Don't create a TrustManagerFactory

See the discussion in #1352 - Netty uses the system one by default, so no sense creating our own. Also make sure we through the HTTP error every time, not just on the first failure. Otherwise we get cryptic connection dropped errors.
2024-06-26 07:03:22 +00:00 · 2023-03-04 11:18:58 +00:00 · 2023-03-04 11:18:58 +00:00 · c9bb534799
commit c9bb534799
parent 1c120982a7
1 changed files with 11 additions and 30 deletions
--- a/projects/core/src/main/java/dan200/computercraft/core/apis/http/NetworkUtils.java
+++ b/projects/core/src/main/java/dan200/computercraft/core/apis/http/NetworkUtils.java
@ -28,10 +28,8 @@
 import javax.annotation.Nullable;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLHandshakeException;
-import javax.net.ssl.TrustManagerFactory;
 import java.net.InetSocketAddress;
 import java.net.URI;
-import java.security.KeyStore;
 import java.util.concurrent.ScheduledThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;

@ -65,46 +63,29 @@ private NetworkUtils() {
    }

    private static final Object sslLock = new Object();
-    private static @Nullable TrustManagerFactory trustManager;
    private static @Nullable SslContext sslContext;
    private static boolean triedSslContext = false;

    @Nullable
-    private static TrustManagerFactory getTrustManager() {
-        if (trustManager != null) return trustManager;
+    private static SslContext makeSslContext() {
+        if (triedSslContext) return sslContext;
        synchronized (sslLock) {
-            if (trustManager != null) return trustManager;
+            if (triedSslContext) return sslContext;

-            TrustManagerFactory tmf = null;
+            triedSslContext = true;
            try {
-                tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-                tmf.init((KeyStore) null);
-            } catch (Exception e) {
-                LOG.error("Cannot setup trust manager", e);
+                return sslContext = SslContextBuilder.forClient().build();
+            } catch (SSLException e) {
+                LOG.error("Cannot construct SSL context", e);
+                return sslContext = null;
            }
-
-            return trustManager = tmf;
        }
    }

-    @Nullable
    public static SslContext getSslContext() throws HTTPRequestException {
-        if (sslContext != null || triedSslContext) return sslContext;
-        synchronized (sslLock) {
-            if (sslContext != null || triedSslContext) return sslContext;
-            try {
-                return sslContext = SslContextBuilder
-                    .forClient()
-                    .trustManager(getTrustManager())
-                    .build();
-            } catch (SSLException e) {
-                LOG.error("Cannot construct SSL context", e);
-                triedSslContext = true;
-                sslContext = null;
-
-                throw new HTTPRequestException("Cannot create a secure connection");
-            }
-        }
+        var ssl = makeSslContext();
+        if (ssl == null) throw new HTTPRequestException("Could not create a secure connection");
+        return ssl;
    }

    public static void reloadConfig() {