diff --git a/build.gradle b/build.gradle index e28d998..8288f63 100644 --- a/build.gradle +++ b/build.gradle @@ -14,7 +14,7 @@ apply plugin: 'net.minecraftforge.gradle' apply plugin: 'eclipse' apply plugin: 'maven-publish' -version = '1.12.2-1.42' +version = '1.12.2-1.43' group = 'net.montoyo.mcef' archivesBaseName = 'mcef-legacy' diff --git a/src/main/java/net/montoyo/mcef/MCEF.java b/src/main/java/net/montoyo/mcef/MCEF.java index e64a041..9b24e69 100644 --- a/src/main/java/net/montoyo/mcef/MCEF.java +++ b/src/main/java/net/montoyo/mcef/MCEF.java @@ -15,7 +15,7 @@ import java.util.List; @Mod(modid = "mcef", name = "MCEF", version = MCEF.VERSION) public class MCEF { - public static final String VERSION = "1.42"; + public static final String VERSION = "1.43"; public static boolean ENABLE_EXAMPLE; public static boolean SKIP_UPDATES; public static boolean WARN_UPDATES; @@ -76,6 +76,7 @@ public class MCEF { // Add certificates if needed // This is a workaround for Java 7u111 and 8u101, which have issues with Let's Encrypt certificates or google trust services try { + Log.info("PREINT, Adding certificates..."); SSLCertificateAdder.validateAndInstall(); } catch (Exception e) { Log.error("Failed to add a certificate: " + e.getMessage()); diff --git a/src/main/java/net/montoyo/mcef/SSLCertificateAdder.java b/src/main/java/net/montoyo/mcef/SSLCertificateAdder.java index c2c93ce..00a4cde 100644 --- a/src/main/java/net/montoyo/mcef/SSLCertificateAdder.java +++ b/src/main/java/net/montoyo/mcef/SSLCertificateAdder.java @@ -11,6 +11,7 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.security.KeyStore; +import java.security.KeyStoreException; import java.security.cert.*; import java.util.*; import java.util.regex.Matcher; @@ -41,53 +42,45 @@ public class SSLCertificateAdder { private static final List CERTIFICATES = Arrays.asList( new CertificateInfo("lets-encrypt-x3-cross-signed", "X.509", "/assets/cas/letsencrypt/lets-encrypt-x3-cross-signed.der", 7, 110, "https://helloworld.letsencrypt.org"), new CertificateInfo("lets-encrypt-isrgrootx1", "X.509", "/assets/cas/letsencrypt/isrgrootx1.der", 7, 110, "https://helloworld.letsencrypt.org"), - new CertificateInfo("google-trust-services", "X.509", "/assets/google/root.pem", 7, 110, "https://www.google.com"), - new CertificateInfo("google-trust-jks", "JKS", "/assets/cas/google/roots.jks", 7, 110, "https://www.google.com") + new CertificateInfo("google-trust-services", "X.509", "/assets/cas/google/roots.pem", 7, 110, "https://www.google.com") ); - public static void addCertificates() { - for (CertificateInfo certInfo : CERTIFICATES) { - try { - Log.info("[SSLCert] Adding certificate: " + certInfo.name); - addCertificate(certInfo); - Log.info("[SSLCert] Certificate added successfully. Checking connection..."); - checkConnection(certInfo.testUrl, "[" + certInfo.name + " SSL]"); - } catch (Exception e) { - Log.error("[SSLCert] Failed to add certificate: " + certInfo.name, e); - } - } - } - - private static void addCertificate(CertificateInfo certInfo) throws Exception { + private static void addCertificate(CertificateInfo certInfo, KeyStore keyStore) throws Exception { try (InputStream certStream = SSLCertificateAdder.class.getResourceAsStream(certInfo.filePath)) { if (certStream == null) { throw new FileNotFoundException("Certificate file not found: " + certInfo.filePath); } - - KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - try (InputStream ksInputStream = Files.newInputStream(ksPath)) { - keyStore.load(ksInputStream, KEYSTORE_PASSWORD.toCharArray()); - } - + CertificateFactory cf = CertificateFactory.getInstance(certInfo.type); Collection certificates; + try (BufferedInputStream caInput = new BufferedInputStream(certStream)) { - certificates = cf.generateCertificates(caInput); + if (certInfo.filePath.endsWith(".pem")) { + // Handle PEM format + certificates = cf.generateCertificates(caInput); + } else { + // Handle DER format + Certificate cert = cf.generateCertificate(caInput); + certificates = Collections.singletonList(cert); + } } - + int count = 0; for (Certificate cert : certificates) { String alias = certInfo.name + "-" + count++; keyStore.setCertificateEntry(alias, cert); Log.info("[SSLCert] Added certificate with alias: " + alias); } - - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(keyStore); - - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, tmf.getTrustManagers(), null); - SSLContext.setDefault(sslContext); + } catch (FileNotFoundException e) { + Log.error("[SSLCert] Certificate file not found: " + certInfo.filePath, e); + } catch (CertificateException e) { + Log.error("[SSLCert] Failed to parse certificate from file: " + certInfo.filePath, e); + } catch (IOException e) { + Log.error("[SSLCert] I/O error while processing the certificate file: " + certInfo.filePath, e); + } catch (KeyStoreException e) { + Log.error("[SSLCert] KeyStore error while adding the certificate: " + certInfo.name, e); + } catch (Exception e) { + Log.error("[SSLCert] Unexpected error while adding the certificate: " + certInfo.name, e); } } @@ -130,17 +123,37 @@ public class SSLCertificateAdder { Log.info("[SSLCert] Failed to parse Java version. Applying fix anyway."); } - for (CertificateInfo certInfo : CERTIFICATES) { - if ((majorVersion >= certInfo.minVersion && majorVersion <= certInfo.maxVersion)) { + KeyStore keyStore = null; + + try { + // Initialize the KeyStore once + keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + try (InputStream ksInputStream = Files.newInputStream(ksPath)) { + keyStore.load(ksInputStream, KEYSTORE_PASSWORD.toCharArray()); + } + + // Add each certificate to the keystore + for (CertificateInfo certInfo : CERTIFICATES) { try { - Log.info("[SSLCert] Adding " + certInfo.name + "..."); - addCertificate(certInfo); - Log.info("[SSLCert] " + certInfo.name + " added successfully. Checking connection..."); + Log.info("[SSLCert] Adding certificate: " + certInfo.name); + addCertificate(certInfo, keyStore); + Log.info("[SSLCert] Certificate added successfully. Checking connection..."); checkConnection(certInfo.testUrl, "[" + certInfo.name + " SSL]"); } catch (Exception e) { - Log.error("[SSLCert] Error adding " + certInfo.name, e); + Log.error("[SSLCert] Failed to add certificate: " + certInfo.name, e); } } + + // Now set the SSLContext globally after all certificates have been added + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(keyStore); + + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, tmf.getTrustManagers(), null); + SSLContext.setDefault(sslContext); + + } catch (Exception e) { + Log.error("[SSLCert] Error adding certificates", e); } } } diff --git a/src/main/resources/assets/cas/google/roots.jks b/src/main/resources/assets/cas/google/roots.jks deleted file mode 100644 index 667111d..0000000 Binary files a/src/main/resources/assets/cas/google/roots.jks and /dev/null differ