From 35a946e1b1a8f8c7e27891f5c4a3845212f49251 Mon Sep 17 00:00:00 2001
From: Roshni Pattath <rpattath@redhat.com>
Date: Mon, 20 Apr 2015 12:38:00 -0400
Subject: TPS Legacy tests

TPS Leagcy tests, TPS install tests, MS CA external CA test and other changes to install tests
---
 tests/dogtag/Makefile                              |   18 +-
 .../cli-tests/pki-tests-setup/create-role-users.sh |   88 +-
 .../acceptance/install-tests/ca-installer.sh       |  461 +-
 .../acceptance/install-tests/kra-installer.sh      |  160 +-
 .../acceptance/install-tests/ocsp-installer.sh     |  160 +-
 .../acceptance/install-tests/tks-installer.sh      |  163 +-
 .../acceptance/install-tests/tps-installer.sh      |  242 +
 .../acceptance/legacy/tps-tests/tps-enrollments.sh | 5703 ++++++++++++++++++++
 .../acceptance/quickinstall/rhcs-install-lib.sh    |  559 +-
 .../dogtag/acceptance/quickinstall/rhcs-install.sh |  161 +-
 tests/dogtag/runtest.sh                            |  369 +-
 tests/dogtag/shared/env.sh                         |   82 +
 tests/dogtag/shared/pki-cert-cli-lib.sh            |   67 +
 tests/dogtag/shared/rhcs-shared.sh                 |   29 +-
 tests/dogtag/topologies.sh                         |  118 +-
 15 files changed, 7864 insertions(+), 516 deletions(-)
 create mode 100755 tests/dogtag/acceptance/install-tests/tps-installer.sh
 create mode 100755 tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh

(limited to 'tests/dogtag')

diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile
index 74c5fa355..182db1e8e 100755
--- a/tests/dogtag/Makefile
+++ b/tests/dogtag/Makefile
@@ -275,8 +275,8 @@ build: $(BUILT_FILES)
 	chmod a+x ./acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh
 	chmod a+x ./acceptance/legacy/subca-tests/publishing/subca-ad-publishing.sh
 	chmod a+x ./acceptance/legacy/subca-tests/crls/subca-ag-crls.sh
-	chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh
 	chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-requests.sh
+	chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh
 	chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ee-enrollments.sh
 	chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh
 	chmod a+x ./acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh
@@ -287,13 +287,15 @@ build: $(BUILT_FILES)
 	chmod a+x ./acceptance/legacy/ocsp-tests/acls/ocsp-ad-acls.sh
 	chmod a+x ./acceptance/legacy/ocsp-tests/logs/ocsp-ad-logs.sh
 	chmod a+x ./acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh
-	chmod a+x ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh
-	chmod a+x ./acceptance/legacy/tks-tests/internaldb/tks-ad-internaldb.sh
-	chmod a+x ./acceptance/legacy/tks-tests/logs/tks-ad-logs.sh
+	chmod a+x ./acceptance/legacy/ocsp-tests/agent/ocsp-ag-tests.sh
 	chmod a+x ./acceptance/legacy/tks-tests/usergroups/tks-ad-usergroups.sh
+	chmod a+x ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh 
+	chmod a+x ./acceptance/legacy/tks-tests/logs/tks-ad-logs.sh
+	chmod a+x ./acceptance/legacy/tks-tests/internaldb/tks-ad-internaldb.sh
 	chmod a+x ./acceptance/legacy/ipa-tests/ipa_backend_plugin.sh
-	chmod a+x ./acceptance/legacy/clone_ca_tests/clone_tests.sh
 	chmod a+x ./acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh
+	chmod a+x ./acceptance/legacy/clone_ca_tests/clone_tests.sh
+	chmod a+x ./acceptance/legacy/tps-tests/tps-enrollments.sh
 	# bug verifications
 	chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh
 	chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh
@@ -304,6 +306,12 @@ build: $(BUILT_FILES)
 	chmod a+x ./acceptance/bugzilla/jss-bugs/bug-1133718.sh
 	chmod a+x ./acceptance/bugzilla/jss-bugs/bug-1040640.sh
 	chmod a+x ./acceptance/bugzilla/pki-core-bugs/bug-790924.sh
+	#installer tests
+	chmod a+x ./acceptance/install-tests/ca-installer.sh
+	chmod a+x ./acceptance/install-tests/kra-installer.sh
+	chmod a+x ./acceptance/install-tests/ocsp-installer.sh
+	chmod a+x ./acceptance/install-tests/tks-installer.sh
+	chmod a+x ./acceptance/install-tests/tps-installer.sh
 
 clean:
 	rm -f *~ $(BUILT_FILES)
diff --git a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh
index dd581b960..ee1ad3c8a 100755
--- a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh
+++ b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh
@@ -66,39 +66,41 @@ else
 fi
 
 SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
-
 eval ${subsystemId}_adminV_user=${subsystemId}_adminV
-eval ${subsystemId}_adminV_fullName=${subsystemId}_Admin_ValidCert
-eval ${subsystemId}_adminV_password=${subsystemId}_adminV_password
-eval ${subsystemId}_adminR_user=${subsystemId}_adminR
-eval ${subsystemId}_adminR_fullName=${subsystemId}_Admin_RevokedCert
-eval ${subsystemId}_adminR_password=${subsystemId}_adminR_password
-eval ${subsystemId}_adminE_user=${subsystemId}_adminE
-eval ${subsystemId}_adminE_fullName=${subsystemId}_admin_ExpiredCert
-eval ${subsystemId}_adminE_password=${subsystemId}_adminE_password
-eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA
-eval ${subsystemId}_adminUTCA_fullName=${subsystemId}_Admin_CertIssuedByUntrustedCA
-eval ${subsystemId}_adminUTCA_password=${subsystemId}_adminUTCA_password
-eval ${subsystemId}_agentV_user=${subsystemId}_agentV
-eval ${subsystemId}_agentV_fullName=${subsystemId}_Agent_ValidCert
-eval ${subsystemId}_agentV_password=${subsystemId}_agentV_password
-eval ${subsystemId}_agentR_user=${subsystemId}_agentR
-eval ${subsystemId}_agentR_fullName=${subsystemId}_Agent_RevokedCert
-eval ${subsystemId}_agentR_password=${subsystemId}_agentR_password
-eval ${subsystemId}_agentE_user=${subsystemId}_agentE
-eval ${subsystemId}_agentE_fullName=${subsystemId}_agent_ExpiredCert
-eval ${subsystemId}_agentE_password=${subsystemId}_agentE_password
-eval ${subsystemId}_agentUTCA_user=${subsystemId}_agentUTCA
-eval ${subsystemId}_agentUTCA_fullName=${subsystemId}_Agent_CertIssuedByUntrustedCA
-eval ${subsystemId}_agentUTCA_password=${subsystemId}_agentUTCA_password
-eval ${subsystemId}_auditV_user=${subsystemId}_auditV
-eval ${subsystemId}_auditV_fullName=${subsystemId}_Audit_ValidCert
-eval ${subsystemId}_auditV_password=${subsystemId}_auditV_password
-eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV
-eval ${subsystemId}_operatorV_password=${subsystemId}_operatorV_password
-eval ${subsystemId}_operatorV_fullName=${subsystemId}_Operator_ValidCert
+        eval ${subsystemId}_adminV_fullName=${subsystemId}_Admin_ValidCert
+        eval ${subsystemId}_adminV_password=${subsystemId}_adminV_password
+        eval ${subsystemId}_adminR_user=${subsystemId}_adminR
+        eval ${subsystemId}_adminR_fullName=${subsystemId}_Admin_RevokedCert
+        eval ${subsystemId}_adminR_password=${subsystemId}_adminR_password
+        eval ${subsystemId}_adminE_user=${subsystemId}_adminE
+        eval ${subsystemId}_adminE_fullName=${subsystemId}_admin_ExpiredCert
+        eval ${subsystemId}_adminE_password=${subsystemId}_adminE_password
+        eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA
+        eval ${subsystemId}_adminUTCA_fullName=${subsystemId}_Admin_CertIssuedByUntrustedCA
+        eval ${subsystemId}_adminUTCA_password=${subsystemId}_adminUTCA_password
+        eval ${subsystemId}_agentV_user=${subsystemId}_agentV
+        eval ${subsystemId}_agentV_fullName=${subsystemId}_Agent_ValidCert
+        eval ${subsystemId}_agentV_password=${subsystemId}_agentV_password
+        eval ${subsystemId}_agentR_user=${subsystemId}_agentR
+        eval ${subsystemId}_agentR_fullName=${subsystemId}_Agent_RevokedCert
+        eval ${subsystemId}_agentR_password=${subsystemId}_agentR_password
+        eval ${subsystemId}_agentE_user=${subsystemId}_agentE
+        eval ${subsystemId}_agentE_fullName=${subsystemId}_agent_ExpiredCert
+        eval ${subsystemId}_agentE_password=${subsystemId}_agentE_password
+        eval ${subsystemId}_agentUTCA_user=${subsystemId}_agentUTCA
+        eval ${subsystemId}_agentUTCA_fullName=${subsystemId}_Agent_CertIssuedByUntrustedCA
+        eval ${subsystemId}_agentUTCA_password=${subsystemId}_agentUTCA_password
+        eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV
+        eval ${subsystemId}_operatorV_password=${subsystemId}_operatorV_password
+        eval ${subsystemId}_operatorV_fullName=${subsystemId}_Operator_ValidCert
 
-export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_adminE_user ${subsystemId}_adminUTCA_user ${subsystemId}_agentV_user ${subsystemId}_agentR_user ${subsystemId}_agentE_user ${subsystemId}_agentUT${subsystemId}_user ${subsystemId}_auditV_user ${subsystemId}_operatorV_user
+	export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_adminE_user ${subsystemId}_adminUTCA_user ${subsystemId}_agentV_user ${subsystemId}_agentR_user ${subsystemId}_agentE_user ${subsystemId}_agentUTCA_user ${subsystemId}_operatorV_user
+if [ $SUBSYSTEM_TYPE != "tps" ] ; then
+	eval ${subsystemId}_auditV_user=${subsystemId}_auditV
+	eval ${subsystemId}_auditV_fullName=${subsystemId}_Audit_ValidCert
+	eval ${subsystemId}_auditV_password=${subsystemId}_auditV_password
+	export ${subsystemId}_auditV_user
+fi
 ######################################################################
 
     rlPhaseStartSetup "create-role-user-startup: Create temp directory and import CA agent cert into a nss certificate db and trust CA root cert"
@@ -119,7 +121,11 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi
     rlPhaseEnd
 
     rlPhaseStartSetup "Creating user and add user to the group"
-	 user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password)  $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_auditV_user) $(eval echo \$${subsystemId}_auditV_fullName) $(eval echo \$${subsystemId}_auditV_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password))
+	if [ $SUBSYSTEM_TYPE = "tps" ] ; then
+		user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password)  $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password))
+	else
+	 	user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password)  $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_auditV_user) $(eval echo \$${subsystemId}_auditV_fullName) $(eval echo \$${subsystemId}_auditV_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password))
+	fi
 	i=0
 	while [ $i -lt ${#user[@]} ] ; do
 	       userid=${user[$i]}
@@ -164,7 +170,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi
                                 agent_group_name="Token Key Service Manager Agents"
                             elif [ "$SUBSYSTEM_TYPE" = "tps" ] ; then
                                 #### Enter correct TPS agent group ####
-                                agent_group_name="TPS Manager Agents"
+                                agent_group_name="TPS Agents"
                             fi
                             rlRun "pki -d $CERTDB_DIR \
                                    -n \"$admin_cert_nickname\" \
@@ -192,23 +198,27 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi
 			    rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out"
 
 		elif [ $userid == $(eval echo \$${subsystemId}_operatorV_user) ]; then
+			    if [ "$SUBSYSTEM_TYPE" = "tps" ] ; then
+                                operator_group_name="TPS Operators"
+			    else
+				operator_group_name="Trusted Managers"
+			    fi
 			    rlRun "pki -d $CERTDB_DIR \
 			   -n \"$admin_cert_nickname\" \
 			   -c $CERTDB_DIR_PASSWORD \
 			   -h $SUBSYSTEM_HOST \
 			   -t $SUBSYSTEM_TYPE \
 			   -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \
-			    group-member-add \"Trusted Managers\"  $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out"  \
+			    group-member-add \"$operator_group_name\"  $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out"  \
 			    0 \
-			    "Add user $userid to Trusted Managers  group"
+			    "Add user $userid to $operator_group_name  group"
 			    rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out"
 			    rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out"
                 fi
 		#================#
-
-	        if [ $userid == $(eval echo \$${subsystemId}_adminV_user) -o $userid == $(eval echo \$${subsystemId}_adminR_user) -o $userid == $(eval echo \$${subsystemId}_adminE_user) -o $userid == $(eval echo \$${subsystemId}_agentV_user) -o $userid == $(eval echo \$${subsystemId}_agentR_user) -o $userid == $(eval echo \$${subsystemId}_agentE_user) -o $userid == $(eval echo \$${subsystemId}_auditV_user) -o $userid == $(eval echo \$${subsystemId}_operatorV_user) ]; then
+	        if [ $userid = $(eval echo \$${subsystemId}_adminV_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminR_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminE_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentV_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentR_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentE_user) ] || [ $userid = $(eval echo \$${subsystemId}_auditV_user) ] || [ $userid = $(eval echo \$${subsystemId}_operatorV_user) ]; then
 			if [ "$MYROLE" = "MASTER" ]; then
-				get_topo_stack MASTER $TmpDir/topo_file
+				get_topo_stack $MYROLE $TmpDir/topo_file
 				if [ $subsystemId = "SUBCA1" ]; then
 					MYCAHOST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2)
 				elif [ $subsystemId = "CLONE_CA1" ]; then
@@ -247,7 +257,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi
 			rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v $userid@example.com $temp_file"
 			rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $temp_file"
 
-			if [ $userid == $(eval echo \$${subsystemId}_adminV_user) -o $userid == $(eval echo \$${subsystemId}_adminR_user) -o $userid == $(eval echo \$${subsystemId}_agentV_user) -o $userid == $(eval echo \$${subsystemId}_agentR_user) -o $userid == $(eval echo \$${subsystemId}_auditV_user) -o $userid == $(eval echo \$${subsystemId}_operatorV_user) ]; then
+                if [ $userid = $(eval echo \$${subsystemId}_adminV_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminR_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminE_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentV_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentR_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentE_user) ] || [ $userid = $(eval echo \$${subsystemId}_auditV_user) ] || [ $userid = $(eval echo \$${subsystemId}_operatorV_user) ]; then
 				#cert-request-submit=====
 				#subsystem can be ca or tps
 				subsystem=ca    
diff --git a/tests/dogtag/acceptance/install-tests/ca-installer.sh b/tests/dogtag/acceptance/install-tests/ca-installer.sh
index 122490e71..0544c5491 100644
--- a/tests/dogtag/acceptance/install-tests/ca-installer.sh
+++ b/tests/dogtag/acceptance/install-tests/ca-installer.sh
@@ -39,23 +39,27 @@ run_rhcs_ca_installer_tests()
 	SUBSYSTEM_TYPE=$2
 	MYROLE=$3
 	if [ "$TOPO9" = "TRUE" ] ; then
-        	ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
-	        prefix=$subsystemId
-        	CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
+		ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+		prefix=$subsystemId
+		CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
+		admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME)
 	elif [ "$MYROLE" = "MASTER" ] ; then
-        	if [[ $subsystemId == SUBCA* ]]; then
-                	ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
-	                prefix=$subsystemId
-        	        CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)	
-        	else
-                	ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION
-	                prefix=ROOTCA
-        	        CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD
-        	fi
+		if [[ $subsystemId == SUBCA* ]]; then
+			ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+			prefix=$subsystemId
+			CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
+			admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME)
+		else
+			ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION
+			prefix=ROOTCA
+			CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD
+			admin_cert_nickname=$ROOTCA_ADMIN_CERT_NICKNAME
+		fi
 	else
-        	ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION)
-	        prefix=$MYROLE
-	        CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD)
+		ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION)
+		prefix=$MYROLE
+		CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD)
+		admin_cert_nickname=$(eval echo \$${MYROLE}_ADMIN_CERT_NICKNAME)
 	fi
 
 	SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
@@ -63,12 +67,11 @@ run_rhcs_ca_installer_tests()
 
 	##### Create a temporary directory to save output files #####
 	rlPhaseStartSetup "pki_run_rhcs_ca_installer_tests: Create temporary directory"
-        	rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
-        	rlRun "pushd $TmpDir"
+		rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+		rlRun "pushd $TmpDir"
 	rlPhaseEnd
 
-  	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-001: Installing and Uninstalling CA"
-  
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-001: Installing and Uninstalling CA"
                 run_rhcs_install_packages
                 if [ "$prefix" = "ROOTCA" ]; then
                         run_install_subsystem_RootCA
@@ -80,9 +83,8 @@ run_rhcs_ca_installer_tests()
                 rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
                 exp_message2_2="PKI Subsystem Type:  Root CA (Security Domain)"
                 rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
-                rlLog "Uninstall CA tests"
                 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
-                exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallCA.out"
+                exp_message2_3="Uninstallation complete"
                 rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
 	rlPhaseEnd
 
@@ -98,7 +100,7 @@ run_rhcs_ca_installer_tests()
                 rlAssertGrep "$exp_message_2" "$TmpDir/port_output_file.out"
         rlPhaseEnd
 
-        rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-003: Cert Tests nickname configurable"
+        rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-003: CA certificate nickname is configurable"
                 rlLog "Checking if the nicknames for the CA certificates are configurable"
                 rlRun "pkispawn -s CA -f $INSTANCECFG"
                 rlRun "certutil -L -d /var/lib/pki/$ROOTCA_TOMCAT_INSTANCE_NAME/alias > $TmpDir/cert_nicknames.out"
@@ -115,10 +117,10 @@ run_rhcs_ca_installer_tests()
         rlPhaseEnd
 
         rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-004: security domain parameters"
-        	rlLog "Checking if a new security domain gets created for the CA"
+		rlLog "Checking if a new security domain gets created for the CA"
                 local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d '=' -f 2)
                 local expfile=$TmpDir/expectfile.in
- 		rlLog "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show""
+		rlLog "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show""
                 echo "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show"" > $expfile
                 echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)'
  Import CA certificate (Y/n)? \"" >> $expfile
@@ -138,8 +140,8 @@ run_rhcs_ca_installer_tests()
                 exp_messg1_4="Port: $(eval echo \$${prefix}_UNSECURE_PORT)"
                 exp_messg1_5="Secure Port: $(eval echo \$${prefix}_SECURE_PORT)"
                 exp_messg1_6="Domain Manager: TRUE"
- 		rlLog "cleanup"
- 		rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		rlLog "cleanup"
+		rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
 	rlPhaseEnd
 
 	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-005: same subject dn for two certs"
@@ -181,7 +183,7 @@ run_rhcs_ca_installer_tests()
                    rlAssertGrep "$exp_message_1" "$TmpDir/ldap_port_test.out"
         rlPhaseEnd
 
-  	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-008: give existing base dn"
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-008: give existing base dn"
                   rlLog "Copying config file into temp file"
                   rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in"
                   rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile5.in > $TmpDir/existing_base_dn_1.out"
@@ -190,23 +192,23 @@ run_rhcs_ca_installer_tests()
                   exp_messg2="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)"
                   rlAssertGrep "$exp_messg2" "$TmpDir/existing_base_dn_1.out"
                   sed -i -e "/pki_ds_remove_data=/s/=.*/=False/g" $TmpDir/tmpconfigfile5.in
-  		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
                   rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile5.in > $TmpDir/existing_base_dn_2.out 2>&1" 1 "Should fail"
                   exp_messg3="Installation failed."
                   rlAssertGrep "$exp_messg3" "$TmpDir/existing_base_dn_2.out"
-  		rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
           rlPhaseEnd
 
-          rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-009: checking the pkcs12 password"
-  		rlRun "pkispawn -s CA -f $INSTANCECFG"
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-009: checking the pkcs12 password"
+		rlRun "pkispawn -s CA -f $INSTANCECFG"
                 local password=$(eval echo \$${prefix}_CLIENT_PKCS12_PASSWORD)
                 rlRun "pk12util -l $CLIENT_DIR/$(eval echo \$${prefix}_ADMIN_CERT_NICKNAME).p12 -W $password > $TmpDir/pkcs12_password.out"
                 exp_messg1="Friendly Name: $(eval echo \$${prefix}_ADMIN_CERT_NICKNAME)"
                 rlAssertGrep "$exp_messg1" "$TmpDir/pkcs12_password.out"
                 exp_messg2="$(eval echo \$${prefix}_ADMIN_CERT_SUBJECT_NAME)"
                 rlAssertGrep "$exp_messg2" "$TmpDir/pkcs12_password.out"
-  		#cleanup
-  		rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"	
+		#cleanup
+		rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
           rlPhaseEnd
 
           rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-010: backup keys parameter"
@@ -217,10 +219,10 @@ run_rhcs_ca_installer_tests()
                   exp_messg1_1="ca_backup_keys.p12"
                   rlAssertGrep "$exp_messg1_1" "$TmpDir/ldap_backup_keys_test1.out"
                   sed -i -e "/pki_backup_keys=/s/=.*/=False/g" $TmpDir/tmpconfigfile7.in
- 		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
                   rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile7.in"
                   rlRun "ls /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias/ca_backup_keys.p12 > $TmpDir/ldap_backup_keys_test2.out" 2 "Should Fail"
-  		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
         rlPhaseEnd
 
 	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-011: backup password"
@@ -236,30 +238,38 @@ run_rhcs_ca_installer_tests()
                   rlAssertGrep "$exp_messg1_3" "$TmpDir/backup_passwd_test.out"
                   exp_messg1_4="Friendly Name: $(eval echo \$${prefix}_AUDIT_SIGNING_CERT_SUBJECT_NAME)"
                   rlAssertGrep "$exp_messg1_4" "$TmpDir/backup_passwd_test.out"
-  		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
 	rlPhaseEnd
 
-	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-012: client database purge"
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-012: client database purge BZ1165873"
                   rlLog "Copying config file into temp file"
                   rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile9.in"
                   rlRun "pkispawn -s CA -f $INSTANCECFG"
                   rlRun "ls $(eval echo \$${prefix}_CERTDB_DIR)" 2 "Should Fail"
- 		  sed -i -e "/pki_client_database_purge=/s/=.*/=False/g" $TmpDir/tmpconfigfile9.in		 
- 		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		  sed -i -e "/pki_client_database_purge=/s/=.*/=False/g" $TmpDir/tmpconfigfile9.in
+		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
                   rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile9.in"
                   rlRun "ls $(eval echo \$${prefix}_CERTDB_DIR)" 0 "Should succeed"
-  		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		  rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1165873"
           rlPhaseEnd
 
-          rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-013: subject name special characters"
+	  rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-013: subject name special characters"
+                  #two % are required for successful parsing
                   local subjectdn="cn=rh@cs/-$%%!!,O=red^hat"
                   rlLog "Copying config file into temp file"
                   rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile10.in"
-                  sed -i -e ' pki_ca_signing_subject_dn= s =.* =cn=rh@cs -$%%!!,O=red^hat g' $TmpDir/tmpconfigfile10.in
+                  sed -i -e 's pki_ca_signing_subject_dn=.* pki_ca_signing_subject_dn=cn=rh@cs/-$%%!!,O=red^hat g' $TmpDir/tmpconfigfile10.in
                   rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile10.in > $TmpDir/subjectdn_special_char.out"
                   #expected output & cleanup
-                  #installs fine if two % are used but gives an error on just one %
-  		  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                  rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+                exp_message2_2="PKI Subsystem Type:  Root CA (Security Domain)"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+                  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+                exp_message2_3="Uninstallation complete"
+                rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
           rlPhaseEnd
 
           rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-014: invalid key size for certificate"
@@ -270,10 +280,9 @@ run_rhcs_ca_installer_tests()
                   rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile11.in > $TmpDir/invalid_key.out 2>&1" 1 "Should fail"
                   exp_messg1="Installation failed."
                   rlAssertGrep "$exp_messg1" "$TmpDir/invalid_key.out"
-                   expected output & cleanup
+                   #expected output & cleanup
                   rlLog "cleanup"
                   rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
-                  should give a more desciptive error
                   rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1184"
 	rlPhaseEnd
 
@@ -312,7 +321,8 @@ run_rhcs_ca_installer_tests()
                  rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile13.in"
                  sed -i -e "/pki_security_domain_name=/s/=.*/=$secdomain_name/g" $TmpDir/tmpconfigfile13.in
                  rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile13.in"
- 		local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d "=" -f 2)
+		 rlRun "sleep 10"
+		 local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d "=" -f 2)
                  rlRun "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias -w $password securitydomain-show > $TmpDir/long_sec_domain_name.out"
                  exp_messg1="Domain: $secdomain_name"
                  rlAssertGrep "$exp_messg1" "$TmpDir/long_sec_domain_name.out"
@@ -326,62 +336,52 @@ run_rhcs_ca_installer_tests()
                   rlLog "Copying config file into temp file"
                   rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile14.in"
                   sed -i -e "/pki_ds_password=/s/=.*/=$password/g" $TmpDir/tmpconfigfile14.in
-                  rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile14.in > $TmpDir/wrong_ds_passwd.out 2>&1" 1 "Should fail" 
+                  rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile14.in > $TmpDir/wrong_ds_passwd.out 2>&1" 1 "Should fail"
                   #expected o/p and cleanup
                   exp_messg1="ERROR:  Unable to access directory server: Invalid credentials"
                   rlAssertGrep "$exp_messg1" "$TmpDir/wrong_ds_passwd.out"
 	rlPhaseEnd
 
-#	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-018: instance creation as non root user"
-#                  local username=rhcs
-#  		local expfile=$TmpDir/expect-test-018.out
-#  		local expfile2=$TmpDir/expect-test-018-02.out
-#                  local password1=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1)
-#                  echo "spawn -noecho "passwd"" > $expfile
-#                  echo "expect \"Changing password for user root \"" >> $expfile
-#                  echo "expect \"New password: \"" >> $expfile
-#                  echo "send -- \"$password1\r\"" >> $expfile
-#                  echo "expect \"Retype new password: \"" >> $expfile
-#                  echo "send -- \"$password1\r\"" >> $expfile
-#                  echo "expect eof" >> $expfile
-#                  echo "catch wait result" >> $expfile
-#                  echo "exit [lindex \$result 3]" >> $expfile
-#                  rlRun "/usr/bin/expect -f $expfile >  $TmpDir/change_password.out 2>&1" 
-#                  rlRun "adduser $username"
-#                  rlRun "su $username"
-#                  rlRun "cp $INSTANCECFG /home/$username/tmpconfigfile15.in"
-#                  rlLog "Copying config file into temp file"
-#                  rlRun "pkispawn -s CA -f /home/$username/tmpconfigfile15.in > /home/$username/nonroot.out 2>&1" 1 "Should fail"
-#                  exp_messg1="'/usr/sbin/pkispawn' must be run as root!"
-#                  rlAssertGrep "$exp_messg1" "/home/$username/nonroot.out"
-#                  #expected output & cleanup
-#                  echo "spawn -noecho "su root"" > $expfile2
-#                  echo "expect \"password \"" >> $expfile2
-#                  echo "send -- \"$password1\r\"" >> $expfile2
-# 		 rlRun "/usr/bin/expect -f $expfile2"
-#          rlPhaseEnd
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-018: instance creation as non root user"
+                 local username=rhcs
+                  rlRun "useradd $username"
+                  rlRun "cp $INSTANCECFG /home/$username/tmpconfigfile15.in"
+                  rlRun "su -c \"pkispawn -s CA -f /home/$username/tmpconfigfile15.in > /home/$username/nonroot.out 2>&1\" $username" 1 "pkispawn as non-root user should fail"
+                  exp_messg1="'/usr/sbin/pkispawn' must be run as root!"
+                  rlAssertGrep "$exp_messg1" "/home/$username/nonroot.out"
+                  rlRun "userdel -r $username"
+          rlPhaseEnd
+
 
-         rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-019: special characters in certificate nickname"
+	  rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-019: special characters in certificate nickname"
                  local nickname=rh@cs/-$%%!!red^hat
                  rlLog "Copying config file into temp file"
                  rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile16.in"
-                 sed -i -e ' pki_ca_signing_nickname= s =.*/=rh@cs/-$%%!!red^hat g' $TmpDir/tmpconfigfile16.in
+                 sed -i -e 's pki_ca_signing_nickname=.* pki_ca_signing_nickname=rh@cs/-$%%!!red^hat g' $TmpDir/tmpconfigfile16.in
                  rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile16.in > $TmpDir/subjectdn_special_char.out"
+
                  #expected output & cleanup
-                 #ask about this, same problem as subject dn
-                 rlLog "cleanup"
-                 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+                exp_message2_2="PKI Subsystem Type:  Root CA (Security Domain)"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+                rlLog "cleanup"
+                  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+                exp_message2_3="Uninstallation complete"
+                rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
          rlPhaseEnd
+
           rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-020: ds password not provided"
                   rlLog "Copying config file into temp file"
                   rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile17.in"
                   sed -i -e "/pki_ds_password=/d" $TmpDir/tmpconfigfile17.in
-                  rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile17.in > $TmpDir/no_ds_password.out 2>&1" 1 "Should fail" 
+                  rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile17.in > $TmpDir/no_ds_password.out 2>&1" 1 "Should fail"
                   exp_messg1="pkispawn    : ERROR    A value for 'pki_ds_password' MUST be defined in '$TmpDir/tmpconfigfile17.in'"
                   rlAssertGrep "$exp_messg1" "$TmpDir/no_ds_password.out"
-                   expected output & cleanup
+                  # expected output & cleanup
           rlPhaseEnd
- 
+
          rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-021: token and token password"
 		 rlRun "pkispawn -s CA -f $INSTANCECFG"
                  local password_token=$(eval echo \$${prefix}_TOKEN_PASSWORD)
@@ -394,53 +394,53 @@ run_rhcs_ca_installer_tests()
 		rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
          rlPhaseEnd
 
-         rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-022: invalid email in admin paramneters"
+         rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-022: invalid email in admin parameters BZ1165875"
                  rlLog "Copying config file into temp file"
                  rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile19.in"
                  sed -i -e "/pki_admin_email=/s/=.*/=pki-ca-test/g" $TmpDir/tmpconfigfile19.in
                  rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile19.in > $TmpDir/invalid_email.out 2>&1" 1 "Should fail"
- 		exp_messg="Installation failed"
- 		rlAssertGrep "$exp_messg" "$TmpDir/invalid_email.out"
-		rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
-		###not failing##
+		 exp_messg="Installation failed"
+		 rlAssertGrep "$exp_messg" "$TmpDir/invalid_email.out"
+		 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		 rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1165875"
          rlPhaseEnd
 
-#         rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-023: skip configuration"
-#                 rlLog "Copying config file into temp file"
-#                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile20.in"
-#                 sed -i -e "/pki_skip_configuration=/s/=.*/=True/g" $TmpDir/tmpconfigfile20.in
-#                 rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile20.in > $TmpDir/skip_config.out"
-#                 exp_messg1_1="The CA subsystem of the '$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)' instance"
-#                 rlAssertGrep "$exp_messg1_1" "$TmpDir/skip_config.out"
-#                 exp_messg1_2="must still be configured!"
-#                 rlAssertGrep "$exp_messg1_2" "$TmpDir/skip_config.out"
-#         rlPhaseEnd
-#         rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-024: skip installation"
-#                 rlLog "Copying config file into temp file"
-#                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile21.in"
-#                 sed -i -e "/pki_skip_installation=/s/=.*/=True/g" $TmpDir/tmpconfigfile21.in
-#                 rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile21.in > $TmpDir/skip_install.out"
-#                 exp_message1="Administrator's username:             $(eval echo \$${prefix}_ADMIN_USER)"
-#                 rlAssertGrep "$exp_message1" "$TmpDir/skip_install.out"
-#                 exp_message2="$(eval echo \$${prefix}_DOMAIN)"
-#                 rlAssertGrep "$exp_message2" "$TmpDir/skip_install.out"
-#                 exp_message3_1="To check the status of the subsystem:"
-#                 rlAssertGrep "$exp_message3_1" "$TmpDir/skip_install.out"
-#                 exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
-#                 rlAssertGrep "$exp_message3_2" "$TmpDir/skip_install.out"
-#                 exp_message4_1="To restart the subsystem:"
-#                 rlAssertGrep "$exp_message4_1" "$TmpDir/skip_install.out"
-#                 exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
-#                 rlAssertGrep "$exp_message4_2" "$TmpDir/skip_install.out"
-#                 exp_message5="The URL for the subsystem is:"
-#                 rlAssertGrep "$exp_message5" "$TmpDir/skip_install.out"
-#                 exp_message5_1="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)/ca"
-#                 rlAssertGrep "$exp_message5_1" "$TmpDir/skip_install.out"
-#                 rlLog "cleanup"
-#                 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
-#        rlPhaseEnd
+         rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-023: skip configuration"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile20.in"
+                 sed -i -e "/pki_skip_configuration=/s/=.*/=True/g" $TmpDir/tmpconfigfile20.in
+                 rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile20.in > $TmpDir/skip_config.out"
+                 exp_messg1_1="The CA subsystem of the '$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)' instance"
+                 rlAssertGrep "$exp_messg1_1" "$TmpDir/skip_config.out"
+                 exp_messg1_2="must still be configured!"
+                 rlAssertGrep "$exp_messg1_2" "$TmpDir/skip_config.out"
+         rlPhaseEnd
+        rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-024: skip installation"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile21.in"
+                 sed -i -e "/pki_skip_installation=/s/=.*/=True/g" $TmpDir/tmpconfigfile21.in
+                 rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile21.in > $TmpDir/skip_install.out"
+                 exp_message1="Administrator's username:             $(eval echo \$${prefix}_ADMIN_USER)"
+                 rlAssertGrep "$exp_message1" "$TmpDir/skip_install.out"
+                 exp_message2="$(eval echo \$${prefix}_DOMAIN)"
+                 rlAssertGrep "$exp_message2" "$TmpDir/skip_install.out"
+                 exp_message3_1="To check the status of the subsystem:"
+                 rlAssertGrep "$exp_message3_1" "$TmpDir/skip_install.out"
+                 exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
+                 rlAssertGrep "$exp_message3_2" "$TmpDir/skip_install.out"
+                 exp_message4_1="To restart the subsystem:"
+                 rlAssertGrep "$exp_message4_1" "$TmpDir/skip_install.out"
+                 exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
+                 rlAssertGrep "$exp_message4_2" "$TmpDir/skip_install.out"
+                 exp_message5="The URL for the subsystem is:"
+                 rlAssertGrep "$exp_message5" "$TmpDir/skip_install.out"
+                 exp_message5_1="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)/ca"
+                 rlAssertGrep "$exp_message5_1" "$TmpDir/skip_install.out"
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+        rlPhaseEnd
 
-  	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-025: installation when another instance is already running"
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-025: installation when another instance is already running"
                  rlLog "Copying config file into temp file"
                  rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile22.in"
                  rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile22.in > $TmpDir/install_1.out"
@@ -460,11 +460,218 @@ run_rhcs_ca_installer_tests()
                  rlRun "certutil -L -d /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias > $TmpDir/empty_nickname.out"
                  exp_messg1="(NULL)"
                  rlAssertGrep "$exp_messg1" "$TmpDir/empty_nickname.out"
-                  expected output & cleanup
+                  #expected output & cleanup
                  rlLog "cleanup"
                  rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
-                  installation goes fine but a null cert gets created which gives segmentation fault on doing a pk12util
+                  #installation goes fine but a null cert gets created which gives segmentation fault on doing a pk12util
                  rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1184"
          rlPhaseEnd
- 
+
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-027: Token password parameter has special characters"
+                token_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile27.in"
+                 sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile27.in
+                 rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile27.in"
+		rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+                exp_message2_2="PKI Subsystem Type:  Root CA (Security Domain)"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                 rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-028: Client pkcs12 password parameter has special characters"
+                client_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile28.in"
+                 sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile28.in
+                 rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile28.in"
+		rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+                exp_message2_2="PKI Subsystem Type:  Root CA (Security Domain)"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                 rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-029: Admin password parameter has special characters"
+                admin_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile29.in"
+                 sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile29.in
+                 rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile29.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+                exp_message2_2="PKI Subsystem Type:  Root CA (Security Domain)"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                 rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-030: Backup password parameter has special characters"
+                backup_password="{\&+\$\@*!%"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile30.in"
+                 sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile30.in
+                 rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile30.in > $TmpDir/ca30.out 2>&1"
+                rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+                exp_message2_2="PKI Subsystem Type:  Root CA (Security Domain)"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                 rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-031: Client database password parameter has special characters"
+                clientdb_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile31.in"
+                 sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile31.in
+                 rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile31.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+                exp_message2_2="PKI Subsystem Type:  Root CA (Security Domain)"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                 rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-032: Interactive CA installation"
+                rlLog "Interactive pkispawn of CA"
+                local expfile=$TmpDir/expectfile.in
+                echo "set timeout 5" > $expfile
+                echo "set force_conservative 0" >> $expfile
+                echo "set send_slow {1 .1}" >> $expfile
+                echo "spawn -noecho pkispawn" >> $expfile
+                echo "expect \"Subsystem \(CA/KRA/OCSP/TKS/TPS\) \[CA\]: \"" >> $expfile
+                echo "send -- \"\r\"" >> $expfile
+                echo "expect \"Instance \[pki-tomcat\]: \"" >> $expfile
+                echo "send -- \"$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)\r\"" >> $expfile
+                echo "expect \"HTTP port \[8080\]: \"" >> $expfile
+                echo "send -- \"$(eval echo \$${prefix}_UNSECURE_PORT)\r\"" >> $expfile
+                echo "expect \"Secure HTTP port \[8443\]: \"" >> $expfile
+                echo "send -- \"$(eval echo \$${prefix}_SECURE_PORT)\r\"" >> $expfile
+                echo "expect \"AJP port \[8009\]: \"" >> $expfile
+                echo "send -- \"$(eval echo \$${prefix}_AJP_PORT)\r\"" >> $expfile
+                echo "expect \"Management port \[8005\]: \"" >> $expfile
+                echo "send -- \"$(eval echo \$${prefix}_TOMCAT_SERVER_PORT)\r\"" >> $expfile
+                echo "expect \"Username \[caadmin\]: \"" >> $expfile
+                echo "send -- \"$(eval echo \$${prefix}_ADMIN_USER)\r\"" >> $expfile
+                echo "expect \"Password: \"" >> $expfile
+                echo "send -- \"$(eval echo \$${prefix}_ADMIN_PASSWORD)\r\"" >> $expfile
+                echo "expect \"Verify password: \"" >> $expfile
+                echo "send -- \"$(eval echo \$${prefix}_ADMIN_PASSWORD)\r\"" >> $expfile
+                echo "expect \"Import certificate (Yes\/No) \[N\]? \"" >> $expfile
+                if [ $(eval echo \$${prefix}_ADMIN_IMPORT_CERT) = "False" ]; then
+                        echo "send -- \"\r\"" >> $expfile
+                else
+                        echo "send -- \"Y\r\"" >> $expfile
+                fi
+                echo "expect \"Export certificate to \[/root/.dogtag/pki-tomcat/ca_admin.cert\]: \"" >> $expfile
+                echo "send -- \"/root/.dogtag/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/ca_admin.cert\r\"" >> $expfile
+                echo "expect \"Hostname \[`hostname`\]: \"" >> $expfile
+                echo "send -- \"$LDAP_HOSTNAME\r\"" >> $expfile
+                echo "expect \"Use a secure LDAPS connection (Yes\/No\/Quit) \[N\]? \"" >> $expfile
+                echo "send -- \"\r\"" >> $expfile
+                echo "expect \"Port \[389\]: \"" >> $expfile
+                echo "send -- \"$(eval echo \$${prefix}_LDAP_PORT)\r\"" >> $expfile
+                echo "expect \"Bind DN \[cn=Directory Manager\]: \"" >> $expfile
+                echo "send -- \"$LDAP_ROOTDN\r\"" >> $expfile
+                echo "expect \"Password: \"" >> $expfile
+                echo "send -- \"$LDAP_ROOTDNPWD\r\"" >> $expfile
+                echo "expect \"Base DN \[o=pki-tomcat-CA\]: \"" >> $expfile
+                echo "send -- \"$(eval echo \$${prefix}_DB_SUFFIX)\r\"" >> $expfile
+                echo "expect \"Name \[`hostname -d` Security Domain\]: \"" >> $expfile
+                echo "send -- \"\r\"" >> $expfile
+                echo "expect \"Begin installation (Yes/No/Quit)? \"" >> $expfile
+                echo "send -- \"Yes\r\"" >> $expfile
+                echo "expect eof" >> $expfile
+                echo "catch wait result" >> $expfile
+                echo "exit [lindex \$result 3]" >> $expfile
+                rlRun "/usr/bin/expect -f $expfile >  $TmpDir/pkispawn_ca.out 2>&1" 0 "Interactive pkispawn of CA should be successful"
+                rlRun "sleep 10"
+                rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+                exp_message2_2="PKI Subsystem Type:  Root CA (Security Domain)"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+                rlLog "cleanup"
+                rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-033: Security domain password parameter has special characters"
+                sec_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile32.in"
+                 sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile32.in
+                 rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile32.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+                exp_message2_2="PKI Subsystem Type:  Root CA (Security Domain)"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+		rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+                 rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-034: CA signed by an external CA - Dogtag Certificate"
+                number=1
+                csr_file=$TmpDir/ca_signing.csr
+                certtype="Dogtag"
+                run_rhcs_install_packages
+                run_install_subsystem_RootCA
+                run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12"
+                rlLog "rhcs_install_CAwithExtCA $number $csr_file $certtype $ROOTCA_ADMIN_CERT_LOCATION $CLIENT_PKCS12_PASSWORD $admin_cert_nickname $SUBSYSTEM_HOST"
+                rhcs_install_CAwithExtCA $number $csr_file $certtype $ROOTCA_ADMIN_CERT_LOCATION $CLIENT_PKCS12_PASSWORD $admin_cert_nickname $SUBSYSTEM_HOST
+                rlRun "remove-ds.pl -f -i slapd-pki-subca${number}" 0 "SUBCA ldap instance removed"
+                rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+                exp_message2_3="Uninstallation complete"
+                rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
+                rlRun "pkidestroy -s CA -i $(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+                exp_message2_3="Uninstallation complete"
+                rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-035: CA signed by an external CA - Microsoft CA Certificate"
+                number=1
+                csr_file=$TmpDir/msca_signing.csr
+                certtype="MSCA"
+                run_rhcs_install_packages
+                rlLog "rhcs_install_CAwithExtCA $number $csr_file $certtype"
+                rhcs_install_CAwithExtCA $number $csr_file $certtype
+                rlRun "pkidestroy -s CA -i $(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+                exp_message2_3="Uninstallation complete"
+                rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
+                rlRun "remove-ds.pl -f -i slapd-pki-subca${number}" 0 "SUBCA ldap instance removed"
+         rlPhaseEnd
+
+	rlPhaseStartSetup "pki_run_rhcs_ca_installer_tests-cleanup"
+        #Delete temporary directory
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+	if [ "$prefix" = "ROOTCA" ]; then
+                rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+        elif [[ $subsystemId = SUBCA* ]]; then
+                rlRun "remove-ds.pl -f -i slapd-pki-subca1" 0 "SUBCA ldap instance removed"
+        fi
+        rlPhaseEnd
 }
diff --git a/tests/dogtag/acceptance/install-tests/kra-installer.sh b/tests/dogtag/acceptance/install-tests/kra-installer.sh
index ca172904d..07111ce31 100644
--- a/tests/dogtag/acceptance/install-tests/kra-installer.sh
+++ b/tests/dogtag/acceptance/install-tests/kra-installer.sh
@@ -34,61 +34,179 @@ run_rhcs_kra_installer_tests()
 	SUBSYSTEM_TYPE=$2
 	MYROLE=$3
 	if [ "$TOPO9" = "TRUE" ] ; then
-        	ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
 	        prefix=$subsystemId
-        	CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
 	elif [ "$MYROLE" = "MASTER" ] ; then
-        	if [[ $subsystemId == SUBCA* ]]; then
-                	ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+		if [[ $subsystemId == SUBCA* ]]; then
 	                prefix=$subsystemId
-        	        CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)	
-        	else
-                	ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION
+		else
 	                prefix=ROOTCA
-        	        CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD
-        	fi
+		fi
 	else
-        	ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION)
 	        prefix=$MYROLE
-	        CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD)
 	fi
 
 	SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
 	INSTANCECFG=/tmp/kra_instance.inf
 	##### Create a temporary directory to save output files #####
 	rlPhaseStartSetup "pki_run_rhcs_kra_installer_tests: Create temporary directory"
-        	rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
-        	rlRun "pushd $TmpDir"
+		rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+		rlRun "pushd $TmpDir"
 	rlPhaseEnd
- 	rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-001: Installing and Uninstalling KRA"
- 		 local number=3
+	rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-001: Installing and Uninstalling KRA"
+		 local number=3
 		 local BEAKERMASTER=`hostname`
 		 local CA=ROOTCA
                  run_rhcs_install_packages
-                 run_install_subsystem_RootCA 
-		 run_install_subsystem_KRA $number $BEAKERMASTER $CA
+                 run_install_subsystem_RootCA
+		 run_install_subsystem_kra $number $BEAKERMASTER $CA
                  rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
                  exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
                  rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
-                 exp_message2_2="PKI Subsystem Type:   (Security Domain)"
+                 exp_message2_2="PKI Subsystem Type:  DRM"
                  rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
                  rlLog "Uninstall KRA tests"
                  rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out
-                 exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallKRA.out"
+                 exp_message2_3="Uninstallation complete"
                  rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallKRA.out"
- 
          rlPhaseEnd
 	rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-002: SSL cert parameters"
 		cp $INSTANCECFG $TmpDir/tmpconfig1.in
 		sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		rlRun "pkispawn -s KRA -f $TmpDir/tmpconfig1.in  > $TmpDir/kra_ssl.out 2>&1" 1 "Should fail"
-                exp_messg3="Installation Failed."
+                exp_messg3="Installation failed."
                 rlAssertGrep "$exp_messg3" "$TmpDir/kra_ssl.out"
+		rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out
+                 exp_message2_3="Uninstallation complete"
+                 rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallKRA.out"
+		rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+		rlRun "sleep 20"
 	rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-003: Token password parameter has special characters"
+                token_password="{\&+\$\@*!"
+		INSTANCECFG_CA=/tmp/ca_instance.inf
+                rlRun "pkispawn -s CA -f $INSTANCECFG_CA" 0 "Install CA"
+                rlRun "sleep 20"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in"
+                 sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in
+                 rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile3.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+                exp_message2_2="PKI Subsystem Type:  DRM"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+		rlRun "sleep 20"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-004: Client pkcs12 password parameter has special characters"
+                client_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in"
+                 sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in
+                 rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile4.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+                exp_message2_2="PKI Subsystem Type:  DRM"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+		rlRun "sleep 20"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-005: Admin password parameter has special characters"
+                admin_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in"
+                 sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in
+                 rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile5.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+                exp_message2_2="PKI Subsystem Type:  DRM"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+		rlRun "sleep 20"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-006: Backup password parameter has special characters"
+                backup_password="{\&+\$\@*!%"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in"
+                 sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in
+                 rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile6.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+                exp_message2_2="PKI Subsystem Type:  DRM"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+		rlRun "sleep 20"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-007: Client database password parameter has special characters"
+                clientdb_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in"
+                 sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in
+                 rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile7.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+                exp_message2_2="PKI Subsystem Type:  DRM"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+		rlRun "sleep 20"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-008: Security domain password parameter has special characters - Ticket 668"
+                sec_password="{\&+\$\@*!"
+                 rlLog "Copying KRA config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in"
+                 sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in
+                 rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile8.in > $TmpDir/kra8.out 2>&1"
+                rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+                exp_message2_2="PKI Subsystem Type:  DRM"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+                rlRun "sleep 20"
+		rlLog "https://fedorahosted.org/pki/ticket/668"
+         rlPhaseEnd
+
+	rlPhaseStartSetup "pki_run_rhcs_kra_installer_tests-cleanup"
+        #Delete temporary directory
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+	rlRun "remove-ds.pl -f -i slapd-pki-kra3-ldap" 0 "KRA ldap instance removed"
+        rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+	rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+        rlPhaseEnd
 }
diff --git a/tests/dogtag/acceptance/install-tests/ocsp-installer.sh b/tests/dogtag/acceptance/install-tests/ocsp-installer.sh
index 08b4f9b19..94c6b382d 100644
--- a/tests/dogtag/acceptance/install-tests/ocsp-installer.sh
+++ b/tests/dogtag/acceptance/install-tests/ocsp-installer.sh
@@ -34,61 +34,177 @@ run_rhcs_ocsp_installer_tests()
 	SUBSYSTEM_TYPE=$2
 	MYROLE=$3
 	if [ "$TOPO9" = "TRUE" ] ; then
-        	ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
 	        prefix=$subsystemId
-        	CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
 	elif [ "$MYROLE" = "MASTER" ] ; then
-        	if [[ $subsystemId == SUBCA* ]]; then
-                	ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+		if [[ $subsystemId == SUBCA* ]]; then
 	                prefix=$subsystemId
-        	        CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)	
-        	else
-                	ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION
+		else
 	                prefix=ROOTCA
-        	        CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD
-        	fi
+		fi
 	else
-        	ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION)
 	        prefix=$MYROLE
-	        CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD)
 	fi
 
 	SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
 	INSTANCECFG=/tmp/ocsp_instance.inf
 	##### Create a temporary directory to save output files #####
 	rlPhaseStartSetup "pki_run_rhcs_ocsp_installer_tests: Create temporary directory"
-        	rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
-        	rlRun "pushd $TmpDir"
+		rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+		rlRun "pushd $TmpDir"
 	rlPhaseEnd
- 	rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-001: Installing and Uninstalling OCSP"
- 		 local number=3
+	rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-001: Installing and Uninstalling OCSP"
+		 local number=3
 		 local BEAKERMASTER=`hostname`
 		 local CA=ROOTCA
                  run_rhcs_install_packages
-                 run_install_subsystem_RootCA 
-		 run_install_subsystem_OCSP $number $BEAKERMASTER $CA
+                 run_install_subsystem_RootCA
+		 run_install_subsystem_ocsp $number $BEAKERMASTER $CA
                  rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
                  exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
                  rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
-                 exp_message2_2="PKI Subsystem Type:   (Security Domain)"
+                 exp_message2_2="PKI Subsystem Type:  OCSP"
                  rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
                  rlLog "Uninstall OCSP tests"
-                 rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out
-                 exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallOCSP.out"
+                 rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallOCSP.out
+                 exp_message2_3="Uninstallation complete"
                  rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallOCSP.out"
- 
          rlPhaseEnd
 	rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-002: SSL cert parameters"
 		cp $INSTANCECFG $TmpDir/tmpconfig1.in
 		sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfig1.in  > $TmpDir/ocsp_ssl.out 2>&1" 1 "Should fail"
-                exp_messg3="Installation Failed."
+                exp_messg3="Installation failed."
                 rlAssertGrep "$exp_messg3" "$TmpDir/ocsp_ssl.out"
+		rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled OCSP"
+                rlRun "sleep 20"
+		rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+                rlRun "sleep 20"
 	rlPhaseEnd
+	rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-003: Token password parameter has special characters"
+                token_password="{\&+\$\@*!"
+		INSTANCECFG_CA=/tmp/ca_instance.inf
+                rlRun "pkispawn -s CA -f $INSTANCECFG_CA" 0 "Install CA"
+                rlRun "sleep 20"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in"
+                 sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in
+                 rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile3.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+                exp_message2_2="PKI Subsystem Type:  OCSP"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlRun "sleep 20"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-004: Client pkcs12 password parameter has special characters"
+                client_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in"
+                 sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in
+                 rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile4.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+                exp_message2_2="PKI Subsystem Type:  OCSP"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlRun "sleep 20"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-005: Admin password parameter has special characters"
+                admin_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in"
+                 sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in
+                 rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile5.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+                exp_message2_2="PKI Subsystem Type:  OCSP"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlRun "sleep 20"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-006: Backup password parameter has special characters"
+                backup_password="{\&+\$\@*!%"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in"
+                 sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in
+                 rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile6.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+                exp_message2_2="PKI Subsystem Type:  OCSP"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlRun "sleep 20"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-007: Client database password parameter has special characters"
+                clientdb_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in"
+                 sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in
+                 rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile7.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+                exp_message2_2="PKI Subsystem Type:  OCSP"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlRun "sleep 20"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-008: Security domain password parameter has special characters - Ticket 668"
+                sec_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in"
+                 sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in
+                 rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile8.in > $TmpDir/ocsp8.out 2>&1"
+                rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+                exp_message2_2="PKI Subsystem Type:  OCSP"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall OCSP"
+                rlRun "sleep 20"
+                rlLog "https://fedorahosted.org/pki/ticket/668"
+         rlPhaseEnd
+
+	rlPhaseStartSetup "pki_run_rhcs_ocsp_installer_tests-cleanup"
+        #Delete temporary directory
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+	rlRun "remove-ds.pl -f -i slapd-pki-ocsp3-ldap" 0 "OCSP ldap instance removed"
+        rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+	rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+        rlPhaseEnd
 }
diff --git a/tests/dogtag/acceptance/install-tests/tks-installer.sh b/tests/dogtag/acceptance/install-tests/tks-installer.sh
index 654a2a1cd..3959f04dd 100644
--- a/tests/dogtag/acceptance/install-tests/tks-installer.sh
+++ b/tests/dogtag/acceptance/install-tests/tks-installer.sh
@@ -34,61 +34,180 @@ run_rhcs_tks_installer_tests()
 	SUBSYSTEM_TYPE=$2
 	MYROLE=$3
 	if [ "$TOPO9" = "TRUE" ] ; then
-        	ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
 	        prefix=$subsystemId
-        	CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
 	elif [ "$MYROLE" = "MASTER" ] ; then
-        	if [[ $subsystemId == SUBCA* ]]; then
-                	ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+		if [[ $subsystemId == SUBCA* ]]; then
 	                prefix=$subsystemId
-        	        CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)	
-        	else
-                	ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION
+		else
 	                prefix=ROOTCA
-        	        CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD
-        	fi
+		fi
 	else
-        	ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION)
 	        prefix=$MYROLE
-	        CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD)
 	fi
 
 	SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
 	INSTANCECFG=/tmp/tks_instance.inf
 	##### Create a temporary directory to save output files #####
 	rlPhaseStartSetup "pki_run_rhcs_tks_installer_tests: Create temporary directory"
-        	rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
-        	rlRun "pushd $TmpDir"
+		rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+		rlRun "pushd $TmpDir"
 	rlPhaseEnd
- 	rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-001: Installing and Uninstalling TKS"
- 		 local number=3
+	rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-001: Installing and Uninstalling TKS"
+		 local number=1
 		 local BEAKERMASTER=`hostname`
 		 local CA=ROOTCA
                  run_rhcs_install_packages
-                 run_install_subsystem_RootCA 
-		 run_install_subsystem_TKS $number $BEAKERMASTER $CA
+                 run_install_subsystem_RootCA
+		 run_install_subsystem_tks $number $BEAKERMASTER $CA
                  rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
                  exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
                  rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
-                 exp_message2_2="PKI Subsystem Type:   (Security Domain)"
+                 exp_message2_2="PKI Subsystem Type:  TKS"
                  rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
                  rlLog "Uninstall TKS tests"
-                 rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out
-                 exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallTKS.out"
+                 rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTKS.out
+                 exp_message2_3="Uninstallation complete"
                  rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTKS.out"
- 
          rlPhaseEnd
 	rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-002: SSL cert parameters"
 		cp $INSTANCECFG $TmpDir/tmpconfig1.in
 		sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
 		rlRun "pkispawn -s TKS -f $TmpDir/tmpconfig1.in  > $TmpDir/tks_ssl.out 2>&1" 1 "Should fail"
-                exp_messg3="Installation Failed."
+                exp_messg3="Installation failed."
                 rlAssertGrep "$exp_messg3" "$TmpDir/tks_ssl.out"
+		rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTKS.out
+                 exp_message2_3="Uninstallation complete"
+                 rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTKS.out"
+		rlRun "sleep 20"
+                rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+                rlRun "sleep 20"
 	rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-003: Token password parameter has special characters"
+                token_password="{\&+\$\@*!"
+		INSTANCECFG_CA=/tmp/ca_instance.inf
+		rlRun "pkispawn -s CA -f $INSTANCECFG_CA" 0 "Install CA"
+                rlRun "sleep 20"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in"
+                 sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in
+                 rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile3.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+                exp_message2_2="PKI Subsystem Type:  TKS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+                rlRun "sleep 20"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-004: Client pkcs12 password parameter has special characters"
+                client_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in"
+                 sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in
+                 rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile4.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+                exp_message2_2="PKI Subsystem Type:  TKS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+                rlRun "sleep 20"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-005: Admin password parameter has special characters"
+                admin_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in"
+                 sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in
+                 rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile5.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+                exp_message2_2="PKI Subsystem Type:  TKS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+                rlRun "sleep 20"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-006: Backup password parameter has special characters"
+                backup_password="{\&+\$\@*!%"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in"
+                 sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in
+                 rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile6.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+                exp_message2_2="PKI Subsystem Type:  TKS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+                rlRun "sleep 20"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-007: Client database password parameter has special characters"
+                clientdb_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in"
+                 sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in
+                 rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile7.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+                exp_message2_2="PKI Subsystem Type:  TKS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+                rlRun "sleep 20"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-008: Security domain password parameter has special characters - Ticket 668"
+                sec_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in"
+                 sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in
+                 rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile8.in > $TmpDir/tks8.out 2>&1"
+                rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+                exp_message2_2="PKI Subsystem Type:  TKS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+                rlRun "sleep 20"
+                rlLog "https://fedorahosted.org/pki/ticket/668"
+         rlPhaseEnd
+
+	rlPhaseStartSetup "pki_run_rhcs_tks_installer_tests-cleanup"
+        #Delete temporary directory
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+	rlRun "remove-ds.pl -f -i slapd-pki-tks1-ldap" 0 "TKS ldap instance removed"
+        rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+        rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+        rlPhaseEnd
 }
diff --git a/tests/dogtag/acceptance/install-tests/tps-installer.sh b/tests/dogtag/acceptance/install-tests/tps-installer.sh
new file mode 100755
index 000000000..28f90aca2
--- /dev/null
+++ b/tests/dogtag/acceptance/install-tests/tps-installer.sh
@@ -0,0 +1,242 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/installer-tests/tps-installer.sh
+#   Description: PKI TPS Installer Test
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# Include files
+. ./acceptance/quickinstall/rhcs-set-time.sh
+. ./acceptance/quickinstall/rhcs-install.sh
+. ./acceptance/quickinstall/rhcs-install-lib.sh
+. /opt/rhqa_pki/env.sh
+run_rhcs_tps_installer_tests()
+{
+	subsystemId=$1
+	SUBSYSTEM_TYPE=$2
+	MYROLE=$3
+	if [ "$TOPO9" = "TRUE" ] ; then
+	        prefix=$subsystemId
+	elif [ "$MYROLE" = "MASTER" ] ; then
+		if [[ $subsystemId == SUBCA* ]]; then
+	                prefix=$subsystemId
+		else
+	                prefix=ROOTCA
+		fi
+	else
+	        prefix=$MYROLE
+	fi
+
+	SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
+	INSTANCECFG=/tmp/tps_instance.inf
+	##### Create a temporary directory to save output files #####
+	rlPhaseStartSetup "pki_run_rhcs_tps_installer_tests: Create temporary directory"
+		rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+		rlRun "pushd $TmpDir"
+	rlPhaseEnd
+	rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-001: Installing and Uninstalling TPS BZ1188331"
+		 local number=3
+		 local BEAKERMASTER=`hostname`
+		 local CA=ROOTCA
+		 local KRA=KRA3
+		 local TKS=TKS1
+		 local TKS_number=1
+		 local TPS_number=1
+                 run_rhcs_install_packages
+                 run_install_subsystem_RootCA
+		 run_install_subsystem_kra $number $BEAKERMASTER $CA
+		 run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA
+		 run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $KRA $TKS
+                 rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+                 exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                 rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+                 exp_message2_2="PKI Subsystem Type:  tps"
+                 rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+                 rlLog "Uninstall TPS tests"
+                 rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTPS.out
+                 exp_message2_3="Uninstallation complete"
+                 rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTPS.out"
+		rlRun "sleep 20"
+		 rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-002: Server side keygen is set to false, installation successful BZ1188331"
+		 cp $INSTANCECFG $TmpDir/tmpconfig2.in
+		 sed -i -e "/pki_enable_server_side_keygen=/s/=.*/=False/g" $TmpDir/tmpconfig2.in
+		rlRun "sleep 5"
+		 sed -i -e "/pki_kra_uri/d" $TmpDir/tmpconfig2.in
+		rlRun "sleep 5"
+		 rlRun "pkispawn -s TPS -v -f $TmpDir/tmpconfig2.in  > $TmpDir/tps_keygen.out 2>&1" 0 "Should pass"
+                 rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+                 exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                 rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+                 exp_message2_2="PKI Subsystem Type:   (Security Domain)"
+                 rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+                 rlLog "Uninstall TPS tests"
+                 rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTPS.out
+                 exp_message2_3="Uninstallation complete"
+                 rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTPS.out"
+		 rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-003: Token password parameter has special characters BZ1188331"
+                token_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in"
+                 sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in
+                 rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile3.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+                exp_message2_2="PKI Subsystem Type:  TPS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+                rlRun "sleep 20"
+		rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-004: Client pkcs12 password parameter has special characters  BZ1188331"
+                client_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in"
+                 sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in
+                 rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile4.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+                exp_message2_2="PKI Subsystem Type:  TPS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+                rlRun "sleep 20"
+		rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-005: Admin password parameter has special characters BZ1188331"
+                admin_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in"
+                 sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in
+                 rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile5.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+                exp_message2_2="PKI Subsystem Type:  TPS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+                rlRun "sleep 20"
+		rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+         rlPhaseEnd
+
+        rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-006: Backup password parameter has special characters BZ1188331"
+                backup_password="{\&+\$\@*!%"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in"
+                 sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in
+                 rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile6.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+                exp_message2_2="PKI Subsystem Type:  TPS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+                rlRun "sleep 20"
+		rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-007: Client database password parameter has special characters BZ1188331"
+                clientdb_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in"
+                 sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in
+                 rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile7.in"
+                rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+                exp_message2_2="PKI Subsystem Type:  TPS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+                rlRun "sleep 20"
+		rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-008: Security domain password parameter has special characters - Ticket 668"
+                sec_password="{\&+\$\@*!"
+                 rlLog "Copying config file into temp file"
+                 rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in"
+                 sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in
+                 rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile8.in > $TmpDir/tps8.out 2>&1"
+                rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+                exp_message2_1="PKI Instance Name:   $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+                rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+                exp_message2_2="PKI Subsystem Type:  TPS"
+                rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+                  #expected output & cleanup
+                 rlLog "cleanup"
+                 rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+                rlRun "sleep 20"
+                rlLog "https://fedorahosted.org/pki/ticket/668"
+         rlPhaseEnd
+
+	rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-009: SSL cert parameters"
+		cp $INSTANCECFG $TmpDir/tmpconfig1.in
+		sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
+		sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
+		sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
+		sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
+		sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
+		sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
+		sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in
+		rlRun "sleep 5"
+		rlRun "pkispawn -s TPS -f $TmpDir/tmpconfig1.in  > $TmpDir/tps_ssl.out 2>&1" 1 "Should fail"
+                exp_messg3="Installation failed."
+                rlAssertGrep "$exp_messg3" "$TmpDir/tps_ssl.out"	
+	rlPhaseEnd
+
+	rlPhaseStartSetup "pki_run_rhcs_tps_installer_tests-cleanup"
+        #Delete temporary directory
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+	rlRun "remove-ds.pl -f -i slapd-pki-kra3-ldap" 0 "KRA ldap instance removed"
+	rlRun "remove-ds.pl -f -i slapd-pki-tks1-ldap" 0 "TKS ldap instance removed"
+	rlRun "remove-ds.pl -f -i slapd-pki-tps1-ldap" 0 "TPS ldap instance removed"
+	rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled TPS"
+	rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled TKS"
+	rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled KRA"
+        rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+        rlPhaseEnd
+}
diff --git a/tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh b/tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh
new file mode 100755
index 000000000..17e7557df
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh
@@ -0,0 +1,5703 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy/tps-tests/tps-enrollments.sh
+#   Description: TPS Enrollment tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Roshni Pattath <rpattath@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_tps-enrollment_tests()
+{
+        local cs_Type=$1
+        local cs_Role=$2
+        
+	# Creating Temporary Directory for tps-enrollments tests
+        rlPhaseStartSetup "pki_tps_enrollments Temporary Directory"
+        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlPhaseEnd
+
+        # Local Variables
+        get_topo_stack $cs_Role $TmpDir/topo_file
+        local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+	local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2)
+        local target_unsecure_port=$(eval echo \$${TPS_INST}_UNSECURE_PORT)
+        local target_secure_port=$(eval echo \$${TPS_INST}_SECURE_PORT)
+        local tmp_ca_admin=$CA_INST\_adminV
+	local tmp_ca_agent=$CA_INST\_agentV
+        local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT)
+        local tmp_tps_host=$(eval echo \$${cs_Role})
+        local valid_admin_cert=$TPS_INST\_adminV
+	local valid_agent_cert=$TPS_INST\_agentV
+	local valid_admin1_cert=$TPS_INST\_admin1V
+        local valid_agent1_cert=$TPS_INST\_agent1V
+	local valid_admin_user=$TPS_INST\_adminV
+        local valid_admin_user_password=$TPS_INST\_adminV_password
+
+	rlPhaseStartTest "pki_tps_enrollments-001: Add an LDAP user and enroll a token using tpsclient"
+        ldap_user_num=001
+        change_type="add"
+        passwd="redhat"
+        local tps_out="$TmpDir/admin_out_tpsenroll001"
+        local cuid="10000000000000000001"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers001.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers001.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers001.ldif | grep uid: | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll001.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll001.test
+        /usr/bin/tpsclient < $TmpDir/enroll001.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-002: Pin reset a token using tpsclient"
+        local tps_out="$TmpDir/admin_out_tpsenroll002"
+        local cuid="10000000000000000001"
+        rlLog "gen_pin_reset_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/pinreset002.test"
+        gen_pin_reset_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/pinreset002.test
+        /usr/bin/tpsclient < $TmpDir/pinreset002.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_reset_pin' Success" "$tps_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-003: Format a token using tpsclient"
+        local tps_out="$TmpDir/admin_out_tpsenroll003"
+        local cuid="10000000000000000001"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format003.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format003.test
+        /usr/bin/tpsclient < $TmpDir/format003.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	#Cleanup
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+	rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+        #### TPS audit logging is not functional yet. https://fedorahosted.org/pki/ticket/1006 and https://fedorahosted.org/pki/ticket/1007	
+	
+	rlPhaseStartTest "pki_tps_enrollments-004: Perform 50 enrollments"
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 50 > $TmpDir/ldapusers004.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers004.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 51 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="3000000000000000000$i"
+        else
+                cuid="300000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers004.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+         i=1
+        while [ $i -lt 51 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="3000000000000000000$i"
+                else
+                        cuid="300000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+	#Cleanup
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-005: Edit the key size property of userKey profile - BZ 1192232"
+        header_005="$TmpDir/header005"
+        local tps_out="$TmpDir/admin_out_tpsenroll0053"
+        local cuid="10000000000000000053"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers005.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers005.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers005.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test
+        /usr/bin/tpsclient < $TmpDir/enroll0053.test > $tps_out 2>&1
+        rlRun "sleep 10"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        #Verify the certs on the token. Implement that after https://fedorahosted.org/pki/ticket/1164 is fixed
+        #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+        #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 |  tr -d ' ')
+        #for j in ${serial[@]}; do
+        #        rlLog "$j"
+        #        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+        #        rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out"
+        #        rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out"
+        #done
+        rlRun "curl --dump-header  $header_005 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate005"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate005"
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232"
+        # Remove the below when bug 1192232 is fixed
+        rlRun "curl --dump-header  $header_005 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate005"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+        rlRun "curl --dump-header  $header_005 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate005"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+        rlLog "Download userKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile005"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile005" 0 "Download user key profile to a file"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile005
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile005
+        rlRun "curl --dump-header  $header_005 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile005 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize005"
+	rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+        rlRun "curl --dump-header  $header_005 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/verifykeysize005"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/verifykeysize005"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/verifykeysize005"
+        rlRun "curl --dump-header  $header_005 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate005"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/changestate005"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test
+        /usr/bin/tpsclient < $TmpDir/format005.test > $tps_out 2>&1
+
+        rlRun "sleep 10"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+        rlLog "gen_enroll_data_file  $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test
+        /usr/bin/tpsclient < $TmpDir/enroll0053.test > $tps_out 2>&1
+        rlRun "sleep 10"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+         #Verify the certs on the token to check if the key size changes have been applied
+        #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+        #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 |  tr -d ' ')
+        #for j in ${serial[@]}; do
+        #        rlLog "$j"
+        #        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+        #        rlAssertGrep "2048 bits" "$TmpDir/keysizecheck.out"
+        #        rlAssertNotGrep "1024 bits" "$TmpDir/keysizecheck.out"
+        #done
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test
+        /usr/bin/tpsclient < $TmpDir/format005.test > $tps_out 2>&1
+        rlRun "sleep 10"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        #Cleanup
+        rlRun "curl --dump-header  $header_005 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate005"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+        rlAssertGrep "<Status>Disabled</Status>" "$TmpDir/changestate005"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile005
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile005
+        rlRun "curl --dump-header  $header_005 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile005 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize005"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+        rlRun "curl --dump-header  $header_005 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/verifykeysize005"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/verifykeysize005"
+        rlRun "curl --dump-header  $header_005 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate005"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/changestate005"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0053.test > $tps_out 2>&1
+        rlRun "sleep 10"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+         #Verify the certs on the token to check if the key size changes have been applied
+        #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+        #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 |  tr -d ' ')
+        #for j in ${serial[@]}; do
+        #        rlLog "$j"
+        #        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+        #        rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out"
+        #        rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out"
+        #done
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test
+        /usr/bin/tpsclient < $TmpDir/format005.test > $tps_out 2>&1
+        rlRun "sleep 10"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-006: Admin cannot edit userKey profile unless Agent disables the profile"
+        header_006="$TmpDir/header006"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Check the status of userKey Profile is Enabled"
+        rlRun "curl --dump-header  $header_006 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate006"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate006"
+        rlLog "Download userKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile006"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile006" 0 "Download user key profile to a file"
+        rlLog "Edit the userKey Profile xml file by changing the encryption key keySize and update the profile. This should fail."
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile006
+        rlLog "curl --dump-header  $header_006 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile006 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey"
+        rlRun "curl --dump-header  $header_006 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile006 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize006"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 403 Forbidden" "$header_006"
+        rlAssertGrep "Unable to update profile userKey" "$TmpDir/changekeysize006"
+        rlLog "Agent disables the profile userKey"
+        rlRun "curl --dump-header  $header_006 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate006"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+        rlLog "Edit userKey profile - key size of encryption key 1024-2048"
+        rlRun "curl --dump-header  $header_006 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile006 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize006"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize006"
+        rlRun "curl --dump-header  $header_006 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate006"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+        rlRun "curl --dump-header  $header_006 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate006"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/currentstate006"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate006"
+                #Revert back the changes
+        rlRun "curl --dump-header  $header_006 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate006"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile006
+        rlLog "curl --dump-header  $header_006 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                       -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile006 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey"
+        rlRun "curl --dump-header  $header_006 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile006 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize006"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize006"
+        rlRun "curl --dump-header  $header_006 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate006"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+        rlRun "curl --dump-header  $header_006 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate006"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/currentstate006"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate006"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-007: Enrollment fails when profile is disabled - BZ 1192232"
+        header_007="$TmpDir/header007"
+        local tps_out="$TmpDir/admin_out_tpsenroll0054"
+        local cuid="10000000000000000054"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Check the status of userKey Profile is Enabled and disable it."
+        rlRun "curl --dump-header  $header_007 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate007"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_007"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate007"
+	rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232"
+        # Remove the below when bug 1192232 is fixed
+        rlRun "curl --dump-header  $header_007 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate007"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_007"
+
+	rlLog "Disable the userKey profile"
+	rlRun "curl --dump-header  $header_007 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate007"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_007"
+	rlAssertGrep "<Status>Disabled</Status>" "$TmpDir/changestate007"
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers007.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers007.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers007.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0054.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0054.test
+        /usr/bin/tpsclient < $TmpDir/enroll0054.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format007.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format007.test
+        /usr/bin/tpsclient < $TmpDir/format007.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+        #Revert back the change
+        rlRun "curl --dump-header  $header_007 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate007"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_007"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_tps_enrollments-008: Agent approves the profile changes made by Admin"
+        header_008="$TmpDir/header008"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Check the status of userKey Profile is Enabled"
+        rlRun "curl --dump-header  $header_008 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate008"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate008"
+        rlLog "Download userKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile008"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile008" 0 "Download user key profile to a file"
+        rlLog "Agent disables the profile userKey"
+        rlRun "curl --dump-header  $header_008 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate008"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile008
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile008
+        rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+        rlRun "curl --dump-header  $header_008 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile008 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize008"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize008"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Agent user approve and enable the profile"
+	rlRun "curl --dump-header  $header_008 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate008"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+        rlRun "curl --dump-header  $header_008 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate008"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/currentstate008"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/currentstate008"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate008"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+
+        #Revert back the changes
+        rlRun "curl --dump-header  $header_008 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate008"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile008
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile008
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "curl --dump-header  $header_008 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                       -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile008 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey"
+        rlRun "curl --dump-header  $header_008 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile008 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize008"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+	rlRun "curl --dump-header  $header_008 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate008"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+        rlRun "curl --dump-header  $header_008 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate008"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/currentstate008"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024" "$TmpDir/currentstate008"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate008"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-009: Enrollment fails when profile is in Pending_Approval state"
+        header_009="$TmpDir/header009"
+        local tps_out="$TmpDir/admin_out_tpsenroll0055"
+        local cuid="10000000000000000055"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Check the status of userKey Profile is Enabled and disable it."
+        rlRun "curl --dump-header  $header_009 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate009"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate009"
+        rlLog "Download userKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile009"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile009" 0 "Download user key profile to a file"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlRun "curl --dump-header  $header_009 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate009"
+                rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+        rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile009
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile009
+        rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+        rlRun "curl --dump-header  $header_009 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile009 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize009"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize009"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers009.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers009.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers009.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0055.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0055.test
+        /usr/bin/tpsclient < $TmpDir/enroll0055.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "Approve the profile changes"
+        rlRun "curl --dump-header  $header_009 \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -X POST \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/currentstate009"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+        rlRun "curl --dump-header  $header_009 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate009"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/currentstate009"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/currentstate009"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate009"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0055.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        #Verify the certs on the token to check if the key size changes have been applied
+        #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+        #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 |  tr -d ' ')
+        #for j in ${serial[@]}; do
+        #        rlLog "$j"
+        #        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+        #        rlAssertGrep "2048 bits" "$TmpDir/keysizecheck.out"
+        #        rlAssertNotGrep "1024 bits" "$TmpDir/keysizecheck.out"
+        #done
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format009.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format009.test
+        /usr/bin/tpsclient < $TmpDir/format009.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        #Revert back the change
+        rlRun "curl --dump-header  $header_009 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate009"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile009
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile009
+        rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+        rlRun "curl --dump-header  $header_009 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile009 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize009"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize009"
+        rlRun "curl --dump-header  $header_009 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate009"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+        rlRun "curl --dump-header  $header_009 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+               -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate009"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/currentstate009"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024" "$TmpDir/currentstate009"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate009"
+        /usr/bin/tpsclient < $TmpDir/enroll0055.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        #Verify the certs on the token to check if the key size changes have been reverted      
+        #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+        #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 |  tr -d ' ')
+        #for j in ${serial[@]}; do
+        #        rlLog "$j"
+        #        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+        #        rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out"
+        #        rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out"
+        #done
+
+        /usr/bin/tpsclient < $TmpDir/format009.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-010: Create a new profile using the properties of userKey profile and agent approves"
+        header_010="$TmpDir/header010"
+        local tps_out="$TmpDir/admin_out_tpsenroll0056"
+        local cuid="10000000000000000056"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Check the status of userKey Profile is Enabled."
+        rlRun "curl --dump-header  $header_010 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate010"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate010"
+        rlLog "Download userKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile010"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile010" 0 "Download user key profile to a file"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Disable the userKey profile"
+        rlRun "curl --dump-header  $header_010 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate010"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+        rlLog "Delete the userKey profile"
+        rlRun "curl --dump-header  $header_010 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize010"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_010"
+        rlLog "Verify the profile userKey has been deleted"
+        rlRun "curl --dump-header $header_010 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate010"
+        rlAssertGrep "HTTP/1.1 404 Not Found" "$header_010"
+        rlLog "Set the keySize to 2048 in the saved userKey profile xml file"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile010
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile010
+        rlLog "Create a profile with the name userKey"
+        rlRun "curl --dump-header  $header_010 \
+                       -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X POST \
+                        --data @$TmpDir/userkey-profile010 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles > $TmpDir/changekeysize010"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 201 Created" "$header_010"
+        rlLog "Verify the userKey profile has been created"
+        rlRun "curl --dump-header  $header_010 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate010"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+        rlLog "Enable the profile before attempting enrollment"
+        rlRun "curl --dump-header  $header_010 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate010"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+        rlLog "Enroll and format a token using tpsclient"
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers010.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers010.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers009.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0056.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0056.test
+        /usr/bin/tpsclient < $TmpDir/enroll0056.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        #Verify the certs on the token to check if the key size changes have been reverted      
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+        serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 |  tr -d ' ')
+        for j in ${serial[@]}; do
+                rlLog "$j"
+                rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+                rlAssertGrep "2048 bits" "$TmpDir/keysizecheck.out"
+                rlAssertNotGrep "1024 bits" "$TmpDir/keysizecheck.out"
+        done
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format010.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format010.test
+        /usr/bin/tpsclient < $TmpDir/format010.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlLog "Edit the keySize back to 1024"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile010
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile010
+        rlLog "Disable the profile before editing it"
+
+        rlRun "curl --dump-header  $header_010 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate010"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+
+        rlRun "curl --dump-header  $header_010 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile010 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize010"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+
+        rlLog "Approve the changes made to the profile"
+
+        rlRun "curl --dump-header  $header_010 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate010"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+        /usr/bin/tpsclient < $TmpDir/enroll0056.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        #Verify the certs on the token to check if the key size changes have been reverted      
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+        serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 |  tr -d ' ')
+        for j in ${serial[@]}; do
+                rlLog "$j"
+                rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+                rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out"
+                rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out"
+        done
+
+        /usr/bin/tpsclient < $TmpDir/format010.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+		
+
+	rlPhaseStartTest "pki_tps_enrollments-011: Create a new profile userKey when userKey profile already exists"
+        header_011="$TmpDir/header011"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Check the status of userKey Profile is Enabled."
+        rlRun "curl --dump-header  $header_011 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate011"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate011"
+        rlLog "Download userKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile011"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile011" 0 "Download user key profile to a file"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Disable the userKey profile"
+        rlRun "curl --dump-header  $header_011 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate011"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+        rlLog "Set the keySize to 2048 in the saved userKey profile xml file"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile011
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile011
+        rlRun "curl --dump-header  $header_011 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile011 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize011"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+        rlLog "Approve the changes made to the profile"
+
+        rlRun "curl --dump-header  $header_011 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate011"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+        rlRun "curl --dump-header  $header_011 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate011"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate011"
+        rlLog "Create a profile with the name userKey"
+        rlRun "curl --dump-header  $header_011 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X POST \
+                        --data @$TmpDir/userkey-profile011 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles > $TmpDir/changekeysize011"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 409 Conflict" "$header_011"
+
+        # Revert back the changes
+
+        rlLog "Disable the userKey profile"
+        rlRun "curl --dump-header  $header_011 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate011"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+        rlLog "Set the keySize to 2048 in the saved userKey profile xml file"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile011
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile011
+        rlRun "curl --dump-header  $header_011 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile011 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize011"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+        rlLog "Approve the changes made to the profile"
+
+        rlRun "curl --dump-header  $header_011 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate011"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+        rlRun "curl --dump-header  $header_011 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate011"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate011"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-012: Profile is not enabled if it is rejected by agent after modification to profile"
+        header_012="$TmpDir/header012"
+        local tps_out="$TmpDir/admin_out_tpsenroll0057"
+        local cuid="10000000000000000057"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Check the status of userKey Profile is Enabled."
+        rlRun "curl --dump-header  $header_012 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate012"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate012"
+        rlLog "Download userKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile012"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile012" 0 "Download user key profile to a file"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+
+        rlLog "Disable the userKey profile"
+        rlRun "curl --dump-header  $header_012 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate012"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+        rlLog "Set the keySize to 2048 in the saved userKey profile xml file"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile012
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile012
+        rlRun "curl --dump-header  $header_012 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile012 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize012"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+
+        rlLog "Reject the changes made to the profile"
+
+        rlRun "curl --dump-header  $header_012 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=reject > $TmpDir/changestate012"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+
+        rlRun "curl --dump-header  $header_012 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate012"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+        rlAssertGrep "<Status>Disabled</Status>" "$TmpDir/currentstate012"
+
+        #Revert the changes back
+
+        rlLog "Set the keySize to 1024 in the saved userKey profile xml file"
+                sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile012
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile012
+        rlRun "curl --dump-header  $header_012 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile012 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize012"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+
+        rlLog "Approve the changes made to the profile"
+
+        rlRun "curl --dump-header  $header_012 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate012"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+        rlRun "curl --dump-header  $header_012 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate012"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate012"
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers010.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers010.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers009.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0057.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0057.test
+        /usr/bin/tpsclient < $TmpDir/enroll0057.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        #Verify the certs on the token to check if the key size changes have been reverted      
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+        serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 |  tr -d ' ')
+        for j in ${serial[@]}; do
+                rlLog "$j"
+                rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+                rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out"
+                rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out"
+        done
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format012.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format012.test
+        /usr/bin/tpsclient < $TmpDir/format012.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	 ### TPS subsystem connection is not working. https://bugzilla.redhat.com/show_bug.cgi?id=1194050. 2 tests skipped.
+
+        rlPhaseStartTest "pki_tps_enrollments-013: Edit the mapping order of enrollment profile mapper - BZ 1192232"
+        header_013="$TmpDir/header013"
+        local tps_out="$TmpDir/admin_out_tpsenroll0058"
+        local cuid="10000000000000000058"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Review the mapping order of enroll profile mapping"
+        rlRun "curl --dump-header  $header_013 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/currentstate013"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+        rlAssertGrep "<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">0,1,2" "$TmpDir/currentstate013"
+        rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate013"
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232"
+	# Remove the below when bug 1192232 is fixed
+        rlRun "curl --dump-header  $header_013 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate013"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+                rlRun "curl --dump-header  $header_013 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=disable > $TmpDir/changestate013"
+                rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+        rlLog "Download enroll mapping profile"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping013"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping013" 0 "Download enroll profile mapping to a file"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)"
+
+        rlLog "Set the enroll profile mapping order property to 2,0,1"
+        sed -i -e "s/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">0,1,2/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">2,0,1/g" $TmpDir/enroll-profile-mapping013
+        rlRun "curl --dump-header  $header_013 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/enroll-profile-mapping013 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/changeorder013"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+        rlRun "curl --dump-header  $header_013 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate013"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+        rlAssertGrep "<Status>Enabled" "$TmpDir/changestate013"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)"
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers013.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers013.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers013.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0058.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0058.test
+        /usr/bin/tpsclient < $TmpDir/enroll0058.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format013.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format013.test
+        /usr/bin/tpsclient < $TmpDir/format013.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+        #Revert back the change
+        rlRun "curl --dump-header  $header_013 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=disable > $TmpDir/changestate013"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+
+        sed -i -e "s/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">2,0,1/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">0,1,2/g" $TmpDir/enroll-profile-mapping013
+        rlRun "curl --dump-header  $header_013 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/enroll-profile-mapping013 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/changeorder013"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+
+        rlRun "curl --dump-header  $header_013 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate013"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+        rlAssertGrep "<Status>Enabled" "$TmpDir/changestate013"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0058.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        /usr/bin/tpsclient < $TmpDir/format013.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-014: Delete the existing enroll mapping profile and add a new one"
+        header_014="$TmpDir/header014"
+        local tps_out="$TmpDir/admin_out_tpsenroll0059"
+        local cuid="10000000000000000059"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Review the mapping order of enroll profile mapping"
+        rlRun "curl --dump-header  $header_014 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/currentstate014"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_014"
+        rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate014"
+        rlRun "curl --dump-header  $header_014 \
+                    -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                    -X POST \
+                    -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=disable > $TmpDir/changestate014"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_014"
+
+        rlLog "Download enroll mapping profile"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping014"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping014" 0 "Download enroll profile mapping to a file"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)"
+        rlRun "curl --dump-header  $header_014 \
+                    -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                    -X DELETE \
+                    -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/deletemapping014"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_014"
+        rlAssertNotGrep "enrollMappingResolver" "$TmpDir/deletemapping014"
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers014.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers014.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers014.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0059.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0059.test
+        /usr/bin/tpsclient < $TmpDir/enroll0059.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format014.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format014.test
+        /usr/bin/tpsclient < $TmpDir/format014.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlLog "Create a new enroll profile mapping using the downloaded file"
+        rlRun "curl --dump-header  $header_014 \
+                       -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X POST \
+                        --data @$TmpDir/enroll-profile-mapping014 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings > $TmpDir/addenrollmapping014"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 201 Created" "$header_014"
+        rlAssertGrep "enrollMappingResolver" "$TmpDir/addenrollmapping014"
+
+        rlRun "curl --dump-header  $header_014 \
+                    -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                    -X POST \
+                    -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate014"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_014"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0059.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        /usr/bin/tpsclient < $TmpDir/format014.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-015: TPS process shutdown when the audit log (disk) is full - PKI ticket 1006"
+        header_015="$TmpDir/header015"
+        local tps_out="$TmpDir/admin_out_tpsenroll0060"
+        local cuid="10000000000000000060"
+        partition_created="false"
+        new_mount_dir="/tps-audit-logs"
+        #Create 2M ram-disk for the audit logs
+        rlRun "mkdir $new_mount_dir"
+        rlRun "mount -t tmpfs -o size=2M,mode=0755 tmpfs $new_mount_dir"
+        rlRun "chown pkiuser:pkiuser $new_mount_dir"
+        # Add appropriate selinux context to the partition:
+        semanage_loc="/usr/sbin/semanage"
+        rlRun "$semanage_loc fcontext -a -t pki_tomcat_log_t $new_mount_dir"
+        rlRun "restorecon -vR $new_mount_dir"
+        partition_created="true"
+
+        if [ $partition_created = "true" ]; then
+                #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak015"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s,log.instance.SignedAudit.fileName=.*,log.instance.SignedAudit.fileName=$new_mount_dir/tps-audit.log,g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Check and delete audit failure message from error log
+                #no error log file
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+                passwd="redhat"
+                rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers015.ldif"
+                rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers015.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+                ldap_user=$(cat $TmpDir/ldapusers015.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+                rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format015.test"
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format015.test
+                /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+                rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0060.test"
+                gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0060.test
+                /usr/bin/tpsclient < $TmpDir/enroll0060.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+                #Fill the disk
+                rlRun "dd if=/dev/zero of=$new_mount_dir/bigfile bs=10K count=117"
+#change ownership of the file
+                rlRun "chown pkiuser: $new_mount_dir/bigfile"
+
+                /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+                /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+                /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+                /usr/bin/tpsclient < $TmpDir/enroll0060.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+                #Remove this when the bug is fixed
+                /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+                #Check the error log for message for failure to write to audit log
+                rlFail "No Audit log messages - https://fedorahosted.org/pki/ticket/1006 and https://fedorahosted.org/pki/ticket/1007"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+                # restore CS.cfg
+                rlRun "cp $tps_conf_bak $tps_conf"
+		rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+                #Cleanup partition
+                rlRun "umount $new_mount_dir"
+                rlRun "rm -rf $new_mount_dir"
+		rlRun "rm -rf $tps_conf_bak"
+
+        fi
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-016: TPS process shutdown when the signed audit log (disk) is full - PKI ticket 1006"
+        header_016="$TmpDir/header016"
+        local tps_out="$TmpDir/admin_out_tpsenroll0061"
+        local cuid="10000000000000000061"
+        partition_created="false"
+        new_mount_dir="/tps-audit-log1"
+        #Create 2M ram-disk for the audit logs
+        rlRun "mkdir $new_mount_dir"
+        rlRun "mount -t tmpfs -o size=2M,mode=0755 tmpfs $new_mount_dir"
+        rlRun "chown pkiuser:pkiuser $new_mount_dir"
+        # Add appropriate selinux context to the partition:
+        semanage_loc="/usr/sbin/semanage"
+        rlRun "$semanage_loc fcontext -a -t pki_tomcat_log_t $new_mount_dir"
+        rlRun "restorecon -vR $new_mount_dir"
+        partition_created="true"
+
+        if [ $partition_created = "true" ]; then
+                #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak016"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s,log.instance.SignedAudit.fileName=.*,log.instance.SignedAudit.fileName=$new_mount_dir/tps-audit.log,g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.signedAuditCertNickname=.*/log.instance.SignedAudit.signedAuditCertNickname=$(eval echo \$${TPS_INST}_AUDIT_SIGNING_CERT_NICKNAME)/g" $tps_conf
+                rlLog "$(cat $tps_conf | grep log.instance.SignedAudit.fileName)"
+                rlLog "$(cat $tps_conf | grep log.instance.SignedAudit.logSigning)"
+                rlLog "$(cat $tps_conf | grep log.instance.SignedAudit.signedAuditCertNickname)"
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Check and delete audit failure message from error log
+                #no error log file
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+                passwd="redhat"
+                rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers016.ldif"
+                rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers016.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+                ldap_user=$(cat $TmpDir/ldapusers016.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+                rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format016.test"
+		gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format016.test
+                /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+                rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0061.test"
+                gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0061.test
+                /usr/bin/tpsclient < $TmpDir/enroll0061.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+                #Fill the disk
+                rlRun "dd if=/dev/zero of=$new_mount_dir/bigfile bs=10K count=117"
+                #change ownership of the file
+                rlRun "chown pkiuser: $new_mount_dir/bigfile"
+
+                /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+                /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+                /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+                /usr/bin/tpsclient < $TmpDir/enroll0061.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+                #Remove this when the bug is fixed
+                /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+                #Check the error log for message for failure to write to audit log
+                rlFail "No Audit log messages - https://fedorahosted.org/pki/ticket/1006 and https://fedorahosted.org/pki/ticket/1007"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+                # restore CS.cfg
+                rlRun "cp $tps_conf_bak $tps_conf"
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+                #Cleanup partition
+                rlRun "umount $new_mount_dir"
+                rlRun "rm -rf $new_mount_dir"
+                rlRun "rm -rf $tps_conf_bak"
+
+        fi
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-017: Audit messages are flushed to the log file for every given flush interval - PKI ticket 1006"
+        header_017="$TmpDir/header017"
+        local tps_out="$TmpDir/admin_out_tpsenroll0062"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak017"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers017.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers017.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers017.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        rlLog "$i"
+        done
+
+        #Wait for flush interval
+        rlRun "sleep 5"
+
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-018: Audit messages are flushed to the log file for every given flush interval when the flush interval is longer - PKI ticket 1006"
+        header_018="$TmpDir/header018"
+        local tps_out="$TmpDir/admin_out_tpsenroll0063"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak018"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers018.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers018.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers018.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+        #Wait for flush interval
+        rlRun "sleep 123"
+
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-019: Audit messages are flushed to the log file for every given flush interval when the flush interval is 0 - PKI ticket 1006"
+        header_019="$TmpDir/header019"
+        local tps_out="$TmpDir/admin_out_tpsenroll0064"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak019"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers019.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers019.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers019.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+
+
+        rlPhaseStartTest "pki_tps_enrollments-020: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog - PKI ticket 1006"
+        header_020="$TmpDir/header020"
+        local tps_out="$TmpDir/admin_out_tpsenroll0065"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak020"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers020.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers020.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers020.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+        #Wait for flush interval
+        rlRun "sleep 5"
+
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_tps_enrollments-021: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog and longer flush interval - PKI ticket 1006"
+        header_021="$TmpDir/header021"
+        local tps_out="$TmpDir/admin_out_tpsenroll0066"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak021"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers021.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers021.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers021.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+        #Wait for flush interval
+        rlRun "sleep 123"
+
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+
+
+        rlPhaseStartTest "pki_tps_enrollments-022: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog and flush interval is 0 - PKI ticket 1006"
+        header_022="$TmpDir/header022"
+        local tps_out="$TmpDir/admin_out_tpsenroll0067"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak022"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers022.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers022.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers022.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+
+
+        rlPhaseStartTest "pki_tps_enrollments-023: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog, buffer size is very small and flush interval is 5s - PKI ticket 1006"
+        header_023="$TmpDir/header023"
+        local tps_out="$TmpDir/admin_out_tpsenroll0068"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak023"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers023.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers023.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers023.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+        #Wait for flush interval
+        rlRun "sleep 5"
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+
+
+        rlPhaseStartTest "pki_tps_enrollments-024: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog and buffer size is 0 - PKI ticket 1006"
+        header_024="$TmpDir/header024"
+        local tps_out="$TmpDir/admin_out_tpsenroll0069"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak024"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=0/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers024.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers024.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers024.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+
+
+        rlPhaseStartTest "pki_tps_enrollments-025: Audit messages are flushed to the log file for every given flush interval when log signing is enabled - PKI ticket 1006"
+        header_025="$TmpDir/header025"
+        local tps_out="$TmpDir/admin_out_tpsenroll0070"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak025"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers025.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers025.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers025.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+        #Wait for flush interval
+        rlRun "sleep 5"
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+
+
+
+        rlPhaseStartTest "pki_tps_enrollments-026: Audit messages are flushed to the log file for every given flush interval when log signing is enabled and flush interval is longer - PKI ticket 1006"
+        header_026="$TmpDir/header026"
+        local tps_out="$TmpDir/admin_out_tpsenroll0071"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak026"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers026.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers026.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers026.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+        #Wait for flush interval
+        rlRun "sleep 123"
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-027: Audit messages are flushed to the log file for every given flush interval when log signing is enabled and flush interval is 0 - PKI ticket 1006"
+        header_027="$TmpDir/header027"
+        local tps_out="$TmpDir/admin_out_tpsenroll0072"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak027"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers027.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers027.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers026.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-028: Audit messages are flushed to the log file for every given flush interval when log signing is enabled and RollingLogFile type - PKI ticket 1006"
+        header_028="$TmpDir/header028"
+        local tps_out="$TmpDir/admin_out_tpsenroll0073"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak028"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers028.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers028.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers028.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+        #Wait for flush interval
+        rlRun "sleep 5"
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-029: Audit messages are flushed to the log file for longer flush interval when log signing is enabled and RollingLogFile type - PKI ticket 1006"
+        header_029="$TmpDir/header029"
+        local tps_out="$TmpDir/admin_out_tpsenroll0074"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak029"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers029.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers029.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers029.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+        #Wait for flush interval
+        rlRun "sleep 123"
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-030: Audit messages are flushed to the log file when flush interval is 0 when log signing is enabled and RollingLogFile type - PKI ticket 1006"
+        header_030="$TmpDir/header030"
+        local tps_out="$TmpDir/admin_out_tpsenroll0075"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak030"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers030.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers030.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers030.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-031: Audit messages are flushed to the log file when flush interval is 5 when log signing is enabled, RollingLogFile type and buffer size is very small - PKI ticket 1006"
+        header_031="$TmpDir/header031"
+        local tps_out="$TmpDir/admin_out_tpsenroll0076"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak031"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers031.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers031.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers031.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+        #Wait for flush interval
+        rlRun "sleep 5"
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-032: Audit messages are flushed to the log file when flush interval is 5 when log signing is enabled, RollingLogFile type and buffer size is 0 - PKI ticket 1006"
+        header_032="$TmpDir/header032"
+        local tps_out="$TmpDir/admin_out_tpsenroll0077"
+        #Make tps CS.cfg audit log to write to the new partition
+                tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+                tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak032"
+                rlRun "cp $tps_conf $tps_conf_bak"
+                sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=0/g" $tps_conf
+                sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+                sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+                rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+                #Delete audit log file
+                audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+                #rlRun "rm -rf $audit_log"
+
+                rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        i=1
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers032.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers032.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        while [ $i -lt 5 ]; do
+        local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+        if [ $i -lt 10 ]; then
+                cuid="4000000000000000000$i"
+        else
+                cuid="400000000000000000$i"
+        fi
+        ldap_user=$(cat $TmpDir/ldapusers032.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+        /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        i=$((i+1))
+        done
+
+        #Wait for flush interval
+        rlRun "sleep 5"
+        #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+        rlAssertGrep "idmuser1" "$audit_log"
+        rlLog "https://fedorahosted.org/pki/ticket/1006"
+        rlLog "https://fedorahosted.org/pki/ticket/1007"
+        i=1
+        while [ $i -lt 5 ]; do
+                if [ $i -lt 10 ]; then
+                        cuid="4000000000000000000$i"
+                else
+                        cuid="400000000000000000$i"
+                fi
+                if [ $i -lt 10 ]; then
+                        ldap_user="idmuser$i"
+                else
+                        ldap_user="idmuser$i"
+                fi
+                gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+                /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+                rlRun "sleep 20"
+                rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+		rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+                rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+                i=$((i+1))
+        done
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        # restore CS.cfg
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-033: Edit the authenticator port - BZ 643446"
+        header_033="$TmpDir/header033"
+        local tps_out="$TmpDir/admin_out_tpsenroll0078"
+        local cuid="10000000000000000078"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Review the authenticator 1"
+        rlRun "curl --dump-header  $header_033 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/currentstate033"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+        rlAssertGrep "<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">$(eval echo \$${TPS_INST}_LDAP_PORT)" "$TmpDir/currentstate033"
+        rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate033"
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232"
+	# Remove the below when bug 1192232 is fixed
+        rlRun "curl --dump-header  $header_033 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate033"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+
+                rlRun "curl --dump-header  $header_033 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=disable > $TmpDir/changestate033"
+                rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+        rlLog "Download authenticator 1"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth033"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth033" 0 "Download authenticator ldap1"
+
+        rlLog "Set the authenticator port to 1234"
+        sed -i -e "s/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">$(eval echo \$${TPS_INST}_LDAP_PORT)/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">1234/g" $TmpDir/auth033
+        rlRun "curl --dump-header  $header_033 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/auth033 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/changeorder033"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+	#The server has to restarted because of https://bugzilla.redhat.com/show_bug.cgi?id=643446. Remove these lines once the bug is fixed. I am doing this because the further tests are failing if this not done.
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "curl --dump-header  $header_033 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate033"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+        rlAssertGrep "<Status>Enabled" "$TmpDir/changestate033"
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers033.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers033.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers033.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0078.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0078.test
+        /usr/bin/tpsclient < $TmpDir/enroll0078.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format033.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format033.test
+        /usr/bin/tpsclient < $TmpDir/format033.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+        #Revert back the change
+        rlRun "curl --dump-header  $header_033 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                       -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=disable > $TmpDir/changestate033"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+
+        sed -i -e "s/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">1234/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">$(eval echo \$${TPS_INST}_LDAP_PORT)/g" $TmpDir/auth033
+        rlRun "curl --dump-header  $header_033 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/auth033 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/changeorder033"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+	#The server has to restarted because of https://bugzilla.redhat.com/show_bug.cgi?id=643446. Remove these lines once the bug is fixed.
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "curl --dump-header  $header_033 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate033"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+        rlAssertGrep "<Status>Enabled" "$TmpDir/changestate033"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0078.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        /usr/bin/tpsclient < $TmpDir/format033.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-034: Delete authenticator"
+        header_034="$TmpDir/header034"
+        local tps_out="$TmpDir/admin_out_tpsenroll0079"
+        local cuid="10000000000000000079"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Review the authenticator 1"
+        rlRun "curl --dump-header  $header_034 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/currentstate034"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_034"
+        rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate034"
+                rlRun "curl --dump-header  $header_034 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=disable > $TmpDir/changestate034"
+                rlAssertGrep "HTTP/1.1 200 OK" "$header_034"
+        rlLog "Download authenticator 1"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth034"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth034" 0 "Download authenticator ldap1"
+
+        rlRun "curl --dump-header  $header_034 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/deleteauth034"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_034"
+        rlAssertNotGrep "ldap1" "$TmpDir/deleteauth034"
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers034.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers034.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers034.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0079.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0079.test
+        /usr/bin/tpsclient < $TmpDir/enroll0079.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format034.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format034.test
+        /usr/bin/tpsclient < $TmpDir/format034.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+        rlLog "Create a new authenticator 1"
+        rlRun "curl --dump-header  $header_034 \
+                       -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X POST \
+                        --data @$TmpDir/auth034 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators > $TmpDir/addauth034"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 201 Created" "$header_034"
+        rlAssertGrep "ldap1" "$TmpDir/addauth034"
+
+        rlRun "curl --dump-header  $header_034 \
+                    -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                    -X POST \
+                    -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate034"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_034"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0079.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        /usr/bin/tpsclient < $TmpDir/format034.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	#tps40 expects enrollment to fail when applet.delete_old is false but it is not so. Also seeing an internal server error during edit config param
+        rlPhaseStartTest "pki_tps_enrollments-035: Edit general configuration - BZ 1195895"
+        header_035="$TmpDir/header035"
+        local tps_out="$TmpDir/admin_out_tpsenroll0080"
+        local cuid="10000000000000000080"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Review general configuration"
+        rlRun "curl --dump-header  $header_035 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/config035"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_035"
+        rlAssertGrep "<Property name=\"applet.delete_old\">true" "$TmpDir/config035"
+        rlLog "Download general config"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-config-show --output $TmpDir/config035"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-config-show --output $TmpDir/config035" 0 "Download general configuration"
+
+        rlLog "Set applet.delete_old to false"
+        sed -i -e "s/<Property name=\"applet.delete_old\">true/<Property name=\"applet.delete_old\">false/g" $TmpDir/config035
+        rlRun "curl --dump-header  $header_035 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/config035 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/changeapplet035"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_035"
+        rlAssertGrep "<Property name=\"applet.delete_old\">false" "$TmpDir/changeapplet035"
+	rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1195895"
+        rlRun "curl --dump-header  $header_035 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/config035"
+
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_035"
+        rlAssertGrep "<Property name=\"applet.delete_old\">false" "$TmpDir/config035"
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers035.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers035.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers035.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0080.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0080.test
+        /usr/bin/tpsclient < $TmpDir/enroll0080.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format035.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format035.test
+        /usr/bin/tpsclient < $TmpDir/format035.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+        #Revert back the change
+
+        sed -i -e "s/<Property name=\"applet.delete_old\">false/<Property name=\"applet.delete_old\">true/g" $TmpDir/config035
+
+        rlRun "curl --dump-header  $header_035 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/config035 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/changeapplet035"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_035"
+        rlAssertGrep "<Property name=\"applet.delete_old\">true" "$TmpDir/changeapplet035"
+
+        rlRun "curl --dump-header  $header_035 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/config035"
+
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_035"
+        rlAssertGrep "<Property name=\"applet.delete_old\">true" "$TmpDir/config035"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0080.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        /usr/bin/tpsclient < $TmpDir/format035.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-036: Edit key recovery properties of userKey profile"
+        header_036="$TmpDir/header036"
+        local tps_out="$TmpDir/admin_out_tpsenroll0081"
+        local cuid="10000000000000000081"
+        local new_cuid="10000000000000000082"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Check the status of userKey Profile is Enabled"
+        rlRun "curl --dump-header  $header_036 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate036"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate036"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast" "$TmpDir/currentstate036"
+        rlLog "Download userKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile036"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile036" 0 "Download user key profile to a file"
+        rlLog "Agent disables the profile userKey"
+        rlRun "curl --dump-header  $header_036 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate036"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Edit the userKey Profile xml file by changing the keyRecovery scheme param"
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">GenerateNewKeyandRecoverLast/g" $TmpDir/userkey-profile036
+        rlLog "Edit userKey profile - changing the keyRecovery scheme param"
+        rlRun "curl --dump-header  $header_036 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile036 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize036"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize036"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Agent user approve and enable the profile"
+        rlRun "curl --dump-header  $header_036 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate036"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+        rlRun "curl --dump-header  $header_036 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate036"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">GenerateNewKeyandRecoverLast" "$TmpDir/currentstate036"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate036"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers036.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers036.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        local ldap_user=$(cat $TmpDir/ldapusers036.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0081.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0081.test
+        /usr/bin/tpsclient < $TmpDir/enroll0081.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token"
+        rlRun "curl --dump-header  $header_036 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate036"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+        rlRun "curl --dump-header  $header_036 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate036"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+        rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate036"
+
+        #Enroll a new token for the same user
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0082.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0082.test
+        /usr/bin/tpsclient < $TmpDir/enroll0082.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        #Verify there are 2 encryption certs
+
+        #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out"
+        #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out"
+        #numofentries=$(cat $TmpDir/tokencert.out | grep Token | wc -l)
+        #rlLog "$numofentries"
+        #if [ numofentries = 3 ]; then
+        #        rlPass "The token has 3 certificates"
+        #fi
+
+
+        #Add Damaged to format transition to CS.cfg
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak036"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=0:0,0:4,4:0,1:0/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test
+        /usr/bin/tpsclient < $TmpDir/format036.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format036.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format036.test
+        /usr/bin/tpsclient < $TmpDir/format036.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $new_cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+
+        #Revert back the changes
+
+        rlRun "curl --dump-header  $header_036 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate036"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">GenerateNewKeyandRecoverLast/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast/g" $TmpDir/userkey-profile036
+        rlLog "Edit userKey profile - changing the keyRecovery scheme param"
+        rlRun "curl --dump-header  $header_036 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile036 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize036"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize036"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Agent user approve and enable the profile"
+        rlRun "curl --dump-header  $header_036 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate036"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+        rlRun "curl --dump-header  $header_036 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate036"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast" "$TmpDir/currentstate036"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate036"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+
+        #Enroll a new token
+        cuid="10000000000000000083"
+        ldap_user=$(cat $TmpDir/ldapusers036.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0083.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0083.test
+        /usr/bin/tpsclient < $TmpDir/enroll0083.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        #Verify there are 3 certs - Find the certs on a token when a token ID is provided, feature does not exist
+
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out"
+        numofentries=$(cat $TmpDir/tokencert.out | grep Token | wc -l)
+        rlLog "$numofentries"
+        if [ numofentries = 2 ]; then
+                rlPass "Changes have been reverted successfully"
+        fi
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test
+        /usr/bin/tpsclient < $TmpDir/format036.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-037: Edit the params that determine the cert revocation in tokenKey profile - BZ 1192232"
+        header_037="$TmpDir/header037"
+        local tps_out="$TmpDir/admin_out_tpsenroll0084"
+        local cuid="10000000000000000084"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Check the status of tokenKey Profile is Enabled"
+        rlRun "curl --dump-header  $header_037 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/currentstate037"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+        rlAssertGrep "<Property name=\"op.format.tokenKey.revokeCert\">true" "$TmpDir/currentstate037"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate037"
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232"
+        # Remove the below when bug 1192232 is fixed
+        rlRun "curl --dump-header  $header_037 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=enable > $TmpDir/changestate037"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+
+        rlLog "Download tokenKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show tokenKey --output $TmpDir/tokenkey-profile037"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show tokenKey --output $TmpDir/tokenkey-profile037" 0 "Download user key profile to a file"
+        rlLog "Agent disables the profile tokenKey"
+        rlRun "curl --dump-header  $header_037 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=disable > $TmpDir/changestate037"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+        rlLog "Edit the tokenKey Profile xml file revokeCert property"
+        sed -i -e "s/<Property name=\"op.format.tokenKey.revokeCert\">true/<Property name=\"op.format.tokenKey.revokeCert\">false/g" $TmpDir/tokenkey-profile037
+        rlLog "Edit userKey profile - revokeCert parameter"
+        rlRun "curl --dump-header  $header_037 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/tokenkey-profile037 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/changekeysize037"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize037"
+        rlLog "Agent user approve and enable the profile"
+        rlRun "curl --dump-header  $header_037 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=approve > $TmpDir/changestate037"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+        rlRun "curl --dump-header  $header_037 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/currentstate037"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+        rlAssertGrep "<Property name=\"op.format.tokenKey.revokeCert\">false" "$TmpDir/currentstate037"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate037"
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers037.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers037.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers037.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test
+        /usr/bin/tpsclient < $TmpDir/enroll0084.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        #to check if there are encryption and signing certs - not complete
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+        serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 |  tr -d ' ')
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test
+        /usr/bin/tpsclient < $TmpDir/format037.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+        numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+        serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 |  tr -d ' ')
+        for j in ${serial[@]}; do
+                rlLog "$j"
+                rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j > $TmpDir/keysizecheck.out"
+                rlAssertGrep "Status: VALID" "$TmpDir/keysizecheck.out"
+        done
+
+        #Revert the changes
+
+        rlRun "curl --dump-header  $header_037 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=disable > $TmpDir/changestate037"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+        rlLog "Edit the tokenKey Profile xml file revokeCert property"
+        sed -i -e "s/<Property name=\"op.format.tokenKey.revokeCert\">false/<Property name=\"op.format.tokenKey.revokeCert\">true/g" $TmpDir/tokenkey-profile037
+        rlLog "Edit userKey profile - revokeCert parameter"
+        rlRun "curl --dump-header  $header_037 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/tokenkey-profile037 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/changekeysize037"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize037"
+        rlLog "Agent user approve and enable the profile"
+        rlRun "curl --dump-header  $header_037 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=approve > $TmpDir/changestate037"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+        rlRun "curl --dump-header  $header_037 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/currentstate037"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+        rlAssertGrep "<Property name=\"op.format.tokenKey.revokeCert\">true" "$TmpDir/currentstate037"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate037"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test
+        /usr/bin/tpsclient < $TmpDir/enroll0084.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test
+        /usr/bin/tpsclient < $TmpDir/format037.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-038: TPS operations.allowedTransitions - default configuration - Format an uninitialized token (0:0)"
+        header_038="$TmpDir/header038"
+        local tps_out="$TmpDir/admin_out_tpsenroll038"
+        local cuid="10000000000000000085"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers038.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers038.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers038.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Format an uninitialized token"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format038.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format038.test
+        /usr/bin/tpsclient < $TmpDir/format038.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+        rlPhaseEnd
+
+
+
+        rlPhaseStartTest "pki_tps_enrollments-039: TPS operations.allowedTransitions - default configuration - Enroll a formatted token (0:4)"
+        local cuid="10000000000000000085"
+        local tps_out="$TmpDir/admin_out_tpsenroll039"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test
+        /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format039.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format039.test
+        /usr/bin/tpsclient < $TmpDir/format039.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-040: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, format the token"
+        local cuid="10000000000000000085"
+        header_040="$TmpDir/header040"
+        local tps_out="$TmpDir/admin_out_tpsenroll040"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test
+        /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temporarily lost"
+        rlRun "curl --dump-header  $header_040 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate040"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_040"
+        rlRun "curl --dump-header  $header_040 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate040"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_040"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate040"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format040.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format040.test
+        /usr/bin/tpsclient < $TmpDir/format039.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Mark the token as found and then format"
+        rlRun "curl --dump-header  $header_040 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate040"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_040"
+        rlRun "curl --dump-header  $header_040 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate040"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_040"
+        rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate040"
+
+        /usr/bin/tpsclient < $TmpDir/format039.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-041: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, enroll the token"
+        local cuid="10000000000000000085"
+        header_041="$TmpDir/header041"
+        local tps_out="$TmpDir/admin_out_tpsenroll041"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test
+        /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temporarily lost"
+        rlRun "curl --dump-header  $header_041 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate041"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_041"
+        rlRun "curl --dump-header  $header_041 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate041"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_041"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate041"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Mark the token as found and then format"
+        rlRun "curl --dump-header  $header_041 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate041"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_041"
+        rlRun "curl --dump-header  $header_041 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate041"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_041"
+        rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate041"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format41.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format041.test
+        /usr/bin/tpsclient < $TmpDir/format041.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-042: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token issued, mark the temporary lost token to be permanently lost - format or enroll perm lost token"
+        local cuid="10000000000000000085"
+        local new_cuid="10000000000000000086"
+        header_042="$TmpDir/header042"
+        local tps_out="$TmpDir/admin_out_tpsenroll042"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test
+        /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temporarily lost"
+        rlRun "curl --dump-header  $header_042 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate042"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_042"
+        rlRun "curl --dump-header  $header_042 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate042"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_042"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate042"
+
+        #Enroll a new token for the same user
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0086.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0086.test
+        /usr/bin/tpsclient < $TmpDir/enroll0086.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Temporarily lost token is permanently lost"
+        rlRun "curl --dump-header  $header_042 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate042"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_042"
+        rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/changestate042"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format42.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format042.test
+        /usr/bin/tpsclient < $TmpDir/format042.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete permanently lost token"
+        rlRun "curl --dump-header  $header_042 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken042"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_042"
+
+        rlRun "curl --dump-header  $header_042 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken042"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_042"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken042"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format42.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format042.test
+        /usr/bin/tpsclient < $TmpDir/format042.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-043: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token is not issued, mark the temporary lost token to be permanently lost - format or enroll perm lost token"
+        local cuid="10000000000000000086"
+        header_043="$TmpDir/header043"
+        local tps_out="$TmpDir/admin_out_tpsenroll043"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0086.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0086.test
+        /usr/bin/tpsclient < $TmpDir/enroll0086.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temporarily lost"
+        rlRun "curl --dump-header  $header_043 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate043"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_043"
+        rlRun "curl --dump-header  $header_043 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate043"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_043"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate043"
+
+
+        rlLog "Change the state of the token - Temporarily lost token is permanently lost"
+        rlRun "curl --dump-header  $header_043 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate043"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_043"
+        rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/changestate043"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0086.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format43.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format043.test
+        /usr/bin/tpsclient < $TmpDir/format043.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+        #Cleanup
+        rlLog "Delete permanently lost token"
+        rlRun "curl --dump-header  $header_043 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken043"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_043"
+
+        rlRun "curl --dump-header  $header_043 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken043"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_043"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken043"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-044: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token is issued - format the temp token"
+        local cuid="10000000000000000087"
+        local new_cuid="10000000000000000088"
+        header_044="$TmpDir/header044"
+        local tps_out="$TmpDir/admin_out_tpsenroll044"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        #passwd="redhat"
+        #rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers044.ldif"
+        #rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers044.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        #ldap_user=$(cat $TmpDir/ldapusers044.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0087.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0087.test
+        /usr/bin/tpsclient < $TmpDir/enroll0087.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temporarily lost"
+        rlRun "curl --dump-header  $header_044 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate044"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_044"
+        rlRun "curl --dump-header  $header_044 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate044"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_044"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate044"
+
+
+        #Enroll a new token for the same user
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0087.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0087.test
+        /usr/bin/tpsclient < $TmpDir/enroll0087.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format44.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format044.test
+        /usr/bin/tpsclient < $TmpDir/format044.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete temporarily lost token"
+        rlRun "curl --dump-header  $header_044 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken044"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_044"
+
+        rlRun "curl --dump-header  $header_044 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken044"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_044"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken044"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-045: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token issued, mark the temporary lost token to be permanently lost - format the temp token"
+        local cuid="10000000000000000088"
+        local new_cuid="10000000000000000089"
+        header_045="$TmpDir/header045"
+        local tps_out="$TmpDir/admin_out_tpsenroll045"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temporarily lost"
+        rlRun "curl --dump-header  $header_045 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate045"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_045"
+        rlRun "curl --dump-header  $header_045 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate045"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_045"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate045"
+
+        #Enroll a new token for the same user
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+
+        rlLog "Change the state of the token - Temporarily lost token is permanently lost"
+        rlRun "curl --dump-header  $header_045 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate045"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_045"
+        rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/changestate045"
+
+        rlLog "Format the temporary token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format45.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format045.test
+        /usr/bin/tpsclient < $TmpDir/format045.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete permanently lost token"
+        rlRun "curl --dump-header  $header_045 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken045"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_045"
+
+        rlRun "curl --dump-header  $header_045 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken045"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_045"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken045"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-046: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, format the token"
+        local cuid="10000000000000000089"
+        header_046="$TmpDir/header046"
+        local tps_out="$TmpDir/admin_out_tpsenroll046"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to permanently lost"
+        rlRun "curl --dump-header  $header_046 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate046"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_046"
+        rlRun "curl --dump-header  $header_046 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate046"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_046"
+        rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate046"
+
+
+        rlLog "Format the token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format046.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format046.test
+        /usr/bin/tpsclient < $TmpDir/format046.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete permanently lost token"
+        rlRun "curl --dump-header  $header_046 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken046"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_046"
+
+        rlRun "curl --dump-header  $header_046 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken046"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_046"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken046"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-047: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, enroll the token"
+        local cuid="10000000000000000089"
+        header_047="$TmpDir/header047"
+        local tps_out="$TmpDir/admin_out_tpsenroll047"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to permanently lost"
+        rlRun "curl --dump-header  $header_047 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate047"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_047"
+        rlRun "curl --dump-header  $header_047 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate047"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_047"
+        rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate047"
+
+
+        rlLog "Enroll the token"
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete permanently lost token"
+        rlRun "curl --dump-header  $header_047 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken047"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_047"
+
+        rlRun "curl --dump-header  $header_047 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken047"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_047"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken047"
+        rlPhaseEnd
+
+
+
+rlPhaseStartTest "pki_tps_enrollments-048: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, format the token"
+        local cuid="10000000000000000089"
+        header_048="$TmpDir/header048"
+        local tps_out="$TmpDir/admin_out_tpsenroll048"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to physically damaged"
+        rlRun "curl --dump-header  $header_048 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate048"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_048"
+        rlRun "curl --dump-header  $header_048 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate048"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_048"
+        rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate048"
+
+        rlLog "Format the token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format048.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format048.test
+        /usr/bin/tpsclient < $TmpDir/format048.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete the damaged token"
+        rlRun "curl --dump-header  $header_048 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken048"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_048"
+
+        rlRun "curl --dump-header  $header_048 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken048"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_048"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken048"
+        rlPhaseEnd
+
+
+rlPhaseStartTest "pki_tps_enrollments-049: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, enroll the token"
+        local cuid="10000000000000000089"
+        header_049="$TmpDir/header049"
+        local tps_out="$TmpDir/admin_out_tpsenroll049"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to physically damaged"
+        rlRun "curl --dump-header  $header_049 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate049"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_049"
+        rlRun "curl --dump-header  $header_049 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate049"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_049"
+        rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate049"
+
+        rlLog "Enroll the token"
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete permanently lost token"
+        rlRun "curl --dump-header  $header_049 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken049"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_049"
+
+        rlRun "curl --dump-header  $header_049 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken049"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_049"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken049"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-050: TPS operations.allowedTransitions - Mark the Enrolled token terminated, format the token"
+        local cuid="10000000000000000089"
+        header_050="$TmpDir/header050"
+        local tps_out="$TmpDir/admin_out_tpsenroll050"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to terminated"
+        rlRun "curl --dump-header  $header_050 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate050"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_050"
+        rlRun "curl --dump-header  $header_050 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate050"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_050"
+        rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate050"
+
+        rlLog "Format the token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format050.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format050.test
+        /usr/bin/tpsclient < $TmpDir/format050.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete the terminated token"
+        rlRun "curl --dump-header  $header_050 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken050"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_050"
+
+        rlRun "curl --dump-header  $header_050 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken050"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_050"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken050"
+        rlPhaseEnd
+
+
+rlPhaseStartTest "pki_tps_enrollments-051: TPS operations.allowedTransitions - Mark the Enrolled token terminated, enroll the token"
+        local cuid="10000000000000000089"
+        header_051="$TmpDir/header051"
+        local tps_out="$TmpDir/admin_out_tpsenroll051"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temrinated"
+        rlRun "curl --dump-header  $header_051 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate051"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_051"
+        rlRun "curl --dump-header  $header_051 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate051"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_051"
+        rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate051"
+
+        rlLog "Enroll the token"
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete permanently lost token"
+        rlRun "curl --dump-header  $header_051 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken051"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_051"
+
+        rlRun "curl --dump-header  $header_051 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken051"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_051"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken051"
+        rlPhaseEnd
+        rlPhaseStartTest "pki_tps_enrollments-052: TPS operations.allowedTransitions - Mark the Enrolled token as physically damaged, temp token is issued"
+        local cuid="10000000000000000088"
+        local new_cuid="10000000000000000089"
+        header_052="$TmpDir/header052"
+        local tps_out="$TmpDir/admin_out_tpsenroll052"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to physically damaged"
+        rlRun "curl --dump-header  $header_052 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate052"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_052"
+        rlRun "curl --dump-header  $header_052 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate052"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_052"
+        rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate052"
+
+        #Enroll a new token for the same user
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+
+        #Cleanup
+        rlLog "Format the temporary token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format52.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format052.test
+        /usr/bin/tpsclient < $TmpDir/format052.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+
+        rlLog "Delete the damaged token"
+        rlRun "curl --dump-header  $header_052 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken052"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_052"
+
+        rlRun "curl --dump-header  $header_052 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken052"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_052"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken052"
+        rlPhaseEnd
+
+
+rlPhaseStartTest "pki_tps_enrollments-053: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, temp token is issued, temporarily lost token is found"
+        local cuid="10000000000000000088"
+        local new_cuid="10000000000000000089"
+        header_053="$TmpDir/header053"
+        local tps_out="$TmpDir/admin_out_tpsenroll053"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temporarily lost"
+        rlRun "curl --dump-header  $header_053 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate053"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_053"
+        rlRun "curl --dump-header  $header_053 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate053"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_053"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate053"
+
+        #Enroll a new token for the same user
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        rlLog "Change the state of the token - Temp lost to temp lost token found"
+        rlRun "curl --dump-header  $header_053 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate053"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_053"
+        rlRun "curl --dump-header  $header_053 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate053"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_053"
+        rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate053"
+
+        #Cleanup
+        rlLog "Format the original token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format53.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format053.test
+        /usr/bin/tpsclient < $TmpDir/format053.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlLog "Format the temporary token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format53.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format053.test
+        /usr/bin/tpsclient < $TmpDir/format053.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-054: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, no temp token is issued, temporarily lost token is found"
+        local cuid="10000000000000000088"
+        header_054="$TmpDir/header054"
+        local tps_out="$TmpDir/admin_out_tpsenroll054"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temporarily lost"
+        rlRun "curl --dump-header  $header_054 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate054"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_054"
+        rlRun "curl --dump-header  $header_054 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate054"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_054"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate054"
+
+        rlLog "Change the state of the token - Temp lost to temp lost token found"
+        rlRun "curl --dump-header  $header_054 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate054"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_054"
+        rlRun "curl --dump-header  $header_054 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate054"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_054"
+        rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate054"
+
+        #Cleanup
+        rlLog "Format the token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format54.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format054.test
+        /usr/bin/tpsclient < $TmpDir/format054.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+        rlPhaseEnd
+
+
+rlPhaseStartTest "pki_tps_enrollments-055: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, temp token is issued, temporarily lost token is terminated"
+        local cuid="10000000000000000088"
+        local new_cuid="10000000000000000089"
+        header_055="$TmpDir/header055"
+        local tps_out="$TmpDir/admin_out_tpsenroll055"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temporarily lost"
+        rlRun "curl --dump-header  $header_055 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate055"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_055"
+        rlRun "curl --dump-header  $header_055 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate055"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_055"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate055"
+
+        #Enroll a new token for the same user
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Temp lost to terminated"
+        rlRun "curl --dump-header  $header_055 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate055"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_055"
+        rlRun "curl --dump-header  $header_055 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate055"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_055"
+        rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate055"
+
+        #Cleanup
+
+        rlLog "Format the temporary token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format55.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format055.test
+        /usr/bin/tpsclient < $TmpDir/format055.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlLog "Delete the terminated token token"
+        rlRun "curl --dump-header  $header_055 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken055"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_055"
+
+        rlRun "curl --dump-header  $header_055 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken055"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_055"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken055"
+        rlPhaseEnd
+
+
+
+rlPhaseStartTest "pki_tps_enrollments-056: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, no temp token is issued, temporarily lost token is terminated"
+        local cuid="10000000000000000088"
+        header_056="$TmpDir/header056"
+        local tps_out="$TmpDir/admin_out_tpsenroll056"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temporarily lost"
+        rlRun "curl --dump-header  $header_056 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate056"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_056"
+        rlRun "curl --dump-header  $header_056 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate056"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_056"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate056"
+
+        rlLog "Change the state of the token - Temp lost to terminated"
+        rlRun "curl --dump-header  $header_056 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate056"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_056"
+        rlRun "curl --dump-header  $header_056 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate056"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_056"
+        rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate056"
+
+        #Cleanup
+
+        rlLog "Delete the terminated token token"
+        rlRun "curl --dump-header  $header_056 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken056"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_056"
+
+        rlRun "curl --dump-header  $header_056 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken056"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_056"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken056"
+
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-057: TPS operations.allowedTransitions - none set"
+        local cuid="10000000000000000088"
+        header_057="$TmpDir/header057"
+        local tps_out="$TmpDir/admin_out_tpsenroll0057"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlRun "curl --dump-header  $header_057 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken057"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_057"
+	foundcuid=$(cat $TmpDir/showToken057 | grep $cuid)
+        if [ -n "$foundcuid" ]; then
+                rlLog "Delete the token"
+        rlRun "curl --dump-header  $header_057 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken057"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_057"
+        rlRun "curl --dump-header  $header_057 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken057"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_057"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken057"
+        fi
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak057"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlLog "Format an uninitialized token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test
+        /usr/bin/tpsclient < $TmpDir/format057.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlLog "Format a formatted token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test
+        /usr/bin/tpsclient < $TmpDir/format057.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlPhaseEnd
+
+
+rlPhaseStartTest "pki_tps_enrollments-058: TPS operations.allowedTransitions - Re-enroll a token - Failure"
+        local cuid="10000000000000000088"
+        header_058="$TmpDir/header058"
+        local tps_out="$TmpDir/admin_out_tpsenroll058"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Re-enroll the above token to the same user"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        #Cleanup
+
+        rlLog "Format the enrolled token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format58.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format058.test
+        /usr/bin/tpsclient < $TmpDir/format058.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+        rlPhaseEnd
+rlPhaseStartTest "pki_tps_enrollments-059: TPS operations.allowedTransitions - Re-enroll a token - add transition 4:4 - Success"
+        local cuid="10000000000000000088"
+        header_059="$TmpDir/header059"
+        local tps_out="$TmpDir/admin_out_tpsenroll059"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak059"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,4:4/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Re-enroll the above token to the same user"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        #Cleanup
+
+        rlLog "Format the enrolled token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format59.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format059.test
+        /usr/bin/tpsclient < $TmpDir/format059.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-060: TPS operations.allowedTransitions - Re-enroll a token - add transition 4:4 - RE_ENROLL=NO - Failure"
+        local cuid="10000000000000000088"
+        header_060="$TmpDir/header060"
+        local tps_out="$TmpDir/admin_out_tpsenroll060"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak059"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,4:4/g" $tps_conf
+        sed -i -e "s/^tokendb.defaultPolicy=RE_ENROLL=YES/tokendb.defaultPolicy=RE_ENROLL=NO/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rlLog "$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tokendb.defaultPolicy)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers060.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers060.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers060.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Re-enroll the above token to the same user"
+
+        /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        #Cleanup
+
+        rlLog "Format the enrolled token"
+	rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format60.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format060.test
+        /usr/bin/tpsclient < $TmpDir/format060.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-061: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, format the token - Add transition 3:0"
+        local cuid="10000000000000000089"
+        header_061="$TmpDir/header061"
+        local tps_out="$TmpDir/admin_out_tpsenroll061"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak061"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,3:0/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers060.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers060.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers060.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temp lost"
+        rlRun "curl --dump-header  $header_061 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate061"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_061"
+        rlRun "curl --dump-header  $header_061 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate061"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_061"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate061"
+        rlLog "Format the token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format061.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format061.test
+        /usr/bin/tpsclient < $TmpDir/format061.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        #Cleanup
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-062: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, temp token issued, temp lost token is perm lost, format the perm lost token - Add transition 2:0"
+        local cuid="10000000000000000089"
+        local new_cuid="10000000000000000088"
+        header_062="$TmpDir/header062"
+        local tps_out="$TmpDir/admin_out_tpsenroll062"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak062"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:0/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers060.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers060.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers060.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temp lost"
+        rlRun "curl --dump-header  $header_062 \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate062"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_062"
+        rlRun "curl --dump-header  $header_062 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate062"
+        rlRun "sleep 5"
+rlAssertGrep "HTTP/1.1 200 OK" "$header_062"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate062"
+
+        #Enroll a new token for the same user
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Temp lost to perm lost"
+        rlRun "curl --dump-header  $header_062 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate062"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_062"
+        rlRun "curl --dump-header  $header_062 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate062"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_062"
+        rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate062"
+
+        rlLog "Format the perm lost token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format062.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format062.test
+        /usr/bin/tpsclient < $TmpDir/format062.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        #Cleanup
+
+        rlLog "Format the temp token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format062.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format062.test
+	/usr/bin/tpsclient < $TmpDir/format062.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-063: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, format the token - Add transition 2:0"
+        local cuid="10000000000000000089"
+        header_063="$TmpDir/header063"
+        local tps_out="$TmpDir/admin_out_tpsenroll063"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak063"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:0/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers063.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers063.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers063.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to permanently lost"
+        rlRun "curl --dump-header  $header_063 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate063"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_063"
+        rlRun "curl --dump-header  $header_063 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate063"
+        rlRun "sleep 5"
+rlAssertGrep "HTTP/1.1 200 OK" "$header_063"
+        rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate063"
+
+        rlLog "Format the token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format063.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format063.test
+        /usr/bin/tpsclient < $TmpDir/format063.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        #Cleanup
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-064: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, format the token - Add transition 1:0"
+        local cuid="10000000000000000089"
+        header_064="$TmpDir/header064"
+        local tps_out="$TmpDir/admin_out_tpsenroll064"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak064"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,1:0/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+         passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers064.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers064.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers064.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to permanently lost"
+        rlRun "curl --dump-header  $header_064 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate064"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_064"
+        rlRun "curl --dump-header  $header_064 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate064"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_064"
+        rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate064"
+
+
+        rlLog "Format the token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format064.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format064.test
+        /usr/bin/tpsclient < $TmpDir/format064.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        #Cleanup
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-065: TPS operations.allowedTransitions - Mark the Enrolled token terminated, format the token - Add transition 6:0"
+        local cuid="10000000000000000089"
+        header_065="$TmpDir/header065"
+        local tps_out="$TmpDir/admin_out_tpsenroll065"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak065"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,6:0/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers065.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers065.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers065.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to terminated"
+        rlRun "curl --dump-header  $header_065 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate065"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_065"
+        rlRun "curl --dump-header  $header_065 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate065"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_065"
+        rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate065"
+
+
+        rlLog "Format the token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format065.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format065.test
+        /usr/bin/tpsclient < $TmpDir/format065.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        #Cleanup
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-066: TPS operations.allowedTransitions and tokendb.defaultPolicy - none set - BZ 1196278"
+        local cuid="10000000000000000088"
+        header_066="$TmpDir/header066"
+        local tps_out="$TmpDir/admin_out_tpsenroll0066"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlRun "curl --dump-header  $header_066 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken066"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_066"
+        foundcuid=$(cat $TmpDir/showToken066 | grep $cuid)
+        if [ -n "$foundcuid" ]; then
+                rlLog "Delete the token"
+                rlRun "curl --dump-header  $header_066 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken066"
+                rlAssertGrep "HTTP/1.1 204 No Content" "$header_066"
+                rlRun "curl --dump-header  $header_066 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken066"
+                rlAssertGrep "HTTP/1.1 200 OK" "$header_066"
+                rlAssertNotGrep "$cuid" "$TmpDir/showToken066"
+        fi
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak066"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=/g" $tps_conf
+        sed -i -e "s/^tokendb.allowedTransitions=.*/tokendb.allowedTransitions=/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rlLog "Tokendb transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tokendb.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers066.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers066.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers066.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        rlLog "Format an uninitialized token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format066.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format066.test
+        /usr/bin/tpsclient < $TmpDir/format066.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlLog "Format a formatted token"
+
+        /usr/bin/tpsclient < $TmpDir/format066.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278#c2"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+	#rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-067: TPS operations.allowedTransitions - Mark the Enrolled token terminated, enroll the token - Add transition 6:4 - BZ 1196278"
+        local cuid="10000000000000000089"
+        header_067="$TmpDir/header067"
+        local tps_out="$TmpDir/admin_out_tpsenroll067"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak067"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,6:4/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers067.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers067.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers067.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        new_ldap_user=$(cat $TmpDir/ldapusers067.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to terminated"
+        rlRun "curl --dump-header  $header_067 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate067"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_067"
+        rlRun "curl --dump-header  $header_067 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate067"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_067"
+        rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate067"
+
+        rlLog "Enroll a the token for the same user"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "Enroll the token for a different user"
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278"
+
+        #Cleanup
+        rlLog "Delete the terminated token token"
+        rlRun "curl --dump-header  $header_067 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken067"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_067"
+
+        rlRun "curl --dump-header  $header_067 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken067"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_067"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken067"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+
+        new_ldap_user=$(cat $TmpDir/ldapusers067.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-068: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, enroll the token - Add transition 3:4 - BZ 1196308"
+        local cuid="10000000000000000089"
+        header_068="$TmpDir/header068"
+        local tps_out="$TmpDir/admin_out_tpsenroll068"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak068"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,3:4/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers068.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers068.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers068.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        new_ldap_user=$(cat $TmpDir/ldapusers068.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temp lost"
+        rlRun "curl --dump-header  $header_068 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate068"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_068"
+        rlRun "curl --dump-header  $header_068 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate068"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_068"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate068"
+
+        rlLog "Enroll the token for the same user"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196308"
+
+        rlLog "Enroll the token for a different user"
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete the terminated token token"
+        rlRun "curl --dump-header  $header_068 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken068"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_068"
+
+        rlRun "curl --dump-header  $header_068 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken068"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_068"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken068"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-069: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, temp token issued, temp lost token is perm lost, enroll the perm lost token - Add transition 2:4 - BZ 1196278"
+        local cuid="10000000000000000089"
+        local new_cuid="10000000000000000088"
+        header_069="$TmpDir/header069"
+        local tps_out="$TmpDir/admin_out_tpsenroll069"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak069"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:4/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers069.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers069.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers069.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        new_ldap_user=$(cat $TmpDir/ldapusers069.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to temp lost"
+        rlRun "curl --dump-header  $header_069 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate069"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_069"
+        rlRun "curl --dump-header  $header_069 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate069"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_069"
+        rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate069"
+
+        #Enroll a new token for the same user
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Temp lost to perm lost"
+        rlRun "curl --dump-header  $header_069 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate069"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_069"
+        rlRun "curl --dump-header  $header_069 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate069"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_069"
+        rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate069"
+
+        rlLog "Enroll the token for the same user"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "Enroll the token for a different user"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278"
+
+        #Cleanup
+
+        rlLog "Format the temp token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format069.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format069.test
+        /usr/bin/tpsclient < $TmpDir/format069.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlLog "Delete the perm lost token token"
+        rlRun "curl --dump-header  $header_069 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken069"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_069"
+
+        rlRun "curl --dump-header  $header_069 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken069"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_069"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken069"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $new_cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-070: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, enroll the token - Add transition 1:4 - BZ 1196278"
+        local cuid="10000000000000000089"
+        header_070="$TmpDir/header070"
+        local tps_out="$TmpDir/admin_out_tpsenroll070"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak070"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,1:4/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers070.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers070.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers070.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        new_ldap_user=$(cat $TmpDir/ldapusers070.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to physically damaged"
+        rlRun "curl --dump-header  $header_070 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate070"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_070"
+        rlRun "curl --dump-header  $header_070 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate070"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_070"
+        rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate070"
+
+        rlLog "Enroll the token for the same user"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        rlLog "Enroll the token for a different user"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test"
+	gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278"
+
+        #Cleanup
+        rlLog "Delete the damaged token"
+        rlRun "curl --dump-header  $header_070 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken070"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_070"
+
+        rlRun "curl --dump-header  $header_070 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken070"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_070"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken070"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+	rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-071: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, enroll the token - Add transition 2:4 - BZ 1196278"
+        local cuid="10000000000000000089"
+        header_071="$TmpDir/header071"
+        local tps_out="$TmpDir/admin_out_tpsenroll071"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+
+        transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak071"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:4/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers071.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers071.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers071.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        new_ldap_user=$(cat $TmpDir/ldapusers071.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        rlLog "Change the state of the token - Enrolled to physically damaged"
+        rlRun "curl --dump-header  $header_071 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate071"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_071"
+        rlRun "curl --dump-header  $header_071 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate071"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_071"
+        rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate071"
+
+        rlLog "Enroll the token for the same user"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278"
+
+        rlLog "Enroll the token for a different user"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        #Cleanup
+        rlLog "Delete the damaged token"
+        rlRun "curl --dump-header  $header_071 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken071"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_071"
+
+        rlRun "curl --dump-header  $header_071 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken071"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_071"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken071"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+
+	rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-072: Two Agent users approve the profile change at the same time"
+        header_073="$TmpDir/header073"
+        local tps_out="$TmpDir/admin_out_tpsenroll073"
+        local cuid="10000000000000000073"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers073.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers073.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers073.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Check the status of userKey Profile is Enabled"
+        rlRun "curl --dump-header  $header_073 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate073"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate073"
+        rlLog "Download userKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile073"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile073" 0 "Download user key profile to a file"
+        rlLog "Agent disables the profile userKey"
+        rlRun "curl --dump-header  $header_073 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate073"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile073
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile073
+        rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+        rlRun "curl --dump-header  $header_073 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile073 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize073"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize073"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Two Agent users approve and enable the profile"
+
+        username="Valid_TPS_Agent"
+        rlRun "pki -d $CERTDB_DIR \
+                          -n \"$valid_admin_cert\" \
+                          -c $CERTDB_DIR_PASSWORD \
+                          -h $tmp_tps_host \
+                          -t tps \
+                          -p $target_unsecure_port \
+                           user-add --fullName=\"$username\" $valid_agent1_cert" 0 "Add user $valid_agent1_cert to TPS"
+        rlRun "pki -d $CERTDB_DIR \
+                                   -n \"$valid_admin_cert\" \
+                                   -c $CERTDB_DIR_PASSWORD \
+                                   -h $tmp_tps_host \
+                                   -t tps \
+                                   -p $target_unsecure_port \
+                                    group-member-add \"TPS Agents\" $valid_agent1_cert" \
+                                    0 \
+                                    "Add user $valid_agent1_cert to TPS Agents"
+        local temp_file="$CERTDB_DIR/certrequest_001.xml"
+        rlRun "pki -d $CERTDB_DIR \
+                   -n \"$tmp_ca_admin\" \
+                   -c $CERTDB_DIR_PASSWORD \
+                   -h $tmp_tps_host \
+                   -t ca \
+                   -p $tmp_ca_port \
+                   cert-request-profile-show caUserCert --output $temp_file" \
+                   0 \
+                   "Enrollment Template for Profile caUserCert"
+        rlRun "generate_PKCS10 \"$CERTDB_DIR\"  \"$CERTDB_DIR_PASSWORD\" rsa 2048 \"$CERTDB_DIR/request_001.out\" \"CN=admin1V\" " 0 "generate PKCS10 certificate"
+        rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out"
+        rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out"
+        rlRun "dos2unix $CERTDB_DIR/request_001.out"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v 'pkcs10' $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $CERTDB_DIR/request_001.out)\" $temp_file" 0 "adding certificate request"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_uid']/Value\" -v $valid_agent1_cert $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_e']/Value\" -v $valid_agent1_cert@example.com $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_cn']/Value\" -v $username $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_ou']/Value\" -v Engineering $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_o']/Value\" -v Example $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_c']/Value\" -v US $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v $valid_agent1_cert $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v $valid_agent1_cert@example.com $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $temp_file"
+
+        subsystem=ca
+        rlLog "Executing: pki cert-request-submit  $temp_file"
+        rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-submit $temp_file > $CERTDB_DIR/certrequest.out" 0 "Executing pki cert-request-submit"
+        rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest.out"
+        rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest.out"
+        rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest.out"
+        rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest.out"
+        local request_id=`cat $CERTDB_DIR/certrequest.out | grep "Request ID:" | awk '{print $3}'`
+        rlLog "Request ID=$request_id"
+        rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestshow_001.out" 0 "Executing pki cert-request-show $request_id"
+        rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_001.out"
+        rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_001.out"
+        rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_001.out"
+        rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_001.out"
+
+        rlRun "pki -d $CERTDB_DIR \
+                   -n \"$tmp_ca_agent\" \
+                   -c $CERTDB_DIR_PASSWORD \
+                   -h $tmp_tps_host \
+                   -t ca \
+                   -p $tmp_ca_port \
+                   cert-request-review $request_id --action=approve > $CERTDB_DIR/certapprove_001.out" \
+                   0 \
+                  "CA agent approve the cert"
+        rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_001.out"
+        rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ca-cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_001.out" 0 "Executing pki cert-request-show $request_id"
+        rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+        rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+        rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+        rlAssertGrep "Certificate ID:" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+        local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_001.out | grep "Certificate ID:" | awk '{print $3}'`
+        rlLog "Cerificate Serial Number=$certificate_serial_number"
+
+        #Verify the certificate is valid
+        rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-show  $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_001.out" 0 "Executing pki cert-show $certificate_serial_number"
+        rlAssertGrep "Subject: UID=$valid_agent1_cert,E=$valid_agent1_cert@example.com,CN=$username,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_001.out"
+        rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_001.out"
+
+        rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_001.out > $CERTDB_DIR/validcert_001.pem"
+        rlRun "certutil -d $CERTDB_DIR -A -n $valid_agent1_cert -i $CERTDB_DIR/validcert_001.pem  -t "u,u,u""
+        rlRun "pki -d $CERTDB_DIR/ \
+                   -n \"$valid_admin_cert\" \
+                   -c $CERTDB_DIR_PASSWORD \
+                   -h $tmp_tps_host \
+                   -t tps \
+                   -p $target_unsecure_port \
+                   user-cert-add $valid_agent1_cert --input $CERTDB_DIR/validcert_001.pem  > $CERTDB_DIR/useraddcert_001.out" \
+                   0 \
+                  "Cert is added to the user $valid_agent1_cert"
+
+        echo "$valid_agent1_cert" > $TmpDir/commands073
+        echo "$valid_agent_cert" >> $TmpDir/commands073
+        rlRun "sleep 5"
+        rlRun "cat $TmpDir/commands073 | xargs -n2 -I % curl --dump-header  $header_073 -E \"%:$CERTDB_DIR_PASSWORD\" -X POST -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/xargs-result073" 0 "Two agents approves the profile change"
+        rlAssertGrep "Enabled" "$TmpDir/xargs-result073"
+        rlAssertGrep "Invalid action: approve" "$TmpDir/xargs-result073"
+	rlRun "sleep 10"
+        rlLog "Enroll a token"
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0073.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0073.test
+        /usr/bin/tpsclient < $TmpDir/enroll0073.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        #Revert the changes
+
+        rlRun "curl --dump-header  $header_073 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate073"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile073
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile073
+        rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+        rlRun "curl --dump-header  $header_073 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile073 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize073"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize073"
+
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Approve as an agent user"
+        rlRun "curl --dump-header  $header_073 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate073"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+
+        rlLog "Format a token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format073.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format073.test
+        /usr/bin/tpsclient < $TmpDir/format073.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+        rlRun "pki -d $CERTDB_DIR \
+                          -n \"$valid_admin_cert\" \
+                          -c $CERTDB_DIR_PASSWORD \
+                          -h $tmp_tps_host \
+                          -t tps \
+                          -p $target_unsecure_port \
+                           user-del $valid_agent1_cert" 0 "Delete user $valid_agent1_cert"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_tps_enrollments-073: Two Admin users edit the same params at the same time"
+        header_074="$TmpDir/header074"
+        local tps_out="$TmpDir/admin_out_tpsenroll074"
+        local cuid="10000000000000000074"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers074.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers074.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers074.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Check the status of userKey Profile is Enabled"
+        rlRun "curl --dump-header  $header_074 \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate074"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+        rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate074"
+        rlLog "Download userKey profile properties"
+        rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile074"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile074" 0 "Download user key profile to a file"
+        rlLog "Agent disables the profile userKey"
+        rlRun "curl --dump-header  $header_074 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate074"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile074
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile074
+        rlLog "Edit userKey profile - by two admin users"
+
+        username="Valid_TPS_Admin"
+        rlRun "pki -d $CERTDB_DIR \
+                          -n \"$valid_admin_cert\" \
+                          -c $CERTDB_DIR_PASSWORD \
+                          -h $tmp_tps_host \
+                          -t tps \
+                          -p $target_unsecure_port \
+                           user-add --fullName=\"$username\" $valid_admin1_cert" 0 "Add user $valid_admin1_cert to TPS"
+        rlRun "pki -d $CERTDB_DIR \
+                                   -n \"$valid_admin_cert\" \
+                                   -c $CERTDB_DIR_PASSWORD \
+                                   -h $tmp_tps_host \
+                                   -t tps \
+                                   -p $target_unsecure_port \
+                                    group-member-add \"Administrators\" $valid_admin1_cert" \
+                                    0 \
+                                    "Add user $valid_admin1_cert to Administrators"
+        local temp_file="$CERTDB_DIR/certrequest_001.xml"
+        rlRun "pki -d $CERTDB_DIR \
+                   -n \"$tmp_ca_admin\" \
+                   -c $CERTDB_DIR_PASSWORD \
+                   -h $tmp_tps_host \
+                   -t ca \
+                   -p $tmp_ca_port \
+                   cert-request-profile-show caUserCert --output $temp_file" \
+                   0 \
+                   "Enrollment Template for Profile caUserCert"
+        rlRun "generate_PKCS10 \"$CERTDB_DIR\"  \"$CERTDB_DIR_PASSWORD\" rsa 2048 \"$CERTDB_DIR/request_001.out\" \"CN=admin1V\" " 0 "generate PKCS10 certificate"
+        rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out"
+        rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out"
+        rlRun "dos2unix $CERTDB_DIR/request_001.out"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v 'pkcs10' $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $CERTDB_DIR/request_001.out)\" $temp_file" 0 "adding certificate request"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_uid']/Value\" -v $valid_admin1_cert $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_e']/Value\" -v $valid_admin1_cert@example.com $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_cn']/Value\" -v $username $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_ou']/Value\" -v Engineering $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_o']/Value\" -v Example $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_c']/Value\" -v US $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v $valid_admin1_cert $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v $valid_admin1_cert@example.com $temp_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $temp_file"
+        subsystem=ca
+        rlLog "Executing: pki cert-request-submit  $temp_file"
+        rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-submit $temp_file > $CERTDB_DIR/certrequest.out" 0 "Executing pki cert-request-submit"
+        rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest.out"
+        rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest.out"
+        rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest.out"
+        rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest.out"
+        local request_id=`cat $CERTDB_DIR/certrequest.out | grep "Request ID:" | awk '{print $3}'`
+        rlLog "Request ID=$request_id"
+        rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestshow_001.out" 0 "Executing pki cert-request-show $request_id"
+        rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_001.out"
+        rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_001.out"
+        rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_001.out"
+        rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_001.out"
+
+        rlRun "pki -d $CERTDB_DIR \
+                   -n \"$tmp_ca_agent\" \
+                   -c $CERTDB_DIR_PASSWORD \
+                   -h $tmp_tps_host \
+                   -t ca \
+                   -p $tmp_ca_port \
+                   cert-request-review $request_id --action=approve > $CERTDB_DIR/certapprove_001.out" \
+                   0 \
+                  "CA agent approve the cert"
+        rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_001.out"
+        rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ca-cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_001.out" 0 "Executing pki cert-request-show $request_id"
+        rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+        rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+        rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+        rlAssertGrep "Certificate ID:" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+        local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_001.out | grep "Certificate ID:" | awk '{print $3}'`
+        rlLog "Cerificate Serial Number=$certificate_serial_number"
+
+        #Verify the certificate is valid
+        rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-show  $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_001.out" 0 "Executing pki cert-show $certificate_serial_number"
+        rlAssertGrep "Subject: UID=$valid_admin1_cert,E=$valid_admin1_cert@example.com,CN=$username,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_001.out"
+        rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_001.out"
+
+        rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_001.out > $CERTDB_DIR/validcert_001.pem"
+        rlRun "certutil -d $CERTDB_DIR -A -n $valid_admin1_cert -i $CERTDB_DIR/validcert_001.pem  -t "u,u,u""
+        rlRun "pki -d $CERTDB_DIR/ \
+                   -n \"$valid_admin_cert\" \
+                   -c $CERTDB_DIR_PASSWORD \
+                   -h $tmp_tps_host \
+                   -t tps \
+                   -p $target_unsecure_port \
+                   user-cert-add $valid_admin1_cert --input $CERTDB_DIR/validcert_001.pem  > $CERTDB_DIR/useraddcert_001.out" \
+                   0 \
+                  "Cert is added to the user $valid_admin1_cert"
+
+
+        echo "$valid_admin1_cert" > $TmpDir/commands074
+        echo "$valid_admin_cert" >> $TmpDir/commands074
+        rlRun "sleep 5"
+        rlRun "cat $TmpDir/commands074 | xargs -n2 -I % curl --dump-header  $header_074 -E \"%:$CERTDB_DIR_PASSWORD\" -H \"Content-Type: application/xml\" -X PATCH --data @$TmpDir/userkey-profile074 -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/xargs-result074" 0 "Two admin users edit the profile"
+        rlAssertGrep "Unable to update profile userKey" "$TmpDir/xargs-result074"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/xargs-result074"
+        rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/xargs-result074"
+        rlAssertGrep "Pending_Approval" "$TmpDir/xargs-result074"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Agent approves the profile userKey"
+        rlRun "curl --dump-header  $header_074 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate074"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+        rlAssertGrep "Enabled" "$TmpDir/changestate074"
+	rlRun "sleep 10"
+        rlLog "Enroll a token"
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0074.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0074.test
+        /usr/bin/tpsclient < $TmpDir/enroll0074.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+        #Revert the changes
+
+        rlRun "curl --dump-header  $header_074 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate074"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile074
+        sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile074
+        rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+        rlRun "curl --dump-header  $header_074 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -H \"Content-Type: application/xml\" \
+                        -X PATCH \
+                        --data @$TmpDir/userkey-profile074 \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize074"
+        rlRun "sleep 5"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+        rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize074"
+
+        rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+        rlLog "Approve as an agent user"
+        rlRun "curl --dump-header  $header_074 \
+                        -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X POST \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate074"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+
+        rlLog "Format a token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format074.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format074.test
+        /usr/bin/tpsclient < $TmpDir/format074.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+	rlRun "pki -d $CERTDB_DIR \
+                          -n \"$valid_admin_cert\" \
+                          -c $CERTDB_DIR_PASSWORD \
+                          -h $tmp_tps_host \
+                          -t tps \
+                          -p $target_unsecure_port \
+                           user-del $valid_admin1_cert"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_tps_enrollments-074: TPS operations.allowedTransitions - random junk value - BZ 1196278"
+        local cuid="10000000000000000088"
+        header_072="$TmpDir/header072"
+        local tps_out="$TmpDir/admin_out_tpsenroll0072"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlRun "curl --dump-header  $header_072 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken072"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_072"
+        foundcuid=$(cat $TmpDir/showToken072 | grep $cuid)
+        if [ -n "$foundcuid" ]; then
+                rlLog "Delete the token"
+        rlRun "curl --dump-header  $header_072 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -X DELETE \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken072"
+        rlAssertGrep "HTTP/1.1 204 No Content" "$header_072"
+        rlRun "curl --dump-header  $header_072 \
+                        -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                        -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken072"
+        rlAssertGrep "HTTP/1.1 200 OK" "$header_072"
+        rlAssertNotGrep "$cuid" "$TmpDir/showToken072"
+        fi
+
+        tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+        tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak072"
+        rlRun "cp $tps_conf $tps_conf_bak"
+        sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=junk\$^@123&/g" $tps_conf
+        rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        passwd="redhat"
+        rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers072.ldif"
+        rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers072.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+        ldap_user=$(cat $TmpDir/ldapusers072.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+        new_ldap_user=$(cat $TmpDir/ldapusers072.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+        rlLog "Format an uninitialized token"
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format072.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format072.test
+        /usr/bin/tpsclient < $TmpDir/format072.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlLog "Format a formatted token"
+
+        /usr/bin/tpsclient < $TmpDir/format072.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+        rlLog "Enroll a formatted token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+        /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+        cuid="10000000000000000090"
+
+        rlLog "Enroll an uninitialized token"
+
+        rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0090.test"
+        gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0090.test
+        /usr/bin/tpsclient < $TmpDir/enroll0090.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+        rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278"
+
+        #Cleanup
+        rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/format072.test"
+        gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format072.test
+        /usr/bin/tpsclient < $TmpDir/format072.test > $tps_out 2>&1
+        rlRun "sleep 20"
+        rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+        rlRun "cp $tps_conf_bak $tps_conf"
+        rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+        rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "rm -rf $tps_conf_bak"
+        rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+	rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+        rlPhaseEnd
+
+
+	rlPhaseStartSetup "pki_console_acl-cleanup"
+	#Delete temporary directory
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlPhaseEnd
+}
diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh
index 69b3f5097..482b81b5f 100755
--- a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh
+++ b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh
@@ -38,6 +38,7 @@
 . /usr/bin/rhts-environment.sh
 . /usr/share/beakerlib/beakerlib.sh
 . /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
 . /opt/rhqa_pki/rhcs-install-shared.sh
 . /opt/rhqa_pki/env.sh
 
@@ -207,7 +208,7 @@ rhcs_install_kra() {
 
 	#Install and configure RHDS instance
         rlLog "Creating LDAP server Instance to configure KRA"
-        rlRun "rhds_install $(eval echo \$KRA${number}_LDAP_PORT) $(eval echo \$KRA${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$KRA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for KRA install" 0 "Install LDAP Instance"
+        rlRun "rhds_install $(eval echo \$KRA${number}_LDAP_PORT) $(eval echo \$KRA${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$KRA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for KRA install"
 
         #Install KRA
         rlLog "Creating KRA Instance"
@@ -343,7 +344,7 @@ rhcs_install_ocsp() {
         local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER)
 	#Install and configure RHDS instance
         rlLog "Creating LDAP server Instance to configure OCSP"
-        rlRun "rhds_install $(eval echo \$OCSP${number}_LDAP_PORT) $(eval echo \$OCSP${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$OCSP${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for OCSP install" 0 "Install LDAP Instance"
+        rlRun "rhds_install $(eval echo \$OCSP${number}_LDAP_PORT) $(eval echo \$OCSP${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$OCSP${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for OCSP install"
 
         #Install OCSP
         rlLog "Creating OCSP Instance"
@@ -460,19 +461,19 @@ rhcs_install_ocsp() {
 rhcs_install_tks() {
     rlPhaseStartTest "rhcs_install_tks - Install RHCS TKS Server"
         rlLog "$FUNCNAME"
-        local INSTANCECFG="/tmp/tks_instance.inf"
-        local INSTANCE_CREATE_OUT="/tmp/tks_instance_create.out"
-	local SUBSYSTEM_NAME=$(echo TKS${number})
-        rhcs_install_prep_disableFirewall
-        #Install and configure RHDS instance
-        rlLog "Creating LDAP server Instance to configure TKS"
-        rlRun "rhds_install $(eval echo \$TKS${number}_LDAP_PORT) $(eval echo \$TKS${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$TKS${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for TKS install" 0 "Install LDAP Instance"
 	local number=$1
         local master_hostname=$2
         local CA=$3
         local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-)
         local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER)
         local PKI_SECURITY_DOMAIN_PORT=$(eval echo \$${CA}_SECURE_PORT)
+        local INSTANCECFG="/tmp/tks_instance.inf"
+        local INSTANCE_CREATE_OUT="/tmp/tks_instance_create.out"
+	local SUBSYSTEM_NAME=$(echo TKS${number})
+        rhcs_install_prep_disableFirewall
+        #Install and configure RHDS instance
+        rlLog "Creating LDAP server Instance to configure TKS"
+        rlRun "rhds_install $(eval echo \$TKS${number}_LDAP_PORT) $(eval echo \$TKS${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$TKS${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for TKS install"
         #Install TKS
         rlLog "Creating TKS Instance"
                 rlLog "Setting up Dogtag TKS instance ............."
@@ -569,7 +570,7 @@ rhcs_install_tks() {
                 rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT"
                 exp_message5="The URL for the subsystem is:"
                 rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
-                exp_message5_1="https://$(hostname):$(eval echo \$${CA}_SECURE_PORT)/tks"
+                exp_message5_1="https://$(hostname):$(eval echo \$TKS${number}_SECURE_PORT)/tks"
                 rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
                # echo "export TKS_SERVER_ROOT=/var/lib/pki/$(eval echo \$TKS${number}_TOMCAT_INSTANCE_NAME)/tks" >> /opt/rhqa_pki/env.sh
 		mkdir -p $CLIENT_PKCS12_DIR
@@ -577,7 +578,137 @@ rhcs_install_tks() {
      rlPhaseEnd
 }
 
+###########################################################
+#              TPS INSTALL TESTS                         #
+###########################################################
+rhcs_install_tps() {
+    rlPhaseStartTest "rhcs_install_tps - Install RHCS TPS Server"
+        rlLog "$FUNCNAME"
+	local number=$1
+        local master_hostname=$2
+        local CA=$3
+        local KRA=$4
+        local TKS=$5
+        local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-)
+        local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER)
+        local PKI_SECURITY_DOMAIN_PORT=$(eval echo \$${CA}_SECURE_PORT)
+        local INSTANCECFG="/tmp/tps_instance.inf"
+        local INSTANCE_CREATE_OUT="/tmp/tps_instance_create.out"
+        local SUBSYSTEM_NAME=$(echo TPS${number})
+        rhcs_install_prep_disableFirewall
+        #Install and configure RHDS instance
+        rlLog "Creating LDAP server Instance to configure TPS"
+        rlRun "rhds_install $(eval echo \$TPS${number}_LDAP_PORT) $(eval echo \$TPS${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$TPS${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for TPS install"
+        #Install TPS
+        rlLog "Creating TPS Instance"
+                rlLog "Setting up Dogtag TPS instance ............."
+                echo "[DEFAULT]" > $INSTANCECFG
+                echo "pki_instance_name=$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG
+                echo "pki_https_port=$(eval echo \$TPS${number}_SECURE_PORT)" >> $INSTANCECFG
+                echo "pki_http_port=$(eval echo \$TPS${number}_UNSECURE_PORT)" >> $INSTANCECFG
+                echo "pki_ajp_port=$(eval echo \$TPS${number}_AJP_PORT)" >> $INSTANCECFG
+                echo "pki_tomcat_server_port=$(eval echo \$TPS${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG
+                echo "pki_user=$USER" >> $INSTANCECFG
+                echo "pki_group=$GROUP" >> $INSTANCECFG
+                echo "pki_audit_group=$GROUP_AUDIT" >> $INSTANCECFG
+                echo "pki_token_name=$ROOTCA_TOKEN_NAME" >> $INSTANCECFG
+                echo "pki_token_password=$ROOTCA_TOKEN_PASSWORD" >> $INSTANCECFG
+                echo "pki_client_pkcs12_password=$(eval echo \$TPS${number}_CLIENT_PKCS12_PASSWORD)" >> $INSTANCECFG
+                echo "pki_admin_password=$(eval echo \$TPS${number}_ADMIN_PASSWORD)" >> $INSTANCECFG
+
+                echo "[TPS]" >> $INSTANCECFG
+
+                echo "pki_subsytem_key_type=$(eval echo \$TPS${number}_SUBSYSTEM_KEY_TYPE)" >> $INSTANCECFG
+                echo "pki_subsystem_key_size=$(eval echo \$TPS${number}_SUBSYSTEM_KEY_SIZE)" >> $INSTANCECFG
+                echo "pki_subsystem_key_algorithm=$(eval echo \$TPS${number}_SUBSYSTEM_KEY_ALGORITHM)" >> $INSTANCECFG
+                echo "pki_subsystem_signing_algorithm=$(eval echo \$TPS${number}_SUBSYSTEM_SIGNING_ALGORITHM)" >> $INSTANCECFG
+                echo "pki_subsystem_token=$(eval echo \$TPS${number}_SUBSYSTEM_TOKEN )" >> $INSTANCECFG
+                echo "pki_subsystem_nickname=$(eval echo \$TPS${number}_SUBSYSTEM_CERT_NICKNAME)" >> $INSTANCECFG
+                echo "pki_subsystem_subject_dn=$(eval echo \$TPS${number}_SUBSYSTEM_SUBJECT_DN)" >> $INSTANCECFG
+                echo "pki_audit_signing_key_type=$(eval echo \$TPS${number}_AUDIT_SIGNING_KEY_TYPE)" >> $INSTANCECFG
+                echo "pki_audit_signing_key_size=$(eval echo \$TPS${number}_AUDIT_SIGNING_KEY_SIZE)" >> $INSTANCECFG
+                echo "pki_audit_signing_key_algorithm=$(eval echo \$TPS${number}_AUDIT_SIGNING_KEY_ALGORITHM)" >> $INSTANCECFG
+                echo "pki_audit_signing_signing_algorithm=$(eval echo \$TPS${number}_AUDIT_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG
+                echo "pki_audit_signing_token=$(eval echo \$TPS${number}_AUDIT_SIGNING_TOKEN)" >> $INSTANCECFG
+                echo "pki_audit_signing_nickname=$(eval echo \$TPS${number}_AUDIT_SIGNING_CERT_NICKNAME)" >> $INSTANCECFG
+		echo "pki_audit_signing_subject_dn=$(eval echo \$TPS${number}_AUDIT_SIGNING_SUBJECT_DN)" >> $INSTANCECFG
+                echo "pki_ssl_server_key_type=$(eval echo \$TPS${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG
+                echo "pki_ssl_server_key_size=$(eval echo \$TPS${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG
+                echo "pki_ssl_server_key_algorithm=$(eval echo \$TPS${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG
+                echo "pki_ssl_server_signing_algorithm=$(eval echo \$TPS${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG
+                echo "pki_ssl_server_token=$(eval echo \$TPS${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG
+                echo "pki_ssl_server_nickname=$(eval echo \$TPS${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG
+                echo "pki_ssl_server_subject_dn=$(eval echo \$TPS${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+
+                echo "pki_admin_name=$(eval echo \$TPS${number}_ADMIN_USER)" >> $INSTANCECFG
+                echo "pki_admin_uid=$(eval echo \$TPS${number}_ADMIN_USER)" >> $INSTANCECFG
+                echo "pki_admin_email=$(eval echo \$TPS${number}_ADMIN_EMAIL)" >> $INSTANCECFG
+                echo "pki_admin_dualkey=$(eval echo \$TPS${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG
+                echo "pki_admin_key_size=$(eval echo \$TPS${number}_ADMIN_KEY_SIZE)" >> $INSTANCECFG
+                echo "pki_admin_key_type=$(eval echo \$TPS${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG
+                echo "pki_admin_subject_dn=$(eval echo \$TPS${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG
+                echo "pki_admin_nickname=$(eval echo \$TPS${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG
+                echo "pki_import_admin_cert=$IMPORT_ADMIN_CERT_NONCA" >> $INSTANCECFG
+                echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
+                echo "pki_client_admin_cert_p12=$CLIENT_DIR/$(eval echo \$TPS${number}_ADMIN_CERT_NICKNAME).p12" >> $INSTANCECFG
+                echo "pki_issuing_ca_hostname=$master_hostname" >> $INSTANCECFG
+                echo "pki_issuing_ca_https_port=$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+                echo "pki_issuing_ca_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+		echo "pki_ca_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+		echo "pki_enable_server_side_keygen=$(eval echo \$TPS${number}_SERVER_KEYGEN)" >> $INSTANCECFG
+		echo "pki_kra_uri=https://$master_hostname:$(eval echo \$${KRA}_SECURE_PORT)" >> $INSTANCECFG
+		echo "pki_tks_uri=https://$master_hostname:$(eval echo \$${TKS}_SECURE_PORT)" >> $INSTANCECFG
+		echo "pki_authdb_hostname=$(eval echo \$TPS${number}_AUTHDB_HOST)" >> $INSTANCECFG
+		echo "pki_authdb_port=$(eval echo \$TPS${number}_LDAP_PORT)" >> $INSTANCECFG
+		echo "pki_authdb_basedn=$(eval echo \$TPS${number}_DB_SUFFIX)" >> $INSTANCECFG
+                echo "pki_backup_keys=$(eval echo \$${CA}_BACKUP)" >> $INSTANCECFG
+                echo "pki_backup_password=$(eval echo \$TPS${number}_BACKUP_PASSWORD)" >> $INSTANCECFG
+                echo "pki_client_database_dir=$(eval echo \$${CA}_CERTDB_DIR)" >> $INSTANCECFG
+                echo "pki_client_database_password=$(eval echo \$${CA}_CERTDB_DIR_PASSWORD)" >> $INSTANCECFG
+                echo "pki_client_database_purge=$CLIENT_DB_PURGE" >> $INSTANCECFG
+                echo "pki_security_domain_hostname=$master_hostname" >> $INSTANCECFG
+                echo "pki_security_domain_https_port=$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+                echo "pki_security_domain_user=$(eval echo \$${CA}_ADMIN_USER)" >> $INSTANCECFG
+                echo "pki_security_domain_password=$(eval echo \$${CA}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG
+                echo "pki_security_domain_name=$DOMAIN" >> $INSTANCECFG
+                echo "pki_ds_hostname=$LDAP_HOSTNAME" >> $INSTANCECFG
+                echo "pki_ds_ldap_port=$(eval echo \$TPS${number}_LDAP_PORT)" >> $INSTANCECFG
+                echo "pki_ds_bind_dn=$LDAP_ROOTDN" >> $INSTANCECFG
+                echo "pki_ds_password=$LDAP_ROOTDNPWD" >> $INSTANCECFG
+                echo "pki_ds_secure_connection=$SECURE_CONN" >> $INSTANCECFG
+                echo "pki_ds_remove_data=$REMOVE_DATA" >> $INSTANCECFG
+                echo "pki_ds_base_dn =$(eval echo \$TPS${number}_DB_SUFFIX)" >> $INSTANCECFG
+                echo "pki_ds_database=$(eval echo \$TPS${number}_LDAP_INSTANCE_NAME)" >> $INSTANCECFG
+                echo "pki_restart_configured_instance=$RESTART_INSTANCE" >> $INSTANCECFG
+                echo "pki_skip_configuration=$SKIP_CONFIG" >> $INSTANCECFG
+                echo "pki_skip_installation=$SKIP_INSTALL" >> $INSTANCECFG
+                echo "pki_enable_access_log=$ENABLE_ACCESS_LOG" >> $INSTANCECFG
+                echo "pki_enable_java_debugger=$ENABLE_JAVA_DEBUG" >> $INSTANCECFG
+                echo "pki_security_manager=$SECURITY_MANAGER" >> $INSTANCECFG
+                cat $INSTANCECFG
 
+                rlLog "EXECUTING: pkispawn -s TPS -f $INSTANCECFG -v "
+                rlRun "pkispawn -s TPS -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT  2>&1"
+                cat $INSTANCE_CREATE_OUT
+                exp_message1="Administrator's username:             $(eval echo \$TPS${number}_ADMIN_USER)"
+		rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT"
+                exp_message3_1="To check the status of the subsystem:"
+                rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT"
+                exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME).service"
+                rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT"
+                exp_message4_1="To restart the subsystem:"
+                rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT"
+                exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME).service"
+                rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT"
+                exp_message5="The URL for the subsystem is:"
+                rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
+                exp_message5_1="https://$(hostname):$(eval echo \$TKS${number}_SECURE_PORT)/tps"
+                rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
+               # echo "export TKS_SERVER_ROOT=/var/lib/pki/$(eval echo \$TKS${number}_TOMCAT_INSTANCE_NAME)/tks" >> /opt/rhqa_pki/env.sh
+                mkdir -p $CLIENT_PKCS12_DIR
+                mv /var/lib/pki/$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME)/alias/tps_backup_keys.p12 $CLIENT_PKCS12_DIR
+     rlPhaseEnd
+}
 
 rhcs_install_prep_disableFirewall() 
 {
@@ -604,7 +735,8 @@ rhcs_install_cloneCA()
         #Install and configure RHDS instance
         rlLog "Creating LDAP server Instance"
         rhcs_install_set_ldap_vars
-        rlRun "rhds_install $(eval echo \$CLONE_CA${number}_LDAP_PORT) $(eval echo \$CLONE_CA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${CA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance"
+	rlRun "mkdir /tmp/dummydir"
+        rlRun "rhds_install $(eval echo \$CLONE_CA${number}_LDAP_PORT) $(eval echo \$CLONE_CA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${CA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install"
 
         #Install CA
         rlLog "Creating CLONE CA Instance"
@@ -631,6 +763,8 @@ rhcs_install_cloneCA()
 		echo "pki_clone_repicate_schema=$REPLICATE_SCHEMA" >> $INSTANCECFG
 		echo "pki_clone_replication_security=$REPLICATION_SEC" >> $INSTANCECFG
 		echo "pki_clone_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+		echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG
+                echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG
 		echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
 		echo "[CA]" >> $INSTANCECFG
 
@@ -709,7 +843,7 @@ rhcs_install_SubCA(){
 	local SUBCA${number}_DOMAIN=`hostname -d`
 	rlLog "Creating LDAP server Instance"
         rhcs_install_set_ldap_vars
-        rlRun "rhds_install $(eval echo \$SUBCA${number}_LDAP_PORT) $(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$SUBCA${number}_LDAP_ROOTDN)\" $(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD) $(eval echo \$SUBCA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance"
+        rlRun "rhds_install $(eval echo \$SUBCA${number}_LDAP_PORT) $(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$SUBCA${number}_LDAP_ROOTDN)\" $(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD) $(eval echo \$SUBCA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install"
 	#Install eval echo $(eval echo $SUBCA${number} INSTANCE
                 rlLog "Setting up Dogtag SUBCA instance ............."
                 echo "[DEFAULT]" > $INSTANCECFG
@@ -734,9 +868,9 @@ rhcs_install_SubCA(){
 
                 echo "[CA]" >> $INSTANCECFG
 
-                echo "pki_subordinate=True" >> $INSTANCECFG     
-                echo "pki_admin_name=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
-                echo "pki_issuing_ca=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+		echo "pki_subordinate=True" >> $INSTANCECFG
+		echo "pki_admin_name=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
+		echo "pki_issuing_ca=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
                 echo "pki_admin_uid=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
                 echo "pki_admin_email=$(eval echo \$SUBCA${number}_ADMIN_EMAIL)" >> $INSTANCECFG
                 echo "pki_admin_dualkey=$(eval echo \$SUBCA${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG
@@ -851,7 +985,7 @@ rhcs_install_cloneKRA(){
         #Install and configure RHDS instance
         rlLog "Creating LDAP server Instance"
         rhcs_install_set_ldap_vars
-        rlRun "rhds_install $(eval echo \$CLONE_KRA${number}_LDAP_PORT) $(eval echo \$CLONE_KRA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_KRA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance"
+        rlRun "rhds_install $(eval echo \$CLONE_KRA${number}_LDAP_PORT) $(eval echo \$CLONE_KRA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_KRA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install"
 
         #Install KRA CLONE
         rlLog "Creating CLONE KRA Instance"
@@ -879,6 +1013,8 @@ rhcs_install_cloneKRA(){
                 echo "pki_clone_replication_clone_port=$(eval echo \$CLONE_KRA${number}_LDAP_PORT)" >> $INSTANCECFG
                 echo "pki_clone_replication_security=$REPLICATION_SEC" >> $INSTANCECFG
                 echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
+		echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG
+                echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG
 
                 echo "[KRA]" >> $INSTANCECFG
 
@@ -939,7 +1075,7 @@ rhcs_install_cloneKRA(){
 
 rhcs_install_cloneOCSP(){
 
-     rlPhaseStartTest  "rhcs_install_CLONEOCSP_only - Install RHCS CLONE OCSP SERVER"
+     rlPhaseStartTest  "rhcs_install_CLONEOCSP_only - Install RHCS CLONE OCSP SERVER - Ticket 1058"
         local INSTANCECFG="/tmp/cloneocsp_instance.inf"
         local INSTANCE_CREATE_OUT="/tmp/cloneocsp_instance_create.out"
         rlLog "$FUNCNAME"
@@ -954,7 +1090,8 @@ rhcs_install_cloneOCSP(){
         #Install and configure RHDS instance
         rlLog "Creating LDAP server Instance"
         rhcs_install_set_ldap_vars
-        rlRun "rhds_install $(eval echo \$CLONE_OCSP${number}_LDAP_PORT) $(eval echo \$CLONE_OCSP${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_OCSP}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance"
+	rlLog "$SUBSYSTEM_NAME"
+        rlRun "rhds_install $(eval echo \$CLONE_OCSP${number}_LDAP_PORT) $(eval echo \$CLONE_OCSP${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_OCSP}_DB_SUFFIX) $SUBSYSTEM_NAME > /tmp/ocspclone.out 2>&1" 0 "Installing RHDS instance for CLONE CA install"
 
         #Install OCSP CLONE
         rlLog "Creating CLONE OCSP Instance"
@@ -981,6 +1118,8 @@ rhcs_install_cloneOCSP(){
                 echo "pki_clone_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
                 echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
 		echo "pki_issuing_ca=https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG
+		#echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG
+                #echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG
 
                 echo "[OCSP]" >> $INSTANCECFG
                 
@@ -1036,13 +1175,11 @@ rhcs_install_cloneOCSP(){
                 exp_message5_1="https://$BEAKERCLONE:$(eval echo \$CLONE_OCSP${number}_SECURE_PORT)/ocsp"
                 rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
                 #echo "export OCSP_SERVER_ROOT=/var/lib/pki/$(eval echo \$CLONE_OCSP${number}_TOMCAT_INSTANCE_NAME)/ocsp" >> /opt/rhqa_pki/env.sh
+		rlLog "https://fedorahosted.org/pki/ticket/1058"
      rlPhaseEnd
 
 }
 
-
-
-
 rhcs_install_cloneTKS(){
 
      rlPhaseStartTest  "rhcs_install_clonetks_only - Install RHCS CLONE TKS Server BZ1165864"
@@ -1060,7 +1197,7 @@ rhcs_install_cloneTKS(){
         #Install and configure RHDS instance
         rlLog "Creating LDAP server Instance"
         rhcs_install_set_ldap_vars
-        rlRun "rhds_install $(eval echo \$CLONE_TKS${number}_LDAP_PORT) $(eval echo \$CLONE_TKS${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $TKS1_DB_SUFFIX $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE TKS install" 0 "Install LDAP Instance"
+        rlRun "rhds_install $(eval echo \$CLONE_TKS${number}_LDAP_PORT) $(eval echo \$CLONE_TKS${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $TKS1_DB_SUFFIX $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE TKS install"
 
         #Install CLONE TKS 
         rlLog "Creating CLONE TKS Instance"
@@ -1094,6 +1231,8 @@ rhcs_install_cloneTKS(){
                 echo "pki_security_domain_user=$(eval echo \$${CA}_ADMIN_USER)" >> $INSTANCECFG
                 echo "pki_security_domain_password=$(eval echo \$${CA}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG
                 echo "pki_security_domain_name=$DOMAIN" >> $INSTANCECFG
+		echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG
+                echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG
 
                 echo "[TKS]" >> $INSTANCECFG
 
@@ -1140,6 +1279,382 @@ rhcs_install_cloneTKS(){
                 rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
                 exp_message5_1="https://$(hostname):$(eval echo \$CLONE_TKS${number}_SECURE_PORT)/tks"
                 rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
+	rlPhaseEnd
+}
+
+rhcs_install_cloneTPS(){
+
+     rlPhaseStartTest  "rhcs_install_clonetps_only - Install RHCS CLONE TPS Server BZ1190184"
+        rlLog "Failing due to: https://bugzilla.redhat.com/show_bug.cgi?id=1190184"
+        local INSTANCECFG="/tmp/clonetps_instance.inf"
+        local INSTANCE_CREATE_OUT="/tmp/clonetps_instance_create.out"
+        rlLog "$FUNCNAME"
+        local DOMAIN='hostname -d'
+        rhcs_install_prep_disableFirewall
+        local number=$1
+        local master_hostname=$2
+        local CA=$3
+	local KRA=$4
+	local TKS=$5
+        local SUBSYSTEM_NAME=$(echo CloneTPS${number})
+        local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-)
+        #Install and configure RHDS instance
+        rlLog "Creating LDAP server Instance"
+        rhcs_install_set_ldap_vars
+        rlRun "rhds_install $(eval echo \$CLONE_TPS${number}_LDAP_PORT) $(eval echo \$CLONE_TPS${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $TPS1_DB_SUFFIX $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE TPS install"
+
+        #Install CLONE TPS
+        rlLog "Creating CLONE TPS Instance"
+                rlLog "Setting up Dogtag TPS CLONE Instance"
+                echo "[DEFAULT]" > $INSTANCECFG
+                echo "pki_instance_name=$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG
+                echo "pki_https_port=$(eval echo \$CLONE_TPS${number}_SECURE_PORT)" >> $INSTANCECFG
+                echo "pki_http_port=$(eval echo \$CLONE_TPS${number}_UNSECURE_PORT)" >> $INSTANCECFG
+                echo "pki_ajp_port=$(eval echo \$CLONE_TPS${number}_AJP_PORT)" >> $INSTANCECFG
+                echo "pki_tomcat_server_port=$(eval echo \$CLONE_TPS${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG
+                echo "pki_user=$(eval echo \$CLONE${number}_USER)" >> $INSTANCECFG
+                echo "pki_group=$(eval echo \$CLONE${number}_GROUP)" >> $INSTANCECFG
+                echo "pki_audit_group=$(eval echo \$CLONE${number}_GROUP_AUDIT)" >> $INSTANCECFG
+                echo "pki_token_name=$(eval echo \$CLONE_CA${number}_TOKEN_NAME)" >> $INSTANCECFG
+                echo "pki_token_password=$(eval echo \$CLONE_CA${number}_TOKEN_PASSWORD)" >> $INSTANCECFG
+                echo "pki_client_pkcs12_password=$(eval echo \$CLONE_CA${number}_CLIENT_PKCS12_PASSWORD)" >> $INSTANCECFG
+                echo "pki_issuing_ca=https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG
+                echo "pki_clone=True" >> $INSTANCECFG
+                echo "pki_clone_pkcs12_password=$TPS1_CLIENT_PKCS12_PASSWORD" >> $INSTANCECFG
+                echo "pki_clone_pkcs12_path=$CLIENT_PKCS12_DIR/tks_backup_keys.p12" >> $INSTANCECFG
+                echo "pki_clone_replication_master_port=$TPS1_LDAP_PORT" >> $INSTANCECFG
+                echo "pki_clone_replication_clone_port=$(eval echo \$CLONE_TPS${number}_LDAP_PORT)" >> $INSTANCECFG
+                echo "pki_clone_repicate_schema=$REPLICATE_SCHEMA" >> $INSTANCECFG
+                echo "pki_clone_replication_security=$REPLICATION_SEC" >> $INSTANCECFG
+                echo "pki_clone_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+                echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
+                echo "pki_ds_password=$(eval echo \$CLONE${number}_LDAP_ROOTDNPWD)" >> $INSTANCECFG
+                echo "pki_admin_password=$(eval echo \$CLONE_TPS${number}_ADMIN_PASSWORD)" >> $INSTANCECFG
+                echo "pki_security_domain_hostname=$master_hostname" >> $INSTANCECFG
+                echo "pki_security_domain_https_port=$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+                echo "pki_security_domain_user=$(eval echo \$${CA}_ADMIN_USER)" >> $INSTANCECFG
+                echo "pki_security_domain_password=$(eval echo \$${CA}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG
+                echo "pki_security_domain_name=$DOMAIN" >> $INSTANCECFG
+		echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG
+                echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG
+
+                echo "[TPS]" >> $INSTANCECFG
+		echo "pki_admin_name=$(eval echo \$CLONE_TPS${number}_ADMIN_USER)" >> $INSTANCECFG
+                echo "pki_admin_uid=$(eval echo \$CLONE_TPS${number}_ADMIN_USER)" >> $INSTANCECFG
+                echo "pki_admin_email=$(eval echo \$CLONE_TPS${number}_ADMIN_EMAIL)" >> $INSTANCECFG
+                echo "pki_admin_dualkey=$(eval echo \$CLONE_TPS${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG
+                echo "pki_admin_key_size=$(eval echo \$CLONE_TPS${number}_ADMIN_KEY_SIZE)" >> $INSTANCECFG
+                echo "pki_admin_key_type=$(eval echo \$CLONE_TPS${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG
+                echo "pki_admin_subject_dn=$(eval echo \$CLONE_TPS${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG
+                echo "pki_admin_nickname=$(eval echo \$CLONE_TPS${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG
+                echo "pki_ssl_server_key_type=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG
+                echo "pki_ssl_server_key_size=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG
+                echo "pki_ssl_server_key_algorithm=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG
+                echo "pki_ssl_server_signing_algorithm=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG
+                echo "pki_ssl_server_token=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG
+                echo "pki_ssl_server_nickname=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG
+                echo "pki_ssl_server_subject_dn=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+                echo "pki_import_admin_cert=$CLONE_ADMIN_IMPORT_CERT" >> $INSTANCECFG
+                echo "pki_client_admin_cert_p12=$CLIENT_DIR/$TPS1_ADMIN_CERT_NICKNAME.p12" >> $INSTANCECFG
+                echo "pki_ds_hostname=$(hostname)" >> $INSTANCECFG
+                echo "pki_ds_ldap_port=$(eval echo \$CLONE_TPS${number}_LDAP_PORT)" >> $INSTANCECFG
+                echo "pki_ds_bind_dn=$(eval echo \$CLONE${number}_LDAP_ROOTDN)" >> $INSTANCECFG
+                echo "pki_ds_secure_connection=$(eval echo \$CLONE_TPS${number}_SECURE_CONN)" >> $INSTANCECFG
+                echo "pki_ds_remove_data=$(eval echo \$CLONE_TPS${number}_REMOVE_DATA)" >> $INSTANCECFG
+                echo "pki_ds_base_dn=$TPS1_DB_SUFFIX" >> $INSTANCECFG
+                echo "pki_ds_database=$TPS1_LDAP_INSTANCE_NAME" >> $INSTANCECFG
+		echo "pki_ca_uri=https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG
+                echo "pki_enable_server_side_keygen=$(eval echo \$CLONE_TPS${number}_SERVER_KEYGEN)" >> $INSTANCECFG
+                echo "pki_kra_uri=https://$(hostname):$(eval echo \$CLONE_KRA${number}_SECURE_PORT)" >> $INSTANCECFG
+                echo "pki_tks_uri=https://$(hostname):$(eval echo \$CLONE_TKS${number}_SECURE_PORT)" >> $INSTANCECFG
+                echo "pki_authdb_hostname=$(eval echo \$CLONE_TPS${number}_DS_HOSTNAME)" >> $INSTANCECFG
+                echo "pki_authdb_port=$(eval echo \$CLONE_TPS${number}_LDAP_PORT)" >> $INSTANCECFG
+                echo "pki_authdb_basedn=$(eval echo \$TPS${number}_DB_SUFFIX)" >> $INSTANCECFG
+                cat $INSTANCECFG
+
+                rlLog "EXECUTING: pkispawn -s TPS -f $INSTANCECFG -v "
+                rlRun "pkispawn -s TPS -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT  2>&1"
+                cat $INSTANCE_CREATE_OUT
+                exp_message1="Administrator's username:             $(eval echo \$CLONE_TPS${number}_ADMIN_USER)"
+                rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT"
+                exp_message3_1="To check the status of the subsystem:"
+                rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT"
+                exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME).service"
+                rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT"
+                exp_message4_1="To restart the subsystem:"
+                rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT"
+                exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME).service"
+                rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT"
+                exp_message5="The URL for the subsystem is:"
+                rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
+                exp_message5_1="https://$(hostname):$(eval echo \$CLONE_TPS${number}_SECURE_PORT)/tks"
+                rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
      rlPhaseEnd
 }
+###########################################################
+#       CA SIGNED BY AN EXTERNAL CA TESTS                                  #
+###########################################################
+rhcs_install_CAwithExtCA() {
+	rlLog "Creating a CA signed by ROOTCA"
+	local INSTANCECFG="/tmp/subca_instance.inf"
+        local INSTANCE_CREATE_OUT="/tmp/subca_instance_create.out"
+        rlLog "$FUNCNAME"
+        local DOMAIN='hostname -d'
+        rhcs_install_prep_disableFirewall
+
+        #Install and configure RHDS instance 
+        local number=$1
+	local csr=$2
+	local admin_cert_location=$4
+	local client_pkcs12_password=$5
+	local admin_cert=$6
+	local tmp_host=$7
+        local SUBSYSTEM_NAME=$(echo SubCA${number})
+        local SUBCA${number}_DOMAIN=`hostname -d`
+	local cert_type=$3
+        rlLog "Creating LDAP server Instance"
+        rhcs_install_set_ldap_vars
+        rlRun "rhds_install $(eval echo \$SUBCA${number}_LDAP_PORT) $(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$SUBCA${number}_LDAP_ROOTDN)\" $(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD) $(eval echo \$SUBCA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install"
+        #Install eval echo $(eval echo $SUBCA${number} INSTANCE
+        rlLog "Setting up Dogtag SUBCA instance ............."
+        echo "[DEFAULT]" > $INSTANCECFG
+        echo "pki_instance_name=$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG
+        echo "pki_https_port=$(eval echo \$SUBCA${number}_SECURE_PORT)" >> $INSTANCECFG
+        echo "pki_http_port=$(eval echo \$SUBCA${number}_UNSECURE_PORT)" >> $INSTANCECFG
+        echo "pki_ajp_port=$(eval echo \$SUBCA${number}_AJP_PORT)" >> $INSTANCECFG
+        echo "pki_tomcat_server_port=$(eval echo \$SUBCA${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG
+        echo "pki_user=$(eval echo \$SUBCA${number}_USER)" >> $INSTANCECFG
+        echo "pki_group=$(eval echo \$SUBCA${number}_GROUP)" >> $INSTANCECFG
+        echo "pki_audit_group=$(eval echo \$SUBCA${number}_GROUP_AUDIT)" >> $INSTANCECFG
+        echo "pki_token_name=$(eval echo \$SUBCA${number}_TOKEN_NAME)" >> $INSTANCECFG
+        echo "pki_token_password=$(eval echo \$SUBCA${number}_TOKEN_PASSWORD)" >> $INSTANCECFG
+        echo "pki_client_pkcs12_password=$(eval echo \$SUBCA${number}_CLIENT_PKCS12_PASSWORD)" >> $INSTANCECFG
+        echo "pki_admin_password=$(eval echo \$SUBCA${number}_ADMIN_PASSWORD)" >> $INSTANCECFG
+        echo "pki_ds_password=$(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD)" >> $INSTANCECFG
+        echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
+        echo "pki_security_domain_hostname=$master_hostname" >> $INSTANCECFG
+        echo "pki_security_domain_https_port=$(eval echo \$SUBCA${number}_SECURE_PORT)" >> $INSTANCECFG
+        echo "pki_security_domain_user=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
+        echo "pki_security_domain_password=$(eval echo \$SUBCA${number}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG
+	echo "pki_security_domain_name=$(eval echo \$SUBCA${number}_DOMAIN)" >> $INSTANCECFG
+
+        echo "[CA]" >> $INSTANCECFG
+
+        echo "pki_external=True" >> $INSTANCECFG
+        echo "pki_external_csr_path=$csr" >> $INSTANCECFG
+        echo "pki_admin_name=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
+        echo "pki_admin_uid=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
+        echo "pki_admin_email=$(eval echo \$SUBCA${number}_ADMIN_EMAIL)" >> $INSTANCECFG
+        echo "pki_admin_dualkey=$(eval echo \$SUBCA${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG
+        echo "pki_admin_key_size=$(eval echo \$SUBCA${number}_ADMIN_KEY_SIZE)" >> $INSTANCECFG
+        echo "pki_admin_key_type=$(eval echo \$SUBCA${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG
+        echo "pki_admin_subject_dn=$(eval echo \$SUBCA${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG
+        echo "pki_admin_nickname=$(eval echo \$SUBCA${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG
+        echo "pki_import_admin_cert=$(eval echo \$SUBCA${number}_ADMIN_IMPORT_CERT)" >> $INSTANCECFG
+        echo "pki_client_admin_cert_p12=$CLIENT_DIR/$(eval echo \$SUBCA${number}_ADMIN_CERT_NICKNAME).p12" >> $INSTANCECFG
+        echo "pki_subsystem_key_type=$(eval echo \$SUBCA${number}_SUBSYSTEM_KEY_TYPE)" >> $INSTANCECFG
+        echo "pki_subsystem_key_size=$(eval echo \$SUBCA${number}_SUBYSTEM_KEY_SIZE)" >> $INSTANCECFG
+        echo "pki_subsystem_key_algorithm=$(eval echo \$SUBCA${number}_SUBSYSTEM_KEY_ALGORITHM)" >> $INSTANCECFG
+        echo "pki_subsystem_signing_algorithm=$(eval echo \$SUBCA${number}_SUBSYSTEM_SIGNING_ALGORITHM)" >> $INSTANCECFG
+        echo "pki_subsystem_token=$(eval echo \$SUBCA${number}_SUBSYSTEM_TOKEN)" >> $INSTANCECFG
+        echo "pki_subsystem_nickname=$(eval echo \$SUBCA${number}_SUBSYTEM_NICKNAME)" >> $INSTANCECFG
+        echo "pki_subsystem_subject_dn=$(eval echo \$SUBCA${number}_SUBSYSTEM_SUBJECT_DN)" >> $INSTANCECFG
+        echo "pki_ds_database=$(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME)" >> $INSTANCECFG
+        echo "pki_ca_signing_key_type=$(eval echo \$SUBCA${number}_KEY_TYPE)" >> $INSTANCECFG
+        echo "pki_ca_signing_key_size=$(eval echo \$SUBCA${number}_KEY_SIZE)" >> $INSTANCECFG
+        echo "pki_ca_signing_key_algorithm=$(eval echo \$SUBCA${number}_SIGNING_ALGORITHM)" >> $INSTANCECFG
+        echo "pki_ca_signing_signing_algorithm=$(eval echo \$SUBCA${number}_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG
+        echo "pki_ca_signing_token=$(eval echo \$SUBCA${number}_SIGNING_TOKEN)" >> $INSTANCECFG
+        echo "pki_ca_signing_nickname=$(eval echo \$SUBCA${number}_SIGNING_NICKNAME)" >> $INSTANCECFG
+        echo "pki_ca_signing_subject_dn=$(eval echo \$SUBCA${number}_SIGNING_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+        echo "pki_ocsp_signing_key_type=$(eval echo \$SUBCA${number}_OCSP_SIGNING_KEY_TYPE)" >> $INSTANCECFG
+        echo "pki_ocsp_signing_key_size=$(eval echo \$SUBCA${number}_OCSP_SIGNING_KEY_SIZE)" >> $INSTANCECFG
+        echo "pki_ocsp_signing_key_algorithm=$(eval echo \$SUBCA${number}_OCSP_SIGNING_KEY_ALGORITHM)" >> $INSTANCECFG
+        echo "pki_ocsp_signing_signing_algorithm=$(eval echo \$SUBCA${number}_OCSP_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG
+        echo "pki_ocsp_signing_token=$(eval echo \$SUBCA${number}_OCSP_SIGNING_TOKEN)" >> $INSTANCECFG
+        echo "pki_ocsp_signing_nickname=$(eval echo \$SUBCA${number}_OCSP_SIGNING_NICKNAME)" >> $INSTANCECFG
+        echo "pki_ocsp_signing_subject_dn=$(eval echo \$SUBCA${number}_OCSP_SIGNING_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+        echo "pki_audit_signing_key_type=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_KEY_TYPE)" >> $INSTANCECFG
+        echo "pki_audit_signing_key_size=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_KEY_SIZE)" >> $INSTANCECFG
+        echo "pki_audit_signing_key_algorithm=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_KEY_ALGORITHM)" >> $INSTANCECFG
+        echo "pki_audit_signing_signing_algorithm=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG
+        echo "pki_audit_signing_token=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_TOKEN)" >> $INSTANCECFG
+        echo "pki_audit_signing_nickname=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_NICKNAME)" >> $INSTANCECFG
+        echo "pki_audit_signing_subject_dn=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+        echo "pki_ssl_server_key_type=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG
+        echo "pki_ssl_server_key_size=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG
+        echo "pki_ssl_server_key_algorithm=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG
+        echo "pki_ssl_server_signing_algorithm=$(eval echo \$SUBCA${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG
+        echo "pki_ssl_server_token=$(eval echo \$SUBCA${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG
+        echo "pki_ssl_server_nickname=$(eval echo \$SUBCA${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG
+        echo "pki_ssl_server_subject_dn=$(eval echo \$SUBCA${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+        echo "pki_ds_hostname=$(eval echo \$SUBCA${number}_DS_HOSTNAME)" >> $INSTANCECFG
+        echo "pki_ds_ldap_port=$(eval echo \$SUBCA${number}_LDAP_PORT)" >> $INSTANCECFG
+        echo "pki_ds_bind_dn=$(eval echo \$SUBCA${number}_LDAP_ROOTDN)" >> $INSTANCECFG
+        echo "pki_ds_password=$(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD)" >> $INSTANCECFG
+        echo "pki_ds_secure_connection=$(eval echo \$SUBCA${number}_SECURE_CONN)" >> $INSTANCECFG
+        echo "pki_ds_remove_data=$(eval echo \$SUBCA${number}_REMOVE_DATA)" >> $INSTANCECFG
+        echo "pki_ds_base_dn=$(eval echo \$SUBCA${number}_DB_SUFFIX)" >> $INSTANCECFG
+        echo "pki_ds_database=$(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME)" >> $INSTANCECFG
+        echo "pki_backup_keys=$(eval echo \$SUBCA${number}_BACKUP)" >> $INSTANCECFG
+        echo "pki_backup_password=$(eval echo \$SUBCA${number}_BACKUP_PASSWORD)" >> $INSTANCECFG
+        echo "pki_client_database_dir=$(eval echo \$SUBCA${number}_CERTDB_DIR)" >> $INSTANCECFG
+        echo "pki_client_database_password=$(eval echo \$SUBCA${number}_CERTDB_DIR_PASSWORD)" >> $INSTANCECFG
+        echo "pki_client_database_purge=$(eval echo \$SUBCA${number}_CLIENT_DB_PURGE)" >> $INSTANCECFG
+        echo "pki_restart_configured_instance=$RESTART_INSTANCE" >> $INSTANCECFG
+		echo "pki_skip_configuration=$SKIP_CONFIG" >> $INSTANCECFG
+                echo "pki_skip_installation=$SKIP_INSTALL" >> $INSTANCECFG
+                echo "pki_enable_access_log=$ENABLE_ACCESS_LOG" >> $INSTANCECFG
+                echo "pki_enable_java_debugger=$ENABLE_JAVA_DEBUG" >> $INSTANCECFG
+                echo "pki_security_manager=$SECURITY_MANAGER" >> $INSTANCECFG
+                echo "export SUBCA${number}_DOMAIN=$(eval echo \$SUBCA${number}_DOMAIN)" >> /opt/rhqa_pki/env.sh
+                cat $INSTANCECFG
+		rlRun "cp $INSTANCECFG /tmp/subca.inf.bak"
 
+                rlLog "EXECUTING: pkispawn -s CA -f $INSTANCECFG -v "
+                rlRun "pkispawn -s CA -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT  2>&1"
+                rlRun "cat $INSTANCE_CREATE_OUT"
+                exp_message1="Administrator's username:             $(eval echo \$SUBCA${number}_ADMIN_USER)"
+                rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT"
+                #exp_message1_1="Administrator's PKCS #12 file:"
+                #rlAssertGrep "$exp_message1_1" "$INSTANCE_CREATE_OUT"
+                exp_message2="$(eval echo \$SUBCA${number}_DOMAIN)"
+                rlAssertGrep "$exp_message2" "$INSTANCE_CREATE_OUT"
+                exp_message3_1="To check the status of the subsystem:"
+                rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT"
+                exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service"
+                rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT"
+                exp_message4_1="To restart the subsystem:"
+                rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT"
+                exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service"
+                rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT"
+                exp_message5="The URL for the subsystem is:"
+                rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
+                exp_message5_1="https://$(hostname):$(eval echo \$SUBCA${number}_SECURE_PORT)/ca"
+                rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
+                #echo "export CA_SERVER_ROOT=/var/lib/pki/$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)/ca" >> /opt/rhqa_pki/env.sh
+                #mkdir -p $CLIENT_PKCS12_DIR
+                #mv /var/lib/pki/$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)/alias/ca_backup_keys.p12 $CLIENT_PKCS12_DIR
+
+		local TEMP_NSS_DB="/tmp/nssdb"
+                local TEMP_NSS_DB_PWD="Secret123"
+                if [ -d "$TEMP_NSS_DB" ]; then
+
+                rlLog "$TEMP_NSS_DB Directory exists"
+        else
+                rlLog "Creating Security Database"
+                rlRun "pki -d $TEMP_NSS_DB -c $TEMP_NSS_DB_PWD client-init" 0 "Initializing Security Database"
+                RETVAL=$?
+                if  [ $RETVAL != 0 ]; then
+                  rlLog "FAIL :: NSS Database was not created"
+                  return 1
+                fi
+        fi
+		if [ $cert_type = "Dogtag" ]; then
+	
+		local profile=caCACert
+                local rand=$RANDOM
+                local request_type="pkcs10"
+                local cn="New CA"
+                local uid="newca"
+                local email="newca@foobar.org"
+                local ou="Foo_Example_IT"
+                local org="FooBar.Org"
+                local state="North Carolina"
+                local location="Raleigh"
+                local country="US"
+                local cert_subject_file="/tmp/subfile"
+                rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $csr"
+                rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $csr"
+                echo -e "RequestType:$request_type" > $cert_subject_file
+                echo -e "CN:$cn" >> $cert_subject_file
+                echo -e "UID:$uid" >> $cert_subject_file
+        echo -e "Email:$email" >> $cert_subject_file
+        echo -e "OU:$ou" >> $cert_subject_file
+        echo -e "Org:$org" >> $cert_subject_file
+        echo -e "State:$state" >> $cert_subject_file
+        echo -e "Location:$location" >> $cert_subject_file
+        echo -e "Country:$country" >> $cert_subject_file
+        echo -e "Request_DN:$(eval echo \$SUBCA${number}_SIGNING_CERT_SUBJECT_NAME)" >> $cert_subject_file
+	        rlRun "pki -d $TEMP_NSS_DB \
+                -h $tmp_host \
+                -p $ROOTCA_UNSECURE_PORT \
+                -c $TEMP_NSS_DB_PWD \
+                cert-request-profile-show $profile \
+                 --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out"
+        rlRun "generate_xml $csr $cert_subject_file $TEMP_NSS_DB/$rand-profile.xml $profile"
+        rlRun "pki -h $tmp_host -p $ROOTCA_UNSECURE_PORT cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/pki-cert-request-submit.out" 0 "Submit request"
+        local REQUEST_ID=$(cat $TEMP_NSS_DB/pki-cert-request-submit.out  | grep "Request ID" | awk -F ": " '{print $2}')
+        rlAssertGrep "Request ID: $REQUEST_ID" "$TEMP_NSS_DB/pki-cert-request-submit.out"
+        rlAssertGrep "Type: enrollment"  "$TEMP_NSS_DB/pki-cert-request-submit.out"
+        rlAssertGrep "Request Status: pending" "$TEMP_NSS_DB/pki-cert-request-submit.out"
+        rlAssertGrep "Operation Result: success" "$TEMP_NSS_DB/pki-cert-request-submit.out"
+        rlLog "importP12FileNew $admin_cert_location $client_pkcs12_password $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert"
+        rlRun "importP12FileNew $admin_cert_location $client_pkcs12_password $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert" 0 "Import Admin certificate to $CERTDB_DIR"
+        rlRun "install_and_trust_CA_cert $ROOTCA_SERVER_ROOT $CERTDB_DIR"
+        rlRun "pki -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n \"$admin_cert\" \
+                -h $tmp_host \
+                -p $ROOTCA_UNSECURE_PORT \
+                ca-cert-request-review $REQUEST_ID \
+                --action approve 1> $TEMP_NSS_DB/$REQUEST_ID-pkcs10-approve-out" 0 "As $admin_cert Approve certificate request $REQUEST_ID"
+        rlAssertGrep "Approved certificate request $REQUEST_ID" "$TEMP_NSS_DB/$REQUEST_ID-pkcs10-approve-out"
+        rlRun "pki -p $ROOTCA_UNSECURE_PORT -h $tmp_host ca-cert-request-show $REQUEST_ID > $TEMP_NSS_DB/certrequestapprovedshow_001.out" 0 "Executing pki cert-request-show $REQUEST_ID"
+        rlAssertGrep "Request ID: $REQUEST_ID" "$TEMP_NSS_DB/certrequestapprovedshow_001.out"
+        rlAssertGrep "Type: enrollment" "$TEMP_NSS_DB/certrequestapprovedshow_001.out"
+        rlAssertGrep "Status: complete" "$TEMP_NSS_DB/certrequestapprovedshow_001.out"
+        rlAssertGrep "Certificate ID:" "$TEMP_NSS_DB/certrequestapprovedshow_001.out"
+        local certificate_serial_number=`cat $TEMP_NSS_DB/certrequestapprovedshow_001.out | grep "Certificate ID:" | awk '{print $3}'`
+        rlLog "Cerificate Serial Number=$certificate_serial_number"
+        rlRun "pki -h $tmp_host -p $ROOTCA_UNSECURE_PORT cert-show $certificate_serial_number --output $TEMP_NSS_DB/certb64.out" 0 "B64 of the certificate"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlRun "curl --basic --dump-header $TEMP_NSS_DB/header.out -d \"serialNumber=$certificate_serial_number\" -k \"http://$tmp_host:$ROOTCA_UNSECURE_PORT/ca/ee/ca/getCertChain\" > $TEMP_NSS_DB/b64certChain.out"
+        rlRun "sed -e '/-----BEGIN CERTIFICATE-----/d' -i $TEMP_NSS_DB/certb64.out"
+        rlRun "sed -e '/-----END CERTIFICATE-----/d' -i $TEMP_NSS_DB/certb64.out"
+        rlRun "sed -i -e 's/<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?><XMLResponse><Status>0<\/Status><ChainBase64>//g' -i $TEMP_NSS_DB/b64certChain.out"
+        rlRun "sed -i -e 's/<\/ChainBase64><\/XMLResponse>//g' -i $TEMP_NSS_DB/b64certChain.out"
+	else
+        rlLog "Use testplan to set up ADCS on MS Server and save the params in env.sh"
+        csr_string=$(cat $csr | tr -d '\n')
+        rlRun "curl -k --ntlm https://$MS_ipaddr/certsrv/certfnsh.asp -u \"$MS_username:$MS_password\" --data-urlencode CertRequest=\"$csr_string\" -d Mode=newreq -d SaveCert=yes -d CertAttrib=CertificateTemplate:SubCA > $TEMP_NSS_DB/msca_new_cert.out"
+        rlRun "sleep 5"
+        rlRun "cat $TEMP_NSS_DB/msca_new_cert.out | grep \"Download certificate:\" > $TEMP_NSS_DB/msca_new_cert1.out"
+        rlRun "sed -i -e 's/<LocID ID=locDownloadCert1>Download certificate: <\/LocID><A Href=\"certnew.cer?//g' $TEMP_NSS_DB/msca_new_cert1.out"
+        rlRun "sleep 5"
+        rlRun "sed -i -e 's/\&amp;Enc=bin\"><LocID ID=locDerEnc1>DER Encoded<\/LocID><\/A><LocID ID=locSep1>.*//g' $TEMP_NSS_DB/msca_new_cert1.out"
+        rlRun "sleep 5"
+        MS_newca_request_ID=$(cat $TEMP_NSS_DB/msca_new_cert1.out | grep "ReqID=" | cut -d= -f2)
+        rlLog "$MS_newca_request_ID"
+        rlRun "curl -k --ntlm https://$MS_ipaddr/certsrv/certnew.cer -G -d ReqID=$MS_newca_request_ID -d Enc-bin > $TEMP_NSS_DB/certb64.out"
+        rlRun "curl -k --ntlm https://$MS_ipaddr/certsrv/certnew.p7b -G -d ReqID=$MS_newca_request_ID -d Enc-bin > $TEMP_NSS_DB/b64certChain.out"
+        fi
+
+        rlLog "Preparing the config file for step 2 of pkispawn"
+                rlRun "sed -e '/pki_external_csr_path=.*/d' -i $INSTANCECFG"
+        echo "pki_external_ca_cert_chain_path=$TEMP_NSS_DB/b64certChain.out" >> $INSTANCECFG
+        echo "pki_external_ca_cert_path=$TEMP_NSS_DB/certb64.out" >> $INSTANCECFG
+        echo "pki_external_step_two=True" >> $INSTANCECFG
+
+        rlLog "EXECUTING: pkispawn -s CA -f $INSTANCECFG -v "
+                rlRun "pkispawn -s CA -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT  2>&1"
+                rlRun "cat $INSTANCE_CREATE_OUT"
+                exp_message1="Administrator's username:             $(eval echo \$SUBCA${number}_ADMIN_USER)"
+                rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT"
+                exp_message1_1="Administrator's PKCS #12 file:"
+                rlAssertGrep "$exp_message1_1" "$INSTANCE_CREATE_OUT"
+                exp_message2="$(eval echo \$SUBCA${number}_DOMAIN)"
+                rlAssertGrep "$exp_message2" "$INSTANCE_CREATE_OUT"
+                exp_message3_1="To check the status of the subsystem:"
+                rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT"
+                exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service"
+                rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT"
+                exp_message4_1="To restart the subsystem:"
+                rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT"
+                exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service"
+                rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT"
+                exp_message5="The URL for the subsystem is:"
+                rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
+                exp_message5_1="https://$(hostname):$(eval echo \$SUBCA${number}_SECURE_PORT)/ca"
+		rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
+}
diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh
index aeefdd1a1..dae68ac0e 100755
--- a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh
+++ b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh
@@ -74,6 +74,7 @@ run_rhcs_install_packages() {
 	#####################################################################
 		yum clean all
 		yum -y update
+		yum -y install wget
 		#CA install
 		rc=0
 		rlLog "CA instance will be installed on $HOSTNAME"
@@ -148,48 +149,55 @@ run_install_subsystem_RootCA()
 }
 
 #KRA Install
+
 run_install_subsystem_kra() {
-	rlPhaseStartSetup "rhcs_install_subsystem_kra: Default install"
-		rlLog "KRA instance will be installed on $HOSTNAME"
-		rc=0
- 		number=$1
+        rlPhaseStartSetup "rhcs_install_subsystem_kra: Default install"
+                rlLog "KRA instance will be installed on $HOSTNAME"
+                rc=0
+                number=$1
                 master_hostname=$2
                 CA=$3
-		rpm -qa | grep pki-kra
-		if [ $? -eq 0 ] ; then
-			rlLog "pki-kra package is installed"
-	        else
-			rlLog "ERROR: $item package is NOT installed"
-			rc=1
-		fi
+                KRA="KRA${number}"
+                eval ${KRA}_INSTALLED=TRUE
+                rpm -qa | grep pki-kra
+                if [ $? -eq 0 ] ; then
+                        rlLog "pki-kra package is installed"
+                else
+                        rlLog "ERROR: $item package is NOT installed"
+                        rc=1
+                        eval ${KRA}_INSTALLED=FALSE
+                fi
 
-		if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
-			rhcs_install_kra $number $master_hostname $CA
-		fi
-	rlPhaseEnd
+                if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
+                        rhcs_install_kra $number $master_hostname $CA
+                fi
+        rlPhaseEnd
 }
 
 #OCSP install
+
 run_install_subsystem_ocsp() {
-	rlPhaseStartSetup "rhcs_install_subsystem_ocsp: Default install"
-		rlLog "OCSP instance will be installed on $HOSTNAME"
-		rc=0
-		number=$1
+        rlPhaseStartSetup "rhcs_install_subsystem_ocsp: Default install"
+                rlLog "OCSP instance will be installed on $HOSTNAME"
+                rc=0
+                number=$1
                 master_hostname=$2
                 CA=$3
-		rpm -qa | grep pki-ocsp 
-		if [ $? -eq 0 ] ; then
-			rlLog "pki-ocsp package is installed"
+                rpm -qa | grep pki-ocsp
+                if [ $? -eq 0 ] ; then
+                        rlLog "pki-ocsp package is installed"
                 else
-			rlLog "ERROR: $item package is NOT installed"
-			rc=1
-		fi
+                        rlLog "ERROR: $item package is NOT installed"
+                        rc=1
+                        OCSP3_INSTALLED=FALSE
+                fi
 
-		if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
-			rhcs_install_ocsp $number $master_hostname $CA
-		fi
-	rlPhaseEnd
+                if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
+                        rhcs_install_ocsp $number $master_hostname $CA
+                fi
+        rlPhaseEnd
 }
+
 		
 #RA install
 #rlLog "RA instance will be installed on $HOSTNAME"
@@ -217,49 +225,53 @@ run_install_subsystem_ocsp() {
 
 #TKS install
 run_install_subsystem_tks() {
-	rlPhaseStartSetup "rhcs_install_subsystem_tks: Default install"
-		rlLog "TKS instance will be installed on $HOSTNAME"
-		rc=0
-		number=$1
+        rlPhaseStartSetup "rhcs_install_subsystem_tks: Default install"
+                rlLog "TKS instance will be installed on $HOSTNAME"
+                rc=0
+                number=$1
                 master_hostname=$2
                 CA=$3
-		rpm -qa | grep pki-tks
+                TKS="TKS${number}"
+                eval ${TKS}_INSTALLED=TRUE
+                rpm -qa | grep pki-tks
                 if [ $? -eq 0 ] ; then
-			rlLog "pki-tks package is installed"
+                        rlLog "pki-tks package is installed"
                 else
                         rlLog "ERROR: $item package is NOT installed"
-			rc=1
+                        rc=1
+                        eval ${TKS}_INSTALLED=FALSE
                 fi
 
-		if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
-			rlLog "Installing TKS"
-			rhcs_install_tks $number $master_hostname $CA
-		fi
-	rlPhaseEnd
+                if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
+                        rlLog "Installing TKS"
+                        rhcs_install_tks $number $master_hostname $CA
+                fi
+        rlPhaseEnd
 }
-		#TPS install
-		#rlLog "TPS instance will be installed on $HOSTNAME"
-		#rc=0
-                #yum -y install $COMMON_SERVER_PACKAGES
-                #yum -y install $TPS_SERVER_PACKAGES
-			#ALL_PACKAGES="$COMMON_SERVER_PACKAGES $DOGTAG_PACKAGES"
-                        #for item in $ALL_PACKAGES ; do
-				#rpm -qa | grep $item
-                                #if [ $? -eq 0 ] ; then
-					#rlLog "$item package is installed"
-                                #else
-					#rlLog "ERROR: $item package is NOT installed"
-					#rc=1
-                                #fi
-                        #done
 
-		#if [ $rc -eq 0 ] ; then
-			#rlLog "Installing TPS"
-			#rhcs_install_tps
-		#fi
-	#else
-		#rlLog "Machine in recipe is not a MASTER"
-	#fi
+#TPS install
+run_install_subsystem_tps() {
+        rlPhaseStartSetup "rhcs_install_subsystem_tps: Default install"
+                rlLog "TPS instance will be installed on $HOSTNAME"
+                rc=0
+                number=$1
+                master_hostname=$2
+                CA=$3
+                KRA=$4
+                TKS=$5
+                rpm -qa | grep pki-tks
+                if [ $? -eq 0 ] ; then
+                        rlLog "$item package is installed"
+                else
+                        rlLog "ERROR: $item package is NOT installed"
+                        rc=1
+                fi
+                if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ] && [ $(eval echo \$${KRA}_INSTALLED) = "TRUE" ] && [ $(eval echo \$${TKS}_INSTALLED) = "TRUE" ] ; then
+                        rlLog "Installing TPS"
+                        rhcs_install_tps $number $master_hostname $CA $KRA $TKS
+                fi
+        rlPhaseEnd
+}
 
 #####################SUBCA######################
 ################################################
@@ -402,4 +414,27 @@ run_install_subsystem_cloneTKS(){
                 fi
 	rlPhaseEnd
 }
+#CLONE TPS install
+run_install_subsystem_cloneTPS(){
+        rlPhaseStartSetup "rhcs_install_subsystem_clonetps: Default install"
+                rlLog "Clone TPS instance will be installed on $HOSTNAME"
+                rc=0
+                number=$1
+                master_hostname=$2
+                CA=$3
+                KRA=$4
+                TKS=$5
+                rpm -qa | grep pki-tps
+                if [ $? -eq 0 ] ; then
+                        rlLog "pki-tps package is installed"
+                else
+                        rlLog "ERROR: pki-tps package is NOT installed"
+                        rc=1
+                fi
 
+                if [ $rc -eq 0 ] ; then
+                        rlLog "Installing TPS"
+                        rhcs_install_cloneTPS $number $master_hostname $CA $KRA $TKS
+                fi
+        rlPhaseEnd
+}
diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh
index 6dccf289b..8c742420e 100755
--- a/tests/dogtag/runtest.sh
+++ b/tests/dogtag/runtest.sh
@@ -221,12 +221,17 @@
 . ./acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh
 . ./acceptance/legacy/ocsp-tests/agent/ocsp-ag-tests.sh
 . ./acceptance/legacy/tks-tests/usergroups/tks-ad-usergroups.sh
+. ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh
 . ./acceptance/legacy/tks-tests/logs/tks-ad-logs.sh
 . ./acceptance/legacy/tks-tests/internaldb/tks-ad-internaldb.sh
-. ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh
 . ./acceptance/legacy/ipa-tests/ipa_backend_plugin.sh
-. ./acceptance/legacy/clone_ca_tests/clone_tests.sh
 . ./acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh
+. ./acceptance/legacy/clone_ca_tests/clone_tests.sh
+. ./acceptance/install-tests/ca-installer.sh
+. ./acceptance/install-tests/kra-installer.sh
+. ./acceptance/install-tests/ocsp-installer.sh
+. ./acceptance/install-tests/tks-installer.sh
+. ./acceptance/install-tests/tps-installer.sh
 . ./acceptance/bugzilla/bug_setup.sh
 . ./acceptance/bugzilla/bug_uninstall.sh
 . ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh
@@ -283,40 +288,18 @@ rlJournalStart
 	KRA_INST=$(cat /tmp/topo_file | grep MY_KRA | cut -d= -f2)
 	OCSP_INST=$(cat /tmp/topo_file | grep MY_OCSP | cut -d= -f2)
         TKS_INST=$(cat /tmp/topo_file | grep MY_TKS | cut -d= -f2)
+	TPS_INST=$(cat /tmp/topo_file | grep MY_TPS | cut -d= -f2)
 
         if [ "$QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ] ; then
 		run_rhcs_set_time 
 		run_rhcs_install_set_vars
 		run_rhcs_install_quickinstall
-		#Set-up role users
-		get_topo_stack $MYROLE /tmp/topo_file
-	        CA_INST=$(cat /tmp/topo_file | grep MY_CA | cut -d= -f2)
-		rlLog "Subsystem ID CA=$CA_INST"
-		run_pki-user-cli-role-user-create-tests $CA_INST ca $MYROLE
-	        KRA_INST=$(cat /tmp/topo_file | grep MY_KRA | cut -d= -f2)
-		rlLog "Subsystem ID KRA=$KRA_INST"
-		run_pki-user-cli-role-user-create-tests $KRA_INST kra $MYROLE
-		OCSP_INST=$(cat /tmp/topo_file | grep MY_OCSP | cut -d= -f2)
-                rlLog "Subsystem ID OCSP=$OCSP_INST"
-                run_pki-user-cli-role-user-create-tests $OCSP_INST ocsp $MYROLE
-                TKS_INST=$(cat /tmp/topo_file | grep MY_TKS | cut -d= -f2)
-                rlLog "Subsystem ID TKS=$TKS_INST"
-                run_pki-user-cli-role-user-create-tests $TKS_INST tks $MYROLE
-                SUBCA_INST=$(cat /tmp/topo_file | grep MY_SUBCA | cut -d= -f2)
-                rlLog "Subsystem ID SUBCA=$SUBCA_INST"
-                run_pki-user-cli-role-user-create-tests $SUBCA_INST ca $MYROLE
+		SUBCA_INST=$(cat /tmp/topo_file | grep MY_SUBCA | cut -d= -f2)
                 CLONECA_INST=$(cat /tmp/topo_file | grep MY_CLONE_CA | cut -d= -f2)
-                rlLog "Subsystem ID CLONECA=$CLONECA_INST"
-                run_pki-user-cli-role-user-create-tests $CLONECA_INST ca $MYROLE
                 CLONEKRA_INST=$(cat /tmp/topo_file | grep MY_CLONE_KRA | cut -d= -f2)
-                rlLog "Subsystem ID CLONEKRA=$CLONEKRA_INST"
-                run_pki-user-cli-role-user-create-tests $CLONEKRA_INST kra $MYROLE
                 CLONEOCSP_INST=$(cat /tmp/topo_file | grep MY_CLONE_OCSP | cut -d= -f2)
-                rlLog "Subsystem ID CLONEOCSP=$CLONEOCSP_INST"
-                run_pki-user-cli-role-user-create-tests $CLONEOCSP_INST ocsp $MYROLE
                 CLONETKS_INST=$(cat /tmp/topo_file | grep MY_CLONE_TKS | cut -d= -f2)
-                rlLog "Subsystem ID CLONETKS=$CLONETKS_INST"
-                run_pki-user-cli-role-user-create-tests $CLONETKS_INST ocsp $MYROLE
+                CLONETPS_INST=$(cat /tmp/topo_file | grep MY_CLONE_TPS | cut -d= -f2)
         elif [ "$TOPO1_UPPERCASE" = "TRUE" ] ; then
                 run_rhcs_install_set_vars
                 run_rhcs_install_topo_1
@@ -345,7 +328,62 @@ rlJournalStart
                 run_rhcs_install_set_vars
                 run_rhcs_install_topo_9
         fi
-	
+	 ######## CREATE ROLE USERS #############
+        PKI_CREATE_CA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CA_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_CA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create CA role users
+                  run_pki-user-cli-role-user-create-tests $CA_INST ca $MYROLE
+        fi
+        PKI_CREATE_KRA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_KRA_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_KRA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create KRA role users
+                  run_pki-user-cli-role-user-create-tests $KRA_INST kra $MYROLE
+        fi
+        PKI_CREATE_OCSP_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_OCSP_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_OCSP_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create OCSP role users
+                  run_pki-user-cli-role-user-create-tests $OCSP_INST ocsp $MYROLE
+        fi
+        PKI_CREATE_TKS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_TKS_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_TKS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create TKS role users
+                  run_pki-user-cli-role-user-create-tests $TKS_INST tks $MYROLE
+        fi
+        PKI_CREATE_TPS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_TPS_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_TPS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create TPS role users
+                  run_pki-user-cli-role-user-create-tests $TPS_INST tps $MYROLE
+        fi
+        PKI_CREATE_SUBCA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_SUBCA_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_SUBCA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create SUBCA role users
+                  run_pki-user-cli-role-user-create-tests $SUBCA_INST ca $MYROLE
+        fi
+        PKI_CREATE_CLONECA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONECA_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_CLONECA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create CLONE CA role users
+                  run_pki-user-cli-role-user-create-tests $CLONECA_INST ca $MYROLE
+        fi
+        PKI_CREATE_CLONEKRA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONEKRA_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_CLONEKRA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create CLONE KRA role users
+                  run_pki-user-cli-role-user-create-tests $CLONEKRA_INST kra $MYROLE
+        fi
+        PKI_CREATE_CLONEOCSP_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONEOCSP_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_CLONEOCSP_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create CLONE OCSP role users
+                  run_pki-user-cli-role-user-create-tests $CLONEOCSP_INST ocsp $MYROLE
+        fi
+        PKI_CREATE_CLONETKS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONETKS_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_CLONETKS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create CLONE TKS role users
+                  run_pki-user-cli-role-user-create-tests $CLONETKS_INST tks $MYROLE
+        fi
+        PKI_CREATE_CLONETPS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONETPS_ROLE_USER | tr [a-z] [A-Z])
+        if [ "$PKI_CREATE_CLONETPS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Create CLONE TPS role users
+                  run_pki-user-cli-role-user-create-tests $CLONETPS_INST tps $MYROLE
+        fi
 	######## PKI USER CA TESTS ############
 	PKI_USER_CA_UPPERCASE=$(echo $PKI_USER_CA | tr [a-z] [A-Z])
         if [ "$PKI_USER_CA_UPPERCASE" = "TRUE" ] ; then
@@ -1542,23 +1580,23 @@ rlJournalStart
                 run_ca-ee-ocsp_tests $subsystemType $MYROLE
         fi
 	PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_MANUAL | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		# Execute pki ca-renew-manual tests
-		subsystemType=ca
-		run_pki-legacy-ca-renew_manual_tests $subsystemType $MYROLE
-	fi
-	PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		# Execute pki ca-renew-directory-auth-usercert tests
-		subsystemType=ca
-		run_pki-legacy-ca-renew_dir_auth_user_cert_tests $subsystemType $MYROLE
-	fi
-	PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		# Execute pki ca-renew-sslclient-cert tests
-		subsystemType=ca
-		run_pki-legacy-ca-renew_self_ca_user_ssl_client_cert_tests $subsystemType $MYROLE
-	fi
+        if [ "$PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki ca-renew-manual tests
+                subsystemType=ca
+                run_pki-legacy-ca-renew_manual_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki ca-renew-directory-auth-usercert tests
+                subsystemType=ca
+                run_pki-legacy-ca-renew_dir_auth_user_cert_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki ca-renew-sslclient-cert tests
+                subsystemType=ca
+                run_pki-legacy-ca-renew_self_ca_user_ssl_client_cert_tests $subsystemType $MYROLE
+        fi
 	PKI_LEGACY_CA_SCEP_ENROLL_UPPERCASE=$(echo $PKI_LEGACY_CA_SCEP_ENROLL | tr [a-z] [A-Z])
 	if [ "$PKI_LEGACY_CA_SCEP_ENROLL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
 		# Execute ca scep enroll tests
@@ -1586,7 +1624,7 @@ rlJournalStart
 		run_admin-kra-internaldb_tests $subsystemType $MYROLE
 	fi
 	PKI_LEGACY_KRA_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_KRA_AD_LOGS | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_KRA_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+	if [ "$PKI_LEGACY_KRA_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then 
 		subsystemType=kra
 		run_admin-kra-log_tests $subsystemType $MYROLE
 	fi
@@ -1627,105 +1665,178 @@ rlJournalStart
                 run_agent-subca-crls_tests $subsystemType $MYROLE
         fi
 	PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_CERTIFICATES | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		subsystemType=ca
-		run_subca-ag-certificates_tests $subsystemType $MYROLE
-	fi
-	PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_REQUESTS | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		subsystemType=ca
-		run_subca-ag-requests_tests $subsystemType $MYROLE
-	fi
-	PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_ENROLLMENT | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		subsystemType=ca
-		run_ee-subca-enrollment_tests $subsystemType $MYROLE
-	fi
-	PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_RETRIEVAL | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		subsystemType=ca
-		run_ee-subca-retrieval_tests $subsystemType $MYROLE
-	fi
-	PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_PROFILE | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		subsystemType=ca
-		run_admin-subca-profile_tests $subsystemType $MYROLE
-	fi
-	PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AGENT_PROFILE | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		subsystemType=ca
-		run_agent-subca-profile_tests $subsystemType $MYROLE
-	fi
+        if [ "$PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=ca
+                run_subca-ag-certificates_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_REQUESTS | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=ca
+                run_subca-ag-requests_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_ENROLLMENT | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=ca
+                run_ee-subca-enrollment_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_RETRIEVAL | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=ca
+                run_ee-subca-retrieval_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_PROFILE | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=ca
+                run_admin-subca-profile_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AGENT_PROFILE | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=ca
+                run_agent-subca-profile_tests $subsystemType $MYROLE
+        fi
 	PKI_LEGACY_SUBCA_ADMIN_LOGS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_LOGS | tr [a-z] [A-Z])
 	if [ "$PKI_LEGACY_SUBCA_ADMIN_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
 		subsystemType=ca
 		run_admin-subca-log_tests $subsystemType $MYROLE
-	fi	
+	fi
 	PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_SCEP_ENROLL | tr [a-z] [A-Z])
 	if [ "$PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
 		# Execute subca scep enroll tests
 		subsystemType=ca
 		run_pki-legacy-subca-scep_tests $subsystemType $MYROLE
+	fi	
+	PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_USERGROUPS | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ocsp
+		run_ocsp-ad_usergroups $subsystemType $MYROLE
 	fi
-        PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_USERGROUPS | tr [a-z] [A-Z])
-        if [ "$PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-                subsystemType=ocsp
-                run_ocsp-ad_usergroups $subsystemType $MYROLE
-        fi
-        PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_ACLS | tr [a-z] [A-Z])
-        if [ "$PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-                subsystemType=ocsp
-                run_admin-ocsp-acl_tests $subsystemType $MYROLE
-        fi
-        PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_LOGS | tr [a-z] [A-Z])
-        if [ "$PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-                subsystemType=ocsp
-                run_admin-ocsp-log_tests $subsystemType $MYROLE
-        fi
-        PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_INTERNALDB | tr [a-z] [A-Z])
-        if [ "$PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-                subsystemType=ocsp
-                run_admin-ocsp-internaldb_tests $subsystemType $MYROLE
-        fi
-        PKI_LEGACY_OCSP_AG_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AG_TESTS | tr [a-z] [A-Z])
-        if [ "$PKI_LEGACY_OCSP_AG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-                subsystemType=ocsp
-                run_ocsp-ag_tests $subsystemType $MYROLE
-        fi
-	PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_USERGROUPS | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		subsystemType=tks
-		run_tks-ad_usergroups $subsystemType $MYROLE
+	PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_ACLS | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ocsp
+		run_admin-ocsp-acl_tests $subsystemType $MYROLE
 	fi
-	PKI_LEGACY_TKS_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_ACLS | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_TKS_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		subsystemType=tks
-		run_admin-tks-acl_tests $subsystemType $MYROLE
+	PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_LOGS | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ocsp
+		run_admin-ocsp-log_tests $subsystemType $MYROLE
 	fi
-	PKI_LEGACY_TKS_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_LOGS | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_TKS_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		subsystemType=tks
-		run_admin-tks-log_tests $subsystemType $MYROLE
+	PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_INTERNALDB | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ocsp
+		run_admin-ocsp-internaldb_tests $subsystemType $MYROLE
 	fi
-	PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_INTERNALDB | tr [a-z] [A-Z])
-	if [ "$PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-		subsystemType=tks
-		run_admin-tks-internaldb_tests $subsystemType $MYROLE
+	PKI_LEGACY_OCSP_AG_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AG_TESTS | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_OCSP_AG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ocsp
+		run_ocsp-ag_tests $subsystemType $MYROLE
 	fi
-	PKI_LEGACY_IPA_UPPERCASE=$(echo $PKI_LEGACY_IPA_TESTS | tr [a-z] [A-Z])
-        if [ "$PKI_LEGACY_IPA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
-                subsystemType=ca
-                run_ipa_backend_plugin $subsystemType $MYROLE
+        PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_USERGROUPS | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=tks
+                run_tks-ad_usergroups $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_TKS_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_ACLS | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_TKS_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=tks
+                run_admin-tks-acl_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_TKS_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_LOGS | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_TKS_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=tks
+                run_admin-tks-log_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_INTERNALDB | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=tks
+                run_admin-tks-internaldb_tests $subsystemType $MYROLE
+        fi
+	PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE=$(echo $PKI_LEGACY_TPS_ENROLLMENTS | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=tps
+                run_tps-enrollment_tests $subsystemType $MYROLE
         fi
-        PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CLONE_CA_TESTS | tr [a-z] [A-Z])
-        if [ "$PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then
-                subsystemType=ca
-                clone_legacy_ca_tests $subsystemType $MYROLE
-        fi	
+	PKI_LEGACY_IPA_UPPERCASE=$(echo $PKI_LEGACY_IPA_TESTS | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_IPA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ca
+		run_ipa_backend_plugin $subsystemType $MYROLE
+	fi
+	PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CLONE_CA_TESTS | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then
+		subsystemType=ca
+		clone_legacy_ca_tests $subsystemType $MYROLE
+	fi
 	PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CLONE_KRA_TESTS | tr [a-z] [A-Z])
-        if [ "$PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then
-                subsystemType=kra
-                clone_legacy_drm_tests $subsystemType $MYROLE
+	if [ "$PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then
+		subsystemType=kra
+		clone_legacy_drm_tests $subsystemType $MYROLE
+	fi
+	PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE=$(echo $PKI_LEGACY_TPS_ENROLLMENTS | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                subsystemType=tps
+                run_tps-enrollment_tests $subsystemType $MYROLE
+        fi
+	######## INSTALL TESTS ############
+        PKI_INSTALL_TESTS_UPPERCASE=$(echo $PKI_INSTALL_TESTS | tr [a-z] [A-Z])
+        if [ "$PKI_INSTALL_TESTS_UPPERCASE" = "TRUE" ] ; then
+                # Execute pki install tests
+                  subsystemId=$CA_INST
+                  subsystemType=ca
+                # Execute pki KRA install tests
+                  run_rhcs_ca_installer_tests $subsystemId $subsystemType $MYROLE
+                  subsystemId=$KRA_INST
+                  subsystemType=kra
+                  run_rhcs_kra_installer_tests $subsystemId $subsystemType $MYROLE
+                # Execute pki OCSP install tests
+                  subsystemId=$OCSP_INST
+                  subsystemType=ocsp
+                  run_rhcs_ocsp_installer_tests $subsystemId $subsystemType $MYROLE
+                # Execute pki TKS install tests
+                  subsystemId=$TKS_INST
+                  subsystemType=tks
+                  run_rhcs_tks_installer_tests $subsystemId $subsystemType $MYROLE
+                # Execute pki TPS install tests
+                  subsystemId=$TPS_INST
+                  subsystemType=tps
+                  run_rhcs_tps_installer_tests $subsystemId $subsystemType $MYROLE
+        fi
+
+        PKI_CA_INSTALL_UPPERCASE=$(echo $PKI_CA_INSTALL | tr [a-z] [A-Z])
+        if [ "$PKI_CA_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki CA install tests
+                  subsystemId=$CA_INST
+                  subsystemType=ca
+                  run_rhcs_ca_installer_tests $subsystemId $subsystemType $MYROLE
+        fi
+
+        PKI_KRA_INSTALL_UPPERCASE=$(echo $PKI_KRA_INSTALL | tr [a-z] [A-Z])
+        if [ "$PKI_KRA_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki KRA install tests
+                  subsystemId=$KRA_INST
+                  subsystemType=kra
+                  run_rhcs_kra_installer_tests $subsystemId $subsystemType $MYROLE
+        fi
+
+        PKI_OCSP_INSTALL_UPPERCASE=$(echo $PKI_OCSP_INSTALL | tr [a-z] [A-Z])
+        if [ "$PKI_OCSP_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki OCSP install tests
+                  subsystemId=$OCSP_INST
+                  subsystemType=ocsp
+                  run_rhcs_ocsp_installer_tests $subsystemId $subsystemType $MYROLE
+        fi
+
+        PKI_TKS_INSTALL_UPPERCASE=$(echo $PKI_TKS_INSTALL | tr [a-z] [A-Z])
+        if [ "$PKI_TKS_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki TKS install tests
+                  subsystemId=$TKS_INST
+                  subsystemType=tks
+                  run_rhcs_tks_installer_tests $subsystemId $subsystemType $MYROLE
+        fi
+        PKI_TPS_INSTALL_UPPERCASE=$(echo $PKI_TPS_INSTALL | tr [a-z] [A-Z])
+        if [ "$PKI_TPS_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki TPS install tests
+                  subsystemId=$TPS_INST
+                  subsystemType=tps
+                  run_rhcs_tps_installer_tests $subsystemId $subsystemType $MYROLE
         fi
 	rlPhaseEnd
 	######## DEV UNIT TESTS ############
diff --git a/tests/dogtag/shared/env.sh b/tests/dogtag/shared/env.sh
index 3973d21bf..6f8dd12cd 100644
--- a/tests/dogtag/shared/env.sh
+++ b/tests/dogtag/shared/env.sh
@@ -467,6 +467,51 @@ TKS2_ADMIN_PASSWORD="Secret123"
 TKS2_CLIENT_PKCS12_PASSWORD=Secret123
 ####### End TKS2 Params ######
 
+######### TPS1 Parmams used in QUICKINSTALL and topology1 #########
+TPS1_TOMCAT_INSTANCE_NAME="pki-master"
+TPS1_SECURE_PORT=30042
+TPS1_UNSECURE_PORT=30044
+TPS1_AJP_PORT=30049
+TPS1_TOMCAT_SERVER_PORT=30045
+TPS1_AUDIT_SIGNING_KEY_TYPE=rsa
+TPS1_AUDIT_SIGNING_KEY_SIZE=2048
+TPS1_AUDIT_SIGNING_KEY_ALGORITHM=SHA512withRSA
+TPS1_AUDIT_SIGNING_SIGNING_ALGORITHM=SHA512withRSA
+TPS1_AUDIT_SIGNING_TOKEN=Internal
+TPS1_AUDIT_SIGNING_CERT_NICKNAME="tps1auditsigningcert"
+TPS1_AUDIT_SIGNING_SUBJECT_DN="CN=PKI TPS1 AUDIT Signing Certificate, O=Redhat"
+
+TPS1_SSL_SERVER_KEY_TYPE=rsa
+TPS1_SSL_SERVER_KEY_SIZE=2048
+TPS1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA
+TPS1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA
+TPS1_SSL_SERVER_TOKEN=Internal
+TPS1_SSL_SERVER_NICKNAME="Server-Cert cert-pki-RootCA"
+TPS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat"
+TPS1_SUBSYSTEM_KEY_TYPE="rsa"
+TPS1_SUBSYSTEM_KEY_SIZE=2048
+TPS1_SUBSYSTEM_KEY_ALGORITHM=SHA512withRSA
+TPS1_SUBSYSTEM_SIGNING_ALGORITHM=SHA512withRSA
+TPS1_SUBSYSTEM_TOKEN="Internal"
+TPS1_SUBSYSTEM_CERT_NICKNAME="tps1subsystemcert"
+TPS1_SUBSYSTEM_SUBJECT_DN="cn=PKI TPS1 SUBSYSTEM CERT,O=redhat"
+TPS1_ADMIN_USER="tps1admin"
+TPS1_ADMIN_PASSWORD="Secret123"
+TPS1_ADMIN_EMAIL="example@redhat.com"
+TPS1_ADMIN_DUAL_KEY=True
+TPS1_ADMIN_KEY_SIZE=2048
+TPS1_ADMIN_KEY_TYPE="rsa"
+TPS1_ADMIN_SUBJECT_DN="cn=PKI TPS1 ADMIN,O=redhat"
+TPS1_ADMIN_CERT_NICKNAME="tps1admincert"
+TPS1_LDAP_PORT=1604
+TPS1_LDAP_INSTANCE_NAME=pki-tps1-ldap
+TPS1_DB_SUFFIX="dc=pki-tps1"
+TPS1_BACKUP_PASSWORD="Secret123"
+TPS1_CLIENT_PKCS12_PASSWORD="Secret123"
+TPS1_SERVER_KEYGEN=True
+TPS1_AUTHDB_HOST="`hostname`"
+########End TPS Params#######
+
 ##### GENERIC PARAMS #####
 CLIENT_DIR="/opt/rhqa_pki"
 CERTDB_DIR="/opt/rhqa_pki/certs_db"
@@ -772,6 +817,36 @@ CLONE_TKS1_SSL_SERVER_NICKNAME=cloneca1sslservercert
 CLONE_TKS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat"
 ##### End of CLONE_TKS1 params ######
 
+###### CLONE_TPS1 params -- used by QUICKINSTALL and topology 1 #########
+
+CLONE_TPS1_TOMCAT_INSTANCE_NAME=clone1
+CLONE_TPS1_SECURE_PORT=30002
+CLONE_TPS1_UNSECURE_PORT=30009
+CLONE_TPS1_AJP_PORT=30004
+CLONE_TPS1_TOMCAT_SERVER_PORT=30005
+CLONE_TPS1_ADMIN_USER=clonetpsadmin
+CLONE_TPS1_ADMIN_EMAIL=example@redhat.com
+CLONE_TPS1_ADMIN_DUAL_KEY=True
+CLONE_TPS1_ADMIN_KEY_SIZE=2048
+CLONE_TPS1_ADMIN_KEY_TYPE=rsa
+CLONE_TPS1_ADMIN_SUBJECT_DN="cn=PKI TPS ADMIN CLONE, O=redhat"
+CLONE_TPS1_ADMIN_CERT_NICKNAME=clonetpsadmincert
+CLONE_TPS1_ADMIN_PASSWORD=Secret123
+CLONE_TPS1_DS_HOSTNAME=`hostname`
+CLONE_TPS1_LDAP_PORT=2900
+CLONE_TPS1_LDAP_INSTANCE_NAME=pki-clonetps1
+CLONE_TPS1_SECURE_CONN=False
+CLONE_TPS1_REMOVE_DATA=True
+CLONE_TPS1_SSL_SERVER_KEY_TYPE=rsa
+CLONE_TPS1_SSL_SERVER_KEY_SIZE=2048
+CLONE_TPS1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA
+CLONE_TPS1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA
+CLONE_TPS1_SSL_SERVER_TOKEN=Internal
+CLONE_TPS1_SSL_SERVER_NICKNAME=cloneca1sslservercert
+CLONE_TPS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat"
+CLONE_TPS1_SERVER_KEYGEN=True
+##### End of CLONE_TPS1 params ######
+
 
 ##### CLONE2 generic params #########
 CLONE2_TOMCAT_INSTANCE_NAME="pki-clone2"
@@ -855,6 +930,12 @@ CLONE_TKS2_ADMIN_PASSWORD=Secret123
 CLONE_TKS2_DS_HOSTNAME=localhost
 ######## End of CLONE_TKS2 params #######
 
+######MS ADCS params#######
+MS_ipaddr="10.13.129.103"
+MS_username="CORP\\Administrator"
+MS_password="Secret123"
+######End of MS ADCS params####
+
 
 export CLONE_CA1_LDAP_INSTANCE_NAME CLONE_TKS1_LDAP_INSTANCE_NAME CLONE_OCSP1_LDAP_INSTANCE_NAME CLONE_KRA1_LDAP_INSTANCE_NAME CLONE1_GROUP_AUDIT CERTDB_DIR CERTDB_DIR_PASSWORD CLONE_CA1_TOMCAT_INSTANCE_NAME CLONE_KRA1_ADMIN_USER CLONE_KRA1_ADMIN_EMAIL CLONE_KRA1_ADMIN_DUAL_KEY CLONE_KRA1_ADMIN_KEY_SIZE CLONE_KRA1_ADMIN_KEY_TYPE CLONE_KRA1_ADMIN_SUBJECT_DN CLONE_KRA1_ADMIN_CERT_NICKNAME CLONE_ADMIN_IMPORT_CERT CLONE_KRA1_DS_HOSTNAME CLONE_KRA1_LDAP_PORT CLONE_KRA1_SECURE_CONN CLONE_KRA1_REMOVE_DATA CLONE_OCSP1_ADMIN_USER CLONE_OCSP1_ADMIN_EMAIL CLONE_OCSP1_ADMIN_DUAL_KEY CLONE_OCSP1_ADMIN_KEY_SIZE CLONE_OCSP1_ADMIN_KEY_TYPE CLONE_OCSP1_ADMIN_SUBJECT_DN CLONE_OCSP1_ADMIN_CERT_NICKNAME CLONE_OCSP1_ADMIN_PASSWORD CLONE_OCSP1_DS_HOSTNAME CLONE_OCSP1_LDAP_PORT CLONE_OCSP1_SECURE_CONN CLONE_OCSP1_REMOVE_DATA CLONE_TKS1_ADMIN_USER CLONE_TKS1_ADMIN_EMAIL CLONE_TKS1_ADMIN_DUAL_KEY CLONE_TKS1_ADMIN_KEY_SIZE CLONE_TKS1_ADMIN_KEY_TYPE CLONE_TKS1_ADMIN_SUBJECT_DN CLONE_TKS1_ADMIN_CERT_NICKNAME CLONE_TKS1_ADMIN_PASSWORD CLONE_TKS1_DS_HOSTNAME CLONE_TKS1_LDAP_PORT CLONE_TKS1_SECURE_CONN CLONE_TKS1_REMOVE_DATA ROOTCA_SUBSYSTEM_KEY_TYPE ROOTCA_SUBYSTEM_KEY_SIZE ROOTCA_SUBSYSTEM_KEY_ALGORITHM ROOTCA_SUBSYSTEM_SIGNING_ALGORITHM ROOTCA_SUBSYSTEM_TOKEN ROOTCA_SUBSYTEM_NICKNAME ROOTCA_SUBSYSTEM_SUBJECT_DN 
 
@@ -887,3 +968,4 @@ export ROOTCA_SSL_SERVER_KEY_TYPE ROOTCA_SSL_SERVER_KEY_SIZE ROOTCA_SSL_SERVER_K
 
 export KRA1_SSL_SERVER_KEY_TYPE CLIENT_DIR KRA1_SSL_SERVER_KEY_SIZE KRA1_SSL_SERVER_KEY_ALGORITHM KRA1_SSL_SERVER_SIGNING_ALGORITHM KRA1_SSL_SERVER_TOKEN KRA1_SSL_SERVER_NICKNAME KRA1_SSL_SERVER_CERT_SUBJECT_NAME KRA2_SSL_SERVER_KEY_TYPE KRA2_SSL_SERVER_KEY_SIZE KRA2_SSL_SERVER_KEY_ALGORITHM KRA2_SSL_SERVER_SIGNING_ALGORITHM KRA2_SSL_SERVER_TOKEN KRA2_SSL_SERVER_NICKNAME KRA2_SSL_SERVER_CERT_SUBJECT_NAME KRA3_SSL_SERVER_KEY_TYPE KRA3_SSL_SERVER_KEY_SIZE KRA3_SSL_SERVER_KEY_ALGORITHM KRA3_SSL_SERVER_SIGNING_ALGORITHM KRA3_SSL_SERVER_TOKEN KRA3_SSL_SERVER_NICKNAME KRA3_SSL_SERVER_CERT_SUBJECT_NAME OCSP1_SSL_SERVER_KEY_TYPE OCSP1_SSL_SERVER_KEY_SIZE OCSP1_SSL_SERVER_KEY_ALGORITHM OCSP1_SSL_SERVER_SIGNING_ALGORITHM OCSP1_SSL_SERVER_TOKEN OCSP1_SSL_SERVER_NICKNAME OCSP1_SSL_SERVER_CERT_SUBJECT_NAME OCSP2_SSL_SERVER_KEY_TYPE OCSP2_SSL_SERVER_KEY_SIZE OCSP2_SSL_SERVER_KEY_ALGORITHM OCSP2_SSL_SERVER_SIGNING_ALGORITHM OCSP2_SSL_SERVER_TOKEN OCSP2_SSL_SERVER_NICKNAME OCSP2_SSL_SERVER_CERT_SUBJECT_NAME OCSP3_SSL_SERVER_KEY_TYPE OCSP3_SSL_SERVER_KEY_SIZE OCSP3_SSL_SERVER_KEY_ALGORITHM OCSP3_SSL_SERVER_SIGNING_ALGORITHM OCSP3_SSL_SERVER_TOKEN OCSP3_SSL_SERVER_NICKNAME OCSP3_SSL_SERVER_CERT_SUBJECT_NAME TKS1_SSL_SERVER_KEY_TYPE TKS1_SSL_SERVER_KEY_SIZE TKS1_SSL_SERVER_KEY_ALGORITHM TKS1_SSL_SERVER_SIGNING_ALGORITHM TKS1_SSL_SERVER_TOKEN TKS1_SSL_SERVER_NICKNAME TKS1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_CA1_SSL_SERVER_KEY_TYPE CLONE_CA1_SSL_SERVER_KEY_SIZE CLONE_CA1_SSL_SERVER_KEY_ALGORITHM CLONE_CA1_SSL_SERVER_SIGNING_ALGORITHM CLONE_CA1_SSL_SERVER_TOKEN CLONE_CA1_SSL_SERVER_NICKNAME CLONE_CA1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_KRA1_SSL_SERVER_KEY_TYPE CLONE_KRA1_SSL_SERVER_KEY_SIZE CLONE_KRA1_SSL_SERVER_KEY_ALGORITHM CLONE_KRA1_SSL_SERVER_SIGNING_ALGORITHM CLONE_KRA1_SSL_SERVER_TOKEN CLONE_KRA1_SSL_SERVER_NICKNAME CLONE_KRA1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_OCSP1_SSL_SERVER_KEY_TYPE CLONE_OCSP1_SSL_SERVER_KEY_SIZE CLONE_OCSP1_SSL_SERVER_KEY_ALGORITHM CLONE_OCSP1_SSL_SERVER_SIGNING_ALGORITHM CLONE_OCSP1_SSL_SERVER_TOKEN CLONE_OCSP1_SSL_SERVER_NICKNAME CLONE_OCSP1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_TKS1_SSL_SERVER_KEY_TYPE CLONE_TKS1_SSL_SERVER_KEY_SIZE CLONE_TKS1_SSL_SERVER_KEY_ALGORITHM CLONE_TKS1_SSL_SERVER_SIGNING_ALGORITHM CLONE_TKS1_SSL_SERVER_TOKEN CLONE_TKS1_SSL_SERVER_NICKNAME CLONE_TKS1_SSL_SERVER_CERT_SUBJECT_NAME
 
+export MS_ipaddr MS_username MS_password
diff --git a/tests/dogtag/shared/pki-cert-cli-lib.sh b/tests/dogtag/shared/pki-cert-cli-lib.sh
index ca9f160d9..0a20e0852 100755
--- a/tests/dogtag/shared/pki-cert-cli-lib.sh
+++ b/tests/dogtag/shared/pki-cert-cli-lib.sh
@@ -347,6 +347,21 @@ create_new_cert_request()
                         return 1
                 fi
 	fi
+        if [ "$request_type" == "crmfdual" ] && [ "$archive" == "true" ];then
+                rlLog "PWD=$PWD"
+                rlLog "Get Transport Cert"
+                rlRun "cat $CA_SERVER_ROOT/conf/CS.cfg | grep ca.connector.KRA.transportCert | awk -F \"=\" '{print \$2}' > transport.txt"
+                rlRun "set_newjavapath \":./:/usr/lib/java/jss4.jar:/usr/share/java/pki/pki-nsutil.jar:/usr/share/java/pki/pki-cmsutil.jar:/usr/share/java/apache-commons-codec.jar:/opt/rhqa_pki/jars/pki-qe-tools.jar:\"" 0 "Setting Java CLASSPATH"
+                rlRun "source /opt/rhqa_pki/env.sh" 0 "Set Environment Variables"
+                rlLog "Executing  generateDualCRMFRequest"
+                rlLog "java -cp $CLASSPATH generateDualCRMFRequest -client_certdb_dir $dir -client_certdb_pwd $password -debug false -request_subject \"$subject\" -request_keytype $algo -request_keysize $key_size -output_file $cert_request_file -transport_cert_file transport.txt 1> $dir/crmf.out"
+                rlRun "java -cp $CLASSPATH generateDualCRMFRequest -client_certdb_dir $dir -client_certdb_pwd $password -debug false -request_subject \"$subject\" -request_keytype $algo -request_keysize $key_size -output_file $cert_request_file -transport_cert_file transport.txt 1> $dir/crmf.out"
+                RETVAL=$?
+                if [ $RETVAL != 0 ]; then
+                        rlFail "CRMFPopClient Failed"
+                        return 1
+                fi
+        fi
 #### Strip  headers from request, Note for CRMF requests Our class doesn't generate the headers
 	if [ "$request_type" == "pkcs10" ] || [ "$archive" == "false" ]; then
 
@@ -979,3 +994,55 @@ run_req_action_cert()
              echo PKI_ERROR=$(cat $tmp_nss_db/pki-req-approve-out) >> $cert_info
         fi
 }
+##################################################################
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
+### This script generates an xml file with the certificate request
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
+generate_xml()
+{
+        cert_request_file=$1
+        cert_subject_file=$2
+        xml_profile_file=$3
+        cert_profile=$4
+        rlLog "cert_request_file=$cert_request_file"
+        rlLog "cert_subject_file=$cert_subject_file"
+        rlLog "xml_profile_file=$xml_profile_file"
+        rlLog "cert_profile=$cert_profile"
+
+        local request_type=$(cat $cert_subject_file | grep RequestType: | cut -d: -f2)
+        local subject_cn=$(cat $cert_subject_file | grep CN: | cut -d: -f2)
+        local subject_uid=$(cat $cert_subject_file | grep UID: | cut -d: -f2)
+        local subject_email=$(cat $cert_subject_file | grep Email: | cut -d: -f2)
+        local subject_ou=$(cat $cert_subject_file | grep OU: | cut -d: -f2)
+        local subject_org=$(cat $cert_subject_file | grep Org: | cut -d: -f2)
+        local subject_c=$(cat $cert_subject_file | grep Country: | cut -d: -f2)
+
+
+        if [ "$cert_profile" == "caUserCert" ]  || [ "$cert_profile" ==  "caUserSMIMEcapCert" ] || [ "$cert_profile" ==  "caDualCert" ];then
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v \"$request_type\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $cert_request_file)\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_uid']/Value\" -v \"$subject_uid\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_e']/Value\" -v \"$subject_email\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_cn']/Value\" -v \"$subject_cn\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_ou']/Value\" -v \"$subject_ou\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_o']/Value\" -v \"$subject_org\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_c']/Value\" -v \"$subject_c\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v \"$subject_cn\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v \"$subject_email\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $xml_profile_file"
+        fi
+
+        if [ "$cert_profile" != "CaDualCert" ] && \
+        [ "$cert_profile" != "caDirPinUserCert" ] && \
+        [ "$cert_profile" != "caDirUserCert" ] && \
+        [ "$cert_profile" != "caECDirUserCert" ] && \
+        [ "$cert_profile" != "caAgentServerCert" ] && \
+        [ "$cert_profile" != "caUserCert" ] &&
+        [ "$cert_profile" != "caUserSMIMEcapCert" ]; then
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v \"$request_type\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $cert_request_file)\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v \"$subject_cn\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v \"$subject_email\" $xml_profile_file"
+        rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $xml_profile_file"
+        fi
+}
diff --git a/tests/dogtag/shared/rhcs-shared.sh b/tests/dogtag/shared/rhcs-shared.sh
index a1398d450..974bba9ee 100755
--- a/tests/dogtag/shared/rhcs-shared.sh
+++ b/tests/dogtag/shared/rhcs-shared.sh
@@ -825,7 +825,6 @@ local DOMAIN=$(hostname)
                         echo -e "memberUid: idmuser$COUNT"
                         COUNT=`expr $COUNT + 1`
                 done
-
 }
 
 #################################################################
@@ -836,8 +835,8 @@ gen_enroll_data_file()
 {
         tps_host=$1
         tps_port=$2
-        cuid=$3
-        ldap_user=$4
+        tokenid=$3
+        ldapuser=$4
         ldap_userpwd=$5
         data_file=$6
         new_pin="redhat"
@@ -845,23 +844,23 @@ gen_enroll_data_file()
         echo "op=var_set name=ra_host value=$tps_host" > $data_file
         echo "op=var_set name=ra_port value=$tps_port" >> $data_file
         echo "op=var_set name=ra_uri value=/tps/tps" >> $data_file
-        echo "op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
+        echo "op=token_set cuid=$tokenid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
         echo "op=token_set auth_key=404142434445464748494a4b4c4d4e4f" >> $data_file
         echo "op=token_set mac_key=404142434445464748494a4b4c4d4e4f" >> $data_file
         echo "op=token_set kek_key=404142434445464748494a4b4c4d4e4f" >> $data_file
-        echo "op=ra_enroll uid=$ldap_user pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file
+        echo "op=ra_enroll uid=$ldapuser pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file
         echo "op=exit" >> $data_file
 }
 ############################################################################################################
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
-### This script creates a tpsclient format file
+### This script createa a tpsclient format file
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
 gen_format_data_file()
 {
         tps_host=$1
         tps_port=$2
-        cuid=$3
-        ldap_user=$4
+        tokenid=$3
+        ldapuser=$4
         ldap_userpwd=$5
         data_file=$6
         new_pin="redhat"
@@ -869,11 +868,11 @@ gen_format_data_file()
         echo "op=var_set name=ra_host value=$tps_host" > $data_file
         echo "op=var_set name=ra_port value=$tps_port" >> $data_file
         echo "op=var_set name=ra_uri value=/tps/tps" >> $data_file
-        echo "op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
+        echo "op=token_set cuid=$tokenid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
         echo "op=token_set auth_key=404142434445464748494a4b4c4d4e4f" >> $data_file
         echo "op=token_set mac_key=404142434445464748494a4b4c4d4e4f" >> $data_file
         echo "op=token_set kek_key=404142434445464748494a4b4c4d4e4f" >> $data_file
-        echo "op=ra_format uid=$ldap_user pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file
+        echo "op=ra_format uid=$ldapuser pwd=$ldap_userpwd new_pin=$new_pin num_threads=1 extensions=tokenType=userKey" >> $data_file
         echo "op=exit" >> $data_file
 }
 ############################################################################################################
@@ -884,8 +883,8 @@ gen_pin_reset_data_file()
 {
         tps_host=$1
         tps_port=$2
-        cuid=$3
-        ldap_user=$4
+        tokenid=$3
+        ldapuser=$4
         ldap_userpwd=$5
         data_file=$6
         new_pin="redhat"
@@ -893,12 +892,12 @@ gen_pin_reset_data_file()
         echo "op=var_set name=ra_host value=$tps_host" > $data_file
         echo "op=var_set name=ra_port value=$tps_port" >> $data_file
         echo "op=var_set name=ra_uri value=/tps/tps" >> $data_file
-        echo "op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
+        echo "op=token_set cuid=$tokenid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
         echo "op=token_set auth_key=404142434445464748494a4b4c4d4e4f" >> $data_file
         echo "op=token_set mac_key=404142434445464748494a4b4c4d4e4f" >> $data_file
         echo "op=token_set kek_key=404142434445464748494a4b4c4d4e4f" >> $data_file
-        echo "op=ra_reset_pin uid=$ldap_user pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file
+        echo "op=ra_reset_pin uid=$ldapuser pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file
         echo "op=exit" >> $data_file
 }
 #################################################################
- 
+
diff --git a/tests/dogtag/topologies.sh b/tests/dogtag/topologies.sh
index 34af25c73..21831982f 100755
--- a/tests/dogtag/topologies.sh
+++ b/tests/dogtag/topologies.sh
@@ -134,34 +134,37 @@ run_rhcs_install_set_vars()
 ############################################################
 
 run_rhcs_install_quickinstall()
-{   
+{
     rlPhaseStartTest "run_rhcs_install_quickinstall - Install Master, Clone and SUBCA"
-	rlLog "QuickInstall - run_rhcs_install_quickinstall"
-	local BEAKERMASTER=$MASTER
-	local number=3
-	local TKS_number=1
-	local CA=ROOTCA
+        rlLog "QuickInstall - run_rhcs_install_quickinstall"
+        local BEAKERMASTER=$MASTER
+        local number=3
+        local TKS_number=1
+        local TPS_number=1
+        local CA=ROOTCA
         local CLONE_number=1
-	local SUBCA_number=1
-	local MASTER_KRA=KRA3
-	local MASTER_OCSP=OCSP3
-	run_rhcs_install_packages
+        local SUBCA_number=1
+        local MASTER_KRA=KRA3
+        local MASTER_OCSP=OCSP3
+        local MASTER_TKS=TKS1
+        run_rhcs_install_packages
         run_install_subsystem_RootCA
         run_install_subsystem_kra $number $BEAKERMASTER $CA
         run_install_subsystem_ocsp $number $BEAKERMASTER $CA
         run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA
+        run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS
         run_install_subsystem_cloneCA $CLONE_number $BEAKERMASTER $CA
         run_install_subsystem_cloneKRA $CLONE_number $BEAKERMASTER $CA $MASTER_KRA
         #run_install_subsystem_cloneOCSP $CLONE_number $BEAKERMASTER $CA $MASTER_OCSP
         run_install_subsystem_cloneTKS $CLONE_number $BEAKERMASTER $CA
-	run_install_subsystem_subca $SUBCA_number $BEAKERMASTER $CA
-	run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12"
-	run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12"
+        #run_install_subsystem_cloneTPS $CLONE_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS
+        run_install_subsystem_subca $SUBCA_number $BEAKERMASTER $CA
+        run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12"
+        run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12"
 
-    rlPhaseEnd 
+    rlPhaseEnd
 }
 
-
 #######Topology 1#######
 #SubCA1 - RootCA - Clone CA1
 #  (H3)    (H1)      (H2)
@@ -725,27 +728,27 @@ run_rhcs_install_topo_8()
 		
 }
 
-
-
-
 run_rhcs_install_topo_9()
 {
-    rlPhaseStartTest "run_rhcs_install_quickinstall - Install Master, Clone and SUBCA"
-        rlLog "QuickInstall - run_rhcs_install_quickinstall"
+    rlPhaseStartTest "run_rhcs_install_topo9 - Install Master, Clone and SUBCA"
+        rlLog "In topo9"
         local BEAKERMASTER=$MASTER
         local number=3
         local TKS_number=1
+        local TPS_number=1
         local CA=ROOTCA
         local CLONE_number=1
         local SUBCA_number=1
         local MASTER_KRA=KRA3
         local MASTER_OCSP=OCSP3
-	run_rhcs_edit_env
+        local MASTER_TKS=TKS1
+        run_rhcs_edit_env
         run_rhcs_install_packages
         run_install_subsystem_RootCA
         run_install_subsystem_kra $number $BEAKERMASTER $CA
         run_install_subsystem_ocsp $number $BEAKERMASTER $CA
         run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA
+        run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS
         run_install_subsystem_cloneCA $CLONE_number $BEAKERMASTER $CA
         run_install_subsystem_cloneKRA $CLONE_number $BEAKERMASTER $CA $MASTER_KRA
         #run_install_subsystem_cloneOCSP $CLONE_number $BEAKERMASTER $CA $MASTER_OCSP
@@ -759,39 +762,52 @@ run_rhcs_install_topo_9()
 run_rhcs_edit_env ()
 {
    rlPhaseStartTest "run_rhcs_edit_env - edit env.sh for different tomcat instances for every subsystem"
-	sed -i 's/^\(KRA3_TOMCAT_INSTANCE_NAME=\).*/\1rootkra/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(OCSP3_TOMCAT_INSTANCE_NAME=\).*/\1rootocsp/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(TKS1_TOMCAT_INSTANCE_NAME=\).*/\1roottks/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_KRA1_TOMCAT_INSTANCE_NAME=\).*/\1clonekra1/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_OCSP1_TOMCAT_INSTANCE_NAME=\).*/\1cloneocsp1/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_TKS1_TOMCAT_INSTANCE_NAME=\).*/\1clonetks1/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(KRA3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(OCSP3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_KRA1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_OCSP1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(KRA3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(OCSP3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_KRA1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_OCSP1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(KRA3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(OCSP3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_KRA1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_OCSP1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(KRA3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(OCSP3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_KRA1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_OCSP1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
-	sed -i 's/^\(CLONE_TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(KRA3_TOMCAT_INSTANCE_NAME=\).*/\1rootkra/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(OCSP3_TOMCAT_INSTANCE_NAME=\).*/\1rootocsp/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(TKS1_TOMCAT_INSTANCE_NAME=\).*/\1roottks/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(TPS1_TOMCAT_INSTANCE_NAME=\).*/\1roottps/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_KRA1_TOMCAT_INSTANCE_NAME=\).*/\1clonekra1/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_OCSP1_TOMCAT_INSTANCE_NAME=\).*/\1cloneocsp1/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_TKS1_TOMCAT_INSTANCE_NAME=\).*/\1clonetks1/' /opt/rhqa_pki/env.sh
+	sed -i 's/^\(CLONE_TPS1_TOMCAT_INSTANCE_NAME=\).*/\1clonetps1/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(KRA3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(OCSP3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(TPS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_KRA1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_OCSP1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+	sed -i 's/^\(CLONE_TPS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(KRA3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(OCSP3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(TPS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_KRA1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_OCSP1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+	sed -i 's/^\(CLONE_TPS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(KRA3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(OCSP3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(TPS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_KRA1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_OCSP1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+	sed -i 's/^\(CLONE_TPS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(KRA3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(OCSP3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(TPS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_KRA1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_OCSP1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+        sed -i 's/^\(CLONE_TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+	sed -i 's/^\(CLONE_TPS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+	. /opt/rhqa_pki/env.sh
    rlPhaseEnd
 
 }
+
+
 ######### Routine to get subsystem IDs ########
 get_rhcs_subsystem_id()
 {
-- 
cgit