plugins/svn4idea/src/org/jetbrains/idea/svn/auth/SSLServerCertificateAuthenticator.java - platform/tools/idea - Git at Google

 /*
  * Copyright 2000-2014 JetBrains s.r.o.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.jetbrains.idea.svn.auth;

 import com.intellij.openapi.util.text.StringUtil;
 import org.intellij.lang.annotations.MagicConstant;
 import org.jetbrains.annotations.NotNull;
 import org.tmatesoft.svn.core.*;
 import org.tmatesoft.svn.core.auth.ISVNAuthenticationProvider;
 import org.tmatesoft.svn.core.auth.SVNAuthentication;
 import org.tmatesoft.svn.core.internal.util.SVNBase64;
 import org.tmatesoft.svn.core.internal.util.SVNHashMap;
 import org.tmatesoft.svn.core.internal.util.SVNSSLUtil;
 import org.tmatesoft.svn.core.internal.wc.SVNFileUtil;
 import org.tmatesoft.svn.core.internal.wc.SVNWCProperties;

 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.security.cert.*;

 /**
 * @author Konstantin Kolosovsky.
 */ // plus seems that we also should ask for credentials; but we didn't receive realm name yet
 class SSLServerCertificateAuthenticator extends AbstractAuthenticator {
   private String myCertificateRealm;
   private String myCredentialsRealm;
   private Object myCertificate;
   private int myResult;
   private SVNAuthentication myAuthentication;

   SSLServerCertificateAuthenticator(@NotNull AuthenticationService authenticationService, @NotNull SVNURL url, String realm) {
     super(authenticationService, url, realm);
   }

   @Override
   public boolean tryAuthenticate() {
     myResult = ISVNAuthenticationProvider.ACCEPTED_TEMPORARY;
     myStoreInUsual = false;
     return super.tryAuthenticate();
   }

   @Override
   protected boolean getWithPassive(SvnAuthenticationManager passive) throws SVNException {
     String stored = (String)passive.getRuntimeAuthStorage().getData("svn.ssl.server", myRealm);
     if (stored == null) return false;

     myCertificate = createCertificate(stored);
     myCertificateRealm = myRealm;
     return true;
   }

   @Override
   public void requestClientAuthentication(SVNURL url, String realm, SVNAuthentication authentication) {
     if (!myUrl.equals(url)) return;
     myCredentialsRealm = realm;
     myAuthentication = authentication;
     if (myAuthentication != null) {
       myStoreInUsual &= myAuthentication.isStorageAllowed();
     }
   }

   @Override
   public void acceptServerAuthentication(SVNURL url, String realm, Object certificate, @MagicConstant int acceptResult) {
     if (!myUrl.equals(url)) return;
     myCertificateRealm = realm;
     myCertificate = certificate;
     myResult = acceptResult;
   }

   @Override
   protected boolean afterAuthCall() {
     myStoreInUsual &= myCertificate != null && ISVNAuthenticationProvider.ACCEPTED == myResult;
     // TODO: Previous code always returned not null value, so Boolean == null check was always false in tryAuthenticate().
     // TODO: This was most likely error in code - check once again.
     return ISVNAuthenticationProvider.REJECTED != myResult && myCertificate != null;
   }

   @Override
   protected boolean acknowledge(SvnAuthenticationManager manager) throws SVNException {
     // we should store certificate, if it wasn't accepted (if temporally tmp)
     if (myCertificate == null) {   // this is if certificate was stored only in passive area
       String stored = (String)manager.getRuntimeAuthStorage().getData("svn.ssl.server", myRealm);
       if (StringUtil.isEmptyOrSpaces(stored)) {
         throw new SVNException(
           SVNErrorMessage.create(SVNErrorCode.AUTHN_CREDS_UNAVAILABLE, "No stored server certificate was found in runtime"));
       }
       myCertificate = createCertificate(stored);
       myCertificateRealm = myRealm;
     }
     if (myAuthenticationService.getTempDirectory() != null && myCertificate != null) {
       storeServerCertificate();

       if (myAuthentication != null) {
         final String realm = myCredentialsRealm == null ? myCertificateRealm : myCredentialsRealm;
         return storeCredentials(manager, myAuthentication, realm);
       }
     }
     return true;
   }

   @NotNull
   private Certificate createCertificate(@NotNull String stored) throws SVNException {
     CertificateFactory factory;
     try {
       factory = CertificateFactory.getInstance("X509");
       final byte[] buffer = new byte[stored.length()];
       SVNBase64.base64ToByteArray(new StringBuffer(stored), buffer);

       return factory.generateCertificate(new ByteArrayInputStream(buffer));
     }
     catch (CertificateException e) {
       throw new SVNException(SVNErrorMessage.create(SVNErrorCode.AUTHN_CREDS_UNAVAILABLE, e));
     }
   }

   private void storeServerCertificate() throws SVNException {
     if (!(myCertificate instanceof X509Certificate)) {
       throw new SVNException(SVNErrorMessage.create(SVNErrorCode.IO_ERROR, "Can not store server certificate: " + myCertificate));
     }
     X509Certificate x509Certificate = (X509Certificate)myCertificate;
     String stored;
     try {
       stored = SVNBase64.byteArrayToBase64(x509Certificate.getEncoded());
     }
     catch (CertificateEncodingException e) {
       throw new SVNException(SVNErrorMessage.create(SVNErrorCode.IO_ERROR, e));
     }

     int failures = SVNSSLUtil.getServerCertificateFailures(x509Certificate, myUrl.getHost());
     storeServerCertificate(myAuthenticationService.getTempDirectory(), myCertificateRealm, stored, failures);
   }

   private void storeServerCertificate(final File configDir, String realm, String data, int failures) throws SVNException {
     //noinspection ResultOfMethodCallIgnored
     configDir.mkdirs();

     File file = new File(configDir, "auth/svn.ssl.server/" + SVNFileUtil.computeChecksum(realm));
     SVNHashMap map = new SVNHashMap();
     map.put("ascii_cert", data);
     map.put("svn:realmstring", realm);
     map.put("failures", Integer.toString(failures));

     SVNFileUtil.deleteFile(file);

     File tmpFile = SVNFileUtil.createUniqueFile(configDir, "auth", ".tmp", true);
     try {
       SVNWCProperties.setProperties(SVNProperties.wrap(map), file, tmpFile, SVNWCProperties.SVN_HASH_TERMINATOR);
     }
     finally {
       SVNFileUtil.deleteFile(tmpFile);
     }
   }
 }
	/*
	* Copyright 2000-2014 JetBrains s.r.o.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.jetbrains.idea.svn.auth;

	import com.intellij.openapi.util.text.StringUtil;
	import org.intellij.lang.annotations.MagicConstant;
	import org.jetbrains.annotations.NotNull;
	import org.tmatesoft.svn.core.*;
	import org.tmatesoft.svn.core.auth.ISVNAuthenticationProvider;
	import org.tmatesoft.svn.core.auth.SVNAuthentication;
	import org.tmatesoft.svn.core.internal.util.SVNBase64;
	import org.tmatesoft.svn.core.internal.util.SVNHashMap;
	import org.tmatesoft.svn.core.internal.util.SVNSSLUtil;
	import org.tmatesoft.svn.core.internal.wc.SVNFileUtil;
	import org.tmatesoft.svn.core.internal.wc.SVNWCProperties;

	import java.io.ByteArrayInputStream;
	import java.io.File;
	import java.security.cert.*;

	/**
	* @author Konstantin Kolosovsky.
	*/ // plus seems that we also should ask for credentials; but we didn't receive realm name yet
	class SSLServerCertificateAuthenticator extends AbstractAuthenticator {
	private String myCertificateRealm;
	private String myCredentialsRealm;
	private Object myCertificate;
	private int myResult;
	private SVNAuthentication myAuthentication;

	SSLServerCertificateAuthenticator(@NotNull AuthenticationService authenticationService, @NotNull SVNURL url, String realm) {
	super(authenticationService, url, realm);
	}

	@Override
	public boolean tryAuthenticate() {
	myResult = ISVNAuthenticationProvider.ACCEPTED_TEMPORARY;
	myStoreInUsual = false;
	return super.tryAuthenticate();
	}

	@Override
	protected boolean getWithPassive(SvnAuthenticationManager passive) throws SVNException {
	String stored = (String)passive.getRuntimeAuthStorage().getData("svn.ssl.server", myRealm);
	if (stored == null) return false;

	myCertificate = createCertificate(stored);
	myCertificateRealm = myRealm;
	return true;
	}

	@Override
	public void requestClientAuthentication(SVNURL url, String realm, SVNAuthentication authentication) {
	if (!myUrl.equals(url)) return;
	myCredentialsRealm = realm;
	myAuthentication = authentication;
	if (myAuthentication != null) {
	myStoreInUsual &= myAuthentication.isStorageAllowed();
	}
	}

	@Override
	public void acceptServerAuthentication(SVNURL url, String realm, Object certificate, @MagicConstant int acceptResult) {
	if (!myUrl.equals(url)) return;
	myCertificateRealm = realm;
	myCertificate = certificate;
	myResult = acceptResult;
	}

	@Override
	protected boolean afterAuthCall() {
	myStoreInUsual &= myCertificate != null && ISVNAuthenticationProvider.ACCEPTED == myResult;
	// TODO: Previous code always returned not null value, so Boolean == null check was always false in tryAuthenticate().
	// TODO: This was most likely error in code - check once again.
	return ISVNAuthenticationProvider.REJECTED != myResult && myCertificate != null;
	}

	@Override
	protected boolean acknowledge(SvnAuthenticationManager manager) throws SVNException {
	// we should store certificate, if it wasn't accepted (if temporally tmp)
	if (myCertificate == null) { // this is if certificate was stored only in passive area
	String stored = (String)manager.getRuntimeAuthStorage().getData("svn.ssl.server", myRealm);
	if (StringUtil.isEmptyOrSpaces(stored)) {
	throw new SVNException(
	SVNErrorMessage.create(SVNErrorCode.AUTHN_CREDS_UNAVAILABLE, "No stored server certificate was found in runtime"));
	}
	myCertificate = createCertificate(stored);
	myCertificateRealm = myRealm;
	}
	if (myAuthenticationService.getTempDirectory() != null && myCertificate != null) {
	storeServerCertificate();

	if (myAuthentication != null) {
	final String realm = myCredentialsRealm == null ? myCertificateRealm : myCredentialsRealm;
	return storeCredentials(manager, myAuthentication, realm);
	}
	}
	return true;
	}

	@NotNull
	private Certificate createCertificate(@NotNull String stored) throws SVNException {
	CertificateFactory factory;
	try {
	factory = CertificateFactory.getInstance("X509");
	final byte[] buffer = new byte[stored.length()];
	SVNBase64.base64ToByteArray(new StringBuffer(stored), buffer);

	return factory.generateCertificate(new ByteArrayInputStream(buffer));
	}
	catch (CertificateException e) {
	throw new SVNException(SVNErrorMessage.create(SVNErrorCode.AUTHN_CREDS_UNAVAILABLE, e));
	}
	}

	private void storeServerCertificate() throws SVNException {
	if (!(myCertificate instanceof X509Certificate)) {
	throw new SVNException(SVNErrorMessage.create(SVNErrorCode.IO_ERROR, "Can not store server certificate: " + myCertificate));
	}
	X509Certificate x509Certificate = (X509Certificate)myCertificate;
	String stored;
	try {
	stored = SVNBase64.byteArrayToBase64(x509Certificate.getEncoded());
	}
	catch (CertificateEncodingException e) {
	throw new SVNException(SVNErrorMessage.create(SVNErrorCode.IO_ERROR, e));
	}

	int failures = SVNSSLUtil.getServerCertificateFailures(x509Certificate, myUrl.getHost());
	storeServerCertificate(myAuthenticationService.getTempDirectory(), myCertificateRealm, stored, failures);
	}

	private void storeServerCertificate(final File configDir, String realm, String data, int failures) throws SVNException {
	//noinspection ResultOfMethodCallIgnored
	configDir.mkdirs();

	File file = new File(configDir, "auth/svn.ssl.server/" + SVNFileUtil.computeChecksum(realm));
	SVNHashMap map = new SVNHashMap();
	map.put("ascii_cert", data);
	map.put("svn:realmstring", realm);
	map.put("failures", Integer.toString(failures));

	SVNFileUtil.deleteFile(file);

	File tmpFile = SVNFileUtil.createUniqueFile(configDir, "auth", ".tmp", true);
	try {
	SVNWCProperties.setProperties(SVNProperties.wrap(map), file, tmpFile, SVNWCProperties.SVN_HASH_TERMINATOR);
	}
	finally {
	SVNFileUtil.deleteFile(tmpFile);
	}
	}
	}