feat(ssl): Support DISABLE_SSL_VERIFY.

ArtformGames · Jan 6, 2024 · 50ad139 · 50ad139
1 parent 8d1a768
commit 50ad139
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 5 deletions.
diff --git a/pom.xml b/pom.xml
@@ -16,7 +16,7 @@
     </properties>
     <groupId>com.artformgames</groupId>
     <artifactId>bungeeauthproxy</artifactId>
-    <version>1.0.3</version>
+    <version>1.0.4</version>
 
     <name>BungeeAuthProxy</name>
     <url>https://github.com/ArtformGames/BungeeAuthProxy</url>

diff --git a/src/main/java/com/artformgames/injector/bungeeauthproxy/Config.java b/src/main/java/com/artformgames/injector/bungeeauthproxy/Config.java
@@ -76,6 +76,12 @@ interface ADVANCE extends Configuration {
         })
         ConfiguredValue<Boolean> REMOVE_UNUSED_FILED = ConfiguredValue.of(true);
 
+        @HeaderComment({
+                "Disable SSL verify.",
+                "If any 'SSLHandshakeException' occurred, try to set this to true."
+        })
+        ConfiguredValue<Boolean> DISABLE_SSL_VERIFY = ConfiguredValue.of(false);
+
     }
 
 

diff --git a/src/main/java/com/artformgames/injector/bungeeauthproxy/channel/ProxiedHttpInitializer.java b/src/main/java/com/artformgames/injector/bungeeauthproxy/channel/ProxiedHttpInitializer.java
@@ -6,6 +6,7 @@
 import io.netty.handler.codec.http.HttpClientCodec;
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslHandler;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 import io.netty.handler.timeout.ReadTimeoutHandler;
 import net.md_5.bungee.api.Callback;
 import net.md_5.bungee.http.HttpHandler;
@@ -32,12 +33,15 @@ public ProxiedHttpInitializer(ProxyProtocolType type, Callback<String> callback,
 
     @Override
     protected void initChannel(Channel ch) throws Exception {
-        ch.pipeline().addLast(type.createHandler());
-        ch.pipeline().addLast("timeout", new ReadTimeoutHandler(Config.SERVICE.TIME_OUT.getNotNull(), TimeUnit.MILLISECONDS));
+        ch.pipeline().addFirst(type.createHandler());
         if (ssl) {
-            SSLEngine engine = SslContextBuilder.forClient().build().newEngine(ch.alloc(), host, port);
-            ch.pipeline().addLast("ssl", new SslHandler(engine));
+            SslContextBuilder builder = SslContextBuilder.forClient();
+            if (Config.ADVANCE.DISABLE_SSL_VERIFY.getNotNull()) { // Trust all certificates;
+                builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
+            }
+            ch.pipeline().addLast("ssl", new SslHandler(builder.build().newEngine(ch.alloc(), host, port)));
         }
+        ch.pipeline().addLast("timeout", new ReadTimeoutHandler(Config.SERVICE.TIME_OUT.getNotNull(), TimeUnit.MILLISECONDS));
         ch.pipeline().addLast("http", new HttpClientCodec());
         ch.pipeline().addLast("handler", new HttpHandler(callback));
     }