From d9e5e3d3508ec65e4b76ea4a4fa10a7469fa6d58 Mon Sep 17 00:00:00 2001
From: zaxar163 <zahar.vcherachny@yandex.ru>
Date: Sat, 19 Oct 2019 20:38:24 +0300
Subject: [PATCH] =?UTF-8?q?[FEATURE][EXP]=20=D0=90=D0=B2=D1=82=D0=BE=D0=B3?=
 =?UTF-8?q?=D0=B5=D0=BD=D0=B5=D1=80=D0=B0=D1=86=D0=B8=D1=8F=20=D0=BA=D0=BE?=
 =?UTF-8?q?=D0=BD=D1=84=D0=B8=D0=B3=D0=B0,=20=D0=BD=D1=83=D0=B6=D0=B5?=
 =?UTF-8?q?=D0=BD=20=D1=82=D0=B5=D1=81=D1=82!!!?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../binary/tasks/MainBuildTask.java           | 19 ++++++++++++++++++-
 .../gravit/launcher/SecureAutogenConfig.java  | 12 +++++++-----
 .../utils/verify/LauncherTrustManager.java    |  9 +++++++--
 3 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/binary/tasks/MainBuildTask.java b/LaunchServer/src/main/java/pro/gravit/launchserver/binary/tasks/MainBuildTask.java
index 60b17d06..22be4c3e 100644
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/binary/tasks/MainBuildTask.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/binary/tasks/MainBuildTask.java
@@ -5,9 +5,11 @@
 import pro.gravit.launcher.AutogenConfig;
 import pro.gravit.launcher.Launcher;
 import pro.gravit.launcher.LauncherConfig;
+import pro.gravit.launcher.SecureAutogenConfig;
 import pro.gravit.launcher.serialize.HOutput;
 import pro.gravit.launchserver.LaunchServer;
 import pro.gravit.launchserver.asm.ClassMetadataReader;
+import pro.gravit.launchserver.asm.ConfigGenerator;
 import pro.gravit.launchserver.binary.BuildContext;
 import pro.gravit.launchserver.binary.LauncherConfigurator;
 import pro.gravit.utils.helper.IOHelper;
@@ -20,10 +22,13 @@
 import java.nio.file.Path;
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
+import java.security.cert.CertificateEncodingException;
+import java.util.Arrays;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.jar.JarFile;
+import java.util.stream.Collectors;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipException;
 import java.util.zip.ZipInputStream;
@@ -120,6 +125,9 @@ public Path process(Path inputJar) throws IOException {
             ClassNode cn = new ClassNode();
             new ClassReader(IOHelper.getResourceBytes(AutogenConfig.class.getName().replace('.', '/').concat(".class"))).accept(cn, 0);
             LauncherConfigurator launcherConfigurator = new LauncherConfigurator(cn);
+            ClassNode cn1 = new ClassNode();
+            new ClassReader(IOHelper.getResourceBytes(SecureAutogenConfig.class.getName().replace('.', '/').concat(".class"))).accept(cn, 0);
+            ConfigGenerator secureConfigurator = new ConfigGenerator(cn1);
             BuildContext context = new BuildContext(output, launcherConfigurator, this);
             server.buildHookManager.hook(context);
             launcherConfigurator.setStringField("address", server.config.netty.address);
@@ -130,6 +138,14 @@ public Path process(Path inputJar) throws IOException {
             launcherConfigurator.setBooleanField("isWarningMissArchJava", server.config.launcher.warningMissArchJava);
             launcherConfigurator.setEnv(server.config.env);
             launcherConfigurator.setStringField("passwordEncryptKey", server.runtime.passwordEncryptKey);
+            secureConfigurator.setByteArrayListField("certificates", Arrays.stream(server.certificateManager.trustManager.getTrusted()).map(e -> {
+				try {
+					return e.getEncoded();
+				} catch (CertificateEncodingException e2) {
+					LogHelper.error(e2);
+					return new byte[0];
+				}
+			}).collect(Collectors.toList()));
             String launcherSalt = SecurityHelper.randomStringToken();
             byte[] launcherSecureHash = SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA256,
                     server.runtime.clientCheckSecret.concat(".").concat(launcherSalt));
@@ -148,11 +164,12 @@ public Path process(Path inputJar) throws IOException {
                 }
             });
             String zPath = launcherConfigurator.getZipEntryPath();
+            String sPath = secureConfigurator.getZipEntryPath();
             try (ZipInputStream input = new ZipInputStream(IOHelper.newInput(inputJar))) {
                 ZipEntry e = input.getNextEntry();
                 while (e != null) {
                     String filename = e.getName();
-                    if (server.buildHookManager.isContainsBlacklist(filename) || e.isDirectory() || zPath.equals(filename)) {
+                    if (server.buildHookManager.isContainsBlacklist(filename) || e.isDirectory() || zPath.equals(filename) || sPath.equals(filename)) {
                         e = input.getNextEntry();
                         continue;
                     }
diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/SecureAutogenConfig.java b/LauncherAPI/src/main/java/pro/gravit/launcher/SecureAutogenConfig.java
index 6a0b9443..15c94a06 100644
--- a/LauncherAPI/src/main/java/pro/gravit/launcher/SecureAutogenConfig.java
+++ b/LauncherAPI/src/main/java/pro/gravit/launcher/SecureAutogenConfig.java
@@ -1,13 +1,17 @@
 package pro.gravit.launcher;
 
+import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
 
 public class SecureAutogenConfig {
-    public final byte[][] certificates;
+	public static final Charset KEY_CHARSET = StandardCharsets.US_ASCII; // ? Какая из них, но выбрать надо однозачно проверить методом тыка!!!
+    public final List<byte[]> certificates;
 
     public SecureAutogenConfig() {
         //Пока не реализован SecureLauncherConfigurator
-        certificates = new byte[][]{
+        certificates = Arrays.asList(
                 ("-----BEGIN CERTIFICATE-----\n" +
                         "MIIFyjCCA7KgAwIBAgIRALnsjNjfvOTXfla3fX1fNEUwDQYJKoZIhvcNAQELBQAw\n" +
                         "WTELMAkGA1UEBhMCUlUxFzAVBgNVBAoTDkdyYXZpdFRydXN0IENBMRAwDgYDVQQL\n" +
@@ -40,8 +44,6 @@ public SecureAutogenConfig() {
                         "OATWgSKH0qTkleE/v7k+USs0a+KV8wmC5wwliqH+uLO++yIP/9bjDctyLulQX5Ee\n" +
                         "+EhD7tb1R/yyWY4uhkzlsr3N2Kl34aQAEBMn8Z1mHsyyu1FcbEaNLU8jcS3pHPVM\n" +
                         "gQRn3m1iDnQlFciAMxW0pW6mW/4xKYzhXk5BTSolnqMVylxHgWXuBwdDDQQVnQ==\n" +
-                        "-----END CERTIFICATE-----").getBytes(StandardCharsets.US_ASCII)
-                // ? Какая из них, но выбрать надо однозачно
-        };
+                        "-----END CERTIFICATE-----").getBytes(KEY_CHARSET));
     }
 }
diff --git a/LauncherCore/src/main/java/pro/gravit/utils/verify/LauncherTrustManager.java b/LauncherCore/src/main/java/pro/gravit/utils/verify/LauncherTrustManager.java
index 1171c947..8e4de504 100644
--- a/LauncherCore/src/main/java/pro/gravit/utils/verify/LauncherTrustManager.java
+++ b/LauncherCore/src/main/java/pro/gravit/utils/verify/LauncherTrustManager.java
@@ -26,9 +26,9 @@ public LauncherTrustManager(X509Certificate[] trustSigners) {
         this.trustSigners = trustSigners;
     }
 
-    public LauncherTrustManager(byte[][] encodedCertificate) throws CertificateException {
+    public LauncherTrustManager(List<byte[]> encodedCertificate) throws CertificateException {
         CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
-        trustSigners = Arrays.stream(encodedCertificate).map((cert) -> {
+        trustSigners = encodedCertificate.stream().map((cert) -> {
             try (InputStream input = new ByteArrayInputStream(cert)) {
                 return (X509Certificate) certFactory.generateCertificate(input);
             } catch (IOException | CertificateException e) {
@@ -82,4 +82,9 @@ public boolean isTrusted(X509Certificate certificate) throws CertificateEncoding
         }
         return false;
     }
+
+
+    public X509Certificate[] getTrusted() {
+        return Arrays.copyOf(trustSigners, trustSigners.length); // AntiModify orig array!!!
+    }
 }