From bc41429982f9549d2ee7793aadab252c514c11ff Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Wed, 11 Mar 2026 17:59:58 +0100 Subject: [PATCH] Use environment for cryptomator system properties --- .../java/org/cryptomator/common/Environment.java | 14 ++++++++++++++ .../ui/keyloading/hub/HubKeyLoadingStrategy.java | 16 ++++++++-------- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/cryptomator/common/Environment.java b/src/main/java/org/cryptomator/common/Environment.java index 0a71b28a9..fc6f9e37e 100644 --- a/src/main/java/org/cryptomator/common/Environment.java +++ b/src/main/java/org/cryptomator/common/Environment.java @@ -9,6 +9,7 @@ import org.slf4j.LoggerFactory; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.List; import java.util.Optional; import java.util.Spliterator; import java.util.Spliterators; @@ -34,6 +35,8 @@ public class Environment { private static final String PLUGIN_DIR_PROP_NAME = "cryptomator.pluginDir"; private static final String TRAY_ICON_PROP_NAME = "cryptomator.showTrayIcon"; private static final String DISABLE_UPDATE_CHECK_PROP_NAME = "cryptomator.disableUpdateCheck"; + private static final String ALLOWED_HUB_HOSTS_PROP_NAME = "cryptomator.allowedHubHosts"; + private static final String ALLOW_UNKNOWN_HUB_HOSTS_PROP_NAME = "cryptomator.allowUnknownHubHosts"; private Environment() {} @@ -57,6 +60,8 @@ public class Environment { logCryptomatorSystemProperty(PLUGIN_DIR_PROP_NAME); logCryptomatorSystemProperty(TRAY_ICON_PROP_NAME); logCryptomatorSystemProperty(DISABLE_UPDATE_CHECK_PROP_NAME); + logCryptomatorSystemProperty(ALLOWED_HUB_HOSTS_PROP_NAME); + logCryptomatorSystemProperty(ALLOW_UNKNOWN_HUB_HOSTS_PROP_NAME); } public static Environment getInstance() { @@ -145,6 +150,15 @@ public class Environment { return Boolean.getBoolean(DISABLE_UPDATE_CHECK_PROP_NAME); } + public List allowedHubHosts() { + //TODO: Sanitize? + return List.of(System.getProperty(ALLOWED_HUB_HOSTS_PROP_NAME, "")); + } + + public boolean allowUnknownHubHosts() { + return Boolean.getBoolean(ALLOW_UNKNOWN_HUB_HOSTS_PROP_NAME); + } + private Optional getPath(String propertyName) { String value = System.getProperty(propertyName); return Optional.ofNullable(value).map(Paths::get); diff --git a/src/main/java/org/cryptomator/ui/keyloading/hub/HubKeyLoadingStrategy.java b/src/main/java/org/cryptomator/ui/keyloading/hub/HubKeyLoadingStrategy.java index 8ce015cc1..6fe01e0ae 100644 --- a/src/main/java/org/cryptomator/ui/keyloading/hub/HubKeyLoadingStrategy.java +++ b/src/main/java/org/cryptomator/ui/keyloading/hub/HubKeyLoadingStrategy.java @@ -2,6 +2,7 @@ package org.cryptomator.ui.keyloading.hub; import com.google.common.base.Preconditions; import dagger.Lazy; +import org.cryptomator.common.Environment; import org.cryptomator.common.FilesystemOwnerSupplier; import org.cryptomator.common.keychain.KeychainManager; import org.cryptomator.common.keychain.NoKeychainAccessProviderException; @@ -73,8 +74,7 @@ public class HubKeyLoadingStrategy implements KeyLoadingStrategy, FilesystemOwne var jwe = result.get(); return jwe.decryptMasterkey(keypair.getPrivate()); } else { - //TODO: sanitze this shit - var showUnknownHubHostDialog = Boolean.getBoolean(System.getProperty("cryptomator.allowUnknownHubHosts", "false")); + var showUnknownHubHostDialog = Environment.getInstance().allowUnknownHubHosts(); //TODO show window throw new MasterkeyLoadingFailedException("Unknown hub host in vault config"); } @@ -118,14 +118,14 @@ public class HubKeyLoadingStrategy implements KeyLoadingStrategy, FilesystemOwne private boolean configContainsAllowedHosts() { var allowedHubHostsString = System.getProperty("cryptomator.allowedHubHosts", ""); - //https://example.com,https://foo.bar - var allowedHubHosts = Arrays.stream(allowedHubHostsString.split(",")).map(String::trim).toList(); + //https://example.com,http://foo.bar:3333 + var allowedHubHosts = Arrays.stream(allowedHubHostsString.split(",")).map(String::trim).toList(); //foo.bar - var expectedHubHubHost = URI.create(hubConfig.authSuccessUrl).getHost(); //apiBaseURL could be null! hence, the authSuccessUrl - var expectedHubAuthHost = URI.create(hubConfig.authEndpoint).getHost(); + var expectedHubHubAuthorities = URI.create(hubConfig.authSuccessUrl).getAuthority(); //apiBaseURL could be null! hence, the authSuccessUrl + var expectedHubAuthAuthorities = URI.create(hubConfig.authEndpoint).getAuthority(); //are the hosts also allowed? - var isHubHubHostAllowed = allowedHubHosts.stream().anyMatch(host -> host.contains(expectedHubHubHost)); - var isHubAuthHostAllowed = allowedHubHosts.stream().anyMatch(host -> host.contains(expectedHubAuthHost)); + var isHubHubHostAllowed = allowedHubHosts.stream().anyMatch(expectedHubHubAuthorities::equals); + var isHubAuthHostAllowed = allowedHubHosts.stream().anyMatch(expectedHubAuthAuthorities::equals); return isHubAuthHostAllowed && isHubHubHostAllowed; }