From 771eda86f7397e8704d56429f4888cab7beadff7 Mon Sep 17 00:00:00 2001 From: imesh94 Date: Mon, 5 Aug 2024 08:22:37 +0530 Subject: [PATCH] Change logic to check for transport cert header first --- .../accelerator/identity/token/TokenFilter.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/open-banking-accelerator/components/com.wso2.openbanking.accelerator.identity/src/main/java/com/wso2/openbanking/accelerator/identity/token/TokenFilter.java b/open-banking-accelerator/components/com.wso2.openbanking.accelerator.identity/src/main/java/com/wso2/openbanking/accelerator/identity/token/TokenFilter.java index 608fcbeb..c9364cfa 100644 --- a/open-banking-accelerator/components/com.wso2.openbanking.accelerator.identity/src/main/java/com/wso2/openbanking/accelerator/identity/token/TokenFilter.java +++ b/open-banking-accelerator/components/com.wso2.openbanking.accelerator.identity/src/main/java/com/wso2/openbanking/accelerator/identity/token/TokenFilter.java @@ -132,15 +132,15 @@ private ServletRequest appendTransportHeader(ServletRequest request, ServletResp if (request instanceof HttpServletRequest) { Object certAttribute = request.getAttribute(IdentityCommonConstants.JAVAX_SERVLET_REQUEST_CERTIFICATE); String x509Certificate = ((HttpServletRequest) request).getHeader(IdentityCommonUtil.getMTLSAuthHeader()); - if (certAttribute != null) { + if (new IdentityCommonHelper().isTransportCertAsHeaderEnabled() && x509Certificate != null) { + return request; + } else if (certAttribute != null) { RequestWrapper requestWrapper = new RequestWrapper((HttpServletRequest) request); X509Certificate certificate = IdentityCommonUtil.getCertificateFromAttribute(certAttribute); requestWrapper.setHeader(IdentityCommonUtil.getMTLSAuthHeader(), new IdentityCommonHelper().encodeCertificateContent(certificate)); return requestWrapper; - } else if (new IdentityCommonHelper().isTransportCertAsHeaderEnabled() && x509Certificate != null) { - return request; - } else { + } else { getDefaultTokenFilter().handleValidationFailure((HttpServletResponse) response, HttpServletResponse.SC_BAD_REQUEST, IdentityCommonConstants.OAUTH2_INVALID_REQUEST_MESSAGE, "Transport certificate not found in the request");