package org.tmatesoft.svn.core.internal.wc;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.tmatesoft.svn.core.SVNCancelException;
import org.tmatesoft.svn.core.SVNErrorCode;
import org.tmatesoft.svn.core.SVNErrorMessage;
import org.tmatesoft.svn.core.SVNException;
import org.tmatesoft.svn.core.SVNURL;
import org.tmatesoft.svn.core.auth.ISVNAuthenticationProvider;
import org.tmatesoft.svn.core.auth.ISVNSSLManager;
import org.tmatesoft.svn.core.auth.SVNSSLAuthentication;
import org.tmatesoft.svn.core.internal.util.SVNBase64;
import org.tmatesoft.svn.util.SVNDebugLog;

/* loaded from: input_file:lib/svnkit.jar:org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLManager.class */
public class DefaultSVNSSLManager implements ISVNSSLManager {
    private SVNURL myURL;
    private File myClientCertFile;
    private String myClientCertPassword;
    private DefaultSVNAuthenticationManager myAuthManager;
    private KeyManager[] myKeyManagers;
    private X509Certificate[] myTrustedCerts;
    private boolean myIsKeyManagerCreated;
    private String myRealm;
    private File myAuthDirectory;
    private boolean myIsUseKeyStore;
    private File[] myServerCertFiles;
    private boolean myIsPromptForClientCert;
    private SVNSSLAuthentication myClientAuthentication;
    private Throwable myClientCertError;
    private TrustAnchor[] myTrustedAnchors;

    public DefaultSVNSSLManager(File file, SVNURL svnurl, File[] fileArr, boolean z, File file2, String str, boolean z2, DefaultSVNAuthenticationManager defaultSVNAuthenticationManager) {
        this.myURL = svnurl;
        this.myAuthDirectory = file;
        this.myClientCertFile = file2;
        this.myClientCertPassword = str;
        this.myIsPromptForClientCert = z2;
        this.myRealm = new StringBuffer("https://").append(svnurl.getHost()).append(":").append(svnurl.getPort()).toString();
        this.myAuthManager = defaultSVNAuthenticationManager;
        this.myIsUseKeyStore = z;
        this.myServerCertFiles = fileArr;
        if (this.myClientCertFile != null) {
            getKeyManagers();
        }
    }

    @Override // org.tmatesoft.svn.core.auth.ISVNSSLManager
    public Throwable getClientCertLoadingError() {
        return this.myClientCertError;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void init() {
        if (this.myTrustedCerts != null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (int i = 0; i < this.myServerCertFiles.length; i++) {
            X509Certificate loadCertificate = loadCertificate(this.myServerCertFiles[i]);
            if (loadCertificate != null) {
                arrayList.add(loadCertificate);
                arrayList2.add(new TrustAnchor(loadCertificate, null));
            }
        }
        if (this.myIsUseKeyStore) {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                if (keyStore != null) {
                    File file = new File(new StringBuffer(String.valueOf(System.getProperty("java.home"))).append("/lib/security/cacerts").toString().replace('/', File.separatorChar));
                    InputStream inputStream = null;
                    try {
                        try {
                            if (file.isFile() && file.canRead()) {
                                inputStream = SVNFileUtil.openFileForReading(file);
                            }
                            keyStore.load(inputStream, null);
                        } catch (Throwable th) {
                            SVNFileUtil.closeFile(inputStream);
                            throw th;
                        }
                    } catch (IOException e) {
                    } catch (NoSuchAlgorithmException e2) {
                    } catch (CertificateException e3) {
                    } catch (SVNException e4) {
                    }
                    SVNFileUtil.closeFile(inputStream);
                    for (TrustAnchor trustAnchor : new PKIXParameters(keyStore).getTrustAnchors()) {
                        arrayList2.add(trustAnchor);
                        X509Certificate trustedCert = trustAnchor.getTrustedCert();
                        if (trustedCert != null) {
                            arrayList.add(trustedCert);
                        }
                    }
                }
            } catch (InvalidAlgorithmParameterException e5) {
            } catch (KeyStoreException e6) {
            }
        }
        this.myTrustedCerts = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        this.myTrustedAnchors = (TrustAnchor[]) arrayList2.toArray(new TrustAnchor[arrayList2.size()]);
    }

    @Override // org.tmatesoft.svn.core.auth.ISVNSSLManager
    public SSLContext getSSLContext() throws IOException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSLv3");
            sSLContext.init(getKeyManagers(), new TrustManager[]{new X509TrustManager(this) { // from class: org.tmatesoft.svn.core.internal.wc.DefaultSVNSSLManager.1
                final DefaultSVNSSLManager this$0;

                {
                    this.this$0 = this;
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    this.this$0.init();
                    return this.this$0.myTrustedCerts;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    if (x509CertificateArr == null || x509CertificateArr.length <= 0 || x509CertificateArr[0] == null) {
                        return;
                    }
                    this.this$0.init();
                    if (this.this$0.myTrustedAnchors != null && this.this$0.myTrustedAnchors.length > 0) {
                        try {
                            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(Arrays.asList(x509CertificateArr));
                            PKIXParameters pKIXParameters = new PKIXParameters(new HashSet(Arrays.asList(this.this$0.myTrustedAnchors)));
                            pKIXParameters.setRevocationEnabled(false);
                            PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXParameters);
                            if (pKIXCertPathValidatorResult != null) {
                                if (pKIXCertPathValidatorResult.getTrustAnchor() != null) {
                                    return;
                                }
                            }
                        } catch (InvalidAlgorithmParameterException e) {
                        } catch (NoSuchAlgorithmException e2) {
                        } catch (CertPathValidatorException e3) {
                        }
                    }
                    String byteArrayToBase64 = SVNBase64.byteArrayToBase64(x509CertificateArr[0].getEncoded());
                    if (byteArrayToBase64.equals((String) this.this$0.myAuthManager.getRuntimeAuthStorage().getData("svn.ssl.server", this.this$0.myRealm)) || byteArrayToBase64.equals(this.this$0.getStoredServerCertificate(this.this$0.myRealm))) {
                        return;
                    }
                    ISVNAuthenticationProvider authenticationProvider = this.this$0.myAuthManager.getAuthenticationProvider();
                    int serverCertificateFailures = this.this$0.getServerCertificateFailures(x509CertificateArr[0]);
                    if (authenticationProvider != null) {
                        boolean z = this.this$0.myAuthManager.isAuthStorageEnabled() || this.this$0.myAuthManager.isSSLStorageEnabled();
                        int acceptServerAuthentication = authenticationProvider.acceptServerAuthentication(this.this$0.myURL, this.this$0.myRealm, x509CertificateArr[0], z);
                        if (acceptServerAuthentication == 2 && z) {
                            try {
                                this.this$0.storeServerCertificate(this.this$0.myRealm, byteArrayToBase64, serverCertificateFailures);
                            } catch (SVNException e4) {
                                CertificateException certificateException = new CertificateException(new StringBuffer("svn: Server SSL ceritificate for '").append(this.this$0.myRealm).append("' cannot be saved").toString());
                                certificateException.initCause(new SVNCancelException(SVNErrorMessage.create(SVNErrorCode.CANCELLED, certificateException.getMessage())));
                                throw certificateException;
                            }
                        }
                        if (acceptServerAuthentication != 0) {
                            this.this$0.myAuthManager.getRuntimeAuthStorage().putData("svn.ssl.server", this.this$0.myRealm, byteArrayToBase64);
                        } else {
                            CertificateException certificateException2 = new CertificateException(new StringBuffer("svn: Server SSL ceritificate for '").append(this.this$0.myRealm).append("' rejected").toString());
                            certificateException2.initCause(new SVNCancelException(SVNErrorMessage.create(SVNErrorCode.CANCELLED, certificateException2.getMessage())));
                            throw certificateException2;
                        }
                    }
                }
            }}, null);
            return sSLContext;
        } catch (KeyManagementException e) {
            throw new IOException(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new IOException(e2.getMessage());
        }
    }

    @Override // org.tmatesoft.svn.core.auth.ISVNSSLManager
    public void acknowledgeSSLContext(boolean z, SVNErrorMessage sVNErrorMessage) {
        if (z) {
            return;
        }
        this.myIsKeyManagerCreated = false;
        this.myClientCertError = null;
        this.myKeyManagers = null;
        this.myTrustedCerts = null;
        this.myTrustedAnchors = null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int getServerCertificateFailures(X509Certificate x509Certificate) {
        int i = 8;
        Date date = new Date(System.currentTimeMillis());
        if (date.before(x509Certificate.getNotBefore())) {
            i = 8 | 1;
        }
        if (date.after(x509Certificate.getNotAfter())) {
            i |= 2;
        }
        String name = x509Certificate.getSubjectDN().getName();
        int indexOf = name.indexOf("CN=") + 3;
        if (indexOf >= 0) {
            name = name.substring(indexOf);
            if (name.indexOf(32) >= 0) {
                name = name.substring(0, name.indexOf(32));
            }
            if (name.indexOf(44) >= 0) {
                name = name.substring(0, name.indexOf(44));
            }
        }
        if (!this.myURL.getHost().equals(name)) {
            i |= 4;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getStoredServerCertificate(String str) {
        File file = new File(this.myAuthDirectory, SVNFileUtil.computeChecksum(str));
        if (!file.isFile()) {
            return null;
        }
        SVNProperties sVNProperties = new SVNProperties(file, "");
        try {
            if (str.equals(sVNProperties.getPropertyValue("svn:realmstring"))) {
                return sVNProperties.getPropertyValue("ascii_cert");
            }
            return null;
        } catch (SVNException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void storeServerCertificate(String str, String str2, int i) throws SVNException {
        this.myAuthDirectory.mkdirs();
        SVNProperties sVNProperties = new SVNProperties(new File(this.myAuthDirectory, SVNFileUtil.computeChecksum(str)), "");
        sVNProperties.delete();
        try {
            sVNProperties.setPropertyValue("ascii_cert", str2);
            sVNProperties.setPropertyValue("svn:realmstring", str);
            sVNProperties.setPropertyValue("failures", Integer.toString(i));
            SVNFileUtil.setReadonly(sVNProperties.getFile(), false);
        } catch (SVNException e) {
            sVNProperties.delete();
        }
    }

    private KeyManager[] getKeyManagers() {
        if (this.myIsKeyManagerCreated) {
            return this.myKeyManagers;
        }
        this.myIsKeyManagerCreated = true;
        if (this.myClientCertFile == null) {
            return null;
        }
        this.myKeyManagers = loadClientCertificate();
        return this.myKeyManagers;
    }

    private KeyManager[] loadClientCertificate() {
        char[] cArr = (char[]) null;
        if (this.myClientCertPassword != null) {
            cArr = this.myClientCertPassword.toCharArray();
        }
        try {
            InputStream openFileForReading = SVNFileUtil.openFileForReading(this.myClientCertFile);
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                if (keyStore != null) {
                    keyStore.load(openFileForReading, cArr);
                }
                KeyManager[] keyManagerArr = (KeyManager[]) null;
                if (keyStore != null) {
                    try {
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                        if (keyManagerFactory != null) {
                            keyManagerFactory.init(keyStore, cArr);
                            keyManagerArr = keyManagerFactory.getKeyManagers();
                        }
                    } catch (Throwable th) {
                        this.myClientCertError = th;
                        SVNDebugLog.getDefaultLog().info(th);
                    }
                }
                return keyManagerArr;
            } catch (Throwable th2) {
                SVNDebugLog.getDefaultLog().info(th2);
                this.myClientCertError = th2;
                return null;
            } finally {
                SVNFileUtil.closeFile(openFileForReading);
            }
        } catch (SVNException e) {
            this.myClientCertError = e;
            return null;
        }
    }

    private static X509Certificate loadCertificate(File file) {
        InputStream inputStream = null;
        try {
            try {
                inputStream = SVNFileUtil.openFileForReading(file);
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream);
                    SVNFileUtil.closeFile(inputStream);
                    return x509Certificate;
                } catch (CertificateException e) {
                    SVNDebugLog.getDefaultLog().info(e);
                    SVNFileUtil.closeFile(inputStream);
                    return null;
                }
            } catch (SVNException e2) {
                return null;
            }
        } catch (Throwable th) {
            SVNFileUtil.closeFile(inputStream);
            throw th;
        }
    }

    @Override // org.tmatesoft.svn.core.auth.ISVNSSLManager
    public boolean isClientCertPromptRequired() {
        return this.myIsPromptForClientCert;
    }

    @Override // org.tmatesoft.svn.core.auth.ISVNSSLManager
    public void setClientAuthentication(SVNSSLAuthentication sVNSSLAuthentication) {
        if (sVNSSLAuthentication != null) {
            this.myClientCertFile = sVNSSLAuthentication.getCertificateFile();
            this.myClientCertPassword = sVNSSLAuthentication.getPassword();
        } else {
            this.myClientCertFile = null;
            this.myClientCertPassword = null;
        }
        this.myClientAuthentication = sVNSSLAuthentication;
        this.myKeyManagers = loadClientCertificate();
        this.myIsKeyManagerCreated = true;
    }

    @Override // org.tmatesoft.svn.core.auth.ISVNSSLManager
    public SVNSSLAuthentication getClientAuthentication() {
        return this.myClientAuthentication;
    }
}
