navodzoysa
/
device-mgt-core
forked from community/device-mgt-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add secure pending operations

Browse Source
Navod Zoysa 3 months ago
parent 152b1ad929
commit de6c9d078c
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File

25
components/certificate-mgt/io.entgra.device.mgt.core.certificate.mgt.core/src/main/java/io/entgra/device/mgt/core/certificate/mgt/core/impl/CertificateGenerator.java
Unescape View File

@ -120,6 +120,22 @@ public class CertificateGenerator {
return null;
}
public static String getOrganizationalUnit(X509Certificate requestCertificate) {
String distinguishedName = requestCertificate.getSubjectDN().getName();
if (distinguishedName != null && !distinguishedName.isEmpty()) {
String[] dnSplits = distinguishedName.split(",");
for (String dnSplit : dnSplits) {
if (dnSplit.contains("O=")) {
String[] cnSplits = dnSplit.split("=");
if (cnSplits[1] != null) {
return cnSplits[1];
}
}
}
}
return null;
}
public static void extractCertificateDetails(byte[] certificateBytes, CertificateResponse certificateResponse)
throws CertificateManagementDAOException {
try {
@ -845,8 +861,15 @@ public class CertificateGenerator {
}
String subjectDn = joiner.toString();
X500Name issuerName = new X500Name(subjectDn);
String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
.getValue().toString();
.getValue().toString();
// CSR sent from a Windows device will have an '!' followed by the device ID in the CN
if (commonName.contains("!")) {
commonName = commonName.split("!")[1];
}
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
X500Name subjectName = new X500Name("O=" + commonName + " ,CN=" +
serialNumber + ", OU=tenant_" + tenantId);

15
components/webapp-authenticator-framework/io.entgra.device.mgt.core.webapp.authenticator.framework/src/main/java/io/entgra/device/mgt/core/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
Unescape View File

@ -18,6 +18,7 @@
package io.entgra.device.mgt.core.webapp.authenticator.framework.authenticator;
import io.entgra.device.mgt.core.certificate.mgt.core.impl.CertificateGenerator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log;
@ -128,7 +129,21 @@ public class CertificateAuthenticator implements WebappAuthenticator {
if (tenantedDeviceWrapper.getDevice() != null &&
tenantedDeviceWrapper.getDevice().getEnrolmentInfo() != null) {
EnrolmentInfo enrolmentInfo = tenantedDeviceWrapper.getDevice().getEnrolmentInfo();
authenticationInfo.setUsername(enrolmentInfo.getOwner());
}
authenticationInfo.setStatus(Status.CONTINUE);
} else {
SCEPManager scepManager = AuthenticatorFrameworkDataHolder.getInstance().getScepManager();
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
deviceIdentifier.setId(CertificateGenerator.getOrganizationalUnit(certificate));
deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_WINDOWS);
TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier);
authenticationInfo.setTenantDomain(tenantedDeviceWrapper.getTenantDomain());
authenticationInfo.setTenantId(-1);
if (tenantedDeviceWrapper.getDevice() != null &&
tenantedDeviceWrapper.getDevice().getEnrolmentInfo() != null) {
EnrolmentInfo enrolmentInfo = tenantedDeviceWrapper.getDevice().getEnrolmentInfo();
authenticationInfo.setUsername(enrolmentInfo.getOwner());
}

Write Preview
Loading…
Cancel
Save