<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>This patch documents continued implementation of the PKI
Deployment Framework based upon the revised filesystem layout
documented here:<br>
</tt>
<ul>
<li><tt><a class="moz-txt-link-freetext"
href="http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS">http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS</a></tt></li>
</ul>
<tt>This patch addresses the following issues:<br>
</tt>
<ul>
<li><tt>TRAC Ticket #266 - for non-master CA subsystems,
pkidestroy needs to contact the security domain to update the
domain</tt></li>
<li><tt>Made Fedora 17 rely upon tomcatjss 7.0.0 or later</tt></li>
</ul>
<tt>It has been tested and proven to work successfully to
spawn/destroy/spawn a KRA as a separate instance on a 64-bit
Fedora 17 machine (using the appropriate 'tomcatjss.jar').<br>
<br>
P. S. - While fixing the parameters passed via "outputError()" in
'base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java',
I noticed that several of the other servlets in this directory
also utilized the "AUTH_FAILURE" error value for the second
argument of "outputError()" which gets passed as the string "2"
--- while this string is technically acceptable, I believe that
this may be old usage of some legacy parent method since
"outputError()" is currently defined in
"base/common/src/com/netscape/cms/servlet/base/CMSServlet.java"
as:<br>
</tt>
<ul>
<li><tt>protected void outputError(HttpServletResponse httpResp,
String errorString)</tt></li>
<li><tt>protected void outputError(HttpServletResponse httpResp,
String errorString, String requestId)</tt></li>
<li><tt>protected void outputError(HttpServletResponse httpResp,
String status, String errorString, String requestId)</tt></li>
</ul>
<tt>so for all of my changes to "outputError()" in
"UpdateDomainXML.java", I merely changed these incorrect three
parameter call versions to the two parameter call version by
removing the second parameter ("AUTH_FAILURE"). If I am correct
about this seemingly legacy usage, please let me know if I need to
file a TRAC ticket for this issue.<br>
<br>
Thanks,<br>
-- Matt <br>
</tt>
</body>
</html>