From 20df0c879f88a0bc8afffcfd1ac1cef33b3b3988 Mon Sep 17 00:00:00 2001 From: pramilaniroshan Date: Wed, 23 Oct 2024 09:13:59 +0530 Subject: [PATCH 1/3] Improved SQL query with DESC sorting --- .../mgt/core/dao/impl/GenericCertificateDAOImpl.java | 2 +- .../certificate/mgt/core/dao/impl/OracleCertificateDAOImpl.java | 2 +- .../mgt/core/dao/impl/PostgreSQLCertificateDAOImpl.java | 2 +- .../mgt/core/dao/impl/SQLServerCertificateDAOImpl.java | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/GenericCertificateDAOImpl.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/GenericCertificateDAOImpl.java index 92891754ed..26217b4667 100644 --- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/GenericCertificateDAOImpl.java +++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/GenericCertificateDAOImpl.java @@ -139,7 +139,7 @@ public class GenericCertificateDAOImpl extends AbstractCertificateDAOImpl { isCertificateUsernameProvided = true; } - query += "ORDER BY ID LIMIT ?,?"; + query += "ORDER BY ID DESC LIMIT ?,?"; try (PreparedStatement stmt = conn.prepareStatement(query)) { int paramIdx = 1; diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/OracleCertificateDAOImpl.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/OracleCertificateDAOImpl.java index 9fd87d6ed0..716d5df388 100644 --- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/OracleCertificateDAOImpl.java +++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/OracleCertificateDAOImpl.java @@ -78,7 +78,7 @@ public class OracleCertificateDAOImpl extends AbstractCertificateDAOImpl { isCertificateUsernameProvided = true; } - query += "ORDER BY ID OFFSET ? ROWS FETCH NEXT ? ROWS ONLY"; + query += "ORDER BY ID DESC OFFSET ? ROWS FETCH NEXT ? ROWS ONLY"; try (PreparedStatement stmt = conn.prepareStatement(query)) { int paramIdx = 1; diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/PostgreSQLCertificateDAOImpl.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/PostgreSQLCertificateDAOImpl.java index ef06ec0000..2d1cc90851 100644 --- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/PostgreSQLCertificateDAOImpl.java +++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/PostgreSQLCertificateDAOImpl.java @@ -78,7 +78,7 @@ public class PostgreSQLCertificateDAOImpl extends AbstractCertificateDAOImpl { isCertificateUsernameProvided = true; } - query += "ORDER BY ID LIMIT ? OFFSET ?"; + query += "ORDER BY ID DESC LIMIT ? OFFSET ?"; try (PreparedStatement stmt = conn.prepareStatement(query)) { int paramIdx = 1; diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/SQLServerCertificateDAOImpl.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/SQLServerCertificateDAOImpl.java index 22874dd7b7..a9f37a6143 100644 --- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/SQLServerCertificateDAOImpl.java +++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/SQLServerCertificateDAOImpl.java @@ -78,7 +78,7 @@ public class SQLServerCertificateDAOImpl extends AbstractCertificateDAOImpl { isCertificateUsernameProvided = true; } - query += "ORDER BY ID OFFSET ? ROWS FETCH NEXT ? ROWS ONLY"; + query += "ORDER BY ID DESC OFFSET ? ROWS FETCH NEXT ? ROWS ONLY"; try (PreparedStatement stmt = conn.prepareStatement(query)) { int paramIdx = 1; From 00633e34f5b1e3d9480d911e24f3789ce11268a2 Mon Sep 17 00:00:00 2001 From: navodzoysa Date: Sat, 31 Aug 2024 00:42:35 +0530 Subject: [PATCH 2/3] Fix client cert verification issue in sub tenants --- .../mgt/core/impl/CertificateGenerator.java | 31 ++++++++++++++----- .../util/CertificateManagementConstants.java | 1 + .../certificate/mgt/core/util/CommonUtil.java | 26 ++++++++++++++++ 3 files changed, 50 insertions(+), 8 deletions(-) diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java index 75f4266b1c..6147618664 100755 --- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java @@ -29,6 +29,7 @@ import io.entgra.device.mgt.core.certificate.mgt.core.util.CertificateManagement import io.entgra.device.mgt.core.certificate.mgt.core.util.CommonUtil; import io.entgra.device.mgt.core.certificate.mgt.core.util.Serializer; import org.apache.commons.codec.binary.Base64; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.bouncycastle.asn1.ASN1Encodable; @@ -429,19 +430,34 @@ public class CertificateGenerator { generateCertificate(byteArrayInputStream); if (reqCert != null && reqCert.getSerialNumber() != null) { - log.debug("looking up certificate for serial: " + reqCert.getSerialNumber().toString()); - CertificateResponse lookUpCertificate = keyStoreReader.getCertificateBySerial( - reqCert.getSerialNumber().toString()); + if (log.isDebugEnabled()) { + log.debug("looking up certificate for serial: " + reqCert.getSerialNumber().toString()); + } + String orgUnit = CommonUtil.getSubjectDnAttribute(reqCert, + CertificateManagementConstants.ORG_UNIT_ATTRIBUTE); + CertificateResponse lookUpCertificate; + if (StringUtils.isNotEmpty(orgUnit)) { + int tenantId = Integer.parseInt(orgUnit.split(("_"))[1]); + lookUpCertificate = keyStoreReader.getCertificateBySerial(reqCert.getSerialNumber().toString(), + tenantId); + } else { + lookUpCertificate = keyStoreReader.getCertificateBySerial( + reqCert.getSerialNumber().toString()); + } if (lookUpCertificate != null && lookUpCertificate.getCertificate() != null) { - log.debug("certificate found for serial: " + reqCert.getSerialNumber() - .toString()); + if (log.isDebugEnabled()) { + log.debug("certificate found for serial: " + reqCert.getSerialNumber() + .toString()); + } Certificate certificate = (Certificate) Serializer.deserialize(lookUpCertificate.getCertificate()); if (certificate instanceof X509Certificate) { return (X509Certificate) certificate; } } else { - log.debug("certificate not found for serial: " + reqCert.getSerialNumber() - .toString()); + if (log.isDebugEnabled()) { + log.debug("certificate not found for serial: " + reqCert.getSerialNumber() + .toString()); + } } } @@ -464,7 +480,6 @@ public class CertificateGenerator { log.error(errorMsg); throw new KeystoreException(errorMsg, e); } - return null; } diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CertificateManagementConstants.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CertificateManagementConstants.java index f851bd05f0..35da404ef8 100644 --- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CertificateManagementConstants.java +++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CertificateManagementConstants.java @@ -35,6 +35,7 @@ public final class CertificateManagementConstants { public static final String DES_EDE = "DESede"; public static final String CONF_LOCATION = "conf.location"; public static final String DEFAULT_PRINCIPAL = "O=WSO2, OU=Mobile, C=LK"; + public static final String ORG_UNIT_ATTRIBUTE = "OU="; public static final String RSA_PRIVATE_KEY_BEGIN_TEXT = "-----BEGIN RSA PRIVATE KEY-----\n"; public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----"; public static final String EMPTY_TEXT = ""; diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CommonUtil.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CommonUtil.java index 0b1d317721..a18dd057fa 100755 --- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CommonUtil.java +++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CommonUtil.java @@ -17,7 +17,10 @@ */ package io.entgra.device.mgt.core.certificate.mgt.core.util; +import org.apache.commons.lang.StringUtils; + import java.math.BigInteger; +import java.security.cert.X509Certificate; import java.util.Calendar; import java.util.Date; @@ -42,4 +45,27 @@ public class CommonUtil { public static synchronized BigInteger generateSerialNumber() { return BigInteger.valueOf(System.currentTimeMillis()); } + + /** + * Returns the value of the given attribute from the subject distinguished name. eg: "entgra.net" + * from "CN=entgra.net" + * @param requestCertificate {@link X509Certificate} that needs to extract an attribute from + * @param attribute the attribute name that needs to be extracted from the cert. eg: "CN=" + * @return the value of the attribute + */ + public static String getSubjectDnAttribute(X509Certificate requestCertificate, String attribute) { + String distinguishedName = requestCertificate.getSubjectDN().getName(); + if (StringUtils.isNotEmpty(distinguishedName)) { + String[] dnSplits = distinguishedName.split(","); + for (String dnSplit : dnSplits) { + if (dnSplit.contains(attribute)) { + String[] cnSplits = dnSplit.split("="); + if (StringUtils.isNotEmpty(cnSplits[1])) { + return cnSplits[1]; + } + } + } + } + return null; + } } From b2b4c5c676cbd0f71b83f0c62c3d823ab152125d Mon Sep 17 00:00:00 2001 From: Arshana Date: Thu, 31 Oct 2024 10:36:03 +0530 Subject: [PATCH 3/3] Add scpeific instructions in java doc comment --- .../DeviceManagementProviderServiceImpl.java | 55 +++++++++---------- 1 file changed, 25 insertions(+), 30 deletions(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java index df57af8444..902dcfee81 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/service/DeviceManagementProviderServiceImpl.java @@ -546,14 +546,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv } int updatedRows = enrollmentDAO.updateEnrollment(device.getEnrolmentInfo(), tenantId); - boolean isEnableDeviceStatusCheck = deviceStatusManagementService.getDeviceStatusCheck(tenantId); - boolean isValidState = deviceStatusManagementService.isDeviceStatusValid(device.getType(), - device.getEnrolmentInfo().getStatus().name(),tenantId); - if (updatedRows == 1 && !deviceStatusManagementService.getDeviceStatusCheck(tenantId)){ - enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus()); - } else if (updatedRows ==1 && isEnableDeviceStatusCheck && isValidState ) { - enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus()); - } + addDeviceStatus(deviceStatusManagementService, tenantId, updatedRows, device.getEnrolmentInfo(), + device.getType()); DeviceManagementDAOFactory.commitTransaction(); log.info("Device enrollment modified successfully", @@ -672,13 +666,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv DeviceStatusManagementService deviceStatusManagementService = DeviceManagementDataHolder .getInstance().getDeviceStatusManagementService(); int updatedRows = enrollmentDAO.updateEnrollment(device.getEnrolmentInfo(), tenantId); - boolean isEnableDeviceStatusCheck = deviceStatusManagementService.getDeviceStatusCheck(tenantId); - boolean isValidState = deviceStatusManagementService.isDeviceStatusValid(device.getType(),device.getEnrolmentInfo().getStatus().name(),tenantId); - if (updatedRows == 1 && !deviceStatusManagementService.getDeviceStatusCheck(tenantId)){ - enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus()); - } else if (updatedRows ==1 && isEnableDeviceStatusCheck && isValidState ) { - enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus()); - } + addDeviceStatus(deviceStatusManagementService, tenantId, updatedRows, device.getEnrolmentInfo(), device.getType()); DeviceManagementDAOFactory.commitTransaction(); this.removeDeviceFromCache(deviceId); @@ -3475,17 +3463,11 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv String type = deviceIdentifier.getType(); DeviceStatusManagementService deviceStatusManagementService = DeviceManagementDataHolder .getInstance().getDeviceStatusManagementService(); - DeviceManagementDAOFactory.commitTransaction(); if (updatedRows > 0) { isUpdatedEnrollment = true; } - boolean isEnableDeviceStatusCheck = deviceStatusManagementService.getDeviceStatusCheck(tenantId); - boolean isValidState = deviceStatusManagementService.isDeviceStatusValid(type, enrolmentInfo.getStatus().name(), tenantId); - if (updatedRows == 1 && !deviceStatusManagementService.getDeviceStatusCheck(tenantId)) { - enrollmentDAO.addDeviceStatus(enrolmentInfo.getId(), enrolmentInfo.getStatus()); - } else if (updatedRows == 1 && isEnableDeviceStatusCheck && isValidState) { - enrollmentDAO.addDeviceStatus(enrolmentInfo.getId(), enrolmentInfo.getStatus()); - } + addDeviceStatus(deviceStatusManagementService, tenantId, updatedRows, enrolmentInfo, type); + DeviceManagementDAOFactory.commitTransaction(); } catch (DeviceManagementDAOException e) { DeviceManagementDAOFactory.rollbackTransaction(); @@ -3503,6 +3485,24 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv return isUpdatedEnrollment; } + /** + * Save the status according to status check(allowed device status) + * Before invoking this method the calling function should have started a transaction + * @param deviceStatusManagementService instance of deviceStatusManagementService + * @param tenantId ID of the tenant + * @param updatedRows number of updated rows + * @param enrolmentInfo enrollment info of the device + * @param type type of the device + */ + private void addDeviceStatus(DeviceStatusManagementService deviceStatusManagementService, int tenantId, + int updatedRows,EnrolmentInfo enrolmentInfo,String type) + throws MetadataManagementException, DeviceManagementDAOException { + boolean isEnableDeviceStatusCheck = deviceStatusManagementService.getDeviceStatusCheck(tenantId); + boolean isValidState = deviceStatusManagementService.isDeviceStatusValid(type, enrolmentInfo.getStatus().name(), tenantId); + if (updatedRows == 1 && (!isEnableDeviceStatusCheck || isValidState)) { + enrollmentDAO.addDeviceStatus(enrolmentInfo.getId(), enrolmentInfo.getStatus()); + } + } private int getTenantId() { return CarbonContext.getThreadLocalCarbonContext().getTenantId(); @@ -4523,13 +4523,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv DeviceStatusManagementService deviceStatusManagementService = DeviceManagementDataHolder .getInstance().getDeviceStatusManagementService(); int updatedRows = enrollmentDAO.updateEnrollment(device.getEnrolmentInfo(), tenantId); - boolean isEnableDeviceStatusCheck = deviceStatusManagementService.getDeviceStatusCheck(tenantId); - boolean isValidState = deviceStatusManagementService.isDeviceStatusValid(type, String.valueOf(EnrolmentInfo.Status.REMOVED),tenantId); - if (updatedRows == 1 && !deviceStatusManagementService.getDeviceStatusCheck(tenantId)){ - enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus()); - } else if (updatedRows ==1 && isEnableDeviceStatusCheck && isValidState ) { - enrollmentDAO.addDeviceStatus(device.getEnrolmentInfo().getId(), device.getEnrolmentInfo().getStatus()); - } + addDeviceStatus(deviceStatusManagementService, tenantId, updatedRows, device.getEnrolmentInfo(), + type); } catch (DeviceManagementDAOException e) { DeviceManagementDAOFactory.rollbackTransaction(); String msg = "Error occurred while dis-enrolling device: " +