Add SSL verification to PocketMine plugin

resources/comodo_ecc.pem

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT
+IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw
+MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy
+ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N
+T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR
+FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J
+cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW
+BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm
+fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv
+GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----

src/Buycraft/PocketMine/BuycraftPlugin.php

@@ -27,12 +27,31 @@ public static function getInstance()
 
     public function onEnable()
     {
+        // Ensure cURL is available and supports SSL.
+        if (!extension_loaded("curl"))
+        {
+            $this->getLogger()->error("BuycraftPM requires the curl extension to be installed with SSL support. Halting...");
+            return;
+        }
+
+        $version = curl_version();
+        $ssl_supported = ($version['features'] & CURL_VERSION_SSL);
+        if (!$ssl_supported)
+        {
+            $this->getLogger()->error("BuycraftPM requires the curl extension to be installed with SSL support. Halting...");
+            return;
+        }
+
         self::$instance = $this;
 
         $this->saveDefaultConfig();
+
+        // Save the COMODO ECC root certificate so we can communicate with Buycraft
+        $this->saveResource("comodo_ecc.pem");
+
         $secret = $this->getConfig()->get('secret');
         if ($secret) {
-            $api = new PluginApi($secret);
+            $api = new PluginApi($secret, $this->getDataFolder());
             try {
                 $this->verifyInformation($api);
                 $this->pluginApi = $api;

src/Buycraft/PocketMine/Commands/BuycraftCommand.php

@@ -57,7 +57,7 @@ public function execute(CommandSender $sender, $commandLabel, array $args)
 
                 $secret = $args[1];
 
-                $this->plugin->getServer()->getScheduler()->scheduleAsyncTask(new SecretVerificationTask($secret));
+                $this->plugin->getServer()->getScheduler()->scheduleAsyncTask(new SecretVerificationTask($secret, $this->plugin->getDataFolder()));
                 break;
             case "forcecheck":
                 if (count($args) != 1) {
@@ -96,7 +96,7 @@ public function execute(CommandSender $sender, $commandLabel, array $args)
 
     private function sendHelp(CommandSender $sender)
     {
-        $sender->sendMessage(TextFormat::GREEN . "Usage for the BuycraftMP plugin:");
+        $sender->sendMessage(TextFormat::GREEN . "Usage for the BuycraftPM plugin:");
         $sender->sendMessage(TextFormat::GREEN . "/buycraft secret" . TextFormat::GRAY . ": Set your server's secret.");
         $sender->sendMessage(TextFormat::GREEN . "/buycraft forcecheck" . TextFormat::GRAY . ": Check for current purchases.");
         $sender->sendMessage(TextFormat::GREEN . "/buycraft info" . TextFormat::GRAY . ": Retrieves public information about your web store.");

src/Buycraft/PocketMine/Commands/SecretVerificationTask.php

@@ -12,14 +12,17 @@
 class SecretVerificationTask extends AsyncTask
 {
     private $secret;
+    private $dataFolder;
 
     /**
      * SecretVerificationTask constructor.
      * @param $secret string
+     * @param $dataFolder string
      */
-    public function __construct($secret)
+    public function __construct($secret, $dataFolder)
     {
         $this->secret = $secret;
+        $this->dataFolder = $dataFolder;
     }
 
     /**
@@ -30,7 +33,7 @@ public function __construct($secret)
     public function onRun()
     {
         try {
-            $api = new PluginApi($this->secret);
+            $api = new PluginApi($this->secret, $this->dataFolder);
             $this->setResult($api->basicGet("/information"));
         } catch (\Exception $e) {
             $this->setResult($e);
@@ -50,7 +53,7 @@ public function onCompletion(Server $server)
                 BuycraftPlugin::getInstance()->getLogger()->warning("This message is safe to ignore, but you may wish to use a separate web store set to offline mode.");
             }
 
-            BuycraftPlugin::getInstance()->changeApi(new PluginApi($this->secret), $result);
+            BuycraftPlugin::getInstance()->changeApi(new PluginApi($this->secret, $this->dataFolder), $result);
             BuycraftPlugin::getInstance()->getConfig()->set('secret', $this->secret);
             BuycraftPlugin::getInstance()->getLogger()->info(TextFormat::GREEN . "Secret set!");
         }

src/Buycraft/PocketMine/PluginApi.php

@@ -8,14 +8,17 @@ class PluginApi
     const BUYCRAFT_PLUGIN_API_URL = "https://plugin.buycraft.net";
 
     private $secret;
+    private $dataFolder;
 
     /**
      * ApiUtil constructor.
      * @param $secret string
+     * @param $dataFolder string
      */
-    public function __construct($secret)
+    public function __construct($secret, $dataFolder)
     {
         $this->secret = $secret;
+        $this->dataFolder = $dataFolder;
     }
 
     /**
@@ -64,7 +67,10 @@ private function initializeCurl($url)
         $ctx = curl_init($url);
         curl_setopt($ctx, CURLOPT_HTTPHEADER, ["X-Buycraft-Secret: " . $this->secret, "User-Agent: BuycraftPM"]);
         curl_setopt($ctx, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($ctx, CURLOPT_SSL_VERIFYPEER, false);
+        if ($this->dataFolder)
+        {
+            curl_setopt($ctx, CURLOPT_CAINFO, $this->dataFolder . "comodo_ecc.pem");
+        }
         curl_setopt($ctx, CURLOPT_TIMEOUT, 5);
         return $ctx;
     }