5 files changed, 60 insertions, 28 deletions

diff --git a/base/common/src/org/dogtagpki/tps/main/TPSException.java b/base/common/src/org/dogtagpki/tps/main/TPSException.java
index 940e89ad1..4ff7e4c54 100644
--- a/base/common/src/org/dogtagpki/tps/main/TPSException.java
+++ b/base/common/src/org/dogtagpki/tps/main/TPSException.java
@@ -26,16 +26,29 @@ public class TPSException extends EBaseException {
     private static final long serialVersionUID = -678878301521643436L;
     private TPSStatus status;
 
-    public TPSException(String e) {
-        super(e);
+    public TPSException(String message) {
+        super(message);
         status = TPSStatus.STATUS_ERROR_CONTACT_ADMIN;
     }
 
-    public TPSException(String msg, TPSStatus theStatus) {
+    public TPSException(String message, TPSStatus status) {
+        super(message);
+        this.status = status;
+    }
+
+    public TPSException(Throwable cause) {
+        super(cause.getMessage(), cause);
+        status = TPSStatus.STATUS_ERROR_CONTACT_ADMIN;
+    }
 
-        super(msg);
-        status = theStatus;
+    public TPSException(String message, Throwable cause) {
+        super(message, cause);
+        status = TPSStatus.STATUS_ERROR_CONTACT_ADMIN;
+    }
 
+    public TPSException(String message, TPSStatus status, Throwable cause) {
+        super(message, cause);
+        this.status = status;
     }
 
     public TPSStatus getStatus() {
diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
index 5a53ff7a5..15e85fb32 100644
--- a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
+++ b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
@@ -299,29 +299,23 @@ public class TPSTokendb {
     /*
      * tdbGetCertificatesByCUID finds and returns certificate records belong to a token cuid
      * @param cuid the cuid of the token
-     * @return ArrayList of the cert records
+     * @return Collection of the cert records
      */
-    public ArrayList<TPSCertRecord> tdbGetCertRecordsByCUID(String cuid)
+    public Collection<TPSCertRecord> tdbGetCertRecordsByCUID(String cuid)
             throws TPSException {
+
         if (cuid == null)
             throw new TPSException("TPSTokendb.tdbGetCertificatesByCUID: cuid null");
 
-        ArrayList<TPSCertRecord> certRecords = new ArrayList<TPSCertRecord>();
-        String filter = cuid;
-        Iterator<TPSCertRecord> records;
+        Map<String, String> attributes = new HashMap<String, String>();
+        attributes.put("tokenID",  cuid);
+
         try {
-             records = tps.certDatabase.findRecords(filter).iterator();
+             return tps.certDatabase.findRecords(null, attributes);
         } catch (Exception e) {
             CMS.debug("TPSTokendb.tdbGetCertificatesByCUID:" + e);
-            throw new TPSException(e.getMessage());
+            throw new TPSException(e);
         }
-
-        while (records.hasNext()) {
-            TPSCertRecord certRecord = records.next();
-            certRecords.add(certRecord);
-        }
-
-        return certRecords;
     }
 
     public ArrayList<TPSCertRecord> tdbGetCertRecordsByCert(String serial, String issuer)
@@ -493,7 +487,7 @@ public class TPSTokendb {
             throw new TPSException(method + ": cuid null");
         String logMsg;
         IConfigStore configStore = CMS.getConfigStore();
-        ArrayList<TPSCertRecord> certRecords = tps.getTokendb().tdbGetCertRecordsByCUID(cuid);
+        Collection<TPSCertRecord> certRecords = tps.getTokendb().tdbGetCertRecordsByCUID(cuid);
         if (tokenReason != null) {
             if (!tokenReason.equalsIgnoreCase("onHold") &&
                     !tokenReason.equalsIgnoreCase("destroyed") &&
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
index 46421068f..07f7fa0d0 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
@@ -6,6 +6,7 @@ import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.LinkedHashMap;
@@ -1404,7 +1405,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
          * Get certs from the tokendb for this token to find out about
          * renewal possibility
          */
-        ArrayList<TPSCertRecord> allCerts = tps.tdb.tdbGetCertRecordsByCUID(tokenRecord.getId());
+        Collection<TPSCertRecord> allCerts = tps.tdb.tdbGetCertRecordsByCUID(tokenRecord.getId());
 
         certsInfo.setNumCertsToEnroll(keyTypeNum);
 
@@ -1767,7 +1768,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
                     actualCertIndex++;
                 }
 
-                ArrayList<TPSCertRecord> certs = tps.tdb.tdbGetCertRecordsByCUID(toBeRecovered.getId());
+                Collection<TPSCertRecord> certs = tps.tdb.tdbGetCertRecordsByCUID(toBeRecovered.getId());
 
                 String serialToRecover = null;
                 TPSCertRecord certToRecover = null;
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index 05742842f..53af08a05 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -23,8 +23,8 @@ import java.math.BigInteger;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -1473,7 +1473,7 @@ public class TPSProcessor {
             throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_REVOKE_CERTIFICATES_FAILED);
         }
         //find all certs belonging to the token
-        ArrayList<TPSCertRecord> certRecords = tps.tdb.tdbGetCertRecordsByCUID(cuid);
+        Collection<TPSCertRecord> certRecords = tps.tdb.tdbGetCertRecordsByCUID(cuid);
 
         CMS.debug(method + ": found " + certRecords.size() + " certs");
 
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/TokenService.java b/base/tps/src/org/dogtagpki/server/tps/rest/TokenService.java
index b3608aef2..226f039f4 100644
--- a/base/tps/src/org/dogtagpki/server/tps/rest/TokenService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/rest/TokenService.java
@@ -39,6 +39,7 @@ import javax.ws.rs.core.UriInfo;
 import org.apache.commons.lang.StringUtils;
 import org.dogtagpki.server.tps.TPSSubsystem;
 import org.dogtagpki.server.tps.dbs.ActivityDatabase;
+import org.dogtagpki.server.tps.dbs.TPSCertRecord;
 import org.dogtagpki.server.tps.dbs.TokenDatabase;
 import org.dogtagpki.server.tps.dbs.TokenRecord;
 import org.dogtagpki.server.tps.engine.TPSEngine;
@@ -139,18 +140,37 @@ public class TokenService extends PKIService implements TokenResource {
             tokenRecord.setStatus("uninitialized");
             tokenRecord.setReason(null);
             break;
+
         case ACTIVE:
             String origStatus = tokenRecord.getStatus();
             String origReason = tokenRecord.getReason();
+
             if (origStatus.equalsIgnoreCase("lost") &&
                     origReason.equalsIgnoreCase("onHold")) {
-                //unrevoke certs
-                tps.tdb.unRevokeCertsByCUID(tokenRecord.getId(), ipAddress, remoteUser);
+
+                Collection<TPSCertRecord> certRecords = tps.tdb.tdbGetCertRecordsByCUID(tokenRecord.getId());
+                if (certRecords.isEmpty()) { // token was uninitialized
+                    // restore to uninitialized state
+                    tokenRecord.setStatus("uninitialized");
+                    tokenRecord.setReason(null);
+
+                } else { // token was active
+                    // unrevoke certs
+                    tps.tdb.unRevokeCertsByCUID(tokenRecord.getId(), ipAddress, remoteUser);
+
+                    // restore to active state
+                    tokenRecord.setStatus("active");
+                    tokenRecord.setReason(null);
+                }
+
+            } else {
+                // switch to active state
+                tokenRecord.setStatus("active");
+                tokenRecord.setReason(null);
             }
 
-            tokenRecord.setStatus("active");
-            tokenRecord.setReason(null);
             break;
+
         case PERM_LOST:
         case TEMP_LOST_PERM_LOST:
             tokenRecord.setStatus("lost");
@@ -159,6 +179,7 @@ public class TokenService extends PKIService implements TokenResource {
             //revoke certs
             tps.tdb.revokeCertsByCUID(tokenRecord.getId(), "keyCompromise", ipAddress, remoteUser);
             break;
+
         case DAMAGED:
             tokenRecord.setStatus("lost");
             tokenRecord.setReason("destroyed");
@@ -167,6 +188,7 @@ public class TokenService extends PKIService implements TokenResource {
             tps.tdb.revokeCertsByCUID(tokenRecord.getId(), "destroyed", ipAddress, remoteUser);
 
             break;
+
         case TEMP_LOST:
             tokenRecord.setStatus("lost");
             tokenRecord.setReason("onHold");
@@ -174,6 +196,7 @@ public class TokenService extends PKIService implements TokenResource {
             // put certs onHold
             tps.tdb.revokeCertsByCUID(tokenRecord.getId(), "onHold", ipAddress, remoteUser);
             break;
+
         case TERMINATED:
             String reason = "terminated";
             String origStatus2 = tokenRecord.getStatus();
@@ -189,6 +212,7 @@ public class TokenService extends PKIService implements TokenResource {
             //revoke certs
             tps.tdb.revokeCertsByCUID(tokenRecord.getId(), reason, ipAddress, remoteUser) ;
             break;
+
         default:
             throw new PKIException("Unsupported token state: " + tokenState);
         }