mirror of
https://github.com/GravitLauncher/Launcher
synced 2025-01-09 00:59:44 +03:00
[FEATURE] KeyAgreementManager
This commit is contained in:
parent
92f19ffc5d
commit
e9b14c921c
11 changed files with 214 additions and 66 deletions
|
@ -81,13 +81,9 @@ public final class LaunchServer implements Runnable, AutoCloseable, Reconfigurab
|
||||||
* This object contains runtime configuration
|
* This object contains runtime configuration
|
||||||
*/
|
*/
|
||||||
public final LaunchServerRuntimeConfig runtime;
|
public final LaunchServerRuntimeConfig runtime;
|
||||||
/**
|
@Deprecated
|
||||||
* Public ECDSA LaunchServer key
|
|
||||||
*/
|
|
||||||
public final ECPublicKey publicKey;
|
public final ECPublicKey publicKey;
|
||||||
/**
|
@Deprecated
|
||||||
* Private ECDSA LaunchServer key
|
|
||||||
*/
|
|
||||||
public final ECPrivateKey privateKey;
|
public final ECPrivateKey privateKey;
|
||||||
/**
|
/**
|
||||||
* Pipeline for building JAR
|
* Pipeline for building JAR
|
||||||
|
@ -110,6 +106,7 @@ public final class LaunchServer implements Runnable, AutoCloseable, Reconfigurab
|
||||||
public final ConfigManager configManager;
|
public final ConfigManager configManager;
|
||||||
public final PingServerManager pingServerManager;
|
public final PingServerManager pingServerManager;
|
||||||
public final FeaturesManager featuresManager;
|
public final FeaturesManager featuresManager;
|
||||||
|
public final KeyAgreementManager keyAgreementManager;
|
||||||
// HWID ban + anti-brutforce
|
// HWID ban + anti-brutforce
|
||||||
public final CertificateManager certificateManager;
|
public final CertificateManager certificateManager;
|
||||||
// Server
|
// Server
|
||||||
|
@ -123,7 +120,7 @@ public final class LaunchServer implements Runnable, AutoCloseable, Reconfigurab
|
||||||
// Updates and profiles
|
// Updates and profiles
|
||||||
private volatile List<ClientProfile> profilesList;
|
private volatile List<ClientProfile> profilesList;
|
||||||
|
|
||||||
public LaunchServer(LaunchServerDirectories directories, LaunchServerEnv env, LaunchServerConfig config, LaunchServerRuntimeConfig runtimeConfig, LaunchServerConfigManager launchServerConfigManager, LaunchServerModulesManager modulesManager, ECPublicKey publicKey, ECPrivateKey privateKey, CommandHandler commandHandler, CertificateManager certificateManager) throws IOException {
|
public LaunchServer(LaunchServerDirectories directories, LaunchServerEnv env, LaunchServerConfig config, LaunchServerRuntimeConfig runtimeConfig, LaunchServerConfigManager launchServerConfigManager, LaunchServerModulesManager modulesManager, KeyAgreementManager keyAgreementManager, CommandHandler commandHandler, CertificateManager certificateManager) throws IOException {
|
||||||
this.dir = directories.dir;
|
this.dir = directories.dir;
|
||||||
this.env = env;
|
this.env = env;
|
||||||
this.config = config;
|
this.config = config;
|
||||||
|
@ -131,8 +128,9 @@ public LaunchServer(LaunchServerDirectories directories, LaunchServerEnv env, La
|
||||||
this.modulesManager = modulesManager;
|
this.modulesManager = modulesManager;
|
||||||
this.profilesDir = directories.profilesDir;
|
this.profilesDir = directories.profilesDir;
|
||||||
this.updatesDir = directories.updatesDir;
|
this.updatesDir = directories.updatesDir;
|
||||||
this.publicKey = publicKey;
|
this.keyAgreementManager = keyAgreementManager;
|
||||||
this.privateKey = privateKey;
|
this.publicKey = keyAgreementManager.ecdsaPublicKey;
|
||||||
|
this.privateKey = keyAgreementManager.ecdsaPrivateKey;
|
||||||
this.commandHandler = commandHandler;
|
this.commandHandler = commandHandler;
|
||||||
this.runtime = runtimeConfig;
|
this.runtime = runtimeConfig;
|
||||||
this.certificateManager = certificateManager;
|
this.certificateManager = certificateManager;
|
||||||
|
@ -510,11 +508,12 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IO
|
||||||
public static class LaunchServerDirectories {
|
public static class LaunchServerDirectories {
|
||||||
public static final String UPDATES_NAME = "updates", PROFILES_NAME = "profiles",
|
public static final String UPDATES_NAME = "updates", PROFILES_NAME = "profiles",
|
||||||
TRUSTSTORE_NAME = "truststore", LAUNCHERLIBRARIES_NAME = "launcher-libraries",
|
TRUSTSTORE_NAME = "truststore", LAUNCHERLIBRARIES_NAME = "launcher-libraries",
|
||||||
LAUNCHERLIBRARIESCOMPILE_NAME = "launcher-libraries-compile";
|
LAUNCHERLIBRARIESCOMPILE_NAME = "launcher-libraries-compile", KEY_NAME = ".keys";
|
||||||
public Path updatesDir;
|
public Path updatesDir;
|
||||||
public Path profilesDir;
|
public Path profilesDir;
|
||||||
public Path launcherLibrariesDir;
|
public Path launcherLibrariesDir;
|
||||||
public Path launcherLibrariesCompileDir;
|
public Path launcherLibrariesCompileDir;
|
||||||
|
public Path keyDirectory;
|
||||||
public Path dir;
|
public Path dir;
|
||||||
public Path trustStore;
|
public Path trustStore;
|
||||||
|
|
||||||
|
@ -525,6 +524,7 @@ public void collect() {
|
||||||
if (launcherLibrariesDir == null) launcherLibrariesDir = dir.resolve(LAUNCHERLIBRARIES_NAME);
|
if (launcherLibrariesDir == null) launcherLibrariesDir = dir.resolve(LAUNCHERLIBRARIES_NAME);
|
||||||
if (launcherLibrariesCompileDir == null)
|
if (launcherLibrariesCompileDir == null)
|
||||||
launcherLibrariesCompileDir = dir.resolve(LAUNCHERLIBRARIESCOMPILE_NAME);
|
launcherLibrariesCompileDir = dir.resolve(LAUNCHERLIBRARIESCOMPILE_NAME);
|
||||||
|
if(keyDirectory == null) keyDirectory = dir.resolve(KEY_NAME);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
import pro.gravit.launchserver.config.LaunchServerConfig;
|
import pro.gravit.launchserver.config.LaunchServerConfig;
|
||||||
import pro.gravit.launchserver.config.LaunchServerRuntimeConfig;
|
import pro.gravit.launchserver.config.LaunchServerRuntimeConfig;
|
||||||
import pro.gravit.launchserver.manangers.CertificateManager;
|
import pro.gravit.launchserver.manangers.CertificateManager;
|
||||||
|
import pro.gravit.launchserver.manangers.KeyAgreementManager;
|
||||||
import pro.gravit.launchserver.modules.impl.LaunchServerModulesManager;
|
import pro.gravit.launchserver.modules.impl.LaunchServerModulesManager;
|
||||||
import pro.gravit.utils.command.CommandHandler;
|
import pro.gravit.utils.command.CommandHandler;
|
||||||
|
|
||||||
|
@ -17,8 +18,7 @@ public class LaunchServerBuilder {
|
||||||
private LaunchServer.LaunchServerEnv env;
|
private LaunchServer.LaunchServerEnv env;
|
||||||
private LaunchServerModulesManager modulesManager;
|
private LaunchServerModulesManager modulesManager;
|
||||||
private LaunchServer.LaunchServerDirectories directories = new LaunchServer.LaunchServerDirectories();
|
private LaunchServer.LaunchServerDirectories directories = new LaunchServer.LaunchServerDirectories();
|
||||||
private ECPublicKey publicKey;
|
private KeyAgreementManager keyAgreementManager;
|
||||||
private ECPrivateKey privateKey;
|
|
||||||
private CertificateManager certificateManager;
|
private CertificateManager certificateManager;
|
||||||
private LaunchServer.LaunchServerConfigManager launchServerConfigManager;
|
private LaunchServer.LaunchServerConfigManager launchServerConfigManager;
|
||||||
|
|
||||||
|
@ -57,16 +57,6 @@ public LaunchServerBuilder setDir(Path dir) {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public LaunchServerBuilder setPublicKey(ECPublicKey publicKey) {
|
|
||||||
this.publicKey = publicKey;
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public LaunchServerBuilder setPrivateKey(ECPrivateKey privateKey) {
|
|
||||||
this.privateKey = privateKey;
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public LaunchServerBuilder setLaunchServerConfigManager(LaunchServer.LaunchServerConfigManager launchServerConfigManager) {
|
public LaunchServerBuilder setLaunchServerConfigManager(LaunchServer.LaunchServerConfigManager launchServerConfigManager) {
|
||||||
this.launchServerConfigManager = launchServerConfigManager;
|
this.launchServerConfigManager = launchServerConfigManager;
|
||||||
return this;
|
return this;
|
||||||
|
@ -97,11 +87,18 @@ public void writeRuntimeConfig(LaunchServerRuntimeConfig config) {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
return new LaunchServer(directories, env, config, runtimeConfig, launchServerConfigManager, modulesManager, publicKey, privateKey, commandHandler, certificateManager);
|
if(keyAgreementManager == null) {
|
||||||
|
keyAgreementManager = new KeyAgreementManager(directories.keyDirectory);
|
||||||
|
}
|
||||||
|
return new LaunchServer(directories, env, config, runtimeConfig, launchServerConfigManager, modulesManager, keyAgreementManager, commandHandler, certificateManager);
|
||||||
}
|
}
|
||||||
|
|
||||||
public LaunchServerBuilder setCertificateManager(CertificateManager certificateManager) {
|
public LaunchServerBuilder setCertificateManager(CertificateManager certificateManager) {
|
||||||
this.certificateManager = certificateManager;
|
this.certificateManager = certificateManager;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setKeyAgreementManager(KeyAgreementManager keyAgreementManager) {
|
||||||
|
this.keyAgreementManager = keyAgreementManager;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -120,11 +120,11 @@ public static void main(String[] args) throws Exception {
|
||||||
}
|
}
|
||||||
if (IOHelper.isFile(publicKeyFile) && IOHelper.isFile(privateKeyFile)) {
|
if (IOHelper.isFile(publicKeyFile) && IOHelper.isFile(privateKeyFile)) {
|
||||||
LogHelper.info("Reading EC keypair");
|
LogHelper.info("Reading EC keypair");
|
||||||
publicKey = SecurityHelper.toPublicECKey(IOHelper.read(publicKeyFile));
|
publicKey = SecurityHelper.toPublicECDSAKey(IOHelper.read(publicKeyFile));
|
||||||
privateKey = SecurityHelper.toPrivateECKey(IOHelper.read(privateKeyFile));
|
privateKey = SecurityHelper.toPrivateECDSAKey(IOHelper.read(privateKeyFile));
|
||||||
} else {
|
} else {
|
||||||
LogHelper.info("Generating EC keypair");
|
LogHelper.info("Generating EC keypair");
|
||||||
KeyPair pair = SecurityHelper.genECKeyPair(new SecureRandom());
|
KeyPair pair = SecurityHelper.genECDSAKeyPair(new SecureRandom());
|
||||||
publicKey = (ECPublicKey) pair.getPublic();
|
publicKey = (ECPublicKey) pair.getPublic();
|
||||||
privateKey = (ECPrivateKey) pair.getPrivate();
|
privateKey = (ECPrivateKey) pair.getPrivate();
|
||||||
|
|
||||||
|
@ -202,8 +202,6 @@ public void writeRuntimeConfig(LaunchServerRuntimeConfig config) throws IOExcept
|
||||||
.setDirectories(directories)
|
.setDirectories(directories)
|
||||||
.setEnv(env)
|
.setEnv(env)
|
||||||
.setCommandHandler(localCommandHandler)
|
.setCommandHandler(localCommandHandler)
|
||||||
.setPrivateKey(privateKey)
|
|
||||||
.setPublicKey(publicKey)
|
|
||||||
.setRuntimeConfig(runtimeConfig)
|
.setRuntimeConfig(runtimeConfig)
|
||||||
.setConfig(config)
|
.setConfig(config)
|
||||||
.setModulesManager(modulesManager)
|
.setModulesManager(modulesManager)
|
||||||
|
|
|
@ -19,7 +19,7 @@ default byte[] generateSecureLevelKey() {
|
||||||
|
|
||||||
default void verifySecureLevelKey(byte[] publicKey, byte[] data, byte[] signature) throws InvalidKeySpecException, SignatureException {
|
default void verifySecureLevelKey(byte[] publicKey, byte[] data, byte[] signature) throws InvalidKeySpecException, SignatureException {
|
||||||
if (publicKey == null || signature == null) throw new InvalidKeySpecException();
|
if (publicKey == null || signature == null) throw new InvalidKeySpecException();
|
||||||
ECPublicKey pubKey = SecurityHelper.toPublicECKey(publicKey);
|
ECPublicKey pubKey = SecurityHelper.toPublicECDSAKey(publicKey);
|
||||||
Signature sign = SecurityHelper.newECVerifySignature(pubKey);
|
Signature sign = SecurityHelper.newECVerifySignature(pubKey);
|
||||||
sign.update(data);
|
sign.update(data);
|
||||||
sign.verify(signature);
|
sign.verify(signature);
|
||||||
|
|
|
@ -11,7 +11,6 @@ public abstract class LauncherBinary extends BinaryPipeline {
|
||||||
public final LaunchServer server;
|
public final LaunchServer server;
|
||||||
public final Path syncBinaryFile;
|
public final Path syncBinaryFile;
|
||||||
private volatile byte[] digest;
|
private volatile byte[] digest;
|
||||||
private volatile byte[] sign;
|
|
||||||
|
|
||||||
protected LauncherBinary(LaunchServer server, Path binaryFile, String nameFormat) {
|
protected LauncherBinary(LaunchServer server, Path binaryFile, String nameFormat) {
|
||||||
super(server.dir.resolve("build"), nameFormat);
|
super(server.dir.resolve("build"), nameFormat);
|
||||||
|
@ -35,17 +34,12 @@ public final byte[] getDigest() {
|
||||||
return digest;
|
return digest;
|
||||||
}
|
}
|
||||||
|
|
||||||
public final byte[] getSign() {
|
|
||||||
return sign;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void init() {
|
public void init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
public final boolean sync() throws IOException {
|
public final boolean sync() throws IOException {
|
||||||
boolean exists = exists();
|
boolean exists = exists();
|
||||||
digest = exists ? SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA512, IOHelper.read(syncBinaryFile)) : null;
|
digest = exists ? SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA512, IOHelper.read(syncBinaryFile)) : null;
|
||||||
sign = exists ? SecurityHelper.sign(IOHelper.read(syncBinaryFile), server.privateKey) : null;
|
|
||||||
|
|
||||||
return exists;
|
return exists;
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,63 @@
|
||||||
|
package pro.gravit.launchserver.manangers;
|
||||||
|
|
||||||
|
import pro.gravit.utils.helper.IOHelper;
|
||||||
|
import pro.gravit.utils.helper.LogHelper;
|
||||||
|
import pro.gravit.utils.helper.SecurityHelper;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.nio.file.Path;
|
||||||
|
import java.security.*;
|
||||||
|
import java.security.interfaces.ECPrivateKey;
|
||||||
|
import java.security.interfaces.ECPublicKey;
|
||||||
|
import java.security.interfaces.RSAPrivateKey;
|
||||||
|
import java.security.interfaces.RSAPublicKey;
|
||||||
|
import java.security.spec.InvalidKeySpecException;
|
||||||
|
|
||||||
|
public class KeyAgreementManager {
|
||||||
|
public final ECPublicKey ecdsaPublicKey;
|
||||||
|
public final ECPrivateKey ecdsaPrivateKey;
|
||||||
|
public final RSAPublicKey rsaPublicKey;
|
||||||
|
public final RSAPrivateKey rsaPrivateKey;
|
||||||
|
|
||||||
|
public KeyAgreementManager(ECPublicKey ecdsaPublicKey, ECPrivateKey ecdsaPrivateKey, RSAPublicKey rsaPublicKey, RSAPrivateKey rsaPrivateKey) {
|
||||||
|
this.ecdsaPublicKey = ecdsaPublicKey;
|
||||||
|
this.ecdsaPrivateKey = ecdsaPrivateKey;
|
||||||
|
this.rsaPublicKey = rsaPublicKey;
|
||||||
|
this.rsaPrivateKey = rsaPrivateKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeyAgreementManager(Path keyDirectory) throws IOException, InvalidKeySpecException {
|
||||||
|
Path ecdsaPublicKeyPath = keyDirectory.resolve("ecdsa_id.pub"), ecdsaPrivateKeyPath = keyDirectory.resolve("ecdsa_id");
|
||||||
|
if (IOHelper.isFile(ecdsaPublicKeyPath) && IOHelper.isFile(ecdsaPrivateKeyPath)) {
|
||||||
|
LogHelper.info("Reading ECDSA keypair");
|
||||||
|
ecdsaPublicKey = SecurityHelper.toPublicECDSAKey(IOHelper.read(ecdsaPublicKeyPath));
|
||||||
|
ecdsaPrivateKey = SecurityHelper.toPrivateECDSAKey(IOHelper.read(ecdsaPrivateKeyPath));
|
||||||
|
} else {
|
||||||
|
LogHelper.info("Generating ECDSA keypair");
|
||||||
|
KeyPair pair = SecurityHelper.genECDSAKeyPair(new SecureRandom());
|
||||||
|
ecdsaPublicKey = (ECPublicKey) pair.getPublic();
|
||||||
|
ecdsaPrivateKey = (ECPrivateKey) pair.getPrivate();
|
||||||
|
|
||||||
|
// Write key pair list
|
||||||
|
LogHelper.info("Writing ECDSA keypair list");
|
||||||
|
IOHelper.write(ecdsaPublicKeyPath, ecdsaPublicKey.getEncoded());
|
||||||
|
IOHelper.write(ecdsaPrivateKeyPath, ecdsaPrivateKey.getEncoded());
|
||||||
|
}
|
||||||
|
Path rsaPublicKeyPath = keyDirectory.resolve("rsa_id.pub"), rsaPrivateKeyPath = keyDirectory.resolve("rsa_id");
|
||||||
|
if (IOHelper.isFile(rsaPublicKeyPath) && IOHelper.isFile(rsaPrivateKeyPath)) {
|
||||||
|
LogHelper.info("Reading RSA keypair");
|
||||||
|
rsaPublicKey = SecurityHelper.toPublicRSAKey(IOHelper.read(rsaPublicKeyPath));
|
||||||
|
rsaPrivateKey = SecurityHelper.toPrivateRSAKey(IOHelper.read(rsaPrivateKeyPath));
|
||||||
|
} else {
|
||||||
|
LogHelper.info("Generating RSA keypair");
|
||||||
|
KeyPair pair = SecurityHelper.genRSAKeyPair(new SecureRandom());
|
||||||
|
rsaPublicKey = (RSAPublicKey) pair.getPublic();
|
||||||
|
rsaPrivateKey = (RSAPrivateKey) pair.getPrivate();
|
||||||
|
|
||||||
|
// Write key pair list
|
||||||
|
LogHelper.info("Writing RSA keypair list");
|
||||||
|
IOHelper.write(rsaPublicKeyPath, rsaPublicKey.getEncoded());
|
||||||
|
IOHelper.write(rsaPrivateKeyPath, rsaPrivateKey.getEncoded());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,5 +1,6 @@
|
||||||
package pro.gravit.launchserver;
|
package pro.gravit.launchserver;
|
||||||
|
|
||||||
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.junit.jupiter.api.io.TempDir;
|
import org.junit.jupiter.api.io.TempDir;
|
||||||
|
@ -26,6 +27,7 @@
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.security.KeyPair;
|
import java.security.KeyPair;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
|
import java.security.Security;
|
||||||
import java.security.interfaces.ECPrivateKey;
|
import java.security.interfaces.ECPrivateKey;
|
||||||
import java.security.interfaces.ECPublicKey;
|
import java.security.interfaces.ECPublicKey;
|
||||||
|
|
||||||
|
@ -41,22 +43,18 @@ public class ConfigurationTest {
|
||||||
|
|
||||||
@BeforeAll
|
@BeforeAll
|
||||||
public static void prepare() throws Throwable {
|
public static void prepare() throws Throwable {
|
||||||
|
if(Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
||||||
LaunchServerModulesManager modulesManager = new LaunchServerModulesManager(modulesDir, configDir, null);
|
LaunchServerModulesManager modulesManager = new LaunchServerModulesManager(modulesDir, configDir, null);
|
||||||
LaunchServerConfig config = LaunchServerConfig.getDefault(LaunchServer.LaunchServerEnv.TEST);
|
LaunchServerConfig config = LaunchServerConfig.getDefault(LaunchServer.LaunchServerEnv.TEST);
|
||||||
Launcher.gsonManager = new LaunchServerGsonManager(modulesManager);
|
Launcher.gsonManager = new LaunchServerGsonManager(modulesManager);
|
||||||
Launcher.gsonManager.initGson();
|
Launcher.gsonManager.initGson();
|
||||||
LaunchServerRuntimeConfig runtimeConfig = new LaunchServerRuntimeConfig();
|
LaunchServerRuntimeConfig runtimeConfig = new LaunchServerRuntimeConfig();
|
||||||
LaunchServerBuilder builder = new LaunchServerBuilder();
|
LaunchServerBuilder builder = new LaunchServerBuilder();
|
||||||
KeyPair pair = SecurityHelper.genECKeyPair(new SecureRandom());
|
|
||||||
ECPublicKey publicKey = (ECPublicKey) pair.getPublic();
|
|
||||||
ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
|
|
||||||
launchServerConfigManager = new TestLaunchServerConfigManager();
|
launchServerConfigManager = new TestLaunchServerConfigManager();
|
||||||
builder.setDir(dir)
|
builder.setDir(dir)
|
||||||
.setEnv(LaunchServer.LaunchServerEnv.TEST)
|
.setEnv(LaunchServer.LaunchServerEnv.TEST)
|
||||||
.setConfig(config)
|
.setConfig(config)
|
||||||
.setRuntimeConfig(runtimeConfig)
|
.setRuntimeConfig(runtimeConfig)
|
||||||
.setPublicKey(publicKey)
|
|
||||||
.setPrivateKey(privateKey)
|
|
||||||
.setCertificateManager(new CertificateManager())
|
.setCertificateManager(new CertificateManager())
|
||||||
.setLaunchServerConfigManager(launchServerConfigManager)
|
.setLaunchServerConfigManager(launchServerConfigManager)
|
||||||
.setModulesManager(modulesManager)
|
.setModulesManager(modulesManager)
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
package pro.gravit.launchserver;
|
package pro.gravit.launchserver;
|
||||||
|
|
||||||
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||||
import org.junit.jupiter.api.AfterAll;
|
import org.junit.jupiter.api.AfterAll;
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
@ -17,6 +18,7 @@
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.security.KeyPair;
|
import java.security.KeyPair;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
|
import java.security.Security;
|
||||||
import java.security.interfaces.ECPrivateKey;
|
import java.security.interfaces.ECPrivateKey;
|
||||||
import java.security.interfaces.ECPublicKey;
|
import java.security.interfaces.ECPublicKey;
|
||||||
|
|
||||||
|
@ -31,21 +33,17 @@ public class StartLaunchServerTest {
|
||||||
|
|
||||||
@BeforeAll
|
@BeforeAll
|
||||||
public static void prepare() throws Throwable {
|
public static void prepare() throws Throwable {
|
||||||
|
if(Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
||||||
LaunchServerModulesManager modulesManager = new LaunchServerModulesManager(modulesDir, configDir, null);
|
LaunchServerModulesManager modulesManager = new LaunchServerModulesManager(modulesDir, configDir, null);
|
||||||
LaunchServerConfig config = LaunchServerConfig.getDefault(LaunchServer.LaunchServerEnv.TEST);
|
LaunchServerConfig config = LaunchServerConfig.getDefault(LaunchServer.LaunchServerEnv.TEST);
|
||||||
Launcher.gsonManager = new LaunchServerGsonManager(modulesManager);
|
Launcher.gsonManager = new LaunchServerGsonManager(modulesManager);
|
||||||
Launcher.gsonManager.initGson();
|
Launcher.gsonManager.initGson();
|
||||||
LaunchServerRuntimeConfig runtimeConfig = new LaunchServerRuntimeConfig();
|
LaunchServerRuntimeConfig runtimeConfig = new LaunchServerRuntimeConfig();
|
||||||
LaunchServerBuilder builder = new LaunchServerBuilder();
|
LaunchServerBuilder builder = new LaunchServerBuilder();
|
||||||
KeyPair pair = SecurityHelper.genECKeyPair(new SecureRandom());
|
|
||||||
ECPublicKey publicKey = (ECPublicKey) pair.getPublic();
|
|
||||||
ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
|
|
||||||
builder.setDir(dir)
|
builder.setDir(dir)
|
||||||
.setEnv(LaunchServer.LaunchServerEnv.TEST)
|
.setEnv(LaunchServer.LaunchServerEnv.TEST)
|
||||||
.setConfig(config)
|
.setConfig(config)
|
||||||
.setRuntimeConfig(runtimeConfig)
|
.setRuntimeConfig(runtimeConfig)
|
||||||
.setPublicKey(publicKey)
|
|
||||||
.setPrivateKey(privateKey)
|
|
||||||
.setCertificateManager(new CertificateManager())
|
.setCertificateManager(new CertificateManager())
|
||||||
.setLaunchServerConfigManager(new TestLaunchServerConfigManager())
|
.setLaunchServerConfigManager(new TestLaunchServerConfigManager())
|
||||||
.setModulesManager(modulesManager)
|
.setModulesManager(modulesManager)
|
||||||
|
|
|
@ -151,11 +151,11 @@ public void readKeys() throws IOException, InvalidKeySpecException {
|
||||||
Path privateKeyFile = dir.resolve("private.key");
|
Path privateKeyFile = dir.resolve("private.key");
|
||||||
if (IOHelper.isFile(publicKeyFile) && IOHelper.isFile(privateKeyFile)) {
|
if (IOHelper.isFile(publicKeyFile) && IOHelper.isFile(privateKeyFile)) {
|
||||||
LogHelper.info("Reading EC keypair");
|
LogHelper.info("Reading EC keypair");
|
||||||
publicKey = SecurityHelper.toPublicECKey(IOHelper.read(publicKeyFile));
|
publicKey = SecurityHelper.toPublicECDSAKey(IOHelper.read(publicKeyFile));
|
||||||
privateKey = SecurityHelper.toPrivateECKey(IOHelper.read(privateKeyFile));
|
privateKey = SecurityHelper.toPrivateECDSAKey(IOHelper.read(privateKeyFile));
|
||||||
} else {
|
} else {
|
||||||
LogHelper.info("Generating EC keypair");
|
LogHelper.info("Generating EC keypair");
|
||||||
KeyPair pair = SecurityHelper.genECKeyPair(new SecureRandom());
|
KeyPair pair = SecurityHelper.genECDSAKeyPair(new SecureRandom());
|
||||||
publicKey = (ECPublicKey) pair.getPublic();
|
publicKey = (ECPublicKey) pair.getPublic();
|
||||||
privateKey = (ECPrivateKey) pair.getPrivate();
|
privateKey = (ECPrivateKey) pair.getPrivate();
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ public final class LauncherConfig extends StreamObject {
|
||||||
|
|
||||||
@LauncherInjectionConstructor
|
@LauncherInjectionConstructor
|
||||||
public LauncherConfig(HInput input) throws IOException, InvalidKeySpecException {
|
public LauncherConfig(HInput input) throws IOException, InvalidKeySpecException {
|
||||||
publicKey = SecurityHelper.toPublicECKey(input.readByteArray(SecurityHelper.CRYPTO_MAX_LENGTH));
|
publicKey = SecurityHelper.toPublicECDSAKey(input.readByteArray(SecurityHelper.CRYPTO_MAX_LENGTH));
|
||||||
secureCheckHash = null;
|
secureCheckHash = null;
|
||||||
secureCheckSalt = null;
|
secureCheckSalt = null;
|
||||||
passwordEncryptKey = null;
|
passwordEncryptKey = null;
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
package pro.gravit.utils.helper;
|
package pro.gravit.utils.helper;
|
||||||
|
|
||||||
|
import org.bouncycastle.jcajce.provider.asymmetric.RSA;
|
||||||
|
|
||||||
import javax.crypto.Cipher;
|
import javax.crypto.Cipher;
|
||||||
import javax.crypto.KeyGenerator;
|
import javax.crypto.KeyGenerator;
|
||||||
import javax.crypto.NoSuchPaddingException;
|
import javax.crypto.NoSuchPaddingException;
|
||||||
|
@ -10,13 +12,8 @@
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.security.*;
|
import java.security.*;
|
||||||
import java.security.interfaces.ECKey;
|
import java.security.interfaces.*;
|
||||||
import java.security.interfaces.ECPrivateKey;
|
import java.security.spec.*;
|
||||||
import java.security.interfaces.ECPublicKey;
|
|
||||||
import java.security.spec.ECGenParameterSpec;
|
|
||||||
import java.security.spec.InvalidKeySpecException;
|
|
||||||
import java.security.spec.PKCS8EncodedKeySpec;
|
|
||||||
import java.security.spec.X509EncodedKeySpec;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Random;
|
import java.util.Random;
|
||||||
|
@ -28,10 +25,14 @@ public final class SecurityHelper {
|
||||||
// EC Algorithm constants
|
// EC Algorithm constants
|
||||||
public static final String EC_CURVE = "secp256r1";
|
public static final String EC_CURVE = "secp256r1";
|
||||||
public static final String EC_SIGN_ALGO = "SHA256withECDSA";
|
public static final String EC_SIGN_ALGO = "SHA256withECDSA";
|
||||||
public static final String EC_CIPHER_ALGO = "ECIES";
|
|
||||||
public static final int TOKEN_LENGTH = 16;
|
public static final int TOKEN_LENGTH = 16;
|
||||||
|
|
||||||
// RSA Algorithm constants
|
// RSA Algorithm constants
|
||||||
|
|
||||||
|
public static final String RSA_ALGO = "RSA";
|
||||||
|
public static final String RSA_SIGN_ALGO = "SHA256withRSA";
|
||||||
|
public static final String RSA_CIPHER_ALGO = "RSA/ECB/PKCS1Padding";
|
||||||
|
|
||||||
// Algorithm size constants
|
// Algorithm size constants
|
||||||
public static final int AES_KEY_LENGTH = 8;
|
public static final int AES_KEY_LENGTH = 8;
|
||||||
public static final int TOKEN_STRING_LENGTH = TOKEN_LENGTH << 1;
|
public static final int TOKEN_STRING_LENGTH = TOKEN_LENGTH << 1;
|
||||||
|
@ -81,7 +82,12 @@ public static byte[] digest(DigestAlgorithm algo, URL url) throws IOException {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Deprecated
|
||||||
public static KeyPair genECKeyPair(SecureRandom random) {
|
public static KeyPair genECKeyPair(SecureRandom random) {
|
||||||
|
return genECDSAKeyPair(random);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static KeyPair genECDSAKeyPair(SecureRandom random) {
|
||||||
try {
|
try {
|
||||||
KeyPairGenerator generator = KeyPairGenerator.getInstance(EC_ALGO);
|
KeyPairGenerator generator = KeyPairGenerator.getInstance(EC_ALGO);
|
||||||
generator.initialize(new ECGenParameterSpec(EC_CURVE), random);
|
generator.initialize(new ECGenParameterSpec(EC_CURVE), random);
|
||||||
|
@ -91,6 +97,18 @@ public static KeyPair genECKeyPair(SecureRandom random) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static KeyPair genRSAKeyPair(SecureRandom random) {
|
||||||
|
try {
|
||||||
|
KeyPairGenerator generator = KeyPairGenerator.getInstance(RSA_ALGO);
|
||||||
|
generator.initialize(RSA_KEY_LENGTH_BITS, random);
|
||||||
|
return generator.genKeyPair();
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
throw new InternalError(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
public static boolean isValidSign(byte[] bytes, byte[] sign, ECPublicKey publicKey) throws SignatureException {
|
public static boolean isValidSign(byte[] bytes, byte[] sign, ECPublicKey publicKey) throws SignatureException {
|
||||||
Signature signature = newECVerifySignature(publicKey);
|
Signature signature = newECVerifySignature(publicKey);
|
||||||
|
@ -109,6 +127,23 @@ public static boolean isValidSign(InputStream input, byte[] sign, ECPublicKey pu
|
||||||
return signature.verify(sign);
|
return signature.verify(sign);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static boolean isValidSign(byte[] bytes, byte[] sign, RSAPublicKey publicKey) throws SignatureException {
|
||||||
|
Signature signature = newRSAVerifySignature(publicKey);
|
||||||
|
try {
|
||||||
|
signature.update(bytes);
|
||||||
|
} catch (SignatureException e) {
|
||||||
|
throw new InternalError(e);
|
||||||
|
}
|
||||||
|
return signature.verify(sign);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public static boolean isValidSign(InputStream input, byte[] sign, RSAPublicKey publicKey) throws IOException, SignatureException {
|
||||||
|
Signature signature = newRSAVerifySignature(publicKey);
|
||||||
|
updateSignature(input, signature);
|
||||||
|
return signature.verify(sign);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public static boolean isValidToken(CharSequence token) {
|
public static boolean isValidToken(CharSequence token) {
|
||||||
return token.length() == TOKEN_STRING_LENGTH && token.chars().allMatch(ch -> HEX.indexOf(ch) >= 0);
|
return token.length() == TOKEN_STRING_LENGTH && token.chars().allMatch(ch -> HEX.indexOf(ch) >= 0);
|
||||||
|
@ -150,8 +185,8 @@ public static SecureRandom newRandom() {
|
||||||
return new SecureRandom();
|
return new SecureRandom();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Cipher newECCipher(int mode, ECKey key) {
|
private static Cipher newRSACipher(int mode, RSAKey key) {
|
||||||
Cipher cipher = newBCCipher(EC_CIPHER_ALGO);
|
Cipher cipher = newCipher(RSA_CIPHER_ALGO);
|
||||||
try {
|
try {
|
||||||
cipher.init(mode, (Key) key);
|
cipher.init(mode, (Key) key);
|
||||||
} catch (InvalidKeyException e) {
|
} catch (InvalidKeyException e) {
|
||||||
|
@ -160,7 +195,7 @@ private static Cipher newECCipher(int mode, ECKey key) {
|
||||||
return cipher;
|
return cipher;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static KeyFactory newECKeyFactory() {
|
private static KeyFactory newECDSAKeyFactory() {
|
||||||
try {
|
try {
|
||||||
return KeyFactory.getInstance(EC_ALGO);
|
return KeyFactory.getInstance(EC_ALGO);
|
||||||
} catch (NoSuchAlgorithmException e) {
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
@ -168,6 +203,14 @@ private static KeyFactory newECKeyFactory() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static KeyFactory newRSAKeyFactory() {
|
||||||
|
try {
|
||||||
|
return KeyFactory.getInstance(RSA_ALGO);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
throw new InternalError(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private static Signature newECSignature() {
|
private static Signature newECSignature() {
|
||||||
try {
|
try {
|
||||||
return Signature.getInstance(EC_SIGN_ALGO);
|
return Signature.getInstance(EC_SIGN_ALGO);
|
||||||
|
@ -176,6 +219,14 @@ private static Signature newECSignature() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static Signature newRSASignature() {
|
||||||
|
try {
|
||||||
|
return Signature.getInstance(RSA_SIGN_ALGO);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
throw new InternalError(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public static Signature newECSignSignature(ECPrivateKey key) {
|
public static Signature newECSignSignature(ECPrivateKey key) {
|
||||||
Signature signature = newECSignature();
|
Signature signature = newECSignature();
|
||||||
try {
|
try {
|
||||||
|
@ -186,6 +237,16 @@ public static Signature newECSignSignature(ECPrivateKey key) {
|
||||||
return signature;
|
return signature;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static Signature newRSASignSignature(RSAPrivateKey key) {
|
||||||
|
Signature signature = newRSASignature();
|
||||||
|
try {
|
||||||
|
signature.initSign(key);
|
||||||
|
} catch (InvalidKeyException e) {
|
||||||
|
throw new InternalError(e);
|
||||||
|
}
|
||||||
|
return signature;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public static Signature newECVerifySignature(ECPublicKey key) {
|
public static Signature newECVerifySignature(ECPublicKey key) {
|
||||||
Signature signature = newECSignature();
|
Signature signature = newECSignature();
|
||||||
|
@ -197,6 +258,16 @@ public static Signature newECVerifySignature(ECPublicKey key) {
|
||||||
return signature;
|
return signature;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static Signature newRSAVerifySignature(RSAPublicKey key) {
|
||||||
|
Signature signature = newRSASignature();
|
||||||
|
try {
|
||||||
|
signature.initVerify(key);
|
||||||
|
} catch (InvalidKeyException e) {
|
||||||
|
throw new InternalError(e);
|
||||||
|
}
|
||||||
|
return signature;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public static byte[] randomBytes(int length) {
|
public static byte[] randomBytes(int length) {
|
||||||
return randomBytes(newRandom(), length);
|
return randomBytes(newRandom(), length);
|
||||||
|
@ -336,12 +407,30 @@ public static String toHex(byte[] bytes) {
|
||||||
return new String(hex);
|
return new String(hex);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Deprecated
|
||||||
public static ECPublicKey toPublicECKey(byte[] bytes) throws InvalidKeySpecException {
|
public static ECPublicKey toPublicECKey(byte[] bytes) throws InvalidKeySpecException {
|
||||||
return (ECPublicKey) newECKeyFactory().generatePublic(new X509EncodedKeySpec(bytes));
|
return toPublicECDSAKey(bytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Deprecated
|
||||||
public static ECPrivateKey toPrivateECKey(byte[] bytes) throws InvalidKeySpecException {
|
public static ECPrivateKey toPrivateECKey(byte[] bytes) throws InvalidKeySpecException {
|
||||||
return (ECPrivateKey) newECKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(bytes));
|
return toPrivateECDSAKey(bytes);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static ECPublicKey toPublicECDSAKey(byte[] bytes) throws InvalidKeySpecException {
|
||||||
|
return (ECPublicKey) newECDSAKeyFactory().generatePublic(new X509EncodedKeySpec(bytes));
|
||||||
|
}
|
||||||
|
|
||||||
|
public static ECPrivateKey toPrivateECDSAKey(byte[] bytes) throws InvalidKeySpecException {
|
||||||
|
return (ECPrivateKey) newECDSAKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(bytes));
|
||||||
|
}
|
||||||
|
|
||||||
|
public static RSAPublicKey toPublicRSAKey(byte[] bytes) throws InvalidKeySpecException {
|
||||||
|
return (RSAPublicKey) newRSAKeyFactory().generatePublic(new X509EncodedKeySpec(bytes));
|
||||||
|
}
|
||||||
|
|
||||||
|
public static RSAPrivateKey toPrivateRSAKey(byte[] bytes) throws InvalidKeySpecException {
|
||||||
|
return (RSAPrivateKey) newRSAKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(bytes));
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void updateSignature(InputStream input, Signature signature) throws IOException {
|
private static void updateSignature(InputStream input, Signature signature) throws IOException {
|
||||||
|
@ -366,22 +455,33 @@ public static void verifySign(InputStream input, byte[] sign, ECPublicKey public
|
||||||
throw new SignatureException("Invalid stream sign");
|
throw new SignatureException("Invalid stream sign");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void verifySign(byte[] bytes, byte[] sign, RSAPublicKey publicKey) throws SignatureException {
|
||||||
|
if (!isValidSign(bytes, sign, publicKey))
|
||||||
|
throw new SignatureException("Invalid sign");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public static void verifySign(InputStream input, byte[] sign, RSAPublicKey publicKey) throws SignatureException, IOException {
|
||||||
|
if (!isValidSign(input, sign, publicKey))
|
||||||
|
throw new SignatureException("Invalid stream sign");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public static String verifyToken(String token) {
|
public static String verifyToken(String token) {
|
||||||
return VerifyHelper.verify(token, SecurityHelper::isValidToken, String.format("Invalid token: '%s'", token));
|
return VerifyHelper.verify(token, SecurityHelper::isValidToken, String.format("Invalid token: '%s'", token));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Cipher newECDecryptCipher(ECPrivateKey privateKey) {
|
public static Cipher newRSADecryptCipher(RSAPrivateKey privateKey) {
|
||||||
try {
|
try {
|
||||||
return newECCipher(Cipher.DECRYPT_MODE, privateKey);
|
return newRSACipher(Cipher.DECRYPT_MODE, privateKey);
|
||||||
} catch (SecurityException e) {
|
} catch (SecurityException e) {
|
||||||
throw new InternalError(e);
|
throw new InternalError(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Cipher newECEncryptCipher(ECPublicKey publicKey) {
|
public static Cipher newRSAEncryptCipher(RSAPublicKey publicKey) {
|
||||||
try {
|
try {
|
||||||
return newECCipher(Cipher.ENCRYPT_MODE, publicKey);
|
return newRSACipher(Cipher.ENCRYPT_MODE, publicKey);
|
||||||
} catch (SecurityException e) {
|
} catch (SecurityException e) {
|
||||||
throw new InternalError(e);
|
throw new InternalError(e);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue