mirror of
https://github.com/GravitLauncher/Launcher
synced 2024-12-23 00:51:01 +03:00
[FIX] SecurityCheck command
This commit is contained in:
parent
81be9d21de
commit
b4718a8062
1 changed files with 37 additions and 18 deletions
|
@ -12,17 +12,25 @@
|
||||||
import pro.gravit.launchserver.command.Command;
|
import pro.gravit.launchserver.command.Command;
|
||||||
import pro.gravit.launchserver.components.ProGuardComponent;
|
import pro.gravit.launchserver.components.ProGuardComponent;
|
||||||
import pro.gravit.launchserver.config.LaunchServerConfig;
|
import pro.gravit.launchserver.config.LaunchServerConfig;
|
||||||
|
import pro.gravit.launchserver.helper.SignHelper;
|
||||||
import pro.gravit.utils.helper.IOHelper;
|
import pro.gravit.utils.helper.IOHelper;
|
||||||
import pro.gravit.utils.helper.JVMHelper;
|
import pro.gravit.utils.helper.JVMHelper;
|
||||||
import pro.gravit.utils.helper.LogHelper;
|
import pro.gravit.utils.helper.LogHelper;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.nio.file.Paths;
|
import java.nio.file.Paths;
|
||||||
import java.nio.file.attribute.PosixFilePermission;
|
import java.nio.file.attribute.PosixFilePermission;
|
||||||
|
import java.security.KeyStore;
|
||||||
|
import java.security.cert.Certificate;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.StringTokenizer;
|
import java.util.StringTokenizer;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
public class SecurityCheckCommand extends Command {
|
public class SecurityCheckCommand extends Command {
|
||||||
private static transient final Logger logger = LogManager.getLogger();
|
private static transient final Logger logger = LogManager.getLogger();
|
||||||
|
@ -32,7 +40,13 @@ public SecurityCheckCommand(LaunchServer server) {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void printCheckResult(String module, String comment, Boolean status) {
|
public static void printCheckResult(String module, String comment, Boolean status) {
|
||||||
logger.info(String.format("[%s] %s - %s", module, comment, status == null ? "WARN" : (status ? "OK" : "FAIL")), false);
|
if (status == null) {
|
||||||
|
logger.warn(String.format("[%s] %s", module, comment));
|
||||||
|
} else if (status) {
|
||||||
|
logger.info(String.format("[%s] %s OK", module, comment));
|
||||||
|
} else {
|
||||||
|
logger.error(String.format("[%s] %s", module, comment));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Deprecated
|
@Deprecated
|
||||||
|
@ -119,25 +133,30 @@ public void invoke(String... args) {
|
||||||
if (!config.sign.enabled) {
|
if (!config.sign.enabled) {
|
||||||
printCheckResult("sign", "it is recommended to use a signature", null);
|
printCheckResult("sign", "it is recommended to use a signature", null);
|
||||||
} else {
|
} else {
|
||||||
/*boolean bad = false;
|
boolean bad = false;
|
||||||
KeyStore keyStore = SignHelper.getStore(new File(config.sign.keyStore).toPath(), config.sign.keyStorePass, config.sign.keyStoreType);
|
try {
|
||||||
X509Certificate[] certChain = (X509Certificate[]) keyStore.getCertificateChain(config.sign.keyAlias);
|
KeyStore keyStore = SignHelper.getStore(new File(config.sign.keyStore).toPath(), config.sign.keyStorePass, config.sign.keyStoreType);
|
||||||
X509Certificate cert = (X509Certificate) keyStore.getCertificate(config.sign.keyAlias);
|
Certificate[] certChainPlain = keyStore.getCertificateChain(config.sign.keyAlias);
|
||||||
cert.checkValidity();
|
List<X509Certificate> certChain = Arrays.stream(certChainPlain).map(e -> (X509Certificate) e).collect(Collectors.toList());
|
||||||
if(certChain.length <= 1) {
|
X509Certificate cert = certChain.get(0);
|
||||||
printCheckResult("sign", "certificate chain contains <2 element(recommend 2 and more)", false);
|
cert.checkValidity();
|
||||||
|
if (certChain.size() <= 1) {
|
||||||
|
printCheckResult("sign", "certificate chain contains <2 element(recommend 2 and more)", false);
|
||||||
|
bad = true;
|
||||||
|
}
|
||||||
|
if ((cert.getBasicConstraints() & 1) == 1) {
|
||||||
|
printCheckResult("sign", "end certificate - CA", false);
|
||||||
|
bad = true;
|
||||||
|
}
|
||||||
|
for (X509Certificate certificate : certChain) {
|
||||||
|
certificate.checkValidity();
|
||||||
|
}
|
||||||
|
} catch (Throwable e) {
|
||||||
|
logger.error("Sign check failed", e);
|
||||||
bad = true;
|
bad = true;
|
||||||
}
|
}
|
||||||
if((cert.getBasicConstraints() & 1) != 0) {
|
if (!bad)
|
||||||
printCheckResult("sign", "end certificate - CA", false);
|
printCheckResult("sign", "", true);
|
||||||
bad = true;
|
|
||||||
}
|
|
||||||
for(X509Certificate certificate : certChain)
|
|
||||||
{
|
|
||||||
certificate.checkValidity();
|
|
||||||
}
|
|
||||||
if(!bad)*/
|
|
||||||
printCheckResult("sign", "", true);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (config.components.values().stream().noneMatch(c -> c instanceof ProGuardComponent)) {
|
if (config.components.values().stream().noneMatch(c -> c instanceof ProGuardComponent)) {
|
||||||
|
|
Loading…
Reference in a new issue