Lanmikeman/Launcher
1
1
Fork 0
mirror of https://github.com/GravitLauncher/Launcher synced 2024-12-22 16:41:46 +03:00
Code Issues Projects Releases Packages Wiki Activity

[FIX] SecurityCheck command

Browse source
This commit is contained in:
Gravita 2021-06-22 11:45:04 +07:00
parent 81be9d21de
commit b4718a8062
1 changed files with 37 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
LaunchServer/src/main/java/pro/gravit/launchserver/command/service/SecurityCheckCommand.java
View file

@ -12,17 +12,25 @@
import pro.gravit.launchserver.command.Command;
import pro.gravit.launchserver.components.ProGuardComponent;
import pro.gravit.launchserver.config.LaunchServerConfig;
import pro.gravit.launchserver.helper.SignHelper;
import pro.gravit.utils.helper.IOHelper;
import pro.gravit.utils.helper.JVMHelper;
import pro.gravit.utils.helper.LogHelper;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.stream.Collectors;
public class SecurityCheckCommand extends Command {
private static transient final Logger logger = LogManager.getLogger();
@ -32,7 +40,13 @@ public SecurityCheckCommand(LaunchServer server) {
}
public static void printCheckResult(String module, String comment, Boolean status) {
logger.info(String.format("[%s] %s - %s", module, comment, status == null ? "WARN" : (status ? "OK" : "FAIL")), false);
if (status == null) {
logger.warn(String.format("[%s] %s", module, comment));
} else if (status) {
logger.info(String.format("[%s] %s OK", module, comment));
} else {
logger.error(String.format("[%s] %s", module, comment));
}
}
@Deprecated
@ -119,25 +133,30 @@ public void invoke(String... args) {
if (!config.sign.enabled) {
printCheckResult("sign", "it is recommended to use a signature", null);
} else {
/*boolean bad = false;
KeyStore keyStore = SignHelper.getStore(new File(config.sign.keyStore).toPath(), config.sign.keyStorePass, config.sign.keyStoreType);
X509Certificate[] certChain = (X509Certificate[]) keyStore.getCertificateChain(config.sign.keyAlias);
X509Certificate cert = (X509Certificate) keyStore.getCertificate(config.sign.keyAlias);
cert.checkValidity();
if(certChain.length <= 1) {
printCheckResult("sign", "certificate chain contains <2 element(recommend 2 and more)", false);
boolean bad = false;
try {
KeyStore keyStore = SignHelper.getStore(new File(config.sign.keyStore).toPath(), config.sign.keyStorePass, config.sign.keyStoreType);
Certificate[] certChainPlain = keyStore.getCertificateChain(config.sign.keyAlias);
List<X509Certificate> certChain = Arrays.stream(certChainPlain).map(e -> (X509Certificate) e).collect(Collectors.toList());
X509Certificate cert = certChain.get(0);
cert.checkValidity();
if (certChain.size() <= 1) {
printCheckResult("sign", "certificate chain contains <2 element(recommend 2 and more)", false);
bad = true;
}
if ((cert.getBasicConstraints() & 1) == 1) {
printCheckResult("sign", "end certificate - CA", false);
bad = true;
}
for (X509Certificate certificate : certChain) {
certificate.checkValidity();
}
} catch (Throwable e) {
logger.error("Sign check failed", e);
bad = true;
}
if((cert.getBasicConstraints() & 1) != 0) {
printCheckResult("sign", "end certificate - CA", false);
bad = true;
}
for(X509Certificate certificate : certChain)
{
certificate.checkValidity();
}
if(!bad)*/
printCheckResult("sign", "", true);
if (!bad)
printCheckResult("sign", "", true);
}
if (config.components.values().stream().noneMatch(c -> c instanceof ProGuardComponent)) {