package org.tmatesoft.svn.core.internal.wc;

import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.logging.Level;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.tmatesoft.svn.core.SVNException;
import org.tmatesoft.svn.core.SVNProperties;
import org.tmatesoft.svn.core.SVNURL;
import org.tmatesoft.svn.core.auth.ISVNAuthenticationProvider;
import org.tmatesoft.svn.core.internal.util.SVNBase64;
import org.tmatesoft.svn.core.internal.util.SVNHashMap;
import org.tmatesoft.svn.core.internal.util.SVNSSLUtil;
import org.tmatesoft.svn.core.internal.wc17.db.ISVNWCDb;
import org.tmatesoft.svn.util.SVNDebugLog;
import org.tmatesoft.svn.util.SVNLogType;

/* loaded from: input_file:WEB-INF/lib/svnkit-1.7.10.jar:org/tmatesoft/svn/core/internal/wc/DefaultSVNSSLTrustManager.class */
public class DefaultSVNSSLTrustManager implements X509TrustManager {
    private SVNURL myURL;
    private DefaultSVNAuthenticationManager myAuthManager;
    private X509Certificate[] myTrustedCerts;
    private String myRealm;
    private File myAuthDirectory;
    private boolean myIsUseKeyStore;
    private File[] myServerCertFiles;
    private X509TrustManager[] myDefaultTrustManagers;

    public DefaultSVNSSLTrustManager(File file, SVNURL svnurl, File[] fileArr, boolean z, DefaultSVNAuthenticationManager defaultSVNAuthenticationManager) {
        this.myURL = svnurl;
        this.myAuthDirectory = file;
        this.myRealm = "https://" + svnurl.getHost() + ":" + svnurl.getPort();
        this.myAuthManager = defaultSVNAuthenticationManager;
        this.myIsUseKeyStore = z;
        this.myServerCertFiles = fileArr;
    }

    private X509TrustManager[] getDefaultTrustManagers() {
        if (this.myDefaultTrustManagers == null && this.myIsUseKeyStore) {
            this.myDefaultTrustManagers = initDefaultTrustManagers();
        }
        return this.myDefaultTrustManagers;
    }

    private X509TrustManager[] initDefaultTrustManagers() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers == null || trustManagers.length == 0) {
                return null;
            }
            ArrayList arrayList = new ArrayList();
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    arrayList.add(trustManager);
                }
            }
            return (X509TrustManager[]) arrayList.toArray(new X509TrustManager[arrayList.size()]);
        } catch (KeyStoreException e) {
            SVNDebugLog.getDefaultLog().log(SVNLogType.DEFAULT, e, Level.FINEST);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            SVNDebugLog.getDefaultLog().log(SVNLogType.DEFAULT, e2, Level.FINEST);
            return null;
        } catch (NoSuchProviderException e3) {
            SVNDebugLog.getDefaultLog().log(SVNLogType.DEFAULT, e3, Level.FINEST);
            return null;
        }
    }

    private void init() {
        if (this.myTrustedCerts != null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.myServerCertFiles.length; i++) {
            X509Certificate loadCertificate = loadCertificate(this.myServerCertFiles[i]);
            if (loadCertificate != null) {
                arrayList.add(loadCertificate);
            }
        }
        X509TrustManager[] defaultTrustManagers = getDefaultTrustManagers();
        for (int i2 = 0; defaultTrustManagers != null && i2 < defaultTrustManagers.length; i2++) {
            X509Certificate[] acceptedIssuers = defaultTrustManagers[i2].getAcceptedIssuers();
            for (int i3 = 0; acceptedIssuers != null && i3 < acceptedIssuers.length; i3++) {
                arrayList.add(acceptedIssuers[i3]);
            }
        }
        this.myTrustedCerts = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        init();
        return this.myTrustedCerts;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0 || x509CertificateArr[0] == null) {
            return;
        }
        String byteArrayToBase64 = SVNBase64.byteArrayToBase64(x509CertificateArr[0].getEncoded());
        if (byteArrayToBase64.equals((String) this.myAuthManager.getRuntimeAuthStorage().getData("svn.ssl.server", this.myRealm)) || byteArrayToBase64.equals(getStoredServerCertificate(this.myRealm))) {
            return;
        }
        ISVNAuthenticationProvider authenticationProvider = this.myAuthManager.getAuthenticationProvider();
        int serverCertificateFailures = SVNSSLUtil.getServerCertificateFailures(x509CertificateArr[0], this.myURL.getHost());
        if (authenticationProvider != null) {
            boolean isAuthStorageEnabled = this.myAuthManager.getHostOptionsProvider().getHostOptions(this.myURL).isAuthStorageEnabled();
            int acceptServerAuthentication = checkServerTrustedByDefault(x509CertificateArr, str) ? 2 : authenticationProvider.acceptServerAuthentication(this.myURL, this.myRealm, x509CertificateArr[0], isAuthStorageEnabled);
            if (acceptServerAuthentication == 2 && isAuthStorageEnabled) {
                try {
                    storeServerCertificate(this.myRealm, byteArrayToBase64, serverCertificateFailures);
                } catch (SVNException e) {
                    SVNDebugLog.getDefaultLog().logError(SVNLogType.NETWORK, e);
                }
            }
            if (acceptServerAuthentication == 0) {
                throw new SVNSSLUtil.CertificateNotTrustedException("svn: Server SSL certificate for '" + this.myRealm + "' rejected");
            }
            this.myAuthManager.getRuntimeAuthStorage().putData("svn.ssl.server", this.myRealm, byteArrayToBase64);
        }
    }

    private boolean checkServerTrustedByDefault(X509Certificate[] x509CertificateArr, String str) {
        X509TrustManager[] defaultTrustManagers = getDefaultTrustManagers();
        if (defaultTrustManagers == null) {
            return false;
        }
        for (X509TrustManager x509TrustManager : defaultTrustManagers) {
            boolean z = true;
            try {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                z = false;
            }
            if (z) {
                return true;
            }
        }
        return false;
    }

    private String getStoredServerCertificate(String str) {
        File file = new File(this.myAuthDirectory, SVNFileUtil.computeChecksum(str));
        if (!file.isFile()) {
            return null;
        }
        SVNWCProperties sVNWCProperties = new SVNWCProperties(file, ISVNWCDb.PRISTINE_TEMPDIR_RELPATH);
        try {
            if (str.equals(sVNWCProperties.getPropertyValue("svn:realmstring"))) {
                return sVNWCProperties.getPropertyValue("ascii_cert");
            }
            return null;
        } catch (SVNException e) {
            return null;
        }
    }

    private void storeServerCertificate(String str, String str2, int i) throws SVNException {
        this.myAuthDirectory.mkdirs();
        File file = new File(this.myAuthDirectory, SVNFileUtil.computeChecksum(str));
        SVNHashMap sVNHashMap = new SVNHashMap();
        sVNHashMap.put("ascii_cert", str2);
        sVNHashMap.put("svn:realmstring", str);
        sVNHashMap.put("failures", Integer.toString(i));
        SVNFileUtil.deleteFile(file);
        File createUniqueFile = SVNFileUtil.createUniqueFile(this.myAuthDirectory, "auth", ".tmp", true);
        try {
            SVNWCProperties.setProperties(SVNProperties.wrap(sVNHashMap), file, createUniqueFile, SVNWCProperties.SVN_HASH_TERMINATOR);
            SVNFileUtil.deleteFile(createUniqueFile);
        } catch (Throwable th) {
            SVNFileUtil.deleteFile(createUniqueFile);
            throw th;
        }
    }

    public static X509Certificate loadCertificate(File file) {
        try {
            InputStream openFileForReading = SVNFileUtil.openFileForReading(file, SVNLogType.WC);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(openFileForReading);
                SVNFileUtil.closeFile(openFileForReading);
                return x509Certificate;
            } catch (CertificateException e) {
                SVNFileUtil.closeFile(openFileForReading);
                return null;
            } catch (Throwable th) {
                SVNFileUtil.closeFile(openFileForReading);
                throw th;
            }
        } catch (SVNException e2) {
            return null;
        }
    }
}
