5 files changed, 57 insertions, 25 deletions
diff --git a/src/Protocol/Authenticator.cpp b/src/Protocol/Authenticator.cpp
index c9e4296a2..bfbe5028d 100644
--- a/src/Protocol/Authenticator.cpp
+++ b/src/Protocol/Authenticator.cpp
@@ -19,6 +19,10 @@
 #define DEFAULT_AUTH_SERVER "sessionserver.mojang.com"
 #define DEFAULT_AUTH_ADDRESS "/session/minecraft/hasJoined?username=%USERNAME%&serverId=%SERVERID%"
 
+
+
+
+
 cAuthenticator::cAuthenticator(void) :
 	super("cAuthenticator"),
 	m_Server(DEFAULT_AUTH_SERVER),
@@ -40,11 +44,11 @@ cAuthenticator::~cAuthenticator()
 
 
 
-void cAuthenticator::ReadINI(cIniFile & IniFile)
+void cAuthenticator::ReadSettings(cSettingsRepositoryInterface & a_Settings)
 {
-	m_Server             = IniFile.GetValueSet ("Authentication", "Server", DEFAULT_AUTH_SERVER);
-	m_Address            = IniFile.GetValueSet ("Authentication", "Address", DEFAULT_AUTH_ADDRESS);
-	m_ShouldAuthenticate = IniFile.GetValueSetB("Authentication", "Authenticate", true);
+	m_Server             = a_Settings.GetValueSet ("Authentication", "Server", DEFAULT_AUTH_SERVER);
+	m_Address            = a_Settings.GetValueSet ("Authentication", "Address", DEFAULT_AUTH_ADDRESS);
+	m_ShouldAuthenticate = a_Settings.GetValueSetB("Authentication", "Authenticate", true);
 }
 
 
@@ -69,9 +73,9 @@ void cAuthenticator::Authenticate(int a_ClientID, const AString & a_UserName, co
 
 
 
-void cAuthenticator::Start(cIniFile & IniFile)
+void cAuthenticator::Start(cSettingsRepositoryInterface & a_Settings)
 {
-	ReadINI(IniFile);
+	ReadSettings(a_Settings);
 	m_ShouldTerminate = false;
 	super::Start();
 }
@@ -267,3 +271,7 @@ bool cAuthenticator::GetPlayerProperties(const AString & a_UUID, Json::Value & a
 	return true;
 }
 */
+
+
+
+
diff --git a/src/Protocol/Authenticator.h b/src/Protocol/Authenticator.h
index 853eff535..02b349256 100644
--- a/src/Protocol/Authenticator.h
+++ b/src/Protocol/Authenticator.h
@@ -14,7 +14,7 @@
 
 #include "../OSSupport/IsThread.h"
 
-
+class cSettingsRepositoryInterface;
 
 
 
@@ -40,13 +40,13 @@ public:
 	~cAuthenticator();
 
 	/** (Re-)read server and address from INI: */
-	void ReadINI(cIniFile & IniFile);
+	void ReadSettings(cSettingsRepositoryInterface & a_Settings);
 
 	/** Queues a request for authenticating a user. If the auth fails, the user will be kicked */
 	void Authenticate(int a_ClientID, const AString & a_UserName, const AString & a_ServerHash);
 
 	/** Starts the authenticator thread. The thread may be started and stopped repeatedly */
-	void Start(cIniFile & IniFile);
+	void Start(cSettingsRepositoryInterface & a_Settings);
 
 	/** Stops the authenticator thread. The thread may be started and stopped repeatedly */
 	void Stop(void);
diff --git a/src/Protocol/MojangAPI.cpp b/src/Protocol/MojangAPI.cpp
index 0d1441500..110590359 100644
--- a/src/Protocol/MojangAPI.cpp
+++ b/src/Protocol/MojangAPI.cpp
@@ -38,12 +38,36 @@ const int MAX_PER_QUERY = 100;
 
 
 
-/** This is the data of the root certs for Starfield Technologies, the CA that signed sessionserver.mojang.com's cert:
-Downloaded from http://certs.starfieldtech.com/repository/ */
-static const AString & StarfieldCACert(void)
+/** Returns the CA certificates that should be trusted for Mojang-related connections. */
+static const AString & GetCACerts(void)
 {
 	static const AString Cert(
-		// G2 cert
+		// Equifax root CA cert
+		// Currently used for signing *.mojang.com's cert
+		// Exported from Mozilla Firefox's built-in CA repository
+		"-----BEGIN CERTIFICATE-----\n"
+		"MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV\n"
+		"UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy\n"
+		"dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1\n"
+		"MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx\n"
+		"dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B\n"
+		"AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f\n"
+		"BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A\n"
+		"cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC\n"
+		"AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ\n"
+		"MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm\n"
+		"aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw\n"
+		"ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj\n"
+		"IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF\n"
+		"MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA\n"
+		"A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y\n"
+		"7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh\n"
+		"1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4\n"
+		"-----END CERTIFICATE-----\n\n"
+
+		// Starfield G2 cert
+		// This is the data of the root certs for Starfield Technologies, the CA that used to sign sessionserver.mojang.com's cert
+		// Downloaded from http://certs.starfieldtech.com/repository/
 		"-----BEGIN CERTIFICATE-----\n"
 		"MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx\n"
 		"EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT\n"
@@ -67,7 +91,8 @@ static const AString & StarfieldCACert(void)
 		"pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1\n"
 		"mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0\n"
 		"-----END CERTIFICATE-----\n\n"
-		// Original (G1) cert:
+
+		// Starfield original (G1) cert:
 		"-----BEGIN CERTIFICATE-----\n"
 		"MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl\n"
 		"MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp\n"
@@ -226,12 +251,12 @@ cMojangAPI::~cMojangAPI()
 
 
 
-void cMojangAPI::Start(cIniFile & a_SettingsIni, bool a_ShouldAuth)
+void cMojangAPI::Start(cSettingsRepositoryInterface & a_Settings, bool a_ShouldAuth)
 {
-	m_NameToUUIDServer     = a_SettingsIni.GetValueSet("MojangAPI", "NameToUUIDServer",     DEFAULT_NAME_TO_UUID_SERVER);
-	m_NameToUUIDAddress    = a_SettingsIni.GetValueSet("MojangAPI", "NameToUUIDAddress",    DEFAULT_NAME_TO_UUID_ADDRESS);
-	m_UUIDToProfileServer  = a_SettingsIni.GetValueSet("MojangAPI", "UUIDToProfileServer",  DEFAULT_UUID_TO_PROFILE_SERVER);
-	m_UUIDToProfileAddress = a_SettingsIni.GetValueSet("MojangAPI", "UUIDToProfileAddress", DEFAULT_UUID_TO_PROFILE_ADDRESS);
+	m_NameToUUIDServer     = a_Settings.GetValueSet("MojangAPI", "NameToUUIDServer",     DEFAULT_NAME_TO_UUID_SERVER);
+	m_NameToUUIDAddress    = a_Settings.GetValueSet("MojangAPI", "NameToUUIDAddress",    DEFAULT_NAME_TO_UUID_ADDRESS);
+	m_UUIDToProfileServer  = a_Settings.GetValueSet("MojangAPI", "UUIDToProfileServer",  DEFAULT_UUID_TO_PROFILE_SERVER);
+	m_UUIDToProfileAddress = a_Settings.GetValueSet("MojangAPI", "UUIDToProfileAddress", DEFAULT_UUID_TO_PROFILE_ADDRESS);
 	LoadCachesFromDisk();
 	if (a_ShouldAuth)
 	{
@@ -390,7 +415,7 @@ bool cMojangAPI::SecureRequest(const AString & a_ServerName, const AString & a_R
 {
 	// Connect the socket:
 	cBlockingSslClientSocket Socket;
-	Socket.SetTrustedRootCertsFromString(StarfieldCACert(), a_ServerName);
+	Socket.SetTrustedRootCertsFromString(GetCACerts(), a_ServerName);
 	if (!Socket.Connect(a_ServerName, 443))
 	{
 		LOGWARNING("%s: Can't connect to %s: %s", __FUNCTION__, a_ServerName.c_str(), Socket.GetLastErrorText().c_str());
@@ -434,7 +459,6 @@ bool cMojangAPI::SecureRequest(const AString & a_ServerName, const AString & a_R
 		a_Response.append((const char *)buf, (size_t)ret);
 	}
 
-	Socket.Disconnect();
 	return true;
 }
 
diff --git a/src/Protocol/MojangAPI.h b/src/Protocol/MojangAPI.h
index 0dc2617b6..bea950740 100644
--- a/src/Protocol/MojangAPI.h
+++ b/src/Protocol/MojangAPI.h
@@ -25,7 +25,7 @@ namespace Json
 
 
 
-
+class cSettingsRepositoryInterface;
 
 // tolua_begin
 class cMojangAPI
@@ -38,7 +38,7 @@ public:
 	
 	/** Initializes the API; reads the settings from the specified ini file.
 	Loads cached results from disk. */
-	void Start(cIniFile & a_SettingsIni, bool a_ShouldAuth);
+	void Start(cSettingsRepositoryInterface & a_Settings, bool a_ShouldAuth);
 	
 	/** Connects to the specified server using SSL, sends the given request and receives the response.
 	Checks Mojang certificates using the hard-coded Starfield root CA certificate.
diff --git a/src/Protocol/Protocol18x.cpp b/src/Protocol/Protocol18x.cpp
index 17faca27e..4612af4a5 100644
--- a/src/Protocol/Protocol18x.cpp
+++ b/src/Protocol/Protocol18x.cpp
@@ -51,7 +51,7 @@ Implements the 1.8.x protocol classes:
 
 
 /** The slot number that the client uses to indicate "outside the window". */
-static const Int16 SLOT_NUM_OUTSIDE = -1;
+static const Int16 SLOT_NUM_OUTSIDE = -999;
 
 
 
@@ -2265,7 +2265,7 @@ void cProtocol180::HandlePacketCreativeInventoryAction(cByteBuffer & a_ByteBuffe
 	{
 		return;
 	}
-	m_Client->HandleCreativeInventory(SlotNum, Item, (SlotNum == SLOT_NUM_OUTSIDE) ? caLeftClickOutside : caLeftClick);
+	m_Client->HandleCreativeInventory(SlotNum, Item, (SlotNum == -1) ? caLeftClickOutside : caLeftClick);
 }