}
}
err = SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "HTTP proxy authorization failed");
SVNURL location = myRepository.getLocation();
ISVNAuthenticationManager authManager = myRepository.getAuthenticationManager();
ISVNProxyManager proxyManager = authManager != null ? authManager.getProxyManager(location) : null;
if (proxyManager != null) {
proxyManager.acknowledgeProxyContext(false, err);
}
close();
break;
} else if (status.getCode() == HttpURLConnection.HTTP_UNAUTHORIZED) {
authAttempts++;//how many times did we try?
Collection authHeaderValues = request.getResponseHeader().getHeaderValues(HTTPHeader.AUTHENTICATE_HEADER);
if (authHeaderValues == null || authHeaderValues.size() == 0) {
err = request.getErrorMessage();
status.setError(SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, err.getMessageTemplate(), err.getRelatedObjects()));
if ("LOCK".equalsIgnoreCase(method)) {
status.getError().setChildErrorMessage(SVNErrorMessage.create(SVNErrorCode.UNSUPPORTED_FEATURE,
"Probably you are trying to lock file in repository that only allows anonymous access"));
}
SVNErrorManager.error(status.getError(), SVNLogType.NETWORK);
return status;
}
//we should work around a situation when a server
//does not support Basic authentication while we're
//forcing it, credentials should not be immediately
//thrown away
boolean skip = false;
isAuthForced = myRepository.getAuthenticationManager() != null ? myRepository.getAuthenticationManager().isAuthenticationForced() : false;
if (isAuthForced) {
if (httpAuth != null && myChallengeCredentials != null && !HTTPAuthentication.isSchemeSupportedByServer(myChallengeCredentials.getAuthenticationScheme(), authHeaderValues)) {
skip = true;
}
}
try {
myChallengeCredentials = HTTPAuthentication.parseAuthParameters(authHeaderValues, myChallengeCredentials, myCharset);
} catch (SVNException svne) {
err = svne.getErrorMessage();
break;
}
myChallengeCredentials.setChallengeParameter("methodname", method);
myChallengeCredentials.setChallengeParameter("uri", HTTPParser.getCanonicalPath(path, null).toString());
if (skip) {
close();
continue;
}
HTTPNTLMAuthentication ntlmAuth = null;
HTTPNegotiateAuthentication negoAuth = null;
if (myChallengeCredentials instanceof HTTPNTLMAuthentication) {
ntlmAuthIsRequired = true;
ntlmAuth = (HTTPNTLMAuthentication)myChallengeCredentials;
if (ntlmAuth.isInType3State()) {
continue;
}
} else if (myChallengeCredentials instanceof HTTPDigestAuthentication) {
// continue (retry once) if previous request was acceppted?
if (myLastValidAuth != null) {
myLastValidAuth = null;
continue;
}
} else if (myChallengeCredentials instanceof HTTPNegotiateAuthentication) {
negoAuthIsRequired = true;
negoAuth = (HTTPNegotiateAuthentication)myChallengeCredentials;
if (negoAuth.isStarted()) {
continue;
}
}
myLastValidAuth = null;
if (ntlmAuth != null && ntlmAuth.isNative() && authAttempts == 1) {
/*
* if this is the first time we get HTTP_UNAUTHORIZED, NTLM is the target auth scheme
* and JNA is available, we should try a native auth mechanism first without calling
* auth providers.
*/
continue;
}
if (negoAuth != null && !negoAuth.needsLogin()) {
continue;
}
ISVNAuthenticationManager authManager = myRepository.getAuthenticationManager();
if (authManager == null) {
err = request.getErrorMessage();
break;
}
realm = myChallengeCredentials.getChallengeParameter("realm");
realm = realm == null ? "" : " " + realm;
realm = "<" + myHost.getProtocol() + "://" + myHost.getHost() + ":" + myHost.getPort() + ">" + realm;
if (httpAuth == null) {
httpAuth = authManager.getFirstAuthentication(ISVNAuthenticationManager.PASSWORD, realm, myRepository.getLocation());
} else if (authAttempts >= requestAttempts) {
authManager.acknowledgeAuthentication(false, ISVNAuthenticationManager.PASSWORD, realm, request.getErrorMessage(), httpAuth);
httpAuth = authManager.getNextAuthentication(ISVNAuthenticationManager.PASSWORD, realm, myRepository.getLocation());
}
if (httpAuth == null) {
err = SVNErrorMessage.create(SVNErrorCode.CANCELLED, "HTTP authorization cancelled");
break;
}
if (httpAuth != null) {
myChallengeCredentials.setCredentials((SVNPasswordAuthentication) httpAuth);
}
continue;
} else if (status.getCode() == HttpURLConnection.HTTP_MOVED_PERM || status.getCode() == HttpURLConnection.HTTP_MOVED_TEMP) {
close();
String newLocation = request.getResponseHeader().getFirstHeaderValue(HTTPHeader.LOCATION_HEADER);
if (newLocation == null) {
err = request.getErrorMessage();
break;
}
int hostIndex = newLocation.indexOf("://");
if (hostIndex > 0) {
hostIndex += 3;
hostIndex = newLocation.indexOf("/", hostIndex);
}
if (hostIndex > 0 && hostIndex < newLocation.length()) {
String newPath = newLocation.substring(hostIndex);
if (newPath.endsWith("/") &&
!newPath.endsWith("//") && !path.endsWith("/") &&
newPath.substring(0, newPath.length() - 1).equals(path)) {
path += "//";
continue;
}
}
err = request.getErrorMessage();
} else if (request.getErrorMessage() != null) {
err = request.getErrorMessage();
} else {
ntlmProxyAuthIsRequired = false;
ntlmAuthIsRequired = false;
negoAuthIsRequired = false;
}
if (err != null) {
break;
}
if (myIsProxied) {
SVNURL location = myRepository.getLocation();
ISVNAuthenticationManager authManager = myRepository.getAuthenticationManager();
ISVNProxyManager proxyManager = authManager != null ? authManager.getProxyManager(location) : null;
if (proxyManager != null) {
proxyManager.acknowledgeProxyContext(true, null);
}
}