mirror of
https://github.com/MewoLab/AquaDX.git
synced 2026-02-12 09:37:27 +08:00
[F] Fix SNI
This commit is contained in:
Azalea
@@ -1,25 +1,19 @@
|
|||||||
package icu.samnyan.aqua.spring.configuration;
|
package icu.samnyan.aqua.spring.configuration;
|
||||||
|
|
||||||
import java.net.URL;
|
|
||||||
import java.util.Arrays;
|
|
||||||
|
|
||||||
import org.eclipse.jetty.http.HttpVersion;
|
import org.eclipse.jetty.http.HttpVersion;
|
||||||
import org.eclipse.jetty.server.Connector;
|
import org.eclipse.jetty.server.*;
|
||||||
import org.eclipse.jetty.server.HttpConfiguration;
|
import org.eclipse.jetty.util.resource.URLResourceFactory;
|
||||||
import org.eclipse.jetty.server.SecureRequestCustomizer;
|
|
||||||
import org.eclipse.jetty.server.Server;
|
|
||||||
import org.eclipse.jetty.server.ServerConnector;
|
|
||||||
import org.eclipse.jetty.util.resource.Resource;
|
|
||||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||||
import org.eclipse.jetty.server.SslConnectionFactory;
|
|
||||||
import org.eclipse.jetty.server.HttpConnectionFactory;
|
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer;
|
import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer;
|
||||||
import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
|
import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
|
||||||
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
|
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
|
import org.springframework.core.env.Environment;
|
||||||
|
|
||||||
|
import java.net.URL;
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author samnyan (privateamusement@protonmail.com)
|
* @author samnyan (privateamusement@protonmail.com)
|
||||||
@@ -33,23 +27,16 @@ public class Config {
|
|||||||
|
|
||||||
public Config(@Value("${server.port}") int SERVER_PORT,
|
public Config(@Value("${server.port}") int SERVER_PORT,
|
||||||
@Value("${billing.server.port}") int BILLING_PORT,
|
@Value("${billing.server.port}") int BILLING_PORT,
|
||||||
@Value("${billing.server.enable}") boolean ENABLE_BILLING) {
|
@Value("${billing.server.enable}") boolean ENABLE_BILLING, Environment env) {
|
||||||
this.SERVER_PORT = SERVER_PORT;
|
this.SERVER_PORT = SERVER_PORT;
|
||||||
this.BILLING_PORT = BILLING_PORT;
|
this.BILLING_PORT = BILLING_PORT;
|
||||||
this.ENABLE_BILLING = ENABLE_BILLING;
|
this.ENABLE_BILLING = ENABLE_BILLING;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
|
||||||
public CommonsMultipartResolver multipartResolver() {
|
|
||||||
CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver();
|
|
||||||
multipartResolver.setMaxUploadSize(-1);
|
|
||||||
return multipartResolver;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public WebServerFactoryCustomizer<JettyServletWebServerFactory> webServerFactoryCustomizer() {
|
public WebServerFactoryCustomizer<JettyServletWebServerFactory> webServerFactoryCustomizer() {
|
||||||
|
|
||||||
return new WebServerFactoryCustomizer<JettyServletWebServerFactory>() {
|
return new WebServerFactoryCustomizer<>() {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void customize(JettyServletWebServerFactory factory) {
|
public void customize(JettyServletWebServerFactory factory) {
|
||||||
@@ -59,7 +46,7 @@ public class Config {
|
|||||||
@Override
|
@Override
|
||||||
public void customize(Server server) {
|
public void customize(Server server) {
|
||||||
|
|
||||||
ServerConnector httpConnector = new ServerConnector(server);
|
try (ServerConnector httpConnector = new ServerConnector(server)) {
|
||||||
httpConnector.setPort(SERVER_PORT);
|
httpConnector.setPort(SERVER_PORT);
|
||||||
|
|
||||||
if (ENABLE_BILLING) {
|
if (ENABLE_BILLING) {
|
||||||
@@ -71,24 +58,30 @@ public class Config {
|
|||||||
.filter(cipher -> !cipher.equals("^TLS_RSA_.*$")).toArray(String[]::new);
|
.filter(cipher -> !cipher.equals("^TLS_RSA_.*$")).toArray(String[]::new);
|
||||||
|
|
||||||
URL keystoreURL = getClass().getClassLoader().getResource("server.p12");
|
URL keystoreURL = getClass().getClassLoader().getResource("server.p12");
|
||||||
sslContextFactory.setKeyStoreResource(Resource.newResource(keystoreURL));
|
var resFac = new URLResourceFactory();
|
||||||
|
var res = resFac.newResource(keystoreURL);
|
||||||
|
System.out.println(res);
|
||||||
|
sslContextFactory.setKeyStoreResource(res);
|
||||||
sslContextFactory.setKeyStorePassword("aquaserver");
|
sslContextFactory.setKeyStorePassword("aquaserver");
|
||||||
sslContextFactory.setCertAlias("ib");
|
sslContextFactory.setCertAlias("ib");
|
||||||
sslContextFactory.setExcludeCipherSuites(excludedCiphersWithoutTlsRsaExclusion);
|
sslContextFactory.setExcludeCipherSuites(excludedCiphersWithoutTlsRsaExclusion);
|
||||||
|
sslContextFactory.setSniRequired(false);
|
||||||
|
|
||||||
HttpConfiguration httpsConfiguration = new HttpConfiguration();
|
HttpConfiguration httpsConfiguration = new HttpConfiguration();
|
||||||
httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
|
var cus = new SecureRequestCustomizer();
|
||||||
|
cus.setSniHostCheck(false);
|
||||||
|
httpsConfiguration.addCustomizer(cus);
|
||||||
|
|
||||||
ServerConnector httpsConnector = new ServerConnector(server,
|
try (ServerConnector httpsConnector = new ServerConnector(server,
|
||||||
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
|
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
|
||||||
new HttpConnectionFactory(httpsConfiguration));
|
new HttpConnectionFactory(httpsConfiguration))) {
|
||||||
httpsConnector.setPort(BILLING_PORT);
|
httpsConnector.setPort(BILLING_PORT);
|
||||||
|
|
||||||
server.setConnectors(new Connector[]{httpConnector, httpsConnector});
|
server.setConnectors(new Connector[]{httpConnector, httpsConnector});
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
server.setConnectors(new Connector[]{httpConnector});
|
server.setConnectors(new Connector[]{httpConnector});
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@@ -1,10 +1,12 @@
|
|||||||
package icu.samnyan.aqua.spring.util;
|
package icu.samnyan.aqua.spring.util;
|
||||||
|
|
||||||
import org.apache.http.conn.ssl.NoopHostnameVerifier;
|
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
|
||||||
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
import org.apache.hc.client5.http.impl.classic.HttpClients;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
|
||||||
import org.apache.http.ssl.TrustStrategy;
|
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
|
||||||
|
import org.apache.hc.client5.http.ssl.TrustAllStrategy;
|
||||||
|
import org.apache.hc.core5.ssl.SSLContextBuilder;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
||||||
@@ -12,19 +14,17 @@ import org.springframework.stereotype.Component;
|
|||||||
import org.springframework.web.client.RestTemplate;
|
import org.springframework.web.client.RestTemplate;
|
||||||
|
|
||||||
import java.net.Socket;
|
import java.net.Socket;
|
||||||
import java.security.cert.X509Certificate;
|
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
||||||
import javax.net.ssl.SSLContext;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A simple boot check to warn user if there is some wrong config
|
* A simple boot check to warn user if there is some wrong config
|
||||||
|
*
|
||||||
* @author samnyan (privateamusement@protonmail.com)
|
* @author samnyan (privateamusement@protonmail.com)
|
||||||
*/
|
*/
|
||||||
@Component
|
@Component
|
||||||
public class AutoChecker {
|
public class AutoChecker {
|
||||||
|
|
||||||
private final String LINEBREAK = System.getProperty("line.separator");
|
private final String LINEBREAK = System.lineSeparator();
|
||||||
|
|
||||||
private final String SERVER_PORT;
|
private final String SERVER_PORT;
|
||||||
private final String ALLNET_HOST_OVERRIDE;
|
private final String ALLNET_HOST_OVERRIDE;
|
||||||
@@ -64,8 +64,8 @@ public class AutoChecker {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void check() {
|
public void check() {
|
||||||
String host = ALLNET_HOST_OVERRIDE.equals("") ? "127.0.0.1" : ALLNET_HOST_OVERRIDE;
|
String host = ALLNET_HOST_OVERRIDE.isEmpty() ? "127.0.0.1" : ALLNET_HOST_OVERRIDE;
|
||||||
String port = ALLNET_PORT_OVERRIDE.equals("") ? SERVER_PORT : ALLNET_PORT_OVERRIDE;
|
String port = ALLNET_PORT_OVERRIDE.isEmpty() ? SERVER_PORT : ALLNET_PORT_OVERRIDE;
|
||||||
|
|
||||||
// Boot message
|
// Boot message
|
||||||
System.out.println(
|
System.out.println(
|
||||||
@@ -102,12 +102,12 @@ public class AutoChecker {
|
|||||||
if (!AIMEDB_BIND.equals("0.0.0.0")) {
|
if (!AIMEDB_BIND.equals("0.0.0.0")) {
|
||||||
address = AIMEDB_BIND;
|
address = AIMEDB_BIND;
|
||||||
}
|
}
|
||||||
try (Socket test = new Socket(address, AIMEDB_PORT)){
|
try (Socket ignored = new Socket(address, AIMEDB_PORT)) {
|
||||||
System.out.println("OK");
|
System.out.println("OK");
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
System.out.println("ERROR");
|
System.out.println("ERROR");
|
||||||
failDetail.append("Aime DB self-test raised an exception during testing").append(LINEBREAK);
|
failDetail.append("Aime DB self-test raised an exception during testing").append(LINEBREAK);
|
||||||
failDetail.append("Exception: ").append(e.toString()).append(LINEBREAK);
|
failDetail.append("Exception: ").append(e).append(LINEBREAK);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -118,17 +118,14 @@ public class AutoChecker {
|
|||||||
} else {
|
} else {
|
||||||
try {
|
try {
|
||||||
// Do not validate SSL certificate (self-signed ib cert)
|
// Do not validate SSL certificate (self-signed ib cert)
|
||||||
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
|
|
||||||
|
|
||||||
SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
|
|
||||||
.loadTrustMaterial(null, acceptingTrustStrategy)
|
|
||||||
.build();
|
|
||||||
|
|
||||||
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
|
|
||||||
|
|
||||||
CloseableHttpClient httpClient = HttpClients.custom()
|
CloseableHttpClient httpClient = HttpClients.custom()
|
||||||
.setSSLSocketFactory(csf)
|
.setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create()
|
||||||
.build();
|
.setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create()
|
||||||
|
.setSslContext(SSLContextBuilder.create()
|
||||||
|
.loadTrustMaterial(TrustAllStrategy.INSTANCE)
|
||||||
|
.build())
|
||||||
|
.setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
|
||||||
|
.build()).build()).build();
|
||||||
|
|
||||||
HttpComponentsClientHttpRequestFactory requestFactory =
|
HttpComponentsClientHttpRequestFactory requestFactory =
|
||||||
new HttpComponentsClientHttpRequestFactory();
|
new HttpComponentsClientHttpRequestFactory();
|
||||||
@@ -150,7 +147,7 @@ public class AutoChecker {
|
|||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
System.out.println("ERROR");
|
System.out.println("ERROR");
|
||||||
failDetail.append("Billing self-test raised an exception during testing").append(LINEBREAK);
|
failDetail.append("Billing self-test raised an exception during testing").append(LINEBREAK);
|
||||||
failDetail.append("Exception: ").append(e.toString()).append(LINEBREAK);
|
failDetail.append("Exception: ").append(e).append(LINEBREAK);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -172,16 +169,16 @@ public class AutoChecker {
|
|||||||
} else {
|
} else {
|
||||||
System.out.println("ERROR");
|
System.out.println("ERROR");
|
||||||
failDetail.append("ALL.Net self-test could not connect to ").append(url).append(LINEBREAK);
|
failDetail.append("ALL.Net self-test could not connect to ").append(url).append(LINEBREAK);
|
||||||
failDetail.append("Status code: ").append(resp.getStatusCodeValue()).append(LINEBREAK);
|
failDetail.append("Status code: ").append(resp.getStatusCode().value()).append(LINEBREAK);
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
System.out.println("ERROR");
|
System.out.println("ERROR");
|
||||||
failDetail.append("ALL.Net self-test raised an exception during testing").append(url).append(LINEBREAK);
|
failDetail.append("ALL.Net self-test raised an exception during testing").append(url).append(LINEBREAK);
|
||||||
failDetail.append("Exception: ").append(e.toString()).append(LINEBREAK);
|
failDetail.append("Exception: ").append(e).append(LINEBREAK);
|
||||||
}
|
}
|
||||||
|
|
||||||
System.out.println();
|
System.out.println();
|
||||||
System.out.println(failDetail.toString());
|
System.out.println(failDetail);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user