From 16edca2aeadf741b377d119f938ca9388ef98957 Mon Sep 17 00:00:00 2001
From: inoshperera <inoshperera@gmail.com>
Date: Fri, 24 Jun 2016 13:57:48 +0530
Subject: [PATCH 1/2] fixing ios enrollment issue by fetching the identity
 certificate from the header.

---
 .../framework/authenticator/CertificateAuthenticator.java    | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
index 30313d2499..0b53c87306 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
@@ -29,7 +29,7 @@ public class CertificateAuthenticator implements WebappAuthenticator {
     private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth";
     private static final String MUTUAL_AUTH_HEADER = "mutual-auth-header";
     private static final String PROXY_MUTUAL_AUTH_HEADER = "proxy-mutual-auth-header";
-    private static final String CERTIFICATE_VERIFICATION_HEADER = "certificate-verification-header";
+    private static final String CERTIFICATE_VERIFICATION_HEADER = "Mdm-Signature";
     private static final String CLIENT_CERTIFICATE_ATTRIBUTE = "javax.servlet.request.X509Certificate";
 
     @Override
@@ -55,7 +55,6 @@ public class CertificateAuthenticator implements WebappAuthenticator {
             authenticationInfo.setStatus(Status.CONTINUE);
         }
 
-        String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
         try {
             // When there is a load balancer terminating mutual SSL, it should pass this header along and
             // as the value of this header, the client certificate subject dn should be passed.
@@ -78,7 +77,7 @@ public class CertificateAuthenticator implements WebappAuthenticator {
                 }
             } else if (request.getHeader(CERTIFICATE_VERIFICATION_HEADER) != null) {
 
-                String certHeader = request.getHeader(certVerificationHeader);
+                String certHeader = request.getHeader(CERTIFICATE_VERIFICATION_HEADER);
                 if (certHeader != null &&
                     AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
                             verifySignature(certHeader)) {

From 50009c7ac580a43a5fb45647b009b79e3d972e01 Mon Sep 17 00:00:00 2001
From: inoshperera <inoshperera@gmail.com>
Date: Fri, 24 Jun 2016 16:13:50 +0530
Subject: [PATCH 2/2] adding apply policy end point

---
 .../service/api/PolicyManagementService.java  | 25 +++++++++++++++++++
 .../impl/PolicyManagementServiceImpl.java     | 17 +++++++++++++
 .../src/main/webapp/META-INF/permissions.xml  |  6 +++++
 3 files changed, 48 insertions(+)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
index c1e268eb7f..84a4179a70 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java
@@ -386,5 +386,30 @@ public interface PolicyManagementService {
             @ApiParam(name = "policyIds", value = "Policy ID list to be deactivated.",
                     required = true) List<Integer> policyIds);
 
+    @PUT
+    @Produces("application/json")
+    @Path("apply-changes")
+    @ApiOperation(
+            consumes = MediaType.APPLICATION_JSON,
+            produces = MediaType.APPLICATION_JSON,
+            httpMethod = "PUT",
+            value = "Applying Changes on Policies.",
+            notes = "Policies in the active state will be applied to new device that register with WSO2 EMM based on" +
+                    " the policy enforcement criteria . In a situation where you need to make changes to existing" +
+                    " policies (removing, activating, deactivating and updating) or add new policies, the existing" +
+                    " devices will not receive these changes immediately. Once all the required changes are made" +
+                    " you need to apply the changes to push the policy changes to the existing devices.")
+    @ApiResponses(value = {
+            @ApiResponse(
+                    code = 200,
+                    message = "Changes have been successfully updated."),
+            @ApiResponse(
+                    code = 500,
+                    message = "ErrorResponse in deactivating policies.",
+                    response = ErrorResponse.class)
+    })
+    @Permission(scope = "policy-modify", permissions = {"/permission/admin/device-mgt/admin/policies/update"})
+    Response applyChanges();
+
 
 }
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java
index e22b3996d1..2cc81ad7b8 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java
@@ -301,4 +301,21 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
         }
     }
 
+    @Override
+    @PUT
+    @Produces("application/json")
+    @Path("apply-changes")
+    public Response applyChanges() {
+        try {
+            PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService();
+            PolicyAdministratorPoint pap = policyManagementService.getPAP();
+            pap.publishChanges();
+        } catch (PolicyManagementException e) {
+            String msg = "Exception in applying changes.";
+            log.error(msg, e);
+            throw new UnexpectedServerErrorException(
+                    new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build());
+        }
+        return Response.status(Response.Status.OK).entity("Changes have been successfully updated.").build();
+    }
 }
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml
index 1e254bbce1..d7249c6fde 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml
@@ -611,6 +611,12 @@
         <url>/policies/*</url>
         <method>Put</method>
     </Permission>
+    <Permission>
+        <name>Edit policy</name>
+        <path>/device-mgt/admin/policies/update</path>
+        <url>/policies/apply-changes</url>
+        <method>PUT</method>
+    </Permission>
     <!-- End of Policy related APIs -->
 
     <!-- Profile related APIs -->