package com.ibm.ws.wsat.interceptor;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.jaxws.wsat.components.WSATConfigService;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.wsat.policy.WSATPolicyAwareInterceptor;
import com.ibm.ws.wsat.utils.WSATOSGIService;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.transport.http.AbstractHTTPDestination;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.wsat.webservice_1.0.13.jar:com/ibm/ws/wsat/interceptor/SSLServerInterceptor.class */
public class SSLServerInterceptor extends AbstractPhaseInterceptor<Message> {
    final TraceComponent tc;
    private static final String PEER_CERTIFICATES = "javax.net.ssl.peer_certificates";
    static final long serialVersionUID = -160114459098387345L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(SSLServerInterceptor.class);

    public SSLServerInterceptor() {
        super(Phase.RECEIVE);
        this.tc = Tr.register((Class<?>) SSLServerInterceptor.class, "WSAT", (String) null);
        getAfter().add(WSATPolicyAwareInterceptor.class.getName());
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(Message message) throws Fault {
        WSATConfigService configService = WSATOSGIService.getInstance().getConfigService();
        if (null == configService) {
            throw new Fault("WSAT configuration service is not avaliable", this.tc.getLogger());
        }
        if (configService.isSSLEnabled() && configService.isClientAuthEnabled()) {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) ((HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST)).getAttribute("javax.net.ssl.peer_certificates");
            if (null == x509CertificateArr || 0 == x509CertificateArr.length) {
                throw new Fault("NOT be able to get any certificate to verify, the certificate from client is either INVALID or NULL", this.tc.getLogger());
            }
        }
    }
}
