[Pki-devel] [PATCH] PKI Deployment Framework PKI TRAC issues (08/14/2012)

This patch documents continued implementation of the PKI Deployment Framework based upon the revised filesystem layout documented here: * http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_... This patch addresses the following issues: * TRAC Ticket #266 - for non-master CA subsystems, pkidestroy needs to contact the security domain to update the domain * Made Fedora 17 rely upon tomcatjss 7.0.0 or later It has been tested and proven to work successfully to spawn/destroy/spawn a KRA as a separate instance on a 64-bit Fedora 17 machine (using the appropriate 'tomcatjss.jar'). P. S. - While fixing the parameters passed via "outputError()" in 'base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java', I noticed that several of the other servlets in this directory also utilized the "AUTH_FAILURE" error value for the second argument of "outputError()" which gets passed as the string "2" --- while this string is technically acceptable, I believe that this may be old usage of some legacy parent method since "outputError()" is currently defined in "base/common/src/com/netscape/cms/servlet/base/CMSServlet.java" as: * protected void outputError(HttpServletResponse httpResp, String errorString) * protected void outputError(HttpServletResponse httpResp, String errorString, String requestId) * protected void outputError(HttpServletResponse httpResp, String status, String errorString, String requestId) so for all of my changes to "outputError()" in "UpdateDomainXML.java", I merely changed these incorrect three parameter call versions to the two parameter call version by removing the second parameter ("AUTH_FAILURE"). If I am correct about this seemingly legacy usage, please let me know if I need to file a TRAC ticket for this issue. Thanks, -- Matt