Show warning when DST Root CA X3 is missing

HMCL/src/main/java/org/jackhuang/hmcl/Main.java

@@ -17,10 +17,19 @@
  */
 package org.jackhuang.hmcl;
 
+import static org.jackhuang.hmcl.util.Logging.LOG;
 import static org.jackhuang.hmcl.util.i18n.I18n.i18n;
 
 import java.io.File;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.logging.Level;
 
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 import javax.swing.JOptionPane;
 
 public final class Main {
@@ -28,6 +37,7 @@ public final class Main {
     public static void main(String[] args) {
         checkJavaFX();
         checkDirectoryPath();
+        checkDSTRootCAX3();
         Launcher.main(args);
     }
 
@@ -48,6 +58,31 @@ public final class Main {
         }
     }
 
+    private static void checkDSTRootCAX3() {
+        TrustManagerFactory tmf;
+        try {
+            tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init((KeyStore) null);
+        } catch (NoSuchAlgorithmException | KeyStoreException e) {
+            LOG.log(Level.WARNING, "Failed to init TrustManagerFactory", e);
+            // don't know what to do here
+            return;
+        }
+        for (TrustManager tm : tmf.getTrustManagers()) {
+            if (tm instanceof X509TrustManager) {
+                for (X509Certificate cert : ((X509TrustManager) tm).getAcceptedIssuers()) {
+                    if ("CN=DST Root CA X3, O=Digital Signature Trust Co.".equals((cert.getSubjectDN().getName()))) {
+                        return;
+                    }
+                }
+            }
+        }
+        showWarningAndContinue(i18n("fatal.missing_dst_root_ca_x3"));
+    }
+
+    /**
+     * Indicates that a fatal error has occurred, and that the application cannot start.
+     */
     private static void showErrorAndExit(String message) {
         System.err.println(message);
         System.err.println("A fatal error has occurred, forcibly exiting.");
@@ -55,4 +90,13 @@ public final class Main {
         System.exit(1);
     }
 
+    /**
+     * Indicates that potential issues have been detected, and that the application may not function properly (but it can still run).
+     */
+    private static void showWarningAndContinue(String message) {
+        System.err.println(message);
+        System.err.println("Potential issues have been detected.");
+        JOptionPane.showMessageDialog(null, message, "Warning", JOptionPane.WARNING_MESSAGE);
+    }
+
 }

HMCL/src/main/resources/assets/lang/I18N.properties

@@ -92,6 +92,7 @@ extension.png=Image file
 extension.sh=Bash shell
 
 fatal.missing_javafx=JavaFX is missing.\nIf you are using Java 11 or later, please downgrade to Java 8 or 10.\nIf you are using OpenJDK, please ensure OpenJFX is included.
+fatal.missing_dst_root_ca_x3=The DST Root CA X3 certificate is missing on the current Java platform.\nYou can still use HMCL, but HMCL will be unable to connect to some sites (such as sites that use certificates issued by Let's Encrypt), which may cause HMCL not to function properly.\nPlease upgrade your Java to 8u101 or later to resolve the problem.
 
 folder.config=Configs
 folder.coremod=Core Mod

HMCL/src/main/resources/assets/lang/I18N_zh.properties

@@ -92,6 +92,7 @@ extension.png=圖片文件
 extension.sh=Bash 腳本
 
 fatal.missing_javafx=JavaFX 缺失。\n如果您使用的是 Java 11 或更高版本，請降級到 Java 8 或 10。\n如果您使用的是 OpenJDK，請確保其包含 OpenJFX。
+fatal.missing_dst_root_ca_x3=當前 Java 平台缺少 DST Root CA X3 證書。\n您依然可以使用 HMCL，但將無法連接到部分站點（如使用 Let's Encrypt 證書的站點），這可能會使 HMCL 無法正常工作。\n請將您的 Java 升級到 8u101 以上以解決此問題。
 
 folder.config=配置文件夾
 folder.coremod=核心MOD文件夾

HMCL/src/main/resources/assets/lang/I18N_zh_CN.properties

@@ -92,6 +92,7 @@ extension.png=图片文件
 extension.sh=Bash 脚本
 
 fatal.missing_javafx=JavaFX 缺失。\n如果您使用的是 Java 11 或更高版本，请降级到 Java 8 或 10。\n如果您使用的是 OpenJDK，请确保其包含 OpenJFX。
+fatal.missing_dst_root_ca_x3=当前 Java 平台缺少 DST Root CA X3 证书。\n您依然可以使用 HMCL，但将无法连接到部分站点（如使用 Let's Encrypt 证书的站点），这可能会使 HMCL 无法正常工作。\n请将您的 Java 升级到 8u101 以上以解决此问题。
 
 folder.config=配置文件夹
 folder.coremod=核心MOD文件夹