SSL Fix

2025-03-31 05:57:33 -04:00
parent dd9c093db6
commit 17914ae509
4 changed files with 53 additions and 39 deletions
--- a/build.gradle
+++ b/build.gradle
@@ -14,7 +14,7 @@ apply plugin: 'net.minecraftforge.gradle'
 apply plugin: 'eclipse'
 apply plugin: 'maven-publish'

-version = '1.12.2-1.42'
+version = '1.12.2-1.43'
 group = 'net.montoyo.mcef'
 archivesBaseName = 'mcef-legacy'

--- a/src/main/java/net/montoyo/mcef/MCEF.java
+++ b/src/main/java/net/montoyo/mcef/MCEF.java
@@ -15,7 +15,7 @@ import java.util.List;
@Mod(modid = "mcef", name = "MCEF", version = MCEF.VERSION)
 public class MCEF {

-    public static final String VERSION = "1.42";
+    public static final String VERSION = "1.43";
    public static boolean ENABLE_EXAMPLE;
    public static boolean SKIP_UPDATES;
    public static boolean WARN_UPDATES;
@@ -76,6 +76,7 @@ public class MCEF {
        // Add certificates if needed
        // This is a workaround for Java 7u111 and 8u101, which have issues with Let's Encrypt certificates or google trust services
        try {
+            Log.info("PREINT, Adding certificates...");
            SSLCertificateAdder.validateAndInstall();
        } catch (Exception e) {
            Log.error("Failed to add a certificate: " + e.getMessage());
--- a/src/main/java/net/montoyo/mcef/SSLCertificateAdder.java
+++ b/src/main/java/net/montoyo/mcef/SSLCertificateAdder.java
@@ -11,6 +11,7 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.cert.*;
 import java.util.*;
 import java.util.regex.Matcher;
@@ -41,38 +42,27 @@ public class SSLCertificateAdder {
    private static final List<CertificateInfo> CERTIFICATES = Arrays.asList(
        new CertificateInfo("lets-encrypt-x3-cross-signed", "X.509", "/assets/cas/letsencrypt/lets-encrypt-x3-cross-signed.der", 7, 110, "https://helloworld.letsencrypt.org"),
        new CertificateInfo("lets-encrypt-isrgrootx1", "X.509", "/assets/cas/letsencrypt/isrgrootx1.der", 7, 110, "https://helloworld.letsencrypt.org"),
-        new CertificateInfo("google-trust-services", "X.509", "/assets/google/root.pem", 7, 110, "https://www.google.com"),
-        new CertificateInfo("google-trust-jks", "JKS", "/assets/cas/google/roots.jks", 7, 110, "https://www.google.com")
+        new CertificateInfo("google-trust-services", "X.509", "/assets/cas/google/roots.pem", 7, 110, "https://www.google.com")
    );

-    public static void addCertificates() {
-        for (CertificateInfo certInfo : CERTIFICATES) {
-            try {
-                Log.info("[SSLCert] Adding certificate: " + certInfo.name);
-                addCertificate(certInfo);
-                Log.info("[SSLCert] Certificate added successfully. Checking connection...");
-                checkConnection(certInfo.testUrl, "[" + certInfo.name + " SSL]");
-            } catch (Exception e) {
-                Log.error("[SSLCert] Failed to add certificate: " + certInfo.name, e);
-            }
-        }
-    }
-
-    private static void addCertificate(CertificateInfo certInfo) throws Exception {
+    private static void addCertificate(CertificateInfo certInfo, KeyStore keyStore) throws Exception {
        try (InputStream certStream = SSLCertificateAdder.class.getResourceAsStream(certInfo.filePath)) {
            if (certStream == null) {
                throw new FileNotFoundException("Certificate file not found: " + certInfo.filePath);
            }
    
-            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-            try (InputStream ksInputStream = Files.newInputStream(ksPath)) {
-                keyStore.load(ksInputStream, KEYSTORE_PASSWORD.toCharArray());
-            }
-
            CertificateFactory cf = CertificateFactory.getInstance(certInfo.type);
            Collection<? extends Certificate> certificates;
+    
            try (BufferedInputStream caInput = new BufferedInputStream(certStream)) {
+                if (certInfo.filePath.endsWith(".pem")) {
+                    // Handle PEM format
                    certificates = cf.generateCertificates(caInput);
+                } else {
+                    // Handle DER format
+                    Certificate cert = cf.generateCertificate(caInput);
+                    certificates = Collections.singletonList(cert);
+                }
            }
    
            int count = 0;
@@ -81,13 +71,16 @@ public class SSLCertificateAdder {
                keyStore.setCertificateEntry(alias, cert);
                Log.info("[SSLCert] Added certificate with alias: " + alias);
            }
-
-            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-            tmf.init(keyStore);
-
-            SSLContext sslContext = SSLContext.getInstance("TLS");
-            sslContext.init(null, tmf.getTrustManagers(), null);
-            SSLContext.setDefault(sslContext);
+        } catch (FileNotFoundException e) {
+            Log.error("[SSLCert] Certificate file not found: " + certInfo.filePath, e);
+        } catch (CertificateException e) {
+            Log.error("[SSLCert] Failed to parse certificate from file: " + certInfo.filePath, e);
+        } catch (IOException e) {
+            Log.error("[SSLCert] I/O error while processing the certificate file: " + certInfo.filePath, e);
+        } catch (KeyStoreException e) {
+            Log.error("[SSLCert] KeyStore error while adding the certificate: " + certInfo.name, e);
+        } catch (Exception e) {
+            Log.error("[SSLCert] Unexpected error while adding the certificate: " + certInfo.name, e);
        }
    }

@@ -130,17 +123,37 @@ public class SSLCertificateAdder {
            Log.info("[SSLCert] Failed to parse Java version. Applying fix anyway.");
        }

-        for (CertificateInfo certInfo : CERTIFICATES) {
-            if ((majorVersion >= certInfo.minVersion && majorVersion <= certInfo.maxVersion)) {
+        KeyStore keyStore = null;
+        
        try {
-                    Log.info("[SSLCert] Adding " + certInfo.name + "...");
-                    addCertificate(certInfo);
-                    Log.info("[SSLCert] " + certInfo.name + " added successfully. Checking connection...");
+            // Initialize the KeyStore once
+            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            try (InputStream ksInputStream = Files.newInputStream(ksPath)) {
+                keyStore.load(ksInputStream, KEYSTORE_PASSWORD.toCharArray());
+            }
+
+            // Add each certificate to the keystore
+            for (CertificateInfo certInfo : CERTIFICATES) {
+                try {
+                    Log.info("[SSLCert] Adding certificate: " + certInfo.name);
+                    addCertificate(certInfo, keyStore);
+                    Log.info("[SSLCert] Certificate added successfully. Checking connection...");
                    checkConnection(certInfo.testUrl, "[" + certInfo.name + " SSL]");
                } catch (Exception e) {
-                    Log.error("[SSLCert] Error adding " + certInfo.name, e);
+                    Log.error("[SSLCert] Failed to add certificate: " + certInfo.name, e);
                }
            }
+
+            // Now set the SSLContext globally after all certificates have been added
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init(keyStore);
+
+            SSLContext sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, tmf.getTrustManagers(), null);
+            SSLContext.setDefault(sslContext);
+
+        } catch (Exception e) {
+            Log.error("[SSLCert] Error adding certificates", e);
        }
    }
 }
--- a/src/main/resources/assets/cas/google/roots.jks
+++ b/src/main/resources/assets/cas/google/roots.jks