use base64 to encode prefetched data

this prevents commandline injection

src/main/java/org/to2mbn/authlibinjector/AuthlibInjector.java

@@ -1,11 +1,14 @@
 package org.to2mbn.authlibinjector;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
 import static java.util.Optional.empty;
 import static java.util.Optional.of;
 import static org.to2mbn.authlibinjector.util.IOUtils.readURL;
+import static org.to2mbn.authlibinjector.util.IOUtils.removeNewLines;
 import java.io.IOException;
 import java.lang.instrument.ClassFileTransformer;
 import java.text.MessageFormat;
+import java.util.Base64;
 import java.util.Optional;
 import java.util.function.Consumer;
 import org.to2mbn.authlibinjector.transform.ClassTransformer;
@@ -56,9 +59,10 @@ public final class AuthlibInjector {
 		if (apiRoot == null) return empty();
 		info("api root: {0}", apiRoot);
 
-		String metadataResponse = System.getProperty("org.to2mbn.authlibinjector.config.prefetched");
+		String metadataResponse;
 
-		if (metadataResponse == null) {
+		String prefetched = System.getProperty("org.to2mbn.authlibinjector.config.prefetched");
+		if (prefetched == null) {
 			info("fetching metadata");
 			try {
 				metadataResponse = readURL(apiRoot);
@@ -69,6 +73,14 @@ public final class AuthlibInjector {
 
 		} else {
 			info("prefetched metadata detected");
+			try {
+				metadataResponse = new String(Base64.getDecoder().decode(removeNewLines(prefetched)), UTF_8);
+			} catch (IllegalArgumentException e) {
+				info("unable to decode metadata: {0}\n"
+						+ "metadata to decode:\n"
+						+ "{1}", e, prefetched);
+				return empty();
+			}
 		}
 
 		debug("metadata: {0}", metadataResponse);

src/main/java/org/to2mbn/authlibinjector/util/IOUtils.java

@@ -27,6 +27,11 @@ public final class IOUtils {
 		return new String(w.toCharArray());
 	}
 
+	public static String removeNewLines(String input) {
+		return input.replace("\n", "")
+				.replace("\r", "");
+	}
+
 	private IOUtils() {}
 
 }

src/main/java/org/to2mbn/authlibinjector/util/KeyUtils.java

@@ -1,5 +1,6 @@
 package org.to2mbn.authlibinjector.util;
 
+import static org.to2mbn.authlibinjector.util.IOUtils.removeNewLines;
 import java.security.GeneralSecurityException;
 import java.security.KeyFactory;
 import java.security.PublicKey;
@@ -9,7 +10,7 @@ import java.util.Base64;
 public final class KeyUtils {
 
 	public static byte[] decodePublicKey(String pem) throws IllegalArgumentException {
-		pem = pem.replace("\n", "");
+		pem = removeNewLines(pem);
 		final String header = "-----BEGIN PUBLIC KEY-----";
 		final String end = "-----END PUBLIC KEY-----";
 		if (pem.startsWith(header) && pem.endsWith(end)) {