UnlegitDqrk/unlegitlibrary
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a5dc89bcaca9ef1a1ae1e8f12ec1557354bd6107
unlegitlibrary/README.MD
Finn a5dc89bcac Added SSL Support
2026-02-01 15:33:58 +01:00

143 lines
5.5 KiB
Markdown
Raw Blame History

# UnlegitLibrary
## Overview
UnlegitLibrary is a general-purpose Java utility library that bundles a modular
event system, command framework, addon loader, networking (TCP/UDP with optional TLS),
and a wide set of math/number/string/file/reflection helpers.
## Modules
- Addon system: loader + lifecycle events
- Event system: listeners, priorities, cancellable events
- Command system: command manager, permissions, execution events
- Network system: TCP/UDP transport, packet handling, optional TLS, UDP encryption
- Utilities: math/number helpers, strings, colors, files, reflection, logging
## License Information
GNU General Public License v3.0 (GPLv3)<br />
The default license. Applies to all users, projects, and distributions unless explicitly stated otherwise.<br />
-> https://repo.unlegitdqrk.dev/UnlegitDqrk/UnlegitLibrary/src/LICENSE
Open Autonomous Public License (OAPL)<br />
A special exception applies exclusively to the project Open Autonomous Connection (OAC).<br />
Within OAC, the UnlegitLibrary is also licensed under the OAPL.<br />
In this context, OAPL terms take precedence.<br />
-> https://repo.open-autonomous-connection.org/Open-Autonomous-Connection/OAPL
## Include in own projects
````
<repositories>
<repository>
<id>repounlegitdqrk</id>
<url>https://repo.unlegitdqrk.dev/api/packages/unlegitdqrk/maven</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>dev.unlegitdqrk</groupId>
<artifactId>unlegitlibrary</artifactId>
<version>VERSION</version>
</dependency>
</dependencies>
````
## NetworkSystem (TCP/UDP + TLS)
- TCP is the control channel (handshake, packet routing).
- UDP is optional and encrypted with a symmetric key negotiated over TCP.
- TLS can be enabled or disabled. For TLS, configure KeyStore/TrustStore explicitly.
- mTLS is supported: set client auth mode to REQUIRED and provide a TrustStore on the server.
### Basic usage
```java
PacketHandler packetHandler = new PacketHandler();
packetHandler.registerPacket(() -> new TestTextPacket(""));
NetworkServer server = new NetworkServer(packetHandler);
server.configureSSL(false, ClientAuthMode.NONE);
server.start(25565, 25566);
NetworkClient client = new NetworkClient(packetHandler);
client.configureSSL(false);
client.connect("127.0.0.1", 25565);
```
### TLS with TrustStore (server validation)
```java
KeyStore serverKeyStore = loadStore("certs/server.p12", "changeit".toCharArray());
KeyStore clientTrustStore = loadStore("certs/client-trust.p12", "changeit".toCharArray());
NetworkServer server = new NetworkServer(packetHandler);
server.configureSSL(true, ClientAuthMode.NONE, serverKeyStore, "changeit".toCharArray(), null);
server.start(25565, 25566);
NetworkClient client = new NetworkClient(packetHandler);
client.configureSSL(true, null, null, clientTrustStore);
client.connect("127.0.0.1", 25565);
```
### TLS with Client Certificate (mTLS)
```java
KeyStore serverKeyStore = loadStore("certs/server.p12", "changeit".toCharArray());
KeyStore serverTrustStore = loadStore("certs/server-trust.p12", "changeit".toCharArray());
KeyStore clientKeyStore = loadStore("certs/client.p12", "changeit".toCharArray());
KeyStore clientTrustStore = loadStore("certs/client-trust.p12", "changeit".toCharArray());
NetworkServer server = new NetworkServer(packetHandler);
server.configureSSL(true, ClientAuthMode.REQUIRED, serverKeyStore, "changeit".toCharArray(), serverTrustStore);
server.start(25565, 25566);
NetworkClient client = new NetworkClient(packetHandler);
client.configureSSL(true, clientKeyStore, "changeit".toCharArray(), clientTrustStore);
client.connect("127.0.0.1", 25565);
```
## Certificate generation for NetworkSystem
### Creating Root-CA:
````
openssl genrsa -out myCA.key 4096
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 3650 -out myCA.pem
myCA.key = private Key for CA (keep secret)
myCA.pem = public Root-Certificate for signing server and client certificates
````
### Creating Server Certificate based on Root-CA:
````
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out server.crt -days 825 -sha256
server.key = private Key for Server
server.crt = Server-Certificate signed by Root-CA
````
### Optional: Creating Client Certificate based on Root-CA:
````
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out client.crt -days 825 -sha256
client.key = private Key for Client
client.crt = Client-Certificate signed by Root-CA
````
1. Generate a Root-CA. Every client and server NEED this Root-CA *.pem-File. Keep the *.key file private<br />
2. Generate a Server-Certificate
3. Optional: Generate a Client-Certificate
4. Put the Root-CA on your server and client in "certificates/ca"-Folder
5. Put the Server-Certificate-Key in "certificates/key"-Folder
6. Put the Server-Certificate in "certificates/server"-Folder
7. Optional: Put the Client-Certificate-Key in "certificates/key"-Folder
8. Optional: Put the Client-Certificate in "certificates/client"-Folder
### Helper: load PKCS12 stores in Java
```java
private static KeyStore loadStore(String path, char[] password) throws Exception {
KeyStore store = KeyStore.getInstance("PKCS12");
try (FileInputStream in = new FileInputStream(path)) {
store.load(in, password);
}
return store;
}
```
Reference in New Issue View Git Blame Copy Permalink