mirror of https://github.com/hykilpikonna/AquaDX
[F] Fix SNI
Azalea
parent
78a3082bcb
commit
98c3f0ce5b
|
|
@ -1,25 +1,19 @@
|
|||
package icu.samnyan.aqua.spring.configuration;
|
||||
|
||||
import java.net.URL;
|
||||
import java.util.Arrays;
|
||||
|
||||
import org.eclipse.jetty.http.HttpVersion;
|
||||
import org.eclipse.jetty.server.Connector;
|
||||
import org.eclipse.jetty.server.HttpConfiguration;
|
||||
import org.eclipse.jetty.server.SecureRequestCustomizer;
|
||||
import org.eclipse.jetty.server.Server;
|
||||
import org.eclipse.jetty.server.ServerConnector;
|
||||
import org.eclipse.jetty.util.resource.Resource;
|
||||
import org.eclipse.jetty.server.*;
|
||||
import org.eclipse.jetty.util.resource.URLResourceFactory;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.eclipse.jetty.server.SslConnectionFactory;
|
||||
import org.eclipse.jetty.server.HttpConnectionFactory;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer;
|
||||
import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
|
||||
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
|
||||
import org.springframework.core.env.Environment;
|
||||
|
||||
import java.net.URL;
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* @author samnyan (privateamusement@protonmail.com)
|
||||
|
|
@ -33,23 +27,16 @@ public class Config {
|
|||
|
||||
public Config(@Value("${server.port}") int SERVER_PORT,
|
||||
@Value("${billing.server.port}") int BILLING_PORT,
|
||||
@Value("${billing.server.enable}") boolean ENABLE_BILLING) {
|
||||
@Value("${billing.server.enable}") boolean ENABLE_BILLING, Environment env) {
|
||||
this.SERVER_PORT = SERVER_PORT;
|
||||
this.BILLING_PORT = BILLING_PORT;
|
||||
this.ENABLE_BILLING = ENABLE_BILLING;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public CommonsMultipartResolver multipartResolver() {
|
||||
CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver();
|
||||
multipartResolver.setMaxUploadSize(-1);
|
||||
return multipartResolver;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebServerFactoryCustomizer<JettyServletWebServerFactory> webServerFactoryCustomizer() {
|
||||
|
||||
return new WebServerFactoryCustomizer<JettyServletWebServerFactory>() {
|
||||
return new WebServerFactoryCustomizer<>() {
|
||||
|
||||
@Override
|
||||
public void customize(JettyServletWebServerFactory factory) {
|
||||
|
|
@ -59,7 +46,7 @@ public class Config {
|
|||
@Override
|
||||
public void customize(Server server) {
|
||||
|
||||
ServerConnector httpConnector = new ServerConnector(server);
|
||||
try (ServerConnector httpConnector = new ServerConnector(server)) {
|
||||
httpConnector.setPort(SERVER_PORT);
|
||||
|
||||
if (ENABLE_BILLING) {
|
||||
|
|
@ -71,24 +58,30 @@ public class Config {
|
|||
.filter(cipher -> !cipher.equals("^TLS_RSA_.*$")).toArray(String[]::new);
|
||||
|
||||
URL keystoreURL = getClass().getClassLoader().getResource("server.p12");
|
||||
sslContextFactory.setKeyStoreResource(Resource.newResource(keystoreURL));
|
||||
var resFac = new URLResourceFactory();
|
||||
var res = resFac.newResource(keystoreURL);
|
||||
System.out.println(res);
|
||||
sslContextFactory.setKeyStoreResource(res);
|
||||
sslContextFactory.setKeyStorePassword("aquaserver");
|
||||
sslContextFactory.setCertAlias("ib");
|
||||
sslContextFactory.setExcludeCipherSuites(excludedCiphersWithoutTlsRsaExclusion);
|
||||
sslContextFactory.setSniRequired(false);
|
||||
|
||||
HttpConfiguration httpsConfiguration = new HttpConfiguration();
|
||||
httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
|
||||
var cus = new SecureRequestCustomizer();
|
||||
cus.setSniHostCheck(false);
|
||||
httpsConfiguration.addCustomizer(cus);
|
||||
|
||||
ServerConnector httpsConnector = new ServerConnector(server,
|
||||
try (ServerConnector httpsConnector = new ServerConnector(server,
|
||||
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
|
||||
new HttpConnectionFactory(httpsConfiguration));
|
||||
new HttpConnectionFactory(httpsConfiguration))) {
|
||||
httpsConnector.setPort(BILLING_PORT);
|
||||
|
||||
server.setConnectors(new Connector[] { httpConnector, httpsConnector });
|
||||
} else {
|
||||
server.setConnectors(new Connector[] { httpConnector });
|
||||
server.setConnectors(new Connector[]{httpConnector, httpsConnector});
|
||||
}
|
||||
} else {
|
||||
server.setConnectors(new Connector[]{httpConnector});
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,12 @@
|
|||
package icu.samnyan.aqua.spring.util;
|
||||
|
||||
import org.apache.http.conn.ssl.NoopHostnameVerifier;
|
||||
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
||||
import org.apache.http.impl.client.CloseableHttpClient;
|
||||
import org.apache.http.impl.client.HttpClients;
|
||||
import org.apache.http.ssl.TrustStrategy;
|
||||
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
|
||||
import org.apache.hc.client5.http.impl.classic.HttpClients;
|
||||
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
|
||||
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
|
||||
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
|
||||
import org.apache.hc.client5.http.ssl.TrustAllStrategy;
|
||||
import org.apache.hc.core5.ssl.SSLContextBuilder;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
||||
|
|
@ -12,19 +14,17 @@ import org.springframework.stereotype.Component;
|
|||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
import java.net.Socket;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Objects;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
|
||||
/**
|
||||
* A simple boot check to warn user if there is some wrong config
|
||||
*
|
||||
* @author samnyan (privateamusement@protonmail.com)
|
||||
*/
|
||||
@Component
|
||||
public class AutoChecker {
|
||||
|
||||
private final String LINEBREAK = System.getProperty("line.separator");
|
||||
private final String LINEBREAK = System.lineSeparator();
|
||||
|
||||
private final String SERVER_PORT;
|
||||
private final String ALLNET_HOST_OVERRIDE;
|
||||
|
|
@ -64,8 +64,8 @@ public class AutoChecker {
|
|||
}
|
||||
|
||||
public void check() {
|
||||
String host = ALLNET_HOST_OVERRIDE.equals("") ? "127.0.0.1" : ALLNET_HOST_OVERRIDE;
|
||||
String port = ALLNET_PORT_OVERRIDE.equals("") ? SERVER_PORT : ALLNET_PORT_OVERRIDE;
|
||||
String host = ALLNET_HOST_OVERRIDE.isEmpty() ? "127.0.0.1" : ALLNET_HOST_OVERRIDE;
|
||||
String port = ALLNET_PORT_OVERRIDE.isEmpty() ? SERVER_PORT : ALLNET_PORT_OVERRIDE;
|
||||
|
||||
// Boot message
|
||||
System.out.println(
|
||||
|
|
@ -95,40 +95,37 @@ public class AutoChecker {
|
|||
* TODO: Sending hello request would be more reliable than testing if port is open
|
||||
*/
|
||||
System.out.print("Aime DB : Port " + AIMEDB_PORT + ", ");
|
||||
if(!AIMEDB_ENABLED) {
|
||||
if (!AIMEDB_ENABLED) {
|
||||
System.out.println("SKIP (DISABLED)");
|
||||
} else {
|
||||
String address = "127.0.0.1";
|
||||
if(!AIMEDB_BIND.equals("0.0.0.0")) {
|
||||
if (!AIMEDB_BIND.equals("0.0.0.0")) {
|
||||
address = AIMEDB_BIND;
|
||||
}
|
||||
try (Socket test = new Socket(address, AIMEDB_PORT)){
|
||||
try (Socket ignored = new Socket(address, AIMEDB_PORT)) {
|
||||
System.out.println("OK");
|
||||
} catch (Exception e) {
|
||||
System.out.println("ERROR");
|
||||
failDetail.append("Aime DB self-test raised an exception during testing").append(LINEBREAK);
|
||||
failDetail.append("Exception: ").append(e.toString()).append(LINEBREAK);
|
||||
failDetail.append("Exception: ").append(e).append(LINEBREAK);
|
||||
}
|
||||
}
|
||||
|
||||
// Billing: try open socket to Billing port (default 8443)
|
||||
System.out.print("Billing : Port " + BILLING_PORT + ", ");
|
||||
if(!BILLING_ENABLED) {
|
||||
if (!BILLING_ENABLED) {
|
||||
System.out.println("SKIP (DISABLED)");
|
||||
} else {
|
||||
try {
|
||||
// Do not validate SSL certificate (self-signed ib cert)
|
||||
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
|
||||
|
||||
SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
|
||||
.loadTrustMaterial(null, acceptingTrustStrategy)
|
||||
.build();
|
||||
|
||||
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
|
||||
|
||||
CloseableHttpClient httpClient = HttpClients.custom()
|
||||
.setSSLSocketFactory(csf)
|
||||
.build();
|
||||
.setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create()
|
||||
.setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create()
|
||||
.setSslContext(SSLContextBuilder.create()
|
||||
.loadTrustMaterial(TrustAllStrategy.INSTANCE)
|
||||
.build())
|
||||
.setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
|
||||
.build()).build()).build();
|
||||
|
||||
HttpComponentsClientHttpRequestFactory requestFactory =
|
||||
new HttpComponentsClientHttpRequestFactory();
|
||||
|
|
@ -150,14 +147,14 @@ public class AutoChecker {
|
|||
} catch (Exception e) {
|
||||
System.out.println("ERROR");
|
||||
failDetail.append("Billing self-test raised an exception during testing").append(LINEBREAK);
|
||||
failDetail.append("Exception: ").append(e.toString()).append(LINEBREAK);
|
||||
failDetail.append("Exception: ").append(e).append(LINEBREAK);
|
||||
}
|
||||
}
|
||||
|
||||
// ALL.Net: try access /sys/test endpoint (default 80)
|
||||
System.out.print("ALL.Net : Port " + port + ", ");
|
||||
|
||||
if(ALLNET_HOST_OVERRIDE.equals("localhost")||ALLNET_HOST_OVERRIDE.startsWith("127.")) {
|
||||
if (ALLNET_HOST_OVERRIDE.equals("localhost") || ALLNET_HOST_OVERRIDE.startsWith("127.")) {
|
||||
System.out.print("WARN, ");
|
||||
failDetail.append("ALL.Net host is currently using loopback address.").append(LINEBREAK);
|
||||
failDetail.append("Game might not connect to server with this. If it was not intentional, please edit configuration file.").append(LINEBREAK);
|
||||
|
|
@ -165,23 +162,23 @@ public class AutoChecker {
|
|||
|
||||
RestTemplate restTemplate = new RestTemplate();
|
||||
String url = "http://" + host + ":" + port + "/sys/test";
|
||||
try{
|
||||
try {
|
||||
ResponseEntity<String> resp = restTemplate.getForEntity(url, String.class);
|
||||
if(resp.getStatusCode().is2xxSuccessful() && Objects.equals(resp.getBody(), "Server running")) {
|
||||
if (resp.getStatusCode().is2xxSuccessful() && Objects.equals(resp.getBody(), "Server running")) {
|
||||
System.out.println("OK");
|
||||
} else {
|
||||
System.out.println("ERROR");
|
||||
failDetail.append("ALL.Net self-test could not connect to ").append(url).append(LINEBREAK);
|
||||
failDetail.append("Status code: ").append(resp.getStatusCodeValue()).append(LINEBREAK);
|
||||
failDetail.append("Status code: ").append(resp.getStatusCode().value()).append(LINEBREAK);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
System.out.println("ERROR");
|
||||
failDetail.append("ALL.Net self-test raised an exception during testing").append(url).append(LINEBREAK);
|
||||
failDetail.append("Exception: ").append(e.toString()).append(LINEBREAK);
|
||||
failDetail.append("Exception: ").append(e).append(LINEBREAK);
|
||||
}
|
||||
|
||||
System.out.println();
|
||||
System.out.println(failDetail.toString());
|
||||
System.out.println(failDetail);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue