SSL Fix
This commit is contained in:
oxmc
@@ -14,7 +14,7 @@ apply plugin: 'net.minecraftforge.gradle'
|
||||
apply plugin: 'eclipse'
|
||||
apply plugin: 'maven-publish'
|
||||
|
||||
version = '1.12.2-1.42'
|
||||
version = '1.12.2-1.43'
|
||||
group = 'net.montoyo.mcef'
|
||||
archivesBaseName = 'mcef-legacy'
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ import java.util.List;
|
||||
@Mod(modid = "mcef", name = "MCEF", version = MCEF.VERSION)
|
||||
public class MCEF {
|
||||
|
||||
public static final String VERSION = "1.42";
|
||||
public static final String VERSION = "1.43";
|
||||
public static boolean ENABLE_EXAMPLE;
|
||||
public static boolean SKIP_UPDATES;
|
||||
public static boolean WARN_UPDATES;
|
||||
@@ -76,6 +76,7 @@ public class MCEF {
|
||||
// Add certificates if needed
|
||||
// This is a workaround for Java 7u111 and 8u101, which have issues with Let's Encrypt certificates or google trust services
|
||||
try {
|
||||
Log.info("PREINT, Adding certificates...");
|
||||
SSLCertificateAdder.validateAndInstall();
|
||||
} catch (Exception e) {
|
||||
Log.error("Failed to add a certificate: " + e.getMessage());
|
||||
|
||||
@@ -11,6 +11,7 @@ import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.KeyStore;
|
||||
import java.security.KeyStoreException;
|
||||
import java.security.cert.*;
|
||||
import java.util.*;
|
||||
import java.util.regex.Matcher;
|
||||
@@ -41,38 +42,27 @@ public class SSLCertificateAdder {
|
||||
private static final List<CertificateInfo> CERTIFICATES = Arrays.asList(
|
||||
new CertificateInfo("lets-encrypt-x3-cross-signed", "X.509", "/assets/cas/letsencrypt/lets-encrypt-x3-cross-signed.der", 7, 110, "https://helloworld.letsencrypt.org"),
|
||||
new CertificateInfo("lets-encrypt-isrgrootx1", "X.509", "/assets/cas/letsencrypt/isrgrootx1.der", 7, 110, "https://helloworld.letsencrypt.org"),
|
||||
new CertificateInfo("google-trust-services", "X.509", "/assets/google/root.pem", 7, 110, "https://www.google.com"),
|
||||
new CertificateInfo("google-trust-jks", "JKS", "/assets/cas/google/roots.jks", 7, 110, "https://www.google.com")
|
||||
new CertificateInfo("google-trust-services", "X.509", "/assets/cas/google/roots.pem", 7, 110, "https://www.google.com")
|
||||
);
|
||||
|
||||
public static void addCertificates() {
|
||||
for (CertificateInfo certInfo : CERTIFICATES) {
|
||||
try {
|
||||
Log.info("[SSLCert] Adding certificate: " + certInfo.name);
|
||||
addCertificate(certInfo);
|
||||
Log.info("[SSLCert] Certificate added successfully. Checking connection...");
|
||||
checkConnection(certInfo.testUrl, "[" + certInfo.name + " SSL]");
|
||||
} catch (Exception e) {
|
||||
Log.error("[SSLCert] Failed to add certificate: " + certInfo.name, e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private static void addCertificate(CertificateInfo certInfo) throws Exception {
|
||||
private static void addCertificate(CertificateInfo certInfo, KeyStore keyStore) throws Exception {
|
||||
try (InputStream certStream = SSLCertificateAdder.class.getResourceAsStream(certInfo.filePath)) {
|
||||
if (certStream == null) {
|
||||
throw new FileNotFoundException("Certificate file not found: " + certInfo.filePath);
|
||||
}
|
||||
|
||||
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||
try (InputStream ksInputStream = Files.newInputStream(ksPath)) {
|
||||
keyStore.load(ksInputStream, KEYSTORE_PASSWORD.toCharArray());
|
||||
}
|
||||
|
||||
CertificateFactory cf = CertificateFactory.getInstance(certInfo.type);
|
||||
Collection<? extends Certificate> certificates;
|
||||
|
||||
try (BufferedInputStream caInput = new BufferedInputStream(certStream)) {
|
||||
if (certInfo.filePath.endsWith(".pem")) {
|
||||
// Handle PEM format
|
||||
certificates = cf.generateCertificates(caInput);
|
||||
} else {
|
||||
// Handle DER format
|
||||
Certificate cert = cf.generateCertificate(caInput);
|
||||
certificates = Collections.singletonList(cert);
|
||||
}
|
||||
}
|
||||
|
||||
int count = 0;
|
||||
@@ -81,13 +71,16 @@ public class SSLCertificateAdder {
|
||||
keyStore.setCertificateEntry(alias, cert);
|
||||
Log.info("[SSLCert] Added certificate with alias: " + alias);
|
||||
}
|
||||
|
||||
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
||||
tmf.init(keyStore);
|
||||
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
sslContext.init(null, tmf.getTrustManagers(), null);
|
||||
SSLContext.setDefault(sslContext);
|
||||
} catch (FileNotFoundException e) {
|
||||
Log.error("[SSLCert] Certificate file not found: " + certInfo.filePath, e);
|
||||
} catch (CertificateException e) {
|
||||
Log.error("[SSLCert] Failed to parse certificate from file: " + certInfo.filePath, e);
|
||||
} catch (IOException e) {
|
||||
Log.error("[SSLCert] I/O error while processing the certificate file: " + certInfo.filePath, e);
|
||||
} catch (KeyStoreException e) {
|
||||
Log.error("[SSLCert] KeyStore error while adding the certificate: " + certInfo.name, e);
|
||||
} catch (Exception e) {
|
||||
Log.error("[SSLCert] Unexpected error while adding the certificate: " + certInfo.name, e);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -130,17 +123,37 @@ public class SSLCertificateAdder {
|
||||
Log.info("[SSLCert] Failed to parse Java version. Applying fix anyway.");
|
||||
}
|
||||
|
||||
for (CertificateInfo certInfo : CERTIFICATES) {
|
||||
if ((majorVersion >= certInfo.minVersion && majorVersion <= certInfo.maxVersion)) {
|
||||
KeyStore keyStore = null;
|
||||
|
||||
try {
|
||||
Log.info("[SSLCert] Adding " + certInfo.name + "...");
|
||||
addCertificate(certInfo);
|
||||
Log.info("[SSLCert] " + certInfo.name + " added successfully. Checking connection...");
|
||||
// Initialize the KeyStore once
|
||||
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||
try (InputStream ksInputStream = Files.newInputStream(ksPath)) {
|
||||
keyStore.load(ksInputStream, KEYSTORE_PASSWORD.toCharArray());
|
||||
}
|
||||
|
||||
// Add each certificate to the keystore
|
||||
for (CertificateInfo certInfo : CERTIFICATES) {
|
||||
try {
|
||||
Log.info("[SSLCert] Adding certificate: " + certInfo.name);
|
||||
addCertificate(certInfo, keyStore);
|
||||
Log.info("[SSLCert] Certificate added successfully. Checking connection...");
|
||||
checkConnection(certInfo.testUrl, "[" + certInfo.name + " SSL]");
|
||||
} catch (Exception e) {
|
||||
Log.error("[SSLCert] Error adding " + certInfo.name, e);
|
||||
}
|
||||
}
|
||||
Log.error("[SSLCert] Failed to add certificate: " + certInfo.name, e);
|
||||
}
|
||||
}
|
||||
|
||||
// Now set the SSLContext globally after all certificates have been added
|
||||
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
||||
tmf.init(keyStore);
|
||||
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
sslContext.init(null, tmf.getTrustManagers(), null);
|
||||
SSLContext.setDefault(sslContext);
|
||||
|
||||
} catch (Exception e) {
|
||||
Log.error("[SSLCert] Error adding certificates", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Binary file not shown.
Reference in New Issue
Block a user