Added SSL Support

2026-02-01 15:33:58 +01:00
parent fc18794e75
commit a5dc89bcac
25 changed files with 1643 additions and 560 deletions
--- a/README.MD
+++ b/README.MD
@@ -1,15 +1,27 @@
 # UnlegitLibrary

+## Overview
+UnlegitLibrary is a general-purpose Java utility library that bundles a modular
+event system, command framework, addon loader, networking (TCP/UDP with optional TLS),
+and a wide set of math/number/string/file/reflection helpers.
+
+## Modules
+- Addon system: loader + lifecycle events
+- Event system: listeners, priorities, cancellable events
+- Command system: command manager, permissions, execution events
+- Network system: TCP/UDP transport, packet handling, optional TLS, UDP encryption
+- Utilities: math/number helpers, strings, colors, files, reflection, logging
+
 ## License Information
 GNU General Public License v3.0 (GPLv3)<br />
 The default license. Applies to all users, projects, and distributions unless explicitly stated otherwise.<br />
-→ https://repo.unlegitdqrk.dev/UnlegitDqrk/UnlegitLibrary/src/LICENSE
+-> https://repo.unlegitdqrk.dev/UnlegitDqrk/UnlegitLibrary/src/LICENSE

 Open Autonomous Public License (OAPL)<br />
 A special exception applies exclusively to the project Open Autonomous Connection (OAC).<br />
 Within OAC, the UnlegitLibrary is also licensed under the OAPL.<br />
 In this context, OAPL terms take precedence.<br />
-→ https://repo.open-autonomous-connection.org/Open-Autonomous-Connection/OAPL
+-> https://repo.open-autonomous-connection.org/Open-Autonomous-Connection/OAPL

 ## Include in own projects
 ````
@@ -31,6 +43,56 @@ In this context, OAPL terms take precedence.<br />
 </dependencies>
 ````

+## NetworkSystem (TCP/UDP + TLS)
+- TCP is the control channel (handshake, packet routing).
+- UDP is optional and encrypted with a symmetric key negotiated over TCP.
+- TLS can be enabled or disabled. For TLS, configure KeyStore/TrustStore explicitly.
+- mTLS is supported: set client auth mode to REQUIRED and provide a TrustStore on the server.
+
+### Basic usage
+```java
+PacketHandler packetHandler = new PacketHandler();
+packetHandler.registerPacket(() -> new TestTextPacket(""));
+
+NetworkServer server = new NetworkServer(packetHandler);
+server.configureSSL(false, ClientAuthMode.NONE);
+server.start(25565, 25566);
+
+NetworkClient client = new NetworkClient(packetHandler);
+client.configureSSL(false);
+client.connect("127.0.0.1", 25565);
+```
+
+### TLS with TrustStore (server validation)
+```java
+KeyStore serverKeyStore = loadStore("certs/server.p12", "changeit".toCharArray());
+KeyStore clientTrustStore = loadStore("certs/client-trust.p12", "changeit".toCharArray());
+
+NetworkServer server = new NetworkServer(packetHandler);
+server.configureSSL(true, ClientAuthMode.NONE, serverKeyStore, "changeit".toCharArray(), null);
+server.start(25565, 25566);
+
+NetworkClient client = new NetworkClient(packetHandler);
+client.configureSSL(true, null, null, clientTrustStore);
+client.connect("127.0.0.1", 25565);
+```
+
+### TLS with Client Certificate (mTLS)
+```java
+KeyStore serverKeyStore = loadStore("certs/server.p12", "changeit".toCharArray());
+KeyStore serverTrustStore = loadStore("certs/server-trust.p12", "changeit".toCharArray());
+KeyStore clientKeyStore = loadStore("certs/client.p12", "changeit".toCharArray());
+KeyStore clientTrustStore = loadStore("certs/client-trust.p12", "changeit".toCharArray());
+
+NetworkServer server = new NetworkServer(packetHandler);
+server.configureSSL(true, ClientAuthMode.REQUIRED, serverKeyStore, "changeit".toCharArray(), serverTrustStore);
+server.start(25565, 25566);
+
+NetworkClient client = new NetworkClient(packetHandler);
+client.configureSSL(true, clientKeyStore, "changeit".toCharArray(), clientTrustStore);
+client.connect("127.0.0.1", 25565);
+```
+
 ## Certificate generation for NetworkSystem
 ### Creating Root-CA:
 ````
@@ -66,4 +128,15 @@ client.crt = Client-Certificate signed by Root-CA
 5. Put the Server-Certificate-Key in "certificates/key"-Folder
 6. Put the Server-Certificate in "certificates/server"-Folder
 7. Optional: Put the Client-Certificate-Key in "certificates/key"-Folder
-8. Optional: Put the Client-Certificate in "certificates/client"-Folder
+8. Optional: Put the Client-Certificate in "certificates/client"-Folder
+
+### Helper: load PKCS12 stores in Java
+```java
+private static KeyStore loadStore(String path, char[] password) throws Exception {
+    KeyStore store = KeyStore.getInstance("PKCS12");
+    try (FileInputStream in = new FileInputStream(path)) {
+        store.load(in, password);
+    }
+    return store;
+}
+```