the `java.security` [provider list](https://github.com/dogtagpki/jss/blob/master/docs/usage/jssprovider.md),
- Support for newer NSS versions which replace `_NETSCAPE_` PKCS11 constants with `_NSS_` versions,
- Support for RSA/PSS signatures (thanks jmagne!),
- Additional support for `TrustManager`s and `KeyManager`s.

Bug fixes:

- Various memory leak fixes (thanks ZuluForce!),
- Stable ordering of extensions in a `netscape.security` certificate (thanks ladycfu!),
- Fix various issues with Base64 decoding related to removal of the `apache-commons-codec` dependency,

Thank you to everyone who contributed to this release!

This release features improvements over [`v4.6.3`](https://github.com/dogtagpki/jss/releases/tag/v4.6.3):

- Fixed base-64 encoding of CSRs
- Fixed PBE handling
- Detect broken NSS versions with partial CMAC support
- Fix NativeProxy memory leaks present since v4.6.2

Thanks to everyone who contributed to this release!

`Signed-off-by: Alexander Scheel <ascheelredhat.com>`

This version of JSS has a few enhancements over v4.6.2:

- Support for NIST SP800-108 KBKDF
- Various enhancements towards a `SSLEngine` implementation
- Modernized exception constructors
- Various reductions in memory leaks (with thanks to Code42)
- Introduce `jss.crypto.Policy` to reflect local system crypto-policies.
This allows callers of JSS to inquiry about, e.g., minimum RSA key
sizes independent of platform.
- Various enhancements to the build system

Note that this version of JSS is incompatible with NSS versions between

This version of JSS has a security fix:

- [CVE-2019-14823](https://nvd.nist.gov/vuln/detail/CVE-2019-14823): Fix root certificate validation when using Leaf and Chain OCSP mode

This version of JSS also has a few enhancements over v4.6.1:

- Fixing JSS internal deprecation warnings by emaldona
- Fixing javadoc builds by stanislavlevin
- Introduce a new InitializationValue, [`installJSSProviderFirst`](https://github.com/dogtagpki/jss/pull/240), to support favoring other cryptographic providers.
- Add support for CMAC as a Mac algorithm from JSSProvider; note that this requires JSS to be compiled with a NSS release which [also supports CMAC](https://bugzilla.mozilla.org/show_bug.cgi?id=1570501) (3.47+).
- Various improvements to the Key APIs.

Thanks to everyone who contributed to this release!

This version of JSS has a few enhancements over v4.6.0:

- Fixed LD_FLAG handling,
- Extensions to the unfinished org.mozilla.jss.nss interface,
- Better handling of uncleared passwords (by edewata),
- Better test handling in FIPS mode,
- Changes to SymmetricKey and HMAC handling,
- Fix typo in JUnit CMake variable (by Dessa).

Thanks to everyone who contributed to this release!