Re-add support for Java 8

README.md

@@ -41,6 +41,6 @@ See [INSTALLATION.md](INSTALLATION.md) for a detailed install guide.
 
 ## License
 
-BungeeGuard is licensed and made available under the permissive MIT license. Please see [LICENSE.txt](LICENSE.md) for more information.
+BungeeGuard is licensed and made available under the permissive MIT license. Please see [LICENSE.txt](LICENSE.txt) for more information.
 
 Details about vulnerability reporting & security disclosures can be found in [SECURITY.md](SECURITY.md).

bungeeguard-bungee-java9/pom.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>me.lucko</groupId>
+        <artifactId>bungeeguard</artifactId>
+        <version>1.2-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>bungeeguard-bungee-java9</artifactId>
+
+    <properties>
+        <maven.compiler.source>9</maven.compiler.source>
+        <maven.compiler.target>9</maven.compiler.target>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>me.lucko</groupId>
+            <artifactId>bungeeguard-bungee</artifactId>
+            <version>1.2-SNAPSHOT</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>net.md-5</groupId>
+            <artifactId>bungeecord-api</artifactId>
+            <version>${bungee.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>net.md-5</groupId>
+            <artifactId>bungeecord-proxy</artifactId>
+            <version>${bungee.version}</version>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+
+</project>

bungeeguard-bungee-java9/src/main/java/me/lucko/bungeeguard/bungee/SpoofedLoginResultJava9.java

@@ -0,0 +1,55 @@
+/*
+ * This file is part of BungeeGuard, licensed under the MIT License.
+ *
+ *  Copyright (c) lucko (Luck) <[email protected]>
+ *  Copyright (c) contributors
+ *
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy
+ *  of this software and associated documentation files (the "Software"), to deal
+ *  in the Software without restriction, including without limitation the rights
+ *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the Software is
+ *  furnished to do so, subject to the following conditions:
+ *
+ *  The above copyright notice and this permission notice shall be included in all
+ *  copies or substantial portions of the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ *  SOFTWARE.
+ */
+
+package me.lucko.bungeeguard.bungee;
+
+import net.md_5.bungee.ServerConnector;
+import net.md_5.bungee.connection.LoginResult;
+
+public class SpoofedLoginResultJava9 extends SpoofedLoginResult {
+    private static final StackWalker STACK_WALKER = StackWalker.getInstance(StackWalker.Option.RETAIN_CLASS_REFERENCE);
+
+    // online mode constructor
+    public SpoofedLoginResultJava9(LoginResult oldProfile, String extraToken) {
+        super(oldProfile, extraToken);
+    }
+
+    // offline mode constructor
+    public SpoofedLoginResultJava9(String extraToken) {
+        super(extraToken);
+    }
+
+    @Override
+    public LoginResult.Property[] getProperties() {
+        Class<?> caller = STACK_WALKER.getCallerClass();
+
+        // if the getProperties method is being called by the server connector, include our token in the properties
+        if (caller == ServerConnector.class) {
+            return addTokenProperty(super.getProperties());
+        } else {
+            return super.getProperties();
+        }
+    }
+}

bungeeguard-bungee/src/main/java/me/lucko/bungeeguard/bungee/SpoofedLoginResult.java

@@ -25,11 +25,12 @@
 
 package me.lucko.bungeeguard.bungee;
 
-import net.md_5.bungee.ServerConnector;
 import net.md_5.bungee.connection.InitialHandler;
 import net.md_5.bungee.connection.LoginResult;
 
+import java.lang.reflect.Constructor;
 import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
 import java.util.Arrays;
 
 /**
@@ -39,53 +40,77 @@
  * To achieve this, the stack trace is analyzed. This is kinda crappy, but is the only way
  * to modify the properties without leaking the token to other clients via the tablist.
  */
-class SpoofedLoginResult extends LoginResult {
-    private static final StackWalker STACK_WALKER = StackWalker.getInstance(StackWalker.Option.RETAIN_CLASS_REFERENCE);
-
+abstract class SpoofedLoginResult extends LoginResult {
     private static final Field PROFILE_FIELD;
+    private static final Constructor<? extends SpoofedLoginResult> OFFLINE_MODE_IMPL;
+    private static final Constructor<? extends SpoofedLoginResult> ONLINE_MODE_IMPL;
+
     static {
+        Class<? extends SpoofedLoginResult> implClass;
+        try {
+            // try to use stackwalker if running Java 9 or newer
+            Class.forName("java.lang.StackWalker");
+            implClass = Class.forName("me.lucko.bungeeguard.bungee.SpoofedLoginResultJava9").asSubclass(SpoofedLoginResult.class);
+            //System.out.println("[BungeeGuard] Using Java 9 (StackWalker) to spoof profile properties.");
+        } catch (ClassNotFoundException e) {
+            implClass = SpoofedLoginResultJava8.class;
+            //System.out.println("[BungeeGuard] Using Java 8 (Reflection/Stacktrace) to spoof profile properties.");
+        }
+
         try {
             PROFILE_FIELD = InitialHandler.class.getDeclaredField("loginProfile");
             PROFILE_FIELD.setAccessible(true);
-        } catch (NoSuchFieldException e) {
+
+            OFFLINE_MODE_IMPL = implClass.getConstructor(String.class);
+            ONLINE_MODE_IMPL = implClass.getConstructor(LoginResult.class, String.class);
+        } catch (ReflectiveOperationException e) {
             throw new ExceptionInInitializerError(e);
         }
     }
 
+    static void inject(InitialHandler handler, String token) {
+        LoginResult profile = handler.getLoginProfile();
+        LoginResult newProfile;
+
+        try {
+            // profile is null for offline mode servers
+            if (profile == null) {
+                newProfile = OFFLINE_MODE_IMPL.newInstance(token);
+            } else {
+                newProfile = ONLINE_MODE_IMPL.newInstance(profile, token);
+            }
+        } catch (ReflectiveOperationException e) {
+            throw new RuntimeException(e);
+        }
+
+        try {
+            PROFILE_FIELD.set(handler, newProfile);
+        } catch (IllegalAccessException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
     private final String extraToken;
     private final Property[] justExtraToken;
     private final boolean offline;
 
     // online mode constructor
-    private SpoofedLoginResult(LoginResult oldProfile, String extraToken) {
+    protected SpoofedLoginResult(LoginResult oldProfile, String extraToken) {
         super(oldProfile.getId(), oldProfile.getName(), oldProfile.getProperties());
         this.extraToken = extraToken;
         this.justExtraToken = new Property[]{new Property("bungeeguard-token", this.extraToken, "")};
         this.offline = false;
     }
 
     // offline mode constructor
-    private SpoofedLoginResult(String extraToken) {
+    protected SpoofedLoginResult(String extraToken) {
         super(null, null, new Property[0]);
         this.extraToken = extraToken;
         this.justExtraToken = new Property[]{new Property("bungeeguard-token", this.extraToken, "")};
         this.offline = true;
     }
 
-    @Override
-    public Property[] getProperties() {
-        // there's no way this is the best way to do this, but idfk
-        Class<?> caller = STACK_WALKER.getCallerClass();
-
-        // if the getProperties method is being called by the server connector, include our token in the properties
-        if (caller == ServerConnector.class) {
-            return addTokenProperty(super.getProperties());
-        } else {
-            return super.getProperties();
-        }
-    }
-
-    private Property[] addTokenProperty(Property[] properties) {
+    protected Property[] addTokenProperty(Property[] properties) {
         if (properties.length == 0) {
             return this.justExtraToken;
         }
@@ -110,22 +135,4 @@ public String getName() {
         }
         return super.getId();
     }
-
-    static void inject(InitialHandler handler, String token) {
-        LoginResult profile = handler.getLoginProfile();
-        LoginResult newProfile;
-
-        // profile is null for offline mode servers
-        if (profile == null) {
-            newProfile = new SpoofedLoginResult(token); // offline mode constructor
-        } else {
-            newProfile = new SpoofedLoginResult(profile, token); // online mode constructor
-        }
-
-        try {
-            PROFILE_FIELD.set(handler, newProfile);
-        } catch (IllegalAccessException e) {
-            throw new RuntimeException(e);
-        }
-    }
 }

bungeeguard-bungee/src/main/java/me/lucko/bungeeguard/bungee/SpoofedLoginResultJava8.java

@@ -0,0 +1,62 @@
+/*
+ * This file is part of BungeeGuard, licensed under the MIT License.
+ *
+ *  Copyright (c) lucko (Luck) <[email protected]>
+ *  Copyright (c) contributors
+ *
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy
+ *  of this software and associated documentation files (the "Software"), to deal
+ *  in the Software without restriction, including without limitation the rights
+ *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the Software is
+ *  furnished to do so, subject to the following conditions:
+ *
+ *  The above copyright notice and this permission notice shall be included in all
+ *  copies or substantial portions of the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ *  SOFTWARE.
+ */
+
+package me.lucko.bungeeguard.bungee;
+
+import net.md_5.bungee.connection.LoginResult;
+
+public class SpoofedLoginResultJava8 extends SpoofedLoginResult {
+    private static final String SERVER_CONNECTOR = "net.md_5.bungee.ServerConnector";
+    private static final String SERVER_CONNECTOR_CONNECTED = "connected";
+
+    // online mode constructor
+    public SpoofedLoginResultJava8(LoginResult oldProfile, String extraToken) {
+        super(oldProfile, extraToken);
+    }
+
+    // offline mode constructor
+    public SpoofedLoginResultJava8(String extraToken) {
+        super(extraToken);
+    }
+
+    @Override
+    public Property[] getProperties() {
+        // there's no way this is the best way to do this, but idfk
+        StackTraceElement[] trace = new Exception().getStackTrace();
+
+        if (trace.length < 2) {
+            return super.getProperties();
+        }
+
+        StackTraceElement callLocation = trace[1];
+
+        // if the getProperties method is being called by the server connector, include our token in the properties
+        if (callLocation.getClassName().equals(SERVER_CONNECTOR) && callLocation.getMethodName().equals(SERVER_CONNECTOR_CONNECTED)) {
+            return addTokenProperty(super.getProperties());
+        } else {
+            return super.getProperties();
+        }
+    }
+}

bungeeguard-bungee/src/main/resources/bungee.yml

@@ -1,5 +1,5 @@
 name: BungeeGuard
 version: ${project.version}
-description: Plugin which adds a security token to the BungeeCord handshaking protocol
+description: A plugin-based security/firewall solution for BungeeCord and Velocity proxies.
 author: Luck
 main: me.lucko.bungeeguard.bungee.BungeeGuardProxyPlugin

bungeeguard-spigot/src/main/resources/config.yml

@@ -1,9 +1,9 @@
 # BungeeGuard Configuration
 
 # Allowed authentication tokens.
-allowed-tokens: []
-#  - "the token generated by the proxy goes here"
-#  - "you can add as many as you like."
+allowed-tokens:
+  - "the token generated by the proxy goes here"
+  - "you can add as many as you like."
 
 
 # Messages

bungeeguard-spigot/src/main/resources/plugin.yml

@@ -1,6 +1,6 @@
 name: BungeeGuard
 version: ${project.version}
-description: Plugin which adds a security token to the BungeeCord handshaking protocol
+description: A plugin-based security/firewall solution for BungeeCord and Velocity proxies.
 author: Luck
 
 main: me.lucko.bungeeguard.spigot.BungeeGuardBackendPlugin

bungeeguard-universal/pom.xml

@@ -49,6 +49,12 @@
             <version>1.2-SNAPSHOT</version>
             <scope>compile</scope>
         </dependency>
+        <dependency>
+            <groupId>me.lucko</groupId>
+            <artifactId>bungeeguard-bungee-java9</artifactId>
+            <version>1.2-SNAPSHOT</version>
+            <scope>compile</scope>
+        </dependency>
         <dependency>
             <groupId>me.lucko</groupId>
             <artifactId>bungeeguard-spigot</artifactId>

pom.xml

@@ -11,6 +11,7 @@
 
     <modules>
         <module>bungeeguard-bungee</module>
+        <module>bungeeguard-bungee-java9</module>
         <module>bungeeguard-spigot</module>
         <module>bungeeguard-universal</module>
     </modules>
@@ -19,8 +20,8 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <maven.compiler.source>9</maven.compiler.source>
-        <maven.compiler.target>9</maven.compiler.target>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
 
         <paper.version>1.15.2-R0.1-SNAPSHOT</paper.version>
         <bungee.version>1.15-SNAPSHOT</bungee.version>