[FIX] Добавление сгенерированного сертификата в trustStore

This commit is contained in:
Gravit 2019-10-27 22:33:52 +07:00
parent 625fb75f82
commit f7cfaaa543
No known key found for this signature in database
GPG key ID: 061981E1E85D3216
4 changed files with 103 additions and 39 deletions

View file

@ -41,6 +41,7 @@ public JARLauncherBinary(LaunchServer server) throws IOException {
@Override
public void init() {
tasks.add(new PrepareBuildTask(server));
if(!server.config.sign.enabled) tasks.add(new CertificateAutogenTask(server));
tasks.add(new MainBuildTask(server));
if (server.config.launcher.attachLibraryBeforeProGuard) tasks.add(new AttachJarsTask(server));
tasks.add(new ProGuardBuildTask(server));

View file

@ -0,0 +1,80 @@
package pro.gravit.launchserver.binary.tasks;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import pro.gravit.launchserver.LaunchServer;
import pro.gravit.launchserver.helper.SignHelper;
import pro.gravit.utils.helper.LogHelper;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Path;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.LocalDate;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.ArrayList;
import java.util.Date;
public class CertificateAutogenTask implements LauncherBuildTask {
private LaunchServer server;
public CertificateAutogenTask(LaunchServer server) {
this.server = server;
}
@Override
public String getName() {
return "CertificateAutogen";
}
public X509Certificate certificate;
public X509CertificateHolder bcCertificate;
public CMSSignedDataGenerator signedDataGenerator;
@Override
public Path process(Path inputFile) throws IOException {
if(signedDataGenerator != null) return inputFile;
try {
X500NameBuilder subject = new X500NameBuilder();
subject.addRDN(BCStyle.CN, server.config.projectName.concat(" Autogenerated"));
subject.addRDN(BCStyle.O, server.config.projectName);
LocalDateTime startDate = LocalDate.now().atStartOfDay();
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
subject.build(),
new BigInteger("0"),
Date.from(startDate.atZone(ZoneId.systemDefault()).toInstant()),
Date.from(startDate.plusDays(3650).atZone(ZoneId.systemDefault()).toInstant()),
new X500Name("CN=ca"),
SubjectPublicKeyInfo.getInstance(server.publicKey.getEncoded()));
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256WITHECDSA");
ContentSigner signer = csBuilder.build(server.privateKey);
bcCertificate = builder.build(signer);
certificate = new JcaX509CertificateConverter().setProvider( "BC" )
.getCertificate( bcCertificate );
ArrayList<Certificate> chain = new ArrayList<>();
chain.add(certificate);
signedDataGenerator = SignHelper.createSignedDataGenerator(server.privateKey, certificate, chain, "SHA256WITHECDSA");
} catch (OperatorCreationException | CMSException | CertificateException e) {
LogHelper.error(e);
}
return inputFile;
}
@Override
public boolean allowDelete() {
return false;
}
}

View file

@ -23,10 +23,8 @@
import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes;
import java.security.cert.CertificateEncodingException;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.security.cert.X509Certificate;
import java.util.*;
import java.util.jar.JarFile;
import java.util.stream.Collectors;
import java.util.zip.ZipEntry;
@ -138,14 +136,24 @@ public Path process(Path inputJar) throws IOException {
launcherConfigurator.setBooleanField("isWarningMissArchJava", server.config.launcher.warningMissArchJava);
launcherConfigurator.setEnv(server.config.env);
launcherConfigurator.setStringField("passwordEncryptKey", server.runtime.passwordEncryptKey);
secureConfigurator.setByteArrayListField("certificates", Arrays.stream(server.certificateManager.trustManager.getTrusted()).map(e -> {
List<byte[]> certificates = Arrays.stream(server.certificateManager.trustManager.getTrusted()).map(e -> {
try {
return e.getEncoded();
} catch (CertificateEncodingException e2) {
LogHelper.error(e2);
return new byte[0];
}
}).collect(Collectors.toList()));
}).collect(Collectors.toList());
if(!server.config.sign.enabled)
{
CertificateAutogenTask task = TaskUtil.getTaskByClass(server.launcherBinary.tasks, CertificateAutogenTask.class).get(0);
try {
certificates.add(task.certificate.getEncoded());
} catch (CertificateEncodingException e) {
throw new InternalError(e);
}
}
secureConfigurator.setByteArrayListField("certificates", certificates);
String launcherSalt = SecurityHelper.randomStringToken();
byte[] launcherSecureHash = SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA256,
server.runtime.clientCheckSecret.concat(".").concat(launcherSalt));

View file

@ -91,11 +91,8 @@ private void stdSign(LaunchServerConfig.JarSignerConf config, Path inputFile, Pa
}
private void autoSign(Path inputFile, Path signedFile) throws IOException {
try (SignerJar output = new SignerJar(new ZipOutputStream(IOHelper.newOutput(signedFile)), () -> {
try {
return genCertificate(srv.config.projectName, srv.publicKey, srv.privateKey);
} catch (OperatorCreationException | CertificateException | CMSException e) {
throw new InternalError(e);
}
CertificateAutogenTask task = TaskUtil.getTaskByClass(srv.launcherBinary.tasks, CertificateAutogenTask.class).get(0);
return task.signedDataGenerator;
},
"AUTOGEN.SF", "AUTOGEN.EC");
ZipInputStream input = new ZipInputStream(IOHelper.newInput(inputFile))) {
@ -129,26 +126,4 @@ public static CMSSignedDataGenerator gen(LaunchServerConfig.JarSignerConf config
return null;
}
}
public static CMSSignedDataGenerator genCertificate(String projectName, ECPublicKey publicKey, ECPrivateKey privateKey) throws OperatorCreationException, CertificateException, CMSException {
X500NameBuilder subject = new X500NameBuilder();
subject.addRDN(BCStyle.CN, projectName.concat(" Autogenerated"));
subject.addRDN(BCStyle.O, projectName);
LocalDateTime startDate = LocalDate.now().atStartOfDay();
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
subject.build(),
new BigInteger("0"),
Date.from(startDate.atZone(ZoneId.systemDefault()).toInstant()),
Date.from(startDate.plusDays(3650).atZone(ZoneId.systemDefault()).toInstant()),
new X500Name("CN=ca"),
SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256WITHECDSA");
ContentSigner signer = csBuilder.build(privateKey);
X509CertificateHolder certificate = builder.build(signer);
X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider( "BC" )
.getCertificate( certificate );
ArrayList<Certificate> chain = new ArrayList<>();
chain.add(x509Certificate);
return SignHelper.createSignedDataGenerator(privateKey, x509Certificate, chain, "SHA256WITHECDSA");
}
}