plugins/svn4idea/src/org/jetbrains/idea/svn/commandLine/CertificateCallbackCase.java - platform/tools/idea - Git at Google

 /*
  * Copyright 2000-2013 JetBrains s.r.o.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.jetbrains.idea.svn.commandLine;

 import com.intellij.openapi.util.text.StringUtil;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.idea.svn.auth.AuthenticationService;
 import org.tmatesoft.svn.core.SVNException;
 import org.tmatesoft.svn.core.SVNURL;

 /**
  * @author Konstantin Kolosovsky.
  */
 public class CertificateCallbackCase extends AuthCallbackCase {

   private static final String CERTIFICATE_ERROR = "Error validating server certificate for";
   private static final String UNTRUSTED_SERVER_CERTIFICATE = "Server SSL certificate untrusted";
   private static final String CERTIFICATE_VERIFICATION_FAILED = "certificate verification failed";

   private boolean accepted;

   CertificateCallbackCase(@NotNull AuthenticationService authenticationService, SVNURL url) {
     super(authenticationService, url);
   }

   @Override
   public boolean canHandle(String error) {
     return error.startsWith(CERTIFICATE_ERROR) ||
            // https one-way protocol untrusted server certificate
            error.contains(UNTRUSTED_SERVER_CERTIFICATE) ||
            // for instance, certificate issued for a different hostname, issuer is not trusted - for both 1.7 and 1.8
            error.contains(CERTIFICATE_VERIFICATION_FAILED);
   }

   @Override
   public boolean getCredentials(final String errText) throws SvnBindException {
     String realm = getRealm(errText);

     if (!errText.startsWith(CERTIFICATE_ERROR)) {
       // if we do not have explicit realm in error message - use server url and not full repository url
       // as SVNKit lifecycle resolves ssl realm (for saving certificate to runtime storage) as server url
       SVNURL serverUrl = getServerUrl(realm);
       realm = serverUrl != null ? serverUrl.toString() : realm;
     }

     if (!myTried && myAuthenticationService.acceptSSLServerCertificate(myUrl, realm)) {
       accepted = true;
       myTried = true;
       return true;
     }
     throw new SvnBindException("Server SSL certificate rejected");
   }

   private static String getRealm(String errText) throws SvnBindException {
     String realm = errText;
     final int idx1 = realm.indexOf('\'');
     if (idx1 == -1) {
       throw new SvnBindException("Can not detect authentication realm name: " + errText);
     }
     final int idx2 = realm.indexOf('\'', idx1 + 1);
     if (idx2 == -1) {
       throw new SvnBindException("Can not detect authentication realm name: " + errText);
     }
     realm = realm.substring(idx1 + 1, idx2);
     return realm;
   }

   @Override
   public void updateParameters(@NotNull Command command) {
     if (accepted) {
       command.put("--trust-server-cert");
       // force --non-interactive as it is required by --trust-server-cert, but --non-interactive is not default mode for 1.7 or earlier
       command.put("--non-interactive");
     }
   }

   private SVNURL getServerUrl(String realm) {
     SVNURL result = parseUrl(realm);

     while (result != null && !StringUtil.isEmpty(result.getPath())) {
       try {
         result = result.removePathTail();
       }
       catch (SVNException e) {
         result = null;
       }
     }

     return result;
   }
 }
	/*
	* Copyright 2000-2013 JetBrains s.r.o.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.jetbrains.idea.svn.commandLine;

	import com.intellij.openapi.util.text.StringUtil;
	import org.jetbrains.annotations.NotNull;
	import org.jetbrains.idea.svn.auth.AuthenticationService;
	import org.tmatesoft.svn.core.SVNException;
	import org.tmatesoft.svn.core.SVNURL;

	/**
	* @author Konstantin Kolosovsky.
	*/
	public class CertificateCallbackCase extends AuthCallbackCase {

	private static final String CERTIFICATE_ERROR = "Error validating server certificate for";
	private static final String UNTRUSTED_SERVER_CERTIFICATE = "Server SSL certificate untrusted";
	private static final String CERTIFICATE_VERIFICATION_FAILED = "certificate verification failed";

	private boolean accepted;

	CertificateCallbackCase(@NotNull AuthenticationService authenticationService, SVNURL url) {
	super(authenticationService, url);
	}

	@Override
	public boolean canHandle(String error) {
	return error.startsWith(CERTIFICATE_ERROR) \|\|
	// https one-way protocol untrusted server certificate
	error.contains(UNTRUSTED_SERVER_CERTIFICATE) \|\|
	// for instance, certificate issued for a different hostname, issuer is not trusted - for both 1.7 and 1.8
	error.contains(CERTIFICATE_VERIFICATION_FAILED);
	}

	@Override
	public boolean getCredentials(final String errText) throws SvnBindException {
	String realm = getRealm(errText);

	if (!errText.startsWith(CERTIFICATE_ERROR)) {
	// if we do not have explicit realm in error message - use server url and not full repository url
	// as SVNKit lifecycle resolves ssl realm (for saving certificate to runtime storage) as server url
	SVNURL serverUrl = getServerUrl(realm);
	realm = serverUrl != null ? serverUrl.toString() : realm;
	}

	if (!myTried && myAuthenticationService.acceptSSLServerCertificate(myUrl, realm)) {
	accepted = true;
	myTried = true;
	return true;
	}
	throw new SvnBindException("Server SSL certificate rejected");
	}

	private static String getRealm(String errText) throws SvnBindException {
	String realm = errText;
	final int idx1 = realm.indexOf('\'');
	if (idx1 == -1) {
	throw new SvnBindException("Can not detect authentication realm name: " + errText);
	}
	final int idx2 = realm.indexOf('\'', idx1 + 1);
	if (idx2 == -1) {
	throw new SvnBindException("Can not detect authentication realm name: " + errText);
	}
	realm = realm.substring(idx1 + 1, idx2);
	return realm;
	}

	@Override
	public void updateParameters(@NotNull Command command) {
	if (accepted) {
	command.put("--trust-server-cert");
	// force --non-interactive as it is required by --trust-server-cert, but --non-interactive is not default mode for 1.7 or earlier
	command.put("--non-interactive");
	}
	}

	private SVNURL getServerUrl(String realm) {
	SVNURL result = parseUrl(realm);

	while (result != null && !StringUtil.isEmpty(result.getPath())) {
	try {
	result = result.removePathTail();
	}
	catch (SVNException e) {
	result = null;
	}
	}

	return result;
	}
	}