private void onStateChangedToSuccess(final AuthenticationRequest obj) {
myCopiesPassiveResults.put(getKey(obj), true);
myVcs.invokeRefreshSvnRoots(false);
final List<SVNURL> outdatedRequests = new LinkedList<SVNURL>();
final Collection<SVNURL> keys = getAllCurrentKeys();
for (SVNURL key : keys) {
final SVNURL commonURLAncestor = SVNURLUtil.getCommonURLAncestor(key, obj.getUrl());
if ((commonURLAncestor != null)
&& (!StringUtil.isEmptyOrSpaces(commonURLAncestor.getHost()))
&& (!StringUtil.isEmptyOrSpaces(commonURLAncestor.getPath()))) {
// final AuthenticationRequest currObj = getObj(key);
// if ((currObj != null) && passiveValidation(myVcs.getProject(), key, true,
// currObj.getRealm(), currObj.getKind())) {
outdatedRequests.add(key);
// }
}
}
log("on state changed ");
ApplicationManager.getApplication()
.invokeLater(
new Runnable() {
public void run() {
for (SVNURL key : outdatedRequests) {
removeLazyNotificationByKey(key);
}
}
},
ModalityState.NON_MODAL);
}
private HTTPSSLKeyManager createKeyManager() {
if (!myIsSecured) {
return null;
}
SVNURL location = myRepository.getLocation();
ISVNAuthenticationManager authManager = myRepository.getAuthenticationManager();
String sslRealm =
"<" + location.getProtocol() + "://" + location.getHost() + ":" + location.getPort() + ">";
return new HTTPSSLKeyManager(authManager, sslRealm, location);
}
public DefaultSVNSSLTrustManager(
File authDir,
SVNURL url,
File[] serverCertFiles,
boolean useKeyStore,
DefaultSVNAuthenticationManager authManager) {
myURL = url;
myAuthDirectory = authDir;
myRealm = "https://" + url.getHost() + ":" + url.getPort();
myAuthManager = authManager;
myIsUseKeyStore = useKeyStore;
myServerCertFiles = serverCertFiles;
}
public void checkServerTrusted(X509Certificate[] certs, String algorithm)
throws CertificateException {
if (certs != null && certs.length > 0 && certs[0] != null) {
String data = SVNBase64.byteArrayToBase64(certs[0].getEncoded());
String stored =
(String) myAuthManager.getRuntimeAuthStorage().getData("svn.ssl.server", myRealm);
if (data.equals(stored)) {
return;
}
stored = getStoredServerCertificate(myRealm);
if (data.equals(stored)) {
return;
}
ISVNAuthenticationProvider authProvider = myAuthManager.getAuthenticationProvider();
int failures = SVNSSLUtil.getServerCertificateFailures(certs[0], myURL.getHost());
// compose bit mask.
// 8 is default
// check dates for 1 and 2
// check host name for 4
if (authProvider != null) {
boolean store = myAuthManager.isAuthStorageEnabled(myURL);
boolean trustServer = checkServerTrustedByDefault(certs, algorithm);
int result;
if (trustServer) {
result = ISVNAuthenticationProvider.ACCEPTED;
} else {
result = authProvider.acceptServerAuthentication(myURL, myRealm, certs[0], store);
}
if (result == ISVNAuthenticationProvider.ACCEPTED && store) {
try {
storeServerCertificate(myRealm, data, failures);
} catch (SVNException e) {
// ignore that exception, as we only need to trust now and may save data later.
// throw new SVNSSLUtil.CertificateNotTrustedException("svn: Server SSL certificate for
// '" + myRealm + "' cannot be saved");
SVNDebugLog.getDefaultLog().logError(SVNLogType.NETWORK, e);
}
}
if (result != ISVNAuthenticationProvider.REJECTED) {
myAuthManager.getRuntimeAuthStorage().putData("svn.ssl.server", myRealm, data);
return;
}
throw new SVNSSLUtil.CertificateNotTrustedException(
"svn: Server SSL certificate for '" + myRealm + "' rejected");
}
// like as tmp. accepted.
}
}
private void getDiff(long rev, String path, char type, int nbatt) {
// http://old.nabble.com/file/p31961153/Comparision.java
String durl = "";
// System.out.println(path);
switch (urlType) {
case 0:
durl = this.serverUrl + path;
break;
case 1:
try {
SVNURL serverUrl = SVNURL.parseURIDecoded(this.url);
durl = serverUrl.getProtocol() + "://" + serverUrl.getHost() + path;
} catch (SVNException e2) {
e2.printStackTrace();
}
break;
case 2:
durl = mergeUrls(this.serverUrl, path);
break;
}
// System.out.println("Type:"+this.urlType+", Url:"+durl);
SVNURL svnurl = null;
try {
svnurl = SVNURL.parseURIEncoded(durl);
} catch (SVNException e1) {
System.out.println(
"Error 3:" + durl + "-" + urlType + "ser:" + this.serverUrl + "path: " + path);
}
int plus = 0;
int minus = 0;
// if(type =='M'){
SVNRevision previous = SVNRevision.create(rev - 1);
SVNRevision current = SVNRevision.create(rev);
OutputStream os = new MyOutputStream();
try {
if (type == 'M') {
this.svnDiffCl.doDiff(svnurl, previous, svnurl, current, SVNDepth.EMPTY, false, os);
int[] c = ((MyOutputStream) os).count();
plus = c[0];
minus = c[1];
} else if (type == 'A') {
this.svnWcClient.doGetFileContents(svnurl, current, current, true, os);
plus = ((MyOutputStream) os).counLines();
} else if (type == 'D' || type == 'R') {
this.svnWcClient.doGetFileContents(svnurl, previous, previous, true, os);
minus = ((MyOutputStream) os).counLines();
} else System.out.println("#################Type chelou ! " + type);
} catch (SVNException e) {
if (nbatt < 2) {
this.urlType = (this.urlType + 1) % 3;
getDiff(rev, path, type, nbatt + 1);
return;
} else {
// System.out.println("Error 4: "+ this.serverUrl+"-"+this.url+"-"+path);
// e.printStackTrace();
// System.out.println(e.getMessage());
}
}
// }
String daCl = sdf.format(new Date(this.date.getTimeInMillis()));
if (type == 'D') type = 'R';
commits.add(
this.revision
+ ","
+ this.author
+ ","
+ daCl
+ ","
+ this.date.getTimeInMillis()
+ ","
+ type
+ ","
+ path
+ ","
+ plus
+ ","
+ minus);
System.out.print(".");
}
public HTTPStatus request(
String method,
String path,
HTTPHeader header,
InputStream body,
int ok1,
int ok2,
OutputStream dst,
DefaultHandler handler,
SVNErrorMessage context)
throws SVNException {
if ("".equals(path) || path == null) {
path = "/";
}
// 1. prompt for ssl client cert if needed, if cancelled - throw cancellation exception.
HTTPSSLKeyManager keyManager =
myKeyManager == null && myRepository.getAuthenticationManager() != null
? createKeyManager()
: myKeyManager;
TrustManager trustManager =
myTrustManager == null && myRepository.getAuthenticationManager() != null
? myRepository.getAuthenticationManager().getTrustManager(myRepository.getLocation())
: myTrustManager;
String sslRealm =
"<" + myHost.getProtocol() + "://" + myHost.getHost() + ":" + myHost.getPort() + ">";
SVNAuthentication httpAuth = myLastValidAuth;
boolean isAuthForced =
myRepository.getAuthenticationManager() != null
? myRepository.getAuthenticationManager().isAuthenticationForced()
: false;
if (httpAuth == null && isAuthForced) {
httpAuth =
myRepository
.getAuthenticationManager()
.getFirstAuthentication(ISVNAuthenticationManager.PASSWORD, sslRealm, null);
myChallengeCredentials =
new HTTPBasicAuthentication((SVNPasswordAuthentication) httpAuth, myCharset);
}
String realm = null;
// 2. create request instance.
HTTPRequest request = new HTTPRequest(myCharset);
request.setConnection(this);
request.setKeepAlive(true);
request.setRequestBody(body);
request.setResponseHandler(handler);
request.setResponseStream(dst);
SVNErrorMessage err = null;
boolean ntlmAuthIsRequired = false;
boolean ntlmProxyAuthIsRequired = false;
boolean negoAuthIsRequired = false;
int authAttempts = 0;
while (true) {
HTTPStatus status = null;
if (System.currentTimeMillis() >= myNextRequestTimeout) {
SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "Keep-Alive timeout detected");
close();
}
int retryCount = 1;
try {
err = null;
String httpAuthResponse = null;
String proxyAuthResponse = null;
while (retryCount >= 0) {
connect(keyManager, trustManager);
request.reset();
request.setProxied(myIsProxied);
request.setSecured(myIsSecured);
if (myProxyAuthentication != null
&& (ntlmProxyAuthIsRequired
|| !"NTLM".equals(myProxyAuthentication.getAuthenticationScheme()))) {
if (proxyAuthResponse == null) {
request.initCredentials(myProxyAuthentication, method, path);
proxyAuthResponse = myProxyAuthentication.authenticate();
}
request.setProxyAuthentication(proxyAuthResponse);
}
if (myChallengeCredentials != null
&& (ntlmAuthIsRequired
|| negoAuthIsRequired
|| ((!"NTLM".equals(myChallengeCredentials.getAuthenticationScheme()))
&& !"Negotiate".equals(myChallengeCredentials.getAuthenticationScheme()))
&& httpAuth != null)) {
if (httpAuthResponse == null) {
request.initCredentials(myChallengeCredentials, method, path);
httpAuthResponse = myChallengeCredentials.authenticate();
}
request.setAuthentication(httpAuthResponse);
}
try {
request.dispatch(method, path, header, ok1, ok2, context);
break;
} catch (EOFException pe) {
// retry, EOF always means closed connection.
if (retryCount > 0) {
close();
continue;
}
throw (IOException) new IOException(pe.getMessage()).initCause(pe);
} finally {
retryCount--;
}
}
myNextRequestTimeout = request.getNextRequestTimeout();
status = request.getStatus();
} catch (SSLHandshakeException ssl) {
myRepository.getDebugLog().logFine(SVNLogType.NETWORK, ssl);
close();
if (ssl.getCause() instanceof SVNSSLUtil.CertificateNotTrustedException) {
SVNErrorManager.cancel(ssl.getCause().getMessage(), SVNLogType.NETWORK);
}
SVNErrorMessage sslErr =
SVNErrorMessage.create(
SVNErrorCode.RA_NOT_AUTHORIZED,
"SSL handshake failed: ''{0}''",
new Object[] {ssl.getMessage()},
SVNErrorMessage.TYPE_ERROR,
ssl);
if (keyManager != null) {
keyManager.acknowledgeAndClearAuthentication(sslErr);
}
err = SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, ssl);
// continue; http://svnkit.com/tracker/view.php?id=301 - Kohsuke
} catch (IOException e) {
myRepository.getDebugLog().logFine(SVNLogType.NETWORK, e);
if (e instanceof SocketTimeoutException) {
err =
SVNErrorMessage.create(
SVNErrorCode.RA_DAV_REQUEST_FAILED,
"timed out waiting for server",
null,
SVNErrorMessage.TYPE_ERROR,
e);
} else if (e instanceof UnknownHostException) {
err =
SVNErrorMessage.create(
SVNErrorCode.RA_DAV_REQUEST_FAILED,
"unknown host",
null,
SVNErrorMessage.TYPE_ERROR,
e);
} else if (e instanceof ConnectException) {
err =
SVNErrorMessage.create(
SVNErrorCode.RA_DAV_REQUEST_FAILED,
"connection refused by the server",
null,
SVNErrorMessage.TYPE_ERROR,
e);
} else if (e instanceof SVNCancellableOutputStream.IOCancelException) {
SVNErrorManager.cancel(e.getMessage(), SVNLogType.NETWORK);
} else if (e instanceof SSLException) {
err = SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, e);
} else {
err = SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, e);
}
} catch (SVNException e) {
myRepository.getDebugLog().logFine(SVNLogType.NETWORK, e);
// force connection close on SVNException
// (could be thrown by user's auth manager methods).
close();
throw e;
} finally {
finishResponse(request);
}
if (err != null) {
close();
break;
}
if (keyManager != null) {
myKeyManager = keyManager;
myTrustManager = trustManager;
keyManager.acknowledgeAndClearAuthentication(null);
}
if (status.getCode() == HttpURLConnection.HTTP_FORBIDDEN) {
myLastValidAuth = null;
close();
err = request.getErrorMessage();
} else if (myIsProxied && status.getCode() == HttpURLConnection.HTTP_PROXY_AUTH) {
Collection proxyAuthHeaders =
request.getResponseHeader().getHeaderValues(HTTPHeader.PROXY_AUTHENTICATE_HEADER);
try {
myProxyAuthentication =
HTTPAuthentication.parseAuthParameters(
proxyAuthHeaders, myProxyAuthentication, myCharset);
} catch (SVNException svne) {
myRepository.getDebugLog().logFine(SVNLogType.NETWORK, svne);
err = svne.getErrorMessage();
break;
}
if (myProxyAuthentication instanceof HTTPNTLMAuthentication) {
ntlmProxyAuthIsRequired = true;
HTTPNTLMAuthentication ntlmProxyAuth = (HTTPNTLMAuthentication) myProxyAuthentication;
if (ntlmProxyAuth.isInType3State()) {
continue;
}
}
err =
SVNErrorMessage.create(
SVNErrorCode.RA_NOT_AUTHORIZED, "HTTP proxy authorization failed");
SVNURL location = myRepository.getLocation();
ISVNAuthenticationManager authManager = myRepository.getAuthenticationManager();
ISVNProxyManager proxyManager =
authManager != null ? authManager.getProxyManager(location) : null;
if (proxyManager != null) {
proxyManager.acknowledgeProxyContext(false, err);
}
close();
break;
} else if (status.getCode() == HttpURLConnection.HTTP_UNAUTHORIZED) {
authAttempts++; // how many times did we try?
Collection authHeaderValues =
request.getResponseHeader().getHeaderValues(HTTPHeader.AUTHENTICATE_HEADER);
if (authHeaderValues == null || authHeaderValues.size() == 0) {
err = request.getErrorMessage();
status.setError(
SVNErrorMessage.create(
SVNErrorCode.RA_DAV_REQUEST_FAILED,
err.getMessageTemplate(),
err.getRelatedObjects()));
if ("LOCK".equalsIgnoreCase(method)) {
status
.getError()
.setChildErrorMessage(
SVNErrorMessage.create(
SVNErrorCode.UNSUPPORTED_FEATURE,
"Probably you are trying to lock file in repository that only allows anonymous access"));
}
SVNErrorManager.error(status.getError(), SVNLogType.NETWORK);
return status;
}
// we should work around a situation when a server
// does not support Basic authentication while we're
// forcing it, credentials should not be immediately
// thrown away
boolean skip = false;
isAuthForced =
myRepository.getAuthenticationManager() != null
? myRepository.getAuthenticationManager().isAuthenticationForced()
: false;
if (isAuthForced) {
if (httpAuth != null
&& myChallengeCredentials != null
&& !HTTPAuthentication.isSchemeSupportedByServer(
myChallengeCredentials.getAuthenticationScheme(), authHeaderValues)) {
skip = true;
}
}
try {
myChallengeCredentials =
HTTPAuthentication.parseAuthParameters(
authHeaderValues, myChallengeCredentials, myCharset);
} catch (SVNException svne) {
err = svne.getErrorMessage();
break;
}
myChallengeCredentials.setChallengeParameter("methodname", method);
myChallengeCredentials.setChallengeParameter("uri", path);
if (skip) {
close();
continue;
}
HTTPNTLMAuthentication ntlmAuth = null;
HTTPNegotiateAuthentication negoAuth = null;
if (myChallengeCredentials instanceof HTTPNTLMAuthentication) {
ntlmAuthIsRequired = true;
ntlmAuth = (HTTPNTLMAuthentication) myChallengeCredentials;
if (ntlmAuth.isInType3State()) {
continue;
}
} else if (myChallengeCredentials instanceof HTTPDigestAuthentication) {
// continue (retry once) if previous request was acceppted?
if (myLastValidAuth != null) {
myLastValidAuth = null;
continue;
}
} else if (myChallengeCredentials instanceof HTTPNegotiateAuthentication) {
negoAuthIsRequired = true;
negoAuth = (HTTPNegotiateAuthentication) myChallengeCredentials;
if (negoAuth.isStarted()) {
continue;
}
}
myLastValidAuth = null;
if (ntlmAuth != null && ntlmAuth.isNative() && authAttempts == 1) {
/*
* if this is the first time we get HTTP_UNAUTHORIZED, NTLM is the target auth scheme
* and JNA is available, we should try a native auth mechanism first without calling
* auth providers.
*/
continue;
}
if (negoAuth != null) {
continue;
}
ISVNAuthenticationManager authManager = myRepository.getAuthenticationManager();
if (authManager == null) {
err = request.getErrorMessage();
break;
}
realm = myChallengeCredentials.getChallengeParameter("realm");
realm = realm == null ? "" : " " + realm;
realm =
"<"
+ myHost.getProtocol()
+ "://"
+ myHost.getHost()
+ ":"
+ myHost.getPort()
+ ">"
+ realm;
if (httpAuth == null) {
httpAuth =
authManager.getFirstAuthentication(
ISVNAuthenticationManager.PASSWORD, realm, myRepository.getLocation());
} else {
authManager.acknowledgeAuthentication(
false,
ISVNAuthenticationManager.PASSWORD,
realm,
request.getErrorMessage(),
httpAuth);
httpAuth =
authManager.getNextAuthentication(
ISVNAuthenticationManager.PASSWORD, realm, myRepository.getLocation());
}
if (httpAuth == null) {
err = SVNErrorMessage.create(SVNErrorCode.CANCELLED, "HTTP authorization cancelled");
break;
}
if (httpAuth != null) {
myChallengeCredentials.setCredentials((SVNPasswordAuthentication) httpAuth);
}
continue;
} else if (status.getCode() == HttpURLConnection.HTTP_MOVED_PERM
|| status.getCode() == HttpURLConnection.HTTP_MOVED_TEMP) {
close();
String newLocation =
request.getResponseHeader().getFirstHeaderValue(HTTPHeader.LOCATION_HEADER);
if (newLocation == null) {
err = request.getErrorMessage();
break;
}
int hostIndex = newLocation.indexOf("://");
if (hostIndex > 0) {
hostIndex += 3;
hostIndex = newLocation.indexOf("/", hostIndex);
}
if (hostIndex > 0 && hostIndex < newLocation.length()) {
String newPath = newLocation.substring(hostIndex);
if (newPath.endsWith("/")
&& !newPath.endsWith("//")
&& !path.endsWith("/")
&& newPath.substring(0, newPath.length() - 1).equals(path)) {
path += "//";
continue;
}
}
err = request.getErrorMessage();
} else if (request.getErrorMessage() != null) {
err = request.getErrorMessage();
} else {
ntlmProxyAuthIsRequired = false;
ntlmAuthIsRequired = false;
negoAuthIsRequired = false;
}
if (err != null) {
break;
}
if (myIsProxied) {
SVNURL location = myRepository.getLocation();
ISVNAuthenticationManager authManager = myRepository.getAuthenticationManager();
ISVNProxyManager proxyManager =
authManager != null ? authManager.getProxyManager(location) : null;
if (proxyManager != null) {
proxyManager.acknowledgeProxyContext(true, null);
}
}
if (httpAuth != null && realm != null && myRepository.getAuthenticationManager() != null) {
myRepository
.getAuthenticationManager()
.acknowledgeAuthentication(
true, ISVNAuthenticationManager.PASSWORD, realm, null, httpAuth);
}
if (trustManager != null && myRepository.getAuthenticationManager() != null) {
myRepository.getAuthenticationManager().acknowledgeTrustManager(trustManager);
}
if (httpAuth != null) {
myLastValidAuth = httpAuth;
}
status.setHeader(request.getResponseHeader());
return status;
}
// force close on error that was not processed before.
// these are errors that has no relation to http status (processing error or cancellation).
close();
if (err != null
&& err.getErrorCode().getCategory() != SVNErrorCode.RA_DAV_CATEGORY
&& err.getErrorCode() != SVNErrorCode.UNSUPPORTED_FEATURE) {
SVNErrorManager.error(err, SVNLogType.NETWORK);
}
// err2 is another default context...
// myRepository.getDebugLog().info(err.getMessage());
myRepository.getDebugLog().logFine(SVNLogType.NETWORK, new Exception(err.getMessage()));
SVNErrorMessage err2 =
SVNErrorMessage.create(
SVNErrorCode.RA_DAV_REQUEST_FAILED,
"{0} request failed on ''{1}''",
new Object[] {method, path},
err.getType(),
err.getCause());
SVNErrorManager.error(err, err2, SVNLogType.NETWORK);
return null;
}
private void connect(HTTPSSLKeyManager keyManager, TrustManager trustManager)
throws IOException, SVNException {
SVNURL location = myRepository.getLocation();
if (mySocket == null || SVNSocketFactory.isSocketStale(mySocket)) {
close();
String host = location.getHost();
int port = location.getPort();
ISVNAuthenticationManager authManager = myRepository.getAuthenticationManager();
ISVNProxyManager proxyAuth =
authManager != null ? authManager.getProxyManager(location) : null;
int connectTimeout = authManager != null ? authManager.getConnectTimeout(myRepository) : 0;
int readTimeout =
authManager != null ? authManager.getReadTimeout(myRepository) : DEFAULT_HTTP_TIMEOUT;
if (readTimeout < 0) {
readTimeout = DEFAULT_HTTP_TIMEOUT;
}
if (proxyAuth != null && proxyAuth.getProxyHost() != null) {
myRepository
.getDebugLog()
.logFine(
SVNLogType.NETWORK,
"Using proxy " + proxyAuth.getProxyHost() + " (secured=" + myIsSecured + ")");
mySocket =
SVNSocketFactory.createPlainSocket(
proxyAuth.getProxyHost(), proxyAuth.getProxyPort(), connectTimeout, readTimeout);
if (myProxyAuthentication == null) {
myProxyAuthentication =
new HTTPBasicAuthentication(
proxyAuth.getProxyUserName(), proxyAuth.getProxyPassword(), myCharset);
}
myIsProxied = true;
if (myIsSecured) {
HTTPRequest connectRequest = new HTTPRequest(myCharset);
connectRequest.setConnection(this);
connectRequest.initCredentials(myProxyAuthentication, "CONNECT", host + ":" + port);
connectRequest.setProxyAuthentication(myProxyAuthentication.authenticate());
connectRequest.setForceProxyAuth(true);
connectRequest.dispatch("CONNECT", host + ":" + port, null, 0, 0, null);
HTTPStatus status = connectRequest.getStatus();
if (status.getCode() == HttpURLConnection.HTTP_OK) {
myInputStream = null;
myOutputStream = null;
mySocket =
SVNSocketFactory.createSSLSocket(
keyManager != null ? new KeyManager[] {keyManager} : new KeyManager[0],
trustManager,
host,
port,
mySocket,
readTimeout);
proxyAuth.acknowledgeProxyContext(true, null);
return;
}
SVNURL proxyURL =
SVNURL.parseURIEncoded(
"http://" + proxyAuth.getProxyHost() + ":" + proxyAuth.getProxyPort());
SVNErrorMessage err =
SVNErrorMessage.create(
SVNErrorCode.RA_DAV_REQUEST_FAILED,
"{0} request failed on ''{1}''",
new Object[] {"CONNECT", proxyURL});
proxyAuth.acknowledgeProxyContext(false, err);
SVNErrorManager.error(err, connectRequest.getErrorMessage(), SVNLogType.NETWORK);
}
} else {
myIsProxied = false;
myProxyAuthentication = null;
mySocket =
myIsSecured
? SVNSocketFactory.createSSLSocket(
keyManager != null ? new KeyManager[] {keyManager} : new KeyManager[0],
trustManager,
host,
port,
connectTimeout,
readTimeout)
: SVNSocketFactory.createPlainSocket(host, port, connectTimeout, readTimeout);
}
}
}
