3
0
Mirror von https://github.com/GeyserMC/Geyser.git synchronisiert 2024-12-26 16:12:46 +01:00

refactor auth code out

Dieser Commit ist enthalten in:
Blue Kelp 2019-08-01 19:08:50 -07:00
Ursprung 40ff7a038b
Commit 491737202d
2 geänderte Dateien mit 90 neuen und 73 gelöschten Zeilen

Datei anzeigen

@ -0,0 +1,89 @@
package org.geysermc.connector.network;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.JsonNodeType;
import com.nimbusds.jose.JWSObject;
import com.nukkitx.protocol.bedrock.packet.LoginPacket;
import com.nukkitx.protocol.bedrock.packet.ServerToClientHandshakePacket;
import com.nukkitx.protocol.bedrock.util.EncryptionUtils;
import net.minidev.json.JSONObject;
import org.geysermc.connector.GeyserConnector;
import org.geysermc.connector.network.session.GeyserSession;
import org.geysermc.connector.network.session.auth.BedrockAuthData;
import org.geysermc.connector.utils.LoginEncryptionUtils;
import javax.crypto.SecretKey;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.UUID;
public class AuthenticationUtils {
public static void encryptPlayerConnection(GeyserConnector connector, GeyserSession session, LoginPacket loginPacket) {
JsonNode certData;
try {
certData = LoginEncryptionUtils.JSON_MAPPER.readTree(loginPacket.getChainData().toByteArray());
} catch (IOException ex) {
throw new RuntimeException("Certificate JSON can not be read.");
}
JsonNode certChainData = certData.get("chain");
if (certChainData.getNodeType() != JsonNodeType.ARRAY) {
throw new RuntimeException("Certificate data is not valid");
}
encryptConnectionWithCert(connector, session, loginPacket.getSkinData().toString(), certData);
}
private static void encryptConnectionWithCert(GeyserConnector connector, GeyserSession session, String playerSkin, JsonNode certChainData) {
try {
boolean validChain = LoginEncryptionUtils.validateChainData(certChainData);
connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
JsonNode payload = LoginEncryptionUtils.JSON_MAPPER.readTree(jwt.getPayload().toBytes());
if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
throw new RuntimeException("AuthData was not found!");
}
JSONObject extraData = (JSONObject) jwt.getPayload().toJSONObject().get("extraData");
session.setAuthenticationData(new BedrockAuthData(extraData.getAsString("displayName"), UUID.fromString(extraData.getAsString("identity")), extraData.getAsString("XUID")));
if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
throw new RuntimeException("Identity Public Key was not found!");
}
ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue());
JWSObject clientJwt = JWSObject.parse(playerSkin);
EncryptionUtils.verifyJwt(clientJwt, identityPublicKey);
if (EncryptionUtils.canUseEncryption()) {
AuthenticationUtils.startEncryptionHandshake(session, identityPublicKey);
}
} catch (Exception ex) {
session.disconnect("disconnectionScreen.internalError.cantConnect");
throw new RuntimeException("Unable to complete login", ex);
}
}
private static void startEncryptionHandshake(GeyserSession session, PublicKey key) throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
generator.initialize(new ECGenParameterSpec("secp384r1"));
KeyPair serverKeyPair = generator.generateKeyPair();
byte[] token = EncryptionUtils.generateRandomToken();
SecretKey encryptionKey = EncryptionUtils.getSecretKey(serverKeyPair.getPrivate(), key, token);
session.getUpstream().enableEncryption(encryptionKey);
ServerToClientHandshakePacket packet = new ServerToClientHandshakePacket();
packet.setJwt(EncryptionUtils.createHandshakeJwt(serverKeyPair, token).serialize());
session.getUpstream().sendPacketImmediately(packet);
}
}

Datei anzeigen

@ -25,13 +25,8 @@
package org.geysermc.connector.network; package org.geysermc.connector.network;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.JsonNodeType;
import com.nimbusds.jose.JWSObject;
import com.nukkitx.protocol.bedrock.BedrockPacket; import com.nukkitx.protocol.bedrock.BedrockPacket;
import com.nukkitx.protocol.bedrock.packet.*; import com.nukkitx.protocol.bedrock.packet.*;
import com.nukkitx.protocol.bedrock.util.EncryptionUtils;
import net.minidev.json.JSONObject;
import org.geysermc.api.events.player.PlayerFormResponseEvent; import org.geysermc.api.events.player.PlayerFormResponseEvent;
import org.geysermc.api.window.CustomFormBuilder; import org.geysermc.api.window.CustomFormBuilder;
import org.geysermc.api.window.CustomFormWindow; import org.geysermc.api.window.CustomFormWindow;
@ -41,19 +36,8 @@ import org.geysermc.api.window.component.LabelComponent;
import org.geysermc.api.window.response.CustomFormResponse; import org.geysermc.api.window.response.CustomFormResponse;
import org.geysermc.connector.GeyserConnector; import org.geysermc.connector.GeyserConnector;
import org.geysermc.connector.network.session.GeyserSession; import org.geysermc.connector.network.session.GeyserSession;
import org.geysermc.connector.network.session.auth.BedrockAuthData;
import org.geysermc.connector.network.session.cache.WindowCache; import org.geysermc.connector.network.session.cache.WindowCache;
import org.geysermc.connector.network.translators.Registry; import org.geysermc.connector.network.translators.Registry;
import org.geysermc.connector.utils.LoginEncryptionUtils;
import javax.crypto.SecretKey;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.UUID;
public class UpstreamPacketHandler extends LoggingPacketHandler { public class UpstreamPacketHandler extends LoggingPacketHandler {
@ -75,49 +59,7 @@ public class UpstreamPacketHandler extends LoggingPacketHandler {
return true; return true;
} }
JsonNode certData; AuthenticationUtils.encryptPlayerConnection(connector, session, loginPacket);
try {
certData = LoginEncryptionUtils.JSON_MAPPER.readTree(loginPacket.getChainData().toByteArray());
} catch (IOException ex) {
throw new RuntimeException("Certificate JSON can not be read.");
}
JsonNode certChainData = certData.get("chain");
if (certChainData.getNodeType() != JsonNodeType.ARRAY) {
throw new RuntimeException("Certificate data is not valid");
}
boolean validChain;
try {
validChain = LoginEncryptionUtils.validateChainData(certChainData);
connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
JsonNode payload = LoginEncryptionUtils.JSON_MAPPER.readTree(jwt.getPayload().toBytes());
if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
throw new RuntimeException("AuthData was not found!");
}
JSONObject extraData = (JSONObject) jwt.getPayload().toJSONObject().get("extraData");
session.setAuthenticationData(new BedrockAuthData(extraData.getAsString("displayName"), UUID.fromString(extraData.getAsString("identity")), extraData.getAsString("XUID")));
if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
throw new RuntimeException("Identity Public Key was not found!");
}
ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue());
JWSObject clientJwt = JWSObject.parse(loginPacket.getSkinData().toString());
EncryptionUtils.verifyJwt(clientJwt, identityPublicKey);
if (EncryptionUtils.canUseEncryption()) {
startEncryptionHandshake(identityPublicKey);
}
} catch (Exception ex) {
session.disconnect("disconnectionScreen.internalError.cantConnect");
throw new RuntimeException("Unable to complete login", ex);
}
PlayStatusPacket playStatus = new PlayStatusPacket(); PlayStatusPacket playStatus = new PlayStatusPacket();
playStatus.setStatus(PlayStatusPacket.Status.LOGIN_SUCCESS); playStatus.setStatus(PlayStatusPacket.Status.LOGIN_SUCCESS);
@ -196,20 +138,6 @@ public class UpstreamPacketHandler extends LoggingPacketHandler {
return false; return false;
} }
private void startEncryptionHandshake(PublicKey key) throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
generator.initialize(new ECGenParameterSpec("secp384r1"));
KeyPair serverKeyPair = generator.generateKeyPair();
byte[] token = EncryptionUtils.generateRandomToken();
SecretKey encryptionKey = EncryptionUtils.getSecretKey(serverKeyPair.getPrivate(), key, token);
session.getUpstream().enableEncryption(encryptionKey);
ServerToClientHandshakePacket packet = new ServerToClientHandshakePacket();
packet.setJwt(EncryptionUtils.createHandshakeJwt(serverKeyPair, token).serialize());
session.getUpstream().sendPacketImmediately(packet);
}
@Override @Override
public boolean handle(AnimatePacket packet) { public boolean handle(AnimatePacket packet) {
return translateAndDefault(packet); return translateAndDefault(packet);