From 9d06689f351fff34bce3e32c6e91a588f0310a60 Mon Sep 17 00:00:00 2001
From: Gravita <gravita@gravit.pro>
Date: Sat, 6 Mar 2021 17:18:38 +0700
Subject: [PATCH] [FEATURE] CertificateService

---
 .../launcher/api/CertificateService.java      | 96 +++++++++++++++++++
 .../launcher/utils/ApiBridgeService.java      | 17 ++++
 2 files changed, 113 insertions(+)
 create mode 100644 Launcher/src/main/java/pro/gravit/launcher/api/CertificateService.java
 create mode 100644 Launcher/src/main/java/pro/gravit/launcher/utils/ApiBridgeService.java

diff --git a/Launcher/src/main/java/pro/gravit/launcher/api/CertificateService.java b/Launcher/src/main/java/pro/gravit/launcher/api/CertificateService.java
new file mode 100644
index 00000000..377120dc
--- /dev/null
+++ b/Launcher/src/main/java/pro/gravit/launcher/api/CertificateService.java
@@ -0,0 +1,96 @@
+package pro.gravit.launcher.api;
+
+import pro.gravit.launcher.Launcher;
+import pro.gravit.launcher.LauncherTrustManager;
+import pro.gravit.launcher.utils.ApiBridgeService;
+
+import java.security.cert.X509Certificate;
+
+import static pro.gravit.launcher.LauncherEngine.getCertificates;
+
+public class CertificateService {
+    private CertificateService() {
+        throw new UnsupportedOperationException();
+    }
+
+    public static CheckClassResultApi checkClass(Class<?> clazz) throws SecurityException {
+        X509Certificate[] certificates = getCertificates(clazz);
+        if (certificates == null) {
+            return new CheckClassResultApi(CheckClassResultTypeApi.NOT_SIGNED, null, null);
+        }
+        try {
+            return CheckClassResultApi.fromCheckClassResult(ApiBridgeService.checkCertificates(certificates));
+        } catch (Exception e) {
+            throw new SecurityException(e);
+        }
+    }
+
+    public static void checkClassSuccess(Class<?> clazz) {
+        X509Certificate[] certificates = getCertificates(clazz);
+        if (certificates == null) {
+            throw new SecurityException(String.format("Class %s not signed", clazz.getName()));
+        }
+        try {
+            ApiBridgeService.checkCertificatesSuccess(certificates);
+        } catch (Exception e) {
+            throw new SecurityException(e);
+        }
+    }
+
+    public enum CheckClassResultTypeApi {
+        NOT_SIGNED,
+        SUCCESS,
+        UNTRUSTED,
+        UNVERIFED,
+        UNCOMPAT,
+        UNKNOWN
+    }
+    public static class CheckClassResultApi {
+        public final CheckClassResultTypeApi type;
+        public final X509Certificate endCertificate;
+        public final X509Certificate rootCertificate;
+        public final Exception exception;
+
+        private CheckClassResultApi(CheckClassResultTypeApi type, X509Certificate endCertificate, X509Certificate rootCertificate) {
+            this.type = type;
+            this.endCertificate = endCertificate;
+            this.rootCertificate = rootCertificate;
+            exception = null;
+        }
+
+        private CheckClassResultApi(CheckClassResultTypeApi type, X509Certificate endCertificate, X509Certificate rootCertificate, Exception exception) {
+            this.type = type;
+            this.endCertificate = endCertificate;
+            this.rootCertificate = rootCertificate;
+            this.exception = exception;
+        }
+
+        private CheckClassResultApi(CheckClassResultApi orig) {
+            this.type = orig.type;
+            this.exception = orig.exception;
+            this.rootCertificate = orig.rootCertificate;
+            this.endCertificate = orig.endCertificate;
+        }
+        private static CheckClassResultApi fromCheckClassResult(LauncherTrustManager.CheckClassResult result) {
+            if(result == null) return null;
+            return new CheckClassResultApi(fromType(result.type), result.endCertificate, result.rootCertificate, result.exception);
+        }
+        private static CheckClassResultTypeApi fromType(LauncherTrustManager.CheckClassResultType type) {
+            if(type == null) return null;
+            switch (type) {
+                case NOT_SIGNED:
+                    return CheckClassResultTypeApi.NOT_SIGNED;
+                case SUCCESS:
+                    return CheckClassResultTypeApi.SUCCESS;
+                case UNTRUSTED:
+                    return CheckClassResultTypeApi.UNTRUSTED;
+                case UNVERIFED:
+                    return CheckClassResultTypeApi.UNVERIFED;
+                case UNCOMPAT:
+                    return CheckClassResultTypeApi.UNCOMPAT;
+                default:
+                    return CheckClassResultTypeApi.UNKNOWN;
+            }
+        }
+    }
+}
diff --git a/Launcher/src/main/java/pro/gravit/launcher/utils/ApiBridgeService.java b/Launcher/src/main/java/pro/gravit/launcher/utils/ApiBridgeService.java
new file mode 100644
index 00000000..34a8c3b3
--- /dev/null
+++ b/Launcher/src/main/java/pro/gravit/launcher/utils/ApiBridgeService.java
@@ -0,0 +1,17 @@
+package pro.gravit.launcher.utils;
+
+import pro.gravit.launcher.Launcher;
+import pro.gravit.launcher.LauncherTrustManager;
+
+import java.security.cert.X509Certificate;
+
+public class ApiBridgeService {
+    public static LauncherTrustManager.CheckClassResult checkCertificates(X509Certificate[] certs) {
+        LauncherTrustManager trustManager = Launcher.getConfig().trustManager;
+        return trustManager.checkCertificates(certs, trustManager::stdCertificateChecker);
+    }
+    public static void checkCertificatesSuccess(X509Certificate[] certs) throws Exception {
+        LauncherTrustManager trustManager = Launcher.getConfig().trustManager;
+        trustManager.checkCertificatesSuccess(certs, trustManager::stdCertificateChecker);
+    }
+}