in modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java [1843:1913]
public static void validateTransport(RampartMessageData messageData) throws RampartException {
MessageContext msgContext = messageData.getMsgContext();
RampartPolicyData policyData = messageData.getPolicyData();
AxisConfiguration axisConf = msgContext.getConfigurationContext().getAxisConfiguration();
if(policyData != null && policyData.isTransportBinding() && !messageData.isInitiator()){
if (policyData.getTransportToken() instanceof HttpsToken) {
try {
TransportInDescription transportIn = msgContext.getTransportIn();
if (transportIn == null) {
transportIn = msgContext.getOptions().getTransportIn();
}
//maybe the transportIn was not populated by the receiver
if (transportIn == null) {
transportIn = axisConf.getTransportIn(msgContext.getIncomingTransportName());
}
if (transportIn == null) {
throw new RampartException("httpsVerificationFailed");
}
TransportListener receiver = transportIn.getReceiver();
String incomingEPR = receiver.getEPRsForService(msgContext.getAxisService().getName(),
null)[0].getAddress();
if (incomingEPR == null) {
incomingEPR = msgContext.getIncomingTransportName();
}
if (!incomingEPR.startsWith(org.apache.axis2.Constants.TRANSPORT_HTTPS)) {
if (incomingEPR.indexOf(':') > 0) {
incomingEPR = incomingEPR.substring(0, incomingEPR.indexOf(':'));
}
throw new RampartException("invalidTransport", new String[] { incomingEPR });
}
} catch (AxisFault af) {
String incomingTransport = msgContext.getIncomingTransportName();
if (!incomingTransport.equals(org.apache.axis2.Constants.TRANSPORT_HTTPS)) {
throw new RampartException("invalidTransport", new String[] { incomingTransport });
}
}
// verify client certificate used
// try to obtain the client certificate chain directly from the message context
// and then from the servlet request
HttpsToken token = (HttpsToken)policyData.getTransportToken();
if (token.isRequireClientCertificate()) {
Object certificateChainProperty = msgContext.getProperty(RampartConstants.HTTPS_CLIENT_CERT_KEY);
if (certificateChainProperty instanceof X509Certificate[]) {
// HTTPS client certificate chain found
return;
} else {
Object requestProperty = msgContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
if (requestProperty instanceof HttpServletRequest) {
HttpServletRequest request = (HttpServletRequest)requestProperty;
Object certificateChain = request.getAttribute("javax.servlet.request.X509Certificate"); //$NON-NLS-1$
if (certificateChain instanceof X509Certificate[]) {
// HTTPS client certificate chain found
return;
}
}
}
// HTTPS client certificate chain NOT found
throw new RampartException("httpsClientCertValidationFailed");
}
}
}
}