2 files changed, 24 insertions, 12 deletions

diff --git a/base/tps/src/processor/RA_Enroll_Processor.cpp b/base/tps/src/processor/RA_Enroll_Processor.cpp
index d88d84087..ba751646e 100644
--- a/base/tps/src/processor/RA_Enroll_Processor.cpp
+++ b/base/tps/src/processor/RA_Enroll_Processor.cpp
@@ -1989,11 +1989,19 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
     }
 
     if (RA::ra_is_token_present(cuid)) {
-        RA::Debug(FN, "Found token %s", cuid);
-        if (RA::ra_is_tus_db_entry_disabled(cuid)) {
-            RA::Error(FN, "CUID %s Disabled", cuid);
+
+        int token_status = RA::ra_get_token_status(cuid);
+
+         // As far as the ui states, state "enrolled" maps to the state of "FOUND" or 4;
+
+         RA::Debug(FN, "Found token %s status %d", cuid, token_status);
+
+        int STATUS_FOUND = 4;
+        if (token_status == -1 || !RA::transition_allowed(token_status, STATUS_FOUND)) {
+            RA::Error(FN, "Operation for CUID %s Disabled illegal transition attempted %d:%d", cuid,token_status, STATUS_FOUND);
             status = STATUS_ERROR_DISABLED_TOKEN;
-            PR_snprintf(audit_msg, 512, "token disabled");
+
+            PR_snprintf(audit_msg, 512, "Operation for CUID %s Disabled, illegal transition attempted %d:%d.", cuid,token_status, STATUS_FOUND);
             goto loser;
         }
 
diff --git a/base/tps/src/processor/RA_Processor.cpp b/base/tps/src/processor/RA_Processor.cpp
index a9947555b..5395d82b9 100644
--- a/base/tps/src/processor/RA_Processor.cpp
+++ b/base/tps/src/processor/RA_Processor.cpp
@@ -2753,16 +2753,20 @@ RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bo
     }
 
     if (RA::ra_is_token_present(cuid)) {
+        int token_status = RA::ra_get_token_status(cuid);
+
        RA::Debug("RA_Processor::Format",
-	      "Found token %s", cuid);
+              "Found token %s status %d", cuid, token_status);
 
-      if (RA::ra_is_tus_db_entry_disabled(cuid)) {
-        RA::Error("RA_Format_Processor::Process",
-                        "CUID %s Disabled", cuid);
-        status = STATUS_ERROR_DISABLED_TOKEN;
-        PR_snprintf(audit_msg, 512, "CUID %s Disabled, status=STATUS_ERROR_DISABLED_TOKEN", cuid);
-        goto loser;
-      }
+      // Check for transition to 0/UNINITIALIZED status.
+      
+      if (token_status == -1 || !RA::transition_allowed(token_status, 0)) {
+          RA::Error("RA_Format_Processor::Process",
+              "Operation for CUID %s Disabled", cuid);
+              status = STATUS_ERROR_DISABLED_TOKEN;
+              PR_snprintf(audit_msg, 512, "Operation for CUID %s Disabled, illegal transition attempted %d:%d.", cuid, token_status, 0);
+              goto loser;
+      }  
     } else {
        RA::Debug("RA_Processor::Format",
 	      "Not Found token %s", cuid);