mirror of
https://github.com/GravitLauncher/Launcher
synced 2025-01-09 00:59:44 +03:00
[FIX] VerifySecureLevelKey
This commit is contained in:
parent
7527251841
commit
56b933bd3a
4 changed files with 16 additions and 5 deletions
|
@ -6,6 +6,7 @@
|
||||||
import pro.gravit.launchserver.socket.response.secure.SecurityReportResponse;
|
import pro.gravit.launchserver.socket.response.secure.SecurityReportResponse;
|
||||||
import pro.gravit.utils.helper.SecurityHelper;
|
import pro.gravit.utils.helper.SecurityHelper;
|
||||||
|
|
||||||
|
import java.security.Signature;
|
||||||
import java.security.SignatureException;
|
import java.security.SignatureException;
|
||||||
import java.security.interfaces.ECPublicKey;
|
import java.security.interfaces.ECPublicKey;
|
||||||
import java.security.spec.InvalidKeySpecException;
|
import java.security.spec.InvalidKeySpecException;
|
||||||
|
@ -15,10 +16,12 @@ default byte[] generateSecureLevelKey()
|
||||||
{
|
{
|
||||||
return SecurityHelper.randomBytes(128);
|
return SecurityHelper.randomBytes(128);
|
||||||
}
|
}
|
||||||
default void verifySecureLevelKey(byte[] publicKey, byte[] signature) throws InvalidKeySpecException, SignatureException {
|
default void verifySecureLevelKey(byte[] publicKey, byte[] data, byte[] signature) throws InvalidKeySpecException, SignatureException {
|
||||||
if(publicKey == null || signature == null) throw new InvalidKeySpecException();
|
if(publicKey == null || signature == null) throw new InvalidKeySpecException();
|
||||||
ECPublicKey pubKey = SecurityHelper.toPublicECKey(publicKey);
|
ECPublicKey pubKey = SecurityHelper.toPublicECKey(publicKey);
|
||||||
SecurityHelper.newECVerifySignature(pubKey).update(signature);
|
Signature sign = SecurityHelper.newECVerifySignature(pubKey);
|
||||||
|
sign.update(data);
|
||||||
|
sign.verify(signature);
|
||||||
}
|
}
|
||||||
GetSecureLevelInfoRequestEvent onGetSecureLevelInfo(GetSecureLevelInfoRequestEvent event);
|
GetSecureLevelInfoRequestEvent onGetSecureLevelInfo(GetSecureLevelInfoRequestEvent event);
|
||||||
boolean allowGetSecureLevelInfo(Client client);
|
boolean allowGetSecureLevelInfo(Client client);
|
||||||
|
|
|
@ -50,5 +50,7 @@ public enum Type {
|
||||||
public static class TrustLevel
|
public static class TrustLevel
|
||||||
{
|
{
|
||||||
public byte[] verifySecureKey;
|
public byte[] verifySecureKey;
|
||||||
|
public boolean keyChecked;
|
||||||
|
public byte[] publicKey;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,7 +23,7 @@ public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
|
||||||
SecureProtectHandler secureProtectHandler = (SecureProtectHandler) server.config.protectHandler;
|
SecureProtectHandler secureProtectHandler = (SecureProtectHandler) server.config.protectHandler;
|
||||||
if(!secureProtectHandler.allowGetSecureLevelInfo(client))
|
if(!secureProtectHandler.allowGetSecureLevelInfo(client))
|
||||||
{
|
{
|
||||||
sendError("Permissions denied");
|
sendError("Access denied");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if(client.trustLevel == null) client.trustLevel = new Client.TrustLevel();
|
if(client.trustLevel == null) client.trustLevel = new Client.TrustLevel();
|
||||||
|
|
|
@ -19,14 +19,14 @@ public String getType() {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
|
public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
|
||||||
if(!(server.config.protectHandler instanceof SecureProtectHandler))
|
if(!(server.config.protectHandler instanceof SecureProtectHandler) || client.trustLevel == null || client.trustLevel.verifySecureKey == null)
|
||||||
{
|
{
|
||||||
sendError("This method not allowed");
|
sendError("This method not allowed");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
SecureProtectHandler secureProtectHandler = (SecureProtectHandler) server.config.protectHandler;
|
SecureProtectHandler secureProtectHandler = (SecureProtectHandler) server.config.protectHandler;
|
||||||
try {
|
try {
|
||||||
secureProtectHandler.verifySecureLevelKey(publicKey, signature);
|
secureProtectHandler.verifySecureLevelKey(publicKey, client.trustLevel.verifySecureKey, signature);
|
||||||
} catch (InvalidKeySpecException e)
|
} catch (InvalidKeySpecException e)
|
||||||
{
|
{
|
||||||
sendError("Invalid public key");
|
sendError("Invalid public key");
|
||||||
|
@ -35,7 +35,13 @@ public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
|
||||||
{
|
{
|
||||||
sendError("Invalid signature");
|
sendError("Invalid signature");
|
||||||
return;
|
return;
|
||||||
|
} catch (SecurityException e)
|
||||||
|
{
|
||||||
|
sendError(e.getMessage());
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
|
client.trustLevel.keyChecked = true;
|
||||||
|
client.trustLevel.publicKey = publicKey;
|
||||||
sendResult(new VerifySecureLevelKeyRequestEvent());
|
sendResult(new VerifySecureLevelKeyRequestEvent());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue