Description of problem: It is now possible to re-enroll an active token. When this occurs, the certs on the active token should be revoked and the cert entries removed from the tokendb. This is exactly what would occur if the user were forced to first format and then re-enroll. How reproducible: You can simulate this by enrolling twice using tpsclient. Or by clicking the "Enroll" button twice on the ESC. The result is a token that shows 4 certs in the tokendb, where none of the certs have been revoked.
Created attachment 475842 [details] Patch to address this issue
Checkins: Branch: svn commit -m "Bugzilla Bug 669804 - on active token re-enroll, TPS does not revoke and remove existing certs." Sending tps/src/processor/RA_Enroll_Processor.cpp Sending tps/src/processor/RA_Processor.cpp Transmitting file data .. Committed revision 1804. Trunk: svn commit -m "Bugzilla Bug 669804 - on active token re-enroll, TPS does not revoke and remove existing certs." Sending tps/src/processor/RA_Enroll_Processor.cpp Sending tps/src/processor/RA_Processor.cpp Transmitting file data .. Committed revision 1803.
Test: 1. Enroll a basic two cert smart card. 2. Make sure that the policy for re-enrollment is enabled. 3. Re-enroll the same token with the client. 4. Take a look at the token db interface and make sure that only the new two certs are listed in the UI and that the previous two certificates have been revoked. 5. Test the basic Format operation to make sure the certs are being revoked properly.
Tested smart card Re-enrollment: - Enroll and loaded two certs - Enable re-enroll policy and re-enroll the token - the old certificates on the token has been removed - new certs loaded on the token - TPS UI shows only new certs - CA agent show old certificates as revoked. - Format operation on this token revokes the certificates. Marking the bug verified.