package org.tmatesoft.svn.core.internal.io.dav.http;

import java.io.File;
import java.io.InputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.tmatesoft.svn.core.SVNErrorCode;
import org.tmatesoft.svn.core.SVNErrorMessage;
import org.tmatesoft.svn.core.SVNException;
import org.tmatesoft.svn.core.SVNURL;
import org.tmatesoft.svn.core.auth.ISVNAuthenticationManager;
import org.tmatesoft.svn.core.auth.SVNSSLAuthentication;
import org.tmatesoft.svn.core.internal.wc.SVNErrorManager;
import org.tmatesoft.svn.core.internal.wc.SVNFileUtil;
import org.tmatesoft.svn.util.SVNDebugLog;
import org.tmatesoft.svn.util.SVNLogType;

/* loaded from: input_file:lib/modeshape-connector-svn-2.8.2.Final-jar-with-dependencies.jar:org/tmatesoft/svn/core/internal/io/dav/http/HTTPSSLKeyManager.class */
public final class HTTPSSLKeyManager implements X509KeyManager {
    private final ISVNAuthenticationManager authenticationManager;
    private final String realm;
    private final SVNURL url;
    private KeyManager[] myKeyManagers;
    private SVNSSLAuthentication myAuthentication;
    private Exception myException;

    public static KeyManager[] loadClientCertificate(File file, String str) throws SVNException {
        SVNException sVNException;
        char[] cArr = null;
        if (str != null) {
            cArr = str.toCharArray();
        }
        InputStream openFileForReading = SVNFileUtil.openFileForReading(file, SVNLogType.NETWORK);
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                if (keyStore != null) {
                    keyStore.load(openFileForReading, cArr);
                }
                KeyManager[] keyManagerArr = null;
                if (keyStore != null) {
                    try {
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                        if (keyManagerFactory != null) {
                            keyManagerFactory.init(keyStore, cArr);
                            keyManagerArr = keyManagerFactory.getKeyManagers();
                        }
                    } catch (Throwable th) {
                        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, th);
                        throw new SVNException(SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, th.getMessage()), th);
                    }
                }
                return keyManagerArr;
            } finally {
            }
        } finally {
            SVNFileUtil.closeFile(openFileForReading);
        }
    }

    public HTTPSSLKeyManager(ISVNAuthenticationManager iSVNAuthenticationManager, String str, SVNURL svnurl) {
        this.authenticationManager = iSVNAuthenticationManager;
        this.realm = str;
        this.url = svnurl;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            String[] clientAliases = ((X509KeyManager) it.next()).getClientAliases(str, principalArr);
            if (clientAliases != null) {
                return clientAliases;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            String chooseClientAlias = ((X509KeyManager) it.next()).chooseClientAlias(strArr, principalArr, socket);
            if (chooseClientAlias != null) {
                return chooseClientAlias;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            String[] serverAliases = ((X509KeyManager) it.next()).getServerAliases(str, principalArr);
            if (serverAliases != null) {
                return serverAliases;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            String chooseServerAlias = ((X509KeyManager) it.next()).chooseServerAlias(str, principalArr, socket);
            if (chooseServerAlias != null) {
                return chooseServerAlias;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            X509Certificate[] certificateChain = ((X509KeyManager) it.next()).getCertificateChain(str);
            if (certificateChain != null) {
                return certificateChain;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (!initializeNoException()) {
            return null;
        }
        Iterator it = getX509KeyManagers(this.myKeyManagers).iterator();
        while (it.hasNext()) {
            PrivateKey privateKey = ((X509KeyManager) it.next()).getPrivateKey(str);
            if (privateKey != null) {
                return privateKey;
            }
        }
        return null;
    }

    public Exception getException() {
        return this.myException;
    }

    public void acknowledgeAndClearAuthentication(SVNErrorMessage sVNErrorMessage) throws SVNException {
        if (this.myAuthentication != null) {
            this.authenticationManager.acknowledgeAuthentication(sVNErrorMessage == null, ISVNAuthenticationManager.SSL, this.realm, sVNErrorMessage, this.myAuthentication);
        }
        this.myAuthentication = null;
        if (sVNErrorMessage != null) {
            this.myKeyManagers = null;
        }
        Exception exc = this.myException;
        this.myException = null;
        if (exc instanceof SVNException) {
            throw ((SVNException) exc);
        }
        if (exc != null) {
            throw new SVNException(SVNErrorMessage.UNKNOWN_ERROR_MESSAGE, exc);
        }
    }

    private boolean initializeNoException() {
        try {
            boolean initialize = initialize();
            this.myException = null;
            return initialize;
        } catch (Exception e) {
            this.myException = e;
            return false;
        }
    }

    private boolean initialize() throws SVNException {
        if (this.myKeyManagers != null) {
            return true;
        }
        boolean z = true;
        while (true) {
            if (z) {
                this.myAuthentication = (SVNSSLAuthentication) this.authenticationManager.getFirstAuthentication(ISVNAuthenticationManager.SSL, this.realm, this.url);
                z = false;
            } else {
                this.myAuthentication = (SVNSSLAuthentication) this.authenticationManager.getNextAuthentication(ISVNAuthenticationManager.SSL, this.realm, this.url);
            }
            if (this.myAuthentication == null) {
                SVNErrorManager.cancel("SSL authentication with client certificate cancelled", SVNLogType.NETWORK);
            }
            try {
                this.myKeyManagers = loadClientCertificate(this.myAuthentication.getCertificateFile(), this.myAuthentication.getPassword());
                return true;
            } catch (SVNException e) {
                this.authenticationManager.acknowledgeAuthentication(false, ISVNAuthenticationManager.SSL, this.realm, SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "SSL handshake failed: ''{0}''", new Object[]{e.getMessage()}, 0, e.getCause()), this.myAuthentication);
            }
        }
    }

    private static List getX509KeyManagers(KeyManager[] keyManagerArr) {
        ArrayList arrayList = new ArrayList();
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                arrayList.add(keyManager);
            }
        }
        return arrayList;
    }
}
