From 44cb7875775710d4b6818dd9c5d938ac736dc7c9 Mon Sep 17 00:00:00 2001 From: Alexandre Vanhecke Date: Fri, 5 Apr 2019 21:51:54 +0200 Subject: [PATCH] Add an option to disable MySQL server certificate check - Fix #1735 --- src/main/java/fr/xephi/authme/datasource/MySQL.java | 7 +++++++ .../xephi/authme/settings/properties/DatabaseSettings.java | 6 ++++++ .../settings/properties/AuthMeSettingsRetrieverTest.java | 2 +- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java index 3bb187ff1..badeea140 100644 --- a/src/main/java/fr/xephi/authme/datasource/MySQL.java +++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java @@ -34,6 +34,7 @@ import static fr.xephi.authme.datasource.SqlDataSourceUtils.logSqlException; public class MySQL extends AbstractSqlDataSource { private boolean useSsl; + private boolean serverCertificateVerification; private String host; private String port; private String username; @@ -103,6 +104,7 @@ public class MySQL extends AbstractSqlDataSource { this.poolSize = settings.getProperty(DatabaseSettings.MYSQL_POOL_SIZE); this.maxLifetime = settings.getProperty(DatabaseSettings.MYSQL_CONNECTION_MAX_LIFETIME); this.useSsl = settings.getProperty(DatabaseSettings.MYSQL_USE_SSL); + this.serverCertificateVerification = settings.getProperty(DatabaseSettings.MYSQL_CHECK_SERVER_CERTIFICATE); } /** @@ -126,6 +128,11 @@ public class MySQL extends AbstractSqlDataSource { // Request mysql over SSL ds.addDataSourceProperty("useSSL", String.valueOf(useSsl)); + // Disabling server certificate verification on need + if (!serverCertificateVerification) { + ds.addDataSourceProperty("verifyServerCertificate", String.valueOf(false)); + } + // Encoding ds.addDataSourceProperty("characterEncoding", "utf8"); ds.addDataSourceProperty("encoding", "UTF-8"); diff --git a/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java b/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java index 40e9933a3..83ed18e7a 100644 --- a/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java +++ b/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java @@ -31,6 +31,12 @@ public final class DatabaseSettings implements SettingsHolder { public static final Property MYSQL_USE_SSL = newProperty("DataSource.mySQLUseSSL", true); + @Comment({"Verification of server's certificate.", + "We would not recommend to set this option to false.", + "Set this option to false at your own risk if and only if you know what you're doing"}) + public static final Property MYSQL_CHECK_SERVER_CERTIFICATE = + newProperty( "DataSource.mySQLCheckServerCertificate", true ); + @Comment("Username to connect to the MySQL database") public static final Property MYSQL_USERNAME = newProperty("DataSource.mySQLUsername", "authme"); diff --git a/src/test/java/fr/xephi/authme/settings/properties/AuthMeSettingsRetrieverTest.java b/src/test/java/fr/xephi/authme/settings/properties/AuthMeSettingsRetrieverTest.java index 445b6965a..1860480f5 100644 --- a/src/test/java/fr/xephi/authme/settings/properties/AuthMeSettingsRetrieverTest.java +++ b/src/test/java/fr/xephi/authme/settings/properties/AuthMeSettingsRetrieverTest.java @@ -22,7 +22,7 @@ public class AuthMeSettingsRetrieverTest { // an error margin of 10: this prevents us from having to adjust the test every time the config is changed. // If this test fails, replace the first argument in closeTo() with the new number of properties assertThat((double) configurationData.getProperties().size(), - closeTo(171, 10)); + closeTo(182, 10)); } @Test