[FIX] Фиксы системы сертификатов

LaunchServer/src/main/java/pro/gravit/launchserver/LaunchServerStarter.java

@@ -32,6 +32,7 @@
 import pro.gravit.launchserver.manangers.LaunchServerGsonManager;
 import pro.gravit.launchserver.modules.impl.LaunchServerModulesManager;
 import pro.gravit.launchserver.socket.WebSocketService;
+import pro.gravit.utils.Version;
 import pro.gravit.utils.command.CommandHandler;
 import pro.gravit.utils.command.JLineCommandHandler;
 import pro.gravit.utils.command.StdCommandHandler;
@@ -41,9 +42,8 @@
 import pro.gravit.utils.helper.SecurityHelper;
 import pro.gravit.utils.verify.LauncherTrustManager;
 
-import javax.crypto.Cipher;
-
 public class LaunchServerStarter {
+    public static boolean allowUnsigned = Boolean.getBoolean("launchserver.allowUnsigned");
     public static void main(String[] args) throws Exception {
         JVMHelper.checkStackTrace(LaunchServerStarter.class);
         JVMHelper.verifySystemProperties(LaunchServer.class, true);
@@ -67,6 +67,12 @@ public static void main(String[] args) throws Exception {
         } catch (CertificateException e) {
             throw new IOException(e);
         }
+        {
+            LauncherTrustManager.CheckMode mode = (Version.RELEASE == Version.Type.LTS || Version.RELEASE == Version.Type.STABLE) ?
+                    (allowUnsigned ? LauncherTrustManager.CheckMode.WARN_IN_NOT_SIGNED : LauncherTrustManager.CheckMode.EXCEPTION_IN_NOT_SIGNED) :
+                    (allowUnsigned ? LauncherTrustManager.CheckMode.NONE_IN_NOT_SIGNED : LauncherTrustManager.CheckMode.WARN_IN_NOT_SIGNED);
+            certificateManager.checkClass(LaunchServer.class, mode);
+        }
 
         LaunchServerRuntimeConfig runtimeConfig;
         LaunchServerConfig config;

LaunchServer/src/main/java/pro/gravit/launchserver/manangers/CertificateManager.java

@@ -8,12 +8,7 @@
 import java.nio.file.Path;
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
-import java.security.InvalidAlgorithmParameterException;
+import java.security.*;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -48,6 +43,8 @@
 import org.bouncycastle.util.io.pem.PemWriter;
 
 import pro.gravit.utils.helper.IOHelper;
+import pro.gravit.utils.helper.JVMHelper;
+import pro.gravit.utils.helper.LogHelper;
 import pro.gravit.utils.helper.SecurityHelper;
 import pro.gravit.utils.verify.LauncherTrustManager;
 
@@ -207,4 +204,25 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IO
         }, false);
         trustManager = new LauncherTrustManager(certificates.toArray(new X509Certificate[0]));
     }
+
+    public void checkClass(Class<?> clazz, LauncherTrustManager.CheckMode mode) throws SecurityException
+    {
+        if(trustManager == null) return;
+        X509Certificate[] certificates = JVMHelper.getCertificates(clazz);
+        if(certificates == null)
+        {
+            if(mode == LauncherTrustManager.CheckMode.EXCEPTION_IN_NOT_SIGNED)
+                throw new SecurityException(String.format("Class %s not signed", clazz.getName()));
+            else if(mode == LauncherTrustManager.CheckMode.WARN_IN_NOT_SIGNED)
+                LogHelper.warning("Class %s not signed", clazz.getName());
+            return;
+        }
+        try {
+            trustManager.checkCertificate(certificates, (c,s) -> {
+
+            });
+        } catch (CertificateException | NoSuchProviderException | NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
+            throw new SecurityException(e);
+        }
+    }
 }

LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/NettyServerSocketHandler.java

@@ -1,24 +1,9 @@
 package pro.gravit.launchserver.socket.handlers;
 
-import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.net.Socket;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
 import java.util.Set;
-
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLServerSocketFactory;
-import javax.net.ssl.TrustManager;
-
-import pro.gravit.launcher.ssl.LauncherKeyStore;
-import pro.gravit.launcher.ssl.LauncherTrustManager;
 import pro.gravit.launchserver.LaunchServer;
 import pro.gravit.launchserver.config.LaunchServerConfig;
 import pro.gravit.launchserver.socket.LauncherNettyServer;
@@ -46,20 +31,6 @@ public void close() {
         //TODO: Close Impl
     }
 
-    public SSLContext SSLContextInit() throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, IOException, CertificateException {
-        TrustManager[] trustAllCerts = new TrustManager[]{
-                new LauncherTrustManager()
-        };
-        KeyStore ks = LauncherKeyStore.getKeyStore("keystore", "PSP1000");
-
-        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
-                .getDefaultAlgorithm());
-        kmf.init(ks, "PSP1000".toCharArray());
-        SSLContext sc = SSLContext.getInstance("TLSv1.2");
-        sc.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom());
-        return sc;
-    }
-
     @Override
     public void run() {
         /*SSLContext sc = null;

LauncherAPI/src/main/java/pro/gravit/launcher/modules/impl/SimpleModuleManager.java

@@ -40,6 +40,7 @@ public class SimpleModuleManager implements LauncherModulesManager {
     protected final Path modulesDir;
     protected final LauncherTrustManager trustManager;
     protected LauncherInitContext initContext;
+    protected LauncherTrustManager.CheckMode checkMode = LauncherTrustManager.CheckMode.WARN_IN_NOT_SIGNED;
 
     protected PublicURLClassLoader classLoader = new PublicURLClassLoader(new URL[]{});
 
@@ -160,7 +161,7 @@ public LauncherModule loadModule(Path file) throws IOException {
             classLoader.addURL(file.toUri().toURL());
             @SuppressWarnings("unchecked cast")
             Class<? extends LauncherModule> clazz = (Class<? extends LauncherModule>) Class.forName(moduleClass, false, classLoader);
-            checkModuleClass(clazz);
+            checkModuleClass(clazz, checkMode);
             LauncherModule module = clazz.newInstance();
             loadModule(module);
             return module;
@@ -171,13 +172,19 @@ public LauncherModule loadModule(Path file) throws IOException {
         }
     }
 
-    protected void checkModuleClass(Class<? extends LauncherModule> clazz) throws SecurityException
+
+
+    public void checkModuleClass(Class<? extends LauncherModule> clazz, LauncherTrustManager.CheckMode mode) throws SecurityException
     {
         if(trustManager == null) return;
         X509Certificate[] certificates = JVMHelper.getCertificates(clazz);
         if(certificates == null)
         {
-            LogHelper.warning("Module class %s not signed", clazz.getName());
+            if(mode == LauncherTrustManager.CheckMode.EXCEPTION_IN_NOT_SIGNED)
+                throw new SecurityException(String.format("Class %s not signed", clazz.getName()));
+            else if(mode == LauncherTrustManager.CheckMode.WARN_IN_NOT_SIGNED)
+                LogHelper.warning("Class %s not signed", clazz.getName());
+            return;
         }
         try {
             trustManager.checkCertificate(certificates, (c,s) -> {

LauncherCore/src/main/java/pro/gravit/utils/verify/LauncherTrustManager.java

@@ -37,6 +37,12 @@ public LauncherTrustManager(byte[][] encodedCertificate) throws CertificateExcep
             }
         }).toArray(X509Certificate[]::new);
     }
+
+    public enum CheckMode
+    {
+        EXCEPTION_IN_NOT_SIGNED, WARN_IN_NOT_SIGNED, NONE_IN_NOT_SIGNED
+    }
+
     public interface CertificateChecker
     {
         void check(X509Certificate cert, X509Certificate signer) throws CertificateException, SecurityException;