From e4ca9766953db8630074e4a885e2cb27a8150680 Mon Sep 17 00:00:00 2001
From: Pahansith <pahansith@entgra.io>
Date: Wed, 19 Apr 2023 12:01:49 +0530
Subject: [PATCH 1/6] Fix issue with Nginx not recognizing the client
 certificate

---
 .../mgt/core/impl/CertificateGenerator.java     | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
index 20b4833d56..0a0712b002 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
@@ -97,10 +97,7 @@ import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.X509Certificate;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.X509EncodedKeySpec;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.List;
+import java.util.*;
 import java.util.concurrent.TimeUnit;
 
 public class CertificateGenerator {
@@ -798,8 +795,16 @@ public class CertificateGenerator {
 
             BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
 
-            X500Name issuerName = new X500Name(certCA.getSubjectDN().getName());
-
+            //Reversing the order of components of the subject DN due to Nginx not verifying the client certificate
+            //generated by Java using this subject DN.
+            //Ref: https://stackoverflow.com/questions/33769978
+            String[] dnParts = certCA.getSubjectDN().getName().split(",");
+            StringJoiner joiner = new StringJoiner(",");
+            for (int i = (dnParts.length - 1); i >= 0; i--) {
+                joiner.add(dnParts[i]);
+            }
+            String subjectDn = joiner.toString();
+            X500Name issuerName = new X500Name(subjectDn);
             String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
                     .getValue().toString();
             X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" +
-- 
2.36.3


From 38d485dd8f5ad0a257b74a61d5610bb961b5face Mon Sep 17 00:00:00 2001
From: Pahansith <pahansith@entgra.io>
Date: Sat, 13 May 2023 12:56:56 +0530
Subject: [PATCH 2/6] Add tenant based storing and loading SCEP certificates

---
 .../mgt/core/dao/CertificateDAO.java          | 10 +++++
 .../dao/impl/AbstractCertificateDAOImpl.java  | 36 ++++++++++++++++++
 .../mgt/core/impl/CertificateGenerator.java   | 37 ++++++++++++++-----
 .../mgt/core/impl/KeyStoreReader.java         | 37 +++++++++++++++++++
 4 files changed, 110 insertions(+), 10 deletions(-)

diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/CertificateDAO.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/CertificateDAO.java
index 1c9aba681a..7862cc0f55 100644
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/CertificateDAO.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/CertificateDAO.java
@@ -51,6 +51,16 @@ public interface CertificateDAO {
      */
     CertificateResponse retrieveCertificate(String serialNumber) throws CertificateManagementDAOException;
 
+    /**
+     * Obtain a certificated stored in the database by providing the common name and the tenant ID
+     *
+     * @param serialNumber Serial number (Common name) of the certificate
+     * @param tenantId ID of the certificate owning tenant
+     * @return representation of the certificate.
+     * @throws CertificateManagementDAOException if fails to read the certificate from the database
+     */
+    CertificateResponse retrieveCertificate(String serialNumber, int tenantId) throws CertificateManagementDAOException;
+
     /**
      * Get all the certificates in a paginated manner.
      *
diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
index 2aeb3571f5..5fcb6082cc 100644
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
@@ -119,6 +119,42 @@ public abstract class AbstractCertificateDAOImpl implements CertificateDAO{
         return certificateResponse;
     }
 
+    @Override
+    public CertificateResponse retrieveCertificate(String serialNumber, int tenantId) throws CertificateManagementDAOException {
+        Connection conn;
+        PreparedStatement stmt = null;
+        ResultSet resultSet = null;
+        CertificateResponse certificateResponse = null;
+        try {
+            conn = this.getConnection();
+            String query =
+                    "SELECT CERTIFICATE, SERIAL_NUMBER, TENANT_ID, USERNAME FROM"
+                            + " DM_DEVICE_CERTIFICATE WHERE SERIAL_NUMBER = ? AND TENANT_ID = ? ";
+            stmt = conn.prepareStatement(query);
+            stmt.setString(1, serialNumber);
+            stmt.setInt(2, tenantId);
+            resultSet = stmt.executeQuery();
+
+            if (resultSet.next()) {
+                certificateResponse = new CertificateResponse();
+                byte[] certificateBytes = resultSet.getBytes("CERTIFICATE");
+                certificateResponse.setCertificate(certificateBytes);
+                certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER"));
+                certificateResponse.setTenantId(resultSet.getInt("TENANT_ID"));
+                certificateResponse.setUsername(resultSet.getString("USERNAME"));
+                CertificateGenerator.extractCertificateDetails(certificateBytes, certificateResponse);
+            }
+        } catch (SQLException e) {
+            String errorMsg =
+                    "Unable to get the read the certificate with serial" + serialNumber;
+            log.error(errorMsg, e);
+            throw new CertificateManagementDAOException(errorMsg, e);
+        } finally {
+            CertificateManagementDAOUtil.cleanupResources(stmt, resultSet);
+        }
+        return certificateResponse;
+    }
+
     @Override
     public List<CertificateResponse> searchCertificate(String serialNumber)
             throws CertificateManagementDAOException {
diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java
index d35f89569b..ac39d0ef23 100755
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java
@@ -358,15 +358,31 @@ public class CertificateGenerator {
         CertificateResponse lookUpCertificate = null;
         KeyStoreReader keyStoreReader = new KeyStoreReader();
         if (distinguishedName != null && !distinguishedName.isEmpty()) {
-            if (distinguishedName.contains("/CN=")) {
-                String[] dnSplits = distinguishedName.split("/");
-                for (String dnPart : dnSplits) {
-                    if (dnPart.contains("CN=")) {
-                        String commonNameExtracted = dnPart.replace("CN=", "");
-                        lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted);
-                        break;
+            if (distinguishedName.contains("CN=")) {
+                String[] dnSplits = null;
+                if (distinguishedName.contains("/")) {
+                    dnSplits = distinguishedName.split("/");
+                } else if (distinguishedName.contains(",")) {
+                    //some older versions of nginx will forward the client certificate subject dn separated with commas
+                    dnSplits = distinguishedName.split(",");
+                }
+                String commonNameExtracted = null;
+                int tenantId = 0;
+                if (dnSplits != null && dnSplits.length >= 1) {
+                    for (String dnPart : dnSplits) {
+                        if (dnPart.contains("CN=")) {
+                            commonNameExtracted = dnPart.replace("CN=", "");
+                        } else if (dnPart.contains("OU=")) {
+                            //the OU of the certificate will be like OU=tenant_<TENANT_ID> ex: OU=tenant_-1234
+                            //splitting by underscore to extract the tenant domain
+                            String[] orgUnitSplits = dnPart.split("_");
+                            tenantId = Integer.parseInt(orgUnitSplits[1]);
+                        }
                     }
                 }
+
+                lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted, tenantId);
+
             } else {
                 LdapName ldapName;
                 try {
@@ -807,8 +823,9 @@ public class CertificateGenerator {
             X500Name issuerName = new X500Name(subjectDn);
             String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
                     .getValue().toString();
-            X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" +
-                    serialNumber);
+            int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+            X500Name subjectName = new X500Name("O=" + commonName + ",CN=" +
+                    serialNumber + ", OU=tenant_"+tenantId);
             Date startDate = new Date(System.currentTimeMillis());
             Date endDate = new Date(System.currentTimeMillis()
                     + TimeUnit.DAYS.toMillis(365 * 100));
@@ -829,7 +846,7 @@ public class CertificateGenerator {
             io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate certificate =
                     new io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate();
             List<io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate> certificates = new ArrayList<>();
-            certificate.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
+            certificate.setTenantId(tenantId);
             certificate.setCertificate(issuedCert);
             certificates.add(certificate);
             saveCertInKeyStore(certificates);
diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/KeyStoreReader.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/KeyStoreReader.java
index 986f91d78a..307c1f36db 100755
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/KeyStoreReader.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/KeyStoreReader.java
@@ -275,6 +275,43 @@ public class KeyStoreReader {
         return raPrivateKey;
     }
 
+    public CertificateResponse getCertificateBySerial(String serialNumber, int tenantId) throws KeystoreException {
+        CertificateResponse certificateResponse = null;
+        try {
+            CertificateCacheManager cacheManager = CertificateCacheManagerImpl.getInstance();
+            certificateResponse = cacheManager.getCertificateBySerial(serialNumber);
+            if (certificateResponse == null) {
+                try {
+                    CertificateManagementDAOFactory.openConnection();
+                    certificateResponse = certDao.retrieveCertificate(serialNumber, tenantId);
+                } catch (SQLException e) {
+                    String errorMsg = "Error when making a connection to the database.";
+                    throw new KeystoreException(errorMsg, e);
+                } finally {
+                    CertificateManagementDAOFactory.closeConnection();
+                }
+                if (certificateResponse != null && certificateResponse.getCertificate() != null) {
+                    Certificate certificate = (Certificate) Serializer.deserialize(certificateResponse.getCertificate());
+                    if (certificate instanceof X509Certificate) {
+                        X509Certificate x509cert = (X509Certificate) certificate;
+                        String commonName = CertificateGenerator.getCommonName(x509cert);
+                        certificateResponse.setCommonName(commonName);
+                        cacheManager.addCertificateBySerial(serialNumber, certificateResponse);
+                    }
+                }
+            }
+        } catch (CertificateManagementDAOException e) {
+            String errorMsg = "Error when retrieving certificate from the the database for the serial number: " +
+                    serialNumber;
+            throw new KeystoreException(errorMsg, e);
+
+        } catch (ClassNotFoundException | IOException e) {
+            String errorMsg = "Error when de-serializing saved certificate.";
+            throw new KeystoreException(errorMsg, e);
+        }
+        return certificateResponse;
+    }
+
     public CertificateResponse getCertificateBySerial(String serialNumber) throws KeystoreException {
         CertificateResponse certificateResponse = null;
         try {
-- 
2.36.3


From 39266f0d3dc51fe0429713ce9efdba059f6a427c Mon Sep 17 00:00:00 2001
From: Pahansith <pahansith@entgra.io>
Date: Wed, 26 Jul 2023 20:51:48 +0530
Subject: [PATCH 3/6] Format code

---
 .../core/certificate/mgt/core/impl/CertificateGenerator.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java
index 8d6bee89e7..4dfe921787 100755
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java
@@ -848,8 +848,8 @@ public class CertificateGenerator {
             String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
                     .getValue().toString();
             int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
-            X500Name subjectName = new X500Name("O=" + commonName + ",CN=" +
-                    serialNumber + ", OU=tenant_"+tenantId);
+            X500Name subjectName = new X500Name("O=" + commonName + " ,CN=" +
+                    serialNumber + ", OU=tenant_" + tenantId);
             Date startDate = new Date(System.currentTimeMillis());
             Date endDate = new Date(System.currentTimeMillis()
                     + TimeUnit.DAYS.toMillis(365 * 100));
-- 
2.36.3


From 9d268e19fb3d41707b446f6ebca154e662eed17b Mon Sep 17 00:00:00 2001
From: Pahansith <pahansith@entgra.io>
Date: Wed, 16 Aug 2023 09:19:33 +0530
Subject: [PATCH 4/6] Fix enrolment app install issue

---
 .../mgt/core/dao/impl/ApplicationDAOImpl.java      | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/ApplicationDAOImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/ApplicationDAOImpl.java
index 4f46d5b4f6..2d5dde27dc 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/ApplicationDAOImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/ApplicationDAOImpl.java
@@ -299,7 +299,13 @@ public class ApplicationDAOImpl implements ApplicationDAO {
             if (filter != null) {
                 sql = sql + "AND NAME LIKE ? ";
             }
-            sql = sql + "LIMIT ? OFFSET ?";
+
+            boolean isLimitPresent = false;
+            if  (request.getRowCount() > 0) {
+                sql = sql + "LIMIT ? OFFSET ?";
+                isLimitPresent = true;
+            }
+
             Connection conn = this.getConnection();
             try (PreparedStatement stmt = conn.prepareStatement(sql)) {
                 int paramIdx = 1;
@@ -308,8 +314,10 @@ public class ApplicationDAOImpl implements ApplicationDAO {
                 if (filter != null){
                     stmt.setString(paramIdx++, filter);
                 }
-                stmt.setInt(paramIdx++, request.getRowCount());
-                stmt.setInt(paramIdx, request.getStartIndex());
+                if (isLimitPresent) {
+                    stmt.setInt(paramIdx++, request.getRowCount());
+                    stmt.setInt(paramIdx, request.getStartIndex());
+                }
 
                 try (ResultSet rs = stmt.executeQuery()) {
                     while (rs.next()) {
-- 
2.36.3


From ebf9e4f5132717fc225e62228870212a29996548 Mon Sep 17 00:00:00 2001
From: Pahansith <pahansith@entgra.io>
Date: Tue, 5 Dec 2023 13:22:38 +0530
Subject: [PATCH 5/6] Add certificate device identifier update task

---
 .../mgt/core/dao/CertificateDAO.java          |  3 ++
 .../dao/impl/AbstractCertificateDAOImpl.java  | 54 +++++++++++++++++++
 .../mgt/core/dto/CertificateResponse.java     | 20 +++++++
 ...CertificateManagementServiceComponent.java | 14 +++++
 .../service/CertificateManagementService.java |  1 +
 .../CertificateManagementServiceImpl.java     | 40 ++++++++++++++
 6 files changed, 132 insertions(+)

diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/CertificateDAO.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/CertificateDAO.java
index 068766f3b9..992a04cbb6 100644
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/CertificateDAO.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/CertificateDAO.java
@@ -103,4 +103,7 @@ public interface CertificateDAO {
 
     List<CertificateResponse> searchCertificate(String serialNumber) throws CertificateManagementDAOException;
 
+    List<CertificateResponse> retrieveEmptyDeviceIdCerts() throws CertificateManagementDAOException;
+
+    int updateDeviceIdentifier(CertificateResponse cert) throws CertificateManagementDAOException;
 }
diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
index 888b3619ca..a1bab2c29f 100644
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dao/impl/AbstractCertificateDAOImpl.java
@@ -229,6 +229,60 @@ public abstract class AbstractCertificateDAOImpl implements CertificateDAO{
         return certificates;
     }
 
+    @Override
+    public List<CertificateResponse> retrieveEmptyDeviceIdCerts() throws CertificateManagementDAOException {
+        Connection conn;
+        PreparedStatement stmt = null;
+        ResultSet resultSet = null;
+        CertificateResponse certificateResponse = null;
+        List<CertificateResponse> certificates = new ArrayList<>();
+        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+        try {
+            conn = this.getConnection();
+            String query =
+                    "SELECT ID, CERTIFICATE FROM DM_DEVICE_CERTIFICATE "
+                            + "WHERE DEVICE_IDENTIFIER is NULL";
+            stmt = conn.prepareStatement(query);
+            resultSet = stmt.executeQuery();
+
+            while (resultSet.next()) {
+                certificateResponse = new CertificateResponse();
+                byte[] certificateBytes = resultSet.getBytes("CERTIFICATE");
+                certificateResponse.setId(resultSet.getInt("ID"));
+                CertificateGenerator.extractCertificateDetails(certificateBytes, certificateResponse);
+                certificates.add(certificateResponse);
+            }
+        } catch (SQLException e) {
+            String errorMsg =
+                    "Error while reading null device identifier certificates";
+            log.error(errorMsg, e);
+            throw new CertificateManagementDAOException(errorMsg, e);
+        } finally {
+            CertificateManagementDAOUtil.cleanupResources(stmt, resultSet);
+        }
+        return certificates;
+    }
+
+    @Override
+    public int updateDeviceIdentifier(CertificateResponse cert) throws CertificateManagementDAOException {
+        Connection conn;
+        PreparedStatement stmt = null;
+        try {
+            conn = this.getConnection();
+            stmt = conn.prepareStatement(
+                    "UPDATE DM_DEVICE_CERTIFICATE SET DEVICE_IDENTIFIER = ? WHERE ID = ?");
+            stmt.setString(1, cert.getOrganization());
+            stmt.setInt(2, cert.getId());
+            return stmt.executeUpdate();
+        } catch (SQLException e) {
+            throw new CertificateManagementDAOException("Error occurred while updating device identifier "
+                    + cert.getOrganization() + " of certificate id " + cert.getId()
+                    , e);
+        } finally {
+            CertificateManagementDAOUtil.cleanupResources(stmt, null);
+        }
+    }
+
     @Override
     public List<CertificateResponse> getAllCertificates() throws CertificateManagementDAOException {
         PreparedStatement stmt = null;
diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dto/CertificateResponse.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dto/CertificateResponse.java
index 23f37a0efa..7409f90572 100644
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dto/CertificateResponse.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/dto/CertificateResponse.java
@@ -26,6 +26,26 @@ import java.math.BigInteger;
 @ApiModel(value = "CertificateResponse", description = "This class carries all information related to certificates")
 public class CertificateResponse {
 
+    int id;
+
+    String organization;
+
+    public String getOrganization() {
+        return organization;
+    }
+
+    public void setOrganization(String organization) {
+        this.organization = organization;
+    }
+
+    public int getId() {
+        return id;
+    }
+
+    public void setId(int id) {
+        this.id = id;
+    }
+
     @ApiModelProperty(name = "certificate", value = "The certificate in bytes", required = true)
     byte[] certificate;
 
diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/internal/CertificateManagementServiceComponent.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/internal/CertificateManagementServiceComponent.java
index 956bb4683c..9869b113b8 100644
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/internal/CertificateManagementServiceComponent.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/internal/CertificateManagementServiceComponent.java
@@ -77,6 +77,20 @@ public class CertificateManagementServiceComponent {
             bundleContext.registerService(SCEPManager.class.getName(),
                     new SCEPManagerImpl(), null);
 
+            new Thread(new Runnable() {
+                @Override
+                public void run() {
+                    log.info("=================Starting the certificate table device identifier updating worker===============");
+                    CertificateManagementService certificateManagementService = CertificateManagementServiceImpl.getInstance();
+                    try {
+                        certificateManagementService.updateCertificateDeviceIdentifiers();
+                        log.info("=================Completed the certificate table device identifier updating worker===============");
+                    } catch (CertificateManagementException e) {
+                        log.error("Failed while updating device identifiers of the certificates.");
+                    }
+                }
+            }).start();
+
             if (log.isDebugEnabled()) {
                 log.debug("Certificate management core bundle has been successfully initialized");
             }
diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/service/CertificateManagementService.java
index 611295ba3f..ac8c6ac8fb 100644
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/service/CertificateManagementService.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/service/CertificateManagementService.java
@@ -84,4 +84,5 @@ public interface CertificateManagementService {
 
     X509Certificate generateAlteredCertificateFromCSR(String csr) throws KeystoreException;
 
+    void updateCertificateDeviceIdentifiers() throws CertificateManagementException;
 }
diff --git a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/service/CertificateManagementServiceImpl.java
index 06cbedfb4d..b3660520b3 100644
--- a/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/service/CertificateManagementServiceImpl.java
+++ b/components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/service/CertificateManagementServiceImpl.java
@@ -272,4 +272,44 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
         return certificateGenerator.generateAlteredCertificateFromCSR(csr);
     }
 
+    @Override
+    public void updateCertificateDeviceIdentifiers() throws CertificateManagementException {
+        try {
+            CertificateManagementDAOFactory.beginTransaction();
+            CertificateDAO certificateDAO = CertificateManagementDAOFactory.getCertificateDAO();
+            List<CertificateResponse> certificateResponses = certificateDAO.retrieveEmptyDeviceIdCerts();
+            for (CertificateResponse certificateResponse : certificateResponses) {
+                String subject = certificateResponse.getSubject();
+                String deviceId = null;
+                log.info("Extracting deviceId from certificate with subject : " + subject);
+                if (subject.contains("O=")) {
+                    String[] dnParts = subject.split(",");
+                    for (int i = 0; i < dnParts.length; i++) {
+                        if (dnParts[i].contains("O=")) {
+                            String[] orgParts = dnParts[i].split("=");
+                            if (orgParts[1].matches("^[a-zA-Z0-9]+$")) { //check if the O is alphanumeric
+                                deviceId = orgParts[1];
+                            } else {
+                                log.info("Certificate is not representing an Android device. " +
+                                        "Marking device identifier as null");
+
+                            }
+                        }
+                    }
+                }
+                certificateResponse.setOrganization(deviceId);
+                certificateDAO.updateDeviceIdentifier(certificateResponse);
+            }
+            CertificateManagementDAOFactory.commitTransaction();
+        } catch (TransactionManagementException e) {
+            String msg = "Failed while updating certificate device identifier";
+            log.error(msg, e);
+            throw new CertificateManagementException(e);
+        } catch (CertificateManagementDAOException e) {
+            CertificateManagementDAOFactory.rollbackTransaction();
+            String msg = "Failed while updating certificate device identifier";
+            log.error(msg, e);
+            throw new CertificateManagementException(e);
+        }
+    }
 }
-- 
2.36.3


From 7657154c52a5f27fa42522e677956c6f3b46cb41 Mon Sep 17 00:00:00 2001
From: Pahansith <pahansith@entgra.io>
Date: Sat, 17 Feb 2024 18:07:01 +0530
Subject: [PATCH 6/6] Fix application search issue

---
 .../device/mgt/core/device/mgt/core/common/Constants.java  | 1 +
 .../core/device/mgt/core/dao/impl/ApplicationDAOImpl.java  | 7 ++++++-
 .../src/main/resources/dbscripts/cdm/mysql.sql             | 2 ++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/common/Constants.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/common/Constants.java
index 71eaf20a5f..68111a5159 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/common/Constants.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/common/Constants.java
@@ -21,6 +21,7 @@ package io.entgra.device.mgt.core.device.mgt.core.common;
 public class Constants {
     public static final String SCHEME_SEPARATOR = "://";
     public static final String COLON = ":";
+    public static final String QUERY_WILDCARD = "%";
     public static final String URI_QUERY_SEPARATOR = "?";
     public static final String URI_SEPARATOR = "/";
     public static final String BASIC_AUTH_HEADER_PREFIX = "Basic ";
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/ApplicationDAOImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/ApplicationDAOImpl.java
index fb3ad85549..30655aa1e4 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/ApplicationDAOImpl.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/dao/impl/ApplicationDAOImpl.java
@@ -17,6 +17,7 @@
  */
 package io.entgra.device.mgt.core.device.mgt.core.dao.impl;
 
+import io.entgra.device.mgt.core.device.mgt.core.common.Constants;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import io.entgra.device.mgt.core.device.mgt.common.PaginationRequest;
@@ -298,9 +299,13 @@ public class ApplicationDAOImpl implements ApplicationDAO {
             String filter = request.getFilter();
             if (filter != null) {
                 sql = sql + "AND NAME LIKE ? ";
+                filter = Constants.QUERY_WILDCARD.concat(filter).concat(Constants.QUERY_WILDCARD);
             }
+
+            boolean isLimitPresent = false;
             if (request != null && request.getRowCount() != -1) {
                 sql = sql + "LIMIT ? OFFSET ?";
+                isLimitPresent = true;
             }
             Connection conn = this.getConnection();
             try (PreparedStatement stmt = conn.prepareStatement(sql)) {
@@ -312,7 +317,7 @@ public class ApplicationDAOImpl implements ApplicationDAO {
                 if (filter != null){
                     stmt.setString(paramIdx++, filter);
                 }
-                if (request != null && request.getRowCount() != -1) {
+                if (isLimitPresent) {
                     stmt.setInt(paramIdx++, request.getRowCount());
                     stmt.setInt(paramIdx, request.getStartIndex());
                 }
diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/dbscripts/cdm/mysql.sql b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/dbscripts/cdm/mysql.sql
index ce963d1437..b0de3dc590 100644
--- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/dbscripts/cdm/mysql.sql
+++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/dbscripts/cdm/mysql.sql
@@ -463,6 +463,8 @@ CREATE TABLE IF NOT EXISTS DM_APPLICATION (
 )ENGINE = InnoDB;
 
 CREATE INDEX IDX_DM_APPLICATION ON DM_APPLICATION(DEVICE_ID, ENROLMENT_ID, TENANT_ID);
+CREATE INDEX DM_APPLICATION_NAME ON DM_APPLICATION(NAME);
+CREATE INDEX DM_APPLICATION_NAME_PLATFORM_TID ON DM_APPLICATION(NAME, PLATFORM, TENANT_ID);
 
 -- END OF POLICY RELATED TABLES --
 
-- 
2.36.3