SSL Fix

build.gradle

@@ -14,7 +14,7 @@ apply plugin: 'net.minecraftforge.gradle'
 apply plugin: 'eclipse'
 apply plugin: 'maven-publish'
 
-version = '1.12.2-1.42'
+version = '1.12.2-1.43'
 group = 'net.montoyo.mcef'
 archivesBaseName = 'mcef-legacy'
 

src/main/java/net/montoyo/mcef/MCEF.java

@@ -15,7 +15,7 @@ import java.util.List;
 @Mod(modid = "mcef", name = "MCEF", version = MCEF.VERSION)
 public class MCEF {
 
-    public static final String VERSION = "1.42";
+    public static final String VERSION = "1.43";
     public static boolean ENABLE_EXAMPLE;
     public static boolean SKIP_UPDATES;
     public static boolean WARN_UPDATES;
@@ -76,6 +76,7 @@ public class MCEF {
         // Add certificates if needed
         // This is a workaround for Java 7u111 and 8u101, which have issues with Let's Encrypt certificates or google trust services
         try {
+            Log.info("PREINT, Adding certificates...");
             SSLCertificateAdder.validateAndInstall();
         } catch (Exception e) {
             Log.error("Failed to add a certificate: " + e.getMessage());

src/main/java/net/montoyo/mcef/SSLCertificateAdder.java

@@ -11,6 +11,7 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.cert.*;
 import java.util.*;
 import java.util.regex.Matcher;
@@ -41,53 +42,45 @@ public class SSLCertificateAdder {
     private static final List<CertificateInfo> CERTIFICATES = Arrays.asList(
         new CertificateInfo("lets-encrypt-x3-cross-signed", "X.509", "/assets/cas/letsencrypt/lets-encrypt-x3-cross-signed.der", 7, 110, "https://helloworld.letsencrypt.org"),
         new CertificateInfo("lets-encrypt-isrgrootx1", "X.509", "/assets/cas/letsencrypt/isrgrootx1.der", 7, 110, "https://helloworld.letsencrypt.org"),
-        new CertificateInfo("google-trust-services", "X.509", "/assets/google/root.pem", 7, 110, "https://www.google.com"),
+        new CertificateInfo("google-trust-services", "X.509", "/assets/cas/google/roots.pem", 7, 110, "https://www.google.com")
-        new CertificateInfo("google-trust-jks", "JKS", "/assets/cas/google/roots.jks", 7, 110, "https://www.google.com")
     );
 
-    public static void addCertificates() {
+    private static void addCertificate(CertificateInfo certInfo, KeyStore keyStore) throws Exception {
-        for (CertificateInfo certInfo : CERTIFICATES) {
-            try {
-                Log.info("[SSLCert] Adding certificate: " + certInfo.name);
-                addCertificate(certInfo);
-                Log.info("[SSLCert] Certificate added successfully. Checking connection...");
-                checkConnection(certInfo.testUrl, "[" + certInfo.name + " SSL]");
-            } catch (Exception e) {
-                Log.error("[SSLCert] Failed to add certificate: " + certInfo.name, e);
-            }
-        }
-    }
-
-    private static void addCertificate(CertificateInfo certInfo) throws Exception {
         try (InputStream certStream = SSLCertificateAdder.class.getResourceAsStream(certInfo.filePath)) {
             if (certStream == null) {
                 throw new FileNotFoundException("Certificate file not found: " + certInfo.filePath);
             }
-
+    
-            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-            try (InputStream ksInputStream = Files.newInputStream(ksPath)) {
-                keyStore.load(ksInputStream, KEYSTORE_PASSWORD.toCharArray());
-            }
-
             CertificateFactory cf = CertificateFactory.getInstance(certInfo.type);
             Collection<? extends Certificate> certificates;
+    
             try (BufferedInputStream caInput = new BufferedInputStream(certStream)) {
-                certificates = cf.generateCertificates(caInput);
+                if (certInfo.filePath.endsWith(".pem")) {
+                    // Handle PEM format
+                    certificates = cf.generateCertificates(caInput);
+                } else {
+                    // Handle DER format
+                    Certificate cert = cf.generateCertificate(caInput);
+                    certificates = Collections.singletonList(cert);
+                }
             }
-
+    
             int count = 0;
             for (Certificate cert : certificates) {
                 String alias = certInfo.name + "-" + count++;
                 keyStore.setCertificateEntry(alias, cert);
                 Log.info("[SSLCert] Added certificate with alias: " + alias);
             }
-
+        } catch (FileNotFoundException e) {
-            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            Log.error("[SSLCert] Certificate file not found: " + certInfo.filePath, e);
-            tmf.init(keyStore);
+        } catch (CertificateException e) {
-
+            Log.error("[SSLCert] Failed to parse certificate from file: " + certInfo.filePath, e);
-            SSLContext sslContext = SSLContext.getInstance("TLS");
+        } catch (IOException e) {
-            sslContext.init(null, tmf.getTrustManagers(), null);
+            Log.error("[SSLCert] I/O error while processing the certificate file: " + certInfo.filePath, e);
-            SSLContext.setDefault(sslContext);
+        } catch (KeyStoreException e) {
+            Log.error("[SSLCert] KeyStore error while adding the certificate: " + certInfo.name, e);
+        } catch (Exception e) {
+            Log.error("[SSLCert] Unexpected error while adding the certificate: " + certInfo.name, e);
         }
     }
 
@@ -130,17 +123,37 @@ public class SSLCertificateAdder {
             Log.info("[SSLCert] Failed to parse Java version. Applying fix anyway.");
         }
 
-        for (CertificateInfo certInfo : CERTIFICATES) {
+        KeyStore keyStore = null;
-            if ((majorVersion >= certInfo.minVersion && majorVersion <= certInfo.maxVersion)) {
+        
+        try {
+            // Initialize the KeyStore once
+            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            try (InputStream ksInputStream = Files.newInputStream(ksPath)) {
+                keyStore.load(ksInputStream, KEYSTORE_PASSWORD.toCharArray());
+            }
+
+            // Add each certificate to the keystore
+            for (CertificateInfo certInfo : CERTIFICATES) {
                 try {
-                    Log.info("[SSLCert] Adding " + certInfo.name + "...");
+                    Log.info("[SSLCert] Adding certificate: " + certInfo.name);
-                    addCertificate(certInfo);
+                    addCertificate(certInfo, keyStore);
-                    Log.info("[SSLCert] " + certInfo.name + " added successfully. Checking connection...");
+                    Log.info("[SSLCert] Certificate added successfully. Checking connection...");
                     checkConnection(certInfo.testUrl, "[" + certInfo.name + " SSL]");
                 } catch (Exception e) {
-                    Log.error("[SSLCert] Error adding " + certInfo.name, e);
+                    Log.error("[SSLCert] Failed to add certificate: " + certInfo.name, e);
                 }
             }
+
+            // Now set the SSLContext globally after all certificates have been added
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init(keyStore);
+
+            SSLContext sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, tmf.getTrustManagers(), null);
+            SSLContext.setDefault(sslContext);
+
+        } catch (Exception e) {
+            Log.error("[SSLCert] Error adding certificates", e);
         }
     }
 }