[F] Fix SNI

2024-02-16 17:45:41 -05:00 · 2024-02-16 17:45:41 -05:00 · 98c3f0ce5b
parent 78a3082bcb
commit 98c3f0ce5b
2 changed files with 83 additions and 93 deletions
--- a/src/main/java/icu/samnyan/aqua/spring/configuration/Config.java
+++ b/src/main/java/icu/samnyan/aqua/spring/configuration/Config.java
@ -1,25 +1,19 @@
 package icu.samnyan.aqua.spring.configuration;

-import java.net.URL;
-import java.util.Arrays;
-
 import org.eclipse.jetty.http.HttpVersion;
-import org.eclipse.jetty.server.Connector;
-import org.eclipse.jetty.server.HttpConfiguration;
-import org.eclipse.jetty.server.SecureRequestCustomizer;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.ServerConnector;
-import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.server.*;
+import org.eclipse.jetty.util.resource.URLResourceFactory;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
-import org.eclipse.jetty.server.SslConnectionFactory;
-import org.eclipse.jetty.server.HttpConnectionFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer;
 import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
 import org.springframework.boot.web.server.WebServerFactoryCustomizer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.multipart.commons.CommonsMultipartResolver;
+import org.springframework.core.env.Environment;
+
+import java.net.URL;
+import java.util.Arrays;

 /**
 * @author samnyan (privateamusement@protonmail.com)
@ -33,23 +27,16 @@ public class Config {

    public Config(@Value("${server.port}") int SERVER_PORT,
                  @Value("${billing.server.port}") int BILLING_PORT,
-            @Value("${billing.server.enable}") boolean ENABLE_BILLING) {
+                  @Value("${billing.server.enable}") boolean ENABLE_BILLING, Environment env) {
        this.SERVER_PORT = SERVER_PORT;
        this.BILLING_PORT = BILLING_PORT;
        this.ENABLE_BILLING = ENABLE_BILLING;
    }

-    @Bean
-    public CommonsMultipartResolver multipartResolver() {
-        CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver();
-        multipartResolver.setMaxUploadSize(-1);
-        return multipartResolver;
-    }
-
    @Bean
    public WebServerFactoryCustomizer<JettyServletWebServerFactory> webServerFactoryCustomizer() {

-        return new WebServerFactoryCustomizer<JettyServletWebServerFactory>() {
+        return new WebServerFactoryCustomizer<>() {

            @Override
            public void customize(JettyServletWebServerFactory factory) {
@ -59,7 +46,7 @@ public class Config {
                    @Override
                    public void customize(Server server) {

-                        ServerConnector httpConnector = new ServerConnector(server);
+                        try (ServerConnector httpConnector = new ServerConnector(server)) {
                            httpConnector.setPort(SERVER_PORT);

                            if (ENABLE_BILLING) {
@ -71,24 +58,30 @@ public class Config {
                                        .filter(cipher -> !cipher.equals("^TLS_RSA_.*$")).toArray(String[]::new);

                                URL keystoreURL = getClass().getClassLoader().getResource("server.p12");
-                            sslContextFactory.setKeyStoreResource(Resource.newResource(keystoreURL));
+                                var resFac = new URLResourceFactory();
+                                var res = resFac.newResource(keystoreURL);
+                                System.out.println(res);
+                                sslContextFactory.setKeyStoreResource(res);
                                sslContextFactory.setKeyStorePassword("aquaserver");
                                sslContextFactory.setCertAlias("ib");
                                sslContextFactory.setExcludeCipherSuites(excludedCiphersWithoutTlsRsaExclusion);
+                                sslContextFactory.setSniRequired(false);

                                HttpConfiguration httpsConfiguration = new HttpConfiguration();
-                            httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
+                                var cus = new SecureRequestCustomizer();
+                                cus.setSniHostCheck(false);
+                                httpsConfiguration.addCustomizer(cus);

-                            ServerConnector httpsConnector = new ServerConnector(server,
+                                try (ServerConnector httpsConnector = new ServerConnector(server,
                                        new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
-                                    new HttpConnectionFactory(httpsConfiguration));
+                                        new HttpConnectionFactory(httpsConfiguration))) {
                                    httpsConnector.setPort(BILLING_PORT);
-
                                    server.setConnectors(new Connector[]{httpConnector, httpsConnector});
+                                }
                            } else {
                                server.setConnectors(new Connector[]{httpConnector});
                            }
-
+                        }
                    }
                });

--- a/src/main/java/icu/samnyan/aqua/spring/util/AutoChecker.java
+++ b/src/main/java/icu/samnyan/aqua/spring/util/AutoChecker.java
@ -1,10 +1,12 @@
 package icu.samnyan.aqua.spring.util;

-import org.apache.http.conn.ssl.NoopHostnameVerifier;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.ssl.TrustStrategy;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.HttpClients;
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
+import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
+import org.apache.hc.client5.http.ssl.TrustAllStrategy;
+import org.apache.hc.core5.ssl.SSLContextBuilder;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
@ -12,19 +14,17 @@ import org.springframework.stereotype.Component;
 import org.springframework.web.client.RestTemplate;

 import java.net.Socket;
-import java.security.cert.X509Certificate;
 import java.util.Objects;

-import javax.net.ssl.SSLContext;
-
 /**
 * A simple boot check to warn user if there is some wrong config
+ *
 * @author samnyan (privateamusement@protonmail.com)
 */
@Component
 public class AutoChecker {

-    private final String LINEBREAK = System.getProperty("line.separator");
+    private final String LINEBREAK = System.lineSeparator();

    private final String SERVER_PORT;
    private final String ALLNET_HOST_OVERRIDE;
@ -64,8 +64,8 @@ public class AutoChecker {
    }

    public void check() {
-        String host = ALLNET_HOST_OVERRIDE.equals("") ? "127.0.0.1" : ALLNET_HOST_OVERRIDE;
-        String port = ALLNET_PORT_OVERRIDE.equals("") ? SERVER_PORT : ALLNET_PORT_OVERRIDE;
+        String host = ALLNET_HOST_OVERRIDE.isEmpty() ? "127.0.0.1" : ALLNET_HOST_OVERRIDE;
+        String port = ALLNET_PORT_OVERRIDE.isEmpty() ? SERVER_PORT : ALLNET_PORT_OVERRIDE;

        // Boot message
        System.out.println(
@ -102,12 +102,12 @@ public class AutoChecker {
            if (!AIMEDB_BIND.equals("0.0.0.0")) {
                address = AIMEDB_BIND;
            }
-            try (Socket test = new Socket(address, AIMEDB_PORT)){
+            try (Socket ignored = new Socket(address, AIMEDB_PORT)) {
                System.out.println("OK");
            } catch (Exception e) {
                System.out.println("ERROR");
                failDetail.append("Aime DB self-test raised an exception during testing").append(LINEBREAK);
-                failDetail.append("Exception: ").append(e.toString()).append(LINEBREAK);
+                failDetail.append("Exception: ").append(e).append(LINEBREAK);
            }
        }

@ -118,17 +118,14 @@ public class AutoChecker {
        } else {
            try {
                // Do not validate SSL certificate (self-signed ib cert)
-                TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
-
-                SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
-                                .loadTrustMaterial(null, acceptingTrustStrategy)
-                                .build();
-
-                SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
-
                CloseableHttpClient httpClient = HttpClients.custom()
-                                .setSSLSocketFactory(csf)
-                                .build();
+                    .setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create()
+                        .setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create()
+                            .setSslContext(SSLContextBuilder.create()
+                                .loadTrustMaterial(TrustAllStrategy.INSTANCE)
+                                .build())
+                            .setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
+                            .build()).build()).build();

                HttpComponentsClientHttpRequestFactory requestFactory =
                    new HttpComponentsClientHttpRequestFactory();
@ -150,7 +147,7 @@ public class AutoChecker {
            } catch (Exception e) {
                System.out.println("ERROR");
                failDetail.append("Billing self-test raised an exception during testing").append(LINEBREAK);
-                failDetail.append("Exception: ").append(e.toString()).append(LINEBREAK);
+                failDetail.append("Exception: ").append(e).append(LINEBREAK);
            }
        }

@ -172,16 +169,16 @@ public class AutoChecker {
            } else {
                System.out.println("ERROR");
                failDetail.append("ALL.Net self-test could not connect to ").append(url).append(LINEBREAK);
-                failDetail.append("Status code: ").append(resp.getStatusCodeValue()).append(LINEBREAK);
+                failDetail.append("Status code: ").append(resp.getStatusCode().value()).append(LINEBREAK);
            }
        } catch (Exception e) {
            System.out.println("ERROR");
            failDetail.append("ALL.Net self-test raised an exception during testing").append(url).append(LINEBREAK);
-            failDetail.append("Exception: ").append(e.toString()).append(LINEBREAK);
+            failDetail.append("Exception: ").append(e).append(LINEBREAK);
        }

        System.out.println();
-        System.out.println(failDetail.toString());
+        System.out.println(failDetail);
    }

 }