[Pki-devel] [PATCH] PKI Deployment Framework PKI TRAC issues (08/14/2012)

Matthew Harmsen mharmsen at redhat.com
Wed Aug 15 01:21:17 UTC 2012 

This patch documents continued implementation of the PKI Deployment 
Framework based upon the revised filesystem layout documented here:

  * http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS

This patch addresses the following issues:

  * TRAC Ticket #266 - for non-master CA subsystems, pkidestroy needs to
    contact the security domain to update the domain
  * Made Fedora 17 rely upon tomcatjss 7.0.0 or later

It has been tested and proven to work successfully to 
spawn/destroy/spawn a KRA as a separate instance on a 64-bit Fedora 17 
machine (using the appropriate 'tomcatjss.jar').

P. S. - While fixing the parameters passed via "outputError()" in 
'base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java', 
I noticed that several of the other servlets in this directory also 
utilized the "AUTH_FAILURE" error value for the second argument of 
"outputError()" which gets passed as the string "2" --- while this 
string is technically acceptable, I believe that this may be old usage 
of some legacy parent method since "outputError()" is currently defined 
in "base/common/src/com/netscape/cms/servlet/base/CMSServlet.java" as:

  * protected void outputError(HttpServletResponse httpResp, String
    errorString)
  * protected void outputError(HttpServletResponse httpResp, String
    errorString, String requestId)
  * protected void outputError(HttpServletResponse httpResp, String
    status, String errorString, String requestId)

so for all of my changes to "outputError()" in "UpdateDomainXML.java", I 
merely changed these incorrect three parameter call versions to the two 
parameter call version by removing the second parameter 
("AUTH_FAILURE").  If I am correct about this seemingly legacy usage, 
please let me know if I need to file a TRAC ticket for this issue.

Thanks,
-- Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120814/248a0a94/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20120814-PKI-Deployment-Scriptlets-Security-Domain.patch
Type: text/x-patch
Size: 18778 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120814/248a0a94/attachment.bin>

More information about the Pki-devel mailing list