client: verify client signature
This commit is contained in:
Adam
@@ -38,6 +38,11 @@ import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.InputStreamReader;
|
||||
import java.net.URL;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.jar.JarEntry;
|
||||
@@ -46,7 +51,9 @@ import javax.inject.Inject;
|
||||
import javax.inject.Named;
|
||||
import javax.inject.Singleton;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import static net.runelite.client.rs.ClientUpdateCheckMode.*;
|
||||
import static net.runelite.client.rs.ClientUpdateCheckMode.AUTO;
|
||||
import static net.runelite.client.rs.ClientUpdateCheckMode.NONE;
|
||||
import static net.runelite.client.rs.ClientUpdateCheckMode.VANILLA;
|
||||
import net.runelite.http.api.RuneLiteAPI;
|
||||
import okhttp3.Request;
|
||||
import okhttp3.Response;
|
||||
@@ -81,6 +88,7 @@ public class ClientLoader
|
||||
|
||||
Map<String, byte[]> zipFile = new HashMap<>();
|
||||
{
|
||||
Certificate[] jagexCertificateChain = getJagexCertificateChain();
|
||||
String codebase = config.getCodeBase();
|
||||
String initialJar = config.getInitialJar();
|
||||
URL url = new URL(codebase + initialJar);
|
||||
@@ -113,6 +121,20 @@ public class ClientLoader
|
||||
buffer.write(tmp, 0, n);
|
||||
}
|
||||
|
||||
if (!Arrays.equals(metadata.getCertificates(), jagexCertificateChain))
|
||||
{
|
||||
if (metadata.getName().startsWith("META-INF/"))
|
||||
{
|
||||
// META-INF/JAGEXLTD.SF and META-INF/JAGEXLTD.RSA are not signed, but we don't need
|
||||
// anything in META-INF anyway.
|
||||
continue;
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new VerificationException("Unable to verify jar entry: " + metadata.getName());
|
||||
}
|
||||
}
|
||||
|
||||
zipFile.put(metadata.getName(), buffer.toByteArray());
|
||||
}
|
||||
}
|
||||
@@ -201,7 +223,8 @@ public class ClientLoader
|
||||
return rs;
|
||||
}
|
||||
catch (IOException | ClassNotFoundException | InstantiationException | IllegalAccessException
|
||||
| CompressorException | InvalidHeaderException e)
|
||||
| CompressorException | InvalidHeaderException | CertificateException | VerificationException
|
||||
| SecurityException e)
|
||||
{
|
||||
if (e instanceof ClassNotFoundException)
|
||||
{
|
||||
@@ -214,4 +237,11 @@ public class ClientLoader
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private static Certificate[] getJagexCertificateChain() throws CertificateException
|
||||
{
|
||||
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
|
||||
Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(ClientLoader.class.getResourceAsStream("jagex.crt"));
|
||||
return certificates.toArray(new Certificate[certificates.size()]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
/*
|
||||
* Copyright (c) 2019, Adam <Adam@sigterm.info>
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright notice, this
|
||||
* list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
||||
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
package net.runelite.client.rs;
|
||||
|
||||
class VerificationException extends Exception
|
||||
{
|
||||
public VerificationException(String message)
|
||||
{
|
||||
super(message);
|
||||
}
|
||||
|
||||
public VerificationException(String message, Throwable cause)
|
||||
{
|
||||
super(message, cause);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user