From 948736b5ea103fd47ed399e675e0e674598e40b7 Mon Sep 17 00:00:00 2001
From: HaHaWTH <id_cn00@outlook.com>
Date: Wed, 3 Apr 2024 16:11:06 +0800
Subject: [PATCH] Merge upstream pull request #2777

---
 .../fr/xephi/authme/datasource/MySQL.java     | 17 +++++++++++++----
 .../settings/properties/DatabaseSettings.java | 19 +++++++++++++++----
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java
index 0a3fcd43..9a1cf216 100644
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@@ -41,6 +41,7 @@ public class MySQL extends AbstractSqlDataSource {
     private boolean useSsl;
     private boolean serverCertificateVerification;
     private boolean allowPublicKeyRetrieval;
+    private String mariaDbSslMode;
     private String host;
     private String port;
     private String username;
@@ -121,6 +122,7 @@ public class MySQL extends AbstractSqlDataSource {
         this.useSsl = settings.getProperty(DatabaseSettings.MYSQL_USE_SSL);
         this.serverCertificateVerification = settings.getProperty(DatabaseSettings.MYSQL_CHECK_SERVER_CERTIFICATE);
         this.allowPublicKeyRetrieval = settings.getProperty(DatabaseSettings.MYSQL_ALLOW_PUBLIC_KEY_RETRIEVAL);
+        this.mariaDbSslMode = settings.getProperty(DatabaseSettings.MARIADB_SSL_MODE);
     }
 
     /**
@@ -145,12 +147,19 @@ public class MySQL extends AbstractSqlDataSource {
         ds.setDriverClassName(this.getDriverClassName());
 
         // Request mysql over SSL
-        ds.addDataSourceProperty("useSSL", String.valueOf(useSsl));
+        if (this instanceof MariaDB) {
+            ds.addDataSourceProperty("sslMode", mariaDbSslMode);
+        } else {
+            ds.addDataSourceProperty("useSSL", String.valueOf(useSsl));
+
+            // Disabling server certificate verification on need
+            if (!serverCertificateVerification) {
+                ds.addDataSourceProperty("verifyServerCertificate", String.valueOf(false));
+            }
+        }
+
 
         // Disabling server certificate verification on need
-        if (!serverCertificateVerification) {
-            ds.addDataSourceProperty("verifyServerCertificate", String.valueOf(false));
-        }        // Disabling server certificate verification on need
         if (allowPublicKeyRetrieval) {
             ds.addDataSourceProperty("allowPublicKeyRetrieval", String.valueOf(true));
         }
diff --git a/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java b/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java
index 3b799b3a..6103183d 100644
--- a/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java
+++ b/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java
@@ -31,7 +31,17 @@ public final class DatabaseSettings implements SettingsHolder {
     public static final Property<String> MYSQL_PORT =
         newProperty("DataSource.mySQLPort", "3306");
 
-    @Comment("Connect to MySQL database over SSL")
+    @Comment({"Replacement of Mysql's useSsl (for MariaDB only).",
+        "- disable: No SSL",
+        "- trust: Trust blindly (no validation)",
+        "- verify_ca:  Encryption, certificates validation, BUT no hostname verification",
+        "- verify_full: Encryption, certificate validation and hostname validation",
+        "Read more: https://bit.ly/mariadb-sslmode"})
+    public static final Property<String> MARIADB_SSL_MODE =
+        newProperty("DataSource.MariaDbSslMode", "disabled");
+
+    @Comment({"Connect to MySQL database over SSL",
+        "If you're using MariaDB, use sslMode instead"})
     public static final Property<Boolean> MYSQL_USE_SSL =
         newProperty("DataSource.mySQLUseSSL", true);
 
@@ -39,12 +49,13 @@ public final class DatabaseSettings implements SettingsHolder {
         "We would not recommend to set this option to false.",
         "Set this option to false at your own risk if and only if you know what you're doing"})
     public static final Property<Boolean> MYSQL_CHECK_SERVER_CERTIFICATE =
-        newProperty( "DataSource.mySQLCheckServerCertificate", true );
+        newProperty( "DataSource.mySQLCheckServerCertificate", true);
 
     @Comment({"Authorize client to retrieve RSA server public key.",
-        "Advanced option, ignore if you don't know what it means."})
+        "Advanced option, ignore if you don't know what it means.",
+        "If you are using MariaDB, use MariaDbSslMode instead."})
     public static final Property<Boolean> MYSQL_ALLOW_PUBLIC_KEY_RETRIEVAL =
-        newProperty( "DataSource.mySQLAllowPublicKeyRetrieval", true );
+        newProperty( "DataSource.mySQLAllowPublicKeyRetrieval", true);
 
     @Comment("Username to connect to the MySQL database")
     public static final Property<String> MYSQL_USERNAME =