/**
* Retrieve the FML signing certificates, if any. Validate these against the published FML
* certificates in your mod, if you wish.
*
* <p>Deprecated because mods should <b>NOT</b> trust this code. Rather they should copy this, or
* something like this, into their own mods.
*
* @return Certificates used to sign FML and Forge
*/
@Deprecated
public Certificate[] getFMLSigningCertificates() {
CodeSource codeSource =
getClass().getClassLoader().getParent().getClass().getProtectionDomain().getCodeSource();
Certificate[] certs = codeSource.getCertificates();
if (certs == null) {
return new Certificate[0];
} else {
return certs;
}
}
/**
* Loads protection domain for specified jar. The domain is not loaded from the jar itself but it
* is derived from parent protection domain.
*
* @param aURL jar url
* @return
*/
protected ProtectionDomain getProtectionDomain(URL aURL) {
ProtectionDomain parentDomain = getClass().getProtectionDomain();
CodeSource csParent = parentDomain.getCodeSource();
Certificate[] certParent = csParent.getCertificates();
CodeSource csChild =
(certParent == null
? new CodeSource(aURL, csParent.getCodeSigners())
: new CodeSource(aURL, certParent));
ProtectionDomain pdChild =
new ProtectionDomain(
csChild,
parentDomain.getPermissions(),
parentDomain.getClassLoader(),
parentDomain.getPrincipals());
return pdChild;
}
