List of usage examples for java.security CodeSource getCertificates
public final java.security.cert.Certificate[] getCertificates()
From source file:net.minecraftforge.fml.common.asm.FMLSanityChecker.java
@Override public Void call() throws Exception { CodeSource codeSource = getClass().getProtectionDomain().getCodeSource(); boolean goodFML = false; boolean fmlIsJar = false; if (codeSource.getLocation().getProtocol().equals("jar")) { fmlIsJar = true;/*from ww w .ja v a 2 s . c o m*/ Certificate[] certificates = codeSource.getCertificates(); if (certificates != null) { for (Certificate cert : certificates) { String fingerprint = CertificateHelper.getFingerprint(cert); if (fingerprint.equals(FMLFINGERPRINT)) { FMLRelaunchLog.info("Found valid fingerprint for FML. Certificate fingerprint %s", fingerprint); goodFML = true; } else if (fingerprint.equals(FORGEFINGERPRINT)) { FMLRelaunchLog.info( "Found valid fingerprint for Minecraft Forge. Certificate fingerprint %s", fingerprint); goodFML = true; } else { FMLRelaunchLog.severe("Found invalid fingerprint for FML: %s", fingerprint); } } } } else { goodFML = true; } // Server is not signed, so assume it's good - a deobf env is dev time so it's good too boolean goodMC = FMLLaunchHandler.side() == Side.SERVER || !liveEnv; int certCount = 0; try { Class<?> cbr = Class.forName("net.minecraft.client.ClientBrandRetriever", false, cl); codeSource = cbr.getProtectionDomain().getCodeSource(); } catch (Exception e) { // Probably a development environment, or the server (the server is not signed) goodMC = true; } JarFile mcJarFile = null; if (fmlIsJar && !goodMC && codeSource.getLocation().getProtocol().equals("jar")) { try { String mcPath = codeSource.getLocation().getPath().substring(5); mcPath = mcPath.substring(0, mcPath.lastIndexOf('!')); mcPath = URLDecoder.decode(mcPath, Charsets.UTF_8.name()); mcJarFile = new JarFile(mcPath, true); mcJarFile.getManifest(); JarEntry cbrEntry = mcJarFile.getJarEntry("net/minecraft/client/ClientBrandRetriever.class"); InputStream mcJarFileInputStream = mcJarFile.getInputStream(cbrEntry); try { ByteStreams.toByteArray(mcJarFileInputStream); } finally { IOUtils.closeQuietly(mcJarFileInputStream); } Certificate[] certificates = cbrEntry.getCertificates(); certCount = certificates != null ? certificates.length : 0; if (certificates != null) { for (Certificate cert : certificates) { String fingerprint = CertificateHelper.getFingerprint(cert); if (fingerprint.equals(MCFINGERPRINT)) { FMLRelaunchLog.info("Found valid fingerprint for Minecraft. Certificate fingerprint %s", fingerprint); goodMC = true; } } } } catch (Throwable e) { FMLRelaunchLog.log(Level.ERROR, e, "A critical error occurred trying to read the minecraft jar file"); } finally { Java6Utils.closeZipQuietly(mcJarFile); } } else { goodMC = true; } if (!goodMC) { FMLRelaunchLog.severe( "The minecraft jar %s appears to be corrupt! There has been CRITICAL TAMPERING WITH MINECRAFT, it is highly unlikely minecraft will work! STOP NOW, get a clean copy and try again!", codeSource.getLocation().getFile()); if (!Boolean.parseBoolean(System.getProperty("fml.ignoreInvalidMinecraftCertificates", "false"))) { FMLRelaunchLog.severe( "For your safety, FML will not launch minecraft. You will need to fetch a clean version of the minecraft jar file"); FMLRelaunchLog.severe( "Technical information: The class net.minecraft.client.ClientBrandRetriever should have been associated with the minecraft jar file, " + "and should have returned us a valid, intact minecraft jar location. This did not work. Either you have modified the minecraft jar file (if so " + "run the forge installer again), or you are using a base editing jar that is changing this class (and likely others too). If you REALLY " + "want to run minecraft in this configuration, add the flag -Dfml.ignoreInvalidMinecraftCertificates=true to the 'JVM settings' in your launcher profile."); FMLCommonHandler.instance().exitJava(1, false); } else { FMLRelaunchLog.severe( "FML has been ordered to ignore the invalid or missing minecraft certificate. This is very likely to cause a problem!"); FMLRelaunchLog.severe( "Technical information: ClientBrandRetriever was at %s, there were %d certificates for it", codeSource.getLocation(), certCount); } } if (!goodFML) { FMLRelaunchLog.severe("FML appears to be missing any signature data. This is not a good thing"); } return null; }
From source file:com.googlecode.onevre.utils.ServerClassLoader.java
/** * * @see java.security.SecureClassLoader#getPermissions( * java.security.CodeSource)/*from www . ja va 2 s . co m*/ */ protected PermissionCollection getPermissions(CodeSource codesource) { boolean isAcceptable = false; if (!CHECKED.containsKey(codesource.getLocation())) { Certificate[] certs = codesource.getCertificates(); if (certs == null || certs.length == 0) { JOptionPane.showMessageDialog(null, "The jar at " + codesource.getLocation() + " is not signed!", "Security Error", JOptionPane.ERROR_MESSAGE); isAcceptable = false; } else { isAcceptable = true; for (int i = 0; (i < certs.length) && isAcceptable; i++) { if (!verifyCertificate((X509Certificate) certs[i])) { isAcceptable = false; } } } CHECKED.put(codesource.getLocation(), isAcceptable); } else { isAcceptable = CHECKED.get(codesource.getLocation()); } Permissions permissions = new Permissions(); if (isAcceptable) { permissions.add(new AllPermission()); return permissions; } throw new SecurityException("Access denied to " + codesource.getLocation()); }