1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
|
/*
* Copyright 2000-2013 JetBrains s.r.o.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jetbrains.idea.svn.auth;
import com.intellij.openapi.application.ModalityState;
import com.intellij.openapi.diagnostic.Logger;
import com.intellij.openapi.ui.MessageType;
import com.intellij.openapi.ui.popup.util.PopupUtil;
import com.intellij.openapi.util.Getter;
import com.intellij.openapi.util.Pair;
import com.intellij.openapi.util.Ref;
import com.intellij.openapi.util.io.FileUtil;
import com.intellij.util.WaitForProgressToShow;
import com.intellij.util.containers.ContainerUtil;
import com.intellij.util.net.HttpConfigurable;
import com.intellij.util.proxy.CommonProxy;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jetbrains.idea.svn.SvnBundle;
import org.jetbrains.idea.svn.SvnConfiguration;
import org.jetbrains.idea.svn.SvnVcs;
import org.jetbrains.idea.svn.commandLine.AuthenticationCallback;
import org.jetbrains.idea.svn.dialogs.SimpleCredentialsDialog;
import org.tmatesoft.svn.core.SVNURL;
import org.tmatesoft.svn.core.auth.ISVNAuthenticationManager;
import org.tmatesoft.svn.core.auth.SVNAuthentication;
import java.io.File;
import java.io.IOException;
import java.net.*;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Set;
/**
* Created with IntelliJ IDEA.
* User: Irina.Chernushina
* Date: 2/26/13
* Time: 1:27 PM
*/
public class IdeaSvnkitBasedAuthenticationCallback implements AuthenticationCallback {
@NotNull private final SvnVcs myVcs;
private static final Logger LOG = Logger.getInstance(IdeaSvnkitBasedAuthenticationCallback.class);
private File myTempDirectory;
private boolean myProxyCredentialsWereReturned;
private SvnConfiguration myConfiguration;
private final Set<String> myRequestedCredentials;
public IdeaSvnkitBasedAuthenticationCallback(@NotNull SvnVcs vcs) {
myVcs = vcs;
myConfiguration = SvnConfiguration.getInstance(myVcs.getProject());
myRequestedCredentials = ContainerUtil.newHashSet();
}
@NotNull
public SvnVcs getVcs() {
return myVcs;
}
@Nullable
public File getTempDirectory() {
return myTempDirectory;
}
@Override
public boolean authenticateFor(String realm, SVNURL repositoryUrl, boolean previousFailed, boolean passwordRequest) {
if (repositoryUrl == null) {
return false;
}
return new CredentialsAuthenticator(this, repositoryUrl, realm).tryAuthenticate(passwordRequest);
}
@Nullable
@Override
public SVNAuthentication requestCredentials(final SVNURL repositoryUrl, final String type) {
SVNAuthentication authentication = null;
if (repositoryUrl != null) {
final String realm = repositoryUrl.toDecodedString();
authentication = requestCredentials(realm, type, new Getter<Pair<SVNAuthentication, Boolean>>() {
@Override
public Pair<SVNAuthentication, Boolean> get() {
SVNAuthentication result = myVcs.getSvnConfiguration().getInteractiveManager(myVcs).getInnerProvider()
.requestClientAuthentication(type, repositoryUrl, realm, null, null, true);
return new Pair<SVNAuthentication, Boolean>(result, true);
}
});
}
if (authentication == null) {
LOG.warn("Could not get authentication. Type - " + type + ", Url - " + repositoryUrl);
}
return authentication;
}
@Nullable
private <T> T requestCredentials(@NotNull String realm, @NotNull String type, @NotNull Getter<Pair<T, Boolean>> fromUserProvider) {
T result;
// Search for stored credentials not only by key but also by "parent" keys. This is useful when we work just with URLs
// (not working copy) and can't detect repository url beforehand because authentication is required. If found credentials of "parent"
// are not correct then current key will already be stored in myRequestedCredentials - thus user will be asked for credentials and
// provided result will be stored in cache (with necessary key).
Object data = SvnConfiguration.RUNTIME_AUTH_CACHE.getDataWithLowerCheck(type, realm);
String key = SvnConfiguration.AuthStorage.getKey(type, realm);
// we return credentials from cache if they are asked for the first time during command execution, otherwise - user is asked
if (data != null && !myRequestedCredentials.contains(key)) {
// we already have credentials in memory cache
result = (T)data;
myRequestedCredentials.add(key);
}
else {
// ask user for credentials
Pair<T, Boolean> userData = fromUserProvider.get();
result = userData.first;
if (result != null && userData.second) {
// save user credentials to memory cache
myVcs.getSvnConfiguration().acknowledge(type, realm, result);
myRequestedCredentials.add(key);
}
}
return result;
}
@Override
@Nullable
public String requestSshCredentials(@NotNull final String realm,
@NotNull final SimpleCredentialsDialog.Mode mode,
@NotNull final String key) {
return requestCredentials(realm, ISVNAuthenticationManager.SSH, new Getter<Pair<String, Boolean>>() {
@Override
public Pair<String, Boolean> get() {
final Ref<String> answer = new Ref<String>();
Runnable command = new Runnable() {
public void run() {
SimpleCredentialsDialog dialog = new SimpleCredentialsDialog(myVcs.getProject());
dialog.setup(mode, realm, key, true);
dialog.setTitle(SvnBundle.message("dialog.title.authentication.required"));
dialog.setSaveEnabled(false);
dialog.show();
if (dialog.isOK()) {
answer.set(dialog.getPassword());
}
}
};
// Use ModalityState.any() as currently ssh credentials in terminal mode are requested in the thread that reads output and not in
// the thread that started progress
WaitForProgressToShow.runOrInvokeAndWaitAboveProgress(command, ModalityState.any());
return new Pair<String, Boolean>(answer.get(), true);
}
});
}
@Override
public boolean acceptSSLServerCertificate(final SVNURL repositoryUrl, final String realm) {
if (repositoryUrl == null) {
return false;
}
return new SSLServerCertificateAuthenticator(this, repositoryUrl, realm).tryAuthenticate();
}
@Override
public void clearPassiveCredentials(String realm, SVNURL repositoryUrl, boolean password) {
if (repositoryUrl == null) {
return;
}
final SvnConfiguration configuration = SvnConfiguration.getInstance(myVcs.getProject());
final List<String> kinds = getKinds(repositoryUrl, password);
for (String kind : kinds) {
configuration.clearCredentials(kind, realm);
}
}
@Override
public boolean haveDataForTmpConfig() {
final HttpConfigurable instance = HttpConfigurable.getInstance();
return SvnConfiguration.getInstance(myVcs.getProject()).isIsUseDefaultProxy() &&
(instance.USE_HTTP_PROXY || instance.USE_PROXY_PAC);
}
@Nullable
public static Proxy getIdeaDefinedProxy(@NotNull final SVNURL url) {
// SVNKit authentication implementation sets repositories as noProxy() to provide custom proxy authentication logic - see for instance,
// SvnAuthenticationManager.getProxyManager(). But noProxy() setting is not cleared correctly in all cases - so if svn command
// (for command line) is executed on thread where repository url was added as noProxy() => proxies are not retrieved for such commands
// and execution logic is incorrect.
// To prevent such behavior repositoryUrl is manually removed from noProxy() list (for current thread).
// NOTE, that current method is only called from code flows for executing commands through command line client and should not be called
// from SVNKit code flows.
CommonProxy.getInstance().removeNoProxy(url.getProtocol(), url.getHost(), url.getPort());
final List<Proxy> proxies = CommonProxy.getInstance().select(URI.create(url.toString()));
if (proxies != null && !proxies.isEmpty()) {
for (Proxy proxy : proxies) {
if (HttpConfigurable.isRealProxy(proxy) && Proxy.Type.HTTP.equals(proxy.type())) {
return proxy;
}
}
}
return null;
}
@Override
@Nullable
public PasswordAuthentication getProxyAuthentication(@NotNull SVNURL repositoryUrl) {
Proxy proxy = getIdeaDefinedProxy(repositoryUrl);
PasswordAuthentication result = null;
if (proxy != null) {
if (myProxyCredentialsWereReturned) {
showFailedAuthenticateProxy();
}
else {
result = getProxyAuthentication(proxy, repositoryUrl);
myProxyCredentialsWereReturned = result != null;
}
}
return result;
}
private static void showFailedAuthenticateProxy() {
HttpConfigurable instance = HttpConfigurable.getInstance();
String message = instance.USE_HTTP_PROXY || instance.USE_PROXY_PAC
? "Failed to authenticate to proxy. You can change proxy credentials in HTTP proxy settings."
: "Failed to authenticate to proxy.";
PopupUtil.showBalloonForActiveComponent(message, MessageType.ERROR);
}
@Nullable
private static PasswordAuthentication getProxyAuthentication(@NotNull Proxy proxy, @NotNull SVNURL repositoryUrl) {
PasswordAuthentication result = null;
try {
result = Authenticator.requestPasswordAuthentication(repositoryUrl.getHost(), ((InetSocketAddress)proxy.address()).getAddress(),
repositoryUrl.getPort(), repositoryUrl.getProtocol(), repositoryUrl.getHost(),
repositoryUrl.getProtocol(), new URL(repositoryUrl.toString()),
Authenticator.RequestorType.PROXY);
}
catch (MalformedURLException e) {
LOG.info(e);
}
return result;
}
public void reset() {
if (myTempDirectory != null) {
FileUtil.delete(myTempDirectory);
}
}
@NotNull
public static List<String> getKinds(final SVNURL url, boolean passwordRequest) {
if (passwordRequest || "http".equals(url.getProtocol())) {
return Collections.singletonList(ISVNAuthenticationManager.PASSWORD);
}
else if ("https".equals(url.getProtocol())) {
return Collections.singletonList(ISVNAuthenticationManager.SSL);
}
else if ("svn".equals(url.getProtocol())) {
return Collections.singletonList(ISVNAuthenticationManager.PASSWORD);
}
else if (url.getProtocol().contains("svn+")) { // todo +-
return Arrays.asList(ISVNAuthenticationManager.SSH, ISVNAuthenticationManager.USERNAME);
}
return Collections.singletonList(ISVNAuthenticationManager.USERNAME);
}
@Nullable
@Override
public File getSpecialConfigDir() {
return myTempDirectory != null ? myTempDirectory : new File(myConfiguration.getConfigurationDirectory());
}
public void initTmpDir(SvnConfiguration configuration) throws IOException {
if (myTempDirectory == null) {
myTempDirectory = FileUtil.createTempDirectory("tmp", "Subversion");
FileUtil.copyDir(new File(configuration.getConfigurationDirectory()), myTempDirectory);
}
}
}
|
