From d340b62567436453f91b71e2fbc2b5a4b2bede99 Mon Sep 17 00:00:00 2001
From: BLasan <benuraab@gmail.com>
Date: Fri, 18 Aug 2023 15:43:48 +0530
Subject: [PATCH] fixes: https://github.com/wso2/api-manager/issues/2101

---
 .../security/authenticator/MutualSSLAuthenticator.java      | 6 +++++-
 .../wso2/carbon/apimgt/impl/utils/CertificateMgtUtils.java  | 4 +++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator.java b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator.java
index 2b32491412a5..5f488cad90cb 100644
--- a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator.java
+++ b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator.java
@@ -75,7 +75,11 @@ public MutualSSLAuthenticator(String apiLevelPolicy, boolean isMandatory, String
             for (String certificatePart : certificateParts) {
                 int tierDivisionIndex = certificatePart.lastIndexOf("=");
                 if (tierDivisionIndex > 0) {
-                    String uniqueIdentifier = certificatePart.substring(0, tierDivisionIndex).trim();
+                    String uniqueIdentifier = certificatePart.substring(0, tierDivisionIndex)
+                            .replaceAll("&amp;", "&")
+                            .replaceAll("&lt;", "<")
+                            .replaceAll("&gt;", ">")
+                            .trim();
                     String tier = certificatePart.substring(tierDivisionIndex + 1);
                     certificates.put(uniqueIdentifier, tier);
                 }
diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/CertificateMgtUtils.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/CertificateMgtUtils.java
index 9c0707e32c1f..21a718ab047a 100644
--- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/CertificateMgtUtils.java
+++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/CertificateMgtUtils.java
@@ -617,7 +617,9 @@ public String getUniqueIdentifierOfCertificate(String certificate) {
                 Certificate generatedCertificate = cf.generateCertificate(serverCert);
                 X509Certificate x509Certificate = (X509Certificate) generatedCertificate;
                 uniqueIdentifier = x509Certificate.getSerialNumber() + "_" + x509Certificate.getIssuerDN();
-                uniqueIdentifier = uniqueIdentifier.replaceAll(",", "#").replaceAll("\"", "'");
+                uniqueIdentifier = uniqueIdentifier.replaceAll(",", "#").replaceAll("\"", "'")
+                        .replaceAll("&", "&amp;")
+                        .replaceAll("<", "&lt;").replaceAll(">", "&gt;");
             }
         } catch (CertificateException e) {
             log.error("Error while getting serial number of the certificate.", e);