This patch documents continued implementation of the PKI Deployment Framework based upon the revised filesystem layout documented here:

• http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS

This patch addresses the following issues:

• TRAC Ticket #266 - for non-master CA subsystems, pkidestroy needs to contact the security domain to update the domain
• Made Fedora 17 rely upon tomcatjss 7.0.0 or later

It has been tested and proven to work successfully to spawn/destroy/spawn a KRA as a separate instance on a 64-bit Fedora 17 machine (using the appropriate 'tomcatjss.jar').

P. S. - While fixing the parameters passed via "outputError()" in 'base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java', I noticed that several of the other servlets in this directory also utilized the "AUTH_FAILURE" error value for the second argument of "outputError()" which gets passed as the string "2" --- while this string is technically acceptable, I believe that this may be old usage of some legacy parent method since "outputError()" is currently defined in "base/common/src/com/netscape/cms/servlet/base/CMSServlet.java" as:

• protected void outputError(HttpServletResponse httpResp, String errorString)
• protected void outputError(HttpServletResponse httpResp, String errorString, String requestId)
• protected void outputError(HttpServletResponse httpResp, String status, String errorString, String requestId)

so for all of my changes to "outputError()" in "UpdateDomainXML.java", I merely changed these incorrect three parameter call versions to the two parameter call version by removing the second parameter ("AUTH_FAILURE").  If I am correct about this seemingly legacy usage, please let me know if I need to file a TRAC ticket for this issue.

Thanks,
-- Matt