mirror of
https://github.com/GravitLauncher/Launcher
synced 2025-01-09 00:59:44 +03:00
[FIX] Добавление сгенерированного сертификата в trustStore
This commit is contained in:
parent
625fb75f82
commit
f7cfaaa543
4 changed files with 103 additions and 39 deletions
|
@ -41,6 +41,7 @@ public JARLauncherBinary(LaunchServer server) throws IOException {
|
||||||
@Override
|
@Override
|
||||||
public void init() {
|
public void init() {
|
||||||
tasks.add(new PrepareBuildTask(server));
|
tasks.add(new PrepareBuildTask(server));
|
||||||
|
if(!server.config.sign.enabled) tasks.add(new CertificateAutogenTask(server));
|
||||||
tasks.add(new MainBuildTask(server));
|
tasks.add(new MainBuildTask(server));
|
||||||
if (server.config.launcher.attachLibraryBeforeProGuard) tasks.add(new AttachJarsTask(server));
|
if (server.config.launcher.attachLibraryBeforeProGuard) tasks.add(new AttachJarsTask(server));
|
||||||
tasks.add(new ProGuardBuildTask(server));
|
tasks.add(new ProGuardBuildTask(server));
|
||||||
|
|
|
@ -0,0 +1,80 @@
|
||||||
|
package pro.gravit.launchserver.binary.tasks;
|
||||||
|
|
||||||
|
import org.bouncycastle.asn1.x500.X500Name;
|
||||||
|
import org.bouncycastle.asn1.x500.X500NameBuilder;
|
||||||
|
import org.bouncycastle.asn1.x500.style.BCStyle;
|
||||||
|
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
|
||||||
|
import org.bouncycastle.cert.X509CertificateHolder;
|
||||||
|
import org.bouncycastle.cert.X509v3CertificateBuilder;
|
||||||
|
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
|
||||||
|
import org.bouncycastle.cms.CMSException;
|
||||||
|
import org.bouncycastle.cms.CMSSignedDataGenerator;
|
||||||
|
import org.bouncycastle.operator.ContentSigner;
|
||||||
|
import org.bouncycastle.operator.OperatorCreationException;
|
||||||
|
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
|
||||||
|
import pro.gravit.launchserver.LaunchServer;
|
||||||
|
import pro.gravit.launchserver.helper.SignHelper;
|
||||||
|
import pro.gravit.utils.helper.LogHelper;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.math.BigInteger;
|
||||||
|
import java.nio.file.Path;
|
||||||
|
import java.security.cert.Certificate;
|
||||||
|
import java.security.cert.CertificateEncodingException;
|
||||||
|
import java.security.cert.CertificateException;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.time.LocalDate;
|
||||||
|
import java.time.LocalDateTime;
|
||||||
|
import java.time.ZoneId;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
public class CertificateAutogenTask implements LauncherBuildTask {
|
||||||
|
private LaunchServer server;
|
||||||
|
|
||||||
|
public CertificateAutogenTask(LaunchServer server) {
|
||||||
|
this.server = server;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getName() {
|
||||||
|
return "CertificateAutogen";
|
||||||
|
}
|
||||||
|
public X509Certificate certificate;
|
||||||
|
public X509CertificateHolder bcCertificate;
|
||||||
|
public CMSSignedDataGenerator signedDataGenerator;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Path process(Path inputFile) throws IOException {
|
||||||
|
if(signedDataGenerator != null) return inputFile;
|
||||||
|
try {
|
||||||
|
X500NameBuilder subject = new X500NameBuilder();
|
||||||
|
subject.addRDN(BCStyle.CN, server.config.projectName.concat(" Autogenerated"));
|
||||||
|
subject.addRDN(BCStyle.O, server.config.projectName);
|
||||||
|
LocalDateTime startDate = LocalDate.now().atStartOfDay();
|
||||||
|
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
|
||||||
|
subject.build(),
|
||||||
|
new BigInteger("0"),
|
||||||
|
Date.from(startDate.atZone(ZoneId.systemDefault()).toInstant()),
|
||||||
|
Date.from(startDate.plusDays(3650).atZone(ZoneId.systemDefault()).toInstant()),
|
||||||
|
new X500Name("CN=ca"),
|
||||||
|
SubjectPublicKeyInfo.getInstance(server.publicKey.getEncoded()));
|
||||||
|
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256WITHECDSA");
|
||||||
|
ContentSigner signer = csBuilder.build(server.privateKey);
|
||||||
|
bcCertificate = builder.build(signer);
|
||||||
|
certificate = new JcaX509CertificateConverter().setProvider( "BC" )
|
||||||
|
.getCertificate( bcCertificate );
|
||||||
|
ArrayList<Certificate> chain = new ArrayList<>();
|
||||||
|
chain.add(certificate);
|
||||||
|
signedDataGenerator = SignHelper.createSignedDataGenerator(server.privateKey, certificate, chain, "SHA256WITHECDSA");
|
||||||
|
} catch (OperatorCreationException | CMSException | CertificateException e) {
|
||||||
|
LogHelper.error(e);
|
||||||
|
}
|
||||||
|
return inputFile;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean allowDelete() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
|
@ -23,10 +23,8 @@
|
||||||
import java.nio.file.SimpleFileVisitor;
|
import java.nio.file.SimpleFileVisitor;
|
||||||
import java.nio.file.attribute.BasicFileAttributes;
|
import java.nio.file.attribute.BasicFileAttributes;
|
||||||
import java.security.cert.CertificateEncodingException;
|
import java.security.cert.CertificateEncodingException;
|
||||||
import java.util.Arrays;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Base64;
|
import java.util.*;
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.jar.JarFile;
|
import java.util.jar.JarFile;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
import java.util.zip.ZipEntry;
|
import java.util.zip.ZipEntry;
|
||||||
|
@ -138,14 +136,24 @@ public Path process(Path inputJar) throws IOException {
|
||||||
launcherConfigurator.setBooleanField("isWarningMissArchJava", server.config.launcher.warningMissArchJava);
|
launcherConfigurator.setBooleanField("isWarningMissArchJava", server.config.launcher.warningMissArchJava);
|
||||||
launcherConfigurator.setEnv(server.config.env);
|
launcherConfigurator.setEnv(server.config.env);
|
||||||
launcherConfigurator.setStringField("passwordEncryptKey", server.runtime.passwordEncryptKey);
|
launcherConfigurator.setStringField("passwordEncryptKey", server.runtime.passwordEncryptKey);
|
||||||
secureConfigurator.setByteArrayListField("certificates", Arrays.stream(server.certificateManager.trustManager.getTrusted()).map(e -> {
|
List<byte[]> certificates = Arrays.stream(server.certificateManager.trustManager.getTrusted()).map(e -> {
|
||||||
try {
|
try {
|
||||||
return e.getEncoded();
|
return e.getEncoded();
|
||||||
} catch (CertificateEncodingException e2) {
|
} catch (CertificateEncodingException e2) {
|
||||||
LogHelper.error(e2);
|
LogHelper.error(e2);
|
||||||
return new byte[0];
|
return new byte[0];
|
||||||
}
|
}
|
||||||
}).collect(Collectors.toList()));
|
}).collect(Collectors.toList());
|
||||||
|
if(!server.config.sign.enabled)
|
||||||
|
{
|
||||||
|
CertificateAutogenTask task = TaskUtil.getTaskByClass(server.launcherBinary.tasks, CertificateAutogenTask.class).get(0);
|
||||||
|
try {
|
||||||
|
certificates.add(task.certificate.getEncoded());
|
||||||
|
} catch (CertificateEncodingException e) {
|
||||||
|
throw new InternalError(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
secureConfigurator.setByteArrayListField("certificates", certificates);
|
||||||
String launcherSalt = SecurityHelper.randomStringToken();
|
String launcherSalt = SecurityHelper.randomStringToken();
|
||||||
byte[] launcherSecureHash = SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA256,
|
byte[] launcherSecureHash = SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA256,
|
||||||
server.runtime.clientCheckSecret.concat(".").concat(launcherSalt));
|
server.runtime.clientCheckSecret.concat(".").concat(launcherSalt));
|
||||||
|
|
|
@ -91,11 +91,8 @@ private void stdSign(LaunchServerConfig.JarSignerConf config, Path inputFile, Pa
|
||||||
}
|
}
|
||||||
private void autoSign(Path inputFile, Path signedFile) throws IOException {
|
private void autoSign(Path inputFile, Path signedFile) throws IOException {
|
||||||
try (SignerJar output = new SignerJar(new ZipOutputStream(IOHelper.newOutput(signedFile)), () -> {
|
try (SignerJar output = new SignerJar(new ZipOutputStream(IOHelper.newOutput(signedFile)), () -> {
|
||||||
try {
|
CertificateAutogenTask task = TaskUtil.getTaskByClass(srv.launcherBinary.tasks, CertificateAutogenTask.class).get(0);
|
||||||
return genCertificate(srv.config.projectName, srv.publicKey, srv.privateKey);
|
return task.signedDataGenerator;
|
||||||
} catch (OperatorCreationException | CertificateException | CMSException e) {
|
|
||||||
throw new InternalError(e);
|
|
||||||
}
|
|
||||||
},
|
},
|
||||||
"AUTOGEN.SF", "AUTOGEN.EC");
|
"AUTOGEN.SF", "AUTOGEN.EC");
|
||||||
ZipInputStream input = new ZipInputStream(IOHelper.newInput(inputFile))) {
|
ZipInputStream input = new ZipInputStream(IOHelper.newInput(inputFile))) {
|
||||||
|
@ -129,26 +126,4 @@ public static CMSSignedDataGenerator gen(LaunchServerConfig.JarSignerConf config
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
public static CMSSignedDataGenerator genCertificate(String projectName, ECPublicKey publicKey, ECPrivateKey privateKey) throws OperatorCreationException, CertificateException, CMSException {
|
|
||||||
|
|
||||||
X500NameBuilder subject = new X500NameBuilder();
|
|
||||||
subject.addRDN(BCStyle.CN, projectName.concat(" Autogenerated"));
|
|
||||||
subject.addRDN(BCStyle.O, projectName);
|
|
||||||
LocalDateTime startDate = LocalDate.now().atStartOfDay();
|
|
||||||
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
|
|
||||||
subject.build(),
|
|
||||||
new BigInteger("0"),
|
|
||||||
Date.from(startDate.atZone(ZoneId.systemDefault()).toInstant()),
|
|
||||||
Date.from(startDate.plusDays(3650).atZone(ZoneId.systemDefault()).toInstant()),
|
|
||||||
new X500Name("CN=ca"),
|
|
||||||
SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
|
|
||||||
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256WITHECDSA");
|
|
||||||
ContentSigner signer = csBuilder.build(privateKey);
|
|
||||||
X509CertificateHolder certificate = builder.build(signer);
|
|
||||||
X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider( "BC" )
|
|
||||||
.getCertificate( certificate );
|
|
||||||
ArrayList<Certificate> chain = new ArrayList<>();
|
|
||||||
chain.add(x509Certificate);
|
|
||||||
return SignHelper.createSignedDataGenerator(privateKey, x509Certificate, chain, "SHA256WITHECDSA");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue