Merge branch 'master' of https://github.com/wso2/carbon-device-mgt

9 years ago · f200f37c80
parent f2128762f0 486190f182
commit f200f37c80
1 changed files with 4 additions and 1 deletions
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
@ -60,7 +60,7 @@ public class CertificateAuthenticator implements WebappAuthenticator {
            if (request.getHeader(MUTUAL_AUTH_HEADER) != null) {
                X509Certificate[] clientCertificate = (X509Certificate[]) request.
                                                                        getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE);
-                if (clientCertificate[0] != null) {
+                if (clientCertificate != null && clientCertificate[0] != null) {
                    CertificateResponse certificateResponse = AuthenticatorFrameworkDataHolder.getInstance().
                            getCertificateManagementService().verifyPEMSignature(clientCertificate[0]);
                    if (certificateResponse == null) {
@ -86,6 +86,9 @@ public class CertificateAuthenticator implements WebappAuthenticator {
                                                      "but the serial number is missing in the database.");
                    }

+                } else {
+                    authenticationInfo.setStatus(Status.FAILURE);
+                    authenticationInfo.setMessage("No client certificate is present");
                }
            } else if (request.getHeader(CERTIFICATE_VERIFICATION_HEADER) != null) {