Skip to content

Commit

Permalink
O365: dropping all workaroungs for OpenJFX bugs that should be fixed …
Browse files Browse the repository at this point in the history 
…in recent versions

git-svn-id: https://svn.code.sf.net/p/davmail/code/trunk@3561 3d1905a2-6b24-0410-a738-b14d5a86fcbd
  • Loading branch information
@mguessan
mguessan committed Apr 19, 2024
1 parent 49e3c16 commit 811b0c5
Showing 1 changed file with 20 additions and 98 deletions.
118 changes: 20 additions & 98 deletions src/java/davmail/exchange/auth/O365InteractiveAuthenticatorFrame.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@
import davmail.BundleMessage;
import davmail.Settings;
import davmail.ui.tray.DavGatewayTray;
import davmail.util.IOUtil;
import javafx.application.Platform;
import javafx.concurrent.Worker;
import javafx.embed.swing.JFXPanel;
Expand All @@ -44,8 +43,11 @@
import java.awt.*;
import java.awt.event.WindowAdapter;
import java.awt.event.WindowEvent;
import java.io.*;
import java.net.*;
import java.io.ByteArrayOutputStream;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLStreamHandler;
import java.nio.charset.StandardCharsets;

/**
Expand All @@ -59,103 +61,23 @@ public class O365InteractiveAuthenticatorFrame extends JFrame {

static {
// register a stream handler for msauth protocol
try {
URL.setURLStreamHandlerFactory((String protocol) -> {
if ("msauth".equals(protocol) || "urn".equals(protocol)) {
return new URLStreamHandler() {
@Override
protected URLConnection openConnection(URL u) {
return new URLConnection(u) {
@Override
public void connect() {
// ignore
}
};
}
};
} else if ("https".equals(protocol)) {

// internal class override required to implement some workarounds on OpenJFX issues
return new sun.net.www.protocol.https.Handler() {
@Override
protected URLConnection openConnection(URL url) throws IOException {
return openConnection(url, null);
}

@Override
protected URLConnection openConnection(URL url, Proxy proxy) throws IOException {
LOGGER.debug("openConnection " + url);

if (url.toExternalForm().endsWith("/handlers/watson")) {
LOGGER.warn("Failed: form calls watson");
}
if (url.getPath().equals("/common/fido/get")) {
LOGGER.warn("FIDO authentication not supported");
}
final HttpURLConnection httpsURLConnection = (HttpURLConnection) super.openConnection(url, proxy);

// no longer apply the disable integrity check workaround by default, fixed in openjfx
if (Settings.getBooleanProperty("davmail.ssl.disableIntegrityCheck", false) &&
(("login.microsoftonline.com".equals(url.getHost()) && url.getPath().endsWith("/oauth2/authorize"))
|| ("login.live.com".equals(url.getHost()) && "/oauth20_authorize.srf".equals(url.getPath()))
|| ("login.live.com".equals(url.getHost()) && "/ppsecure/post.srf".equals(url.getPath()))
|| ("login.microsoftonline.com".equals(url.getHost()) && "/login.srf".equals(url.getPath()))
|| ("login.microsoftonline.com".equals(url.getHost()) && url.getPath().endsWith("/login"))
|| ("login.microsoftonline.com".equals(url.getHost()) && url.getPath().endsWith("/SAS/ProcessAuth"))
|| ("login.microsoftonline.com".equals(url.getHost()) && url.getPath().endsWith("/federation/oauth2"))
// v2 OIDC endpoint
|| ("login.microsoftonline.com".equals(url.getHost()) && url.getPath().endsWith("/oauth2/v2.0/authorize"))
// Okta authentication form /oauth2/v2.0/authorize
|| (url.getHost().endsWith(".okta.com") &&
!url.getPath().startsWith("/api/v1/authn")))
) {
LOGGER.debug("Disable integrity check on external resources at " + url);

return new HttpURLConnectionWrapper(httpsURLConnection, url) {
@Override
public InputStream getInputStream() throws IOException {
byte[] content = IOUtil.readFully(httpsURLConnection.getInputStream());
String contentAsString = new String(content, StandardCharsets.UTF_8)
.replaceAll("integrity ?=", "integrity.disabled=")
.replace("setAttribute(\"integrity\"", "setAttribute(\"integrity.disabled\"");
LOGGER.debug(contentAsString);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
baos.write(contentAsString.getBytes(StandardCharsets.UTF_8));
return new ByteArrayInputStream(baos.toByteArray());
}

@Override
public void setRequestProperty(String key, String value) {
if ("Accept-Encoding".equals(key)) {
LOGGER.debug("Ignore Accept-Encoding");
} else {
httpURLConnection.setRequestProperty(key, value);
}
}

@Override
public void addRequestProperty(String key, String value) {
if ("Accept-Encoding".equals(key)) {
LOGGER.debug("Ignore Accept-Encoding");
} else {
httpURLConnection.setRequestProperty(key, value);
}
}
};

} else {
return new HttpURLConnectionWrapper(httpsURLConnection, url);
URL.setURLStreamHandlerFactory((String protocol) -> {
if ("msauth".equals(protocol) || "urn".equals(protocol)) {
return new URLStreamHandler() {
@Override
protected URLConnection openConnection(URL u) {
return new URLConnection(u) {
@Override
public void connect() {
// ignore
}
}

};
}
return null;
};
}
};
}
);
} catch (IllegalAccessError t) {
LOGGER.warn("Unable to register protocol handler, use --add-exports java.base/sun.net.www.protocol.https=ALL-UNNAMED");
}
return null;
}
);
}

String location;
Expand Down

0 comments on commit 811b0c5

Please sign in to comment.