Examples of org.tmatesoft.svn.core.auth.ISVNSSLManager

org.tmatesoft.svn.core.auth.ISVNSSLManager
e's a risk that passwords (in the case of a BASIC authentication they are transmitted as a plain text) may be sniffed by a malefactor. SSL manager provides a secure connection encrypting all data i/o over a socket.
To get an SSL manager to access a particular repository use the {@link ISVNAuthenticationManager#getSSLManager(SVNURL) getSSLManager()} method of an authentication manager.
A default implementation of ISVNSSLManager (that comes along with a default implementation of ISVNAuthenticationManager - org.tmatesoft.svn.core.internal.wc.DefaultSVNAuthenticationManager) uses ssl options from the standard servers file (it can be found in the Subversion runtime configuration area - read more {@link org.tmatesoft.svn.core.wc.ISVNOptions here}). That is to accept a server certificate, it first looks for the "trusted" CA sertificate in the in-memory runtime auth storage (see {@link ISVNAuthenticationStorage}). If the one is not found, it then tries to find it in the disk auth storage in the runtime config area. Also if the "ssl-trust-default-ca" is set to "yes", then SVNKit will trust those CAs found in the JDK "JKS" KeyStore. User certificates are also got from the options in the servers file.
An SSL manager is invoked when a user tries to access a repository via the https:// protocol. @version 1.1.1 @author TMate Software Ltd. @see ISVNAuthenticationManager

        if ("".equals(path) || path == null) {
            path = "/";
        }
        
        // 1. prompt for ssl client cert if needed, if cancelled - throw cancellation exception.
        ISVNSSLManager sslManager = mySSLManager != null ? mySSLManager : promptSSLClientCertificate(true, false);
        String sslRealm = "<" + myHost.getProtocol() + "://" + myHost.getHost() + ":" + myHost.getPort() + ">";
        SVNAuthentication httpAuth = myLastValidAuth;
        boolean isAuthForced = myRepository.getAuthenticationManager() != null ? myRepository.getAuthenticationManager().isAuthenticationForced() : false;
        if (httpAuth == null && isAuthForced) {
            httpAuth = myRepository.getAuthenticationManager().getFirstAuthentication(ISVNAuthenticationManager.PASSWORD, sslRealm, null);
            myChallengeCredentials = new HTTPBasicAuthentication((SVNPasswordAuthentication)httpAuth, myCharset);
        } 
        String realm = null;


        // 2. create request instance.
        HTTPRequest request = new HTTPRequest(myCharset);
        request.setConnection(this);
        request.setKeepAlive(true);
        request.setRequestBody(body);
        request.setResponseHandler(handler);
        request.setResponseStream(dst);
        
        SVNErrorMessage err = null;


        while (true) {
            HTTPStatus status = null;
            try {
                err = null;
                connect(sslManager);
                request.reset();
                request.setProxied(myIsProxied);
                request.setSecured(myIsSecured);
                if (myProxyAuthentication != null) {
                    request.initCredentials(myProxyAuthentication, method, path);
                    request.setProxyAuthentication(myProxyAuthentication.authenticate());
                }
                if (httpAuth != null && myChallengeCredentials != null) {
                    request.initCredentials(myChallengeCredentials, method, path);
                    String authResponse = myChallengeCredentials.authenticate();
                    request.setAuthentication(authResponse);
                }
                request.dispatch(method, path, header, ok1, ok2, context);
                status = request.getStatus();
            } catch (SSLHandshakeException ssl) {
                myRepository.getDebugLog().info(ssl);
                if (ssl.getCause() instanceof CertificateException &&
                        ssl.getCause().getCause() instanceof SVNCancelException) {
                    SVNErrorManager.cancel(ssl.getCause().getCause().getMessage());
                }
                if (sslManager != null) {
                    close();
                    SVNSSLAuthentication sslAuth = sslManager.getClientAuthentication();
                    if (sslAuth != null) {
                        SVNErrorMessage sslErr = SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "SSL handshake failed: ''{0}''", ssl.getMessage());
                        myRepository.getAuthenticationManager().acknowledgeAuthentication(false, ISVNAuthenticationManager.SSL, sslRealm, sslErr, sslAuth);
                    }
                    sslManager = promptSSLClientCertificate(sslAuth == null, true);
                    continue;
                }
                err = SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, ssl);
            } catch (UnknownHostException ioe) {
                myRepository.getDebugLog().info(ioe);
                err = SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, ioe);
            } catch (SocketTimeoutException timeout) {
                myRepository.getDebugLog().info(timeout);
                err = SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, "timed out waiting for server");
            } catch (SVNCancellableOutputStream.IOCancelException cancel) {
                myRepository.getDebugLog().info(cancel);
                SVNErrorManager.cancel(cancel.getMessage());
            } catch (IOException e) {
                myRepository.getDebugLog().info(e);
                if (sslManager != null) {
                    close();
                    SVNSSLAuthentication sslAuth = sslManager.getClientAuthentication();
                    if (sslAuth != null) {
                        SVNErrorMessage sslErr = SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "SSL handshake failed: ''{0}''", e.getMessage());
                        myRepository.getAuthenticationManager().acknowledgeAuthentication(false, ISVNAuthenticationManager.SSL, sslRealm, sslErr, sslAuth);
                    }
                    sslManager = promptSSLClientCertificate(sslAuth == null, true);
                    continue;
                }
                err = SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, e.getMessage());
            } catch (SVNException e) {
                myRepository.getDebugLog().info(e);
                // force connection close on SVNException 
                // (could be thrown by user's auth manager methods).
                close();
                throw e;
            } finally {
                finishResponse(request);                
            }
            if (err != null) {
                close();
                if (sslManager != null) {
                    sslManager.acknowledgeSSLContext(false, err);
                }
                break;
            }
            if (sslManager != null) {
                sslManager.acknowledgeSSLContext(true, null);
                SVNSSLAuthentication sslAuth = sslManager.getClientAuthentication();
                if (sslAuth != null) {
                    mySSLManager = sslManager;
                    myRepository.getAuthenticationManager().acknowledgeAuthentication(true, ISVNAuthenticationManager.SSL, sslRealm, null, sslAuth);
                }
            }

View Full Code Here

    }


    private ISVNSSLManager promptSSLClientCertificate(boolean firstAuth, boolean onError) throws SVNException {
        SVNURL location = myRepository.getLocation();
        ISVNAuthenticationManager authManager = myRepository.getAuthenticationManager();
        ISVNSSLManager sslManager = null;
        SVNSSLAuthentication sslAuth = null;
        String sslRealm = "<" + location.getProtocol() + "://" + location.getHost() + ":" + location.getPort() + ">";
        if (myIsSecured) {
            sslManager = authManager != null ? authManager.getSSLManager(location) : null;
        }
        if (authManager != null && sslManager != null && 
                (onError || sslManager.isClientCertPromptRequired() || (firstAuth && sslManager.getClientCertLoadingError() != null))) {
            // prompt if there is error or prompt has been forced.
            while(true) {
                if (firstAuth) {
                    sslAuth = (SVNSSLAuthentication) authManager.getFirstAuthentication(ISVNAuthenticationManager.SSL, sslRealm, location);
                } else {
                    sslAuth = (SVNSSLAuthentication) authManager.getNextAuthentication(ISVNAuthenticationManager.SSL, sslRealm, location);
                }
                if (sslAuth == null) {
                    SVNErrorManager.cancel("SSL authentication with client certificate cancelled");
                }
                // this will set error.
                sslManager.setClientAuthentication(sslAuth);
                if (sslManager.getClientCertLoadingError() != null) {
                    sslManager.acknowledgeSSLContext(false, SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, sslManager.getClientCertLoadingError().getMessage()));
                    // prompt again.
                    continue;
                }
                break;
            }

View Full Code Here

TOP

Related Classes of org.tmatesoft.svn.core.auth.ISVNSSLManager

org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.