package com.ibm.ws.wsat.interceptor;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.ws.jaxws.wsat.Constants;
import com.ibm.ws.jaxws.wsat.components.WSATConfigService;
import com.ibm.ws.wsat.utils.WSCoorConstants;
import com.ibm.ws.wsat.utils.WSCoorUtil;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;

/* loaded from: input_file:com/ibm/ws/wsat/interceptor/SSLServerInterceptor.class */
public class SSLServerInterceptor extends AbstractPhaseInterceptor<Message> {
    final TraceComponent tc;
    private static final String PEER_CERTIFICATES = "javax.net.ssl.peer_certificates";

    public SSLServerInterceptor() {
        super("receive");
        this.tc = Tr.register(SSLServerInterceptor.class, WSCoorConstants.TRACE_GROUP, (String) null);
        getAfter().add(Constants.WS_INTERCEPTOR_CLASSNAME);
    }

    public void handleMessage(Message message) throws Fault {
        WSATConfigService configService = WSCoorUtil.getConfigService();
        if (null == configService) {
            throw new Fault("WSAT configuration service is not avaliable", this.tc.getLogger());
        }
        if (configService.isSSLEnabled() && configService.isClientAuthEnabled()) {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) ((HttpServletRequest) message.get("HTTP.REQUEST")).getAttribute(PEER_CERTIFICATES);
            if (null == x509CertificateArr || 0 == x509CertificateArr.length) {
                throw new Fault("NOT be able to get any certificate to verify, the certificate from client is either INVALID or NULL", this.tc.getLogger());
            }
        }
    }
}
