From 56b933bd3ae1a21b9a1f24bc04ac0dd7f12e6ce6 Mon Sep 17 00:00:00 2001
From: Gravit <gravit.min@ya.ru>
Date: Sun, 22 Mar 2020 03:36:52 +0700
Subject: [PATCH] [FIX] VerifySecureLevelKey

---
 .../auth/protect/interfaces/SecureProtectHandler.java  |  7 +++++--
 .../java/pro/gravit/launchserver/socket/Client.java    |  2 ++
 .../response/secure/GetSecureLevelInfoResponse.java    |  2 +-
 .../response/secure/VerifySecureLevelKeyResponse.java  | 10 ++++++++--
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/protect/interfaces/SecureProtectHandler.java b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/protect/interfaces/SecureProtectHandler.java
index 5170d869..bf342170 100644
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/protect/interfaces/SecureProtectHandler.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/protect/interfaces/SecureProtectHandler.java
@@ -6,6 +6,7 @@
 import pro.gravit.launchserver.socket.response.secure.SecurityReportResponse;
 import pro.gravit.utils.helper.SecurityHelper;
 
+import java.security.Signature;
 import java.security.SignatureException;
 import java.security.interfaces.ECPublicKey;
 import java.security.spec.InvalidKeySpecException;
@@ -15,10 +16,12 @@ default byte[] generateSecureLevelKey()
     {
         return SecurityHelper.randomBytes(128);
     }
-    default void verifySecureLevelKey(byte[] publicKey, byte[] signature) throws InvalidKeySpecException, SignatureException {
+    default void verifySecureLevelKey(byte[] publicKey, byte[] data, byte[] signature) throws InvalidKeySpecException, SignatureException {
         if(publicKey == null || signature == null) throw new InvalidKeySpecException();
         ECPublicKey pubKey = SecurityHelper.toPublicECKey(publicKey);
-        SecurityHelper.newECVerifySignature(pubKey).update(signature);
+        Signature sign = SecurityHelper.newECVerifySignature(pubKey);
+        sign.update(data);
+        sign.verify(signature);
     }
     GetSecureLevelInfoRequestEvent onGetSecureLevelInfo(GetSecureLevelInfoRequestEvent event);
     boolean allowGetSecureLevelInfo(Client client);
diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/Client.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/Client.java
index 205ac55c..763cd165 100644
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/Client.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/Client.java
@@ -50,5 +50,7 @@ public enum Type {
     public static class TrustLevel
     {
         public byte[] verifySecureKey;
+        public boolean keyChecked;
+        public byte[] publicKey;
     }
 }
diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/secure/GetSecureLevelInfoResponse.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/secure/GetSecureLevelInfoResponse.java
index 5380ffa6..a99d8801 100644
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/secure/GetSecureLevelInfoResponse.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/secure/GetSecureLevelInfoResponse.java
@@ -23,7 +23,7 @@ public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
         SecureProtectHandler secureProtectHandler = (SecureProtectHandler) server.config.protectHandler;
         if(!secureProtectHandler.allowGetSecureLevelInfo(client))
         {
-            sendError("Permissions denied");
+            sendError("Access denied");
             return;
         }
         if(client.trustLevel == null) client.trustLevel = new Client.TrustLevel();
diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/secure/VerifySecureLevelKeyResponse.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/secure/VerifySecureLevelKeyResponse.java
index 14ad3afc..519e64a6 100644
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/secure/VerifySecureLevelKeyResponse.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/secure/VerifySecureLevelKeyResponse.java
@@ -19,14 +19,14 @@ public String getType() {
 
     @Override
     public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
-        if(!(server.config.protectHandler instanceof SecureProtectHandler))
+        if(!(server.config.protectHandler instanceof SecureProtectHandler) || client.trustLevel == null || client.trustLevel.verifySecureKey == null)
         {
             sendError("This method not allowed");
             return;
         }
         SecureProtectHandler secureProtectHandler = (SecureProtectHandler) server.config.protectHandler;
         try {
-            secureProtectHandler.verifySecureLevelKey(publicKey, signature);
+            secureProtectHandler.verifySecureLevelKey(publicKey, client.trustLevel.verifySecureKey, signature);
         } catch (InvalidKeySpecException e)
         {
             sendError("Invalid public key");
@@ -35,7 +35,13 @@ public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
         {
             sendError("Invalid signature");
             return;
+        } catch (SecurityException e)
+        {
+            sendError(e.getMessage());
+            return;
         }
+        client.trustLevel.keyChecked = true;
+        client.trustLevel.publicKey = publicKey;
         sendResult(new VerifySecureLevelKeyRequestEvent());
     }
 }