From 50c984e30c396453cd5a0a5c607c956fc5132154 Mon Sep 17 00:00:00 2001 From: navodzoysa Date: Wed, 6 Nov 2024 15:12:13 +0530 Subject: [PATCH] Fix test case failure when extracting cert from signature --- .../mgt/core/impl/CertificateGenerator.java | 3 +-- .../util/CertificateManagementConstants.java | 1 + .../certificate/mgt/core/util/CommonUtil.java | 21 +++++++++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java index 6147618664..2d65fe4710 100755 --- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java @@ -29,7 +29,6 @@ import io.entgra.device.mgt.core.certificate.mgt.core.util.CertificateManagement import io.entgra.device.mgt.core.certificate.mgt.core.util.CommonUtil; import io.entgra.device.mgt.core.certificate.mgt.core.util.Serializer; import org.apache.commons.codec.binary.Base64; -import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.bouncycastle.asn1.ASN1Encodable; @@ -436,7 +435,7 @@ public class CertificateGenerator { String orgUnit = CommonUtil.getSubjectDnAttribute(reqCert, CertificateManagementConstants.ORG_UNIT_ATTRIBUTE); CertificateResponse lookUpCertificate; - if (StringUtils.isNotEmpty(orgUnit)) { + if (CommonUtil.isScepOrgUnit(orgUnit)) { int tenantId = Integer.parseInt(orgUnit.split(("_"))[1]); lookUpCertificate = keyStoreReader.getCertificateBySerial(reqCert.getSerialNumber().toString(), tenantId); diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CertificateManagementConstants.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CertificateManagementConstants.java index 35da404ef8..a423ccbd8e 100644 --- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CertificateManagementConstants.java +++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CertificateManagementConstants.java @@ -36,6 +36,7 @@ public final class CertificateManagementConstants { public static final String CONF_LOCATION = "conf.location"; public static final String DEFAULT_PRINCIPAL = "O=WSO2, OU=Mobile, C=LK"; public static final String ORG_UNIT_ATTRIBUTE = "OU="; + public static final String ORG_UNIT_TENANT_PREFIX = "tenant_"; public static final String RSA_PRIVATE_KEY_BEGIN_TEXT = "-----BEGIN RSA PRIVATE KEY-----\n"; public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----"; public static final String EMPTY_TEXT = ""; diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CommonUtil.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CommonUtil.java index a18dd057fa..0c908d1885 100755 --- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CommonUtil.java +++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/util/CommonUtil.java @@ -18,6 +18,7 @@ package io.entgra.device.mgt.core.certificate.mgt.core.util; import org.apache.commons.lang.StringUtils; +import org.apache.commons.lang.math.NumberUtils; import java.math.BigInteger; import java.security.cert.X509Certificate; @@ -68,4 +69,24 @@ public class CommonUtil { } return null; } + + /** + * Checks if the organizational unit (OU) attribute has a valid tenant id in order to verify that it is + * a SCEP certificate. eg: OU=tenant_1 + *

+ * Refer to engineering mail SCEP implementation for Android + * @param orgUnit organizational unit (OU) of the certificate + * @return true if it is a valid SCEP org unit else false + */ + public static boolean isScepOrgUnit(String orgUnit) { + if (StringUtils.isNotEmpty(orgUnit)) { + if (CertificateManagementConstants.ORG_UNIT_TENANT_PREFIX.equals(orgUnit)) { + String[] orgUnitArray = orgUnit.split(("_")); + if (orgUnitArray.length > 1) { + return NumberUtils.isNumber(orgUnitArray[1]); + } + } + } + return false; + } }