Mirror von
https://github.com/GeyserMC/Geyser.git
synchronisiert 2024-11-20 06:50:09 +01:00
Commit
02fc6c2427
@ -25,8 +25,6 @@
|
|||||||
|
|
||||||
package org.geysermc.connector;
|
package org.geysermc.connector;
|
||||||
|
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
|
||||||
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
|
|
||||||
import com.nukkitx.protocol.bedrock.BedrockPacketCodec;
|
import com.nukkitx.protocol.bedrock.BedrockPacketCodec;
|
||||||
import com.nukkitx.protocol.bedrock.BedrockServer;
|
import com.nukkitx.protocol.bedrock.BedrockServer;
|
||||||
import com.nukkitx.protocol.bedrock.v361.Bedrock_v361;
|
import com.nukkitx.protocol.bedrock.v361.Bedrock_v361;
|
||||||
@ -47,9 +45,11 @@ import org.geysermc.connector.network.translators.TranslatorsInit;
|
|||||||
import org.geysermc.connector.plugin.GeyserPluginLoader;
|
import org.geysermc.connector.plugin.GeyserPluginLoader;
|
||||||
import org.geysermc.connector.plugin.GeyserPluginManager;
|
import org.geysermc.connector.plugin.GeyserPluginManager;
|
||||||
import org.geysermc.connector.thread.PingPassthroughThread;
|
import org.geysermc.connector.thread.PingPassthroughThread;
|
||||||
|
import org.geysermc.connector.utils.FileUtils;
|
||||||
import org.geysermc.connector.utils.Toolbox;
|
import org.geysermc.connector.utils.Toolbox;
|
||||||
|
|
||||||
import java.io.*;
|
import java.io.File;
|
||||||
|
import java.io.IOException;
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.util.concurrent.Executors;
|
import java.util.concurrent.Executors;
|
||||||
import java.util.concurrent.ScheduledExecutorService;
|
import java.util.concurrent.ScheduledExecutorService;
|
||||||
@ -112,21 +112,11 @@ public class GeyserConnector implements Connector {
|
|||||||
logger.info("******************************************");
|
logger.info("******************************************");
|
||||||
|
|
||||||
try {
|
try {
|
||||||
File configFile = new File("config.yml");
|
File configFile = FileUtils.fileOrCopiedFromResource("config.yml");
|
||||||
if (!configFile.exists()) {
|
|
||||||
FileOutputStream fos = new FileOutputStream(configFile);
|
|
||||||
InputStream is = GeyserConnector.class.getResourceAsStream("/config.yml");
|
|
||||||
int data;
|
|
||||||
while ((data = is.read()) != -1)
|
|
||||||
fos.write(data);
|
|
||||||
is.close();
|
|
||||||
fos.close();
|
|
||||||
}
|
|
||||||
|
|
||||||
ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
|
config = FileUtils.loadConfig(configFile, GeyserConfiguration.class);
|
||||||
config = objectMapper.readValue(configFile, GeyserConfiguration.class);
|
|
||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
logger.severe("Failed to create config.yml! Make sure it's up to date and writable!");
|
logger.severe("Failed to read/create config.yml! Make sure it's up to date and/or readable+writable!");
|
||||||
shutdown();
|
shutdown();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -28,12 +28,16 @@ package org.geysermc.connector.configuration;
|
|||||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
|
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
@Getter
|
@Getter
|
||||||
public class GeyserConfiguration {
|
public class GeyserConfiguration {
|
||||||
|
|
||||||
private BedrockConfiguration bedrock;
|
private BedrockConfiguration bedrock;
|
||||||
private RemoteConfiguration remote;
|
private RemoteConfiguration remote;
|
||||||
|
|
||||||
|
private Map<String, UserAuthenticationInfo> userAuths;
|
||||||
|
|
||||||
@JsonProperty("ping-passthrough")
|
@JsonProperty("ping-passthrough")
|
||||||
private boolean pingPassthrough;
|
private boolean pingPassthrough;
|
||||||
|
|
||||||
|
@ -0,0 +1,31 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2019 GeyserMC. http://geysermc.org
|
||||||
|
*
|
||||||
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
* of this software and associated documentation files (the "Software"), to deal
|
||||||
|
* in the Software without restriction, including without limitation the rights
|
||||||
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
* copies of the Software, and to permit persons to whom the Software is
|
||||||
|
* furnished to do so, subject to the following conditions:
|
||||||
|
*
|
||||||
|
* The above copyright notice and this permission notice shall be included in
|
||||||
|
* all copies or substantial portions of the Software.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||||
|
* THE SOFTWARE.
|
||||||
|
*
|
||||||
|
* @author GeyserMC
|
||||||
|
* @link https://github.com/GeyserMC/Geyser
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.geysermc.connector.configuration;
|
||||||
|
|
||||||
|
public class UserAuthenticationInfo {
|
||||||
|
public String email;
|
||||||
|
public String password;
|
||||||
|
}
|
@ -25,36 +25,14 @@
|
|||||||
|
|
||||||
package org.geysermc.connector.network;
|
package org.geysermc.connector.network;
|
||||||
|
|
||||||
import com.fasterxml.jackson.databind.JsonNode;
|
|
||||||
import com.fasterxml.jackson.databind.node.JsonNodeType;
|
|
||||||
import com.nimbusds.jose.JWSObject;
|
|
||||||
import com.nukkitx.protocol.bedrock.BedrockPacket;
|
import com.nukkitx.protocol.bedrock.BedrockPacket;
|
||||||
import com.nukkitx.protocol.bedrock.packet.*;
|
import com.nukkitx.protocol.bedrock.packet.*;
|
||||||
import com.nukkitx.protocol.bedrock.util.EncryptionUtils;
|
|
||||||
import net.minidev.json.JSONObject;
|
|
||||||
import org.geysermc.api.events.player.PlayerFormResponseEvent;
|
|
||||||
import org.geysermc.api.window.CustomFormBuilder;
|
|
||||||
import org.geysermc.api.window.CustomFormWindow;
|
|
||||||
import org.geysermc.api.window.FormWindow;
|
|
||||||
import org.geysermc.api.window.component.InputComponent;
|
|
||||||
import org.geysermc.api.window.component.LabelComponent;
|
|
||||||
import org.geysermc.api.window.response.CustomFormResponse;
|
|
||||||
import org.geysermc.connector.GeyserConnector;
|
import org.geysermc.connector.GeyserConnector;
|
||||||
|
import org.geysermc.connector.configuration.UserAuthenticationInfo;
|
||||||
import org.geysermc.connector.network.session.GeyserSession;
|
import org.geysermc.connector.network.session.GeyserSession;
|
||||||
import org.geysermc.connector.network.session.auth.BedrockAuthData;
|
|
||||||
import org.geysermc.connector.network.session.cache.WindowCache;
|
|
||||||
import org.geysermc.connector.network.translators.Registry;
|
import org.geysermc.connector.network.translators.Registry;
|
||||||
import org.geysermc.connector.utils.LoginEncryptionUtils;
|
import org.geysermc.connector.utils.LoginEncryptionUtils;
|
||||||
|
|
||||||
import javax.crypto.SecretKey;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.security.KeyPair;
|
|
||||||
import java.security.KeyPairGenerator;
|
|
||||||
import java.security.PublicKey;
|
|
||||||
import java.security.interfaces.ECPublicKey;
|
|
||||||
import java.security.spec.ECGenParameterSpec;
|
|
||||||
import java.util.UUID;
|
|
||||||
|
|
||||||
public class UpstreamPacketHandler extends LoggingPacketHandler {
|
public class UpstreamPacketHandler extends LoggingPacketHandler {
|
||||||
|
|
||||||
public UpstreamPacketHandler(GeyserConnector connector, GeyserSession session) {
|
public UpstreamPacketHandler(GeyserConnector connector, GeyserSession session) {
|
||||||
@ -75,49 +53,7 @@ public class UpstreamPacketHandler extends LoggingPacketHandler {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
JsonNode certData;
|
LoginEncryptionUtils.encryptPlayerConnection(connector, session, loginPacket);
|
||||||
try {
|
|
||||||
certData = LoginEncryptionUtils.JSON_MAPPER.readTree(loginPacket.getChainData().toByteArray());
|
|
||||||
} catch (IOException ex) {
|
|
||||||
throw new RuntimeException("Certificate JSON can not be read.");
|
|
||||||
}
|
|
||||||
|
|
||||||
JsonNode certChainData = certData.get("chain");
|
|
||||||
if (certChainData.getNodeType() != JsonNodeType.ARRAY) {
|
|
||||||
throw new RuntimeException("Certificate data is not valid");
|
|
||||||
}
|
|
||||||
|
|
||||||
boolean validChain;
|
|
||||||
try {
|
|
||||||
validChain = LoginEncryptionUtils.validateChainData(certChainData);
|
|
||||||
|
|
||||||
connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
|
|
||||||
|
|
||||||
JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
|
|
||||||
JsonNode payload = LoginEncryptionUtils.JSON_MAPPER.readTree(jwt.getPayload().toBytes());
|
|
||||||
|
|
||||||
if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
|
|
||||||
throw new RuntimeException("AuthData was not found!");
|
|
||||||
}
|
|
||||||
|
|
||||||
JSONObject extraData = (JSONObject) jwt.getPayload().toJSONObject().get("extraData");
|
|
||||||
session.setAuthenticationData(new BedrockAuthData(extraData.getAsString("displayName"), UUID.fromString(extraData.getAsString("identity")), extraData.getAsString("XUID")));
|
|
||||||
|
|
||||||
if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
|
|
||||||
throw new RuntimeException("Identity Public Key was not found!");
|
|
||||||
}
|
|
||||||
|
|
||||||
ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue());
|
|
||||||
JWSObject clientJwt = JWSObject.parse(loginPacket.getSkinData().toString());
|
|
||||||
EncryptionUtils.verifyJwt(clientJwt, identityPublicKey);
|
|
||||||
|
|
||||||
if (EncryptionUtils.canUseEncryption()) {
|
|
||||||
startEncryptionHandshake(identityPublicKey);
|
|
||||||
}
|
|
||||||
} catch (Exception ex) {
|
|
||||||
session.disconnect("disconnectionScreen.internalError.cantConnect");
|
|
||||||
throw new RuntimeException("Unable to complete login", ex);
|
|
||||||
}
|
|
||||||
|
|
||||||
PlayStatusPacket playStatus = new PlayStatusPacket();
|
PlayStatusPacket playStatus = new PlayStatusPacket();
|
||||||
playStatus.setStatus(PlayStatusPacket.Status.LOGIN_SUCCESS);
|
playStatus.setStatus(PlayStatusPacket.Status.LOGIN_SUCCESS);
|
||||||
@ -153,63 +89,41 @@ public class UpstreamPacketHandler extends LoggingPacketHandler {
|
|||||||
@Override
|
@Override
|
||||||
public boolean handle(ModalFormResponsePacket packet) {
|
public boolean handle(ModalFormResponsePacket packet) {
|
||||||
connector.getLogger().debug("Handled packet: " + packet.getClass().getSimpleName());
|
connector.getLogger().debug("Handled packet: " + packet.getClass().getSimpleName());
|
||||||
WindowCache windowCache = session.getWindowCache();
|
return LoginEncryptionUtils.authenticateFromForm(session, connector, packet.getFormData());
|
||||||
if (!windowCache.getWindows().containsKey(packet.getFormId()))
|
}
|
||||||
return false;
|
|
||||||
|
|
||||||
FormWindow window = windowCache.getWindows().remove(packet.getFormId());
|
private boolean couldLoginUserByName(String bedrockUsername) {
|
||||||
window.setResponse(packet.getFormData().trim());
|
if (connector.getConfig().getUserAuths() != null) {
|
||||||
|
UserAuthenticationInfo info = connector.getConfig().getUserAuths().get(bedrockUsername);
|
||||||
|
|
||||||
if (session.isLoggedIn()) {
|
if (info != null) {
|
||||||
PlayerFormResponseEvent event = new PlayerFormResponseEvent(session, packet.getFormId(), window);
|
connector.getLogger().info("using stored credentials for bedrock user " + session.getAuthenticationData().getName());
|
||||||
connector.getPluginManager().runEvent(event);
|
session.authenticate(info.email, info.password);
|
||||||
} else {
|
|
||||||
if (window instanceof CustomFormWindow) {
|
|
||||||
CustomFormWindow customFormWindow = (CustomFormWindow) window;
|
|
||||||
if (!customFormWindow.getTitle().equals("Login"))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
CustomFormResponse response = (CustomFormResponse) customFormWindow.getResponse();
|
// TODO send a message to bedrock user telling them they are connected (if nothing like a motd
|
||||||
session.authenticate(response.getInputResponses().get(2), response.getInputResponses().get(3));
|
// somes from the Java server w/in a few seconds)
|
||||||
|
return true;
|
||||||
// Clear windows so authentication data isn't accidentally cached
|
|
||||||
windowCache.getWindows().clear();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return true;
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean handle(MovePlayerPacket packet) {
|
public boolean handle(MovePlayerPacket packet) {
|
||||||
connector.getLogger().debug("Handled packet: " + packet.getClass().getSimpleName());
|
connector.getLogger().debug("Handled packet: " + packet.getClass().getSimpleName());
|
||||||
if (!session.isLoggedIn()) {
|
if (!session.isLoggedIn()) {
|
||||||
CustomFormWindow window = new CustomFormBuilder("Login")
|
// TODO it is safer to key authentication on something that won't change (UUID, not username)
|
||||||
.addComponent(new LabelComponent("Minecraft: Java Edition account authentication."))
|
if (!couldLoginUserByName(session.getAuthenticationData().getName())) {
|
||||||
.addComponent(new LabelComponent("Enter the credentials for your Minecraft: Java Edition account below."))
|
LoginEncryptionUtils.showLoginWindow(session);
|
||||||
.addComponent(new InputComponent("Email/Username", "account@geysermc.org", ""))
|
}
|
||||||
.addComponent(new InputComponent("Password", "123456", ""))
|
// else we were able to log the user in
|
||||||
.build();
|
|
||||||
|
|
||||||
session.sendForm(window, 1);
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
private void startEncryptionHandshake(PublicKey key) throws Exception {
|
|
||||||
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
|
|
||||||
generator.initialize(new ECGenParameterSpec("secp384r1"));
|
|
||||||
KeyPair serverKeyPair = generator.generateKeyPair();
|
|
||||||
|
|
||||||
byte[] token = EncryptionUtils.generateRandomToken();
|
|
||||||
SecretKey encryptionKey = EncryptionUtils.getSecretKey(serverKeyPair.getPrivate(), key, token);
|
|
||||||
session.getUpstream().enableEncryption(encryptionKey);
|
|
||||||
|
|
||||||
ServerToClientHandshakePacket packet = new ServerToClientHandshakePacket();
|
|
||||||
packet.setJwt(EncryptionUtils.createHandshakeJwt(serverKeyPair, token).serialize());
|
|
||||||
session.getUpstream().sendPacketImmediately(packet);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean handle(AnimatePacket packet) {
|
public boolean handle(AnimatePacket packet) {
|
||||||
return translateAndDefault(packet);
|
return translateAndDefault(packet);
|
||||||
|
@ -158,8 +158,12 @@ public class GeyserSession implements PlayerSession, Player {
|
|||||||
public void disconnect(String reason) {
|
public void disconnect(String reason) {
|
||||||
if (!closed) {
|
if (!closed) {
|
||||||
loggedIn = false;
|
loggedIn = false;
|
||||||
downstream.getSession().disconnect(reason);
|
if (downstream != null && downstream.getSession() != null) {
|
||||||
upstream.disconnect(reason);
|
downstream.getSession().disconnect(reason);
|
||||||
|
}
|
||||||
|
if (upstream != null) {
|
||||||
|
upstream.disconnect(reason);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
35
connector/src/main/java/org/geysermc/connector/utils/FileUtils.java
Normale Datei
35
connector/src/main/java/org/geysermc/connector/utils/FileUtils.java
Normale Datei
@ -0,0 +1,35 @@
|
|||||||
|
package org.geysermc.connector.utils;
|
||||||
|
|
||||||
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
|
||||||
|
import org.geysermc.connector.GeyserConnector;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.FileOutputStream;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
|
||||||
|
public class FileUtils {
|
||||||
|
public static <T> T loadConfig(File src, Class<T> valueType) throws IOException {
|
||||||
|
ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
|
||||||
|
return objectMapper.readValue(src, valueType);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static File fileOrCopiedFromResource(String name) throws IOException {
|
||||||
|
File file = new File(name);
|
||||||
|
if (!file.exists()) {
|
||||||
|
FileOutputStream fos = new FileOutputStream(file);
|
||||||
|
InputStream is = GeyserConnector.class.getResourceAsStream("/" + name); // resources need leading "/" prefix
|
||||||
|
|
||||||
|
int data;
|
||||||
|
while ((data = is.read()) != -1)
|
||||||
|
fos.write(data);
|
||||||
|
is.close();
|
||||||
|
fos.close();
|
||||||
|
}
|
||||||
|
|
||||||
|
return file;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
@ -6,15 +6,35 @@ import com.fasterxml.jackson.databind.ObjectMapper;
|
|||||||
import com.fasterxml.jackson.databind.node.JsonNodeType;
|
import com.fasterxml.jackson.databind.node.JsonNodeType;
|
||||||
import com.nimbusds.jose.JWSObject;
|
import com.nimbusds.jose.JWSObject;
|
||||||
import com.nukkitx.network.util.Preconditions;
|
import com.nukkitx.network.util.Preconditions;
|
||||||
|
import com.nukkitx.protocol.bedrock.packet.LoginPacket;
|
||||||
|
import com.nukkitx.protocol.bedrock.packet.ServerToClientHandshakePacket;
|
||||||
import com.nukkitx.protocol.bedrock.util.EncryptionUtils;
|
import com.nukkitx.protocol.bedrock.util.EncryptionUtils;
|
||||||
|
import net.minidev.json.JSONObject;
|
||||||
|
import org.geysermc.api.events.player.PlayerFormResponseEvent;
|
||||||
|
import org.geysermc.api.window.CustomFormBuilder;
|
||||||
|
import org.geysermc.api.window.CustomFormWindow;
|
||||||
|
import org.geysermc.api.window.FormWindow;
|
||||||
|
import org.geysermc.api.window.component.InputComponent;
|
||||||
|
import org.geysermc.api.window.component.LabelComponent;
|
||||||
|
import org.geysermc.api.window.response.CustomFormResponse;
|
||||||
|
import org.geysermc.connector.GeyserConnector;
|
||||||
|
import org.geysermc.connector.network.session.GeyserSession;
|
||||||
|
import org.geysermc.connector.network.session.auth.BedrockAuthData;
|
||||||
|
import org.geysermc.connector.network.session.cache.WindowCache;
|
||||||
|
|
||||||
|
import javax.crypto.SecretKey;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.security.KeyPair;
|
||||||
|
import java.security.KeyPairGenerator;
|
||||||
|
import java.security.PublicKey;
|
||||||
import java.security.interfaces.ECPublicKey;
|
import java.security.interfaces.ECPublicKey;
|
||||||
|
import java.security.spec.ECGenParameterSpec;
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
public class LoginEncryptionUtils {
|
public class LoginEncryptionUtils {
|
||||||
|
private static final ObjectMapper JSON_MAPPER = new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
|
||||||
|
|
||||||
public static final ObjectMapper JSON_MAPPER = new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
|
private static boolean validateChainData(JsonNode data) throws Exception {
|
||||||
|
|
||||||
public static boolean validateChainData(JsonNode data) throws Exception {
|
|
||||||
ECPublicKey lastKey = null;
|
ECPublicKey lastKey = null;
|
||||||
boolean validChain = false;
|
boolean validChain = false;
|
||||||
for (JsonNode node : data) {
|
for (JsonNode node : data) {
|
||||||
@ -35,4 +55,115 @@ public class LoginEncryptionUtils {
|
|||||||
}
|
}
|
||||||
return validChain;
|
return validChain;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void encryptPlayerConnection(GeyserConnector connector, GeyserSession session, LoginPacket loginPacket) {
|
||||||
|
JsonNode certData;
|
||||||
|
try {
|
||||||
|
certData = JSON_MAPPER.readTree(loginPacket.getChainData().toByteArray());
|
||||||
|
} catch (IOException ex) {
|
||||||
|
throw new RuntimeException("Certificate JSON can not be read.");
|
||||||
|
}
|
||||||
|
|
||||||
|
JsonNode certChainData = certData.get("chain");
|
||||||
|
if (certChainData.getNodeType() != JsonNodeType.ARRAY) {
|
||||||
|
throw new RuntimeException("Certificate data is not valid");
|
||||||
|
}
|
||||||
|
|
||||||
|
encryptConnectionWithCert(connector, session, loginPacket.getSkinData().toString(), certChainData);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void encryptConnectionWithCert(GeyserConnector connector, GeyserSession session, String playerSkin, JsonNode certChainData) {
|
||||||
|
try {
|
||||||
|
boolean validChain = validateChainData(certChainData);
|
||||||
|
|
||||||
|
connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
|
||||||
|
|
||||||
|
JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
|
||||||
|
JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes());
|
||||||
|
|
||||||
|
if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
|
||||||
|
throw new RuntimeException("AuthData was not found!");
|
||||||
|
}
|
||||||
|
|
||||||
|
JSONObject extraData = (JSONObject) jwt.getPayload().toJSONObject().get("extraData");
|
||||||
|
session.setAuthenticationData(new BedrockAuthData(extraData.getAsString("displayName"), UUID.fromString(extraData.getAsString("identity")), extraData.getAsString("XUID")));
|
||||||
|
|
||||||
|
if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
|
||||||
|
throw new RuntimeException("Identity Public Key was not found!");
|
||||||
|
}
|
||||||
|
|
||||||
|
ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue());
|
||||||
|
JWSObject clientJwt = JWSObject.parse(playerSkin);
|
||||||
|
EncryptionUtils.verifyJwt(clientJwt, identityPublicKey);
|
||||||
|
|
||||||
|
if (EncryptionUtils.canUseEncryption()) {
|
||||||
|
LoginEncryptionUtils.startEncryptionHandshake(session, identityPublicKey);
|
||||||
|
}
|
||||||
|
} catch (Exception ex) {
|
||||||
|
session.disconnect("disconnectionScreen.internalError.cantConnect");
|
||||||
|
throw new RuntimeException("Unable to complete login", ex);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void startEncryptionHandshake(GeyserSession session, PublicKey key) throws Exception {
|
||||||
|
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
|
||||||
|
generator.initialize(new ECGenParameterSpec("secp384r1"));
|
||||||
|
KeyPair serverKeyPair = generator.generateKeyPair();
|
||||||
|
|
||||||
|
byte[] token = EncryptionUtils.generateRandomToken();
|
||||||
|
SecretKey encryptionKey = EncryptionUtils.getSecretKey(serverKeyPair.getPrivate(), key, token);
|
||||||
|
session.getUpstream().enableEncryption(encryptionKey);
|
||||||
|
|
||||||
|
ServerToClientHandshakePacket packet = new ServerToClientHandshakePacket();
|
||||||
|
packet.setJwt(EncryptionUtils.createHandshakeJwt(serverKeyPair, token).serialize());
|
||||||
|
session.getUpstream().sendPacketImmediately(packet);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static int AUTH_FORM_ID = 1337;
|
||||||
|
|
||||||
|
public static void showLoginWindow(GeyserSession session) {
|
||||||
|
CustomFormWindow window = new CustomFormBuilder("Login")
|
||||||
|
.addComponent(new LabelComponent("Minecraft: Java Edition account authentication."))
|
||||||
|
.addComponent(new LabelComponent("Enter the credentials for your Minecraft: Java Edition account below."))
|
||||||
|
.addComponent(new InputComponent("Email/Username", "account@geysermc.org", ""))
|
||||||
|
.addComponent(new InputComponent("Password", "123456", ""))
|
||||||
|
.build();
|
||||||
|
|
||||||
|
session.sendForm(window, AUTH_FORM_ID);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static boolean authenticateFromForm(GeyserSession session, GeyserConnector connector, String formData) {
|
||||||
|
WindowCache windowCache = session.getWindowCache();
|
||||||
|
if (!windowCache.getWindows().containsKey(AUTH_FORM_ID))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
FormWindow window = windowCache.getWindows().remove(AUTH_FORM_ID);
|
||||||
|
window.setResponse(formData.trim());
|
||||||
|
|
||||||
|
if (session.isLoggedIn()) {
|
||||||
|
PlayerFormResponseEvent event = new PlayerFormResponseEvent(session, AUTH_FORM_ID, window);
|
||||||
|
connector.getPluginManager().runEvent(event);
|
||||||
|
} else {
|
||||||
|
if (window instanceof CustomFormWindow) {
|
||||||
|
CustomFormWindow customFormWindow = (CustomFormWindow) window;
|
||||||
|
if (!customFormWindow.getTitle().equals("Login"))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
CustomFormResponse response = (CustomFormResponse) customFormWindow.getResponse();
|
||||||
|
|
||||||
|
if (response != null) {
|
||||||
|
String email = response.getInputResponses().get(2);
|
||||||
|
String password = response.getInputResponses().get(3);
|
||||||
|
|
||||||
|
session.authenticate(email, password);
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO should we clear the window cache in all cases or just if not already logged in?
|
||||||
|
// Clear windows so authentication data isn't accidentally cached
|
||||||
|
windowCache.getWindows().clear();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -21,6 +21,19 @@ remote:
|
|||||||
port: 25565
|
port: 25565
|
||||||
online-mode: false
|
online-mode: false
|
||||||
|
|
||||||
|
## the Xbox/MCPE username is the key for the Java server auth-info
|
||||||
|
## this allows automatic configuration/login to the remote Java server
|
||||||
|
## if you are brave/stupid enough to put your Mojang account info into
|
||||||
|
## a config file
|
||||||
|
#userAuths:
|
||||||
|
# bluerkelp2: # MCPE/Xbox username
|
||||||
|
# email: not_really_my_email_address_mr_minecrafter53267@gmail.com # Mojang account email address
|
||||||
|
# password: "this isn't really my password"
|
||||||
|
#
|
||||||
|
# herpderp40300499303040503030300500293858393589:
|
||||||
|
# email: herpderp@derpherp.com
|
||||||
|
# password: dooooo
|
||||||
|
|
||||||
# Relay the MOTD, player count and max players from the remote server
|
# Relay the MOTD, player count and max players from the remote server
|
||||||
ping-passthrough: false
|
ping-passthrough: false
|
||||||
|
|
||||||
|
Laden…
In neuem Issue referenzieren
Einen Benutzer sperren