Example 6 with CodeSource
use of java.security.CodeSource in project MinecraftForge by MinecraftForge.
the class FMLSanityChecker method call.
@Override
public Void call() throws Exception {
CodeSource codeSource = getClass().getProtectionDomain().getCodeSource();
boolean goodFML = false;
boolean fmlIsJar = false;
if (codeSource.getLocation().getProtocol().equals("jar")) {
fmlIsJar = true;
Certificate[] certificates = codeSource.getCertificates();
if (certificates != null) {
for (Certificate cert : certificates) {
String fingerprint = CertificateHelper.getFingerprint(cert);
if (fingerprint.equals(FMLFINGERPRINT)) {
FMLRelaunchLog.info("Found valid fingerprint for FML. Certificate fingerprint %s", fingerprint);
goodFML = true;
} else if (fingerprint.equals(FORGEFINGERPRINT)) {
FMLRelaunchLog.info("Found valid fingerprint for Minecraft Forge. Certificate fingerprint %s", fingerprint);
goodFML = true;
} else {
FMLRelaunchLog.severe("Found invalid fingerprint for FML: %s", fingerprint);
}
}
}
} else {
goodFML = true;
}
// Server is not signed, so assume it's good - a deobf env is dev time so it's good too
boolean goodMC = FMLLaunchHandler.side() == Side.SERVER || !liveEnv;
int certCount = 0;
try {
Class<?> cbr = Class.forName("net.minecraft.client.ClientBrandRetriever", false, cl);
codeSource = cbr.getProtectionDomain().getCodeSource();
} catch (Exception e) {
// Probably a development environment, or the server (the server is not signed)
goodMC = true;
}
JarFile mcJarFile = null;
if (fmlIsJar && !goodMC && codeSource.getLocation().getProtocol().equals("jar")) {
try {
String mcPath = codeSource.getLocation().getPath().substring(5);
mcPath = mcPath.substring(0, mcPath.lastIndexOf('!'));
mcPath = URLDecoder.decode(mcPath, Charsets.UTF_8.name());
mcJarFile = new JarFile(mcPath, true);
mcJarFile.getManifest();
JarEntry cbrEntry = mcJarFile.getJarEntry("net/minecraft/client/ClientBrandRetriever.class");
InputStream mcJarFileInputStream = mcJarFile.getInputStream(cbrEntry);
try {
ByteStreams.toByteArray(mcJarFileInputStream);
} finally {
IOUtils.closeQuietly(mcJarFileInputStream);
}
Certificate[] certificates = cbrEntry.getCertificates();
certCount = certificates != null ? certificates.length : 0;
if (certificates != null) {
for (Certificate cert : certificates) {
String fingerprint = CertificateHelper.getFingerprint(cert);
if (fingerprint.equals(MCFINGERPRINT)) {
FMLRelaunchLog.info("Found valid fingerprint for Minecraft. Certificate fingerprint %s", fingerprint);
goodMC = true;
}
}
}
} catch (Throwable e) {
FMLRelaunchLog.log(Level.ERROR, e, "A critical error occurred trying to read the minecraft jar file");
} finally {
Java6Utils.closeZipQuietly(mcJarFile);
}
} else {
goodMC = true;
}
if (!goodMC) {
FMLRelaunchLog.severe("The minecraft jar %s appears to be corrupt! There has been CRITICAL TAMPERING WITH MINECRAFT, it is highly unlikely minecraft will work! STOP NOW, get a clean copy and try again!", codeSource.getLocation().getFile());
if (!Boolean.parseBoolean(System.getProperty("fml.ignoreInvalidMinecraftCertificates", "false"))) {
FMLRelaunchLog.severe("For your safety, FML will not launch minecraft. You will need to fetch a clean version of the minecraft jar file");
FMLRelaunchLog.severe("Technical information: The class net.minecraft.client.ClientBrandRetriever should have been associated with the minecraft jar file, " + "and should have returned us a valid, intact minecraft jar location. This did not work. Either you have modified the minecraft jar file (if so " + "run the forge installer again), or you are using a base editing jar that is changing this class (and likely others too). If you REALLY " + "want to run minecraft in this configuration, add the flag -Dfml.ignoreInvalidMinecraftCertificates=true to the 'JVM settings' in your launcher profile.");
FMLCommonHandler.instance().exitJava(1, false);
} else {
FMLRelaunchLog.severe("FML has been ordered to ignore the invalid or missing minecraft certificate. This is very likely to cause a problem!");
FMLRelaunchLog.severe("Technical information: ClientBrandRetriever was at %s, there were %d certificates for it", codeSource.getLocation(), certCount);
}
}
if (!goodFML) {
FMLRelaunchLog.severe("FML appears to be missing any signature data. This is not a good thing");
}
return null;
}
Also used :
InputStream(java.io.InputStream)
CodeSource(java.security.CodeSource)
JarFile(java.util.jar.JarFile)
JarEntry(java.util.jar.JarEntry)
Certificate(java.security.cert.Certificate)
Example 7 with CodeSource
use of java.security.CodeSource in project MinecraftForge by MinecraftForge.
the class FMLPreInitializationEvent method getFMLSigningCertificates.
/**
* Retrieve the FML signing certificates, if any. Validate these against the
* published FML certificates in your mod, if you wish.
*
* Deprecated because mods should <b>NOT</b> trust this code. Rather
* they should copy this, or something like this, into their own mods.
*
* @return Certificates used to sign FML and Forge
*/
@Deprecated
public Certificate[] getFMLSigningCertificates() {
CodeSource codeSource = getClass().getClassLoader().getParent().getClass().getProtectionDomain().getCodeSource();
Certificate[] certs = codeSource.getCertificates();
if (certs == null) {
return new Certificate[0];
} else {
return certs;
}
}
Also used :
CodeSource(java.security.CodeSource)
Certificate(java.security.cert.Certificate)
Example 8 with CodeSource
use of java.security.CodeSource in project dubbo by alibaba.
the class Version method getVersion.
public static String getVersion(Class<?> cls, String defaultVersion) {
try {
// 首先查找MANIFEST.MF规范中的版本号
String version = cls.getPackage().getImplementationVersion();
if (version == null || version.length() == 0) {
version = cls.getPackage().getSpecificationVersion();
}
if (version == null || version.length() == 0) {
// 如果规范中没有版本号,基于jar包名获取版本号
CodeSource codeSource = cls.getProtectionDomain().getCodeSource();
if (codeSource == null) {
logger.info("No codeSource for class " + cls.getName() + " when getVersion, use default version " + defaultVersion);
} else {
String file = codeSource.getLocation().getFile();
if (file != null && file.length() > 0 && file.endsWith(".jar")) {
file = file.substring(0, file.length() - 4);
int i = file.lastIndexOf('/');
if (i >= 0) {
file = file.substring(i + 1);
}
i = file.indexOf("-");
if (i >= 0) {
file = file.substring(i + 1);
}
while (file.length() > 0 && !Character.isDigit(file.charAt(0))) {
i = file.indexOf("-");
if (i >= 0) {
file = file.substring(i + 1);
} else {
break;
}
}
version = file;
}
}
}
// 返回版本号,如果为空返回缺省版本号
return version == null || version.length() == 0 ? defaultVersion : version;
} catch (Throwable e) {
// 防御性容错
// 忽略异常,返回缺省版本号
logger.error("return default version, ignore exception " + e.getMessage(), e);
return defaultVersion;
}
}
Also used :
CodeSource(java.security.CodeSource)
Example 9 with CodeSource
use of java.security.CodeSource in project hudson-2.x by hudson.
the class SystemServiceImpl method getInstallationDirectory.
public File getInstallationDirectory() {
//securityService.checkPermission(Hudson.ADMINISTER);
File dir;
try {
// verbose to help pinpoint any NPE at runtime
ProtectionDomain pd = Hudson.class.getProtectionDomain();
CodeSource cs = pd.getCodeSource();
URL url = cs.getLocation();
String path = url.getPath();
dir = new File(path);
// Jar containing Launcher is expected in <install>/lib/some.jar (so .jar file - lib dir - should get us the install dir)
dir = dir.getParentFile().getParentFile();
dir = FileUtil.canonicalize(dir);
} catch (NullPointerException e) {
throw new IllegalStateException("Could not reliably determine the installation directory", e);
}
return dir;
}
Also used :
ProtectionDomain(java.security.ProtectionDomain)
CodeSource(java.security.CodeSource)
XmlFile(hudson.XmlFile)
File(java.io.File)
URL(java.net.URL)
Example 10 with CodeSource
use of java.security.CodeSource in project mongo-java-driver by mongodb.
the class ClientMetadataHelper method getDriverVersion.
private static String getDriverVersion() {
String driverVersion = "unknown";
try {
CodeSource codeSource = InternalStreamConnectionInitializer.class.getProtectionDomain().getCodeSource();
if (codeSource != null && codeSource.getLocation() != null) {
String path = codeSource.getLocation().getPath();
URL jarUrl = path.endsWith(".jar") ? new URL("jar:file:" + path + "!/") : null;
if (jarUrl != null) {
JarURLConnection jarURLConnection = (JarURLConnection) jarUrl.openConnection();
Manifest manifest = jarURLConnection.getManifest();
String version = (String) manifest.getMainAttributes().get(new Attributes.Name("Build-Version"));
if (version != null) {
driverVersion = version;
}
}
}
} catch (SecurityException e) {
// do nothing
} catch (IOException e) {
// do nothing
}
return driverVersion;
}
Also used :
JarURLConnection(java.net.JarURLConnection)
BsonString(org.bson.BsonString)
IOException(java.io.IOException)
CodeSource(java.security.CodeSource)
Manifest(java.util.jar.Manifest)
URL(java.net.URL)
Aggregations
CodeSource (java.security.CodeSource)85
URL (java.net.URL)43
ProtectionDomain (java.security.ProtectionDomain)29
File (java.io.File)24
IOException (java.io.IOException)16
Certificate (java.security.cert.Certificate)14
URISyntaxException (java.net.URISyntaxException)10
Permissions (java.security.Permissions)10
Policy (java.security.Policy)10
JarFile (java.util.jar.JarFile)10
PermissionCollection (java.security.PermissionCollection)9
URI (java.net.URI)8
FilePermission (java.io.FilePermission)7
MalformedURLException (java.net.MalformedURLException)5
AccessControlContext (java.security.AccessControlContext)5
URLClassLoader (java.net.URLClassLoader)4
GroovyClassLoader (groovy.lang.GroovyClassLoader)3
JarURLConnection (java.net.JarURLConnection)3
SocketPermission (java.net.SocketPermission)3
Path (java.nio.file.Path)3
