[FIX] Перемещение критичных классов в безопастное место

This commit is contained in:
Gravit 2019-12-09 03:27:13 +07:00
parent 4dab77bda9
commit a350b3bd77
No known key found for this signature in database
GPG key ID: 061981E1E85D3216
15 changed files with 33 additions and 41 deletions

View file

@ -27,7 +27,7 @@
import pro.gravit.utils.helper.JVMHelper; import pro.gravit.utils.helper.JVMHelper;
import pro.gravit.utils.helper.LogHelper; import pro.gravit.utils.helper.LogHelper;
import pro.gravit.utils.helper.SecurityHelper; import pro.gravit.utils.helper.SecurityHelper;
import pro.gravit.utils.verify.LauncherTrustManager; import pro.gravit.launcher.LauncherTrustManager;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.BufferedWriter; import java.io.BufferedWriter;

View file

@ -1,7 +1,7 @@
package pro.gravit.launchserver.auth.handler; package pro.gravit.launchserver.auth.handler;
import pro.gravit.launcher.Launcher; import pro.gravit.launcher.Launcher;
import pro.gravit.utils.HTTPRequest; import pro.gravit.launcher.HTTPRequest;
import java.io.IOException; import java.io.IOException;
import java.net.URL; import java.net.URL;

View file

@ -4,7 +4,7 @@
import com.google.gson.JsonElement; import com.google.gson.JsonElement;
import pro.gravit.launcher.hwid.HWID; import pro.gravit.launcher.hwid.HWID;
import pro.gravit.launcher.hwid.OshiHWID; import pro.gravit.launcher.hwid.OshiHWID;
import pro.gravit.utils.HTTPRequest; import pro.gravit.launcher.HTTPRequest;
import pro.gravit.utils.helper.LogHelper; import pro.gravit.utils.helper.LogHelper;
import java.io.IOException; import java.io.IOException;

View file

@ -6,7 +6,7 @@
import pro.gravit.launcher.request.auth.AuthRequest; import pro.gravit.launcher.request.auth.AuthRequest;
import pro.gravit.launcher.request.auth.password.AuthPlainPassword; import pro.gravit.launcher.request.auth.password.AuthPlainPassword;
import pro.gravit.launchserver.auth.AuthException; import pro.gravit.launchserver.auth.AuthException;
import pro.gravit.utils.HTTPRequest; import pro.gravit.launcher.HTTPRequest;
import pro.gravit.utils.helper.SecurityHelper; import pro.gravit.utils.helper.SecurityHelper;
import java.io.IOException; import java.io.IOException;

View file

@ -24,7 +24,7 @@
import pro.gravit.utils.helper.JVMHelper; import pro.gravit.utils.helper.JVMHelper;
import pro.gravit.utils.helper.LogHelper; import pro.gravit.utils.helper.LogHelper;
import pro.gravit.utils.helper.SecurityHelper; import pro.gravit.utils.helper.SecurityHelper;
import pro.gravit.utils.verify.LauncherTrustManager; import pro.gravit.launcher.LauncherTrustManager;
import java.io.*; import java.io.*;
import java.math.BigInteger; import java.math.BigInteger;

View file

@ -1,7 +1,7 @@
package pro.gravit.launchserver.manangers; package pro.gravit.launchserver.manangers;
import com.google.gson.JsonElement; import com.google.gson.JsonElement;
import pro.gravit.utils.HTTPRequest; import pro.gravit.launcher.HTTPRequest;
import pro.gravit.utils.HttpDownloader; import pro.gravit.utils.HttpDownloader;
import pro.gravit.utils.helper.IOHelper; import pro.gravit.utils.helper.IOHelper;
import pro.gravit.utils.helper.LogHelper; import pro.gravit.utils.helper.LogHelper;

View file

@ -5,7 +5,7 @@
import pro.gravit.launcher.modules.impl.SimpleModuleManager; import pro.gravit.launcher.modules.impl.SimpleModuleManager;
import pro.gravit.launchserver.LaunchServer; import pro.gravit.launchserver.LaunchServer;
import pro.gravit.utils.helper.LogHelper; import pro.gravit.utils.helper.LogHelper;
import pro.gravit.utils.verify.LauncherTrustManager; import pro.gravit.launcher.LauncherTrustManager;
import java.nio.file.Path; import java.nio.file.Path;
import java.util.Arrays; import java.util.Arrays;

View file

@ -14,10 +14,8 @@
import pro.gravit.launcher.request.Request; import pro.gravit.launcher.request.Request;
import pro.gravit.launcher.request.RequestException; import pro.gravit.launcher.request.RequestException;
import pro.gravit.launcher.request.auth.RestoreSessionRequest; import pro.gravit.launcher.request.auth.RestoreSessionRequest;
import pro.gravit.launcher.request.update.UpdateRequest;
import pro.gravit.launcher.request.websockets.StandartClientWebSocketService; import pro.gravit.launcher.request.websockets.StandartClientWebSocketService;
import pro.gravit.utils.helper.*; import pro.gravit.utils.helper.*;
import pro.gravit.utils.verify.LauncherTrustManager;
import java.io.IOException; import java.io.IOException;
import java.nio.file.Path; import java.nio.file.Path;
@ -27,16 +25,24 @@
import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey; import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Objects; import java.util.Objects;
import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicBoolean;
public class LauncherEngine { public class LauncherEngine {
//JVMHelper.getCertificates
public static X509Certificate[] getCertificates(Class<?> clazz) {
Object[] signers = clazz.getSigners();
if (signers == null) return null;
return Arrays.stream(signers).filter((c) -> c instanceof X509Certificate).map((c) -> (X509Certificate) c).toArray(X509Certificate[]::new);
}
public static final AtomicBoolean IS_CLIENT = new AtomicBoolean(false); public static final AtomicBoolean IS_CLIENT = new AtomicBoolean(false);
public static void checkClass(Class<?> clazz) throws SecurityException { public static void checkClass(Class<?> clazz) throws SecurityException {
LauncherTrustManager trustManager = Launcher.getConfig().trustManager; LauncherTrustManager trustManager = Launcher.getConfig().trustManager;
if (trustManager == null) return; if (trustManager == null) return;
X509Certificate[] certificates = JVMHelper.getCertificates(clazz); X509Certificate[] certificates = getCertificates(clazz);
if (certificates == null) { if (certificates == null) {
throw new SecurityException(String.format("Class %s not signed", clazz.getName())); throw new SecurityException(String.format("Class %s not signed", clazz.getName()));
} }
@ -54,7 +60,7 @@ public static void main(String... args) throws Throwable {
JVMHelper.verifySystemProperties(Launcher.class, true); JVMHelper.verifySystemProperties(Launcher.class, true);
EnvHelper.checkDangerousParams(); EnvHelper.checkDangerousParams();
//if(!LauncherAgent.isStarted()) throw new SecurityException("JavaAgent not set"); //if(!LauncherAgent.isStarted()) throw new SecurityException("JavaAgent not set");
JVMHelper.verifyNoAgent(); verifyNoAgent();
LogHelper.printVersion("Launcher"); LogHelper.printVersion("Launcher");
LogHelper.printLicense("Launcher"); LogHelper.printLicense("Launcher");
LauncherEngine.checkClass(LauncherEngine.class); LauncherEngine.checkClass(LauncherEngine.class);
@ -91,6 +97,10 @@ public static void initGson(ClientModuleManager modulesManager) {
Launcher.gsonManager.initGson(); Launcher.gsonManager.initGson();
} }
public static void verifyNoAgent() {
if (JVMHelper.RUNTIME_MXBEAN.getInputArguments().stream().filter(e -> e != null && !e.isEmpty()).anyMatch(e -> e.contains("javaagent"))) throw new SecurityException("JavaAgent found");
}
public void readKeys() throws IOException, InvalidKeySpecException { public void readKeys() throws IOException, InvalidKeySpecException {
if (privateKey != null || publicKey != null) return; if (privateKey != null || publicKey != null) return;
Path dir = DirBridge.dir; Path dir = DirBridge.dir;

View file

@ -3,7 +3,7 @@
import pro.gravit.launcher.Launcher; import pro.gravit.launcher.Launcher;
import pro.gravit.launcher.modules.LauncherModule; import pro.gravit.launcher.modules.LauncherModule;
import pro.gravit.launcher.modules.impl.SimpleModuleManager; import pro.gravit.launcher.modules.impl.SimpleModuleManager;
import pro.gravit.utils.verify.LauncherTrustManager; import pro.gravit.launcher.LauncherTrustManager;
import java.nio.file.Path; import java.nio.file.Path;
import java.util.Collection; import java.util.Collection;

View file

@ -5,7 +5,6 @@
import pro.gravit.launcher.serialize.stream.StreamObject; import pro.gravit.launcher.serialize.stream.StreamObject;
import pro.gravit.utils.helper.SecurityHelper; import pro.gravit.utils.helper.SecurityHelper;
import pro.gravit.utils.helper.VerifyHelper; import pro.gravit.utils.helper.VerifyHelper;
import pro.gravit.utils.verify.LauncherTrustManager;
import java.io.IOException; import java.io.IOException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;

View file

@ -7,7 +7,7 @@
import pro.gravit.utils.helper.IOHelper; import pro.gravit.utils.helper.IOHelper;
import pro.gravit.utils.helper.JVMHelper; import pro.gravit.utils.helper.JVMHelper;
import pro.gravit.utils.helper.LogHelper; import pro.gravit.utils.helper.LogHelper;
import pro.gravit.utils.verify.LauncherTrustManager; import pro.gravit.launcher.LauncherTrustManager;
import java.io.IOException; import java.io.IOException;
import java.lang.invoke.MethodHandles; import java.lang.invoke.MethodHandles;
@ -169,11 +169,16 @@ public LauncherModule loadModule(Path file) throws IOException {
return null; return null;
} }
} }
//JVMHelper.getCertificates
private static X509Certificate[] getCertificates(Class<?> clazz) {
Object[] signers = clazz.getSigners();
if (signers == null) return null;
return Arrays.stream(signers).filter((c) -> c instanceof X509Certificate).map((c) -> (X509Certificate) c).toArray(X509Certificate[]::new);
}
public void checkModuleClass(Class<? extends LauncherModule> clazz, LauncherTrustManager.CheckMode mode) throws SecurityException { public void checkModuleClass(Class<? extends LauncherModule> clazz, LauncherTrustManager.CheckMode mode) throws SecurityException {
if (trustManager == null) return; if (trustManager == null) return;
X509Certificate[] certificates = JVMHelper.getCertificates(clazz); X509Certificate[] certificates = getCertificates(clazz);
if (certificates == null) { if (certificates == null) {
if (mode == LauncherTrustManager.CheckMode.EXCEPTION_IN_NOT_SIGNED) if (mode == LauncherTrustManager.CheckMode.EXCEPTION_IN_NOT_SIGNED)
throw new SecurityException(String.format("Class %s not signed", clazz.getName())); throw new SecurityException(String.format("Class %s not signed", clazz.getName()));

View file

@ -1,4 +1,4 @@
package pro.gravit.utils; package pro.gravit.launcher;
import com.google.gson.JsonElement; import com.google.gson.JsonElement;
import com.google.gson.JsonParser; import com.google.gson.JsonParser;
@ -17,25 +17,6 @@ public final class HTTPRequest {
private static final int TIMEOUT = 10000; private static final int TIMEOUT = 10000;
private static final JsonParser parser = new JsonParser(); private static final JsonParser parser = new JsonParser();
public static int sendCrashreport(String strurl, byte[] data) throws IOException {
URL url = new URL(strurl);
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-Type",
"application/x-www-form-urlencoded");
connection.setRequestProperty("Content-Length",
Integer.toString(data.length));
connection.setRequestProperty("Content-Language", "en-US");
OutputStream outputStream = connection.getOutputStream();
outputStream.write(data);
outputStream.close();
return connection.getResponseCode();
}
public static int sendCrashreport(String strurl, String data) throws IOException {
return sendCrashreport(strurl, data.getBytes(IOHelper.UNICODE_CHARSET));
}
public static JsonElement jsonRequest(JsonElement request, URL url) throws IOException { public static JsonElement jsonRequest(JsonElement request, URL url) throws IOException {
return jsonRequest(request, "POST", url); return jsonRequest(request, "POST", url);
} }

View file

@ -1,4 +1,4 @@
package pro.gravit.utils.verify; package pro.gravit.launcher;
import pro.gravit.utils.helper.LogHelper; import pro.gravit.utils.helper.LogHelper;

View file

@ -190,7 +190,4 @@ public static void verifySystemProperties(Class<?> mainClass, boolean requireSys
private JVMHelper() { private JVMHelper() {
} }
public static void verifyNoAgent() {
if (RUNTIME_MXBEAN.getInputArguments().stream().filter(e -> e != null && !e.isEmpty()).anyMatch(e -> e.contains("javaagent"))) throw new SecurityException("JavaAgent found");
}
} }

@ -1 +1 @@
Subproject commit 9ee94152da6ae8e3ea045484f60b2a2246b4e993 Subproject commit 9282291e67d54aa617d32e78ef70a62b50a4c428