diff -ur ./Changelog.txt ../../302/ejbca/Changelog.txt
--- ./Changelog.txt	Mon May 31 18:20:33 2004
+++ ../../302/ejbca/Changelog.txt	Wed Jun 30 10:41:20 2004
@@ -1,6 +1,20 @@
+3.0.2
+-----
+Removed wirting of testfile foo.crt.
+Changed version in web-GUI.
+
+3.0.1
+-----
+Fixed subject DN field removal bugg of UNSTRUCTURED IPADDRESS and UNSTRUCTURED NAME.
+Fixed bugg where PKCS7 header and footer always was generated when using manual pkcs10.
+Fixed warning in SSL deployment with JBoss 3.2.4.
+Long timeout for ca creation in JBoss 3.2.4.
+Fix for keystore path in Tomcat41-JBoss32.
+Some doc and xml fixes.
+
 3.0
 ---
-Added unstructuredname, unstructuredaddress and GUID to subjectdn and alternative name
+Added unstructuredname, unstructuredaddress to subjectdn.
 Cleaned system.out debug logs.
 Digital signature in default key usage to make ocsp work out of the box.
 Added support for iPAddress alternative name.
diff -ur ./doc/HOWTO-LDAP.txt ../../302/ejbca/doc/HOWTO-LDAP.txt
--- ./doc/HOWTO-LDAP.txt	Sun Mar 21 11:07:27 2004
+++ ../../302/ejbca/doc/HOWTO-LDAP.txt	Tue Jun 22 08:36:04 2004
@@ -108,6 +108,17 @@
 Choose this, and then when adding end-entities, make sure they use the new certificate 
 profile and voila, the certs will be published.
 
+Publishing to AD
+----------------
+When configuring Active Directory LDAP, Bind DN for the users are usually, 
+cn=<user>,cn=Users,dc=<domain-component>,dc=<domain-component>. 
+For example: cn=Philip Vendil,cn=Users,dc=primekey,dc=se
+
+If your DN is like "cn=Ejbca1,0=MyOrg,c=SE" and your base DN is like
+"DC=Security,DC=Software,DC=MyOrg".
+The publisher for AD should have base DN like
+"cn=Users,dc=security,dc=software,dc=MyOrg"
+
 CONFIGURE OpenLDAP
 ==================
 The objectclass 'inetOrgPerson' is used by default to store certificates.
diff -ur ./doc/README ../../302/ejbca/doc/README
--- ./doc/README	Wed Jun  2 08:20:17 2004
+++ ../../302/ejbca/doc/README	Tue Jun 22 08:36:04 2004
@@ -1,4 +1,4 @@
-$Id: README,v 1.150 2004/06/02 06:20:17 anatom Exp $
+$Id: README,v 1.150.2.1 2004/06/22 06:36:04 anatom Exp $
 
 This software is OSI Certified Open Source Software.
 OSI Certified is a certification mark of the Open Source
@@ -512,20 +512,12 @@
 
 Configuring Publishers (LDAP)
 -----------------------------
-To publish certificates and CRLs in an LDAP directory, uncomment
-the section
-for the session bean 'PublisherSession1' in 'ca/ca/META-INF/ejb-
-jar.xml', and
-also the section for method permissions for the same session
-bean. This will
-configure an LDAPPublisherSession so be deployed and when
-certificates and CRLs
-are created. Don't formget to edit parameters to
-'PublisherSession1' to match
-your LDAP server.
-Additional Publishers can be configured by adding new session
-beans called
-'PublisherSession2', 'PublisherSession3', etc to ejb-jar.xml.
+To publish certificates and CRLs in an LDAP directory, configure Publishers 
+in the adminGUI.
+
+When configuring Active Directory LDAP, Bind DN for the users are usually, 
+cn=<user>,cn=Users,dc=<domain-component>,dc=<domain-component>. 
+For example: cn=Philip Vendil,cn=Users,dc=primekey,dc=se
 
 Batch creation of certificates
 ------------------------------
diff -ur ./doc/create-tables-ejbca3.sql ../../302/ejbca/doc/create-tables-ejbca3.sql
--- ./doc/create-tables-ejbca3.sql	Sun May  9 11:15:17 2004
+++ ../../302/ejbca/doc/create-tables-ejbca3.sql	Fri Jun 18 13:44:08 2004
@@ -21,6 +21,7 @@
 CREATE TABLE ENDENTITYPROFILEDATA(ID INTEGER NOT NULL PRIMARY KEY,PROFILENAME VARCHAR(256),DATA VARBINARY)
 CREATE TABLE GLOBALCONFIGURATIONDATA(CONFIGURATIONID VARCHAR(256) NOT NULL PRIMARY KEY,DATA VARBINARY)
 CREATE TABLE HARDTOKENPROPERTYDATA(ID INTEGER NOT NULL,PROPERTY VARCHAR(256) NOT NULL,VALUE VARCHAR(256),CONSTRAINT PK_HARDTOKENPROPERTYDATA PRIMARY KEY(ID,PROPERTY))
+CREATE TABLE PUBLISHERDATA(ID INTEGER NOT NULL PRIMARY KEY,NAME VARCHAR(256),UPDATECOUNTER INTEGER NOT NULL,DATA VARCHAR(256))
 
 MySQL
 =====
@@ -152,7 +153,7 @@
 );
 
 CREATE TABLE hardtokenpropertydata (
-    id int(11) NOT NULL DEFAULT '0',
+    id varchar(250) binary NOT NULL DEFAULT '',
     property varchar(250) binary NOT NULL DEFAULT '',
     value varchar(250) binary NULL DEFAULT NULL,
     PRIMARY KEY (id, property)
@@ -188,6 +189,14 @@
     PRIMARY KEY (id)
 );
 
+CREATE TABLE publisherdata (
+    id int(11) NOT NULL DEFAULT '0',
+    name varchar(250) binary NULL DEFAULT NULL,
+    updateCounter int(11) NOT NULL DEFAULT '0',
+    data text NULL DEFAULT NULL,
+    PRIMARY KEY (id)
+);
+
 CREATE TABLE userdata (
     username varchar(250) binary NOT NULL DEFAULT '',
     subjectDN varchar(250) binary NULL DEFAULT NULL,
@@ -207,4 +216,4 @@
     keyStorePassword varchar(250) binary NULL DEFAULT NULL,
     extendedInformationData longblob NULL DEFAULT NULL,
     PRIMARY KEY (username)
-);
+);
\ No newline at end of file
diff -ur ./src/adminweb/WEB-INF/tomcat41-jboss32.xml ../../302/ejbca/src/adminweb/WEB-INF/tomcat41-jboss32.xml
--- ./src/adminweb/WEB-INF/tomcat41-jboss32.xml	Wed Jan  7 11:15:47 2004
+++ ../../302/ejbca/src/adminweb/WEB-INF/tomcat41-jboss32.xml	Fri Jun 11 08:28:22 2004
@@ -108,7 +108,7 @@
                  address="${jboss.bind.address}" port="8442" minProcessors="5" maxProcessors="75" 
                  enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true">
                  <Factory className = "org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
-                   keystoreFile="../../bin/tomcat.jks"
+                   keystoreFile="${jboss.server.home.dir}/../../bin/tomcat.jks"
                    keystorePass="foo123"
                    protocol = "TLS"
                    clientAuth="false"/>
@@ -119,7 +119,7 @@
                  address="${jboss.bind.address}" port="8443" minProcessors="5" maxProcessors="75" 
                  enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true">
                  <Factory className = "org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
-                   keystoreFile="../../bin/tomcat.jks"
+                   keystoreFile="${jboss.server.home.dir}/../../bin/tomcat.jks"
                    keystorePass="foo123"
                    protocol = "TLS"
                    clientAuth="true"/>
diff -ur ./src/adminweb/WEB-INF/tomcat50-jboss32.xml ../../302/ejbca/src/adminweb/WEB-INF/tomcat50-jboss32.xml
--- ./src/adminweb/WEB-INF/tomcat50-jboss32.xml	Thu Apr  8 08:36:49 2004
+++ ../../302/ejbca/src/adminweb/WEB-INF/tomcat50-jboss32.xml	Tue Jun  8 10:51:46 2004
@@ -1,17 +1,23 @@
 <Server>
 
-  <Service name="jboss.web">
+   <!-- Use a custom version of StandardService that allows the
+   connectors to be started independent of the normal lifecycle
+   start to allow web apps to be deployed before starting the
+   connectors.
+   -->
+   <Service name="jboss.web"
+      className="org.jboss.web.tomcat.tc5.StandardService">
 
-    <!-- A HTTP/1.1 Connector on port 8080 -->
-    <Connector port="8080" address="${jboss.bind.address}"
+      <!-- A HTTP/1.1 Connector on port 8080 -->
+      <Connector port="8080" address="${jboss.bind.address}"
          maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
          enableLookups="false" redirectPort="8443" acceptCount="100"
-         connectionTimeout="20000" disableUploadTimeout="true" />
+         connectionTimeout="20000" disableUploadTimeout="true"/>
 
-    <!-- A AJP 1.3 Connector on port 8009 -->
-    <Connector port="8009" address="${jboss.bind.address}"
+      <!-- A AJP 1.3 Connector on port 8009 -->
+      <Connector port="8009" address="${jboss.bind.address}"
          enableLookups="false" redirectPort="8443" debug="0"
-         protocol="AJP/1.3" />
+         protocol="AJP/1.3"/>
 
     <!-- A HTTPS Connector without client cert on port 8442 -->
     <Connector port="8442" address="${jboss.bind.address}"
@@ -27,44 +33,46 @@
          keystoreFile="${jboss.server.home.dir}/../../bin/tomcat.jks"
          keystorePass="foo123" sslProtocol = "TLS" />
 
-    <Engine name="jboss.web" defaultHost="localhost">
+      <Engine name="jboss.web" defaultHost="localhost">
 
-      <Logger className="org.jboss.web.tomcat.Log4jLogger"
-          verbosityLevel="INFORMATION" 
-          category="org.jboss.web.localhost.Engine"/>
-
-      <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
-         subjectAttributeName="j_subject"
-         certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
-         />
-
-      <Host name="localhost" autoDeploy="false">
-
-        <!-- Access logger -->
-        <!--
-        <Valve className="org.apache.catalina.valves.AccessLogValve"
-           prefix="localhost_access_log." suffix=".log"
-           pattern="common" directory="${jboss.server.home.dir}/log" 
-           resolveHosts="false" />
-        -->
-
-        <!-- Uncomment to enable single sign-on across web apps
-        deployed to this host.
-        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
-           debug="0"/>
-        -->
+         <Logger className="org.jboss.web.tomcat.Log4jLogger"
+            verbosityLevel="WARNING"
+            category="org.jboss.web.localhost.Engine"/>
+
+         <Host name="localhost"
+            autoDeploy="false" deployOnStartup="false" deployXML="false">
+
+            <!-- Access logger -->
+            <!--
+            <Valve className="org.apache.catalina.valves.AccessLogValve"
+               prefix="localhost_access_log." suffix=".log"
+               pattern="common" directory="${jboss.server.home.dir}/log" 
+               resolveHosts="false" />
+            -->
+
+            <!-- Uncomment to enable single sign-on across web apps
+               deployed to this host. Does not provide SSO across a cluster.     
+            
+               If this valve is used, do not use the JBoss SingleSignOn valve 
+               shown below. 
+            -->
+            <!--
+            <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+               debug="0"/>
+            -->
          
-         <!-- Check for unclosed connections -->
-        <Valve className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
-            cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager" />
+            <!-- Uncomment to check for unclosed connections in servlets/jsps
+            <Valve className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
+                cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager" />
+            -->
 
-        <!-- Default context parameters -->
-        <DefaultContext cookies="true" crossContext="true" override="true" />
+            <!-- Default context parameters -->
+            <DefaultContext cookies="true" crossContext="true" override="true"/>
 
-      </Host>
+         </Host>
 
-    </Engine>
+      </Engine>
 
-  </Service>
+   </Service>
 
 </Server>
diff -ur ./src/authorization/META-INF/ejb-jar.xml ../../302/ejbca/src/authorization/META-INF/ejb-jar.xml
--- ./src/authorization/META-INF/ejb-jar.xml	Fri May 28 10:32:27 2004
+++ ../../302/ejbca/src/authorization/META-INF/ejb-jar.xml	Tue Jun 22 08:15:35 2004
@@ -356,7 +356,7 @@
      </method>
      <method>
          <ejb-name>AuthorizationSession</ejb-name>
-         <method-name>getAuthorizedAdminGroupsNames</method-name>
+         <method-name>getAuthorizedAdminGroupNames</method-name>
      </method>     
      <method>
          <ejb-name>AuthorizationSession</ejb-name>
diff -ur ./src/ca/ca/META-INF/jboss.xml ../../302/ejbca/src/ca/ca/META-INF/jboss.xml
--- ./src/ca/ca/META-INF/jboss.xml	Sun May 30 17:56:59 2004
+++ ../../302/ejbca/src/ca/ca/META-INF/jboss.xml	Tue Jun  8 13:38:21 2004
@@ -5,8 +5,10 @@
       <session>
         <ejb-name>CAAdminSession</ejb-name>
         <method-attributes>
-              <method-name>createCA</method-name>
-              <transaction-timeout>900</transaction-timeout>           
+              <method>
+                  <method-name>createCA</method-name>
+                  <transaction-timeout>900</transaction-timeout>           
+              </method>
         </method-attributes>
       </session>
     </enterprise-beans>
diff -ur ./src/java/se/anatom/ejbca/apply/CertReqServlet.java ../../302/ejbca/src/java/se/anatom/ejbca/apply/CertReqServlet.java
--- ./src/java/se/anatom/ejbca/apply/CertReqServlet.java	Mon May 31 16:29:06 2004
+++ ../../302/ejbca/src/java/se/anatom/ejbca/apply/CertReqServlet.java	Tue Jun 22 13:04:12 2004
@@ -74,7 +74,7 @@
  * </p>
  *
  * @author Original code by Lars Silv?n
- * @version $Id: CertReqServlet.java,v 1.45 2004/05/31 14:29:06 anatom Exp $
+ * @version $Id: CertReqServlet.java,v 1.45.2.1 2004/06/22 11:04:12 herrvendil Exp $
  */
 public class CertReqServlet extends HttpServlet {
     private static Logger log = Logger.getLogger(CertReqServlet.class);
@@ -198,7 +198,7 @@
             }
             if(tokentype == SecConst.TOKEN_SOFT_BROWSERGEN){
 
-              // first check if it is a netcsape request,
+              // first check if it is a netscape request,
               if (request.getParameter("keygen") != null) {
                   byte[] reqBytes=request.getParameter("keygen").getBytes();
                   log.debug("Received NS request:"+new String(reqBytes));
@@ -222,7 +222,10 @@
                   byte[] reqBytes=request.getParameter("pkcs10req").getBytes();
                   if (reqBytes != null) {
                       byte[] b64cert=helper.pkcs10CertRequest(signsession, reqBytes, username, password, resulttype);
-                    RequestHelper.sendNewB64Cert(b64cert, response, RequestHelper.BEGIN_PKCS7_WITH_NL, RequestHelper.END_PKCS7_WITH_NL);
+                    if(resulttype == RequestHelper.ENCODED_PKCS7)  
+                      RequestHelper.sendNewB64Cert(b64cert, response, RequestHelper.BEGIN_PKCS7_WITH_NL, RequestHelper.END_PKCS7_WITH_NL);
+                    if(resulttype == RequestHelper.ENCODED_CERTIFICATE)
+                      RequestHelper.sendNewB64Cert(b64cert, response, RequestHelper.BEGIN_CERTIFICATE_WITH_NL, RequestHelper.END_CERTIFICATE_WITH_NL);	
                   }
               }
             }
diff -ur ./src/java/se/anatom/ejbca/ca/caadmin/X509CA.java ../../302/ejbca/src/java/se/anatom/ejbca/ca/caadmin/X509CA.java
--- ./src/java/se/anatom/ejbca/ca/caadmin/X509CA.java	Mon May 31 18:20:33 2004
+++ ../../302/ejbca/src/java/se/anatom/ejbca/ca/caadmin/X509CA.java	Wed Jun 30 10:41:22 2004
@@ -102,7 +102,7 @@
  * X509CA is a implementation of a CA and holds data specific for Certificate and CRL generation 
  * according to the X509 standard. 
  *
- * @version $Id: X509CA.java,v 1.27 2004/05/31 16:20:33 anatom Exp $
+ * @version $Id: X509CA.java,v 1.27.2.1 2004/06/30 08:41:22 anatom Exp $
  */
 public class X509CA extends CA implements Serializable {
 
@@ -445,9 +445,6 @@
         
         // Verify before returning
         cert.verify(getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN));
-            FileOutputStream os = new FileOutputStream("\\foo.crt");
-            os.write(cert.getEncoded());
-            os.close();
         log.debug(">X509CA: generate certificate, CA "+ this.getCAId() + " for DN=" + subject.getDN());
             
       return (X509Certificate) cert;                                                                                        
diff -ur ./src/java/se/anatom/ejbca/ra/raadmin/EndEntityProfile.java ../../302/ejbca/src/java/se/anatom/ejbca/ra/raadmin/EndEntityProfile.java
--- ./src/java/se/anatom/ejbca/ra/raadmin/EndEntityProfile.java	Wed Jun  2 10:16:16 2004
+++ ../../302/ejbca/src/java/se/anatom/ejbca/ra/raadmin/EndEntityProfile.java	Tue Jun 22 13:18:43 2004
@@ -31,7 +31,7 @@
  * of ejbca web interface.
  *
  * @author  Philip Vendil
- * @version $Id: EndEntityProfile.java,v 1.26 2004/06/02 08:16:16 herrvendil Exp $
+ * @version $Id: EndEntityProfile.java,v 1.26.2.1 2004/06/22 11:18:43 herrvendil Exp $
  */
 public class EndEntityProfile extends UpgradeableDataHashMap implements java.io.Serializable, Cloneable {
 
@@ -247,7 +247,7 @@
         }
 
         // Remove from order list.
-        if(parameter >= OLDDNE && parameter <= COUNTRY){
+        if(parameter >= OLDDNE && parameter <= COUNTRY || parameter == UNSTRUCTUREDADDRESS || parameter == UNSTRUCTUREDNAME){
           ArrayList fieldorder = (ArrayList) data.get(SUBJECTDNFIELDORDER);
           int value = (NUMBERBOUNDRARY*parameter) + number;
           for(int i=0; i < fieldorder.size(); i++){
@@ -258,7 +258,7 @@
           }
         }
 
-        if((parameter >= RFC822NAME && parameter <= REGISTEREDID) || parameter == UPN || parameter == UNSTRUCTUREDADDRESS || parameter == UNSTRUCTUREDNAME || parameter == GUID){
+        if((parameter >= RFC822NAME && parameter <= REGISTEREDID) || parameter == UPN  || parameter == GUID){
           ArrayList fieldorder = (ArrayList) data.get(SUBJECTALTNAMEFIELDORDER);
           int value = (NUMBERBOUNDRARY*parameter) + number;
           for(int i=0; i < fieldorder.size(); i++){
diff -ur ./src/java/se/anatom/ejbca/ra/raadmin/GlobalConfiguration.java ../../302/ejbca/src/java/se/anatom/ejbca/ra/raadmin/GlobalConfiguration.java
--- ./src/java/se/anatom/ejbca/ra/raadmin/GlobalConfiguration.java	Sat May 22 12:55:07 2004
+++ ../../302/ejbca/src/java/se/anatom/ejbca/ra/raadmin/GlobalConfiguration.java	Wed Jun 30 10:41:25 2004
@@ -18,14 +18,14 @@
 /**
  * This is a  class containing global configuration parameters.
  *
- * @version $Id: GlobalConfiguration.java,v 1.12 2004/05/22 10:55:07 anatom Exp $
+ * @version $Id: GlobalConfiguration.java,v 1.12.2.1 2004/06/30 08:41:25 anatom Exp $
  */
 public class GlobalConfiguration extends UpgradeableDataHashMap implements java.io.Serializable {
 
     // Default Values
     public static final float LATEST_VERSION = 1;
     
-    public static final String EJBCA_VERSION = "EJBCA 3.0";
+    public static final String EJBCA_VERSION = "EJBCA 3.0.2";
 
 
     // Entries to choose from in userpreference part, defines the size of data to be displayed on one page.