/* * Minecraft Forge * Copyright (c) 2016-2020. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation version 2.1 * of the License. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ package net.minecraftforge.fml.loading; import org.apache.logging.log4j.LogManager; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; import java.io.IOException; import java.io.InputStream; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.util.Collections; import java.util.Map; import java.util.stream.Collectors; import static cpw.mods.modlauncher.api.LamdbaExceptionUtils.rethrowBiConsumer; import static cpw.mods.modlauncher.api.LamdbaExceptionUtils.rethrowFunction; import static net.minecraftforge.fml.loading.LogMarkers.CORE; /** * This class fixes older Java SSL setups which don't contain the correct root certificates to trust Let's Encrypt * https endpoints. * * It uses a secondary JKS keystore: lekeystore.jks, which contains the two root certificate keys as documented here: * https://letsencrypt.org/certificates/ * * To create the keystore, the following commands were run: *
* keytool -import -alias letsencryptisrgx1 -file isrgrootx1.pem -keystore lekeystore.jks -storetype jks -storepass supersecretpassword -v * keytool -import -alias identrustx3 -file identrustx3.pem -keystore lekeystore.jks -storetype jks -storepass supersecretpassword -v ** * The PEM files were obtained from the above URL. */ class FixSSL { static void fixup() { try { final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); Path ksPath = Paths.get(System.getProperty("java.home"),"lib", "security", "cacerts"); keyStore.load(Files.newInputStream(ksPath), "changeit".toCharArray()); final Map