[FEATURE] KeyAgreementManager

This commit is contained in:
Gravita 2021-04-07 14:00:30 +07:00
parent 92f19ffc5d
commit e9b14c921c
11 changed files with 214 additions and 66 deletions

View file

@ -81,13 +81,9 @@ public final class LaunchServer implements Runnable, AutoCloseable, Reconfigurab
* This object contains runtime configuration * This object contains runtime configuration
*/ */
public final LaunchServerRuntimeConfig runtime; public final LaunchServerRuntimeConfig runtime;
/** @Deprecated
* Public ECDSA LaunchServer key
*/
public final ECPublicKey publicKey; public final ECPublicKey publicKey;
/** @Deprecated
* Private ECDSA LaunchServer key
*/
public final ECPrivateKey privateKey; public final ECPrivateKey privateKey;
/** /**
* Pipeline for building JAR * Pipeline for building JAR
@ -110,6 +106,7 @@ public final class LaunchServer implements Runnable, AutoCloseable, Reconfigurab
public final ConfigManager configManager; public final ConfigManager configManager;
public final PingServerManager pingServerManager; public final PingServerManager pingServerManager;
public final FeaturesManager featuresManager; public final FeaturesManager featuresManager;
public final KeyAgreementManager keyAgreementManager;
// HWID ban + anti-brutforce // HWID ban + anti-brutforce
public final CertificateManager certificateManager; public final CertificateManager certificateManager;
// Server // Server
@ -123,7 +120,7 @@ public final class LaunchServer implements Runnable, AutoCloseable, Reconfigurab
// Updates and profiles // Updates and profiles
private volatile List<ClientProfile> profilesList; private volatile List<ClientProfile> profilesList;
public LaunchServer(LaunchServerDirectories directories, LaunchServerEnv env, LaunchServerConfig config, LaunchServerRuntimeConfig runtimeConfig, LaunchServerConfigManager launchServerConfigManager, LaunchServerModulesManager modulesManager, ECPublicKey publicKey, ECPrivateKey privateKey, CommandHandler commandHandler, CertificateManager certificateManager) throws IOException { public LaunchServer(LaunchServerDirectories directories, LaunchServerEnv env, LaunchServerConfig config, LaunchServerRuntimeConfig runtimeConfig, LaunchServerConfigManager launchServerConfigManager, LaunchServerModulesManager modulesManager, KeyAgreementManager keyAgreementManager, CommandHandler commandHandler, CertificateManager certificateManager) throws IOException {
this.dir = directories.dir; this.dir = directories.dir;
this.env = env; this.env = env;
this.config = config; this.config = config;
@ -131,8 +128,9 @@ public LaunchServer(LaunchServerDirectories directories, LaunchServerEnv env, La
this.modulesManager = modulesManager; this.modulesManager = modulesManager;
this.profilesDir = directories.profilesDir; this.profilesDir = directories.profilesDir;
this.updatesDir = directories.updatesDir; this.updatesDir = directories.updatesDir;
this.publicKey = publicKey; this.keyAgreementManager = keyAgreementManager;
this.privateKey = privateKey; this.publicKey = keyAgreementManager.ecdsaPublicKey;
this.privateKey = keyAgreementManager.ecdsaPrivateKey;
this.commandHandler = commandHandler; this.commandHandler = commandHandler;
this.runtime = runtimeConfig; this.runtime = runtimeConfig;
this.certificateManager = certificateManager; this.certificateManager = certificateManager;
@ -510,11 +508,12 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IO
public static class LaunchServerDirectories { public static class LaunchServerDirectories {
public static final String UPDATES_NAME = "updates", PROFILES_NAME = "profiles", public static final String UPDATES_NAME = "updates", PROFILES_NAME = "profiles",
TRUSTSTORE_NAME = "truststore", LAUNCHERLIBRARIES_NAME = "launcher-libraries", TRUSTSTORE_NAME = "truststore", LAUNCHERLIBRARIES_NAME = "launcher-libraries",
LAUNCHERLIBRARIESCOMPILE_NAME = "launcher-libraries-compile"; LAUNCHERLIBRARIESCOMPILE_NAME = "launcher-libraries-compile", KEY_NAME = ".keys";
public Path updatesDir; public Path updatesDir;
public Path profilesDir; public Path profilesDir;
public Path launcherLibrariesDir; public Path launcherLibrariesDir;
public Path launcherLibrariesCompileDir; public Path launcherLibrariesCompileDir;
public Path keyDirectory;
public Path dir; public Path dir;
public Path trustStore; public Path trustStore;
@ -525,6 +524,7 @@ public void collect() {
if (launcherLibrariesDir == null) launcherLibrariesDir = dir.resolve(LAUNCHERLIBRARIES_NAME); if (launcherLibrariesDir == null) launcherLibrariesDir = dir.resolve(LAUNCHERLIBRARIES_NAME);
if (launcherLibrariesCompileDir == null) if (launcherLibrariesCompileDir == null)
launcherLibrariesCompileDir = dir.resolve(LAUNCHERLIBRARIESCOMPILE_NAME); launcherLibrariesCompileDir = dir.resolve(LAUNCHERLIBRARIESCOMPILE_NAME);
if(keyDirectory == null) keyDirectory = dir.resolve(KEY_NAME);
} }
} }
} }

View file

@ -3,6 +3,7 @@
import pro.gravit.launchserver.config.LaunchServerConfig; import pro.gravit.launchserver.config.LaunchServerConfig;
import pro.gravit.launchserver.config.LaunchServerRuntimeConfig; import pro.gravit.launchserver.config.LaunchServerRuntimeConfig;
import pro.gravit.launchserver.manangers.CertificateManager; import pro.gravit.launchserver.manangers.CertificateManager;
import pro.gravit.launchserver.manangers.KeyAgreementManager;
import pro.gravit.launchserver.modules.impl.LaunchServerModulesManager; import pro.gravit.launchserver.modules.impl.LaunchServerModulesManager;
import pro.gravit.utils.command.CommandHandler; import pro.gravit.utils.command.CommandHandler;
@ -17,8 +18,7 @@ public class LaunchServerBuilder {
private LaunchServer.LaunchServerEnv env; private LaunchServer.LaunchServerEnv env;
private LaunchServerModulesManager modulesManager; private LaunchServerModulesManager modulesManager;
private LaunchServer.LaunchServerDirectories directories = new LaunchServer.LaunchServerDirectories(); private LaunchServer.LaunchServerDirectories directories = new LaunchServer.LaunchServerDirectories();
private ECPublicKey publicKey; private KeyAgreementManager keyAgreementManager;
private ECPrivateKey privateKey;
private CertificateManager certificateManager; private CertificateManager certificateManager;
private LaunchServer.LaunchServerConfigManager launchServerConfigManager; private LaunchServer.LaunchServerConfigManager launchServerConfigManager;
@ -57,16 +57,6 @@ public LaunchServerBuilder setDir(Path dir) {
return this; return this;
} }
public LaunchServerBuilder setPublicKey(ECPublicKey publicKey) {
this.publicKey = publicKey;
return this;
}
public LaunchServerBuilder setPrivateKey(ECPrivateKey privateKey) {
this.privateKey = privateKey;
return this;
}
public LaunchServerBuilder setLaunchServerConfigManager(LaunchServer.LaunchServerConfigManager launchServerConfigManager) { public LaunchServerBuilder setLaunchServerConfigManager(LaunchServer.LaunchServerConfigManager launchServerConfigManager) {
this.launchServerConfigManager = launchServerConfigManager; this.launchServerConfigManager = launchServerConfigManager;
return this; return this;
@ -97,11 +87,18 @@ public void writeRuntimeConfig(LaunchServerRuntimeConfig config) {
} }
}; };
} }
return new LaunchServer(directories, env, config, runtimeConfig, launchServerConfigManager, modulesManager, publicKey, privateKey, commandHandler, certificateManager); if(keyAgreementManager == null) {
keyAgreementManager = new KeyAgreementManager(directories.keyDirectory);
}
return new LaunchServer(directories, env, config, runtimeConfig, launchServerConfigManager, modulesManager, keyAgreementManager, commandHandler, certificateManager);
} }
public LaunchServerBuilder setCertificateManager(CertificateManager certificateManager) { public LaunchServerBuilder setCertificateManager(CertificateManager certificateManager) {
this.certificateManager = certificateManager; this.certificateManager = certificateManager;
return this; return this;
} }
public void setKeyAgreementManager(KeyAgreementManager keyAgreementManager) {
this.keyAgreementManager = keyAgreementManager;
}
} }

View file

@ -120,11 +120,11 @@ public static void main(String[] args) throws Exception {
} }
if (IOHelper.isFile(publicKeyFile) && IOHelper.isFile(privateKeyFile)) { if (IOHelper.isFile(publicKeyFile) && IOHelper.isFile(privateKeyFile)) {
LogHelper.info("Reading EC keypair"); LogHelper.info("Reading EC keypair");
publicKey = SecurityHelper.toPublicECKey(IOHelper.read(publicKeyFile)); publicKey = SecurityHelper.toPublicECDSAKey(IOHelper.read(publicKeyFile));
privateKey = SecurityHelper.toPrivateECKey(IOHelper.read(privateKeyFile)); privateKey = SecurityHelper.toPrivateECDSAKey(IOHelper.read(privateKeyFile));
} else { } else {
LogHelper.info("Generating EC keypair"); LogHelper.info("Generating EC keypair");
KeyPair pair = SecurityHelper.genECKeyPair(new SecureRandom()); KeyPair pair = SecurityHelper.genECDSAKeyPair(new SecureRandom());
publicKey = (ECPublicKey) pair.getPublic(); publicKey = (ECPublicKey) pair.getPublic();
privateKey = (ECPrivateKey) pair.getPrivate(); privateKey = (ECPrivateKey) pair.getPrivate();
@ -202,8 +202,6 @@ public void writeRuntimeConfig(LaunchServerRuntimeConfig config) throws IOExcept
.setDirectories(directories) .setDirectories(directories)
.setEnv(env) .setEnv(env)
.setCommandHandler(localCommandHandler) .setCommandHandler(localCommandHandler)
.setPrivateKey(privateKey)
.setPublicKey(publicKey)
.setRuntimeConfig(runtimeConfig) .setRuntimeConfig(runtimeConfig)
.setConfig(config) .setConfig(config)
.setModulesManager(modulesManager) .setModulesManager(modulesManager)

View file

@ -19,7 +19,7 @@ default byte[] generateSecureLevelKey() {
default void verifySecureLevelKey(byte[] publicKey, byte[] data, byte[] signature) throws InvalidKeySpecException, SignatureException { default void verifySecureLevelKey(byte[] publicKey, byte[] data, byte[] signature) throws InvalidKeySpecException, SignatureException {
if (publicKey == null || signature == null) throw new InvalidKeySpecException(); if (publicKey == null || signature == null) throw new InvalidKeySpecException();
ECPublicKey pubKey = SecurityHelper.toPublicECKey(publicKey); ECPublicKey pubKey = SecurityHelper.toPublicECDSAKey(publicKey);
Signature sign = SecurityHelper.newECVerifySignature(pubKey); Signature sign = SecurityHelper.newECVerifySignature(pubKey);
sign.update(data); sign.update(data);
sign.verify(signature); sign.verify(signature);

View file

@ -11,7 +11,6 @@ public abstract class LauncherBinary extends BinaryPipeline {
public final LaunchServer server; public final LaunchServer server;
public final Path syncBinaryFile; public final Path syncBinaryFile;
private volatile byte[] digest; private volatile byte[] digest;
private volatile byte[] sign;
protected LauncherBinary(LaunchServer server, Path binaryFile, String nameFormat) { protected LauncherBinary(LaunchServer server, Path binaryFile, String nameFormat) {
super(server.dir.resolve("build"), nameFormat); super(server.dir.resolve("build"), nameFormat);
@ -35,17 +34,12 @@ public final byte[] getDigest() {
return digest; return digest;
} }
public final byte[] getSign() {
return sign;
}
public void init() { public void init() {
} }
public final boolean sync() throws IOException { public final boolean sync() throws IOException {
boolean exists = exists(); boolean exists = exists();
digest = exists ? SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA512, IOHelper.read(syncBinaryFile)) : null; digest = exists ? SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA512, IOHelper.read(syncBinaryFile)) : null;
sign = exists ? SecurityHelper.sign(IOHelper.read(syncBinaryFile), server.privateKey) : null;
return exists; return exists;
} }

View file

@ -0,0 +1,63 @@
package pro.gravit.launchserver.manangers;
import pro.gravit.utils.helper.IOHelper;
import pro.gravit.utils.helper.LogHelper;
import pro.gravit.utils.helper.SecurityHelper;
import java.io.IOException;
import java.nio.file.Path;
import java.security.*;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
public class KeyAgreementManager {
public final ECPublicKey ecdsaPublicKey;
public final ECPrivateKey ecdsaPrivateKey;
public final RSAPublicKey rsaPublicKey;
public final RSAPrivateKey rsaPrivateKey;
public KeyAgreementManager(ECPublicKey ecdsaPublicKey, ECPrivateKey ecdsaPrivateKey, RSAPublicKey rsaPublicKey, RSAPrivateKey rsaPrivateKey) {
this.ecdsaPublicKey = ecdsaPublicKey;
this.ecdsaPrivateKey = ecdsaPrivateKey;
this.rsaPublicKey = rsaPublicKey;
this.rsaPrivateKey = rsaPrivateKey;
}
public KeyAgreementManager(Path keyDirectory) throws IOException, InvalidKeySpecException {
Path ecdsaPublicKeyPath = keyDirectory.resolve("ecdsa_id.pub"), ecdsaPrivateKeyPath = keyDirectory.resolve("ecdsa_id");
if (IOHelper.isFile(ecdsaPublicKeyPath) && IOHelper.isFile(ecdsaPrivateKeyPath)) {
LogHelper.info("Reading ECDSA keypair");
ecdsaPublicKey = SecurityHelper.toPublicECDSAKey(IOHelper.read(ecdsaPublicKeyPath));
ecdsaPrivateKey = SecurityHelper.toPrivateECDSAKey(IOHelper.read(ecdsaPrivateKeyPath));
} else {
LogHelper.info("Generating ECDSA keypair");
KeyPair pair = SecurityHelper.genECDSAKeyPair(new SecureRandom());
ecdsaPublicKey = (ECPublicKey) pair.getPublic();
ecdsaPrivateKey = (ECPrivateKey) pair.getPrivate();
// Write key pair list
LogHelper.info("Writing ECDSA keypair list");
IOHelper.write(ecdsaPublicKeyPath, ecdsaPublicKey.getEncoded());
IOHelper.write(ecdsaPrivateKeyPath, ecdsaPrivateKey.getEncoded());
}
Path rsaPublicKeyPath = keyDirectory.resolve("rsa_id.pub"), rsaPrivateKeyPath = keyDirectory.resolve("rsa_id");
if (IOHelper.isFile(rsaPublicKeyPath) && IOHelper.isFile(rsaPrivateKeyPath)) {
LogHelper.info("Reading RSA keypair");
rsaPublicKey = SecurityHelper.toPublicRSAKey(IOHelper.read(rsaPublicKeyPath));
rsaPrivateKey = SecurityHelper.toPrivateRSAKey(IOHelper.read(rsaPrivateKeyPath));
} else {
LogHelper.info("Generating RSA keypair");
KeyPair pair = SecurityHelper.genRSAKeyPair(new SecureRandom());
rsaPublicKey = (RSAPublicKey) pair.getPublic();
rsaPrivateKey = (RSAPrivateKey) pair.getPrivate();
// Write key pair list
LogHelper.info("Writing RSA keypair list");
IOHelper.write(rsaPublicKeyPath, rsaPublicKey.getEncoded());
IOHelper.write(rsaPrivateKeyPath, rsaPrivateKey.getEncoded());
}
}
}

View file

@ -1,5 +1,6 @@
package pro.gravit.launchserver; package pro.gravit.launchserver;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir; import org.junit.jupiter.api.io.TempDir;
@ -26,6 +27,7 @@
import java.nio.file.Path; import java.nio.file.Path;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.Security;
import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey; import java.security.interfaces.ECPublicKey;
@ -41,22 +43,18 @@ public class ConfigurationTest {
@BeforeAll @BeforeAll
public static void prepare() throws Throwable { public static void prepare() throws Throwable {
if(Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
LaunchServerModulesManager modulesManager = new LaunchServerModulesManager(modulesDir, configDir, null); LaunchServerModulesManager modulesManager = new LaunchServerModulesManager(modulesDir, configDir, null);
LaunchServerConfig config = LaunchServerConfig.getDefault(LaunchServer.LaunchServerEnv.TEST); LaunchServerConfig config = LaunchServerConfig.getDefault(LaunchServer.LaunchServerEnv.TEST);
Launcher.gsonManager = new LaunchServerGsonManager(modulesManager); Launcher.gsonManager = new LaunchServerGsonManager(modulesManager);
Launcher.gsonManager.initGson(); Launcher.gsonManager.initGson();
LaunchServerRuntimeConfig runtimeConfig = new LaunchServerRuntimeConfig(); LaunchServerRuntimeConfig runtimeConfig = new LaunchServerRuntimeConfig();
LaunchServerBuilder builder = new LaunchServerBuilder(); LaunchServerBuilder builder = new LaunchServerBuilder();
KeyPair pair = SecurityHelper.genECKeyPair(new SecureRandom());
ECPublicKey publicKey = (ECPublicKey) pair.getPublic();
ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
launchServerConfigManager = new TestLaunchServerConfigManager(); launchServerConfigManager = new TestLaunchServerConfigManager();
builder.setDir(dir) builder.setDir(dir)
.setEnv(LaunchServer.LaunchServerEnv.TEST) .setEnv(LaunchServer.LaunchServerEnv.TEST)
.setConfig(config) .setConfig(config)
.setRuntimeConfig(runtimeConfig) .setRuntimeConfig(runtimeConfig)
.setPublicKey(publicKey)
.setPrivateKey(privateKey)
.setCertificateManager(new CertificateManager()) .setCertificateManager(new CertificateManager())
.setLaunchServerConfigManager(launchServerConfigManager) .setLaunchServerConfigManager(launchServerConfigManager)
.setModulesManager(modulesManager) .setModulesManager(modulesManager)

View file

@ -1,5 +1,6 @@
package pro.gravit.launchserver; package pro.gravit.launchserver;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.AfterAll; import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -17,6 +18,7 @@
import java.nio.file.Path; import java.nio.file.Path;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.Security;
import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey; import java.security.interfaces.ECPublicKey;
@ -31,21 +33,17 @@ public class StartLaunchServerTest {
@BeforeAll @BeforeAll
public static void prepare() throws Throwable { public static void prepare() throws Throwable {
if(Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
LaunchServerModulesManager modulesManager = new LaunchServerModulesManager(modulesDir, configDir, null); LaunchServerModulesManager modulesManager = new LaunchServerModulesManager(modulesDir, configDir, null);
LaunchServerConfig config = LaunchServerConfig.getDefault(LaunchServer.LaunchServerEnv.TEST); LaunchServerConfig config = LaunchServerConfig.getDefault(LaunchServer.LaunchServerEnv.TEST);
Launcher.gsonManager = new LaunchServerGsonManager(modulesManager); Launcher.gsonManager = new LaunchServerGsonManager(modulesManager);
Launcher.gsonManager.initGson(); Launcher.gsonManager.initGson();
LaunchServerRuntimeConfig runtimeConfig = new LaunchServerRuntimeConfig(); LaunchServerRuntimeConfig runtimeConfig = new LaunchServerRuntimeConfig();
LaunchServerBuilder builder = new LaunchServerBuilder(); LaunchServerBuilder builder = new LaunchServerBuilder();
KeyPair pair = SecurityHelper.genECKeyPair(new SecureRandom());
ECPublicKey publicKey = (ECPublicKey) pair.getPublic();
ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
builder.setDir(dir) builder.setDir(dir)
.setEnv(LaunchServer.LaunchServerEnv.TEST) .setEnv(LaunchServer.LaunchServerEnv.TEST)
.setConfig(config) .setConfig(config)
.setRuntimeConfig(runtimeConfig) .setRuntimeConfig(runtimeConfig)
.setPublicKey(publicKey)
.setPrivateKey(privateKey)
.setCertificateManager(new CertificateManager()) .setCertificateManager(new CertificateManager())
.setLaunchServerConfigManager(new TestLaunchServerConfigManager()) .setLaunchServerConfigManager(new TestLaunchServerConfigManager())
.setModulesManager(modulesManager) .setModulesManager(modulesManager)

View file

@ -151,11 +151,11 @@ public void readKeys() throws IOException, InvalidKeySpecException {
Path privateKeyFile = dir.resolve("private.key"); Path privateKeyFile = dir.resolve("private.key");
if (IOHelper.isFile(publicKeyFile) && IOHelper.isFile(privateKeyFile)) { if (IOHelper.isFile(publicKeyFile) && IOHelper.isFile(privateKeyFile)) {
LogHelper.info("Reading EC keypair"); LogHelper.info("Reading EC keypair");
publicKey = SecurityHelper.toPublicECKey(IOHelper.read(publicKeyFile)); publicKey = SecurityHelper.toPublicECDSAKey(IOHelper.read(publicKeyFile));
privateKey = SecurityHelper.toPrivateECKey(IOHelper.read(privateKeyFile)); privateKey = SecurityHelper.toPrivateECDSAKey(IOHelper.read(privateKeyFile));
} else { } else {
LogHelper.info("Generating EC keypair"); LogHelper.info("Generating EC keypair");
KeyPair pair = SecurityHelper.genECKeyPair(new SecureRandom()); KeyPair pair = SecurityHelper.genECDSAKeyPair(new SecureRandom());
publicKey = (ECPublicKey) pair.getPublic(); publicKey = (ECPublicKey) pair.getPublic();
privateKey = (ECPrivateKey) pair.getPrivate(); privateKey = (ECPrivateKey) pair.getPrivate();

View file

@ -52,7 +52,7 @@ public final class LauncherConfig extends StreamObject {
@LauncherInjectionConstructor @LauncherInjectionConstructor
public LauncherConfig(HInput input) throws IOException, InvalidKeySpecException { public LauncherConfig(HInput input) throws IOException, InvalidKeySpecException {
publicKey = SecurityHelper.toPublicECKey(input.readByteArray(SecurityHelper.CRYPTO_MAX_LENGTH)); publicKey = SecurityHelper.toPublicECDSAKey(input.readByteArray(SecurityHelper.CRYPTO_MAX_LENGTH));
secureCheckHash = null; secureCheckHash = null;
secureCheckSalt = null; secureCheckSalt = null;
passwordEncryptKey = null; passwordEncryptKey = null;

View file

@ -1,5 +1,7 @@
package pro.gravit.utils.helper; package pro.gravit.utils.helper;
import org.bouncycastle.jcajce.provider.asymmetric.RSA;
import javax.crypto.Cipher; import javax.crypto.Cipher;
import javax.crypto.KeyGenerator; import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException; import javax.crypto.NoSuchPaddingException;
@ -10,13 +12,8 @@
import java.net.URL; import java.net.URL;
import java.nio.file.Path; import java.nio.file.Path;
import java.security.*; import java.security.*;
import java.security.interfaces.ECKey; import java.security.interfaces.*;
import java.security.interfaces.ECPrivateKey; import java.security.spec.*;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Random; import java.util.Random;
@ -28,10 +25,14 @@ public final class SecurityHelper {
// EC Algorithm constants // EC Algorithm constants
public static final String EC_CURVE = "secp256r1"; public static final String EC_CURVE = "secp256r1";
public static final String EC_SIGN_ALGO = "SHA256withECDSA"; public static final String EC_SIGN_ALGO = "SHA256withECDSA";
public static final String EC_CIPHER_ALGO = "ECIES";
public static final int TOKEN_LENGTH = 16; public static final int TOKEN_LENGTH = 16;
// RSA Algorithm constants // RSA Algorithm constants
public static final String RSA_ALGO = "RSA";
public static final String RSA_SIGN_ALGO = "SHA256withRSA";
public static final String RSA_CIPHER_ALGO = "RSA/ECB/PKCS1Padding";
// Algorithm size constants // Algorithm size constants
public static final int AES_KEY_LENGTH = 8; public static final int AES_KEY_LENGTH = 8;
public static final int TOKEN_STRING_LENGTH = TOKEN_LENGTH << 1; public static final int TOKEN_STRING_LENGTH = TOKEN_LENGTH << 1;
@ -81,7 +82,12 @@ public static byte[] digest(DigestAlgorithm algo, URL url) throws IOException {
} }
} }
@Deprecated
public static KeyPair genECKeyPair(SecureRandom random) { public static KeyPair genECKeyPair(SecureRandom random) {
return genECDSAKeyPair(random);
}
public static KeyPair genECDSAKeyPair(SecureRandom random) {
try { try {
KeyPairGenerator generator = KeyPairGenerator.getInstance(EC_ALGO); KeyPairGenerator generator = KeyPairGenerator.getInstance(EC_ALGO);
generator.initialize(new ECGenParameterSpec(EC_CURVE), random); generator.initialize(new ECGenParameterSpec(EC_CURVE), random);
@ -91,6 +97,18 @@ public static KeyPair genECKeyPair(SecureRandom random) {
} }
} }
public static KeyPair genRSAKeyPair(SecureRandom random) {
try {
KeyPairGenerator generator = KeyPairGenerator.getInstance(RSA_ALGO);
generator.initialize(RSA_KEY_LENGTH_BITS, random);
return generator.genKeyPair();
} catch (NoSuchAlgorithmException e) {
throw new InternalError(e);
}
}
public static boolean isValidSign(byte[] bytes, byte[] sign, ECPublicKey publicKey) throws SignatureException { public static boolean isValidSign(byte[] bytes, byte[] sign, ECPublicKey publicKey) throws SignatureException {
Signature signature = newECVerifySignature(publicKey); Signature signature = newECVerifySignature(publicKey);
@ -109,6 +127,23 @@ public static boolean isValidSign(InputStream input, byte[] sign, ECPublicKey pu
return signature.verify(sign); return signature.verify(sign);
} }
public static boolean isValidSign(byte[] bytes, byte[] sign, RSAPublicKey publicKey) throws SignatureException {
Signature signature = newRSAVerifySignature(publicKey);
try {
signature.update(bytes);
} catch (SignatureException e) {
throw new InternalError(e);
}
return signature.verify(sign);
}
public static boolean isValidSign(InputStream input, byte[] sign, RSAPublicKey publicKey) throws IOException, SignatureException {
Signature signature = newRSAVerifySignature(publicKey);
updateSignature(input, signature);
return signature.verify(sign);
}
public static boolean isValidToken(CharSequence token) { public static boolean isValidToken(CharSequence token) {
return token.length() == TOKEN_STRING_LENGTH && token.chars().allMatch(ch -> HEX.indexOf(ch) >= 0); return token.length() == TOKEN_STRING_LENGTH && token.chars().allMatch(ch -> HEX.indexOf(ch) >= 0);
@ -150,8 +185,8 @@ public static SecureRandom newRandom() {
return new SecureRandom(); return new SecureRandom();
} }
private static Cipher newECCipher(int mode, ECKey key) { private static Cipher newRSACipher(int mode, RSAKey key) {
Cipher cipher = newBCCipher(EC_CIPHER_ALGO); Cipher cipher = newCipher(RSA_CIPHER_ALGO);
try { try {
cipher.init(mode, (Key) key); cipher.init(mode, (Key) key);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
@ -160,7 +195,7 @@ private static Cipher newECCipher(int mode, ECKey key) {
return cipher; return cipher;
} }
private static KeyFactory newECKeyFactory() { private static KeyFactory newECDSAKeyFactory() {
try { try {
return KeyFactory.getInstance(EC_ALGO); return KeyFactory.getInstance(EC_ALGO);
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
@ -168,6 +203,14 @@ private static KeyFactory newECKeyFactory() {
} }
} }
private static KeyFactory newRSAKeyFactory() {
try {
return KeyFactory.getInstance(RSA_ALGO);
} catch (NoSuchAlgorithmException e) {
throw new InternalError(e);
}
}
private static Signature newECSignature() { private static Signature newECSignature() {
try { try {
return Signature.getInstance(EC_SIGN_ALGO); return Signature.getInstance(EC_SIGN_ALGO);
@ -176,6 +219,14 @@ private static Signature newECSignature() {
} }
} }
private static Signature newRSASignature() {
try {
return Signature.getInstance(RSA_SIGN_ALGO);
} catch (NoSuchAlgorithmException e) {
throw new InternalError(e);
}
}
public static Signature newECSignSignature(ECPrivateKey key) { public static Signature newECSignSignature(ECPrivateKey key) {
Signature signature = newECSignature(); Signature signature = newECSignature();
try { try {
@ -186,6 +237,16 @@ public static Signature newECSignSignature(ECPrivateKey key) {
return signature; return signature;
} }
public static Signature newRSASignSignature(RSAPrivateKey key) {
Signature signature = newRSASignature();
try {
signature.initSign(key);
} catch (InvalidKeyException e) {
throw new InternalError(e);
}
return signature;
}
public static Signature newECVerifySignature(ECPublicKey key) { public static Signature newECVerifySignature(ECPublicKey key) {
Signature signature = newECSignature(); Signature signature = newECSignature();
@ -197,6 +258,16 @@ public static Signature newECVerifySignature(ECPublicKey key) {
return signature; return signature;
} }
public static Signature newRSAVerifySignature(RSAPublicKey key) {
Signature signature = newRSASignature();
try {
signature.initVerify(key);
} catch (InvalidKeyException e) {
throw new InternalError(e);
}
return signature;
}
public static byte[] randomBytes(int length) { public static byte[] randomBytes(int length) {
return randomBytes(newRandom(), length); return randomBytes(newRandom(), length);
@ -336,12 +407,30 @@ public static String toHex(byte[] bytes) {
return new String(hex); return new String(hex);
} }
@Deprecated
public static ECPublicKey toPublicECKey(byte[] bytes) throws InvalidKeySpecException { public static ECPublicKey toPublicECKey(byte[] bytes) throws InvalidKeySpecException {
return (ECPublicKey) newECKeyFactory().generatePublic(new X509EncodedKeySpec(bytes)); return toPublicECDSAKey(bytes);
} }
@Deprecated
public static ECPrivateKey toPrivateECKey(byte[] bytes) throws InvalidKeySpecException { public static ECPrivateKey toPrivateECKey(byte[] bytes) throws InvalidKeySpecException {
return (ECPrivateKey) newECKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(bytes)); return toPrivateECDSAKey(bytes);
}
public static ECPublicKey toPublicECDSAKey(byte[] bytes) throws InvalidKeySpecException {
return (ECPublicKey) newECDSAKeyFactory().generatePublic(new X509EncodedKeySpec(bytes));
}
public static ECPrivateKey toPrivateECDSAKey(byte[] bytes) throws InvalidKeySpecException {
return (ECPrivateKey) newECDSAKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(bytes));
}
public static RSAPublicKey toPublicRSAKey(byte[] bytes) throws InvalidKeySpecException {
return (RSAPublicKey) newRSAKeyFactory().generatePublic(new X509EncodedKeySpec(bytes));
}
public static RSAPrivateKey toPrivateRSAKey(byte[] bytes) throws InvalidKeySpecException {
return (RSAPrivateKey) newRSAKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(bytes));
} }
private static void updateSignature(InputStream input, Signature signature) throws IOException { private static void updateSignature(InputStream input, Signature signature) throws IOException {
@ -366,22 +455,33 @@ public static void verifySign(InputStream input, byte[] sign, ECPublicKey public
throw new SignatureException("Invalid stream sign"); throw new SignatureException("Invalid stream sign");
} }
public static void verifySign(byte[] bytes, byte[] sign, RSAPublicKey publicKey) throws SignatureException {
if (!isValidSign(bytes, sign, publicKey))
throw new SignatureException("Invalid sign");
}
public static void verifySign(InputStream input, byte[] sign, RSAPublicKey publicKey) throws SignatureException, IOException {
if (!isValidSign(input, sign, publicKey))
throw new SignatureException("Invalid stream sign");
}
public static String verifyToken(String token) { public static String verifyToken(String token) {
return VerifyHelper.verify(token, SecurityHelper::isValidToken, String.format("Invalid token: '%s'", token)); return VerifyHelper.verify(token, SecurityHelper::isValidToken, String.format("Invalid token: '%s'", token));
} }
public static Cipher newECDecryptCipher(ECPrivateKey privateKey) { public static Cipher newRSADecryptCipher(RSAPrivateKey privateKey) {
try { try {
return newECCipher(Cipher.DECRYPT_MODE, privateKey); return newRSACipher(Cipher.DECRYPT_MODE, privateKey);
} catch (SecurityException e) { } catch (SecurityException e) {
throw new InternalError(e); throw new InternalError(e);
} }
} }
public static Cipher newECEncryptCipher(ECPublicKey publicKey) { public static Cipher newRSAEncryptCipher(RSAPublicKey publicKey) {
try { try {
return newECCipher(Cipher.ENCRYPT_MODE, publicKey); return newRSACipher(Cipher.ENCRYPT_MODE, publicKey);
} catch (SecurityException e) { } catch (SecurityException e) {
throw new InternalError(e); throw new InternalError(e);
} }