components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/GenericCertificateDAOImpl.java

@@ -139,7 +139,7 @@ public class GenericCertificateDAOImpl extends AbstractCertificateDAOImpl {
                 isCertificateUsernameProvided = true;
             }
 
-            query += "ORDER BY ID DESC LIMIT ?,?";
+            query += "ORDER BY ID LIMIT ?,?";
 
             try (PreparedStatement stmt = conn.prepareStatement(query)) {
                 int paramIdx = 1;

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/OracleCertificateDAOImpl.java

@@ -78,7 +78,7 @@ public class OracleCertificateDAOImpl extends AbstractCertificateDAOImpl {
                 isCertificateUsernameProvided = true;
             }
 
-            query += "ORDER BY ID DESC OFFSET ? ROWS FETCH NEXT ? ROWS ONLY";
+            query += "ORDER BY ID OFFSET ? ROWS FETCH NEXT ? ROWS ONLY";
 
             try (PreparedStatement stmt = conn.prepareStatement(query)) {
                 int paramIdx = 1;

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/PostgreSQLCertificateDAOImpl.java

@@ -78,7 +78,7 @@ public class PostgreSQLCertificateDAOImpl extends AbstractCertificateDAOImpl {
                 isCertificateUsernameProvided = true;
             }
 
-            query += "ORDER BY ID DESC LIMIT ? OFFSET ?";
+            query += "ORDER BY ID LIMIT ? OFFSET ?";
 
             try (PreparedStatement stmt = conn.prepareStatement(query)) {
                 int paramIdx = 1;

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/SQLServerCertificateDAOImpl.java

@@ -78,7 +78,7 @@ public class SQLServerCertificateDAOImpl extends AbstractCertificateDAOImpl {
                 isCertificateUsernameProvided = true;
             }
 
-            query += "ORDER BY ID DESC OFFSET ? ROWS FETCH NEXT ? ROWS ONLY";
+            query += "ORDER BY ID OFFSET ? ROWS FETCH NEXT ? ROWS ONLY";
 
             try (PreparedStatement stmt = conn.prepareStatement(query)) {
                 int paramIdx = 1;

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java

@@ -29,7 +29,6 @@ import io.entgra.device.mgt.core.certificate.mgt.core.util.CertificateManagement
 import io.entgra.device.mgt.core.certificate.mgt.core.util.CommonUtil;
 import io.entgra.device.mgt.core.certificate.mgt.core.util.Serializer;
 import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.bouncycastle.asn1.ASN1Encodable;
@@ -430,34 +429,19 @@ public class CertificateGenerator {
                         generateCertificate(byteArrayInputStream);
 
                 if (reqCert != null && reqCert.getSerialNumber() != null) {
-                    if (log.isDebugEnabled()) {
+                    log.debug("looking up certificate for serial: " + reqCert.getSerialNumber().toString());
-                        log.debug("looking up certificate for serial: " + reqCert.getSerialNumber().toString());
+                    CertificateResponse lookUpCertificate = keyStoreReader.getCertificateBySerial(
-                    }
+                            reqCert.getSerialNumber().toString());
-                    String orgUnit = CommonUtil.getSubjectDnAttribute(reqCert,
-                            CertificateManagementConstants.ORG_UNIT_ATTRIBUTE);
-                    CertificateResponse lookUpCertificate;
-                    if (StringUtils.isNotEmpty(orgUnit)) {
-                        int tenantId = Integer.parseInt(orgUnit.split(("_"))[1]);
-                        lookUpCertificate = keyStoreReader.getCertificateBySerial(reqCert.getSerialNumber().toString(),
-                                tenantId);
-                    } else {
-                        lookUpCertificate = keyStoreReader.getCertificateBySerial(
-                                reqCert.getSerialNumber().toString());
-                    }
                     if (lookUpCertificate != null && lookUpCertificate.getCertificate() != null) {
-                        if (log.isDebugEnabled()) {
+                        log.debug("certificate found for serial: " + reqCert.getSerialNumber()
-                            log.debug("certificate found for serial: " + reqCert.getSerialNumber()
+                                .toString());
-                                    .toString());
-                        }
                         Certificate certificate = (Certificate) Serializer.deserialize(lookUpCertificate.getCertificate());
                         if (certificate instanceof X509Certificate) {
                             return (X509Certificate) certificate;
                         }
                     } else {
-                        if (log.isDebugEnabled()) {
+                        log.debug("certificate not found for serial: " + reqCert.getSerialNumber()
-                            log.debug("certificate not found for serial: " + reqCert.getSerialNumber()
+                                .toString());
-                                    .toString());
-                        }
                     }
 
                 }
@@ -480,6 +464,7 @@ public class CertificateGenerator {
             log.error(errorMsg);
             throw new KeystoreException(errorMsg, e);
         }
+
         return null;
     }
 

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CertificateManagementConstants.java

@@ -35,7 +35,6 @@ public final class CertificateManagementConstants {
     public static final String DES_EDE = "DESede";
     public static final String CONF_LOCATION = "conf.location";
     public static final String DEFAULT_PRINCIPAL = "O=WSO2, OU=Mobile, C=LK";
-    public static final String ORG_UNIT_ATTRIBUTE = "OU=";
     public static final String RSA_PRIVATE_KEY_BEGIN_TEXT = "-----BEGIN RSA PRIVATE KEY-----\n";
     public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
     public static final String EMPTY_TEXT = "";

components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CommonUtil.java

@@ -17,10 +17,7 @@
  */
 package io.entgra.device.mgt.core.certificate.mgt.core.util;
 
-import org.apache.commons.lang.StringUtils;
-
 import java.math.BigInteger;
-import java.security.cert.X509Certificate;
 import java.util.Calendar;
 import java.util.Date;
 
@@ -45,27 +42,4 @@ public class CommonUtil {
     public static synchronized BigInteger generateSerialNumber() {
         return BigInteger.valueOf(System.currentTimeMillis());
     }
-
-    /**
-     * Returns the value of the given attribute from the subject distinguished name. eg: "entgra.net"
-     * from "CN=entgra.net"
-     * @param requestCertificate {@link X509Certificate} that needs to extract an attribute from
-     * @param attribute the attribute name that needs to be extracted from the cert. eg: "CN="
-     * @return the value of the attribute
-     */
-    public static String getSubjectDnAttribute(X509Certificate requestCertificate, String attribute) {
-        String distinguishedName = requestCertificate.getSubjectDN().getName();
-        if (StringUtils.isNotEmpty(distinguishedName)) {
-            String[] dnSplits = distinguishedName.split(",");
-            for (String dnSplit : dnSplits) {
-                if (dnSplit.contains(attribute)) {
-                    String[] cnSplits = dnSplit.split("=");
-                    if (StringUtils.isNotEmpty(cnSplits[1])) {
-                        return cnSplits[1];
-                    }
-                }
-            }
-        }
-        return null;
-    }
 }

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java

@@ -546,8 +546,14 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
             }
 
             int updatedRows = enrollmentDAO.updateEnrollment(device.getEnrolmentInfo(), tenantId);
-            addDeviceStatus(deviceStatusManagementService, tenantId, updatedRows, device.getEnrolmentInfo(),
+            boolean isEnableDeviceStatusCheck = deviceStatusManagementService.getDeviceStatusCheck(tenantId);
-                    device.getType());
+            boolean isValidState = deviceStatusManagementService.isDeviceStatusValid(device.getType(),
+                    device.getEnrolmentInfo().getStatus().name(),tenantId);
+            if (updatedRows == 1 && !deviceStatusManagementService.getDeviceStatusCheck(tenantId)){
+                enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus());
+            } else if (updatedRows ==1 && isEnableDeviceStatusCheck && isValidState ) {
+                enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus());
+            }
 
             DeviceManagementDAOFactory.commitTransaction();
             log.info("Device enrollment modified successfully",
@@ -666,7 +672,13 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
             DeviceStatusManagementService deviceStatusManagementService = DeviceManagementDataHolder
                     .getInstance().getDeviceStatusManagementService();
             int updatedRows = enrollmentDAO.updateEnrollment(device.getEnrolmentInfo(), tenantId);
-            addDeviceStatus(deviceStatusManagementService, tenantId, updatedRows, device.getEnrolmentInfo(), device.getType());
+            boolean isEnableDeviceStatusCheck = deviceStatusManagementService.getDeviceStatusCheck(tenantId);
+            boolean isValidState = deviceStatusManagementService.isDeviceStatusValid(device.getType(),device.getEnrolmentInfo().getStatus().name(),tenantId);
+            if (updatedRows == 1 && !deviceStatusManagementService.getDeviceStatusCheck(tenantId)){
+                enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus());
+            } else if (updatedRows ==1 && isEnableDeviceStatusCheck && isValidState ) {
+                enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus());
+            }
             DeviceManagementDAOFactory.commitTransaction();
             this.removeDeviceFromCache(deviceId);
 
@@ -3463,11 +3475,17 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
             String type = deviceIdentifier.getType();
             DeviceStatusManagementService deviceStatusManagementService = DeviceManagementDataHolder
                     .getInstance().getDeviceStatusManagementService();
+            DeviceManagementDAOFactory.commitTransaction();
             if (updatedRows > 0) {
                 isUpdatedEnrollment = true;
             }
-            addDeviceStatus(deviceStatusManagementService, tenantId, updatedRows, enrolmentInfo, type);
+            boolean isEnableDeviceStatusCheck = deviceStatusManagementService.getDeviceStatusCheck(tenantId);
-            DeviceManagementDAOFactory.commitTransaction();
+            boolean isValidState = deviceStatusManagementService.isDeviceStatusValid(type, enrolmentInfo.getStatus().name(), tenantId);
+            if (updatedRows == 1 && !deviceStatusManagementService.getDeviceStatusCheck(tenantId)) {
+                enrollmentDAO.addDeviceStatus(enrolmentInfo.getId(), enrolmentInfo.getStatus());
+            } else if (updatedRows == 1 && isEnableDeviceStatusCheck && isValidState) {
+                enrollmentDAO.addDeviceStatus(enrolmentInfo.getId(), enrolmentInfo.getStatus());
+            }
 
         } catch (DeviceManagementDAOException e) {
             DeviceManagementDAOFactory.rollbackTransaction();
@@ -3485,24 +3503,6 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
         return isUpdatedEnrollment;
     }
 
-    /**
-     * Save the status according to status check(allowed device status)
-     * Before invoking this method the calling function should have started a transaction
-     * @param deviceStatusManagementService instance of deviceStatusManagementService
-     * @param tenantId ID of the tenant
-     * @param updatedRows number of updated rows
-     * @param enrolmentInfo enrollment info of the device
-     * @param type type of the device
-     */
-    private void addDeviceStatus(DeviceStatusManagementService deviceStatusManagementService, int tenantId,
-                                 int updatedRows,EnrolmentInfo enrolmentInfo,String type)
-            throws MetadataManagementException, DeviceManagementDAOException {
-        boolean isEnableDeviceStatusCheck = deviceStatusManagementService.getDeviceStatusCheck(tenantId);
-        boolean isValidState = deviceStatusManagementService.isDeviceStatusValid(type, enrolmentInfo.getStatus().name(), tenantId);
-        if (updatedRows == 1 && (!isEnableDeviceStatusCheck || isValidState)) {
-            enrollmentDAO.addDeviceStatus(enrolmentInfo.getId(), enrolmentInfo.getStatus());
-        }
-    }
 
     private int getTenantId() {
         return CarbonContext.getThreadLocalCarbonContext().getTenantId();
@@ -4523,8 +4523,13 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
                         DeviceStatusManagementService deviceStatusManagementService = DeviceManagementDataHolder
                                 .getInstance().getDeviceStatusManagementService();
                         int updatedRows = enrollmentDAO.updateEnrollment(device.getEnrolmentInfo(), tenantId);
-                        addDeviceStatus(deviceStatusManagementService, tenantId, updatedRows, device.getEnrolmentInfo(),
+                        boolean isEnableDeviceStatusCheck = deviceStatusManagementService.getDeviceStatusCheck(tenantId);
-                                type);
+                        boolean isValidState = deviceStatusManagementService.isDeviceStatusValid(type, String.valueOf(EnrolmentInfo.Status.REMOVED),tenantId);
+                        if (updatedRows == 1 && !deviceStatusManagementService.getDeviceStatusCheck(tenantId)){
+                            enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus());
+                        } else if (updatedRows ==1 && isEnableDeviceStatusCheck && isValidState ) {
+                            enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus());
+                        }
                     } catch (DeviceManagementDAOException e) {
                         DeviceManagementDAOFactory.rollbackTransaction();
                         String msg = "Error occurred while dis-enrolling device: " +