in token-service/src/main/java/com/google/solutions/tokenservice/oauth/mtls/XlbMtlsClientCredentialsFlow.java [111:144]
public boolean canAuthenticate(AuthenticationRequest request) {
Preconditions.checkNotNull(request, "request");
var headers = this.request.headers();
var certPresent = headers.get(this.options.clientCertPresentHeaderName);
if (Strings.isNullOrEmpty(certPresent))
{
this.logAdapter
.newWarningEntry(
LogEvents.API_TOKEN,
String.format(
"The header %s is missing, verify that mTLS is enabled for the load balancer backend",
this.options.clientCertPresentHeaderName))
.write();
return false;
}
else if (!"true".equalsIgnoreCase(certPresent))
{
this.logAdapter
.newWarningEntry(
LogEvents.API_TOKEN,
String.format(
"The request did not include a client certificate (%s: %s)",
this.options.clientCertPresentHeaderName,
certPresent))
.write();
return false;
}
return super.canAuthenticate(request);
}