package org.jetbrains.idea.svn.auth;

import com.intellij.openapi.util.text.StringUtil;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.jetbrains.annotations.NotNull;
import org.tmatesoft.svn.core.SVNErrorCode;
import org.tmatesoft.svn.core.SVNErrorMessage;
import org.tmatesoft.svn.core.SVNException;
import org.tmatesoft.svn.core.SVNProperties;
import org.tmatesoft.svn.core.SVNURL;
import org.tmatesoft.svn.core.auth.SVNAuthentication;
import org.tmatesoft.svn.core.internal.util.SVNBase64;
import org.tmatesoft.svn.core.internal.util.SVNHashMap;
import org.tmatesoft.svn.core.internal.util.SVNSSLUtil;
import org.tmatesoft.svn.core.internal.wc.SVNFileUtil;
import org.tmatesoft.svn.core.internal.wc.SVNWCProperties;

/* loaded from: input_file:org/jetbrains/idea/svn/auth/SSLServerCertificateAuthenticator.class */
class SSLServerCertificateAuthenticator extends AbstractAuthenticator {
    private String myCertificateRealm;
    private String myCredentialsRealm;
    private Object myCertificate;
    private int myResult;
    private SVNAuthentication myAuthentication;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public SSLServerCertificateAuthenticator(@NotNull AuthenticationService authenticationService, @NotNull SVNURL svnurl, String str) {
        super(authenticationService, svnurl, str);
        if (authenticationService == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "authenticationService", "org/jetbrains/idea/svn/auth/SSLServerCertificateAuthenticator", "<init>"));
        }
        if (svnurl == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "url", "org/jetbrains/idea/svn/auth/SSLServerCertificateAuthenticator", "<init>"));
        }
    }

    @Override // org.jetbrains.idea.svn.auth.AbstractAuthenticator
    public boolean tryAuthenticate() {
        this.myResult = 1;
        this.myStoreInUsual = false;
        return super.tryAuthenticate();
    }

    @Override // org.jetbrains.idea.svn.auth.AbstractAuthenticator
    protected boolean getWithPassive(SvnAuthenticationManager svnAuthenticationManager) throws SVNException {
        String str = (String) svnAuthenticationManager.getRuntimeAuthStorage().getData("svn.ssl.server", this.myRealm);
        if (str == null) {
            return false;
        }
        this.myCertificate = createCertificate(str);
        this.myCertificateRealm = this.myRealm;
        return true;
    }

    @Override // org.jetbrains.idea.svn.auth.AbstractAuthenticator
    public void requestClientAuthentication(SVNURL svnurl, String str, SVNAuthentication sVNAuthentication) {
        if (this.myUrl.equals(svnurl)) {
            this.myCredentialsRealm = str;
            this.myAuthentication = sVNAuthentication;
            if (this.myAuthentication != null) {
                this.myStoreInUsual &= this.myAuthentication.isStorageAllowed();
            }
        }
    }

    @Override // org.jetbrains.idea.svn.auth.AbstractAuthenticator
    public void acceptServerAuthentication(SVNURL svnurl, String str, Object obj, int i) {
        if (this.myUrl.equals(svnurl)) {
            this.myCertificateRealm = str;
            this.myCertificate = obj;
            this.myResult = i;
        }
    }

    @Override // org.jetbrains.idea.svn.auth.AbstractAuthenticator
    protected boolean afterAuthCall() {
        this.myStoreInUsual &= this.myCertificate != null && 2 == this.myResult;
        return (0 == this.myResult || this.myCertificate == null) ? false : true;
    }

    @Override // org.jetbrains.idea.svn.auth.AbstractAuthenticator
    protected boolean acknowledge(SvnAuthenticationManager svnAuthenticationManager) throws SVNException {
        if (this.myCertificate == null) {
            String str = (String) svnAuthenticationManager.getRuntimeAuthStorage().getData("svn.ssl.server", this.myRealm);
            if (StringUtil.isEmptyOrSpaces(str)) {
                throw new SVNException(SVNErrorMessage.create(SVNErrorCode.AUTHN_CREDS_UNAVAILABLE, "No stored server certificate was found in runtime"));
            }
            this.myCertificate = createCertificate(str);
            this.myCertificateRealm = this.myRealm;
        }
        if (this.myAuthenticationService.getTempDirectory() == null || this.myCertificate == null) {
            return true;
        }
        storeServerCertificate();
        if (this.myAuthentication == null) {
            return true;
        }
        return storeCredentials(svnAuthenticationManager, this.myAuthentication, this.myCredentialsRealm == null ? this.myCertificateRealm : this.myCredentialsRealm);
    }

    @NotNull
    private Certificate createCertificate(@NotNull String str) throws SVNException {
        if (str == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "stored", "org/jetbrains/idea/svn/auth/SSLServerCertificateAuthenticator", "createCertificate"));
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            byte[] bArr = new byte[str.length()];
            SVNBase64.base64ToByteArray(new StringBuffer(str), bArr);
            Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(bArr));
            if (generateCertificate == null) {
                throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "org/jetbrains/idea/svn/auth/SSLServerCertificateAuthenticator", "createCertificate"));
            }
            return generateCertificate;
        } catch (CertificateException e) {
            throw new SVNException(SVNErrorMessage.create(SVNErrorCode.AUTHN_CREDS_UNAVAILABLE, e));
        }
    }

    private void storeServerCertificate() throws SVNException {
        if (!(this.myCertificate instanceof X509Certificate)) {
            throw new SVNException(SVNErrorMessage.create(SVNErrorCode.IO_ERROR, "Can not store server certificate: " + this.myCertificate));
        }
        X509Certificate x509Certificate = (X509Certificate) this.myCertificate;
        try {
            storeServerCertificate(this.myAuthenticationService.getTempDirectory(), this.myCertificateRealm, SVNBase64.byteArrayToBase64(x509Certificate.getEncoded()), SVNSSLUtil.getServerCertificateFailures(x509Certificate, this.myUrl.getHost()));
        } catch (CertificateEncodingException e) {
            throw new SVNException(SVNErrorMessage.create(SVNErrorCode.IO_ERROR, e));
        }
    }

    private void storeServerCertificate(File file, String str, String str2, int i) throws SVNException {
        file.mkdirs();
        File file2 = new File(file, "auth/svn.ssl.server/" + SVNFileUtil.computeChecksum(str));
        SVNHashMap sVNHashMap = new SVNHashMap();
        sVNHashMap.put("ascii_cert", str2);
        sVNHashMap.put("svn:realmstring", str);
        sVNHashMap.put("failures", Integer.toString(i));
        SVNFileUtil.deleteFile(file2);
        File createUniqueFile = SVNFileUtil.createUniqueFile(file, "auth", ".tmp", true);
        try {
            SVNWCProperties.setProperties(SVNProperties.wrap(sVNHashMap), file2, createUniqueFile, "END");
            SVNFileUtil.deleteFile(createUniqueFile);
        } catch (Throwable th) {
            SVNFileUtil.deleteFile(createUniqueFile);
            throw th;
        }
    }
}
