diff --git a/include/bedrock/certificates/certificate.h b/include/bedrock/certificates/certificate.h
index 7becd5e11..6962ab2da 100644
--- a/include/bedrock/certificates/certificate.h
+++ b/include/bedrock/certificates/certificate.h
@@ -14,18 +14,26 @@
 
 #pragma once
 
-#include "bedrock/certificates/unverified_certificate.h"
+#include <memory>
+
+#include "bedrock/certificates/web_token.h"
+
+class UnverifiedCertificate {
+    friend class Certificate;
+
+    WebToken raw_token_;                                                    // +0
+    std::unique_ptr<UnverifiedCertificate> parent_unverified_certificate_;  // +128
+};
 
 class Certificate {
 public:
-    [[nodiscard]] Json::Value getExtraData(const std::string &key, const Json::Value &default_value) const
-    {
-        auto extra_data = unverified_certificate.raw_token.data_info.get("extraData", {});
-        return extra_data.get(key, default_value);
-    }
+    [[nodiscard]] Json::Value getExtraData(const std::string &key, const Json::Value &default_value) const;
+    [[nodiscard]] bool isValid() const;
+    [[nodiscard]] bool isSelfSigned() const;
 
-    UnverifiedCertificate unverified_certificate;  // +0
-    std::unique_ptr<Certificate> parent;           // +136
-    bool is_valid;                                 // +144
-    bool unknown;                                  // +145
+private:
+    UnverifiedCertificate unverified_certificate_;  // +0
+    std::unique_ptr<Certificate> parent_;           // +136
+    bool valid_;                                 // +144
+    bool self_signed_;                           // +145
 };
diff --git a/include/bedrock/certificates/extended_certificate.h b/include/bedrock/certificates/extended_certificate.h
index 980980e4e..65397d999 100644
--- a/include/bedrock/certificates/extended_certificate.h
+++ b/include/bedrock/certificates/extended_certificate.h
@@ -18,11 +18,5 @@
 
 class ExtendedCertificate {
 public:
-    static std::string getXuid(const Certificate &certificate, bool flag)
-    {
-        if (!flag && certificate.unknown) {
-            return "";
-        }
-        return certificate.getExtraData("XUID", {}).asString();
-    }
+    static std::string getXuid(const Certificate &certificate, bool trust_self_signed);
 };
diff --git a/include/bedrock/network/packet/types/connection_request.h b/include/bedrock/network/packet/types/connection_request.h
index ab3aa601b..67ec9acb5 100644
--- a/include/bedrock/network/packet/types/connection_request.h
+++ b/include/bedrock/network/packet/types/connection_request.h
@@ -18,7 +18,6 @@
 #include <string>
 
 #include "bedrock/certificates/certificate.h"
-#include "bedrock/certificates/unverified_certificate.h"
 #include "bedrock/certificates/web_token.h"
 #include "bedrock/deps/jsoncpp/value.h"
 #include "bedrock/network/sub_client_id.h"
diff --git a/src/endstone_runtime/bedrock/certificates/certificate.cpp b/src/endstone_runtime/bedrock/certificates/certificate.cpp
new file mode 100644
index 000000000..d66813a33
--- /dev/null
+++ b/src/endstone_runtime/bedrock/certificates/certificate.cpp
@@ -0,0 +1,31 @@
+// Copyright (c) 2024, The Endstone Project. (https://endstone.dev) All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "bedrock/certificates/certificate.h"
+
+Json::Value Certificate::getExtraData(const std::string &key, const Json::Value &default_value) const
+{
+    const auto extra_data = unverified_certificate_.raw_token_.data_info.get("extraData", {});
+    return extra_data.get(key, default_value);
+}
+
+bool Certificate::isValid() const
+{
+    return valid_;
+}
+
+bool Certificate::isSelfSigned() const
+{
+    return self_signed_;
+}
diff --git a/include/bedrock/certificates/unverified_certificate.h b/src/endstone_runtime/bedrock/certificates/extended_certificate.cpp
similarity index 68%
rename from include/bedrock/certificates/unverified_certificate.h
rename to src/endstone_runtime/bedrock/certificates/extended_certificate.cpp
index c3c57209f..f0687e696 100644
--- a/include/bedrock/certificates/unverified_certificate.h
+++ b/src/endstone_runtime/bedrock/certificates/extended_certificate.cpp
@@ -12,12 +12,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#pragma once
+#include "bedrock/certificates/extended_certificate.h"
 
-#include "bedrock/certificates/web_token.h"
-
-class UnverifiedCertificate {
-public:
-    WebToken raw_token;                             // +0
-    std::unique_ptr<UnverifiedCertificate> parent;  // +128
-};
+std::string ExtendedCertificate::getXuid(const Certificate &certificate, bool trust_self_signed)
+{
+    if (!trust_self_signed && certificate.isSelfSigned()) {
+        return "";
+    }
+    return certificate.getExtraData("XUID", {}).asString();
+}