mirror of
https://github.com/GravitLauncher/Launcher
synced 2025-01-09 00:59:44 +03:00
[FIX] Перемещение критичных классов в безопастное место
This commit is contained in:
parent
4dab77bda9
commit
a350b3bd77
15 changed files with 33 additions and 41 deletions
|
@ -27,7 +27,7 @@
|
||||||
import pro.gravit.utils.helper.JVMHelper;
|
import pro.gravit.utils.helper.JVMHelper;
|
||||||
import pro.gravit.utils.helper.LogHelper;
|
import pro.gravit.utils.helper.LogHelper;
|
||||||
import pro.gravit.utils.helper.SecurityHelper;
|
import pro.gravit.utils.helper.SecurityHelper;
|
||||||
import pro.gravit.utils.verify.LauncherTrustManager;
|
import pro.gravit.launcher.LauncherTrustManager;
|
||||||
|
|
||||||
import java.io.BufferedReader;
|
import java.io.BufferedReader;
|
||||||
import java.io.BufferedWriter;
|
import java.io.BufferedWriter;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
package pro.gravit.launchserver.auth.handler;
|
package pro.gravit.launchserver.auth.handler;
|
||||||
|
|
||||||
import pro.gravit.launcher.Launcher;
|
import pro.gravit.launcher.Launcher;
|
||||||
import pro.gravit.utils.HTTPRequest;
|
import pro.gravit.launcher.HTTPRequest;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
import com.google.gson.JsonElement;
|
import com.google.gson.JsonElement;
|
||||||
import pro.gravit.launcher.hwid.HWID;
|
import pro.gravit.launcher.hwid.HWID;
|
||||||
import pro.gravit.launcher.hwid.OshiHWID;
|
import pro.gravit.launcher.hwid.OshiHWID;
|
||||||
import pro.gravit.utils.HTTPRequest;
|
import pro.gravit.launcher.HTTPRequest;
|
||||||
import pro.gravit.utils.helper.LogHelper;
|
import pro.gravit.utils.helper.LogHelper;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
import pro.gravit.launcher.request.auth.AuthRequest;
|
import pro.gravit.launcher.request.auth.AuthRequest;
|
||||||
import pro.gravit.launcher.request.auth.password.AuthPlainPassword;
|
import pro.gravit.launcher.request.auth.password.AuthPlainPassword;
|
||||||
import pro.gravit.launchserver.auth.AuthException;
|
import pro.gravit.launchserver.auth.AuthException;
|
||||||
import pro.gravit.utils.HTTPRequest;
|
import pro.gravit.launcher.HTTPRequest;
|
||||||
import pro.gravit.utils.helper.SecurityHelper;
|
import pro.gravit.utils.helper.SecurityHelper;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
import pro.gravit.utils.helper.JVMHelper;
|
import pro.gravit.utils.helper.JVMHelper;
|
||||||
import pro.gravit.utils.helper.LogHelper;
|
import pro.gravit.utils.helper.LogHelper;
|
||||||
import pro.gravit.utils.helper.SecurityHelper;
|
import pro.gravit.utils.helper.SecurityHelper;
|
||||||
import pro.gravit.utils.verify.LauncherTrustManager;
|
import pro.gravit.launcher.LauncherTrustManager;
|
||||||
|
|
||||||
import java.io.*;
|
import java.io.*;
|
||||||
import java.math.BigInteger;
|
import java.math.BigInteger;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
package pro.gravit.launchserver.manangers;
|
package pro.gravit.launchserver.manangers;
|
||||||
|
|
||||||
import com.google.gson.JsonElement;
|
import com.google.gson.JsonElement;
|
||||||
import pro.gravit.utils.HTTPRequest;
|
import pro.gravit.launcher.HTTPRequest;
|
||||||
import pro.gravit.utils.HttpDownloader;
|
import pro.gravit.utils.HttpDownloader;
|
||||||
import pro.gravit.utils.helper.IOHelper;
|
import pro.gravit.utils.helper.IOHelper;
|
||||||
import pro.gravit.utils.helper.LogHelper;
|
import pro.gravit.utils.helper.LogHelper;
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
import pro.gravit.launcher.modules.impl.SimpleModuleManager;
|
import pro.gravit.launcher.modules.impl.SimpleModuleManager;
|
||||||
import pro.gravit.launchserver.LaunchServer;
|
import pro.gravit.launchserver.LaunchServer;
|
||||||
import pro.gravit.utils.helper.LogHelper;
|
import pro.gravit.utils.helper.LogHelper;
|
||||||
import pro.gravit.utils.verify.LauncherTrustManager;
|
import pro.gravit.launcher.LauncherTrustManager;
|
||||||
|
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
|
|
@ -14,10 +14,8 @@
|
||||||
import pro.gravit.launcher.request.Request;
|
import pro.gravit.launcher.request.Request;
|
||||||
import pro.gravit.launcher.request.RequestException;
|
import pro.gravit.launcher.request.RequestException;
|
||||||
import pro.gravit.launcher.request.auth.RestoreSessionRequest;
|
import pro.gravit.launcher.request.auth.RestoreSessionRequest;
|
||||||
import pro.gravit.launcher.request.update.UpdateRequest;
|
|
||||||
import pro.gravit.launcher.request.websockets.StandartClientWebSocketService;
|
import pro.gravit.launcher.request.websockets.StandartClientWebSocketService;
|
||||||
import pro.gravit.utils.helper.*;
|
import pro.gravit.utils.helper.*;
|
||||||
import pro.gravit.utils.verify.LauncherTrustManager;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
|
@ -27,16 +25,24 @@
|
||||||
import java.security.interfaces.ECPrivateKey;
|
import java.security.interfaces.ECPrivateKey;
|
||||||
import java.security.interfaces.ECPublicKey;
|
import java.security.interfaces.ECPublicKey;
|
||||||
import java.security.spec.InvalidKeySpecException;
|
import java.security.spec.InvalidKeySpecException;
|
||||||
|
import java.util.Arrays;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.concurrent.atomic.AtomicBoolean;
|
import java.util.concurrent.atomic.AtomicBoolean;
|
||||||
|
|
||||||
public class LauncherEngine {
|
public class LauncherEngine {
|
||||||
|
//JVMHelper.getCertificates
|
||||||
|
public static X509Certificate[] getCertificates(Class<?> clazz) {
|
||||||
|
Object[] signers = clazz.getSigners();
|
||||||
|
if (signers == null) return null;
|
||||||
|
return Arrays.stream(signers).filter((c) -> c instanceof X509Certificate).map((c) -> (X509Certificate) c).toArray(X509Certificate[]::new);
|
||||||
|
}
|
||||||
|
|
||||||
public static final AtomicBoolean IS_CLIENT = new AtomicBoolean(false);
|
public static final AtomicBoolean IS_CLIENT = new AtomicBoolean(false);
|
||||||
|
|
||||||
public static void checkClass(Class<?> clazz) throws SecurityException {
|
public static void checkClass(Class<?> clazz) throws SecurityException {
|
||||||
LauncherTrustManager trustManager = Launcher.getConfig().trustManager;
|
LauncherTrustManager trustManager = Launcher.getConfig().trustManager;
|
||||||
if (trustManager == null) return;
|
if (trustManager == null) return;
|
||||||
X509Certificate[] certificates = JVMHelper.getCertificates(clazz);
|
X509Certificate[] certificates = getCertificates(clazz);
|
||||||
if (certificates == null) {
|
if (certificates == null) {
|
||||||
throw new SecurityException(String.format("Class %s not signed", clazz.getName()));
|
throw new SecurityException(String.format("Class %s not signed", clazz.getName()));
|
||||||
}
|
}
|
||||||
|
@ -54,7 +60,7 @@ public static void main(String... args) throws Throwable {
|
||||||
JVMHelper.verifySystemProperties(Launcher.class, true);
|
JVMHelper.verifySystemProperties(Launcher.class, true);
|
||||||
EnvHelper.checkDangerousParams();
|
EnvHelper.checkDangerousParams();
|
||||||
//if(!LauncherAgent.isStarted()) throw new SecurityException("JavaAgent not set");
|
//if(!LauncherAgent.isStarted()) throw new SecurityException("JavaAgent not set");
|
||||||
JVMHelper.verifyNoAgent();
|
verifyNoAgent();
|
||||||
LogHelper.printVersion("Launcher");
|
LogHelper.printVersion("Launcher");
|
||||||
LogHelper.printLicense("Launcher");
|
LogHelper.printLicense("Launcher");
|
||||||
LauncherEngine.checkClass(LauncherEngine.class);
|
LauncherEngine.checkClass(LauncherEngine.class);
|
||||||
|
@ -91,6 +97,10 @@ public static void initGson(ClientModuleManager modulesManager) {
|
||||||
Launcher.gsonManager.initGson();
|
Launcher.gsonManager.initGson();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void verifyNoAgent() {
|
||||||
|
if (JVMHelper.RUNTIME_MXBEAN.getInputArguments().stream().filter(e -> e != null && !e.isEmpty()).anyMatch(e -> e.contains("javaagent"))) throw new SecurityException("JavaAgent found");
|
||||||
|
}
|
||||||
|
|
||||||
public void readKeys() throws IOException, InvalidKeySpecException {
|
public void readKeys() throws IOException, InvalidKeySpecException {
|
||||||
if (privateKey != null || publicKey != null) return;
|
if (privateKey != null || publicKey != null) return;
|
||||||
Path dir = DirBridge.dir;
|
Path dir = DirBridge.dir;
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
import pro.gravit.launcher.Launcher;
|
import pro.gravit.launcher.Launcher;
|
||||||
import pro.gravit.launcher.modules.LauncherModule;
|
import pro.gravit.launcher.modules.LauncherModule;
|
||||||
import pro.gravit.launcher.modules.impl.SimpleModuleManager;
|
import pro.gravit.launcher.modules.impl.SimpleModuleManager;
|
||||||
import pro.gravit.utils.verify.LauncherTrustManager;
|
import pro.gravit.launcher.LauncherTrustManager;
|
||||||
|
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
|
@ -5,7 +5,6 @@
|
||||||
import pro.gravit.launcher.serialize.stream.StreamObject;
|
import pro.gravit.launcher.serialize.stream.StreamObject;
|
||||||
import pro.gravit.utils.helper.SecurityHelper;
|
import pro.gravit.utils.helper.SecurityHelper;
|
||||||
import pro.gravit.utils.helper.VerifyHelper;
|
import pro.gravit.utils.helper.VerifyHelper;
|
||||||
import pro.gravit.utils.verify.LauncherTrustManager;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
import pro.gravit.utils.helper.IOHelper;
|
import pro.gravit.utils.helper.IOHelper;
|
||||||
import pro.gravit.utils.helper.JVMHelper;
|
import pro.gravit.utils.helper.JVMHelper;
|
||||||
import pro.gravit.utils.helper.LogHelper;
|
import pro.gravit.utils.helper.LogHelper;
|
||||||
import pro.gravit.utils.verify.LauncherTrustManager;
|
import pro.gravit.launcher.LauncherTrustManager;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.lang.invoke.MethodHandles;
|
import java.lang.invoke.MethodHandles;
|
||||||
|
@ -169,11 +169,16 @@ public LauncherModule loadModule(Path file) throws IOException {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
//JVMHelper.getCertificates
|
||||||
|
private static X509Certificate[] getCertificates(Class<?> clazz) {
|
||||||
|
Object[] signers = clazz.getSigners();
|
||||||
|
if (signers == null) return null;
|
||||||
|
return Arrays.stream(signers).filter((c) -> c instanceof X509Certificate).map((c) -> (X509Certificate) c).toArray(X509Certificate[]::new);
|
||||||
|
}
|
||||||
|
|
||||||
public void checkModuleClass(Class<? extends LauncherModule> clazz, LauncherTrustManager.CheckMode mode) throws SecurityException {
|
public void checkModuleClass(Class<? extends LauncherModule> clazz, LauncherTrustManager.CheckMode mode) throws SecurityException {
|
||||||
if (trustManager == null) return;
|
if (trustManager == null) return;
|
||||||
X509Certificate[] certificates = JVMHelper.getCertificates(clazz);
|
X509Certificate[] certificates = getCertificates(clazz);
|
||||||
if (certificates == null) {
|
if (certificates == null) {
|
||||||
if (mode == LauncherTrustManager.CheckMode.EXCEPTION_IN_NOT_SIGNED)
|
if (mode == LauncherTrustManager.CheckMode.EXCEPTION_IN_NOT_SIGNED)
|
||||||
throw new SecurityException(String.format("Class %s not signed", clazz.getName()));
|
throw new SecurityException(String.format("Class %s not signed", clazz.getName()));
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
package pro.gravit.utils;
|
package pro.gravit.launcher;
|
||||||
|
|
||||||
import com.google.gson.JsonElement;
|
import com.google.gson.JsonElement;
|
||||||
import com.google.gson.JsonParser;
|
import com.google.gson.JsonParser;
|
||||||
|
@ -17,25 +17,6 @@ public final class HTTPRequest {
|
||||||
private static final int TIMEOUT = 10000;
|
private static final int TIMEOUT = 10000;
|
||||||
private static final JsonParser parser = new JsonParser();
|
private static final JsonParser parser = new JsonParser();
|
||||||
|
|
||||||
public static int sendCrashreport(String strurl, byte[] data) throws IOException {
|
|
||||||
URL url = new URL(strurl);
|
|
||||||
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
|
|
||||||
connection.setRequestMethod("POST");
|
|
||||||
connection.setRequestProperty("Content-Type",
|
|
||||||
"application/x-www-form-urlencoded");
|
|
||||||
connection.setRequestProperty("Content-Length",
|
|
||||||
Integer.toString(data.length));
|
|
||||||
connection.setRequestProperty("Content-Language", "en-US");
|
|
||||||
OutputStream outputStream = connection.getOutputStream();
|
|
||||||
outputStream.write(data);
|
|
||||||
outputStream.close();
|
|
||||||
return connection.getResponseCode();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static int sendCrashreport(String strurl, String data) throws IOException {
|
|
||||||
return sendCrashreport(strurl, data.getBytes(IOHelper.UNICODE_CHARSET));
|
|
||||||
}
|
|
||||||
|
|
||||||
public static JsonElement jsonRequest(JsonElement request, URL url) throws IOException {
|
public static JsonElement jsonRequest(JsonElement request, URL url) throws IOException {
|
||||||
return jsonRequest(request, "POST", url);
|
return jsonRequest(request, "POST", url);
|
||||||
}
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
package pro.gravit.utils.verify;
|
package pro.gravit.launcher;
|
||||||
|
|
||||||
import pro.gravit.utils.helper.LogHelper;
|
import pro.gravit.utils.helper.LogHelper;
|
||||||
|
|
|
@ -190,7 +190,4 @@ public static void verifySystemProperties(Class<?> mainClass, boolean requireSys
|
||||||
private JVMHelper() {
|
private JVMHelper() {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void verifyNoAgent() {
|
|
||||||
if (RUNTIME_MXBEAN.getInputArguments().stream().filter(e -> e != null && !e.isEmpty()).anyMatch(e -> e.contains("javaagent"))) throw new SecurityException("JavaAgent found");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
2
modules
2
modules
|
@ -1 +1 @@
|
||||||
Subproject commit 9ee94152da6ae8e3ea045484f60b2a2246b4e993
|
Subproject commit 9282291e67d54aa617d32e78ef70a62b50a4c428
|
Loading…
Reference in a new issue