package org.tmatesoft.svn.core.internal.io.svn.sasl;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import org.tmatesoft.svn.core.SVNErrorCode;
import org.tmatesoft.svn.core.SVNErrorMessage;
import org.tmatesoft.svn.core.SVNException;
import org.tmatesoft.svn.core.SVNURL;
import org.tmatesoft.svn.core.auth.ISVNAuthenticationManager;
import org.tmatesoft.svn.core.auth.SVNAuthentication;
import org.tmatesoft.svn.core.auth.SVNPasswordAuthentication;
import org.tmatesoft.svn.core.internal.io.fs.FSRepresentation;
import org.tmatesoft.svn.core.internal.io.svn.SVNAuthenticator;
import org.tmatesoft.svn.core.internal.io.svn.SVNConnection;
import org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl;
import org.tmatesoft.svn.core.internal.util.SVNBase64;
import org.tmatesoft.svn.core.internal.util.SVNHashMap;
import org.tmatesoft.svn.core.internal.wc.SVNErrorManager;
import org.tmatesoft.svn.core.internal.wc17.db.ISVNWCDb;
import org.tmatesoft.svn.util.SVNDebugLog;
import org.tmatesoft.svn.util.SVNLogType;

/* loaded from: input_file:WEB-INF/lib/svnkit-1.8.8.jar:org/tmatesoft/svn/core/internal/io/svn/sasl/SVNSaslAuthenticator.class */
public class SVNSaslAuthenticator extends SVNAuthenticator {
    private SaslClient myClient;
    private ISVNAuthenticationManager myAuthenticationManager;
    private SVNAuthentication myAuthentication;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/svnkit-1.8.8.jar:org/tmatesoft/svn/core/internal/io/svn/sasl/SVNSaslAuthenticator$SVNCallbackHandler.class */
    public static class SVNCallbackHandler implements CallbackHandler {
        private String myRealm;
        private SVNAuthentication myAuthentication;

        public SVNCallbackHandler(String str, SVNAuthentication sVNAuthentication) {
            this.myRealm = str;
            this.myAuthentication = sVNAuthentication;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    String userName = this.myAuthentication.getUserName();
                    ((NameCallback) callback).setName(userName != null ? userName : ISVNWCDb.PRISTINE_TEMPDIR_RELPATH);
                } else if (callback instanceof PasswordCallback) {
                    String password = ((SVNPasswordAuthentication) this.myAuthentication).getPassword();
                    ((PasswordCallback) callback).setPassword(password != null ? password.toCharArray() : new char[0]);
                } else {
                    if (!(callback instanceof RealmCallback)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    ((RealmCallback) callback).setText(this.myRealm);
                }
            }
        }
    }

    public SVNSaslAuthenticator(SVNConnection sVNConnection) throws SVNException {
        super(sVNConnection);
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Removed duplicated region for block: B:25:0x01da  */
    /* JADX WARN: Removed duplicated region for block: B:28:0x01f6  */
    @Override // org.tmatesoft.svn.core.internal.io.svn.SVNAuthenticator
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.tmatesoft.svn.core.auth.SVNAuthentication authenticate(java.util.List r9, java.lang.String r10, org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl r11) throws org.tmatesoft.svn.core.SVNException {
        /*
            Method dump skipped, instructions count: 517
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.tmatesoft.svn.core.internal.io.svn.sasl.SVNSaslAuthenticator.authenticate(java.util.List, java.lang.String, org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl):org.tmatesoft.svn.core.auth.SVNAuthentication");
    }

    @Override // org.tmatesoft.svn.core.internal.io.svn.SVNAuthenticator
    public void dispose() {
        if (this.myClient != null) {
            try {
                this.myClient.dispose();
            } catch (SaslException e) {
            }
        }
    }

    protected boolean tryAuthentication(SVNRepositoryImpl sVNRepositoryImpl, String str) throws SaslException, SVNException {
        String str2 = null;
        boolean z = ("ANONYMOUS".equals(str) || "EXTERNAL".equals(str) || FSRepresentation.REP_PLAIN.equals(str)) ? false : true;
        if ("EXTERNAL".equals(str) && sVNRepositoryImpl.getExternalUserName() != null) {
            str2 = ISVNWCDb.PRISTINE_TEMPDIR_RELPATH;
        } else if (this.myClient.hasInitialResponse()) {
            byte[] evaluateChallenge = this.myClient.evaluateChallenge(new byte[0]);
            if (evaluateChallenge == null) {
                SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "Unexpected initial response received from {0}", str), SVNLogType.NETWORK);
            }
            str2 = toBase64(evaluateChallenge);
        }
        if (str2 != null) {
            getConnection().write("(w(s))", new Object[]{str, str2});
        } else {
            getConnection().write("(w())", new Object[]{str});
        }
        String str3 = "step";
        while ("step".equals(str3)) {
            List readTuple = getConnection().readTuple("w(?s)", true);
            str3 = (String) readTuple.get(0);
            if ("failure".equals(str3)) {
                setLastError(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, (String) (readTuple.size() > 1 ? readTuple.get(1) : ISVNWCDb.PRISTINE_TEMPDIR_RELPATH)));
                return false;
            }
            String str4 = (String) (readTuple.size() > 1 ? readTuple.get(1) : null);
            if (str4 == null && (("CRAM-MD5".equals(str) || "GSSAPI".equals(str)) && "success".equals(str3))) {
                str4 = ISVNWCDb.PRISTINE_TEMPDIR_RELPATH;
            }
            if ((!"step".equals(str3) && !"success".equals(str3)) || (str4 == null && z)) {
                SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "Unexpected server response to authentication"), SVNLogType.NETWORK);
            }
            byte[] bytes = "CRAM-MD5".equals(str) ? str4.getBytes() : fromBase64(str4);
            byte[] bArr = null;
            if (!this.myClient.isComplete()) {
                bArr = this.myClient.evaluateChallenge(bytes);
            }
            if ("success".equals(str3)) {
                return true;
            }
            if (bArr == null) {
                SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "Unexpected response received from {0}", str), SVNLogType.NETWORK);
            }
            if (bArr.length > 0) {
                getConnection().write("s", new Object[]{"CRAM-MD5".equals(str) ? new String(bArr) : toBase64(bArr)});
            } else {
                getConnection().write("s", new Object[]{ISVNWCDb.PRISTINE_TEMPDIR_RELPATH});
            }
        }
        return true;
    }

    protected void setEncryption(SVNRepositoryImpl sVNRepositoryImpl) {
        if (getConnection().isEncrypted()) {
            dispose();
            return;
        }
        String str = (String) this.myClient.getNegotiatedProperty("javax.security.sasl.qop");
        String str2 = (String) this.myClient.getNegotiatedProperty("javax.security.sasl.maxbuffer");
        String str3 = (String) this.myClient.getNegotiatedProperty("javax.security.sasl.rawsendsize");
        if (!"auth-int".equals(str) && !"auth-conf".equals(str)) {
            dispose();
            return;
        }
        int i = 1000;
        int i2 = 1000;
        if (str3 != null) {
            try {
                i = Integer.parseInt(str3);
            } catch (NumberFormatException e) {
                i = 1000;
            }
        }
        if (str2 != null) {
            try {
                i2 = Integer.parseInt(str2);
            } catch (NumberFormatException e2) {
                i2 = 1000;
            }
        }
        SVNDebugLog.getDefaultLog().logFinest(SVNLogType.NETWORK, "SASL read buffer size: " + i2);
        SVNDebugLog.getDefaultLog().logFinest(SVNLogType.NETWORK, "SASL write buffer size: " + i);
        try {
            getPlainOutputStream().flush();
        } catch (IOException e3) {
        }
        setOutputStream(sVNRepositoryImpl.getDebugLog().createLogStream(SVNLogType.NETWORK, new SaslOutputStream(this.myClient, i, getPlainOutputStream())));
        setInputStream(sVNRepositoryImpl.getDebugLog().createLogStream(SVNLogType.NETWORK, new SaslInputStream(this.myClient, i2, getPlainInputStream())));
        getConnection().setEncrypted(this);
    }

    protected SaslClient createSaslClient(List list, String str, SVNRepositoryImpl sVNRepositoryImpl, SVNURL svnurl) throws SVNException {
        SVNAuthentication sVNAuthentication;
        SVNHashMap sVNHashMap = new SVNHashMap();
        sVNHashMap.put("javax.security.sasl.qop", "auth-conf,auth-int,auth");
        sVNHashMap.put("javax.security.sasl.maxbuffer", "8192");
        sVNHashMap.put("javax.security.sasl.rawsendsize", "8192");
        sVNHashMap.put("javax.security.sasl.policy.noplaintext", "false");
        sVNHashMap.put("javax.security.sasl.reuse", "false");
        sVNHashMap.put("javax.security.sasl.policy.noanonymous", "true");
        String[] strArr = (String[]) list.toArray(new String[list.size()]);
        SaslClient saslClient = null;
        for (int i = 0; i < strArr.length; i++) {
            String str2 = strArr[i];
            try {
                if ("ANONYMOUS".equals(str2) || "EXTERNAL".equals(str2) || FSRepresentation.REP_PLAIN.equals(str2)) {
                    sVNHashMap.put("javax.security.sasl.policy.noanonymous", "false");
                }
                SaslClientFactory saslClientFactory = getSaslClientFactory(str2, sVNHashMap);
                if (saslClientFactory != null) {
                    if ("ANONYMOUS".equals(str2)) {
                        sVNAuthentication = new SVNPasswordAuthentication(ISVNWCDb.PRISTINE_TEMPDIR_RELPATH, ISVNWCDb.PRISTINE_TEMPDIR_RELPATH, false, svnurl, false);
                    } else if ("EXTERNAL".equals(str2)) {
                        String externalUserName = sVNRepositoryImpl.getExternalUserName();
                        if (externalUserName == null) {
                            externalUserName = ISVNWCDb.PRISTINE_TEMPDIR_RELPATH;
                        }
                        sVNAuthentication = new SVNPasswordAuthentication(externalUserName, ISVNWCDb.PRISTINE_TEMPDIR_RELPATH, false, svnurl, false);
                    } else {
                        if (this.myAuthenticationManager == null) {
                            SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "Authentication required for ''{0}''", str), SVNLogType.NETWORK);
                        }
                        String fullRealmName = getFullRealmName(svnurl, str);
                        if (this.myAuthentication != null) {
                            this.myAuthentication = this.myAuthenticationManager.getNextAuthentication(ISVNAuthenticationManager.PASSWORD, fullRealmName, svnurl);
                        } else {
                            this.myAuthentication = this.myAuthenticationManager.getFirstAuthentication(ISVNAuthenticationManager.PASSWORD, fullRealmName, svnurl);
                        }
                        if (this.myAuthentication == null) {
                            if (getLastError() != null) {
                                SVNErrorManager.error(getLastError(), SVNLogType.NETWORK);
                            }
                            SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "Authentication required for ''{0}''", str), SVNLogType.NETWORK);
                        }
                        sVNAuthentication = this.myAuthentication;
                    }
                    String[] strArr2 = new String[1];
                    strArr2[0] = "ANONYMOUS".equals(str2) ? FSRepresentation.REP_PLAIN : str2;
                    saslClient = saslClientFactory.createSaslClient(strArr2, (String) null, "svn", svnurl.getHost(), sVNHashMap, new SVNCallbackHandler(str, sVNAuthentication));
                    if (saslClient != null) {
                        break;
                    }
                    this.myAuthentication = null;
                }
            } catch (SaslException e) {
                list.remove(strArr[i]);
                this.myAuthentication = null;
            }
        }
        return saslClient;
    }

    private static String getFullRealmName(SVNURL svnurl, String str) {
        return (svnurl == null || str == null) ? str : "<" + svnurl.getProtocol() + "://" + svnurl.getHost() + ":" + svnurl.getPort() + "> " + str;
    }

    private static String toBase64(byte[] bArr) {
        return SVNBase64.byteArrayToBase64(bArr);
    }

    private static byte[] fromBase64(String str) {
        if (str == null) {
            return new byte[0];
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (!Character.isWhitespace(charAt) && charAt != '\n' && charAt != '\r') {
                byteArrayOutputStream.write(((byte) charAt) & 255);
            }
        }
        byte[] bArr = new byte[str.length()];
        try {
            str = new String(byteArrayOutputStream.toByteArray(), "US-ASCII");
        } catch (UnsupportedEncodingException e) {
        }
        int base64ToByteArray = SVNBase64.base64ToByteArray(new StringBuffer(str), bArr);
        byte[] bArr2 = new byte[base64ToByteArray];
        for (int i2 = base64ToByteArray - 1; i2 >= 0; i2--) {
            if (i2 == -1) {
                base64ToByteArray--;
            }
        }
        System.arraycopy(bArr, 0, bArr2, 0, base64ToByteArray);
        return bArr2;
    }

    private static String getMechanismName(SaslClient saslClient, boolean z) {
        if (saslClient == null) {
            return null;
        }
        String mechanismName = saslClient.getMechanismName();
        if (FSRepresentation.REP_PLAIN.equals(mechanismName) && z) {
            mechanismName = "ANONYMOUS";
        }
        return mechanismName;
    }

    private static SaslClientFactory getSaslClientFactory(String str, Map map) {
        if (str == null) {
            return null;
        }
        if ("ANONYMOUS".equals(str)) {
            str = FSRepresentation.REP_PLAIN;
        }
        Enumeration saslClientFactories = Sasl.getSaslClientFactories();
        while (saslClientFactories.hasMoreElements()) {
            SaslClientFactory saslClientFactory = (SaslClientFactory) saslClientFactories.nextElement();
            String[] mechanismNames = saslClientFactory.getMechanismNames(map);
            for (int i = 0; mechanismNames != null && i < mechanismNames.length; i++) {
                if (str.endsWith(mechanismNames[i])) {
                    return saslClientFactory;
                }
            }
        }
        return null;
    }
}
