From 6ee1aa5debe1aaa9fe2fe9180fccdf089bb8f5f9 Mon Sep 17 00:00:00 2001 From: Minecon724 Date: Thu, 13 Jun 2024 17:20:07 +0200 Subject: [PATCH] prepare for updater --- dependency-reduced-pom.xml | 68 ------------------ pom.xml | 28 ++++++++ .../m724/realweather/RealWeatherPlugin.java | 12 ++++ .../realweather/sign/SignatureValidator.java | 40 +++++++++++ testkeystore | Bin 0 -> 3690 bytes 5 files changed, 80 insertions(+), 68 deletions(-) delete mode 100644 dependency-reduced-pom.xml create mode 100644 src/main/java/eu/m724/realweather/sign/SignatureValidator.java create mode 100644 testkeystore diff --git a/dependency-reduced-pom.xml b/dependency-reduced-pom.xml deleted file mode 100644 index b7fd1c3..0000000 --- a/dependency-reduced-pom.xml +++ /dev/null @@ -1,68 +0,0 @@ - - - 4.0.0 - eu.m724 - realweather - 0.9-SNAPSHOT - - - - true - src/main/resources - - - - - maven-shade-plugin - 3.6.0 - - - package - - shade - - - - - eu.m724:wtapi - org.java-websocket:Java-WebSocket - - - - - eu.m724:* - - META-INF/MANIFEST.MF - - - - true - - - - - - - - - spigot-repo - https://hub.spigotmc.org/nexus/content/repositories/snapshots/ - - - 724rocks - https://git.724.rocks/api/packages/Minecon724/maven - - - - - org.spigotmc - spigot-api - 1.20.6-R0.1-SNAPSHOT - provided - - - - 17 - 17 - - diff --git a/pom.xml b/pom.xml index cd79c05..3b42290 100644 --- a/pom.xml +++ b/pom.xml @@ -7,6 +7,9 @@ 17 17 + ${project.basedir}/testkeystore + testkey + 123456 @@ -68,10 +71,35 @@ true + false + + org.apache.maven.plugins + maven-jarsigner-plugin + 3.0.0 + + + sign + + sign + + + + verify + + verify + + + + + ${jarsigner.keystore} + ${jarsigner.alias} + ${jarsigner.storepass} + + diff --git a/src/main/java/eu/m724/realweather/RealWeatherPlugin.java b/src/main/java/eu/m724/realweather/RealWeatherPlugin.java index a77b301..0b5f6e5 100644 --- a/src/main/java/eu/m724/realweather/RealWeatherPlugin.java +++ b/src/main/java/eu/m724/realweather/RealWeatherPlugin.java @@ -17,6 +17,7 @@ import eu.m724.realweather.commands.LocalTimeCommand; import eu.m724.realweather.mapper.Mapper; import eu.m724.realweather.mapper.MapperConfig; import eu.m724.realweather.object.UserException; +import eu.m724.realweather.sign.SignatureValidator; import eu.m724.realweather.thunder.ThunderConfig; import eu.m724.realweather.thunder.ThunderMaster; import eu.m724.realweather.time.TimeConfig; @@ -36,6 +37,17 @@ public class RealWeatherPlugin extends JavaPlugin { public void onEnable() { logger = getLogger(); + // TODO remove these lines + SignatureValidator signatureValidator = new SignatureValidator(this); + logger.info("Signature of this JAR: " + signatureValidator.getCertificate().getSubjectX500Principal().getName()); + + if (!signatureValidator.isValid()) { + logger.severe("Key is not valid"); + getServer().getPluginManager().disablePlugin(this); + return; + } + // TODO remove those lines + File dataFolder = getDataFolder(); File modulesFolder = new File("modules"); modulesFolder.mkdir(); diff --git a/src/main/java/eu/m724/realweather/sign/SignatureValidator.java b/src/main/java/eu/m724/realweather/sign/SignatureValidator.java new file mode 100644 index 0000000..3572c1c --- /dev/null +++ b/src/main/java/eu/m724/realweather/sign/SignatureValidator.java @@ -0,0 +1,40 @@ +package eu.m724.realweather.sign; + +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.cert.X509Certificate; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.X509EncodedKeySpec; +import java.util.Base64; + +import eu.m724.realweather.RealWeatherPlugin; + +// TODO rework this for updater +public class SignatureValidator { + public RealWeatherPlugin plugin; + public static final String encodedPublicKey = "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAptv/9qIJXrs/4T1MOkY1QPU/TuLsyCsJdoA2PIO1qdS3nRJBPgkRf2sK6nG1VhOaUHLXoj8lZtQQLcY76CNLqFGFmimo7RDnJjHpxHUzI9pKZJOQ9sEVCDFtoLQiit23t6MAO7GBjJXMNFLonxyay6pTABJo3VYyjg2bE4kd1wjg73RPMQY+zykaRQBUE167PAVkmuYxJK680EYmZph9kQTS12autU2qGFTvsPbmmdhtF7Xy8u84CtEucgRT9HSh0y8MuC0esMGhZtB9gsWcGET763DHtArEMekBnjByb3k+gGiG0Y1K9ygBn+nNVKP66KJGCWFuno8xy+LNiZKX4pUnrJcTyLvZg7PvjdZTye54PKkAAOACAbcFBiat38Zes5ZOKZIBEjC2IXbhfySoOn5WAk+XPsm3gVlgO9d51iOVDDBx5MCqq802lOyIGog1BlbhnGZ2+cSvFo7ZWpF0f93uG5UKBqRF+Q9cPA36SMUAoQ2DWFEZOYXwFgCXxVvFAgMBAAE="; + + public SignatureValidator(RealWeatherPlugin plugin) { + this.plugin = plugin; + } + + public X509Certificate getCertificate() { + return (X509Certificate) plugin.getClass().getProtectionDomain().getCodeSource().getCertificates()[0]; + } + + public boolean isValid() { + PublicKey currentPublicKey = getCertificate().getPublicKey(); + PublicKey expectedPublicKey = null; + + try { + X509EncodedKeySpec spec = new X509EncodedKeySpec(Base64.getDecoder().decode(encodedPublicKey)); + expectedPublicKey = KeyFactory.getInstance("RSA").generatePublic(spec); + } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + return expectedPublicKey.equals(currentPublicKey); + } +} diff --git a/testkeystore b/testkeystore new file mode 100644 index 0000000000000000000000000000000000000000..a831c4543ba2d69ddf7be61f89baa2356e92b8aa GIT binary patch literal 3690 zcma)9WmFW5(%yvyTwv)?sRg7F7oB|u-HhjfKV7A?t}m9hy}(0!02$n=8;N3I5r5#2_g}H zs;Q#+_{2>?@$|1GtRV28K}bUWQo%QytALA^jce+)24ABJ)^C3QI806ZG!nk>E^r!@ zVt`5+my~DdFSdML_daa?EK=9GIoU8$B+8M%r1G1N`H@2LE4yu}uB=bRo*VeyEh0W_ z_svH$hm`KGx?E`mjfa<4G8C-K&YPI}g==NjA1Oy&R^aG*dw&?;37)fHUR7KCb#Ejc zt)x7}BzDjfh9*vtvCJUL>2)891BnarKflT?8lX;JC+lq^rq@X&&-p z1BGim9~G_ibuPYaSn?bDfmAJ}NCRAWFK_OGU@i^sZvB%%IO@0h;#VPx`q@RyTm~Yd z+jh%5>2xvTfJ3y%@X=w*P&S|3uTS8C9VjoP4TP-+yba+mZQx;`DR0Ld4k7S2CZ* zl47@BS)x2)pG6h$TtU|59% zx3l`Er|GMBjZBcw%uu))DU5ZMQL|6Z{aPeE$Gp?=^Bcp-*!3jzdi}FnL>(&(UDwMO zIB%Fo-UKM1CyK+1Z1Y@=meo6**s678UN)gtvaMi7)RC4u_J~ieGK_%J$JUk0ai;D+ zHu_6iD&Nh#EfWN76J6$sw)2?OmuS+JKcOQk+sb=Wt*{TITKec>*1-VyDn=}Cpu+6s z?IiOq#$093tUC5bvHRnhIF8j-!RIWEl7(MN(lUaCIrLv>e4nv#Tx+<{TB#)u#Bj;`ye+7#H!S2vqD3qOoM`BRxj}u z3ayw2*eGnIXu`bwH$$~+M|~!S3?oK@ySxN^FW&Ao7vZhcDpM|^6Hwn{z6g8< zJUsYZYc1bIV(L|16RYA{`hY5its3-tey2GgR@v|5x3f}h)S#a&4nIVdb`^R1vH$%i zlxh4e9ZM_gyY}fO^vzI1|-F(S4Q>BbKZ|fL;dHD&e=1qCuGM)ZGRC-r>ms14jO+s zBJt{zZF&metflJfW_Bw*_3k1;N(sHJUoYnUT?>jGnliJ~=Q+hVR)ssthHOMNhk|`o z^K;iYpMT%AcxMI^*dnCf$d{bv8kODxdzqNCKfF5ftmZ$HkSVzy^tY>#kF*-EGc?k5 zD;Gzx&V-+;mDd!tK8u}bo-5w2l6n|)#vW^-uj(I*=Gd6X=y}@Xukg0d{6W-(m=tXb z2BAeYh|r4Yj^{Ba&7Q7-@p~eMSK8JMUur-rh{zv9+Y^KU`H*vPep_ zOuh{c#u_~!5L^m=rdTJJ#K7B~a2^B%lKZ@L_7pK4F;kzVI0PHpZ9n@=YZIUuroCXc zHp*J-gPSna$1D49()h*y|T zSVT~Sm-o2{42cW;I|&ar7m0HWL*ndX0Rex^);|dFzY%>guH#2KZNCr;v&zK0QifYv zNaf`JLiGMsdhU~twq-B0<>`2Jbm6ENw1&@JFuHUzhh4_}8iV;&O!3WIh-+J`%4JYuUhL)lf?#LvCOAF-VPj z?9`LD?~H%_F6f+Efe{pADAdfVwW6BLx|i)Kz89H`MjTHWDpGEdKo0$13?N>Jum@Xb zBZy=CKl$kc!@P7mc)DRud=U`_B~Nmhb6s*a+$w-Hip0;Q7j*rvxjl6&<;^EH|gc(NK+{ zT>nbHuoHlQM(^m7&%-6|&K6e$=TLQX!XVt9|E8*mo7>|VCxXj=`+g}XlfdI4dz{rl z7pJ8~8=9}0ndvop?pdgxIsw|y3vmHIPq4Mm+F-#xd zP*}5Ex{0r7G&+-hP{J3KHB^?Cl|7=`Ke^zry%cX#>1p0Ec)2SY=aZs6&#X$l_&#;P zd$tAZ8JMts;$T^wE8J7@aL*LZ^hTA!RydW1r%w;eBPl1ozLI1N_Kp!9Z9dW}!@fMd z>u@3!NM{I;jt%`~gj7_%VKW=K-FhPr{gEH1Yy(rF<};=#Q(r)Q2&(j%)CV*tYvkA< zsi$Cc*E7%7#!(NbAL*P9`);=`(7>TOQwS-&5;;VcT81)w3*C?9Ub%Jz6z||Q93xH`?cZoQqoaVGiIW6XF=i`oA?nU zeQCX5Q2&?q!u9C#k3&8*Uadte9mKD)(J6&X+?kbZ^xR7->^%<5TzL)V0Zdd70bo}7 zCHr&}F(3Vj^5jlkIrDVEd{sNhZ&*NmWapbE@tc#i7J?muuit`^y` ze)&m44xJp6O(KqVcY~$;Dx0PFygBbqtCQktkBTdMO!5IpG5nL zQ{Flkiar(A@u~%Nyr!2bRMT+K7L$}CN%vo|k$o%JigDG`6>Z0-7(ZU7tW;Eo8U}@b zD~%!>Go^Np+7COgfT_WFVUWN7FDxJq00d>|o6o?`)>+a5ZU!Ul(L!32H~hEDPVk8V jq_cTlTLXx~dW}q!Ld+*pMF+{1BM8OvwM{Pi_sRbk>CE05 literal 0 HcmV?d00001