diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/SecurityCheckCommand.java b/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/SecurityCheckCommand.java index b527480f..218b597b 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/SecurityCheckCommand.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/SecurityCheckCommand.java @@ -12,17 +12,25 @@ import pro.gravit.launchserver.command.Command; import pro.gravit.launchserver.components.ProGuardComponent; import pro.gravit.launchserver.config.LaunchServerConfig; +import pro.gravit.launchserver.helper.SignHelper; import pro.gravit.utils.helper.IOHelper; import pro.gravit.utils.helper.JVMHelper; import pro.gravit.utils.helper.LogHelper; +import java.io.File; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.nio.file.attribute.PosixFilePermission; +import java.security.KeyStore; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.List; import java.util.Set; import java.util.StringTokenizer; +import java.util.stream.Collectors; public class SecurityCheckCommand extends Command { private static transient final Logger logger = LogManager.getLogger(); @@ -32,7 +40,13 @@ public SecurityCheckCommand(LaunchServer server) { } public static void printCheckResult(String module, String comment, Boolean status) { - logger.info(String.format("[%s] %s - %s", module, comment, status == null ? "WARN" : (status ? "OK" : "FAIL")), false); + if (status == null) { + logger.warn(String.format("[%s] %s", module, comment)); + } else if (status) { + logger.info(String.format("[%s] %s OK", module, comment)); + } else { + logger.error(String.format("[%s] %s", module, comment)); + } } @Deprecated @@ -119,25 +133,30 @@ public void invoke(String... args) { if (!config.sign.enabled) { printCheckResult("sign", "it is recommended to use a signature", null); } else { - /*boolean bad = false; - KeyStore keyStore = SignHelper.getStore(new File(config.sign.keyStore).toPath(), config.sign.keyStorePass, config.sign.keyStoreType); - X509Certificate[] certChain = (X509Certificate[]) keyStore.getCertificateChain(config.sign.keyAlias); - X509Certificate cert = (X509Certificate) keyStore.getCertificate(config.sign.keyAlias); - cert.checkValidity(); - if(certChain.length <= 1) { - printCheckResult("sign", "certificate chain contains <2 element(recommend 2 and more)", false); + boolean bad = false; + try { + KeyStore keyStore = SignHelper.getStore(new File(config.sign.keyStore).toPath(), config.sign.keyStorePass, config.sign.keyStoreType); + Certificate[] certChainPlain = keyStore.getCertificateChain(config.sign.keyAlias); + List certChain = Arrays.stream(certChainPlain).map(e -> (X509Certificate) e).collect(Collectors.toList()); + X509Certificate cert = certChain.get(0); + cert.checkValidity(); + if (certChain.size() <= 1) { + printCheckResult("sign", "certificate chain contains <2 element(recommend 2 and more)", false); + bad = true; + } + if ((cert.getBasicConstraints() & 1) == 1) { + printCheckResult("sign", "end certificate - CA", false); + bad = true; + } + for (X509Certificate certificate : certChain) { + certificate.checkValidity(); + } + } catch (Throwable e) { + logger.error("Sign check failed", e); bad = true; } - if((cert.getBasicConstraints() & 1) != 0) { - printCheckResult("sign", "end certificate - CA", false); - bad = true; - } - for(X509Certificate certificate : certChain) - { - certificate.checkValidity(); - } - if(!bad)*/ - printCheckResult("sign", "", true); + if (!bad) + printCheckResult("sign", "", true); } if (config.components.values().stream().noneMatch(c -> c instanceof ProGuardComponent)) {