package org.tmatesoft.svn.core.internal.io.dav.http;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.tmatesoft.svn.core.SVNAuthenticationException;
import org.tmatesoft.svn.core.SVNCancelException;
import org.tmatesoft.svn.core.SVNErrorCode;
import org.tmatesoft.svn.core.SVNErrorMessage;
import org.tmatesoft.svn.core.SVNException;
import org.tmatesoft.svn.core.SVNURL;
import org.tmatesoft.svn.core.auth.BasicAuthenticationManager;
import org.tmatesoft.svn.core.auth.ISVNAuthenticationManager;
import org.tmatesoft.svn.core.auth.SVNAuthentication;
import org.tmatesoft.svn.core.auth.SVNPasswordAuthentication;
import org.tmatesoft.svn.core.auth.SVNSSLAuthentication;
import org.tmatesoft.svn.core.internal.wc.ISVNSSLPasspharsePromptSupport;
import org.tmatesoft.svn.core.internal.wc.SVNErrorManager;
import org.tmatesoft.svn.core.internal.wc.SVNFileUtil;
import org.tmatesoft.svn.util.SVNDebugLog;
import org.tmatesoft.svn.util.SVNLogType;

/* loaded from: input_file:org/tmatesoft/svn/core/internal/io/dav/http/HTTPSSLKeyManager.class */
public final class HTTPSSLKeyManager implements X509KeyManager {
    private final ISVNAuthenticationManager authenticationManager;
    private final String realm;
    private final SVNURL url;
    private KeyManager[] myKeyManagers;
    private SVNSSLAuthentication myAuthentication;
    private Exception myException;
    private String chooseAlias = null;
    private boolean myIsFirstRequest = true;

    public static KeyManager[] loadClientCertificate() {
        Provider provider = Security.getProvider("CAPI");
        Provider provider2 = Security.getProvider("SunMSCAPI");
        KeyManager[] keyManagerArr = null;
        SVNDebugLog.getDefaultLog().logError(SVNLogType.CLIENT, "using mscapi");
        KeyStore keyStore = null;
        try {
            if (provider2 != null) {
                provider2.setProperty("Signature.SHA1withRSA", "sun.security.mscapi.RSASignature$SHA1");
                keyStore = KeyStore.getInstance("Windows-MY", provider2);
            } else if (provider != null) {
                keyStore = KeyStore.getInstance("CAPI");
            }
            if (keyStore != null) {
                keyStore.load(null, null);
            }
            if (keyStore != null) {
                try {
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    if (keyManagerFactory != null) {
                        keyManagerFactory.init(keyStore, null);
                        keyManagerArr = keyManagerFactory.getKeyManagers();
                    }
                } catch (Throwable th) {
                    SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, th);
                    throw new SVNException(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "MS Capi error: " + th.getMessage()), th);
                }
            }
            return keyManagerArr;
        } catch (Throwable th2) {
            SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, th2);
            throw new SVNException(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "Problems, when connecting with ms capi! " + th2.getMessage(), null, 0, th2), th2);
        }
    }

    public static KeyManager[] loadClientCertificate(File file, String str) {
        return loadClientCertificate(file, str != null ? str.toCharArray() : null);
    }

    public static KeyManager[] loadClientCertificate(byte[] bArr, char[] cArr) {
        SVNException sVNException;
        char[] cArr2 = cArr == null ? new char[0] : cArr;
        KeyManager[] keyManagerArr = null;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                if (keyStore != null) {
                    keyStore.load(byteArrayInputStream, cArr2);
                }
                if (keyStore != null) {
                    try {
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                        if (keyManagerFactory != null) {
                            keyManagerFactory.init(keyStore, cArr2);
                            keyManagerArr = keyManagerFactory.getKeyManagers();
                        }
                    } catch (Throwable th) {
                        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, th);
                        throw new SVNException(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, th.getMessage()), th);
                    }
                }
                return keyManagerArr;
            } finally {
            }
        } finally {
            SVNFileUtil.closeFile(byteArrayInputStream);
        }
    }

    public static KeyManager[] loadClientCertificate(File file, char[] cArr) {
        KeyManagerFactory keyManagerFactory;
        char[] cArr2 = cArr == null ? new char[0] : cArr;
        KeyManager[] keyManagerArr = null;
        if (file != null && file.getName().startsWith(SVNSSLAuthentication.MSCAPI)) {
            SVNDebugLog.getDefaultLog().logError(SVNLogType.CLIENT, "using mscapi");
            try {
                KeyStore keyStore = KeyStore.getInstance("Windows-MY");
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "using my windows store");
                if (keyStore != null) {
                    keyStore.load(null, null);
                }
                if (keyStore != null && (keyManagerFactory = KeyManagerFactory.getInstance("SunX509")) != null) {
                    keyManagerFactory.init(keyStore, cArr2);
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                }
                return keyManagerArr;
            } catch (Throwable th) {
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, th);
                throw new SVNException(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "loadClientCertificate ms capi with file - should not be called: " + th.getMessage(), null, 0, th), th);
            }
        }
        InputStream openFileForReading = SVNFileUtil.openFileForReading(file, SVNLogType.NETWORK);
        try {
            try {
                KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
                if (keyStore2 != null) {
                    keyStore2.load(openFileForReading, cArr2);
                }
                if (keyStore2 != null) {
                    try {
                        KeyManagerFactory keyManagerFactory2 = KeyManagerFactory.getInstance("SunX509");
                        if (keyManagerFactory2 != null) {
                            keyManagerFactory2.init(keyStore2, cArr2);
                            keyManagerArr = keyManagerFactory2.getKeyManagers();
                        }
                    } catch (Throwable th2) {
                        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, th2);
                        throw new SVNException(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, th2.getMessage()), th2);
                    }
                }
                return keyManagerArr;
            } finally {
                SVNFileUtil.closeFile(openFileForReading);
            }
        } catch (Throwable th3) {
            SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, th3);
            throw new SVNException(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, th3.getMessage(), null, 0, th3), th3);
        }
    }

    /* JADX WARN: Finally extract failed */
    public KeyManager[] loadClientCertificate(SVNSSLAuthentication sVNSSLAuthentication) {
        KeyManagerFactory keyManagerFactory;
        char[] passwordValue = sVNSSLAuthentication.getPasswordValue();
        String certificatePath = sVNSSLAuthentication.getCertificatePath();
        File certificateFile = sVNSSLAuthentication.getCertificateFile();
        byte[] certificate = sVNSSLAuthentication.getCertificate();
        char[] cArr = passwordValue == null ? new char[0] : passwordValue;
        SVNAuthentication sVNAuthentication = null;
        KeyManager[] keyManagerArr = null;
        KeyStore keyStore = null;
        if (certificateFile != null && certificateFile.getName().startsWith(SVNSSLAuthentication.MSCAPI)) {
            SVNDebugLog.getDefaultLog().logError(SVNLogType.CLIENT, "using mscapi");
            try {
                KeyStore keyStore2 = KeyStore.getInstance("Windows-MY");
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "using my windows store");
                if (keyStore2 != null) {
                    keyStore2.load(null, null);
                }
                if (keyStore2 != null && (keyManagerFactory = KeyManagerFactory.getInstance("SunX509")) != null) {
                    keyManagerFactory.init(keyStore2, cArr);
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                }
                return keyManagerArr;
            } catch (Throwable th) {
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, th);
                throw new SVNAuthenticationException(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "loadClientCertificate ms capi with file - should not be called: " + th.getMessage(), null, 0, th), th);
            }
        }
        while (true) {
            try {
                InputStream byteArrayInputStream = certificate != null ? new ByteArrayInputStream(certificate) : SVNFileUtil.openFileForReading(certificateFile, SVNLogType.NETWORK);
                try {
                    keyStore = KeyStore.getInstance("PKCS12");
                    if (keyStore != null) {
                        keyStore.load(byteArrayInputStream, cArr);
                    }
                    SVNFileUtil.closeFile(byteArrayInputStream);
                    if (sVNAuthentication != null) {
                        BasicAuthenticationManager.acknowledgeAuthentication(true, ISVNAuthenticationManager.SSL, certificatePath, null, sVNAuthentication, this.url, this.authenticationManager);
                    } else {
                        BasicAuthenticationManager.acknowledgeAuthentication(true, ISVNAuthenticationManager.SSL, certificatePath, null, SVNPasswordAuthentication.newInstance("", passwordValue, sVNSSLAuthentication.isStorageAllowed(), sVNSSLAuthentication.getURL(), false), this.url, this.authenticationManager);
                    }
                } catch (Throwable th2) {
                    SVNFileUtil.closeFile(byteArrayInputStream);
                    throw th2;
                }
            } catch (IOException e) {
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, e);
                if (sVNAuthentication != null) {
                    BasicAuthenticationManager.acknowledgeAuthentication(false, ISVNAuthenticationManager.SSL, certificatePath, SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, e.getMessage()), sVNAuthentication, this.url, this.authenticationManager);
                    sVNAuthentication = this.authenticationManager.getNextAuthentication(ISVNAuthenticationManager.SSL, certificatePath, sVNSSLAuthentication.getURL());
                } else {
                    sVNAuthentication = this.authenticationManager.getFirstAuthentication(ISVNAuthenticationManager.SSL, certificatePath, sVNSSLAuthentication.getURL());
                }
                if (!(sVNAuthentication instanceof SVNPasswordAuthentication)) {
                    SVNErrorManager.cancel("authentication cancelled", SVNLogType.NETWORK);
                    break;
                }
                cArr = ((SVNPasswordAuthentication) sVNAuthentication).getPasswordValue();
            } catch (Throwable th3) {
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, th3);
                throw new SVNException(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, th3.getMessage(), null, 0, th3), th3);
            }
        }
        if (keyStore != null) {
            try {
                KeyManagerFactory keyManagerFactory2 = KeyManagerFactory.getInstance("SunX509");
                if (keyManagerFactory2 != null) {
                    keyManagerFactory2.init(keyStore, cArr);
                    keyManagerArr = keyManagerFactory2.getKeyManagers();
                }
            } catch (Throwable th4) {
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, th4);
                throw new SVNAuthenticationException(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, th4.getMessage()), th4);
            }
        }
        return keyManagerArr;
    }

    public HTTPSSLKeyManager(ISVNAuthenticationManager iSVNAuthenticationManager, String str, SVNURL svnurl) {
        this.authenticationManager = iSVNAuthenticationManager;
        this.realm = str;
        this.url = svnurl;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            String[] clientAliases = ((X509KeyManager) it.next()).getClientAliases(str, principalArr);
            if (clientAliases != null) {
                return clientAliases;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (!initializeNoException()) {
            return null;
        }
        if (this.chooseAlias != null) {
            return this.chooseAlias;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            String chooseClientAlias = ((X509KeyManager) it.next()).chooseClientAlias(strArr, principalArr, socket);
            if (chooseClientAlias != null) {
                return chooseClientAlias;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            String[] serverAliases = ((X509KeyManager) it.next()).getServerAliases(str, principalArr);
            if (serverAliases != null) {
                return serverAliases;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            String chooseServerAlias = ((X509KeyManager) it.next()).chooseServerAlias(str, principalArr, socket);
            if (chooseServerAlias != null) {
                return chooseServerAlias;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            X509Certificate[] certificateChain = ((X509KeyManager) it.next()).getCertificateChain(str);
            if (certificateChain != null) {
                return certificateChain;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            PrivateKey privateKey = ((X509KeyManager) it.next()).getPrivateKey(str);
            if (privateKey != null) {
                return privateKey;
            }
        }
        return null;
    }

    public Exception getException() {
        return this.myException;
    }

    public void acknowledgeAndClearAuthentication(SVNErrorMessage sVNErrorMessage) {
        if (this.myAuthentication != null) {
            BasicAuthenticationManager.acknowledgeAuthentication(sVNErrorMessage == null, ISVNAuthenticationManager.SSL, this.realm, sVNErrorMessage, this.myAuthentication, this.url, this.authenticationManager);
        }
        if (sVNErrorMessage != null) {
            this.myKeyManagers = null;
            this.chooseAlias = null;
        } else {
            this.myAuthentication = null;
            this.myIsFirstRequest = true;
        }
        Exception exc = this.myException;
        this.myException = null;
        if (exc instanceof SVNException) {
            throw ((SVNException) exc);
        }
        if (exc != null) {
            throw new SVNException(SVNErrorMessage.UNKNOWN_ERROR_MESSAGE, exc);
        }
        if (sVNErrorMessage != null && isNonInteractive()) {
            throw new SVNException(sVNErrorMessage);
        }
    }

    public boolean isInitialized() {
        return this.myKeyManagers != null;
    }

    private boolean initializeNoException() {
        try {
            boolean initialize = initialize();
            this.myException = null;
            return initialize;
        } catch (Exception e) {
            this.myException = e;
            return false;
        }
    }

    private boolean initialize() {
        KeyManager[] loadClientCertificate;
        if (this.myKeyManagers != null) {
            return true;
        }
        while (true) {
            try {
                if (this.myIsFirstRequest) {
                    this.myAuthentication = (SVNSSLAuthentication) this.authenticationManager.getFirstAuthentication(ISVNAuthenticationManager.SSL, this.realm, this.url);
                    this.myIsFirstRequest = false;
                } else {
                    this.myAuthentication = (SVNSSLAuthentication) this.authenticationManager.getNextAuthentication(ISVNAuthenticationManager.SSL, this.realm, this.url);
                }
                if (this.myAuthentication == null) {
                    if (isNonInteractive()) {
                        this.myKeyManagers = new KeyManager[0];
                        return true;
                    }
                    SVNErrorManager.cancel("SSL authentication with client certificate cancelled", SVNLogType.NETWORK);
                }
                try {
                    if (isMSCAPI(this.myAuthentication)) {
                        loadClientCertificate = loadClientCertificate();
                        this.chooseAlias = this.myAuthentication.getAlias();
                    } else {
                        loadClientCertificate = ((this.authenticationManager instanceof ISVNSSLPasspharsePromptSupport) && ((ISVNSSLPasspharsePromptSupport) this.authenticationManager).isSSLPassphrasePromtSupported()) ? loadClientCertificate(this.myAuthentication) : this.myAuthentication.getCertificate() != null ? loadClientCertificate(this.myAuthentication.getCertificate(), this.myAuthentication.getPasswordValue()) : loadClientCertificate(this.myAuthentication.getCertificateFile(), this.myAuthentication.getPasswordValue());
                    }
                    this.myKeyManagers = loadClientCertificate;
                    return true;
                } catch (SVNAuthenticationException e) {
                    throw e;
                } catch (SVNCancelException e2) {
                    throw e2;
                } catch (SVNException e3) {
                    BasicAuthenticationManager.acknowledgeAuthentication(false, ISVNAuthenticationManager.SSL, this.realm, SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "Failed to load SSL client certificate: ''{0}''", new Object[]{e3.getMessage()}, 0, e3.getCause()), this.myAuthentication, this.url, this.authenticationManager);
                }
            } catch (SVNAuthenticationException e4) {
                if (!isNonInteractive()) {
                    throw e4;
                }
                this.myKeyManagers = new KeyManager[0];
                return true;
            }
        }
    }

    private boolean isNonInteractive() {
        return ((this.authenticationManager instanceof ISVNSSLPasspharsePromptSupport) && ((ISVNSSLPasspharsePromptSupport) this.authenticationManager).isSSLPassphrasePromtSupported()) ? false : true;
    }

    private static List getX509KeyManagers(KeyManager[] keyManagerArr) {
        ArrayList arrayList = new ArrayList();
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                arrayList.add((X509KeyManager) keyManager);
            }
        }
        return arrayList;
    }

    private static boolean isMSCAPI(SVNSSLAuthentication sVNSSLAuthentication) {
        return sVNSSLAuthentication != null && SVNSSLAuthentication.MSCAPI.equals(sVNSSLAuthentication.getSSLKind());
    }
}
