From d10fc7cd264b992415082cc501aa0f9708db7b8b Mon Sep 17 00:00:00 2001 From: Tres Finocchiaro Date: Sun, 10 Dec 2023 13:56:45 -0500 Subject: [PATCH] Consolidate and simplify SSL cert save logic (#1223) - Consolidate and simplify cert save logic - Moves sandbox info to about/security info --- src/qz/common/AboutInfo.java | 4 +- .../certificate/CertificateManager.java | 59 +++++++++---------- 2 files changed, 30 insertions(+), 33 deletions(-) diff --git a/src/qz/common/AboutInfo.java b/src/qz/common/AboutInfo.java index 14d0a3fe2..badb95abb 100644 --- a/src/qz/common/AboutInfo.java +++ b/src/qz/common/AboutInfo.java @@ -14,6 +14,7 @@ import org.apache.logging.log4j.Logger; import qz.installer.certificate.KeyPairWrapper; import qz.installer.certificate.CertificateManager; +import qz.utils.MacUtilities; import qz.utils.StringUtilities; import qz.utils.SystemUtilities; import qz.ws.PrintSocketServer; @@ -96,7 +97,8 @@ private static JSONObject environment() throws JSONException { .put("java (location)", System.getProperty("java.home")) .put("java (vendor)", Constants.JAVA_VENDOR) .put("uptime", DurationFormatUtils.formatDurationWords(uptime, true, false)) - .put("uptimeMillis", uptime); + .put("uptimeMillis", uptime) + .put("sandbox", SystemUtilities.isMac() && MacUtilities.isSandboxed()); return environment; } diff --git a/src/qz/installer/certificate/CertificateManager.java b/src/qz/installer/certificate/CertificateManager.java index c67674c91..fb933d1c0 100644 --- a/src/qz/installer/certificate/CertificateManager.java +++ b/src/qz/installer/certificate/CertificateManager.java @@ -52,10 +52,22 @@ * Stores and maintains reading and writing of certificate related files */ public class CertificateManager { + static List SAVE_LOCATIONS = new ArrayList<>(); static { // Workaround for JDK-8266929 // See also https://github.com/qzind/tray/issues/814 SystemUtilities.clearAlgorithms(); + + // Skip shared location if running from IDE or build directory + // Prevents corrupting the version installed per https://github.com/qzind/tray/issues/1200 + if(SystemUtilities.isJar() && SystemUtilities.isInstalled()) { + // Skip install location if running from sandbox (must remain sealed) + if(!SystemUtilities.isMac() || !MacUtilities.isSandboxed()) { + SAVE_LOCATIONS.add(SystemUtilities.getJarParentPath()); + } + SAVE_LOCATIONS.add(SHARED_DIR); + } + SAVE_LOCATIONS.add(USER_DIR); } private static final Logger log = LogManager.getLogger(CertificateManager.class); @@ -336,42 +348,25 @@ public Properties writeKeystore(Properties props, KeyPairWrapper.Type type) thro return props; } - public static File getWritableLocation(String ... subDirs) throws IOException { + public static File getWritableLocation(String ... suffixes) throws IOException { // Get an array of preferred directories ArrayList locs = new ArrayList<>(); - // Sandbox is only supported on macOS currently - boolean sandboxed = false; - if(SystemUtilities.isMac()) { - sandboxed = MacUtilities.isSandboxed(); - //todo move to about security table or delete - log.debug("Running in a sandbox: {}", sandboxed); - } - - // Sandboxed installations must remain sealed, don't write to them - if (subDirs.length == 0 && !sandboxed) { - // Assume root directory is next to jar (e.g. qz-tray.properties) - Path appPath = SystemUtilities.getJarParentPath(); - // Handle null path, such as running from IDE - if(appPath != null) { - locs.add(appPath); - } - // Fallback on a directory we can normally write to - locs.add(SHARED_DIR); - locs.add(USER_DIR); + if (suffixes.length == 0) { + locs.addAll(SAVE_LOCATIONS); // Last, fallback on a directory we won't ever see again :/ locs.add(TEMP_DIR); } else { - // Assume non-root directories are for ssl (e.g. certs, keystores) - locs.add(Paths.get(SHARED_DIR.toString(), subDirs)); - // Fallback on a directory we can normally write to - locs.add(Paths.get(USER_DIR.toString(), subDirs)); + // Same as above, but with suffixes added (usually "ssl") + for(Path saveLocation : SAVE_LOCATIONS) { + locs.add(Paths.get(saveLocation.toString(), suffixes)); + } // Last, fallback on a directory we won't ever see again :/ - locs.add(Paths.get(TEMP_DIR.toString(), subDirs)); + locs.add(Paths.get(TEMP_DIR.toString(), suffixes)); } // Find a suitable write location - File path = null; + File path; for(Path loc : locs) { if (loc == null) continue; boolean isPreferred = locs.indexOf(loc) == 0; @@ -392,20 +387,20 @@ public static File getWritableLocation(String ... subDirs) throws IOException { public static Properties loadProperties(KeyPairWrapper... keyPairs) { log.info("Try to find SSL properties file..."); - Path[] locations = {SystemUtilities.getJarParentPath(), SHARED_DIR, USER_DIR}; + Properties props = null; - for(Path location : locations) { - if (location == null) continue; + for(Path loc : SAVE_LOCATIONS) { + if (loc == null) continue; try { for(KeyPairWrapper keyPair : keyPairs) { - props = loadKeyPair(keyPair, location, props); + props = loadKeyPair(keyPair, loc, props); } // We've loaded without Exception, return - log.info("Found {}/{}.properties", location, Constants.PROPS_FILE); + log.info("Found {}/{}.properties", loc, Constants.PROPS_FILE); return props; } catch(Exception ignore) { - log.warn("Properties couldn't be loaded at {}, trying fallback...", location, ignore); + log.warn("Properties couldn't be loaded at {}, trying fallback...", loc, ignore); } } log.info("Could not get SSL properties from file.");