diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/protect/StdProtectHandler.java b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/protect/StdProtectHandler.java index 0c37166e..1c197296 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/protect/StdProtectHandler.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/protect/StdProtectHandler.java @@ -4,6 +4,7 @@ import pro.gravit.utils.helper.SecurityHelper; public class StdProtectHandler extends ProtectHandler { + public boolean checkSecure = true; @Override public String generateSecureToken(AuthResponse.AuthContext context) { return SecurityHelper.randomStringToken(); @@ -21,7 +22,7 @@ public boolean verifyClientSecureToken(String token, String secureKey) { @Override public boolean allowGetAccessToken(AuthResponse.AuthContext context) { - return (context.authType == AuthResponse.ConnectTypes.CLIENT); + return (context.authType == AuthResponse.ConnectTypes.CLIENT) && (!checkSecure || context.client.isSecure); } @Override diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/binary/LauncherConfigurator.java b/LaunchServer/src/main/java/pro/gravit/launchserver/binary/LauncherConfigurator.java index 56b5e6c8..49e53c53 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/binary/LauncherConfigurator.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/binary/LauncherConfigurator.java @@ -87,6 +87,10 @@ private void setStringField(String name, String value) public void setGuardType(String key) { setStringField("guardType", key); } + public void setSecureCheck(String hash, String salt) { + setStringField("secureCheckHash", hash); + setStringField("secureCheckSalt", salt); + } private void push(final int value) { if (value >= -1 && value <= 5) diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/binary/tasks/MainBuildTask.java b/LaunchServer/src/main/java/pro/gravit/launchserver/binary/tasks/MainBuildTask.java index 0975bff7..dc27b3fb 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/binary/tasks/MainBuildTask.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/binary/tasks/MainBuildTask.java @@ -8,6 +8,8 @@ import java.nio.file.Path; import java.nio.file.SimpleFileVisitor; import java.nio.file.attribute.BasicFileAttributes; +import java.util.Arrays; +import java.util.Base64; import java.util.HashMap; import java.util.Map; import java.util.jar.JarFile; @@ -133,6 +135,11 @@ public Path process(Path inputJar) throws IOException { launcherConfigurator.setGuardType(server.config.launcher.guardType); launcherConfigurator.setWarningMissArchJava(server.config.launcher.warningMissArchJava); launcherConfigurator.setEnv(server.config.env); + String launcherSalt = SecurityHelper.randomStringToken(); + byte[] launcherSecureHash = SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA256, + server.runtime.clientCheckSecret.concat(".").concat(launcherSalt)); + launcherConfigurator.setSecureCheck(Base64.getEncoder().encodeToString(launcherSecureHash), launcherSalt); + //LogHelper.debug("[checkSecure] %s: %s", launcherSalt, Arrays.toString(launcherSecureHash)); if (server.runtime.oemUnlockKey == null) server.runtime.oemUnlockKey = SecurityHelper.randomStringToken(); launcherConfigurator.setOemUnlockKey(server.runtime.oemUnlockKey); server.buildHookManager.registerAllClientModuleClass(launcherConfigurator); diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/config/LaunchServerRuntimeConfig.java b/LaunchServer/src/main/java/pro/gravit/launchserver/config/LaunchServerRuntimeConfig.java index fdc4eb42..0e600258 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/config/LaunchServerRuntimeConfig.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/config/LaunchServerRuntimeConfig.java @@ -7,13 +7,16 @@ public class LaunchServerRuntimeConfig { public String clientToken; public String oemUnlockKey; public String registerApiKey; + public String clientCheckSecret; public void verify() { if (clientToken == null) LogHelper.error("[RuntimeConfig] clientToken must not be null"); + if (clientCheckSecret == null) { LogHelper.warning("[RuntimeConfig] clientCheckSecret must not be null"); clientCheckSecret = SecurityHelper.randomStringToken(); } } public void reset() { clientToken = SecurityHelper.randomStringToken(); registerApiKey = SecurityHelper.randomStringToken(); + clientCheckSecret = SecurityHelper.randomStringToken(); } } diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java index 7e979d66..e4ec148a 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java @@ -11,7 +11,6 @@ import io.netty.channel.ChannelHandlerContext; import pro.gravit.launcher.events.request.AuthRequestEvent; import pro.gravit.launcher.hwid.HWID; -import pro.gravit.launcher.hwid.OshiHWID; import pro.gravit.launcher.profiles.ClientProfile; import pro.gravit.launcher.request.auth.AuthRequest; import pro.gravit.launcher.request.auth.password.AuthPlainPassword; @@ -72,7 +71,7 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti AuthProviderPair pair; if (auth_id.isEmpty()) pair = server.config.getAuthProviderPair(); else pair = server.config.getAuthProviderPair(auth_id); - AuthContext context = new AuthContext(0, login, customText, client, null, ip, authType); + AuthContext context = new AuthContext(clientData, login, customText, client, hwid, ip, authType); AuthProvider provider = pair.provider; server.authHookManager.preHook.hook(context, clientData); provider.preAuth(login, password, customText, ip); @@ -131,24 +130,23 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti } public static class AuthContext { - public AuthContext(long session, String login, String customText, String client, String hwid, String ip, ConnectTypes authType) { - this.session = session; + public AuthContext(Client client, String login, String customText, String profileName, HWID hwid, String ip, ConnectTypes authType) { + this.client = client; this.login = login; this.customText = customText; - this.client = client; + this.profileName = profileName; this.hwid = hwid; this.ip = ip; this.authType = authType; } - - public long session; public String login; @Deprecated public int password_length; //Use AuthProvider for get password - public String client; - public String hwid; + public String profileName; + public HWID hwid; public String customText; public String ip; public ConnectTypes authType; + public Client client; } } diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/update/LauncherResponse.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/update/LauncherResponse.java index 9a9de042..d5974076 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/update/LauncherResponse.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/update/LauncherResponse.java @@ -8,6 +8,8 @@ import pro.gravit.launchserver.socket.Client; import pro.gravit.launchserver.socket.response.SimpleResponse; import pro.gravit.utils.Version; +import pro.gravit.utils.helper.LogHelper; +import pro.gravit.utils.helper.SecurityHelper; public class LauncherResponse extends SimpleResponse { public Version version; @@ -15,6 +17,9 @@ public class LauncherResponse extends SimpleResponse { public byte[] digest; public int launcher_type; + public String secureHash; + public String secureSalt; + @Override public String getType() { return "launcher"; @@ -33,6 +38,7 @@ public void execute(ChannelHandlerContext ctx, Client client) { if (hash == null) service.sendObjectAndClose(ctx, new LauncherRequestEvent(true, server.config.netty.launcherURL)); if (Arrays.equals(bytes, hash)) { client.checkSign = true; + client.isSecure = checkSecure(secureHash, secureSalt); sendResult(new LauncherRequestEvent(false, server.config.netty.launcherURL)); } else { sendResultAndClose(new LauncherRequestEvent(true, server.config.netty.launcherURL)); @@ -43,12 +49,21 @@ public void execute(ChannelHandlerContext ctx, Client client) { if (hash == null) sendResultAndClose(new LauncherRequestEvent(true, server.config.netty.launcherEXEURL)); if (Arrays.equals(bytes, hash)) { client.checkSign = true; + client.isSecure = checkSecure(secureHash, secureSalt); sendResult(new LauncherRequestEvent(false, server.config.netty.launcherEXEURL)); } else { sendResultAndClose(new LauncherRequestEvent(true, server.config.netty.launcherEXEURL)); } } else sendError("Request launcher type error"); - + } + private boolean checkSecure(String hash, String salt) + { + if(hash == null || salt == null) return false; + byte[] normal_hash = SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA256, + server.runtime.clientCheckSecret.concat(".").concat(salt)); + byte[] launcher_hash = Base64.getDecoder().decode(hash); + //LogHelper.debug("[checkSecure] %s vs %s", Arrays.toString(normal_hash), Arrays.toString(launcher_hash)); + return Arrays.equals(normal_hash, launcher_hash); } } diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/AutogenConfig.java b/LauncherAPI/src/main/java/pro/gravit/launcher/AutogenConfig.java index 18274403..05edd785 100644 --- a/LauncherAPI/src/main/java/pro/gravit/launcher/AutogenConfig.java +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/AutogenConfig.java @@ -10,6 +10,8 @@ public class AutogenConfig { public String guardLicenseName; public String guardLicenseKey; public String guardLicenseEncryptKey; + public String secureCheckHash; + public String secureCheckSalt; public int env; public boolean isWarningMissArchJava; // 0 - Dev (дебаг включен по умолчанию, все сообщения) diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/LauncherConfig.java b/LauncherAPI/src/main/java/pro/gravit/launcher/LauncherConfig.java index 6294bf86..6019b49d 100644 --- a/LauncherAPI/src/main/java/pro/gravit/launcher/LauncherConfig.java +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/LauncherConfig.java @@ -43,10 +43,15 @@ public static AutogenConfig getAutogenConfig() { public final String guardLicenseKey; public final String guardLicenseEncryptKey; public final String guardType; + + public final String secureCheckHash; + public final String secureCheckSalt; @LauncherAPI public LauncherConfig(HInput input) throws IOException, InvalidKeySpecException { publicKey = SecurityHelper.toPublicRSAKey(input.readByteArray(SecurityHelper.CRYPTO_MAX_LENGTH)); + secureCheckHash = config.secureCheckHash; + secureCheckSalt = config.secureCheckSalt; projectname = config.projectname; clientPort = config.clientPort; secretKeyClient = config.secretKeyClient; @@ -92,6 +97,8 @@ public LauncherConfig(String address, RSAPublicKey publicKey, Map impleme @LauncherNetworkAPI public byte[] digest; @LauncherNetworkAPI + public String secureHash; + @LauncherNetworkAPI + public String secureSalt; + @LauncherNetworkAPI public int launcher_type = EXE_BINARY ? 2 : 1; @LauncherAPI public static final Path BINARY_PATH = IOHelper.getCodeSource(Launcher.class); @@ -89,6 +93,8 @@ public LauncherRequest() { } catch (IOException e) { LogHelper.error(e); } + secureHash = Launcher.getConfig().secureCheckHash; + secureSalt = Launcher.getConfig().secureCheckSalt; } @Override