Add custom QZ Tray fork with pairing key authentication

- Custom fork of QZ Tray 2.2.x with certificate validation bypassed - Implemented pairing key (HMAC) authentication as replacement - Modified files: PrintSocketClient.java (certificate check disabled) - New files: PairingAuth.java, PairingConfigDialog.java - Excluded build artifacts (out/, lib/javafx*) from repository - Library JARs included for dependency management
2025-10-02 02:27:45 +03:00
parent 755400a269
commit c7266c32ee
444 changed files with 63195 additions and 1 deletions
--- a/tray/assets/signing/sign-message.cfm
+++ b/tray/assets/signing/sign-message.cfm
@@ -0,0 +1,73 @@
+/*
+ * ColdFusion signing example
+ * Echoes the signed message and exits
+ */
+
+// #########################################################
+// #             WARNING   WARNING   WARNING               #
+// #########################################################
+// #                                                       #
+// # This file is intended for demonstration purposes      #
+// # only.                                                 #
+// #                                                       #
+// # It is the SOLE responsibility of YOU, the programmer  #
+// # to prevent against unauthorized access to any signing #
+// # functions.                                            #
+// #                                                       #
+// # Organizations that do not protect against un-         #
+// # authorized signing will be black-listed to prevent    #
+// # software piracy.                                      #
+// #                                                       #
+// # -QZ Industries, LLC                                   #
+// #                                                       #
+// #########################################################
+
+<cfset signature = sign("private-key.pem", url.request)>
+<cfcontent type="text/plain">
+<cfoutput>#signature#</cfoutput>
+<cfscript>
+
+/**
+* Sign the given string
+* @keyPath Path to PEM formatted private key
+* @message message to be signed
+* @encoding I am the encoding used when returning the signature (base64 by default).
+* @output false
+*/
+public any function sign(required string keyPath, required string message, string algorithm = "SHA512withRSA", string encoding = "base64") {
+	// Note: change algorithm to "SHA1withRSA" for QZ Tray 2.0 and older
+	createObject("java", "java.security.Security")
+		.addProvider(createObject("java", "org.bouncycastle.jce.provider.BouncyCastleProvider").init());
+	privateKey = createPrivateKey(fileRead(expandPath(keyPath)));
+	var signer = createObject("java", "java.security.Signature").getInstance(javaCast( "string", algorithm ));
+	signer.initSign(privateKey);
+	signer.update(charsetDecode(message, "utf-8"));
+	var signedBytes = signer.sign();
+	return encoding == "binary" ? signedBytes : binaryEncode(signedBytes, encoding);
+}
+
+/**
+* Set the private key using the provided pem formatted content.
+*
+* @contents PEM key contents
+* @output false
+*/
+private any function createPrivateKey(required string contents) {
+	var pkcs8 = createObject("java", "java.security.spec.PKCS8EncodedKeySpec").init(
+		binaryDecode(stripKeyDelimiters(contents), "base64")
+	);
+
+	return createObject("java", "java.security.KeyFactory")
+		.getInstance(javaCast( "string", "RSA" )).generatePrivate(pkcs8);
+}
+
+/**
+* Strip X509 cert delimiters
+*
+* @keyText PEM formatted key data
+* @output false
+*/
+private string function stripKeyDelimiters(required string keyText) {
+	return trim(reReplace(keyText, "-----(BEGIN|END)[^\r\n]+", "", "all" ));
+}
+</cfscript>