From 50ad13914acb7a6dfd9e25d7cc83447551d1328c Mon Sep 17 00:00:00 2001
From: Carm <carm@carm.cc>
Date: Sun, 7 Jan 2024 00:05:15 +0800
Subject: [PATCH] feat(ssl): Support DISABLE_SSL_VERIFY.

---
 pom.xml                                              |  2 +-
 .../injector/bungeeauthproxy/Config.java             |  6 ++++++
 .../channel/ProxiedHttpInitializer.java              | 12 ++++++++----
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 763726f..be9ed41 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,7 +16,7 @@
     </properties>
     <groupId>com.artformgames</groupId>
     <artifactId>bungeeauthproxy</artifactId>
-    <version>1.0.3</version>
+    <version>1.0.4</version>
 
     <name>BungeeAuthProxy</name>
     <url>https://github.com/ArtformGames/BungeeAuthProxy</url>
diff --git a/src/main/java/com/artformgames/injector/bungeeauthproxy/Config.java b/src/main/java/com/artformgames/injector/bungeeauthproxy/Config.java
index 2fd22c2..b25d252 100644
--- a/src/main/java/com/artformgames/injector/bungeeauthproxy/Config.java
+++ b/src/main/java/com/artformgames/injector/bungeeauthproxy/Config.java
@@ -76,6 +76,12 @@ interface ADVANCE extends Configuration {
         })
         ConfiguredValue<Boolean> REMOVE_UNUSED_FILED = ConfiguredValue.of(true);
 
+        @HeaderComment({
+                "Disable SSL verify.",
+                "If any 'SSLHandshakeException' occurred, try to set this to true."
+        })
+        ConfiguredValue<Boolean> DISABLE_SSL_VERIFY = ConfiguredValue.of(false);
+
     }
 
 
diff --git a/src/main/java/com/artformgames/injector/bungeeauthproxy/channel/ProxiedHttpInitializer.java b/src/main/java/com/artformgames/injector/bungeeauthproxy/channel/ProxiedHttpInitializer.java
index c58e7dc..4787e9b 100644
--- a/src/main/java/com/artformgames/injector/bungeeauthproxy/channel/ProxiedHttpInitializer.java
+++ b/src/main/java/com/artformgames/injector/bungeeauthproxy/channel/ProxiedHttpInitializer.java
@@ -6,6 +6,7 @@
 import io.netty.handler.codec.http.HttpClientCodec;
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslHandler;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 import io.netty.handler.timeout.ReadTimeoutHandler;
 import net.md_5.bungee.api.Callback;
 import net.md_5.bungee.http.HttpHandler;
@@ -32,12 +33,15 @@ public ProxiedHttpInitializer(ProxyProtocolType type, Callback<String> callback,
 
     @Override
     protected void initChannel(Channel ch) throws Exception {
-        ch.pipeline().addLast(type.createHandler());
-        ch.pipeline().addLast("timeout", new ReadTimeoutHandler(Config.SERVICE.TIME_OUT.getNotNull(), TimeUnit.MILLISECONDS));
+        ch.pipeline().addFirst(type.createHandler());
         if (ssl) {
-            SSLEngine engine = SslContextBuilder.forClient().build().newEngine(ch.alloc(), host, port);
-            ch.pipeline().addLast("ssl", new SslHandler(engine));
+            SslContextBuilder builder = SslContextBuilder.forClient();
+            if (Config.ADVANCE.DISABLE_SSL_VERIFY.getNotNull()) { // Trust all certificates;
+                builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
+            }
+            ch.pipeline().addLast("ssl", new SslHandler(builder.build().newEngine(ch.alloc(), host, port)));
         }
+        ch.pipeline().addLast("timeout", new ReadTimeoutHandler(Config.SERVICE.TIME_OUT.getNotNull(), TimeUnit.MILLISECONDS));
         ch.pipeline().addLast("http", new HttpClientCodec());
         ch.pipeline().addLast("handler", new HttpHandler(callback));
     }