Browse Source

change: Improved heuristic for determining if a download came from an unofficial source

This will hurt a lot of websites which unofficially redistribute our mod.
1.14.x
JellySquid 5 months ago
parent
commit
7d9014fb30
Signed by: Angeline <angeline@gildedgames.com> GPG Key ID: E8142FD7984F528E

+ 1
- 0
build.gradle View File

@@ -77,6 +77,7 @@ jar {
manifest {
attributes "ContainedDeps": artifacts.collect { it.name }.join(' ')
attributes "FMLAT": "aether_at.cfg"
attributes "SignedFileName": jar.archivePath.name
}
})
}

+ 4
- 4
src/main/java/com/gildedgames/aether/client/gui/misc/GuiAetherUnsigned.java View File

@@ -50,13 +50,13 @@ public class GuiAetherUnsigned extends GuiScreen
{
String text1 = String.valueOf(TextFormatting.RED) + TextFormatting.BOLD + "Panic!" + TextFormatting.RESET + " An integrity check has failed!";

String[] desc = (TextFormatting.RED + "You have obtained a corrupted or unofficial download of the Aether II.\n\n"
String[] desc = (TextFormatting.RED + "It appears you have downloaded the Aether II from an unofficial source.\n\n"
+ "If you were not expecting this warning, you should immediately re-download\n"
+ "the Aether II from our official CurseForge page. " + TextFormatting.RED + "Otherwise, you may run into\n"
+ TextFormatting.RED + "severe issues which cause instability, break your game, or corrupt your worlds.\n\n\n\n\n\n"
+ TextFormatting.RED + "issues which could cause instability, break your game, or corrupt your worlds.\n\n\n\n\n\n"
+ "If you are a developer hacking on the code or otherwise know what you're\n"
+ "doing, then you can ignore this warning at your risk. " + TextFormatting.RED + "We will not provide\n"
+ TextFormatting.RED + "support if you choose not to heed this warning.").split("\n");
+ "doing, then you can ignore this warning at your risk. " + TextFormatting.RED + "Gilded Games will not\n"
+ TextFormatting.RED + "provide support if you choose not to heed this warning.").split("\n");

ScaledResolution sr = new ScaledResolution(this.mc);


+ 14
- 4
src/main/java/com/gildedgames/aether/common/AetherCore.java View File

@@ -2,6 +2,7 @@ package com.gildedgames.aether.common;

import com.gildedgames.aether.api.AetherAPI;
import com.gildedgames.aether.common.analytics.GAReporter;
import com.gildedgames.aether.common.util.JarValidator;
import net.minecraft.launchwrapper.Launch;
import net.minecraft.util.ResourceLocation;
import net.minecraftforge.fml.common.FMLCommonHandler;
@@ -80,6 +81,13 @@ public class AetherCore
{
AetherCore.CONFIG = new ConfigAether(event.getSuggestedConfigurationFile());

if (!AetherCore.isInsideDevEnvironment() && !JarValidator.validate(event.getSourceFile()))
{
AetherCore.LOGGER.warn("Failed to validate extended properties for the file located at " + event.getSourceFile());

AetherCore.IS_SIGNED = false;
}

AetherCore.PROXY.preInit(event);
}

@@ -110,14 +118,16 @@ public class AetherCore
@EventHandler
public void onFingerprintViolation(final FMLFingerprintViolationEvent event)
{
AetherCore.IS_SIGNED = false;

if (AetherCore.isInsideDevEnvironment())
{
AetherCore.LOGGER.warn("Ignoring missing certificate for the Aether II because we are in a de-obfuscated workspace...");

return;
}

AetherCore.LOGGER.warn("Heads up! Forge has failed to validate the integrity of the Aether.");
AetherCore.LOGGER.warn("The Aether may be packaged unofficially, tampered with, or corrupted. As a result, this build will not receive support.");
AetherCore.IS_SIGNED = false;

AetherCore.LOGGER.warn("No valid certificates could be found for the file located at: " + event.getSource());
AetherCore.LOGGER.warn("You have downloaded a release of the Aether II which does not contain a valid code signing certificate. This release will not receive support from Gilded Games.");
}
}

+ 49
- 0
src/main/java/com/gildedgames/aether/common/util/JarValidator.java View File

@@ -0,0 +1,49 @@
package com.gildedgames.aether.common.util;

import com.gildedgames.aether.common.AetherCore;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;

public class JarValidator
{
private static final String MANIFEST_PATH = "/META-INF/MANIFEST.MF";

/**
* Performs additional validation to ensure that the classpath of the current Aether II installation
* comes from a file which has an expected name. It's very common for third-party distributors to
* change the file name.
* @param clazz The main mod's class.
* @return True if the extended validation succeeded, otherwise false.
*/
public static boolean validate(final File file)
{
Manifest prop;

try (JarInputStream stream = new JarInputStream(new BufferedInputStream(new FileInputStream(file))))
{
prop = stream.getManifest();
}
catch (IOException e)
{
AetherCore.LOGGER.warn("Couldn't open and decode JAR manifest information", e);

return true;
}

String expectedFileName = prop.getMainAttributes().getValue("SignedFileName");

if (expectedFileName == null)
{
AetherCore.LOGGER.warn("JAR manifest does not contain attributes for extended validation");

return true;
}

return file.getName().equals(expectedFileName);
}
}

Loading…
Cancel
Save