diff --git a/.gitattributes b/.gitattributes index fd2792b6c..067247605 100644 --- a/.gitattributes +++ b/.gitattributes @@ -42,3 +42,4 @@ *.[pP][sS]1 text eol=crlf *[aA][uU][tT][oO][gG][eE][nN][eE][rR][aA][tT][eE][dD]* binary +*.der binary diff --git a/src/main/java/com/dreammaster/coremod/LetsEncryptAdder.java b/src/main/java/com/dreammaster/coremod/LetsEncryptAdder.java index d1a9f36fe..8c4fcbff6 100644 --- a/src/main/java/com/dreammaster/coremod/LetsEncryptAdder.java +++ b/src/main/java/com/dreammaster/coremod/LetsEncryptAdder.java @@ -8,7 +8,6 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.security.KeyStore; -import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.util.Objects; import java.util.regex.Matcher; @@ -58,10 +57,13 @@ public class LetsEncryptAdder { private static boolean alreadyAdded = false; private static final Logger LOGGER = LogManager.getLogger(LetsEncryptAdder.class); - private static void trustLetsEncryptX3() throws Exception { - InputStream cert = Objects.requireNonNull( - LetsEncryptAdder.class.getResourceAsStream("/assets/letsencryptroot/lets-encrypt-x3-cross-signed.der"), - "Embedded let's encrypt certificate not found"); + private static void trustLetsEncryptRoots() throws Exception { + final InputStream cert1 = Objects.requireNonNull( + LetsEncryptAdder.class.getResourceAsStream("/assets/letsencryptroot/isrg-root-x1.der"), + "Embedded let's encrypt certificate X1 not found"); + final InputStream cert2 = Objects.requireNonNull( + LetsEncryptAdder.class.getResourceAsStream("/assets/letsencryptroot/isrg-root-x2.der"), + "Embedded let's encrypt certificate X2 not found"); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); Path ksPath = Paths.get(System.getProperty("java.home"), "lib", "security", "cacerts"); @@ -69,10 +71,8 @@ private static void trustLetsEncryptX3() throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); - InputStream caInput = new BufferedInputStream(cert); - Certificate crt = cf.generateCertificate(caInput); - - keyStore.setCertificateEntry("lets-encrypt-x3-cross-signed", crt); + keyStore.setCertificateEntry("isrg-root-x1", cf.generateCertificate(new BufferedInputStream(cert1))); + keyStore.setCertificateEntry("isrg-root-x2", cf.generateCertificate(new BufferedInputStream(cert2))); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keyStore); @@ -120,7 +120,7 @@ public static void addLetsEncryptCertificates() { String body = ""; try { LOGGER.info("Adding Let's Encrypt certificate..."); - LetsEncryptAdder.trustLetsEncryptX3(); + LetsEncryptAdder.trustLetsEncryptRoots(); LOGGER.info("Done, attempting to connect to https://helloworld.letsencrypt.org..."); URL url = new URL("https://helloworld.letsencrypt.org"); URLConnection conn = url.openConnection(); diff --git a/src/main/resources/assets/letsencryptroot/isrg-root-x1.der b/src/main/resources/assets/letsencryptroot/isrg-root-x1.der new file mode 100644 index 000000000..7ee4e98b5 Binary files /dev/null and b/src/main/resources/assets/letsencryptroot/isrg-root-x1.der differ diff --git a/src/main/resources/assets/letsencryptroot/isrg-root-x2.der b/src/main/resources/assets/letsencryptroot/isrg-root-x2.der new file mode 100644 index 000000000..0f5f95fee Binary files /dev/null and b/src/main/resources/assets/letsencryptroot/isrg-root-x2.der differ diff --git a/src/main/resources/assets/letsencryptroot/lets-encrypt-x3-cross-signed.der b/src/main/resources/assets/letsencryptroot/lets-encrypt-x3-cross-signed.der deleted file mode 100644 index e08466c5a..000000000 Binary files a/src/main/resources/assets/letsencryptroot/lets-encrypt-x3-cross-signed.der and /dev/null differ