Lanmikeman/Launcher
1
1
Fork 0
mirror of https://github.com/GravitLauncher/Launcher synced 2024-11-15 11:39:11 +03:00
Code Issues Projects Releases Packages Wiki Activity

[FEATURE] Check certificate expired

Browse source
This commit is contained in:
Gravita 2023-07-25 17:10:18 +07:00
parent 1bc0443dd5
commit 85986c2916
3 changed files with 51 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
LaunchServer/src/main/java/pro/gravit/launchserver/LaunchServer.java
View file

@ -16,6 +16,7 @@
import pro.gravit.launchserver.binary.LauncherBinary; import pro.gravit.launchserver.binary.LauncherBinary;
import pro.gravit.launchserver.config.LaunchServerConfig; import pro.gravit.launchserver.config.LaunchServerConfig;
import pro.gravit.launchserver.config.LaunchServerRuntimeConfig; import pro.gravit.launchserver.config.LaunchServerRuntimeConfig;
import pro.gravit.launchserver.helper.SignHelper;
import pro.gravit.launchserver.launchermodules.LauncherModuleLoader; import pro.gravit.launchserver.launchermodules.LauncherModuleLoader;
import pro.gravit.launchserver.manangers.*; import pro.gravit.launchserver.manangers.*;
import pro.gravit.launchserver.manangers.hook.AuthHookManager; import pro.gravit.launchserver.manangers.hook.AuthHookManager;
@ -40,9 +41,14 @@
import java.lang.invoke.MethodType; import java.lang.invoke.MethodType;
import java.nio.file.*; import java.nio.file.*;
import java.nio.file.attribute.BasicFileAttributes; import java.nio.file.attribute.BasicFileAttributes;
import java.security.KeyStore;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDateTime;
import java.util.*; import java.util.*;
import java.util.concurrent.Executors; import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicBoolean;
/** /**
@ -185,6 +191,10 @@ public LaunchServer(LaunchServerDirectories directories, LaunchServerEnv env, La
} }
launcherModuleLoader.init(); launcherModuleLoader.init();
nettyServerSocketHandler = new NettyServerSocketHandler(this); nettyServerSocketHandler = new NettyServerSocketHandler(this);
if(config.sign.checkCertificateExpired) {
checkCertificateExpired();
service.scheduleAtFixedRate(this::checkCertificateExpired, 24, 24, TimeUnit.HOURS);
}
// post init modules // post init modules
modulesManager.invokeEvent(new LaunchServerPostInitPhase(this)); modulesManager.invokeEvent(new LaunchServerPostInitPhase(this));
} }
@ -269,6 +279,25 @@ public void invoke(String... args) throws Exception {
return commands; return commands;
} }
public void checkCertificateExpired() {
if(!config.sign.enabled) {
return;
}
try {
KeyStore keyStore = SignHelper.getStore(Paths.get(config.sign.keyStore), config.sign.keyStorePass, config.sign.keyStoreType);
Instant date = SignHelper.getCertificateExpired(keyStore, config.sign.keyAlias);
if(date == null) {
logger.debug("The certificate will expire at unlimited");
} else if(date.minus(Duration.ofDays(30)).isBefore(Instant.now())) {
logger.warn("The certificate will expire at {}", date.toString());
} else {
logger.debug("The certificate will expire at {}", date.toString());
}
} catch (Throwable e) {
logger.error("Can't get certificate expire date", e);
}
}
private LauncherBinary binary() { private LauncherBinary binary() {
LaunchServerLauncherExeInit event = new LaunchServerLauncherExeInit(this, null); LaunchServerLauncherExeInit event = new LaunchServerLauncherExeInit(this, null);
modulesManager.invokeEvent(event); modulesManager.invokeEvent(event);

1
LaunchServer/src/main/java/pro/gravit/launchserver/config/LaunchServerConfig.java
View file

@ -259,6 +259,7 @@ public static class JarSignerConf {
public String metaInfKeyName = "SIGNUMO.RSA"; public String metaInfKeyName = "SIGNUMO.RSA";
public String metaInfSfName = "SIGNUMO.SF"; public String metaInfSfName = "SIGNUMO.SF";
public String signAlgo = "SHA256WITHRSA"; public String signAlgo = "SHA256WITHRSA";
public boolean checkCertificateExpired = true;
} }
public static class NettyUpdatesBind { public static class NettyUpdatesBind {

21
LaunchServer/src/main/java/pro/gravit/launchserver/helper/SignHelper.java
View file

@ -21,8 +21,11 @@
import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.LocalDateTime;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Date;
import java.util.List; import java.util.List;
public class SignHelper { public class SignHelper {
@ -46,6 +49,24 @@ public static KeyStore getStore(Path file, String storepass, String algo) throws
} }
} }
public static Instant getCertificateExpired(KeyStore keyStore, String keyAlias) throws KeyStoreException {
List<Certificate> certChain = new ArrayList<>(Arrays.asList(keyStore.getCertificateChain(keyAlias)));
Date date = null;
for(var e : certChain) {
if(e instanceof X509Certificate x509Certificate) {
if(x509Certificate.getNotAfter() == null) {
continue;
}
if(date == null || date.before(x509Certificate.getNotAfter())) {
date = x509Certificate.getNotAfter();
}
}
}
return date == null ? null : date.toInstant();
}
/** /**
* Creates the beast that can actually sign the data (for JKS, for other make it). * Creates the beast that can actually sign the data (for JKS, for other make it).
*/ */