This patch documents continued implementation of the PKI
Deployment Framework based upon the revised filesystem layout
documented here:
This patch addresses the following issues:
- TRAC Ticket #266 - for non-master CA subsystems,
pkidestroy needs to contact the security domain to update the
domain
- Made Fedora 17 rely upon tomcatjss 7.0.0 or later
It has been tested and proven to work successfully to
spawn/destroy/spawn a KRA as a separate instance on a 64-bit
Fedora 17 machine (using the appropriate 'tomcatjss.jar').
P. S. - While fixing the parameters passed via "outputError()" in
'base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java',
I noticed that several of the other servlets in this directory
also utilized the "AUTH_FAILURE" error value for the second
argument of "outputError()" which gets passed as the string "2"
--- while this string is technically acceptable, I believe that
this may be old usage of some legacy parent method since
"outputError()" is currently defined in
"base/common/src/com/netscape/cms/servlet/base/CMSServlet.java"
as:
- protected void outputError(HttpServletResponse httpResp,
String errorString)
- protected void outputError(HttpServletResponse httpResp,
String errorString, String requestId)
- protected void outputError(HttpServletResponse httpResp,
String status, String errorString, String requestId)
so for all of my changes to "outputError()" in
"UpdateDomainXML.java", I merely changed these incorrect three
parameter call versions to the two parameter call version by
removing the second parameter ("AUTH_FAILURE"). If I am correct
about this seemingly legacy usage, please let me know if I need to
file a TRAC ticket for this issue.
Thanks,
-- Matt