Send login command from proxy immediately

Related #1202

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,65 @@
+name: 🐞 Bug Report
+description: Something isn't working, broken, not expected behavior
+labels: [ bug ]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        This ticket is about bugs, so broken, not expected behavior. Feedback about this form is appreciated.
+  - type: textarea
+    attributes:
+      label: What happened?
+      description: What behavior is observed?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps to reproduce
+      description: The actions that cause the issues. Please explain it in detail.
+  - type: input
+    attributes:
+      label: Plugin list
+      description: This can be found by running `/pl`
+      placeholder: AuthMe, ProtocolLib, ...
+  - type: input
+    attributes:
+      label: Configuration file
+      description: |
+        Link to the contents of your config.yml file.
+        You can use [GitHub](https://gist.github.com/), [Hastebin](https://hastebin.com) or similar for that.
+      placeholder: https://gist.github.com/games647/88c4439e1cd7810f21318b1b24a04ee0
+  - type: textarea
+    attributes:
+      label: Server log
+      description: The error, stacktrace or link the complete log. You can use the links above for long versions.
+      placeholder: https://www.toptal.com/developers/hastebin / https://gist.github.com/
+  - type: input
+    attributes:
+      label: Plugin version
+      description: Plugin version or build number. This can be found by running `/version plugin-name`
+      placeholder: v3.1-SNAPSHOT-570b321
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Platform
+      description: Server software - choose your proxy software if you have multiple servers
+      options:
+        - Spigot
+        - BungeeCord
+        - Velocity
+    validations:
+      required: true
+  - type: checkboxes
+    attributes:
+      label: Relevance
+      description: Check list for previous tickets
+      options:
+        - label: |
+            I tried the [latest build](https://ci.codemc.io/job/Games647/job/FastLogin/) 
+            (build refers to development builds not necessary a release version; i.e. v1.10 is out of date)
+          required: true
+        - label: |
+            I checked for existing tickets -
+            If there are, please vote them with a thumbs reaction and not create new ones
+          required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,12 @@
+# General configuration for issue templates
+
+# Allow issues without a template
+#blank_issues_enabled: false
+
+# Extra section on creating issues to redirect to another site
+contact_links:
+  - name: 📌 Questions
+    url: https://github.com/games647/FastLogin/discussions
+    about:
+      You want to ask something - general questions. Example includes how to set it up or how it is working internally
+

.github/ISSUE_TEMPLATE/enhancement_request.yaml

@@ -0,0 +1,43 @@
+name: 💡 Enhancement request
+description: New feature or change request
+labels: [ enhancement ]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        This ticket is about suggestions for a feature or particular enhancement. 
+        Feedback about this form is appreciated.
+  - type: textarea
+    attributes:
+      label: Is your feature request related to a problem? Please describe.
+      description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe the solution you'd like
+      description: A clear and concise description of what you want to happen.
+  - type: textarea
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+  - type: dropdown
+    attributes:
+      label: Platform
+      description: Server software - choose your proxy software if you have multiple servers
+      options:
+        - Spigot
+        - BungeeCord
+        - Velocity
+        - All / Shared
+    validations:
+      required: true
+  - type: checkboxes
+    attributes:
+      label: Relevance
+      description: Check list for previous tickets
+      options:
+        - label: |
+            I checked for existing tickets -
+            If there are, please vote them with a thumbs reaction and not create new ones
+          required: true

.github/dependabot.yml

@@ -0,0 +1,27 @@
+version: 2
+
+updates:
+  # Updates for workflow files
+  - package-ecosystem: "github-actions"
+    # Workflow files stored in the
+    # default location of `.github/workflows`
+    directory: "/"
+    schedule:
+      interval: "monthly"
+
+  # Maven project
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+      development-dependencies:
+        dependency-type: "development"
+        exclude-patterns:
+          # Create single PR for these
+          # Plugin require special evaluation about their compatibility
+          - "com.lenis0012.bukkit:loginsecurity"
+          - "com.comphenix.protocol:ProtocolLib"

.github/pull_request_template.md

@@ -0,0 +1,11 @@
+[//]: # (Lines in this format are considered as comments and will not be displayed.)
+
+[//]: # (If your work is in progress, please consider making a draft pull request.)
+
+### Summary of your change
+
+[//]: # (Example: motivation, enhancement)
+
+### Related issue
+
+[//]: # (Reference it using '#NUMBER'. Ex: Fixes/Related #...)

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,64 @@
+# GitHub automatic code security scanning using CodeQL
+
+# Human-readable name in the actions tab
+name: "CodeQL"
+
+on:
+  workflow_run:
+    workflows: ["Maven Build"]
+    branches: [main]
+    types:
+      - completed
+
+jobs:
+  # job i
+  analyze:
+
+    # Display name
+    name: Analyze
+
+    # Environment
+    runs-on: ubuntu-latest
+
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+
+    permissions:
+      # Only allow 'write' permission for security, then all others default to read only
+      security-events: write
+
+    strategy:
+      fail-fast: true
+      matrix:
+        # Languages to scan
+        language: [ 'java' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      # Setup Java
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version-file: '.java-version'
+          cache: 'maven'
+
+      # Manually start the autobuild process, because autobuild always selects Java 8 as build toolchain, but
+      # we are doing cross-crompiling from a newer Java version
+      - name: Build with Maven
+        # Extracted from autobuild
+        run: mvn package -f "pom.xml" --batch-mode -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Dspotbugs.skip -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true -Dspotless.check.skip=true -t /home/runner/.m2/toolchains.xml
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/maven.yml

@@ -0,0 +1,67 @@
+# Automatically build, run unit and integration tests to detect errors early (CI provided by GitHub)
+# including making pull requests review easier
+
+# Human-readable name in the actions tab
+name: Maven Build
+
+# Build on every pull request regardless of the branch
+# Wiki: https://help.github.com/en/actions/reference/events-that-trigger-workflows
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  # job id
+  build_and_test:
+
+    # Environment image - always use the newest OS
+    runs-on: ubuntu-latest
+    permissions:
+      # With at least one permission given, all default to read
+      contents: read
+
+    # Run steps
+    steps:
+      # Pull changes
+      - uses: actions/checkout@v4
+
+      # Setup Java
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version-file: '.java-version'
+          cache: 'maven'
+
+      # Build and test (included in package)
+      - name: Build with Maven and test
+        # Run non-interactive, package (with compile+test),
+        # ignore snapshot updates, because they are likely to have breaking changes, enforce checksums
+        run: mvn test --batch-mode --threads 2.0C --no-snapshot-updates --strict-checksums --file pom.xml
+
+  dependency:
+    runs-on: ubuntu-latest
+    permissions:
+      # Write only necessary for dependency submission all others then default to read
+      contents: write
+
+    # Run steps
+    steps:
+      # Pull changes
+      - uses: actions/checkout@v4
+
+      # Setup Java
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version-file: '.java-version'
+          cache: 'maven'
+
+      - name: Submit Dependency Snapshot
+        if: ${{ github.event_name == 'push' }}
+        uses: advanced-security/maven-dependency-submission-action@v4.0.3

.gitignore

@@ -1,38 +1,25 @@
-# Eclipse stuff
-/.classpath
-/.project
-/.settings
+# Eclipse
+.classpath
+.project
+.settings/
 
-# netbeans
-/nbproject
+# NetBeans
+nbproject/
 nb-configuration.xml
-/bukkit/nbproject/
 
-# maven
-/target
-
-# vim
-.*.sw[a-p]
-
-# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
-hs_err_pid*
-
-# various other potential build files
-/build
-/bin
-/dist
-/manifest.mf
-*.log
-
-# Mac filesystem dust
-.DS_Store
-
-# intellij
+# IntelliJ
 *.iml
 *.ipr
 *.iws
 .idea/
 
+# VSCode
+.vscode/
+
+# Maven
+target/
+pom.xml.versionsBackup
+
 # Gradle
 .gradle
 
@@ -42,8 +29,21 @@ gradle-app.setting
 # Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
 !gradle-wrapper.jar
 
-# Project module targets
-bukkit/target
-universal/target
-bungee/target
-core/target
+# various other potential build files
+build/
+bin/
+dist/
+manifest.mf
+*.log
+
+# Vim
+.*.sw[a-p]
+
+# virtual machine crash logs, see https://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+
+# Mac filesystem dust
+.DS_Store
+
+# Factorypath from Visual Studio Code
+.factorypath

.java-version

@@ -0,0 +1,2 @@
+# Latest GitHub Action java release that is installed on the runners
+21

.travis.yml

@@ -1,12 +0,0 @@
-# Use https://travis-ci.org/ for automatic tests
-
-# speed up testing http://blog.travis-ci.com/2014-12-17-faster-builds-with-container-based-infrastructure/
-sudo: false
-
-# This is a java project
-language: java
-
-script: mvn compile test
-
-# We run on 8
-jdk: [oraclejdk8]

CHANGELOG.md

@@ -1,4 +1,72 @@
-######1.9
+# 2.0
+
+## Major changes
+
+* Bumped minimum Java version to 11 make use of modern Java performance features
+    * Report back if really still need the old versions
+    * Then we could make use of versioned code, but that requires more coding effort
+
+## Added
+
+* Support for HTTP/2 for contacting Mojang
+
+## Changed
+
+* Updated many dependencies
+
+## Removed
+
+Dropped some features listed below. Please contact us if you still need them
+
+* Dropped Java support < 11
+* Removed configuration option to add multiple outgoing IPv4 towards Mojang
+* Dropped support for ProtocolSupport seems to unsupported
+
+[...] A lot of changes
+
+### 1.11
+
+* TODO: Replace reflection with methodhandles
+
+* Use direct proxies instead of ssl factories for multiple IP-addresses
+* Remove local address check for multiple IP-addresses
+* Fix parsing of local IP-addresses
+* Fix address rotating for contacting the Mojang API
+* Optimize issue template
+* Use Instant for timestamps
+* Migrate SLF4J logging (Fixes #177)
+* Use Gson's TypeAdapter for more type safety
+* Add support for IPv6 proxies
+* Shared configuration implementation for easier maintained code
+* Use Gson for json parsing, because it's supported on all platforms and removes code duplicates
+* Clean up project code
+* Drop support for deprecated AuthMe API
+* Remove legacy database migration code
+* Drop support for RoyalAuth, because it doesn't seem to be supported anymore
+* Clean up client-server encryption -> use only one cipher per connection, simplify code
+
+### 1.10
+
+* Prevent authentication proxies
+* Drop database importer
+* More logging by default
+* Add support for HTTP proxies
+* Set the fake offline UUID on lowest priority (-> as soon as possible)
+* Remove bungee chatcolor for Bukkit to support KCauldron
+* Minor cleanup using inspections + Https
+* Increase hook delay to let ProtocolLib inject the listener
+* Drop support for old AuthMe API + Add support for new AuthMe API
+* Remove eBean util usage to make it compatible with 1.12
+* Do not try to hook into a plugin if auth plugin hook is already set using the FastLogin API
+* Automatically register accounts if they are not in the auth plugin database but in the FastLogin database
+* Update BungeeAuth dependency and use the new API. Please update your plugin if you still use the old one.
+* Remove deprecated API methods from the last version
+* Finally, update the IP column on every login
+* No duplicate session login
+* Fix timestamp parsing in newer versions of SQLite
+* Fix Spigot console command invocation sends result to in game players
+
+### 1.9
 
 * Added second attempt login -> cracked login
 * Added cracked whitelist (switch-mode -> switching to online-mode from offlinemode)
@@ -6,7 +74,7 @@
 * Added missing add-premium-other message
 * Upgrade to Java 8 -> Minimize file size
 * Refactored/Cleaned up a lot of code
-* [API] Deprecated platform specific authplugin. Please use AuthPlugin< platform specific player type >
+* [API] Deprecated platform specific auth-plugin. Please use AuthPlugin< platform specific player type >
 * [API] Deprecated bukkit's password generator. Please use PasswordGenerator< platform specific player type >
 * Fix ProtocolSupport autoRegister
 * Fix update username in FastLogin database after nameChange
@@ -17,7 +85,7 @@
 * Drop support for LoginSecurity 1.X since 2.X seems to be stable
 * Remove the nasty UltraAuth fakeplayer workaround by using a new api method. You should UltraAuth if you have it
 
-######1.8
+### 1.8
 
 * Added autoIn importer
 * Added BFA importer
@@ -26,12 +94,12 @@
 * Fix ProtocolSupport BungeeCord
 * Fix duplicate logins for BungeeAuth users
 
-######1.7.1
+### 1.7.1
 
 * Fix BungeeCord autoRegister (Fixes #46)
-* Fix protocollsupport autoregister
+* Fix ProtocolSupport auto-register
 
-######1.7
+### 1.7
 
 * Added support for making requests to Mojang from different IPv4 addresses
 * Added us.mcapi.com as third-party APIs to workaround rate-limits
@@ -40,19 +108,19 @@
 * Fix player entry is not saved if namechangecheck is enabled
 * Fix skin applies for third-party plugins
 * Switch to mcapi.ca for uuid lookups
-* Fix BungeeCord not setting an premium uuid
+* Fix BungeeCord not setting a premium uuid
 * Fix setting skin on Cauldron
 * Fix saving on name change
 
-######1.6.2
+### 1.6.2
 
 * Fixed support for new LoginSecurity version
 
-######1.6.1
+### 1.6.1
 
 * Fix message typo in BungeeCord which created a NPE if premium-warning is activated
 
-######1.6
+### 1.6
 
 * Add a warning message if the user tries to invoke the premium command
 * Added missing translation if the server isn't fully started
@@ -63,34 +131,34 @@
 * Fixed cracked command not working on BungeeCord
 * Fix error if forward skins is disabled
 
-######1.5.2
+### 1.5.2
 
 * Fixed BungeeCord force logins if there is a lobby server
 * Removed cache expire in BungeeCord
 * Applies skin earlier to make it visible for other plugins listening on login events
 
-######1.5.1
+### 1.5.1
 
 * Fixed BungeeCord support by correctly saving the proxy ids
 
-######1.5
+### 1.5
 
 * Added localization
 * Fixed NPE on premium name check if it's pure cracked player
 * Fixed NPE in BungeeCord on cracked login for existing players
 * Fixed saving of existing cracked players
 
-######1.4
+### 1.4
 
 * Added Bungee setAuthPlugin method
 * Added nameChangeCheck
 * Multiple BungeeCord support
 
-######1.3.1
+### 1.3.1
 
 * Prevent thread create violation in BungeeCord
 
-######1.3
+### 1.3
 
 * Added support for AuthMe 3.X
 * Fixed premium logins if the server is not fully started
@@ -99,32 +167,32 @@
 * Fixed 1.7 Minecraft support by removing guava 11+ only features -> Cauldron support
 * Fixed BungeeCord support in Cauldron
 
-######1.2.1
+### 1.2.1
 
 * Fix premium status change notification message on BungeeCord
 
-######1.2
+### 1.2
 
 * Fix race condition in BungeeCord
-* Fix dead lock in xAuth
+* Fix deadlock in xAuth
 * Added API methods for plugins to set their own password generator
 * Added API methods for plugins to set their own auth plugin hook
 => Added support for AdvancedLogin
 
-######1.1
+### 1.1
 
 * Make the configuration options also work under BungeeCord (premiumUUID, forwardSkin)
 * Catch configuration loading exception if it's not spigot build
 * Fix config loading for older Spigot builds
 
-######1.0
+### 1.0
 
 * Massive refactor to handle errors on force actions safely
 * force Methods now runs async too
 * force methods now returns a boolean to reflect if the method was successful
 * isRegistered method should now throw an exception if the plugin was unable to query the requested data
 
-######0.8
+### 0.8
 
 * Fixed BungeeCord support for the Bukkit module
 * Added database storage to save the premium state
@@ -132,7 +200,7 @@
 * Fixed issues with host lookup from hosts file (Thanks to @NorbiPeti)
 * Remove handshake listener because it creates errors on some systems
 
-######0.7
+### 0.7
 
 * Added BungeeAuth support
 * Added /premium [player] command with optional player parameter
@@ -140,72 +208,72 @@
 * Added a forwardSkin config option
 * Added premium UUID support
 * Updated to the newest changes of Spigot
-* Removes the need of an Bukkit auth plugin if you use a bungeecord one
+* Removes the need of a Bukkit auth plugin if you use a bungeecord one
 * Optimize performance and thread-safety
 * Fixed BungeeCord support
-* Changed config option autologin to autoregister to clarify the usage
+* Changed config option auto-login to auto-register to clarify the usage
 
-######0.6
+### 0.6
 
 * Fixed 1.9 bugs
 * Added UltraAuth support
 
-######0.5
+### 0.5
 
-* Added unpremium command
-* Added autologin - See config
+* Added cracked command
+* Added auto-login - See config
 * Added config
 * Added isRegistered API method
 * Added forceRegister API method
 
 * Fixed CrazyLogin player data restore -> Fixes memory leaks with this plugin
-* Fixed premium name check to protocolsupport
+* Fixed premium name check to ProtocolSupport
 * Improved permissions management
 
-######0.4
+### 0.4
 
 * Added forward premium skin
-* Added plugin support for protocolsupport
+* Added plugin support for ProtocolSupport
 
-######0.3.2
+### 0.3.2
 
 * Run packet readers in a different thread (separated from the Netty I/O Thread)
 -> Improves performance
 * Fixed Plugin disable if the server is in online mode but have to be in offline mode
 
-######0.3.1
+### 0.3.1
 
 * Improved BungeeCord security
 
-#####0.3
+### 0.3
 
 * Added BungeeCord support
 * Decrease timeout checks in order to fail faster on connection problems
 * Code style improvements
 
-######0.2.4
+### 0.2.4
 
 * Fixed NPE on invalid sessions
 * Improved security by generating a randomized serverId
 * Removed /premium [player] because it's safer for premium players who join without registration
 
-######0.2.3
+### 0.2.3
 
-* Remove useless AuthMe forcelogin code
+* Remove useless AuthMe force-login code
 * Send a kick message to the client instead of just "Disconnect"
 * Reformat source code
 * Fix thread safety for fake start packets (Bukkit.getOfflinePlayer doesn't look like to be thread-safe)
 * Added more documentation
 
-######0.2.2
+### 0.2.2
 
 * Compile project with Java 7 :(
 
-######0.2.1
+### 0.2.1
 * A couple of security fixes (premium players cannot longer steal the account of a cracked account)
 * Added a /premium command to mark you as premium player
 
-#####0.2
+### 0.2
 
 * Added support for CrazyLogin and LoginSecurity
 * Now minecraft version independent
@@ -214,5 +282,5 @@
 * More state validation
 * Added better error handling
 
-#####0.1
+### 0.1
 * First release

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 
+Copyright (c) 2015-2024 games647 and contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -19,4 +19,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
-

README.md

@@ -1,184 +1,127 @@
 # FastLogin
 
-[![Build Status](https://travis-ci.org/games647/FastLogin.svg?branch=master)](https://travis-ci.org/games647/FastLogin)
-[![Donate Button](https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=8ZBULMAPN7MZC)
-
 Checks if a Minecraft player has a paid account (premium). If so, they can skip offline authentication (auth plugins).
 So they don't need to enter passwords. This is also called auto login (auto-login).
 
-###Features:
+## Features
 
 * Detect paid accounts from others
 * Automatically login paid accounts (premium)
 * Support various of auth plugins
-* Cauldron support
-* Forge/Sponge message support
 * Premium UUID support
-* Forwards Skins
-* Detect user name changed and will update the existing database record
-* BungeeCord support
+* Forward skins
+* Detect username changed and will update the existing database record
+* BungeeCord/Velocity support
 * Auto register new premium players
-* Plugin: ProtocolSupport is supported and can be used as an alternative to ProtocolLib
 * No client modifications needed
-* Good performance by using async non blocking operations
+* Good performance by using async operations
 * Locale messages
-* Import the database from similar plugins
-* Free
-* Open source
+* Support for Bedrock players proxies through FloodGate
+
+## Issues
+
+Please use issues for bug reports, suggestions, questions and more. Please check for existing issues. Existing issues
+can be voted up by adding up vote to the original post. Closing issues means that they are marked as resolved. Comments
+are still allowed and it could be re-opened.
+
+## Development builds
+
+Development builds contain the latest changes from the Source-Code. They are bleeding edge and could introduce new bugs,
+but also include features, enhancements and bug fixes that are not yet in a released version. If you click on the left
+side on `Changes`, you can see iterative change sets leading to a specific build.
+
+You can download them from here: https://ci.codemc.org/job/Games647/job/FastLogin/
 
 ***
 
-###Commands:
-    * /premium [player] Label the invoker or the argument as paid account
-    * /cracked [player] Label the invoker or the argument as cracked account
-    * /importdb <autoIn/bpa/eldzi> <mysql/sqlite> [host:port] [database] [username] [password] - Imports the database from another plugin
+## Commands
 
-###Permissions:
-    * fastlogin.bukkit.command.premium
-    * fastlogin.bukkit.command.cracked
-    * fastlogin.command.premium.other
-    * fastlogin.command.cracked.other
-    * fastlogin.command.import
+    /premium [player] Label the invoker or the argument as paid account
+    /cracked [player] Label the invoker or the argument as cracked account
 
-###Requirements:
-* Plugin: [ProtocolLib](http://www.spigotmc.org/resources/protocollib.1997/) or [ProtocolSupport](http://www.spigotmc.org/resources/protocolsupport.7201/)
-* Tested Bukkit/[Spigot](https://www.spigotmc.org) 1.9 (could also work with other versions)
-* Java 7+
-* Run Spigot and/or BungeeCord/Waterfall in offline mode (see server.properties or config.yml)
-* An auth plugin. Supported plugins
+## Permissions
 
-####Bukkit/Spigot/PaperSpigot
+    fastlogin.bukkit.command.premium
+    fastlogin.bukkit.command.cracked
+
+    fastlogin.command.premium.other
+    fastlogin.command.cracked.other
+
+## Placeholder
+
+This plugin supports `PlaceholderAPI` on `Spigot`. It exports the following variable
+`%fastlogin_status%`. In BungeeCord environments, the status of a player will be delivered with a delay after the player
+already successful joined the server. This takes about a couple of milliseconds. In this case the value
+will be `Unknown`.
+
+Possible values: `Premium`, `Cracked`, `Unknown`
+
+## Requirements
+
+* Java: 21+ recommended for improved multi-threading code by FastLogin
+  * Spigot: 8+
+  * BungeeCord and Velocity: 17+
+* Server software in offlinemode:
+  * Spigot (or a fork e.g. Paper) 1.8.8+
+    * Protocol plugin:
+      * [ProtocolLib 5.2+](https://www.spigotmc.org/resources/protocollib.1997/) or
+      * [ProtocolSupport](https://www.spigotmc.org/resources/protocolsupport.7201/)
+  * Latest BungeeCord (or a fork e.g. Waterfall) or Velocity proxy
+* An auth plugin.
+
+### Supported auth plugins
+
+#### Spigot/Paper
 
-* [AuthMe (both 5.X and 3.X)](http://dev.bukkit.org/bukkit-plugins/authme-reloaded/)
-* [xAuth](http://dev.bukkit.org/bukkit-plugins/xauth/)
-* [LogIt](https://github.com/XziomekX/LogIt)
 * [AdvancedLogin (Paid)](https://www.spigotmc.org/resources/advancedlogin.10510/)
-* [CrazyLogin](http://dev.bukkit.org/bukkit-plugins/crazylogin/)
-* [LoginSecurity](http://dev.bukkit.org/bukkit-plugins/loginsecurity/)
-* [RoyalAuth](http://dev.bukkit.org/bukkit-plugins/royalauth/)
-* [UltraAuth](http://dev.bukkit.org/bukkit-plugins/ultraauth-aa/)
+* [AuthMe (5.X)](https://dev.bukkit.org/bukkit-plugins/authme-reloaded/)
+* [CrazyLogin](https://dev.bukkit.org/bukkit-plugins/crazylogin/)
+* [LoginSecurity](https://dev.bukkit.org/bukkit-plugins/loginsecurity/)
+* [LogIt](https://github.com/games647/LogIt)
+* [UltraAuth](https://dev.bukkit.org/bukkit-plugins/ultraauth-aa/)
+* [UserLogin](https://www.spigotmc.org/resources/userlogin.80669/)
+* [xAuth](https://dev.bukkit.org/bukkit-plugins/xauth/)
 
-####BungeeCord/Waterfall
+#### BungeeCord/Waterfall
 
 * [BungeeAuth](https://www.spigotmc.org/resources/bungeeauth.493/)
 
-###Downloads
+## Network requests
 
-https://www.spigotmc.org/resources/fastlogin.14153/history
+This plugin performs network requests to:
+
+* https://api.mojang.com - retrieving uuid data to decide if we should activate premium login
+* https://sessionserver.mojang.com - verify if the player is the owner of that account
 
 ***
 
-###How to install
+## How to install
 
-####Bukkit/Spigot/PaperSpigot
+### Spigot/Paper
 
-1. Download and install ProtocolLib
-2. Download and install FastLogin
-3. Set your server in offline mode by setting the value onlinemode in your server.properties to false
+1. Download and install ProtocolLib/ProtocolSupport
+2. Download and install `FastLoginBukkit`
+3. Set your server in offline mode by setting the value `onlinemode` in your server.properties to `false`
 
-####BungeeCord/Waterfall
+### BungeeCord/Waterfall or Velocity
 
-1. Activate BungeeCord in the Spigot configuration
-2. Restart your server
-3. Now there is proxy-whitelist file in the FastLogin folder
-Put your stats id from the BungeeCord config into this file
-4. Activate ipForward in your BungeeCord config
-5. Download and Install FastLogin on BungeeCord AND Spigot
-6. Check your database settings in the config of FastLogin on BungeeCord
-7. Set your proxy (BungeeCord) in offline mode by setting the value onlinemode in your config.yml to false
-8. (BungeeCord doesn't support SQLite per default, so you should change the configuration to MySQL or MariaDB)
+Install the plugin on both platforms, that is proxy (BungeeCord or Velocity) and backend server (Spigot).
 
-***
-
-###FAQ
-
-####Index
-1. [How does Minecraft logins work?](#how-does-minecraft-logins-work)
-2. [How does this plugin work?](#how-does-this-plugin-work)
-3. [Why does the plugin require offline mode?](#why-does-the-plugin-require-offline-mode)
-4. [Can cracked player join with premium usernames?](#can-cracked-player-join-with-premium-usernames)
-5. [Why do players have to invoke a command?](#why-do-players-have-to-invoke-a-command)
-6. [What happens if a paid account joins with a used username?](#what-happens-if-a-paid-account-joins-with-a-used-username)
-7. [Does the plugin have BungeeCord support?](#does-the-plugin-have-bungeecord-support)
-8. [Could premium players have a premium UUID and Skin?](#could-premium-players-have-a-premium-uuid-and-skin)
-9. [Is this plugin compatible with Cauldron?](#is-this-plugin-compatible-with-cauldron)
-
-####How does minecraft logins work?
-######Online Mode
-1. Client -> Server: I want to login, here is my username
-2. Server -> Client: Okay. I'm in online mode so here is my public key for encryption and my serverid
-3. Client -> Mojang: I'm player "xyz". I want to join a server with that serverid
-4. Mojang -> Client: Session data checked. You can continue
-5. Client -> Server: I received a successful response from Mojang. Heres our shared secret key
-6. Server -> Mojang: Does the player "xyz" with this shared secret key has a valid account to join me?
-7. Mojang -> Server: Yes, the player has the following additionally properties (UUID, Skin)
-8. Client and Server: encrypt all following communication packet
-9. Server -> Client: Everything checked you can play now
-
-
-######Offline Mode
-In offline mode step 2-7 is skipped. So a login request is directly followed by 8.
-
-######More details
-http://wiki.vg/Protocol#Login
-
-####How does this plugin work?
-By using ProtocolLib, this plugin works as a proxy between the client and server. This plugin will fake that the server
-runs in online mode. It does everything an online mode server would do. This will be for example, generating keys or
-checking for valid sessions. Because everything is the same compared to an offline mode login after an encrypted
-connection, we will intercept only **login** packets of **premium** players.
-
-1. Player is connecting to the server.
-2. Plugin checks if the username we received activated the fast login method (i.e. using command)
-3. Run a check if the username is currently used by a paid account.
-(We don't know yet if the client connecting is premium)
-4. Request an Mojang Session Server authentication
-5. On response check if all data is correct
-6. Encrypt the connection
-7. On success intercept all related login packets and fake a new login packet as a normal offline login
-
-####Why does the plugin require offline mode?
-1. As you can see in the question "how does minecraft login works", offline mode is equivalent to online mode except of
-the encryption and session checks on login. So we can intercept and cancel the first packets for premium players and
-enable an encrypted connection. Then we send a new fake packet in order to pretend that this a new login request from
-a offline mode player. The server will handle the rest.
-2. Some plugins check if the server is in online mode. If so, they could process the real offline (cracked) accounts
-incorrectly. For example, a plugin tries to fetch the UUID from Mojang, but the name of the player is not associated to
-a paid account.
-3. Servers, who allow cracked players and just speed up logins for premium players, are **already** in offline mode.
-
-####Can cracked player join with premium usernames?
-Yes, indeed. Therefore the command for toggling the fast login method exists.
-
-####Why do players have to invoke a command?
-1. It's a secure way to make sure a person with a paid account cannot steal the account
-of a cracked player that has the same username. The player have to proof first that it's his own account.
-2. We only receive the username from the player on login. We could check if that username is associated
-to a paid account but if we request a online mode login from a cracked player (who uses a username from
-a paid account), the player will disconnect with the reason "bad login" or "Invalid session". There is no way to change
-that message on the server side (without client modifications), because it's a connection between the Client and the
-Sessionserver.
-3. If a premium player would skip registration too, a player of a cracked account could later still register the
-account and would claim and steal the account from the premium player. Because commands cannot be invoked unless the
-player has a account or is logged in, protects this method also premium players
-
-###What happens if a paid account joins with a used username?
-The player on the server have to activate the feature of this plugin by command. If a person buys the username
-of his own account, it's still secured. A normal offline mode login makes sure he's the owner of the server account
-and Mojang account. Then the command can be executed. So someone different cannot steal the account of cracked player
-by buying the username.
-
-####Does the plugin have BungeeCord support?
-Yes it has. See the how to install above.
-
-####Could premium players have a premium UUID and Skin?
-Since 0.7 both features are implemented. You can check the config.yml in order to activate it.
-
-####Is this plugin compatible with Cauldron?
-It's not tested yet, but all needed methods also exists in Cauldron so it could work together.
-
-***
-
-###Useful Links:
-* [Login Protocol](http://wiki.vg/Protocol#Login)
-* [Protocol Encryption](http://wiki.vg/Protocol_Encryption)
+1. Activate proxy support in the server configuration
+   * This is often found in `spigot.yml` or `paper.yml`
+2. Restart the backend server
+3. Now there is `allowed-proxies.txt` file in the FastLogin folder of the restarted server
+    * BungeeCord: Put your `stats`-id from the BungeeCord config into this file
+    * Velocity: On plugin startup the plugin generates a `proxyId.txt` inside the plugins folder of the proxy
+4. Activate ip forwarding in your proxy config
+5. Check your database settings in the config of FastLogin on your proxy
+    * The proxies only ship with a limited set of drivers where Spigot supports more. Therefore, these are supported:
+    * BungeeCord: `mysql` for MySQL/MariaDB
+    * Velocity: `mariadb` for MySQL/MariaDB
+    * Note the embedded file storage SQLite is not available
+    * MySQL/MariaDB requires an external database server running. Check your server provider if there is one available
+   or install one.
+6. Set proxy and Spigot in offline mode by setting the value `onlinemode` in your `config.yml` to false
+7. You should *always* configure the firewall for your Spigot server so that it's only accessible through your proxy
+   * This is also the case without this plugin
+   * https://www.spigotmc.org/wiki/bungeecord-installation/#post-installation

bukkit/pom.xml

@@ -1,93 +1,304 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<!--
+
+    SPDX-License-Identifier: MIT
+
+    The MIT License (MIT)
+
+    Copyright (c) 2015-2024 games647 and contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+
+-->
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
+    <properties>
+        <maven.compiler.release>8</maven.compiler.release>
+    </properties>
+
     <parent>
         <groupId>com.github.games647</groupId>
         <artifactId>fastlogin</artifactId>
-        <version>1.9</version>
+        <version>1.12-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <!--This have to be in lowercase because it's used by plugin.yml-->
+    <!--This has to be in lowercase because it's used by plugin.yml-->
     <artifactId>fastlogin.bukkit</artifactId>
     <packaging>jar</packaging>
 
     <name>FastLoginBukkit</name>
 
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>3.5.3</version>
+                <configuration>
+                    <createDependencyReducedPom>false</createDependencyReducedPom>
+                    <shadedArtifactAttached>false</shadedArtifactAttached>
+                    <relocations>
+                        <relocation>
+                            <pattern>org.yaml.snakeyaml</pattern>
+                            <shadedPattern>fastlogin.yaml</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>com.zaxxer.hikari</pattern>
+                            <shadedPattern>fastlogin.hikari</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>org.slf4j</pattern>
+                            <shadedPattern>fastlogin.slf4j</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>net.md_5.bungee.config</pattern>
+                            <shadedPattern>fastlogin.config</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>com.google.gson</pattern>
+                            <shadedPattern>fastlogin.gson</shadedPattern>
+                        </relocation>
+                        <relocation>
+                            <pattern>com.google.common</pattern>
+                            <shadedPattern>fastlogin.guava</shadedPattern>
+                            <excludes>
+                                <exclude>com.google.common.collect.Multimap</exclude>
+                            </excludes>
+                        </relocation>
+                        <relocation>
+                            <pattern>io.papermc.lib</pattern>
+                            <shadedPattern>fastlogin.paperlib</shadedPattern>
+                        </relocation>
+                    </relocations>
+                    <!-- Rename the service file too to let SLF4J api find our own relocated jdk logger -->
+                    <!-- Located in META-INF/services -->
+                    <transformers>
+                        <transformer
+                                implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
+                    </transformers>
+                    <minimizeJar>true</minimizeJar>
+                    <filters>
+                        <filter>
+                            <artifact>*:*</artifact>
+                            <excludes>
+                                <exclude>**/module-info.class</exclude>
+                            </excludes>
+                        </filter>
+                    </filters>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
     <repositories>
-        <!--Bukkit-Server-API -->
+        <!-- PaperSpigot API, PaperLib, datafixupper and bungeecord-chat -->
         <repository>
-            <id>spigot-repo</id>
-            <url>https://hub.spigotmc.org/nexus/content/repositories/snapshots/</url>
+            <id>papermc</id>
+            <url>https://papermc.io/repo/repository/maven-public/</url>
         </repository>
 
-        <!--LoginSecurity-->
-        <repository>
-            <id>lenis0012-repo</id>
-            <url>http://ci.lenis0012.com/plugin/repository/everything/</url>
-        </repository>
-
-        <!--ProtocolLib-->
+        <!-- ProtocolLib -->
         <repository>
             <id>dmulloy2-repo</id>
-            <url>http://repo.dmulloy2.net/content/groups/public/</url>
+            <url>https://repo.dmulloy2.net/repository/public/</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
 
-        <!--Authme Reloaded-->
+        <!-- AuthMe Reloaded, xAuth and LoginSecurity -->
         <repository>
-            <id>xephi-repo</id>
-            <url>http://ci.xephi.fr/plugin/repository/everything/</url>
+            <id>codemc-releases</id>
+            <url>https://repo.codemc.io/repository/maven-public/</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
 
-        <!--xAuth-->
+        <!-- PlaceholderAPI -->
         <repository>
-            <id>luricos.de-repo</id>
-            <url>http://repo.luricos.de/bukkit-plugins/</url>
+            <id>placeholderapi</id>
+            <url>https://repo.extendedclip.com/content/repositories/placeholderapi</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
 
-        <!--Github automatic maven builds-->
+        <!-- GitHub automatic maven builds -->
         <repository>
             <id>jitpack.io</id>
             <url>https://jitpack.io</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
     </repositories>
 
     <dependencies>
+        <!--Common plugin component-->
         <dependency>
             <groupId>com.github.games647</groupId>
             <artifactId>fastlogin.core</artifactId>
             <version>${project.version}</version>
-            <scope>provided</scope>
         </dependency>
 
-        <!--Server API-->
+        <!-- PaperSpigot API for correcting user cache usage -->
         <dependency>
-            <groupId>org.spigotmc</groupId>
-            <artifactId>spigot-api</artifactId>
-            <version>1.10-R0.1-SNAPSHOT</version>
+            <groupId>io.papermc.paper</groupId>
+            <artifactId>paper-api</artifactId>
+            <version>1.20.6-R0.1-SNAPSHOT</version>
             <scope>provided</scope>
+            <!-- Use our own newer api version -->
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.ow2.asm</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.maven</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>com.mojang</groupId>
+            <artifactId>datafixerupper</artifactId>
+            <version>7.1.15</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!--Library for listening and sending Minecraft packets-->
         <dependency>
             <groupId>com.comphenix.protocol</groupId>
             <artifactId>ProtocolLib</artifactId>
-            <version>3.6.5</version>
+            <version>5.1.0</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
-	<dependency>
-	    <groupId>com.github.ProtocolSupport</groupId>
-	    <artifactId>ProtocolSupport</artifactId>
-            <!--4.25.dev-->
-	    <version>5554413b51</version>
-	</dependency>
+        <!--Changing onlinemode on login process-->
+        <dependency>
+            <groupId>com.github.ProtocolSupport</groupId>
+            <artifactId>ProtocolSupport</artifactId>
+            <!--4.29.dev after commit about API improvements-->
+            <version>master-66b494a8dd-1</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!--Floodgate for Xbox Live Authentication-->
+        <dependency>
+            <groupId>org.geysermc.floodgate</groupId>
+            <artifactId>api</artifactId>
+            <version>${floodgate.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!-- Bedrock player bridge -->
+        <dependency>
+            <groupId>org.geysermc.geyser</groupId>
+            <artifactId>core</artifactId>
+            <version>${geyser.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!-- We need the API, but it was excluded above -->
+        <dependency>
+            <groupId>org.geysermc.geyser</groupId>
+            <artifactId>api</artifactId>
+            <version>${geyser.version}</version>
+            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!--Provide premium placeholders-->
+        <dependency>
+            <groupId>me.clip</groupId>
+            <artifactId>placeholderapi</artifactId>
+            <version>2.11.5</version>
+            <scope>provided</scope>
+            <optional>true</optional>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
 
         <!--Login Plugins-->
         <dependency>
             <groupId>fr.xephi</groupId>
             <artifactId>authme</artifactId>
-            <version>5.2-SNAPSHOT</version>
+            <version>5.6.0-beta2</version>
+            <scope>provided</scope>
             <optional>true</optional>
             <exclusions>
                 <exclusion>
@@ -100,7 +311,8 @@
         <dependency>
             <groupId>com.lenis0012.bukkit</groupId>
             <artifactId>loginsecurity</artifactId>
-            <version>2.1.3-SNAPSHOT</version>
+            <version>3.3.0</version>
+            <scope>provided</scope>
             <optional>true</optional>
             <exclusions>
                 <exclusion>
@@ -110,24 +322,11 @@
             </exclusions>
         </dependency>
 
-	<dependency>
-	    <groupId>com.github.games647</groupId>
-	    <artifactId>LogIt</artifactId>
-	    <version>9e3581db27</version>
-            <optional>true</optional>
-            <scope>provided</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-	</dependency>
-
         <dependency>
-            <groupId>com.github.RoyalDev</groupId>
-            <artifactId>RoyalAuth</artifactId>
-            <version>-e21354a9b7-1</version>
+            <groupId>com.github.games647</groupId>
+            <artifactId>LogIt</artifactId>
+            <version>9e3581db27</version>
+            <scope>provided</scope>
             <optional>true</optional>
             <exclusions>
                 <exclusion>
@@ -141,6 +340,7 @@
             <groupId>de.luricos.bukkit</groupId>
             <artifactId>xAuth</artifactId>
             <version>2.6</version>
+            <scope>provided</scope>
             <optional>true</optional>
             <!--These artifacts produce conflicts on downloading-->
             <exclusions>
@@ -178,5 +378,12 @@
             <scope>system</scope>
             <systemPath>${project.basedir}/lib/UltraAuth v2.1.2.jar</systemPath>
         </dependency>
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk18on</artifactId>
+            <version>1.78.1</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitCore.java

@@ -1,72 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import com.github.games647.fastlogin.core.shared.FastLoginCore;
-import com.github.games647.fastlogin.core.shared.MojangApiConnector;
-import com.google.common.base.Charsets;
-import com.google.common.util.concurrent.ThreadFactoryBuilder;
-
-import java.io.File;
-import java.io.InputStreamReader;
-import java.util.List;
-import java.util.concurrent.ThreadFactory;
-import java.util.logging.Logger;
-
-import org.bukkit.ChatColor;
-import org.bukkit.configuration.file.YamlConfiguration;
-import org.bukkit.entity.Player;
-
-public class BukkitCore extends FastLoginCore<Player> {
-
-    private final FastLoginBukkit plugin;
-
-    public BukkitCore(FastLoginBukkit plugin) {
-        super(plugin.getConfig().getValues(false));
-
-        this.plugin = plugin;
-    }
-
-    @Override
-    public File getDataFolder() {
-        return plugin.getDataFolder();
-    }
-
-    @Override
-    public Logger getLogger() {
-        return plugin.getLogger();
-    }
-
-    @Override
-    public ThreadFactory getThreadFactory() {
-        String pluginName = plugin.getName();
-        return new ThreadFactoryBuilder()
-                .setNameFormat(pluginName + " Database Pool Thread #%1$d")
-                //Hikari create daemons by default
-                .setDaemon(true)
-                .build();
-    }
-
-    @Override
-    public void loadMessages() {
-        plugin.saveResource("messages.yml", false);
-
-        File messageFile = new File(plugin.getDataFolder(), "messages.yml");
-        YamlConfiguration messageConfig = YamlConfiguration.loadConfiguration(messageFile);
-
-        InputStreamReader defaultReader = new InputStreamReader(plugin.getResource("messages.yml"), Charsets.UTF_8);
-        YamlConfiguration defaults = YamlConfiguration.loadConfiguration(defaultReader);
-
-        messageConfig.setDefaults(defaults);
-
-        messageConfig.getKeys(false).forEach((key) -> {
-            String message = ChatColor.translateAlternateColorCodes('&', messageConfig.getString(key));
-            if (!message.isEmpty()) {
-                localeMessages.put(key, message);
-            }
-        });
-    }
-
-    @Override
-    public MojangApiConnector makeApiConnector(Logger logger, List<String> addresses, int requests) {
-        return new MojangApiBukkit(logger, addresses, requests);
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitLoginSession.java

@@ -1,84 +1,106 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit;
 
-import com.github.games647.fastlogin.core.PlayerProfile;
+import com.github.games647.craftapi.model.skin.SkinProperty;
+import com.github.games647.fastlogin.bukkit.auth.protocollib.packet.ClientPublicKey;
 import com.github.games647.fastlogin.core.shared.LoginSession;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.jetbrains.annotations.Nullable;
 
-import org.apache.commons.lang.ArrayUtils;
+import java.util.Optional;
 
 /**
  * Represents a client connecting to the server.
- *
+ * <p>
  * This session is invalid if the player disconnects or the login was successful
  */
 public class BukkitLoginSession extends LoginSession {
 
-    private final String serverId;
+    private static final byte[] EMPTY_ARRAY = {};
+
     private final byte[] verifyToken;
 
+    private final ClientPublicKey clientPublicKey;
+
     private boolean verified;
+    private SkinProperty skinProperty;
 
-    private String encodedSkinData;
-    private String skinSignature;
-
-    public BukkitLoginSession(String username, String serverId, byte[] verifyToken, boolean registered
-            , PlayerProfile profile) {
+    public BukkitLoginSession(String username, byte[] verifyToken, ClientPublicKey publicKey, boolean registered,
+                              StoredProfile profile) {
         super(username, registered, profile);
 
-        this.serverId = serverId;
-        this.verifyToken = ArrayUtils.clone(verifyToken);
+        this.clientPublicKey = publicKey;
+        this.verifyToken = verifyToken.clone();
     }
 
-    //available for bungeecord
+    //available for BungeeCord
     public BukkitLoginSession(String username, boolean registered) {
-        this(username, "", ArrayUtils.EMPTY_BYTE_ARRAY, registered, null);
+        this(username, EMPTY_ARRAY, null, registered, null);
     }
 
     //cracked player
-    public BukkitLoginSession(String username, PlayerProfile profile) {
-        this(username, "", ArrayUtils.EMPTY_BYTE_ARRAY, false, profile);
+    public BukkitLoginSession(String username, StoredProfile profile) {
+        this(username, EMPTY_ARRAY, null, false, profile);
+    }
+
+    //ProtocolSupport
+    public BukkitLoginSession(String username, boolean registered, StoredProfile profile) {
+        this(username, EMPTY_ARRAY, null, registered, profile);
     }
 
     /**
-     * Gets the random generated server id. This makes sure the request sent from the client is just for this server.
-     *
-     * See this for details http://www.sk89q.com/2011/09/minecraft-name-spoofing-exploit/
-     *
+     * Gets the verify-token the server sent to the client.
+     * <p>
      * Empty if it's a BungeeCord connection
      *
-     * @return random generated server id
+     * @return verify token from the server
      */
-    public String getServerId() {
-        return serverId;
+    public synchronized byte[] getVerifyToken() {
+        return verifyToken.clone();
+    }
+
+    @Nullable
+    public ClientPublicKey getClientPublicKey() {
+        return clientPublicKey;
     }
 
     /**
-     * Gets the verify token the server sent to the client.
-     *
-     * Empty if it's a BungeeCord connection
-     *
-     * @return the verify token from the server
+     * @return premium skin if available
      */
-    public byte[] getVerifyToken() {
-        return ArrayUtils.clone(verifyToken);
-    }
-
-    public synchronized String getEncodedSkinData() {
-        return encodedSkinData;
-    }
-
-    public synchronized String getSkinSignature() {
-        return skinSignature;
+    public synchronized Optional<SkinProperty> getSkin() {
+        return Optional.ofNullable(skinProperty);
     }
 
     /**
      * Sets the premium skin property which was retrieved by the session server
-     *
-     * @param encodedData
-     * @param skinSignature
+     * @param skinProperty premium skin
      */
-    public synchronized void setSkin(String encodedData, String skinSignature) {
-        this.encodedSkinData = encodedData;
-        this.skinSignature = skinSignature;
+    public synchronized void setSkinProperty(SkinProperty skinProperty) {
+        this.skinProperty = skinProperty;
     }
 
     /**
@@ -86,7 +108,7 @@ public class BukkitLoginSession extends LoginSession {
      *
      * @param verified whether the player has valid session
      */
-    public synchronized void setVerified(boolean verified) {
+    public synchronized void setVerifiedPremium(boolean verified) {
         this.verified = verified;
     }
 
@@ -95,7 +117,7 @@ public class BukkitLoginSession extends LoginSession {
      *
      * @return whether the player has a valid session
      */
-    public synchronized boolean isVerified() {
+    public synchronized boolean isVerifiedPremium() {
         return verified;
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitScheduler.java

@@ -0,0 +1,48 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit;
+
+import com.github.games647.fastlogin.core.scheduler.AsyncScheduler;
+import org.bukkit.Bukkit;
+import org.bukkit.plugin.Plugin;
+import org.slf4j.Logger;
+
+import java.util.concurrent.Executor;
+
+public class BukkitScheduler extends AsyncScheduler {
+
+    private final Executor syncExecutor;
+
+    public BukkitScheduler(Plugin plugin, Logger logger) {
+        super(logger, command -> Bukkit.getScheduler().runTaskAsynchronously(plugin, command));
+
+        syncExecutor = task -> Bukkit.getScheduler().runTask(plugin, task);
+    }
+
+    public Executor getSyncExecutor() {
+        return syncExecutor;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/EncryptionUtil.java

@@ -1,122 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import com.google.common.base.Charsets;
-
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.util.stream.Stream;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-
-/**
- * Encryption and decryption minecraft util for connection between servers
- * and paid minecraft account clients.
- *
- * Source: https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/MinecraftEncryption.java
- *
- * Remapped by: https://github.com/Techcable/MinecraftMappings/tree/master/1.8
- */
-public class EncryptionUtil {
-
-    public static KeyPair generateKeyPair() {
-        try {
-            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
-
-            keyPairGenerator.initialize(1_024);
-            return keyPairGenerator.generateKeyPair();
-        } catch (NoSuchAlgorithmException nosuchalgorithmexception) {
-            //Should be existing in every vm
-            throw new ExceptionInInitializerError(nosuchalgorithmexception);
-        }
-    }
-
-    public static byte[] getServerIdHash(String serverId, PublicKey publicKey, SecretKey secretKey) {
-        return digestOperation("SHA-1"
-                , new byte[][]{serverId.getBytes(Charsets.ISO_8859_1), secretKey.getEncoded(), publicKey.getEncoded()});
-    }
-
-    private static byte[] digestOperation(String algo, byte[]... content) {
-        try {
-            MessageDigest messagedigest = MessageDigest.getInstance(algo);
-            Stream.of(content).forEach(messagedigest::update);
-
-            return messagedigest.digest();
-        } catch (NoSuchAlgorithmException nosuchalgorithmexception) {
-            nosuchalgorithmexception.printStackTrace();
-            return null;
-        }
-    }
-
-//    public static PublicKey decodePublicKey(byte[] encodedKey) {
-//        try {
-//            KeyFactory keyfactory = KeyFactory.getInstance("RSA");
-//
-//            X509EncodedKeySpec x509encodedkeyspec = new X509EncodedKeySpec(encodedKey);
-//            return keyfactory.generatePublic(x509encodedkeyspec);
-//        } catch (NoSuchAlgorithmException | InvalidKeySpecException nosuchalgorithmexception) {
-//            //ignore
-//        }
-//
-//        System.err.println("Public key reconstitute failed!");
-//        return null;
-//    }
-
-    public static SecretKey decryptSharedKey(PrivateKey privateKey, byte[] encryptedSharedKey) {
-        return new SecretKeySpec(decryptData(privateKey, encryptedSharedKey), "AES");
-    }
-
-    public static byte[] decryptData(Key key, byte[] data) {
-        return cipherOperation(Cipher.DECRYPT_MODE, key, data);
-    }
-
-    private static byte[] cipherOperation(int operationMode, Key key, byte[] data) {
-        try {
-            return createCipherInstance(operationMode, key.getAlgorithm(), key).doFinal(data);
-        } catch (IllegalBlockSizeException | BadPaddingException illegalblocksizeexception) {
-            illegalblocksizeexception.printStackTrace();
-        }
-
-        System.err.println("Cipher data failed!");
-        return null;
-    }
-
-    private static Cipher createCipherInstance(int operationMode, String cipherName, Key key) {
-        try {
-            Cipher cipher = Cipher.getInstance(cipherName);
-
-            cipher.init(operationMode, key);
-            return cipher;
-        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException invalidkeyexception) {
-            invalidkeyexception.printStackTrace();
-        }
-
-        System.err.println("Cipher creation failed!");
-        return null;
-    }
-//
-//    public static Cipher createBufferedBlockCipher(int operationMode, Key key) {
-//        try {
-//            Cipher cipher = Cipher.getInstance("AES/CFB8/NoPadding");
-//
-//            cipher.init(operationMode, key, new IvParameterSpec(key.getEncoded()));
-//            return cipher;
-//        } catch (GeneralSecurityException generalsecurityexception) {
-//            throw new RuntimeException(generalsecurityexception);
-//        }
-//    }
-
-    private EncryptionUtil() {
-        //utility
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/FastLoginBukkit.java

@@ -1,212 +1,310 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 package com.github.games647.fastlogin.bukkit;
 
-import com.avaje.ebeaninternal.api.ClassUtil;
-import com.comphenix.protocol.AsynchronousManager;
-import com.comphenix.protocol.ProtocolLibrary;
-import com.github.games647.fastlogin.bukkit.commands.CrackedCommand;
-import com.github.games647.fastlogin.bukkit.commands.ImportCommand;
-import com.github.games647.fastlogin.bukkit.commands.PremiumCommand;
-import com.github.games647.fastlogin.bukkit.hooks.BukkitAuthPlugin;
-import com.github.games647.fastlogin.bukkit.listener.BukkitJoinListener;
-import com.github.games647.fastlogin.bukkit.listener.BungeeCordListener;
-import com.github.games647.fastlogin.bukkit.listener.protocollib.EncryptionPacketListener;
-import com.github.games647.fastlogin.bukkit.listener.protocollib.LoginSkinApplyListener;
-import com.github.games647.fastlogin.bukkit.listener.protocollib.StartPacketListener;
-import com.github.games647.fastlogin.bukkit.listener.protocolsupport.ProtocolSupportListener;
-import com.github.games647.fastlogin.bukkit.tasks.DelayedAuthHook;
+import com.github.games647.fastlogin.bukkit.auth.AuthenticationBackend;
+import com.github.games647.fastlogin.bukkit.auth.ConnectionListener;
+import com.github.games647.fastlogin.bukkit.auth.protocollib.ProtocolAuthentication;
+import com.github.games647.fastlogin.bukkit.auth.proxy.ProxyAuthentication;
+import com.github.games647.fastlogin.bukkit.command.CrackedCommand;
+import com.github.games647.fastlogin.bukkit.command.PremiumCommand;
+import com.github.games647.fastlogin.bukkit.hook.DelayedAuthHook;
+import com.github.games647.fastlogin.core.CommonUtil;
+import com.github.games647.fastlogin.core.PremiumStatus;
+import com.github.games647.fastlogin.core.hooks.bedrock.BedrockService;
+import com.github.games647.fastlogin.core.hooks.bedrock.FloodgateService;
+import com.github.games647.fastlogin.core.hooks.bedrock.GeyserService;
 import com.github.games647.fastlogin.core.shared.FastLoginCore;
-import com.google.common.collect.Iterables;
-import com.google.common.io.ByteArrayDataOutput;
-import com.google.common.io.ByteStreams;
-
-import java.security.KeyPair;
-import java.util.concurrent.ConcurrentMap;
-import java.util.logging.Level;
-
+import com.github.games647.fastlogin.core.shared.PlatformPlugin;
+import lombok.Getter;
+import org.bukkit.Bukkit;
 import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
+import org.bukkit.plugin.PluginManager;
 import org.bukkit.plugin.java.JavaPlugin;
+import org.geysermc.floodgate.api.FloodgateApi;
+import org.geysermc.geyser.GeyserImpl;
+import org.jetbrains.annotations.NotNull;
+import org.slf4j.Logger;
+
+import java.net.InetSocketAddress;
+import java.nio.file.Path;
+import java.time.Duration;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
 
 /**
  * This plugin checks if a player has a paid account and if so tries to skip offline mode authentication.
  */
-public class FastLoginBukkit extends JavaPlugin {
-
-    private static final int WORKER_THREADS = 3;
-
-    //provide a immutable key pair to be thread safe | used for encrypting and decrypting traffic
-    private final KeyPair keyPair = EncryptionUtil.generateKeyPair();
-
-    private boolean bungeeCord;
-    private BukkitCore core;
-    private boolean serverStarted;
+public class FastLoginBukkit extends JavaPlugin implements PlatformPlugin<CommandSender> {
 
     //1 minutes should be enough as a timeout for bad internet connection (Server, Client and Mojang)
-    private final ConcurrentMap<String, BukkitLoginSession> session = FastLoginCore.buildCache(1, -1);
+    private final ConcurrentMap<String, BukkitLoginSession> loginSession = CommonUtil.buildCache(
+            Duration.ofMinutes(1), -1
+    );
+
+    @Getter
+    private final Map<UUID, PremiumStatus> premiumPlayers = new ConcurrentHashMap<>();
+    private final Logger logger;
+
+    private final BukkitScheduler scheduler;
+
+    @Getter
+    private final Collection<UUID> pendingConfirms = new HashSet<>();
+
+    @Getter
+    private FastLoginCore<Player, CommandSender, FastLoginBukkit> core;
+
+    @Getter
+    private FloodgateService floodgateService;
+    private GeyserService geyserService;
+
+    private PremiumPlaceholder premiumPlaceholder;
+
+    @Getter
+    private AuthenticationBackend backend;
+
+    @Getter
+    private boolean initialized;
+
+    public FastLoginBukkit() {
+        this.logger = CommonUtil.initializeLoggerService(getLogger());
+        this.scheduler = new BukkitScheduler(this, logger);
+    }
 
     @Override
     public void onEnable() {
-        saveDefaultConfig();
-        core = new BukkitCore(this);
-
-        core.loadMessages();
-        core.setApiConnector();
-        try {
-            if (ClassUtil.isPresent("org.spigotmc.SpigotConfig")) {
-                bungeeCord = Class.forName("org.spigotmc.SpigotConfig").getDeclaredField("bungee").getBoolean(null);
-            }
-        } catch (Exception ex) {
-            getLogger().log(Level.WARNING, "Cannot check bungeecord support. You use a non-spigot build", ex);
-        }
+        core = new FastLoginCore<>(this);
+        core.load();
 
         if (getServer().getOnlineMode()) {
-            //we need to require offline to prevent a session request for a offline player
-            getLogger().severe("Server have to be in offline mode");
+            //we need to require offline to prevent a loginSession request for an offline player
+            logger.error("Server has to be in offline mode");
             setEnabled(false);
             return;
         }
 
-        if (bungeeCord) {
-            setServerStarted();
-
-            //check for incoming messages from the bungeecord version of this plugin
-            getServer().getMessenger().registerIncomingPluginChannel(this, getName(), new BungeeCordListener(this));
-            getServer().getMessenger().registerOutgoingPluginChannel(this, getName());
-            //register listeners on success
-        } else {
-            if (!core.setupDatabase()) {
-                setEnabled(false);
-                return;
-            }
-
-            if (getServer().getPluginManager().isPluginEnabled("ProtocolSupport")) {
-                getServer().getPluginManager().registerEvents(new ProtocolSupportListener(this), this);
-            } else if (getServer().getPluginManager().isPluginEnabled("ProtocolLib")) {
-                //we are performing HTTP request on these so run it async (seperate from the Netty IO threads)
-                AsynchronousManager asynchronousManager = ProtocolLibrary.getProtocolManager().getAsynchronousManager();
-
-                StartPacketListener startPacketListener = new StartPacketListener(this);
-                EncryptionPacketListener encryptionPacketListener = new EncryptionPacketListener(this);
-
-                asynchronousManager.registerAsyncHandler(startPacketListener).start(WORKER_THREADS);
-                asynchronousManager.registerAsyncHandler(encryptionPacketListener).start(WORKER_THREADS);
-                getServer().getPluginManager().registerEvents(new LoginSkinApplyListener(this), this);
-            } else {
-                getLogger().warning("Either ProtocolLib or ProtocolSupport have to be installed "
-                        + "if you don't use BungeeCord");
-            }
+        if (!initializeFloodgate()) {
+            setEnabled(false);
         }
 
-        //delay dependency setup because we load the plugin very early where plugins are initialized yet
-        getServer().getScheduler().runTask(this, new DelayedAuthHook(this));
+        backend = initializeAuthenticationBackend();
+        if (backend == null) {
+            logger.warn("Either ProtocolLib or ProtocolSupport have to be installed if you don't use BungeeCord");
+            setEnabled(false);
+            return;
+        }
 
-        getServer().getPluginManager().registerEvents(new BukkitJoinListener(this), this);
+        backend.init(getServer().getPluginManager());
+        PluginManager pluginManager = getServer().getPluginManager();
 
+        pluginManager.registerEvents(new ConnectionListener(this), this);
+
+        registerCommands();
+
+        if (pluginManager.isPluginEnabled("PlaceholderAPI")) {
+            premiumPlaceholder = new PremiumPlaceholder(this);
+            premiumPlaceholder.register();
+        }
+
+        // delay dependency setup because we load the plugin very early where plugins are initialized yet
+        getServer().getScheduler().runTaskLater(this, new DelayedAuthHook(this), 5L);
+    }
+
+    private AuthenticationBackend initializeAuthenticationBackend() {
+        AuthenticationBackend proxyVerifier = new ProxyAuthentication(this);
+        if (proxyVerifier.isAvailable()) {
+            return proxyVerifier;
+        }
+
+        logger.warn("Disabling Minecraft proxy configuration. Assuming direct connections from now on.");
+        AuthenticationBackend protocolAuthentication = new ProtocolAuthentication(this);
+        if (protocolAuthentication.isAvailable()) {
+            return protocolAuthentication;
+        }
+
+        return null;
+    }
+
+    private void registerCommands() {
         //register commands using a unique name
-        getCommand("premium").setExecutor(new PremiumCommand(this));
-        getCommand("cracked").setExecutor(new CrackedCommand(this));
-        getCommand("import-auth").setExecutor(new ImportCommand(core));
+        Optional.ofNullable(getCommand("premium")).ifPresent(c -> c.setExecutor(new PremiumCommand(this)));
+        Optional.ofNullable(getCommand("cracked")).ifPresent(c -> c.setExecutor(new CrackedCommand(this)));
+    }
+
+    private boolean initializeFloodgate() {
+        if (getServer().getPluginManager().getPlugin("Geyser-Spigot") != null) {
+            geyserService = new GeyserService(GeyserImpl.getInstance(), core);
+        }
+
+        if (getServer().getPluginManager().getPlugin("floodgate") != null) {
+            floodgateService = new FloodgateService(FloodgateApi.getInstance(), core);
+
+            // Check Floodgate config values and return
+            return floodgateService.isValidFloodgateConfigString("autoLoginFloodgate")
+                    && floodgateService.isValidFloodgateConfigString("allowFloodgateNameConflict");
+        }
+
+        return true;
     }
 
     @Override
     public void onDisable() {
-        session.clear();
+        loginSession.clear();
+        premiumPlayers.clear();
 
         if (core != null) {
             core.close();
         }
 
-        //remove old blacklists
-        getServer().getOnlinePlayers().forEach(player -> player.removeMetadata(getName(), this));
-    }
-
-    public BukkitCore getCore() {
-        return core;
-    }
-
-    public void sendBungeeActivateMessage(CommandSender sender, String target, boolean activate) {
-        if (sender instanceof Player) {
-            notifiyBungeeCord((Player) sender, target, activate);
-        } else {
-            Player firstPlayer = Iterables.getFirst(getServer().getOnlinePlayers(), null);
-            if (firstPlayer == null) {
-                getLogger().info("No player online to send a plugin message to the proxy");
-                return;
-            }
-
-            notifiyBungeeCord(firstPlayer, target, activate);
+        if (backend != null) {
+            backend.stop();
         }
-    }
 
-    @Deprecated
-    public void setPasswordGenerator(PasswordGenerator passwordGenerator) {
-        core.setPasswordGenerator(passwordGenerator);
+        if (premiumPlaceholder != null && getServer().getPluginManager().isPluginEnabled("PlaceholderAPI")) {
+            premiumPlaceholder.unregister();
+        }
     }
 
     /**
      * Gets a thread-safe map about players which are connecting to the server are being checked to be premium (paid
      * account)
      *
-     * @return a thread-safe session map
+     * @return a thread-safe loginSession map
      */
-    public ConcurrentMap<String, BukkitLoginSession> getSessions() {
-        return session;
+    public ConcurrentMap<String, BukkitLoginSession> getLoginSessions() {
+        return loginSession;
+    }
+
+    public BukkitLoginSession getSession(InetSocketAddress address) {
+        String id = getSessionId(address);
+        return loginSession.get(id);
+    }
+
+    public String getSessionId(InetSocketAddress address) {
+        return address.getAddress().getHostAddress() + ':' + address.getPort();
+    }
+
+    public void putSession(InetSocketAddress address, BukkitLoginSession session) {
+        String id = getSessionId(address);
+        loginSession.put(id, session);
+    }
+
+    public void removeSession(InetSocketAddress address) {
+        String id = getSessionId(address);
+        loginSession.remove(id);
     }
 
     /**
-     * Gets the server KeyPair. This is used to encrypt or decrypt traffic between the client and server
+     * Fetches the premium status of an online player.
+     * {@snippet :
+     * // Bukkit's players object after successful authentication i.e. PlayerJoinEvent
+     * // except for proxies like BungeeCord and Velocity where the details are sent delayed (1-2 seconds)
+     * Player player;
+     * PremiumStatus status = JavaPlugin.getPlugin(FastLoginBukkit.class).getStatus(player.getUniqueId());
+     * switch (status) {
+     *     case CRACKED:
+     *         // player is offline
+     *         break;
+     *     case PREMIUM:
+     *         // account is premium and player passed the verification
+     *         break;
+     *     case UNKNOWN:
+     *         // no record about this player
+     * }
+     * }
      *
-     * @return the server KeyPair
+     * @param onlinePlayer player that is currently online player (play state)
+     * @return the online status or unknown if an error happened, the player isn't online or BungeeCord doesn't send
+     * us the status message yet (This means you cannot check the login status on the PlayerJoinEvent).
      */
-    public KeyPair getServerKey() {
-        return keyPair;
+    public @NotNull PremiumStatus getStatus(@NotNull UUID onlinePlayer) {
+        return premiumPlayers.getOrDefault(onlinePlayer, PremiumStatus.UNKNOWN);
+    }
+
+    @Override
+    public Path getPluginFolder() {
+        return getDataFolder().toPath();
+    }
+
+    @Override
+    public Logger getLog() {
+        return logger;
+    }
+
+    @Override
+    public BukkitScheduler getScheduler() {
+        return scheduler;
+    }
+
+    @Override
+    public void sendMessage(CommandSender receiver, String message) {
+        receiver.sendMessage(message);
     }
 
     /**
-     * Gets the auth plugin hook in order to interact with the plugins. This can be null if no supporting auth plugin
-     * was found.
+     * Checks if a plugin is installed on the server
      *
-     * @return interface to any supported auth plugin
+     * @param name the name of the plugin
+     * @return true if the plugin is installed
      */
-    @Deprecated
-    public BukkitAuthPlugin getAuthPlugin() {
-        return (BukkitAuthPlugin) core.getAuthPluginHook();
+    @Override
+    public boolean isPluginInstalled(String name) {
+        // the plugin may be enabled after FastLogin, so isPluginEnabled() won't work here
+        return Bukkit.getServer().getPluginManager().getPlugin(name) != null;
     }
 
-    @Deprecated
-    public void setAuthPluginHook(BukkitAuthPlugin authPlugin) {
-        core.setAuthPluginHook(authPlugin);
-    }
-
-    public boolean isBungeeCord() {
-        return bungeeCord;
-    }
-
-    /**
-     * Wait before the server is fully started. This is workaround, because connections right on startup are not
-     * injected by ProtocolLib
-     *
-     * @return
-     */
-    public boolean isServerFullyStarted() {
-        return serverStarted;
-    }
-
-    public void setServerStarted() {
-        if (!this.serverStarted) {
-            this.serverStarted = true;
-        }
-    }
-
-    private void notifiyBungeeCord(Player sender, String target, boolean activate) {
-        ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
-        if (activate) {
-            dataOutput.writeUTF("ON");
-        } else {
-            dataOutput.writeUTF("OFF");
+    public void setInitialized(boolean hookFound) {
+        if (backend instanceof ProxyAuthentication) {
+            logger.info("BungeeCord setting detected. No auth plugin is required");
+        } else if (!hookFound) {
+            logger.warn("No auth plugin were found by this plugin "
+                    + "(other plugins could hook into this after the initialization of this plugin)"
+                    + "and BungeeCord is deactivated. "
+                    + "Either one or both of the checks have to pass in order to use this plugin");
         }
 
-        dataOutput.writeUTF(target);
-        sender.sendPluginMessage(this, getName(), dataOutput.toByteArray());
+        initialized = true;
+    }
+
+    public ProxyAuthentication getBungeeManager() {
+        return (ProxyAuthentication) backend;
+    }
+
+    @Override
+    public BedrockService<?> getBedrockService() {
+        if (floodgateService != null) {
+            return floodgateService;
+        }
+
+        return geyserService;
     }
 }

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/MojangApiBukkit.java

@@ -1,83 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import com.github.games647.fastlogin.core.shared.FastLoginCore;
-import com.github.games647.fastlogin.core.shared.LoginSession;
-import com.github.games647.fastlogin.core.shared.MojangApiConnector;
-
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.net.HttpURLConnection;
-import java.util.List;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.json.simple.JSONArray;
-import org.json.simple.JSONObject;
-import org.json.simple.JSONValue;
-
-public class MojangApiBukkit extends MojangApiConnector {
-
-    //mojang api check to prove a player is logged in minecraft and made a join server request
-    private static final String HAS_JOINED_URL = "https://sessionserver.mojang.com/session/minecraft/hasJoined?";
-
-    public MojangApiBukkit(Logger logger, List<String> localAddresses, int rateLimit) {
-        super(logger, localAddresses, rateLimit);
-    }
-
-    @Override
-    public boolean hasJoinedServer(LoginSession session, String serverId) {
-        BukkitLoginSession playerSession = (BukkitLoginSession) session;
-        try {
-            String url = HAS_JOINED_URL + "username=" + playerSession.getUsername() + "&serverId=" + serverId;
-            HttpURLConnection conn = getConnection(url);
-
-            BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
-            String line = reader.readLine();
-            if (line != null && !line.equals("null")) {
-                //validate parsing
-                //http://wiki.vg/Protocol_Encryption#Server
-                JSONObject userData = (JSONObject) JSONValue.parseWithException(line);
-                String uuid = (String) userData.get("id");
-                playerSession.setUuid(FastLoginCore.parseId(uuid));
-
-                JSONArray properties = (JSONArray) userData.get("properties");
-                JSONObject skinProperty = (JSONObject) properties.get(0);
-
-                String propertyName = (String) skinProperty.get("name");
-                if (propertyName.equals("textures")) {
-                    String skinValue = (String) skinProperty.get("value");
-                    String signature = (String) skinProperty.get("signature");
-                    playerSession.setSkin(skinValue, signature);
-                }
-
-                return true;
-            }
-        } catch (Exception ex) {
-            //catch not only ioexceptions also parse and NPE on unexpected json format
-            logger.log(Level.WARNING, "Failed to verify session", ex);
-        }
-
-        //this connection doesn't need to be closed. So can make use of keep alive in java
-        return false;
-    }
-
-    @Override
-    protected String getUUIDFromJson(String json) {
-        boolean isArray = json.startsWith("[");
-
-        JSONObject mojangPlayer;
-        if (isArray) {
-            JSONArray array = (JSONArray) JSONValue.parse(json);
-            mojangPlayer = (JSONObject) array.get(0);
-        } else {
-            mojangPlayer = (JSONObject) JSONValue.parse(json);
-        }
-
-        String uuid = (String) mojangPlayer.get("id");
-        if ("null".equals(uuid)) {
-            return null;
-        }
-        
-        return uuid;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/PasswordGenerator.java

@@ -1,14 +0,0 @@
-package com.github.games647.fastlogin.bukkit;
-
-import org.bukkit.entity.Player;
-
-/**
- *
- * @deprecated please use com.github.games647.fastlogin.core.hooks.PasswordGenerator<org.bukkit.entity.Player>
- */
-@Deprecated
-public interface PasswordGenerator extends com.github.games647.fastlogin.core.hooks.PasswordGenerator<Player> {
-
-    @Override
-    String getRandomPassword(Player player);
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/PremiumPlaceholder.java

@@ -0,0 +1,86 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit;
+
+import me.clip.placeholderapi.expansion.PlaceholderExpansion;
+import org.bukkit.OfflinePlayer;
+import org.jetbrains.annotations.NotNull;
+
+import java.util.Collections;
+import java.util.List;
+
+public class PremiumPlaceholder extends PlaceholderExpansion {
+
+    private static final String PLACEHOLDER_VARIABLE = "status";
+
+    private final FastLoginBukkit plugin;
+
+    public PremiumPlaceholder(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public boolean persist() {
+        return true;
+    }
+
+    @Override
+    public @NotNull List<String> getPlaceholders() {
+        return Collections.singletonList(PLACEHOLDER_VARIABLE);
+    }
+
+    @Override
+    public String onRequest(OfflinePlayer player, @NotNull String identifier) {
+        // player is null if offline
+        if (player != null && PLACEHOLDER_VARIABLE.equals(identifier)) {
+            return plugin.getStatus(player.getUniqueId()).getReadableName();
+        }
+
+        return null;
+    }
+
+    @Override
+    public @NotNull String getIdentifier() {
+        return plugin.getName();
+    }
+
+    @Override
+    public String getRequiredPlugin() {
+        return plugin.getName();
+    }
+
+    @Override
+    public @NotNull String getAuthor() {
+        //noinspection deprecation
+        return String.join(", ", plugin.getDescription().getAuthors());
+    }
+
+    @Override
+    public @NotNull String getVersion() {
+        //noinspection deprecation
+        return plugin.getDescription().getVersion();
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/AuthenticationBackend.java

@@ -0,0 +1,37 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth;
+
+import org.bukkit.plugin.PluginManager;
+
+public interface AuthenticationBackend {
+
+    boolean isAvailable();
+
+    void init(PluginManager pluginManager);
+
+    void stop();
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/ConnectionListener.java

@@ -0,0 +1,100 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth;
+
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.bedrock.FloodgateService;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.Listener;
+import org.bukkit.event.player.PlayerJoinEvent;
+import org.bukkit.event.player.PlayerQuitEvent;
+import org.geysermc.floodgate.api.player.FloodgatePlayer;
+
+/**
+ * This listener tells authentication plugins weather the player has a premium account. So the
+ * plugin can skip authentication.
+ */
+public class ConnectionListener implements Listener {
+
+    private static final long DELAY_LOGIN = 20L / 2;
+
+    private final FastLoginBukkit plugin;
+
+    public ConnectionListener(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @EventHandler(ignoreCancelled = true)
+    public void onPlayerJoin(PlayerJoinEvent joinEvent) {
+        Player player = joinEvent.getPlayer();
+
+        Bukkit.getScheduler().runTaskLater(plugin, () -> {
+            delayForceLogin(player);
+            // delay the login process to let auth plugins initialize the player
+            // Magic number however as there is no direct event from those plugins
+        }, DELAY_LOGIN);
+    }
+
+    private void delayForceLogin(Player player) {
+        // session exists so the player is ready for force login
+        // cases: Paper (firing BungeeCord message before PlayerJoinEvent) or not running BungeeCord and already
+        // having the login session from the login process
+        BukkitLoginSession session = plugin.getSession(player.spigot().getRawAddress());
+
+        if (session == null) {
+            // Floodgate players usually don't have a session at this point
+            // exception: if force login by bungee message had been delayed
+            FloodgateService floodgateService = plugin.getFloodgateService();
+            if (floodgateService != null) {
+                FloodgatePlayer floodgatePlayer = floodgateService.getBedrockPlayer(player.getUniqueId());
+                if (floodgatePlayer != null) {
+                    Runnable floodgateAuthTask = new FloodgateAuthTask(plugin.getCore(), player, floodgatePlayer);
+                    Bukkit.getScheduler().runTaskAsynchronously(plugin, floodgateAuthTask);
+                    return;
+                }
+            }
+
+            String sessionId = plugin.getSessionId(player.spigot().getRawAddress());
+            plugin.getLog().info("No on-going login session for player: {} with ID {}. ", player, sessionId);
+            plugin.getLog().info("Setups using Minecraft proxies will start delayed "
+                + "when the command from the proxy is received");
+        } else {
+            Runnable forceLoginTask = new ForceLoginTask(plugin.getCore(), player, session);
+            Bukkit.getScheduler().runTaskAsynchronously(plugin, forceLoginTask);
+        }
+    }
+
+    @EventHandler
+    public void onPlayerQuit(PlayerQuitEvent quitEvent) {
+        Player player = quitEvent.getPlayer();
+
+        plugin.getPendingConfirms().remove(player.getUniqueId());
+        plugin.getPremiumPlayers().remove(player.getUniqueId());
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/FloodgateAuthTask.java

@@ -0,0 +1,71 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth;
+
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.github.games647.fastlogin.core.shared.FloodgateManagement;
+import org.bukkit.Bukkit;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.geysermc.floodgate.api.player.FloodgatePlayer;
+
+import java.net.InetSocketAddress;
+import java.util.UUID;
+
+public class FloodgateAuthTask extends FloodgateManagement<Player, CommandSender, BukkitLoginSession, FastLoginBukkit> {
+
+    public FloodgateAuthTask(FastLoginCore<Player, CommandSender, FastLoginBukkit> core, Player player,
+                             FloodgatePlayer floodgatePlayer) {
+        super(core, player, floodgatePlayer);
+    }
+
+    @Override
+    protected void startLogin() {
+        BukkitLoginSession session = new BukkitLoginSession(player.getName(), isRegistered, profile);
+
+        // enable auto login based on the value of 'autoLoginFloodgate' in config.yml
+        session.setVerifiedPremium(isAutoAuthAllowed(autoLoginFloodgate));
+
+        // run login task
+        Runnable forceLoginTask = new ForceLoginTask(core.getPlugin().getCore(), player, session);
+        Bukkit.getScheduler().runTaskAsynchronously(core.getPlugin(), forceLoginTask);
+    }
+
+    protected String getName(Player player) {
+        return player.getName();
+    }
+
+    protected UUID getUUID(Player player) {
+        return player.getUniqueId();
+    }
+
+    protected InetSocketAddress getAddress(Player player) {
+        return player.getAddress();
+    }
+
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/ForceLoginTask.java

@@ -0,0 +1,108 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth;
+
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginAutoLoginEvent;
+import com.github.games647.fastlogin.core.PremiumStatus;
+import com.github.games647.fastlogin.core.message.SuccessMessage;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import com.github.games647.fastlogin.core.shared.ForceLoginManagement;
+import com.github.games647.fastlogin.core.shared.LoginSession;
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.bukkit.Bukkit;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.bukkit.metadata.FixedMetadataValue;
+
+import java.util.concurrent.ExecutionException;
+
+public class ForceLoginTask extends ForceLoginManagement<Player, CommandSender, BukkitLoginSession, FastLoginBukkit> {
+
+    public ForceLoginTask(FastLoginCore<Player, CommandSender, FastLoginBukkit> core, Player player,
+                          BukkitLoginSession session) {
+        super(core, player, session);
+    }
+
+    @Override
+    public void run() {
+        // block this target player for BungeeCord ID brute force attacks
+        FastLoginBukkit plugin = core.getPlugin();
+        player.setMetadata(core.getPlugin().getName(), new FixedMetadataValue(plugin, true));
+
+        if (session != null && !session.getUsername().equals(player.getName())) {
+            String playerName = player.getName();
+            plugin.getLog().warn("Player username {} is not matching session {}", playerName, session.getUsername());
+            return;
+        }
+
+        super.run();
+
+        PremiumStatus status = PremiumStatus.CRACKED;
+        if (isOnlineMode()) {
+            status = PremiumStatus.PREMIUM;
+        }
+
+        plugin.getPremiumPlayers().put(player.getUniqueId(), status);
+    }
+
+    @Override
+    public FastLoginAutoLoginEvent callFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile) {
+        BukkitFastLoginAutoLoginEvent event = new BukkitFastLoginAutoLoginEvent(session, profile);
+        core.getPlugin().getServer().getPluginManager().callEvent(event);
+        return event;
+    }
+
+    @Override
+    public void onForceActionSuccess(LoginSession session) {
+        if (core.getPlugin().getBungeeManager().isAvailable()) {
+            core.getPlugin().getBungeeManager().sendPluginMessage(player, new SuccessMessage());
+        }
+    }
+
+    @Override
+    public String getName(Player player) {
+        return player.getName();
+    }
+
+    @Override
+    public boolean isOnline(Player player) {
+        try {
+            //the player-list isn't thread-safe
+            return Bukkit.getScheduler().callSyncMethod(core.getPlugin(), player::isOnline).get();
+        } catch (InterruptedException | ExecutionException ex) {
+            core.getPlugin().getLog().error("Failed to perform thread-safe online check for {}", player, ex);
+            return false;
+        }
+    }
+
+    @Override
+    public boolean isOnlineMode() {
+        return session.isVerifiedPremium();
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/InetUtils.java

@@ -0,0 +1,63 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth;
+
+import java.net.InetAddress;
+
+public final class InetUtils {
+
+    private InetUtils() {
+        // Utility
+    }
+
+    /**
+     * Verifies if the given IP address is from the local network
+     *
+     * @param address IP address
+     * @return true if address is from local network or even from the device itself (loopback)
+     */
+    public static boolean isLocalAddress(InetAddress address) {
+        // Loopback addresses like 127.0.* (IPv4) or [::1] (IPv6)
+        return address.isLoopbackAddress()
+                // Example: 10.0.0.0, 172.16.0.0, 192.168.0.0, fec0::/10 (deprecated)
+                // Ref: https://en.wikipedia.org/wiki/IP_address#Private_addresses
+                || address.isSiteLocalAddress()
+                // Example: 169.254.0.0/16, fe80::/10
+                // Ref: https://en.wikipedia.org/wiki/IP_address#Address_autoconfiguration
+                || address.isLinkLocalAddress()
+                // non deprecated unique site-local that java doesn't check yet -> fc00::/7
+                || isIPv6UniqueSiteLocal(address);
+    }
+
+    private static boolean isIPv6UniqueSiteLocal(InetAddress address) {
+        // ref: https://en.wikipedia.org/wiki/Unique_local_address
+
+        // currently undefined but could be used in the near future fc00::/8
+        return (address.getAddress()[0] & 0xFF) == 0xFC
+                // in use for unique site-local fd00::/8
+                || (address.getAddress()[0] & 0xFF) == 0xFD;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/LocalAuthentication.java

@@ -0,0 +1,70 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.auth.protocollib.SkinApplyListener;
+import org.bukkit.plugin.PluginManager;
+
+import java.util.Optional;
+
+public abstract class LocalAuthentication implements AuthenticationBackend {
+
+    protected final FastLoginBukkit plugin;
+
+    protected LocalAuthentication(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public void init(PluginManager pluginManager) {
+        if (!plugin.getCore().setupDatabase()) {
+            plugin.setEnabled(false);
+            return;
+        }
+
+        // if server is using paper - we need to add one more listener to correct the user cache usage
+        if (isPaper()) {
+            pluginManager.registerEvents(new PaperCacheListener(plugin), plugin);
+        } else if (plugin.getConfig().getBoolean("forwardSkin")) {
+            //if server is using paper - we need to set the skin at pre login anyway, so no need for this listener
+            pluginManager.registerEvents(new SkinApplyListener(plugin), plugin);
+        }
+    }
+
+    private boolean isPaper() {
+        return isClassAvailable("com.destroystokyo.paper.PaperConfig").isPresent()
+                || isClassAvailable("io.papermc.paper.configuration.Configuration").isPresent();
+    }
+
+    private Optional<Class<?>> isClassAvailable(String clazzName) {
+        try {
+            return Optional.of(Class.forName(clazzName));
+        } catch (ClassNotFoundException e) {
+            return Optional.empty();
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/PaperCacheListener.java

@@ -0,0 +1,66 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth;
+
+import com.destroystokyo.paper.profile.ProfileProperty;
+import com.github.games647.craftapi.model.skin.Textures;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.Listener;
+import org.bukkit.event.player.AsyncPlayerPreLoginEvent;
+import org.bukkit.event.player.AsyncPlayerPreLoginEvent.Result;
+
+public class PaperCacheListener implements Listener {
+
+    private final FastLoginBukkit plugin;
+
+    public PaperCacheListener(final FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @EventHandler(priority = EventPriority.HIGHEST)
+    //if paper is used - player skin must be set at pre login, otherwise user cache is used
+    // user cache makes premium name change basically impossible
+    public void onAsyncPlayerPreLogin(AsyncPlayerPreLoginEvent event) {
+        if (event.getLoginResult() != Result.ALLOWED) {
+            return;
+        }
+
+        // event gives us only IP, not the port, so we need to loop through all the sessions
+        for (BukkitLoginSession session : plugin.getLoginSessions().values()) {
+            if (!event.getName().equals(session.getUsername())) {
+                continue;
+            }
+
+            session.getSkin().ifPresent(skin -> event.getPlayerProfile().setProperty(new ProfileProperty(Textures.KEY,
+                    skin.getValue(), skin.getSignature())));
+            break;
+        }
+    }
+
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/protocollib/EncryptionUtil.java

@@ -0,0 +1,226 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.auth.protocollib.packet.ClientPublicKey;
+import com.google.common.hash.Hasher;
+import com.google.common.hash.Hashing;
+import com.google.common.io.Resources;
+import com.google.common.primitives.Longs;
+import lombok.val;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Base64.Encoder;
+import java.util.Random;
+import java.util.UUID;
+
+/**
+ * Encryption and decryption minecraft util for connection between servers
+ * and paid Minecraft account clients.
+ */
+final class EncryptionUtil {
+
+    public static final int VERIFY_TOKEN_LENGTH = 4;
+    public static final String KEY_PAIR_ALGORITHM = "RSA";
+
+    private static final int RSA_LENGTH = 2_048;
+
+    private static final PublicKey MOJANG_SESSION_KEY;
+    private static final int LINE_LENGTH = 76;
+    private static final Encoder KEY_ENCODER = Base64.getMimeEncoder(
+            LINE_LENGTH, "\n".getBytes(StandardCharsets.UTF_8)
+    );
+    private static final int MILLISECOND_SIZE = 8;
+    private static final int UUID_SIZE = 2 * MILLISECOND_SIZE;
+
+    static {
+        try {
+            MOJANG_SESSION_KEY = loadMojangSessionKey();
+        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException ex) {
+            throw new RuntimeException("Failed to load Mojang session key", ex);
+        }
+    }
+
+    private EncryptionUtil() {
+        throw new RuntimeException("No instantiation of utility classes allowed");
+    }
+
+    /**
+     * Generate an RSA key pair
+     *
+     * @return The RSA key pair.
+     */
+    public static KeyPair generateKeyPair() {
+        try {
+            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM);
+
+            keyPairGenerator.initialize(RSA_LENGTH);
+            return keyPairGenerator.generateKeyPair();
+        } catch (NoSuchAlgorithmException nosuchalgorithmexception) {
+            // Should be existing in every vm
+            throw new ExceptionInInitializerError(nosuchalgorithmexception);
+        }
+    }
+
+    /**
+     * Generate a random token. This is used to verify that we are communicating with the same player
+     * in a login session.
+     *
+     * @param random random generator
+     * @return a token with 4 bytes long
+     */
+    public static byte[] generateVerifyToken(Random random) {
+        byte[] token = new byte[VERIFY_TOKEN_LENGTH];
+        random.nextBytes(token);
+        return token;
+    }
+
+    /**
+     * Generate the server id based on client and server data.
+     *
+     * @param serverId     session for the current login attempt
+     * @param sharedSecret shared secret between the client and the server
+     * @param publicKey    public key of the server
+     * @return the server id formatted as a hexadecimal string.
+     */
+    public static String getServerIdHashString(String serverId, SecretKey sharedSecret, PublicKey publicKey) {
+        byte[] serverHash = getServerIdHash(serverId, publicKey, sharedSecret);
+        return (new BigInteger(serverHash)).toString(16);
+    }
+
+    /**
+     * Decrypts the content and extracts the key spec.
+     *
+     * @param privateKey private server key
+     * @param sharedKey  the encrypted shared key
+     * @return shared secret key
+     */
+    public static SecretKey decryptSharedKey(PrivateKey privateKey, byte[] sharedKey)
+            throws NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException,
+            BadPaddingException, InvalidKeyException {
+        return new SecretKeySpec(decrypt(privateKey, sharedKey), "AES");
+    }
+
+    public static boolean verifyClientKey(ClientPublicKey clientKey, Instant verifyTimestamp, UUID premiumId)
+            throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+        if (clientKey.isExpired(verifyTimestamp)) {
+            return false;
+        }
+
+        Signature verifier = Signature.getInstance("SHA1withRSA");
+        // key of the signer
+        verifier.initVerify(MOJANG_SESSION_KEY);
+        verifier.update(toSignable(clientKey, premiumId));
+        return verifier.verify(clientKey.signature());
+    }
+
+    private static byte[] toSignable(ClientPublicKey clientPublicKey, UUID ownerPremiumId) {
+        if (ownerPremiumId == null) {
+            long expiry = clientPublicKey.expiry().toEpochMilli();
+            String encoded = KEY_ENCODER.encodeToString(clientPublicKey.key().getEncoded());
+            return (expiry + "-----BEGIN RSA PUBLIC KEY-----\n" + encoded + "\n-----END RSA PUBLIC KEY-----\n")
+                    .getBytes(StandardCharsets.US_ASCII);
+        }
+
+        byte[] keyData = clientPublicKey.key().getEncoded();
+        return ByteBuffer.allocate(keyData.length + UUID_SIZE + MILLISECOND_SIZE)
+                .putLong(ownerPremiumId.getMostSignificantBits())
+                .putLong(ownerPremiumId.getLeastSignificantBits())
+                .putLong(clientPublicKey.expiry().toEpochMilli())
+                .put(keyData)
+                .array();
+    }
+
+    public static boolean verifyNonce(byte[] expected, PrivateKey decryptionKey, byte[] encryptedNonce)
+            throws NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException,
+            BadPaddingException, InvalidKeyException {
+        byte[] decryptedNonce = decrypt(decryptionKey, encryptedNonce);
+        return Arrays.equals(expected, decryptedNonce);
+    }
+
+    public static boolean verifySignedNonce(byte[] nonce, PublicKey clientKey, long signatureSalt, byte[] signature)
+            throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+        Signature verifier = Signature.getInstance("SHA256withRSA");
+        // key of the signer
+        verifier.initVerify(clientKey);
+
+        verifier.update(nonce);
+        verifier.update(Longs.toByteArray(signatureSalt));
+        return verifier.verify(signature);
+    }
+
+    private static PublicKey loadMojangSessionKey()
+            throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+        val keyUrl = FastLoginBukkit.class.getClassLoader().getResource("yggdrasil_session_pubkey.der");
+        val keyData = Resources.toByteArray(keyUrl);
+        val keySpec = new X509EncodedKeySpec(keyData);
+
+        return KeyFactory.getInstance("RSA").generatePublic(keySpec);
+    }
+
+    private static byte[] decrypt(PrivateKey key, byte[] data)
+            throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
+            IllegalBlockSizeException, BadPaddingException {
+        Cipher cipher = Cipher.getInstance(key.getAlgorithm());
+        cipher.init(Cipher.DECRYPT_MODE, key);
+        return cipher.doFinal(data);
+    }
+
+    private static byte[] getServerIdHash(String sessionId, PublicKey publicKey, SecretKey sharedSecret) {
+        @SuppressWarnings("deprecation")
+        Hasher hasher = Hashing.sha1().newHasher();
+
+        hasher.putBytes(sessionId.getBytes(StandardCharsets.ISO_8859_1));
+        hasher.putBytes(sharedSecret.getEncoded());
+        hasher.putBytes(publicKey.getEncoded());
+
+        return hasher.hash().asBytes();
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/protocollib/NameCheckTask.java

@@ -0,0 +1,118 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.comphenix.protocol.ProtocolLibrary;
+import com.comphenix.protocol.events.PacketEvent;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.auth.protocollib.packet.ClientPublicKey;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPreLoginEvent;
+import com.github.games647.fastlogin.core.shared.JoinManagement;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+
+import java.security.PublicKey;
+import java.util.Random;
+
+public class NameCheckTask extends JoinManagement<Player, CommandSender, ProtocolLibLoginSource>
+    implements Runnable {
+
+    private final FastLoginBukkit plugin;
+    private final PacketEvent packetEvent;
+
+    private final ClientPublicKey clientKey;
+    private final PublicKey serverKey;
+
+    private final Random random;
+
+    private final Player player;
+    private final String username;
+
+    public NameCheckTask(FastLoginBukkit plugin, Random random, Player player, PacketEvent packetEvent,
+                         String username, ClientPublicKey clientKey, PublicKey serverKey) {
+        super(plugin.getCore(), plugin.getCore().getAuthPluginHook(), plugin.getBedrockService());
+
+        this.plugin = plugin;
+        this.packetEvent = packetEvent;
+        this.clientKey = clientKey;
+        this.serverKey = serverKey;
+        this.random = random;
+        this.player = player;
+        this.username = username;
+    }
+
+    @Override
+    public void run() {
+        try {
+            super.onLogin(username, new ProtocolLibLoginSource(player, random, serverKey, clientKey));
+        } finally {
+            ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
+        }
+    }
+
+    @Override
+    public FastLoginPreLoginEvent callFastLoginPreLoginEvent(String username, ProtocolLibLoginSource source,
+                                                             StoredProfile profile) {
+        BukkitFastLoginPreLoginEvent event = new BukkitFastLoginPreLoginEvent(username, source, profile);
+        plugin.getServer().getPluginManager().callEvent(event);
+        return event;
+    }
+
+    //Minecraft server implementation
+    //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L161
+    @Override
+    public void requestPremiumLogin(ProtocolLibLoginSource source, StoredProfile profile,
+                                    String username, boolean registered) {
+        try {
+            source.enableOnlinemode();
+        } catch (Exception ex) {
+            plugin.getLog().error("Cannot send encryption packet. Falling back to cracked login for: {}", profile, ex);
+            return;
+        }
+
+        String ip = player.getAddress().getAddress().getHostAddress();
+        core.addLoginAttempt(ip, username);
+
+        byte[] verify = source.getVerifyToken();
+        ClientPublicKey clientKey = source.getClientKey();
+
+        BukkitLoginSession playerSession = new BukkitLoginSession(username, verify, clientKey, registered, profile);
+        plugin.putSession(player.getAddress(), playerSession);
+        //cancel only if the player has a paid account otherwise login as normal offline player
+        synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
+            packetEvent.setCancelled(true);
+        }
+    }
+
+    @Override
+    public void startCrackedSession(ProtocolLibLoginSource source, StoredProfile profile, String username) {
+        BukkitLoginSession loginSession = new BukkitLoginSession(username, profile);
+        plugin.putSession(player.getAddress(), loginSession);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/protocollib/ProtocolAuthentication.java

@@ -0,0 +1,72 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.comphenix.protocol.ProtocolLibrary;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.auth.LocalAuthentication;
+import com.github.games647.fastlogin.core.antibot.AntiBotService;
+import com.github.games647.fastlogin.core.shared.FastLoginCore;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.Listener;
+import org.bukkit.event.player.PlayerLoginEvent;
+import org.bukkit.plugin.PluginManager;
+
+public class ProtocolAuthentication extends LocalAuthentication implements Listener {
+
+    public ProtocolAuthentication(FastLoginBukkit plugin) {
+        super(plugin);
+    }
+
+    @Override
+    public boolean isAvailable() {
+        return plugin.getServer().getPluginManager().isPluginEnabled("ProtocolLib");
+    }
+
+    @Override
+    public void init(PluginManager pluginManager) {
+        pluginManager.registerEvents(this, plugin);
+
+        FastLoginCore<Player, CommandSender, FastLoginBukkit> core = plugin.getCore();
+        AntiBotService antiBotService = core.getAntiBotService();
+        ProtocolLibListener.register(plugin, antiBotService,  core.getConfig().getBoolean("verifyClientKeys"));
+    }
+
+    @Override
+    public void stop() {
+        ProtocolLibrary.getProtocolManager().getAsynchronousManager().unregisterAsyncHandlers(plugin);
+    }
+
+    @EventHandler(priority = EventPriority.LOWEST)
+    public void onPlayerLogin(PlayerLoginEvent loginEvent) {
+        if (loginEvent.getResult() == PlayerLoginEvent.Result.ALLOWED && !plugin.isInitialized()) {
+            loginEvent.disallow(PlayerLoginEvent.Result.KICK_OTHER, plugin.getCore().getMessage("not-started"));
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/protocollib/ProtocolLibListener.java

@@ -0,0 +1,351 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.comphenix.protocol.PacketType;
+import com.comphenix.protocol.ProtocolLibrary;
+import com.comphenix.protocol.events.PacketAdapter;
+import com.comphenix.protocol.events.PacketContainer;
+import com.comphenix.protocol.events.PacketEvent;
+import com.comphenix.protocol.injector.PacketFilterManager;
+import com.comphenix.protocol.injector.player.PlayerInjectionHandler;
+import com.comphenix.protocol.reflect.FieldAccessException;
+import com.comphenix.protocol.reflect.FuzzyReflection;
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import com.comphenix.protocol.utility.MinecraftVersion;
+import com.comphenix.protocol.wrappers.BukkitConverters;
+import com.comphenix.protocol.wrappers.Converters;
+import com.comphenix.protocol.wrappers.WrappedGameProfile;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.auth.protocollib.packet.ClientPublicKey;
+import com.github.games647.fastlogin.core.antibot.AntiBotService;
+import com.github.games647.fastlogin.core.antibot.AntiBotService.Action;
+import com.mojang.datafixers.util.Either;
+import io.netty.channel.Channel;
+import io.netty.channel.ChannelHandler;
+import io.netty.util.AttributeKey;
+import lombok.val;
+import org.bukkit.entity.Player;
+import org.geysermc.floodgate.api.player.FloodgatePlayer;
+import org.jetbrains.annotations.NotNull;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import java.net.InetSocketAddress;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.SignatureException;
+import java.time.Instant;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.function.Function;
+
+import static com.comphenix.protocol.PacketType.Login.Client.ENCRYPTION_BEGIN;
+import static com.comphenix.protocol.PacketType.Login.Client.START;
+
+public class ProtocolLibListener extends PacketAdapter {
+
+    private final FastLoginBukkit plugin;
+    private final PlayerInjectionHandler handler;
+
+    //just create a new once on plugin enable. This used for verify token generation
+    private final SecureRandom random = new SecureRandom();
+    private final KeyPair keyPair = EncryptionUtil.generateKeyPair();
+    private final AntiBotService antiBotService;
+
+    private final boolean verifyClientKeys;
+
+    public ProtocolLibListener(FastLoginBukkit plugin, AntiBotService antiBotService, boolean verifyClientKeys) {
+        //run async in order to not block the server, because we are making api calls to Mojang
+        super(params()
+                .plugin(plugin)
+                .types(START, ENCRYPTION_BEGIN)
+                .optionAsync());
+
+        this.plugin = plugin;
+        this.antiBotService = antiBotService;
+        this.verifyClientKeys = verifyClientKeys;
+        this.handler = getHandler();
+    }
+
+    public static void register(FastLoginBukkit plugin, AntiBotService antiBotService, boolean verifyClientKeys) {
+        // they will be created with a static builder, because otherwise it will throw a NoClassDefFoundError
+        // TODO: make synchronous processing, but do web or database requests async
+        ProtocolLibrary.getProtocolManager()
+                .getAsynchronousManager()
+                .registerAsyncHandler(new ProtocolLibListener(plugin, antiBotService, verifyClientKeys))
+                .start();
+    }
+
+    @Override
+    public void onPacketReceiving(PacketEvent packetEvent) {
+        if (packetEvent.isCancelled()
+                || plugin.getCore().getAuthPluginHook() == null
+                || !plugin.isInitialized()) {
+            return;
+        }
+
+        Player sender = packetEvent.getPlayer();
+        PacketType packetType = getOverriddenType(packetEvent.getPacketType());
+
+        plugin.getLog().info("New packet {} from {}", packetType, sender);
+        try {
+            if (packetType == START) {
+                if (plugin.getFloodgateService() != null) {
+                    boolean success = processFloodgateTasks(packetEvent);
+                    // don't continue execution if the player was kicked by Floodgate
+                    if (!success) {
+                        return;
+                    }
+                }
+
+                PacketContainer packet = packetEvent.getPacket();
+
+                InetSocketAddress address = sender.getAddress();
+                String username = getUsername(packet);
+
+                Action action = antiBotService.onIncomingConnection(address, username);
+                switch (action) {
+                    case Ignore:
+                        // just ignore
+                        return;
+                    case Block:
+                        String message = plugin.getCore().getMessage("kick-antibot");
+                        sender.kickPlayer(message);
+                        break;
+                    case Continue:
+                    default:
+                        //player.getName() won't work at this state
+                        onLoginStart(packetEvent, sender, username);
+                        break;
+                }
+            } else if (packetType == ENCRYPTION_BEGIN) {
+                onEncryptionBegin(packetEvent, sender);
+            } else {
+                plugin.getLog().warn("Unknown packet type received {}", packetType);
+            }
+        } catch (FieldAccessException fieldAccessEx) {
+            plugin.getLog().error("Failed to parse packet {}", packetEvent.getPacketType(), fieldAccessEx);
+        }
+    }
+
+    private @NotNull PacketType getOverriddenType(PacketType packetType) {
+        if (packetType.isDynamic()) {
+            String vanillaName = packetType.getPacketClass().getName();
+            plugin.getLog().info("Overriding packet type for unregistered packet type to fix ProtocolLib bug");
+            if (vanillaName.endsWith("ServerboundHelloPacket")) {
+                return START;
+            }
+
+            if (vanillaName.endsWith("ServerboundKeyPacket")) {
+                return ENCRYPTION_BEGIN;
+            }
+        }
+
+        return packetType;
+    }
+
+    private void onEncryptionBegin(PacketEvent packetEvent, Player sender) {
+        byte[] sharedSecret = packetEvent.getPacket().getByteArrays().read(0);
+
+        BukkitLoginSession session = plugin.getSession(sender.getAddress());
+        if (session == null) {
+            plugin.getLog().warn("Profile {} tried to send encryption response at invalid state", sender.getAddress());
+            sender.kickPlayer(plugin.getCore().getMessage("invalid-request"));
+        } else {
+            byte[] expectedVerifyToken = session.getVerifyToken();
+            if (verifyNonce(sender, packetEvent.getPacket(), session.getClientPublicKey(), expectedVerifyToken)) {
+                packetEvent.getAsyncMarker().incrementProcessingDelay();
+
+                Runnable verifyTask = new VerifyResponseTask(
+                        plugin, packetEvent, sender, session, sharedSecret, keyPair
+                );
+                plugin.getScheduler().runAsync(verifyTask);
+            } else {
+                sender.kickPlayer(plugin.getCore().getMessage("invalid-verify-token"));
+            }
+        }
+    }
+
+    private boolean verifyNonce(Player sender, PacketContainer packet,
+                                ClientPublicKey clientPublicKey, byte[] expectedToken) {
+        try {
+            if (new MinecraftVersion(1, 19, 0).atOrAbove()
+                    && !new MinecraftVersion(1, 19, 3).atOrAbove()) {
+                Either<byte[], ?> either = packet.getSpecificModifier(Either.class).read(0);
+                if (clientPublicKey == null) {
+                    Optional<byte[]> left = either.left();
+                    if (!left.isPresent()) {
+                        plugin.getLog().error("No verify token sent if requested without player signed key {}", sender);
+                        return false;
+                    }
+
+                    return EncryptionUtil.verifyNonce(expectedToken, keyPair.getPrivate(), left.get());
+                } else {
+                    Optional<?> optSignatureData = either.right();
+                    if (!optSignatureData.isPresent()) {
+                        plugin.getLog().error("No signature given to sent player signing key {}", sender);
+                        return false;
+                    }
+
+                    Object signatureData = optSignatureData.get();
+                    long salt = FuzzyReflection.getFieldValue(signatureData, Long.TYPE, true);
+                    byte[] signature = FuzzyReflection.getFieldValue(signatureData, byte[].class, true);
+
+                    PublicKey publicKey = clientPublicKey.key();
+                    return EncryptionUtil.verifySignedNonce(expectedToken, publicKey, salt, signature);
+                }
+            } else {
+                byte[] nonce = packet.getByteArrays().read(1);
+                return EncryptionUtil.verifyNonce(expectedToken, keyPair.getPrivate(), nonce);
+            }
+        } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | NoSuchPaddingException
+                 | IllegalBlockSizeException | BadPaddingException signatureEx) {
+            plugin.getLog().error("Invalid signature from player {}", sender, signatureEx);
+            return false;
+        }
+    }
+
+    private void onLoginStart(PacketEvent packetEvent, Player player, String username) {
+        //this includes ip:port. Should be unique for an incoming login request with a timeout of 2 minutes
+        String sessionKey = player.getAddress().toString();
+
+        //remove old data every time on a new login in order to keep the session only for one person
+        plugin.removeSession(player.getAddress());
+
+        PacketContainer packet = packetEvent.getPacket();
+        Optional<ClientPublicKey> clientKey;
+        if (new MinecraftVersion(1, 19, 3).atOrAbove()) {
+            // public key is sent separate
+            clientKey = Optional.empty();
+        } else {
+            val profileKey = packet.getOptionals(BukkitConverters.getWrappedPublicKeyDataConverter())
+                    .optionRead(0);
+
+            clientKey = profileKey.flatMap(Function.identity()).flatMap(data -> {
+                Instant expires = data.getExpireTime();
+                PublicKey key = data.getKey();
+                byte[] signature = data.getSignature();
+                return Optional.of(ClientPublicKey.of(expires, key, signature));
+            });
+
+            // start reading from index 1, because 0 is already used by the public key
+            Optional<UUID> sessionUUID = packet.getOptionals(Converters.passthrough(UUID.class)).readSafely(1);
+            if (verifyClientKeys && sessionUUID.isPresent() && clientKey.isPresent()
+                    && verifyPublicKey(clientKey.get(), sessionUUID.get())) {
+                // missing or incorrect
+                // expired always not allowed
+                player.kickPlayer(plugin.getCore().getMessage("invalid-public-key"));
+                plugin.getLog().warn("Invalid public key from player {}", username);
+                return;
+            }
+        }
+
+        plugin.getLog().trace("GameProfile {} with {} connecting", sessionKey, username);
+
+        packetEvent.getAsyncMarker().incrementProcessingDelay();
+        Runnable nameCheckTask = new NameCheckTask(
+                plugin, random, player, packetEvent, username, clientKey.orElse(null), keyPair.getPublic()
+        );
+        plugin.getScheduler().runAsync(nameCheckTask);
+    }
+
+    private boolean verifyPublicKey(ClientPublicKey clientKey, UUID sessionPremiumUUID) {
+        try {
+            return EncryptionUtil.verifyClientKey(clientKey, Instant.now(), sessionPremiumUUID);
+        } catch (SignatureException | InvalidKeyException | NoSuchAlgorithmException ex) {
+            return false;
+        }
+    }
+
+    private String getUsername(PacketContainer packet) {
+        WrappedGameProfile profile = packet.getGameProfiles().readSafely(0);
+        if (profile == null) {
+            return packet.getStrings().read(0);
+        }
+
+        //player.getName() won't work at this state
+        return profile.getName();
+    }
+
+    private static PlayerInjectionHandler getHandler() {
+        PacketFilterManager manager = (PacketFilterManager) ProtocolLibrary.getProtocolManager();
+        FieldAccessor accessor = Accessors.getFieldAccessor(manager.getClass(), PlayerInjectionHandler.class, true);
+        return (PlayerInjectionHandler) accessor.get(manager);
+    }
+
+    private FloodgatePlayer getFloodgatePlayer(Player player) {
+        Channel channel = handler.getChannel(player);
+        AttributeKey<FloodgatePlayer> floodgateAttribute = AttributeKey.valueOf("floodgate-player");
+        return channel.attr(floodgateAttribute).get();
+    }
+
+    /**
+     * Reimplementation of the tasks injected Floodgate in ProtocolLib that are not run due to a bug
+     * @see <a href="https://github.com/GeyserMC/Floodgate/issues/143">Issue Floodgate#143</a>
+     * @see <a href="https://github.com/GeyserMC/Floodgate/blob/5d5713ed9e9eeab0f4abdaa9cf5cd8619dc1909b/spigot/src/main/java/org/geysermc/floodgate/addon/data/SpigotDataHandler.java#L121-L175">Floodgate/SpigotDataHandler</a>
+     * @param packetEvent the PacketEvent that won't be processed by Floodgate
+     * @return false if the player was kicked
+     */
+    private boolean processFloodgateTasks(PacketEvent packetEvent) {
+        PacketContainer packet = packetEvent.getPacket();
+        Player player = packetEvent.getPlayer();
+        FloodgatePlayer floodgatePlayer = getFloodgatePlayer(player);
+        if (floodgatePlayer == null) {
+            return true;
+        }
+
+        // kick the player, if necessary
+        Channel channel = handler.getChannel(packetEvent.getPlayer());
+        AttributeKey<String> kickMessageAttribute = AttributeKey.valueOf("floodgate-kick-message");
+        String kickMessage = channel.attr(kickMessageAttribute).get();
+        if (kickMessage != null) {
+            player.kickPlayer(kickMessage);
+            return false;
+        }
+
+        // add prefix
+        String username = floodgatePlayer.getCorrectUsername();
+        if (packet.getGameProfiles().size() > 0) {
+            packet.getGameProfiles().write(0,
+                    new WrappedGameProfile(floodgatePlayer.getCorrectUniqueId(), username));
+        } else {
+            packet.getStrings().write(0, username);
+        }
+
+        // remove real Floodgate data handler
+        ChannelHandler floodgateHandler = channel.pipeline().get("floodgate_data_handler");
+        channel.pipeline().remove(floodgateHandler);
+
+        return true;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/protocollib/ProtocolLibLoginSource.java

@@ -0,0 +1,131 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.comphenix.protocol.ProtocolLibrary;
+import com.comphenix.protocol.ProtocolManager;
+import com.comphenix.protocol.events.PacketContainer;
+import com.comphenix.protocol.reflect.StructureModifier;
+import com.comphenix.protocol.wrappers.WrappedChatComponent;
+import com.github.games647.fastlogin.bukkit.auth.protocollib.packet.ClientPublicKey;
+import com.github.games647.fastlogin.core.shared.LoginSource;
+import org.bukkit.entity.Player;
+
+import java.net.InetSocketAddress;
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.Random;
+
+import static com.comphenix.protocol.PacketType.Login.Server.DISCONNECT;
+import static com.comphenix.protocol.PacketType.Login.Server.ENCRYPTION_BEGIN;
+
+class ProtocolLibLoginSource implements LoginSource {
+
+    private final Player player;
+
+    private final Random random;
+
+    private final ClientPublicKey clientKey;
+    private final PublicKey publicKey;
+
+    private byte[] verifyToken;
+
+    ProtocolLibLoginSource(Player player, Random random, PublicKey serverPublicKey, ClientPublicKey clientKey) {
+        this.player = player;
+        this.random = random;
+        this.publicKey = serverPublicKey;
+        this.clientKey = clientKey;
+    }
+
+    @Override
+    public void enableOnlinemode() {
+        verifyToken = EncryptionUtil.generateVerifyToken(random);
+
+        /*
+         * Packet Information: https://wiki.vg/Protocol#Encryption_Request
+         *
+         * ServerID="" (String) key=public server key verifyToken=random 4 byte array
+         */
+        PacketContainer newPacket = new PacketContainer(ENCRYPTION_BEGIN);
+
+        newPacket.getStrings().write(0, "");
+        StructureModifier<PublicKey> keyModifier = newPacket.getSpecificModifier(PublicKey.class);
+        int verifyField = 0;
+        if (keyModifier.getFields().isEmpty()) {
+            // Since 1.16.4 this is now a byte field
+            newPacket.getByteArrays().write(0, publicKey.getEncoded());
+            verifyField++;
+        } else {
+            keyModifier.write(0, publicKey);
+        }
+
+        newPacket.getByteArrays().write(verifyField, verifyToken);
+        // shouldAuthenticate, but why does this field even exist?
+        newPacket.getBooleans().writeSafely(0, true);
+
+        //serverId is an empty string
+        ProtocolLibrary.getProtocolManager().sendServerPacket(player, newPacket);
+    }
+
+    @Override
+    public void kick(String message) {
+        ProtocolManager protocolManager = ProtocolLibrary.getProtocolManager();
+
+        PacketContainer kickPacket = new PacketContainer(DISCONNECT);
+        kickPacket.getChatComponents().write(0, WrappedChatComponent.fromText(message));
+
+        try {
+            //send kick packet at login state
+            //the normal event.getPlayer.kickPlayer(String) method does only work at play state
+            protocolManager.sendServerPacket(player, kickPacket);
+        } finally {
+            //tell the server that we want to close the connection
+            player.kickPlayer("Disconnect");
+        }
+    }
+
+    @Override
+    public InetSocketAddress getAddress() {
+        return player.getAddress();
+    }
+
+    public ClientPublicKey getClientKey() {
+        return clientKey;
+    }
+
+    public byte[] getVerifyToken() {
+        return verifyToken.clone();
+    }
+
+    @Override
+    public String toString() {
+        return this.getClass().getSimpleName() + '{'
+            + "player=" + player
+            + ", random=" + random
+            + ", verifyToken=" + Arrays.toString(verifyToken)
+            + '}';
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/protocollib/SkinApplyListener.java

@@ -0,0 +1,73 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.comphenix.protocol.wrappers.WrappedGameProfile;
+import com.comphenix.protocol.wrappers.WrappedSignedProperty;
+import com.github.games647.craftapi.model.skin.Textures;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.Listener;
+import org.bukkit.event.player.PlayerLoginEvent;
+import org.bukkit.event.player.PlayerLoginEvent.Result;
+
+public class SkinApplyListener implements Listener {
+
+    private final FastLoginBukkit plugin;
+
+    public SkinApplyListener(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @EventHandler(priority = EventPriority.LOW)
+    //run this on the loginEvent to let skins plugins see the skin like in normal Minecraft behaviour
+    public void onPlayerLogin(PlayerLoginEvent loginEvent) {
+        if (loginEvent.getResult() != Result.ALLOWED) {
+            return;
+        }
+
+        Player player = loginEvent.getPlayer();
+
+        //go through every session, because player.getAddress is null
+        //loginEvent.getAddress is just a InetAddress not InetSocketAddress, so not unique enough
+        for (BukkitLoginSession session : plugin.getLoginSessions().values()) {
+            if (session.getUsername().equals(player.getName())) {
+                session.getSkin().ifPresent(skin -> applySkin(player, skin.getValue(), skin.getSignature()));
+                break;
+            }
+        }
+    }
+
+    private void applySkin(Player player, String skinData, String signature) {
+        WrappedGameProfile gameProfile = WrappedGameProfile.fromPlayer(player);
+
+        WrappedSignedProperty skin = WrappedSignedProperty.fromValues(Textures.KEY, skinData, signature);
+        gameProfile.getProperties().put(Textures.KEY, skin);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/protocollib/VerifyResponseTask.java

@@ -0,0 +1,328 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.comphenix.protocol.ProtocolLibrary;
+import com.comphenix.protocol.events.PacketContainer;
+import com.comphenix.protocol.events.PacketEvent;
+import com.comphenix.protocol.injector.packet.PacketRegistry;
+import com.comphenix.protocol.injector.temporary.TemporaryPlayerFactory;
+import com.comphenix.protocol.reflect.EquivalentConverter;
+import com.comphenix.protocol.reflect.FuzzyReflection;
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.ConstructorAccessor;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import com.comphenix.protocol.utility.MinecraftReflection;
+import com.comphenix.protocol.utility.MinecraftVersion;
+import com.comphenix.protocol.wrappers.BukkitConverters;
+import com.comphenix.protocol.wrappers.Converters;
+import com.comphenix.protocol.wrappers.WrappedChatComponent;
+import com.comphenix.protocol.wrappers.WrappedGameProfile;
+import com.comphenix.protocol.wrappers.WrappedProfilePublicKey.WrappedProfileKeyData;
+import com.github.games647.craftapi.model.auth.Verification;
+import com.github.games647.craftapi.model.skin.SkinProperty;
+import com.github.games647.craftapi.resolver.MojangResolver;
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.auth.InetUtils;
+import com.github.games647.fastlogin.bukkit.auth.protocollib.packet.ClientPublicKey;
+import lombok.val;
+import org.bukkit.entity.Player;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import java.io.IOException;
+import java.lang.reflect.Method;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.util.Arrays;
+import java.util.Optional;
+import java.util.UUID;
+
+import static com.comphenix.protocol.PacketType.Login.Client.START;
+import static com.comphenix.protocol.PacketType.Login.Server.DISCONNECT;
+
+public class VerifyResponseTask implements Runnable {
+
+    private static final String ENCRYPTION_CLASS_NAME = "MinecraftEncryption";
+    private static final String ADDRESS_VERIFY_WARNING = "This indicates the use of reverse-proxy like HAProxy, "
+            + "TCPShield, BungeeCord, Velocity, etc. "
+            + "By default (configurable in the config) this plugin requests Mojang to verify the connecting IP "
+            + "to this server with the one used to log into Minecraft to prevent MITM attacks. In "
+            + "order to work this security feature, the actual client IP needs to be forwarding "
+            + "(keyword IP forwarding). This process will also be useful for other server "
+            + "features like IP banning, so that it doesn't ban the proxy IP.";
+
+    private final FastLoginBukkit plugin;
+    private final PacketEvent packetEvent;
+    private final KeyPair serverKey;
+
+    private final Player player;
+
+    private final BukkitLoginSession session;
+
+    private final byte[] sharedSecret;
+
+    private static Method encryptMethod;
+    private static Method encryptKeyMethod;
+
+    private static Method cipherMethod;
+
+    public VerifyResponseTask(FastLoginBukkit plugin, PacketEvent packetEvent,
+                              Player player, BukkitLoginSession session,
+                              byte[] sharedSecret, KeyPair keyPair) {
+        this.plugin = plugin;
+        this.packetEvent = packetEvent;
+        this.player = player;
+        this.session = session;
+        this.sharedSecret = Arrays.copyOf(sharedSecret, sharedSecret.length);
+        this.serverKey = keyPair;
+    }
+
+    @Override
+    public void run() {
+        try {
+            verifyResponse(session);
+        } finally {
+            //this is a fake packet; it shouldn't be sent to the server
+            synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
+                packetEvent.setCancelled(true);
+            }
+
+            ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
+        }
+    }
+
+    private void verifyResponse(BukkitLoginSession session) {
+        PrivateKey privateKey = serverKey.getPrivate();
+
+        SecretKey loginKey;
+        try {
+            loginKey = EncryptionUtil.decryptSharedKey(privateKey, sharedSecret);
+        } catch (GeneralSecurityException securityEx) {
+            disconnect("error-kick", "Cannot decrypt received contents", securityEx);
+            return;
+        }
+
+        try {
+            if (!enableEncryption(loginKey)) {
+                return;
+            }
+        } catch (Exception ex) {
+            disconnect("error-kick", "Cannot decrypt received contents", ex);
+            return;
+        }
+
+        String serverId = EncryptionUtil.getServerIdHashString("", loginKey, serverKey.getPublic());
+
+        String requestedUsername = session.getRequestUsername();
+        InetSocketAddress socketAddress = player.getAddress();
+        try {
+            MojangResolver resolver = plugin.getCore().getResolver();
+            InetAddress address = socketAddress.getAddress();
+            Optional<Verification> response = resolver.hasJoined(requestedUsername, serverId, address);
+            if (response.isPresent()) {
+                encryptConnection(session, requestedUsername, response.get());
+            } else {
+                //user tried to fake an authentication
+                disconnect(
+                        "invalid-session",
+                        "Session server rejected incoming connection for GameProfile {} ({}). Possible reasons are "
+                                + "1) Client IP address contacting Mojang and server during server join were different "
+                                + "(Do you use a reverse proxy? -> Enable IP forwarding, "
+                                + "or disable the feature in the config). "
+                                + "2) Player is offline, but tried to bypass the authentication "
+                                + "3) Client uses an outdated username for connecting (Fix: Restart client)",
+                        requestedUsername, address
+                );
+
+                if (InetUtils.isLocalAddress(address)) {
+                    plugin.getLog().warn(
+                            "The incoming request for player {} uses a local IP address",
+                            requestedUsername
+                    );
+                } else {
+                    plugin.getLog().warn("If you think this is an error, please verify that the incoming "
+                            + "IP address {} is not associated with a server hosting company.", address);
+                }
+
+                plugin.getLog().warn(ADDRESS_VERIFY_WARNING);
+            }
+        } catch (IOException ioEx) {
+            disconnect("error-kick", "Failed to connect to session server", ioEx);
+        }
+    }
+
+    private void encryptConnection(BukkitLoginSession session, String requestedUsername, Verification verification) {
+        plugin.getLog().info("Profile {} has a verified premium account", requestedUsername);
+        String realUsername = verification.getName();
+        if (realUsername == null) {
+            disconnect("invalid-session", "Username field null for {}", requestedUsername);
+            return;
+        }
+
+        SkinProperty[] properties = verification.getProperties();
+        if (properties.length > 0) {
+            session.setSkinProperty(properties[0]);
+        }
+
+        session.setVerifiedUsername(realUsername);
+        session.setUuid(verification.getId());
+        session.setVerifiedPremium(true);
+
+        setPremiumUUID(session.getUuid());
+        receiveFakeStartPacket(realUsername, session.getClientPublicKey(), session.getUuid());
+    }
+
+    private void setPremiumUUID(UUID premiumUUID) {
+        if (plugin.getConfig().getBoolean("premiumUuid") && premiumUUID != null) {
+            try {
+                Object networkManager = getNetworkManager();
+                //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/NetworkManager.java#L69
+
+                Class<?> managerClass = networkManager.getClass();
+                FieldAccessor accessor = Accessors.getFieldAccessorOrNull(managerClass, "spoofedUUID", UUID.class);
+                accessor.set(networkManager, premiumUUID);
+            } catch (Exception exc) {
+                plugin.getLog().error("Error setting premium uuid of {}", player, exc);
+            }
+        }
+    }
+
+    //try to get the networkManager from ProtocolLib
+    private Object getNetworkManager() throws ClassNotFoundException {
+        Object injectorContainer = TemporaryPlayerFactory.getInjectorFromPlayer(player);
+
+        // ChannelInjector
+        Class<?> injectorClass = Class.forName("com.comphenix.protocol.injector.netty.Injector");
+        Object rawInjector = FuzzyReflection.getFieldValue(injectorContainer, injectorClass, true);
+
+        Class<?> rawInjectorClass = rawInjector.getClass();
+        FieldAccessor accessor = Accessors.getFieldAccessorOrNull(rawInjectorClass, "networkManager", Object.class);
+        return accessor.get(rawInjector);
+    }
+
+    private boolean enableEncryption(SecretKey loginKey) throws IllegalArgumentException {
+        plugin.getLog().info("Enabling onlinemode encryption for {}", player.getAddress());
+        // Initialize method reflections
+        if (encryptKeyMethod == null || encryptMethod == null) {
+            Class<?> networkManagerClass = MinecraftReflection.getNetworkManagerClass();
+            try {
+                // Try to get the old (pre MC 1.16.4) encryption method
+                encryptKeyMethod = FuzzyReflection.fromClass(networkManagerClass)
+                        .getMethodByParameters("a", SecretKey.class);
+            } catch (IllegalArgumentException exception) {
+                // Get the new encryption method
+                encryptMethod = FuzzyReflection.fromClass(networkManagerClass)
+                        .getMethodByParameters("a", Cipher.class, Cipher.class);
+
+                Class<?> encryptionClass = MinecraftReflection.getMinecraftClass(
+                        "util." + ENCRYPTION_CLASS_NAME, ENCRYPTION_CLASS_NAME
+                );
+
+                // Get the needed Cipher helper method (used to generate ciphers from login key)
+                cipherMethod = FuzzyReflection.fromClass(encryptionClass)
+                        .getMethodByParameters("a", int.class, Key.class);
+            }
+        }
+
+        try {
+            Object networkManager = this.getNetworkManager();
+
+            // If cipherMethod is null - use old encryption (pre MC 1.16.4), otherwise use the new cipher one
+            if (encryptKeyMethod != null) {
+                // Encrypt/decrypt packet flow, this behaviour is expected by the client
+                encryptKeyMethod.invoke(networkManager, loginKey);
+            } else {
+                // Create ciphers from login key
+                Object decryptionCipher = cipherMethod.invoke(null, Cipher.DECRYPT_MODE, loginKey);
+                Object encryptionCipher = cipherMethod.invoke(null, Cipher.ENCRYPT_MODE, loginKey);
+
+                // Encrypt/decrypt packet flow, this behaviour is expected by the client
+                encryptMethod.invoke(networkManager, decryptionCipher, encryptionCipher);
+            }
+        } catch (Exception ex) {
+            disconnect("error-kick", "Couldn't enable encryption", ex);
+            return false;
+        }
+
+        return true;
+    }
+
+    private void disconnect(String reasonKey, String logMessage, Object... arguments) {
+        plugin.getLog().error(logMessage, arguments);
+        kickPlayer(plugin.getCore().getMessage(reasonKey));
+    }
+
+    private void kickPlayer(String reason) {
+        PacketContainer kickPacket = new PacketContainer(DISCONNECT);
+        kickPacket.getChatComponents().write(0, WrappedChatComponent.fromText(reason));
+        //send kick packet at login state
+        //the normal event.getPlayer.kickPlayer(String) method does only work at play state
+        ProtocolLibrary.getProtocolManager().sendServerPacket(player, kickPacket);
+        //tell the server that we want to close the connection
+        player.kickPlayer("Disconnect");
+    }
+
+    //fake a new login packet in order to let the server handle all the other stuff
+    private void receiveFakeStartPacket(String username, ClientPublicKey clientKey, UUID uuid) {
+        PacketContainer startPacket;
+        if (new MinecraftVersion(1, 20, 2).atOrAbove()) {
+            startPacket = new PacketContainer(START);
+            startPacket.getStrings().write(0, username);
+            startPacket.getUUIDs().write(0, uuid);
+        } else if (new MinecraftVersion(1, 19, 3).atOrAbove()) {
+            startPacket = new PacketContainer(START);
+            startPacket.getStrings().write(0, username);
+            startPacket.getOptionals(Converters.passthrough(UUID.class)).write(0, Optional.of(uuid));
+        } else if (new MinecraftVersion(1, 19, 0).atOrAbove()) {
+            startPacket = new PacketContainer(START);
+            startPacket.getStrings().write(0, username);
+
+            EquivalentConverter<WrappedProfileKeyData> converter = BukkitConverters.getWrappedPublicKeyDataConverter();
+            val wrappedKey = Optional.ofNullable(clientKey).map(key ->
+                    new WrappedProfileKeyData(clientKey.expiry(), clientKey.key(), clientKey.signature())
+            );
+
+            startPacket.getOptionals(converter).write(0, wrappedKey);
+        } else {
+            //uuid is ignored by the packet definition
+            WrappedGameProfile fakeProfile = new WrappedGameProfile(UUID.randomUUID(), username);
+
+            Class<?> profileHandleType = fakeProfile.getHandleType();
+            Class<?> packetHandleType = PacketRegistry.getPacketClassFromType(START);
+            ConstructorAccessor startCons = Accessors.getConstructorAccessorOrNull(packetHandleType, profileHandleType);
+            startPacket = new PacketContainer(START, startCons.invoke(fakeProfile.getHandle()));
+        }
+
+        //we don't want to handle our own packets so ignore filters
+        ProtocolLibrary.getProtocolManager().receiveClientPacket(player, startPacket, false);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/protocollib/packet/ClientPublicKey.java

@@ -0,0 +1,55 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib.packet;
+
+import lombok.Value;
+import lombok.experimental.Accessors;
+
+import java.security.PublicKey;
+import java.time.Instant;
+import java.util.Base64;
+import java.util.StringJoiner;
+
+@Accessors(fluent = true)
+@Value(staticConstructor = "of")
+public class ClientPublicKey {
+    Instant expiry;
+    PublicKey key;
+    byte[] signature;
+
+    public boolean isExpired(Instant verifyTimestamp) {
+        return !verifyTimestamp.isBefore(expiry);
+    }
+
+    @Override
+    public String toString() {
+        return new StringJoiner(", ", ClientPublicKey.class.getSimpleName() + '[', "]")
+                .add("expiry=" + expiry)
+                .add("key=" + Base64.getEncoder().encodeToString(key.getEncoded()))
+                .add("signature=" + Base64.getEncoder().encodeToString(signature))
+                .toString();
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/proxy/ProxyAuthentication.java

@@ -0,0 +1,155 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.proxy;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.auth.AuthenticationBackend;
+import com.github.games647.fastlogin.core.message.ChannelMessage;
+import com.github.games647.fastlogin.core.message.LoginActionMessage;
+import com.github.games647.fastlogin.core.message.NamespaceKey;
+import com.google.common.io.ByteArrayDataOutput;
+import com.google.common.io.ByteStreams;
+import org.bukkit.Bukkit;
+import org.bukkit.Server;
+import org.bukkit.plugin.PluginManager;
+import org.bukkit.plugin.messaging.PluginMessageRecipient;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+
+import static com.github.games647.fastlogin.core.message.ChangePremiumMessage.CHANGE_CHANNEL;
+import static com.github.games647.fastlogin.core.message.SuccessMessage.SUCCESS_CHANNEL;
+
+public class ProxyAuthentication implements AuthenticationBackend {
+
+    private final FastLoginBukkit plugin;
+    private ProxyVerifier verifier;
+
+    public ProxyAuthentication(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+
+    @Override
+    public boolean isAvailable() {
+        return detectProxy();
+    }
+
+    @Override
+    public void init(PluginManager pluginManager) {
+        verifier = new ProxyVerifier(plugin);
+        verifier.loadSecrets();
+
+        registerPluginChannels();
+
+        pluginManager.registerEvents(new ProxyConnectionListener(plugin, verifier), plugin);
+
+        plugin.getLog().info("Found enabled proxy configuration");
+        plugin.getLog().info("Remember to follow the proxy guide to complete your setup");
+    }
+
+    private void registerPluginChannels() {
+        Server server = Bukkit.getServer();
+
+        // check for incoming messages from the bungeecord version of this plugin
+        String groupId = plugin.getName();
+        String forceChannel = NamespaceKey.getCombined(groupId, LoginActionMessage.FORCE_CHANNEL);
+        server.getMessenger().registerIncomingPluginChannel(plugin, forceChannel, new ProxyListener(plugin, verifier));
+
+        // outgoing
+        String successChannel = new NamespaceKey(groupId, SUCCESS_CHANNEL).getCombinedName();
+        String changeChannel = new NamespaceKey(groupId, CHANGE_CHANNEL).getCombinedName();
+        server.getMessenger().registerOutgoingPluginChannel(plugin, successChannel);
+        server.getMessenger().registerOutgoingPluginChannel(plugin, changeChannel);
+    }
+
+    @Override
+    public void stop() {
+        if (verifier != null) {
+            verifier.cleanup();
+        }
+    }
+
+    private boolean detectProxy() {
+        try {
+            if (isProxySupported("org.spigotmc.SpigotConfig", "bungee")) {
+                return true;
+            }
+        } catch (ClassNotFoundException classNotFoundException) {
+            // leave stacktrace for class not found out
+            plugin.getLog().warn("Cannot check for BungeeCord support: {}", classNotFoundException.getMessage());
+        } catch (NoSuchFieldException | IllegalAccessException ex) {
+            plugin.getLog().warn("Cannot check for BungeeCord support", ex);
+        }
+
+        try {
+            return isVelocityEnabled();
+        } catch (ClassNotFoundException classNotFoundException) {
+            plugin.getLog().warn("Cannot check for Velocity support in Paper: {}", classNotFoundException.getMessage());
+        } catch (NoSuchFieldException | IllegalAccessException | NoSuchMethodException | InvocationTargetException ex) {
+            plugin.getLog().warn("Cannot check for Velocity support in Paper", ex);
+        }
+
+        return false;
+    }
+
+    private boolean isProxySupported(String className, String fieldName)
+            throws ClassNotFoundException, NoSuchFieldException, IllegalAccessException {
+        return Class.forName(className).getDeclaredField(fieldName).getBoolean(null);
+    }
+
+    private boolean isVelocityEnabled()
+            throws NoSuchFieldException, IllegalArgumentException, IllegalAccessException, ClassNotFoundException,
+            NoSuchMethodException, InvocationTargetException {
+        try {
+            Class<?> globalConfig = Class.forName("io.papermc.paper.configuration.GlobalConfiguration");
+            Object global = globalConfig.getDeclaredMethod("get").invoke(null);
+            Object proxiesConfiguration = global.getClass().getDeclaredField("proxies").get(global);
+
+            Field velocitySectionField = proxiesConfiguration.getClass().getDeclaredField("velocity");
+            Object velocityConfig = velocitySectionField.get(proxiesConfiguration);
+
+            return velocityConfig.getClass().getDeclaredField("enabled").getBoolean(velocityConfig);
+        } catch (ClassNotFoundException classNotFoundException) {
+            // try again using the older Paper configuration, because the old class file still exists in newer versions
+            if (isProxySupported("com.destroystokyo.paper.PaperConfig", "velocitySupport")) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    public void sendPluginMessage(PluginMessageRecipient player, ChannelMessage message) {
+        if (player != null) {
+            ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
+            message.writeTo(dataOutput);
+
+            NamespaceKey channel = new NamespaceKey(plugin.getName(), message.getChannelName());
+            player.sendPluginMessage(plugin, channel.getCombinedName(), dataOutput.toByteArray());
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/proxy/ProxyConnectionListener.java

@@ -0,0 +1,114 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.proxy;
+
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.auth.FloodgateAuthTask;
+import com.github.games647.fastlogin.bukkit.auth.ForceLoginTask;
+import com.github.games647.fastlogin.core.hooks.bedrock.FloodgateService;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.Listener;
+import org.bukkit.event.player.PlayerJoinEvent;
+import org.bukkit.event.player.PlayerLoginEvent;
+import org.bukkit.event.player.PlayerQuitEvent;
+import org.bukkit.metadata.Metadatable;
+import org.geysermc.floodgate.api.player.FloodgatePlayer;
+
+public class ProxyConnectionListener implements Listener {
+
+    private static final long DELAY_LOGIN = 20L / 2;
+
+    private final FastLoginBukkit plugin;
+    private final ProxyVerifier verifier;
+
+    public ProxyConnectionListener(FastLoginBukkit plugin, ProxyVerifier verifier) {
+        this.plugin = plugin;
+        this.verifier = verifier;
+    }
+
+    private void removeBlockedStatus(Metadatable player) {
+        player.removeMetadata(plugin.getName(), plugin);
+    }
+
+    @EventHandler(priority = EventPriority.LOWEST)
+    public void onPlayerLogin(PlayerLoginEvent loginEvent) {
+        removeBlockedStatus(loginEvent.getPlayer());
+    }
+
+    @EventHandler(ignoreCancelled = true)
+    public void onPlayerJoin(PlayerJoinEvent joinEvent) {
+        Player player = joinEvent.getPlayer();
+
+        Bukkit.getScheduler().runTaskLater(plugin, () -> {
+            delayForceLogin(player);
+            // delay the login process to let auth plugins initialize the player
+            // Magic number however as there is no direct event from those plugins
+        }, DELAY_LOGIN);
+    }
+
+    private void delayForceLogin(Player player) {
+        // session exists so the player is ready for force login
+        // cases: Paper (firing BungeeCord message before PlayerJoinEvent) or not running BungeeCord and already
+        // having the login session from the login process
+        BukkitLoginSession session = plugin.getSession(player.spigot().getRawAddress());
+
+        if (session == null) {
+            // Floodgate players usually don't have a session at this point
+            // exception: if force login by bungee message had been delayed
+            FloodgateService floodgateService = plugin.getFloodgateService();
+            if (floodgateService != null) {
+                FloodgatePlayer floodgatePlayer = floodgateService.getBedrockPlayer(player.getUniqueId());
+                if (floodgatePlayer != null) {
+                    Runnable floodgateAuthTask = new FloodgateAuthTask(plugin.getCore(), player, floodgatePlayer);
+                    Bukkit.getScheduler().runTaskAsynchronously(plugin, floodgateAuthTask);
+                    return;
+                }
+            }
+
+            String sessionId = plugin.getSessionId(player.spigot().getRawAddress());
+            plugin.getLog().info("No on-going login session for player: {} with ID {}. ", player, sessionId);
+            plugin.getLog().info("Setups using Minecraft proxies will start delayed "
+                    + "when the command from the proxy is received");
+        } else {
+            Runnable forceLoginTask = new ForceLoginTask(plugin.getCore(), player, session);
+            Bukkit.getScheduler().runTaskAsynchronously(plugin, forceLoginTask);
+        }
+
+        verifier.markJoinEventFired(player);
+    }
+
+    @EventHandler
+    public void onPlayerQuit(PlayerQuitEvent quitEvent) {
+        Player player = quitEvent.getPlayer();
+
+        removeBlockedStatus(player);
+        verifier.cleanup(player);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/proxy/ProxyListener.java

@@ -0,0 +1,139 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.proxy;
+
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.auth.ForceLoginTask;
+import com.github.games647.fastlogin.core.PremiumStatus;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import com.github.games647.fastlogin.core.message.LoginActionMessage;
+import com.github.games647.fastlogin.core.message.LoginActionMessage.Type;
+import com.google.common.io.ByteArrayDataInput;
+import com.google.common.io.ByteStreams;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import org.bukkit.plugin.messaging.PluginMessageListener;
+import org.jetbrains.annotations.NotNull;
+
+import java.util.UUID;
+
+/**
+ * Responsible for receiving messages from a BungeeCord instance.
+ * <p>
+ * This class also receives the plugin message from the bungeecord version of this plugin in order to get notified if
+ * the connection is in online mode.
+ */
+public class ProxyListener implements PluginMessageListener {
+
+    private final FastLoginBukkit plugin;
+    private final ProxyVerifier verifier;
+
+    public ProxyListener(FastLoginBukkit plugin, ProxyVerifier verifier) {
+        this.plugin = plugin;
+        this.verifier = verifier;
+    }
+
+    @Override
+    public void onPluginMessageReceived(@NotNull String channel, Player player, byte[] message) {
+        ByteArrayDataInput dataInput = ByteStreams.newDataInput(message);
+
+        LoginActionMessage loginMessage = new LoginActionMessage();
+        loginMessage.readFrom(dataInput);
+
+        plugin.getLog().debug("Received plugin message {}", loginMessage);
+
+        Player targetPlayer = player;
+        if (!loginMessage.getPlayerName().equals(player.getName())) {
+            targetPlayer = Bukkit.getPlayerExact(loginMessage.getPlayerName());
+        }
+
+        if (targetPlayer == null) {
+            plugin.getLog().warn("Force action player {} not found", loginMessage.getPlayerName());
+            return;
+        }
+
+        // fail if target player is blocked because already authenticated or wrong bungeecord id
+        if (targetPlayer.hasMetadata(plugin.getName())) {
+            plugin.getLog().warn("Received message {} from a blocked player {}", loginMessage, targetPlayer);
+        } else {
+            UUID sourceId = loginMessage.getProxyId();
+            if (verifier.isProxyAllowed(sourceId)) {
+                readMessage(targetPlayer, loginMessage);
+            } else {
+                plugin.getLog().warn("Received proxy id: {} that doesn't exist in the proxy file", sourceId);
+            }
+        }
+    }
+
+    private void readMessage(Player player, LoginActionMessage message) {
+        String playerName = message.getPlayerName();
+        Type type = message.getType();
+
+        plugin.getLog().info("Player info {} command for {} from proxy", type, playerName);
+        if (type == Type.LOGIN) {
+            onLoginMessage(player, playerName);
+        } else if (type == Type.REGISTER) {
+            onRegisterMessage(player, playerName);
+        } else if (type == Type.CRACKED) {
+            //we don't start a force login task here so update it manually
+            plugin.getPremiumPlayers().put(player.getUniqueId(), PremiumStatus.CRACKED);
+        }
+    }
+
+    private void onLoginMessage(Player player, String playerName) {
+        BukkitLoginSession playerSession = new BukkitLoginSession(playerName, true);
+        startLoginTaskIfReady(player, playerSession);
+    }
+
+    private void onRegisterMessage(Player player, String playerName) {
+        Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
+            AuthPlugin<Player> authPlugin = plugin.getCore().getAuthPluginHook();
+            try {
+                //we need to check if the player is registered on Bukkit too
+                if (authPlugin == null || !authPlugin.isRegistered(playerName)) {
+                    BukkitLoginSession playerSession = new BukkitLoginSession(playerName, false);
+                    startLoginTaskIfReady(player, playerSession);
+                }
+            } catch (Exception ex) {
+                plugin.getLog().error("Failed to query isRegistered for player: {}", player, ex);
+            }
+        });
+    }
+
+    private void startLoginTaskIfReady(Player player, BukkitLoginSession session) {
+        session.setVerifiedPremium(true);
+        plugin.putSession(player.spigot().getRawAddress(), session);
+
+        // only start a new login task if the join event fired earlier. This event then didn't
+        boolean result = verifier.didJoinEventFired(player);
+        plugin.getLog().info("Delaying force login until join event fired?: {}", result);
+        if (result) {
+            Runnable forceLoginTask = new ForceLoginTask(plugin.getCore(), player, session);
+            Bukkit.getScheduler().runTaskAsynchronously(plugin, forceLoginTask);
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/auth/proxy/ProxyVerifier.java

@@ -0,0 +1,135 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.proxy;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
+import java.util.stream.Stream;
+
+import static java.util.stream.Collectors.toSet;
+
+public class ProxyVerifier {
+
+    private static final String LEGACY_FILE_NAME = "proxy-whitelist.txt";
+    private static final String FILE_NAME = "allowed-proxies.txt";
+
+    //null if proxies allowed list is empty so bungeecord support is disabled
+    private Set<UUID> proxyIds;
+
+    private final FastLoginBukkit plugin;
+
+    private final Collection<UUID> firedJoinEvents = new HashSet<>();
+
+    public ProxyVerifier(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    public void cleanup() {
+        //remove old blocked status
+        Bukkit.getOnlinePlayers().forEach(player -> player.removeMetadata(plugin.getName(), plugin));
+    }
+
+    public void loadSecrets() {
+        proxyIds = loadBungeeCordIds();
+        if (proxyIds.isEmpty()) {
+            plugin.getLog().info("No valid IDs found. Minecraft proxy support cannot work in the current state");
+        }
+    }
+
+    private Set<UUID> loadBungeeCordIds() {
+        Path proxiesFile = plugin.getPluginFolder().resolve(FILE_NAME);
+        Path legacyFile = plugin.getPluginFolder().resolve(LEGACY_FILE_NAME);
+        try {
+            if (Files.notExists(proxiesFile)) {
+                if (Files.exists(legacyFile)) {
+                    Files.move(legacyFile, proxiesFile);
+                }
+
+                if (Files.notExists(legacyFile)) {
+                    Files.createFile(proxiesFile);
+                }
+            }
+
+            Files.deleteIfExists(legacyFile);
+            try (Stream<String> lines = Files.lines(proxiesFile)) {
+                return lines.map(String::trim).map(UUID::fromString).collect(toSet());
+            }
+        } catch (IOException ex) {
+            plugin.getLog().error("Failed to read proxies", ex);
+        } catch (Exception ex) {
+            plugin.getLog().error("Failed to retrieve proxy Id. Disabling BungeeCord support", ex);
+        }
+
+        return Collections.emptySet();
+    }
+
+    public boolean isProxyAllowed(UUID proxyId) {
+        return proxyIds != null && proxyIds.contains(proxyId);
+    }
+
+    /**
+     * Mark the event to be fired including the task delay.
+     *
+     * @param player joining player
+     */
+    public synchronized void markJoinEventFired(Player player) {
+        firedJoinEvents.add(player.getUniqueId());
+    }
+
+    /**
+     * Check if the event fired including with the task delay. This necessary to restore the order of processing the
+     * BungeeCord messages after the PlayerJoinEvent fires including the delay.
+     * <p>
+     * If the join event fired, the delay exceeded, but it ran earlier and couldn't find the recently started login
+     * session. If not fired, we can start a new force login task. This will still match the requirement that we wait
+     * a certain time after the player join event fired.
+     *
+     * @param player joining player
+     * @return event fired including delay
+     */
+    public synchronized boolean didJoinEventFired(Player player) {
+        return firedJoinEvents.contains(player.getUniqueId());
+    }
+
+    /**
+     * Player quit clean up
+     *
+     * @param player joining player
+     */
+    public synchronized void cleanup(Player player) {
+        firedJoinEvents.remove(player.getUniqueId());
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/CrackedCommand.java

@@ -0,0 +1,115 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.command;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPremiumToggleEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.bukkit.command.Command;
+import org.bukkit.command.CommandSender;
+import org.jetbrains.annotations.NotNull;
+
+import static com.github.games647.fastlogin.core.shared.event.FastLoginPremiumToggleEvent.PremiumToggleReason;
+
+public class CrackedCommand extends ToggleCommand {
+
+    public CrackedCommand(FastLoginBukkit plugin) {
+        super(plugin);
+    }
+
+    @Override
+    public boolean onCommand(@NotNull CommandSender sender, @NotNull Command command, @NotNull String label,
+                             String[] args) {
+        if (args.length == 0) {
+            onCrackedSelf(sender);
+        } else {
+            onCrackedOther(sender, command, args);
+        }
+
+        return true;
+    }
+
+    private void onCrackedSelf(CommandSender sender) {
+        if (isConsole(sender)) {
+            return;
+        }
+
+        if (forwardCrackedCommand(sender, sender.getName())) {
+            return;
+        }
+
+        // todo: load async if
+        StoredProfile profile = plugin.getCore().getStorage().loadProfile(sender.getName());
+        if (profile.isOnlinemodePreferred()) {
+            plugin.getCore().sendLocaleMessage("remove-premium", sender);
+
+            profile.setOnlinemodePreferred(false);
+            profile.setId(null);
+            plugin.getScheduler().runAsync(() -> {
+                plugin.getCore().getStorage().save(profile);
+                plugin.getServer().getPluginManager().callEvent(
+                        new BukkitFastLoginPremiumToggleEvent(profile, PremiumToggleReason.COMMAND_OTHER));
+            });
+        } else {
+            plugin.getCore().sendLocaleMessage("not-premium", sender);
+        }
+    }
+
+    private void onCrackedOther(CommandSender sender, Command command, String[] args) {
+        if (!hasOtherPermission(sender, command)) {
+            return;
+        }
+
+        if (forwardCrackedCommand(sender, args[0])) {
+            return;
+        }
+
+        //todo: load async
+        StoredProfile profile = plugin.getCore().getStorage().loadProfile(args[0]);
+        if (profile == null) {
+            sender.sendMessage("Error occurred");
+            return;
+        }
+
+        //existing player is already cracked
+        if (profile.isExistingPlayer() && !profile.isOnlinemodePreferred()) {
+            plugin.getCore().sendLocaleMessage("not-premium-other", sender);
+        } else {
+            plugin.getCore().sendLocaleMessage("remove-premium", sender);
+
+            profile.setOnlinemodePreferred(false);
+            plugin.getScheduler().runAsync(() -> {
+                plugin.getCore().getStorage().save(profile);
+                plugin.getServer().getPluginManager().callEvent(
+                        new BukkitFastLoginPremiumToggleEvent(profile, PremiumToggleReason.COMMAND_OTHER));
+            });
+        }
+    }
+
+    private boolean forwardCrackedCommand(CommandSender sender, String target) {
+        return forwardBungeeCommand(sender, target, false);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/PremiumCommand.java

@@ -0,0 +1,130 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.command;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPremiumToggleEvent;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPremiumToggleEvent.PremiumToggleReason;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.bukkit.command.Command;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.jetbrains.annotations.NotNull;
+
+import java.util.UUID;
+
+/**
+ * Let users activate fast login by command. This only be accessible if
+ * the user has access to its account. So we can make sure that not another
+ * person with a paid account and the same username can steal their account.
+ */
+public class PremiumCommand extends ToggleCommand {
+
+    public PremiumCommand(FastLoginBukkit plugin) {
+        super(plugin);
+    }
+
+    @Override
+    public boolean onCommand(@NotNull CommandSender sender, @NotNull Command command, @NotNull String label,
+                             String[] args) {
+        if (args.length == 0) {
+            onPremiumSelf(sender);
+        } else {
+            onPremiumOther(sender, command, args);
+        }
+
+        return true;
+    }
+
+    private void onPremiumSelf(CommandSender sender) {
+        if (isConsole(sender)) {
+            return;
+        }
+
+        UUID id = ((Player) sender).getUniqueId();
+        if (plugin.getConfig().getBoolean("premium-warning") && !plugin.getPendingConfirms().contains(id)) {
+            sender.sendMessage(plugin.getCore().getMessage("premium-warning"));
+            plugin.getPendingConfirms().add(id);
+            return;
+        }
+
+        if (forwardPremiumCommand(sender, sender.getName())) {
+            return;
+        }
+
+        plugin.getPendingConfirms().remove(id);
+        //todo: load async
+        StoredProfile profile = plugin.getCore().getStorage().loadProfile(sender.getName());
+        if (profile.isOnlinemodePreferred()) {
+            plugin.getCore().sendLocaleMessage("already-exists", sender);
+        } else {
+            //todo: resolve uuid
+            profile.setOnlinemodePreferred(true);
+            plugin.getScheduler().runAsync(() -> {
+                plugin.getCore().getStorage().save(profile);
+                plugin.getServer().getPluginManager().callEvent(
+                        new BukkitFastLoginPremiumToggleEvent(profile, PremiumToggleReason.COMMAND_SELF));
+            });
+
+            plugin.getCore().sendLocaleMessage("add-premium", sender);
+        }
+    }
+
+    private void onPremiumOther(CommandSender sender, Command command, String[] args) {
+        if (!hasOtherPermission(sender, command)) {
+            return;
+        }
+
+        if (forwardPremiumCommand(sender, args[0])) {
+            return;
+        }
+
+        //todo: load async
+        StoredProfile profile = plugin.getCore().getStorage().loadProfile(args[0]);
+        if (profile == null) {
+            plugin.getCore().sendLocaleMessage("player-unknown", sender);
+            return;
+        }
+
+        if (profile.isOnlinemodePreferred()) {
+            plugin.getCore().sendLocaleMessage("already-exists-other", sender);
+        } else {
+            //todo: resolve uuid
+            profile.setOnlinemodePreferred(true);
+            plugin.getScheduler().runAsync(() -> {
+                plugin.getCore().getStorage().save(profile);
+                plugin.getServer().getPluginManager().callEvent(
+                        new BukkitFastLoginPremiumToggleEvent(profile, PremiumToggleReason.COMMAND_OTHER));
+            });
+
+            plugin.getCore().sendLocaleMessage("add-premium-other", sender);
+        }
+    }
+
+    private boolean forwardPremiumCommand(CommandSender sender, String target) {
+        return forwardBungeeCommand(sender, target, true);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/ToggleCommand.java

@@ -0,0 +1,94 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.command;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.bukkit.auth.proxy.ProxyAuthentication;
+import com.github.games647.fastlogin.core.message.ChangePremiumMessage;
+import com.github.games647.fastlogin.core.message.ChannelMessage;
+import org.bukkit.Bukkit;
+import org.bukkit.command.Command;
+import org.bukkit.command.CommandExecutor;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.bukkit.plugin.messaging.PluginMessageRecipient;
+
+import java.util.Optional;
+
+public abstract class ToggleCommand implements CommandExecutor {
+
+    protected final FastLoginBukkit plugin;
+
+    public ToggleCommand(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    protected boolean hasOtherPermission(CommandSender sender, Command cmd) {
+        if (sender.hasPermission(cmd.getPermission() + ".other")) {
+            return true;
+        }
+
+        plugin.getCore().sendLocaleMessage("no-permission", sender);
+        return false;
+    }
+
+    protected boolean forwardBungeeCommand(CommandSender sender, String target, boolean activate) {
+        if (plugin.getBackend() instanceof ProxyAuthentication) {
+            sendBungeeActivateMessage(sender, target, activate);
+            plugin.getCore().sendLocaleMessage("wait-on-proxy", sender);
+            return true;
+        }
+
+        return false;
+    }
+
+    protected boolean isConsole(CommandSender sender) {
+        if (sender instanceof Player) {
+            return false;
+        }
+
+        //console or command block
+        sender.sendMessage(plugin.getCore().getMessage("no-console"));
+        return true;
+    }
+
+    protected void sendBungeeActivateMessage(CommandSender invoker, String target, boolean activate) {
+        if (invoker instanceof PluginMessageRecipient) {
+            ChannelMessage message = new ChangePremiumMessage(target, activate, true);
+            plugin.getBungeeManager().sendPluginMessage((PluginMessageRecipient) invoker, message);
+        } else {
+            Optional<? extends Player> optPlayer = Bukkit.getServer().getOnlinePlayers().stream().findFirst();
+            if (!optPlayer.isPresent()) {
+                plugin.getLog().info("No player online to send a plugin message to the proxy");
+                return;
+            }
+
+            Player sender = optPlayer.get();
+            ChannelMessage message = new ChangePremiumMessage(target, activate, false);
+            plugin.getBungeeManager().sendPluginMessage(sender, message);
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/commands/CrackedCommand.java

@@ -1,91 +0,0 @@
-package com.github.games647.fastlogin.bukkit.commands;
-
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.core.PlayerProfile;
-
-import org.bukkit.Bukkit;
-import org.bukkit.command.Command;
-import org.bukkit.command.CommandExecutor;
-import org.bukkit.command.CommandSender;
-import org.bukkit.entity.Player;
-
-public class CrackedCommand implements CommandExecutor {
-
-    private final FastLoginBukkit plugin;
-
-    public CrackedCommand(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-    }
-
-    @Override
-    public boolean onCommand(CommandSender sender, Command command, String label, String[] args) {
-        if (args.length == 0) {
-            if (!(sender instanceof Player)) {
-                //console or command block
-                sender.sendMessage(plugin.getCore().getMessage("no-console"));
-                return true;
-            }
-
-            if (plugin.isBungeeCord()) {
-                plugin.sendBungeeActivateMessage(sender, sender.getName(), false);
-                String message = plugin.getCore().getMessage("wait-on-proxy");
-                if (message != null) {
-                    sender.sendMessage(message);
-                }
-            } else {
-                //todo: load async if
-                PlayerProfile profile = plugin.getCore().getStorage().loadProfile(sender.getName());
-                if (profile.isPremium()) {
-                    sender.sendMessage(plugin.getCore().getMessage("remove-premium"));
-
-                    profile.setPremium(false);
-                    profile.setUuid(null);
-                    Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
-                        plugin.getCore().getStorage().save(profile);
-                    });
-                } else {
-                    sender.sendMessage(plugin.getCore().getMessage("not-premium"));
-                }
-            }
-
-            return true;
-        } else {
-            onCrackedOther(sender, command, args);
-        }
-
-        return true;
-    }
-
-    private void onCrackedOther(CommandSender sender, Command command, String[] args) {
-        if (!sender.hasPermission(command.getPermission() + ".other")) {
-            sender.sendMessage(plugin.getCore().getMessage("no-permission"));
-            return;
-        }
-        
-        if (plugin.isBungeeCord()) {
-            plugin.sendBungeeActivateMessage(sender, args[0], false);
-            String message = plugin.getCore().getMessage("wait-on-proxy");
-            if (message != null) {
-                sender.sendMessage(message);
-            }
-        } else {
-            //todo: load async
-            PlayerProfile profile = plugin.getCore().getStorage().loadProfile(args[0]);
-            if (profile == null) {
-                sender.sendMessage("Error occured");
-                return;
-            }
-
-            //existing player is already cracked
-            if (profile.getUserId() != -1 && !profile.isPremium()) {
-                sender.sendMessage(plugin.getCore().getMessage("not-premium-other"));
-            } else {
-                sender.sendMessage(plugin.getCore().getMessage("remove-premium"));
-                profile.setPremium(false);
-                Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
-                    plugin.getCore().getStorage().save(profile);
-                });
-            }
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/commands/ImportCommand.java

@@ -1,83 +0,0 @@
-package com.github.games647.fastlogin.bukkit.commands;
-
-import com.github.games647.fastlogin.bukkit.BukkitCore;
-import com.github.games647.fastlogin.core.AuthStorage;
-import com.github.games647.fastlogin.core.importer.ImportPlugin;
-import org.bukkit.ChatColor;
-
-import org.bukkit.command.Command;
-import org.bukkit.command.CommandExecutor;
-import org.bukkit.command.CommandSender;
-
-public class ImportCommand implements CommandExecutor {
-
-    private final BukkitCore core;
-
-    public ImportCommand(BukkitCore core) {
-        this.core = core;
-    }
-
-    @Override
-    public boolean onCommand(CommandSender sender, Command command, String label, String[] args) {
-        if (args.length < 2) {
-            sender.sendMessage(ChatColor.DARK_RED + "You need to specify the import plugin and database type");
-            return true;
-        }
-
-        ImportPlugin importPlugin;
-        switch (args[0].toLowerCase()) {
-            case "autoin":
-                importPlugin = ImportPlugin.AUTO_IN;
-                break;
-            case "bpa":
-                importPlugin = ImportPlugin.BPA;
-                break;
-            case "eldzi":
-                importPlugin = ImportPlugin.ELDZI;
-                break;
-            default:
-                sender.sendMessage(ChatColor.DARK_RED + "Unknown auto login plugin");
-                return true;
-        }
-
-        boolean sqlite;
-        switch (args[1].toLowerCase()) {
-            case "sqlite":
-                sqlite = true;
-                break;
-            case "mysql":
-                sqlite = false;
-                break;
-            default:
-                sender.sendMessage(ChatColor.DARK_RED + "Unknown storage type to import from. Either SQLite or MySQL");
-                return true;
-        }
-
-        String host = "";
-        String database = "";
-        String username = "";
-        String password = "";
-        if (!sqlite) {
-            if (args.length <= 5) {
-                sender.sendMessage(ChatColor.DARK_RED + "If importing from MySQL, you need to specify host database "
-                        + "and username passowrd too");
-                return true;
-            }
-
-            host = args[2];
-            database = args[3];
-            username = args[4];
-            password = args[5];
-        }
-
-        AuthStorage storage = core.getStorage();
-        boolean success = core.importDatabase(importPlugin, true, storage, host, database, username, password);
-        if (success) {
-            sender.sendMessage(ChatColor.DARK_GREEN + "Successful imported the data");
-        } else {
-            sender.sendMessage(ChatColor.DARK_RED + "Failed to import the data. Check out the logs");
-        }
-
-        return true;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/commands/PremiumCommand.java

@@ -1,108 +0,0 @@
-package com.github.games647.fastlogin.bukkit.commands;
-
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.core.PlayerProfile;
-
-import java.util.UUID;
-
-import org.bukkit.Bukkit;
-import org.bukkit.command.Command;
-import org.bukkit.command.CommandExecutor;
-import org.bukkit.command.CommandSender;
-import org.bukkit.entity.Player;
-
-/**
- * Let users activate fast login by command. This only be accessible if
- * the user has access to it's account. So we can make sure that not another
- * person with a paid account and the same username can steal his account.
- */
-public class PremiumCommand implements CommandExecutor {
-
-    private final FastLoginBukkit plugin;
-
-    public PremiumCommand(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-    }
-
-    @Override
-    public boolean onCommand(CommandSender sender, Command command, String label, String[] args) {
-        if (args.length == 0) {
-            if (!(sender instanceof Player)) {
-                //console or command block
-                sender.sendMessage(plugin.getCore().getMessage("no-console"));
-                return true;
-            }
-
-            if (plugin.isBungeeCord()) {
-                plugin.sendBungeeActivateMessage(sender, sender.getName(), true);
-                String message = plugin.getCore().getMessage("wait-on-proxy");
-                if (message != null) {
-                    sender.sendMessage(message);
-                }
-            } else {
-                UUID id = ((Player) sender).getUniqueId();
-                if (plugin.getConfig().getBoolean("premium-warning")
-                        && !plugin.getCore().getPendingConfirms().contains(id)) {
-                    sender.sendMessage(plugin.getCore().getMessage("premium-warning"));
-                    plugin.getCore().getPendingConfirms().add(id);
-                    return true;
-                }
-
-                plugin.getCore().getPendingConfirms().remove(id);
-                //todo: load async
-                PlayerProfile profile = plugin.getCore().getStorage().loadProfile(sender.getName());
-                if (profile.isPremium()) {
-                    sender.sendMessage(plugin.getCore().getMessage("already-exists"));
-                } else {
-                    //todo: resolve uuid
-                    profile.setPremium(true);
-                    Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
-                        plugin.getCore().getStorage().save(profile);
-                    });
-
-                    sender.sendMessage(plugin.getCore().getMessage("add-premium"));
-                }
-            }
-
-            return true;
-        } else {
-            onPremiumOther(sender, command, args);
-        }
-
-        return true;
-    }
-
-    private void onPremiumOther(CommandSender sender, Command command, String[] args) {
-        if (!sender.hasPermission(command.getPermission() + ".other")) {
-            sender.sendMessage(plugin.getCore().getMessage("no-permission"));
-            return ;
-        }
-
-        if (plugin.isBungeeCord()) {
-            plugin.sendBungeeActivateMessage(sender, args[0], true);
-            String message = plugin.getCore().getMessage("wait-on-proxy");
-            if (message != null) {
-                sender.sendMessage(message);
-            }
-        } else {
-            //todo: load async
-            PlayerProfile profile = plugin.getCore().getStorage().loadProfile(args[0]);
-            if (profile == null) {
-                sender.sendMessage(plugin.getCore().getMessage("player-unknown"));
-                return;
-            }
-            
-            if (profile.isPremium()) {
-                sender.sendMessage(plugin.getCore().getMessage("already-exists-other"));
-            } else {
-                //todo: resolve uuid
-                profile.setPremium(true);
-                Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
-                    plugin.getCore().getStorage().save(profile);
-                });
-
-                sender.sendMessage(plugin.getCore().getMessage("add-premium-other"));
-            }
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginAutoLoginEvent.java

@@ -0,0 +1,78 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.event;
+
+import com.github.games647.fastlogin.core.shared.LoginSession;
+import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.bukkit.event.Cancellable;
+import org.bukkit.event.Event;
+import org.bukkit.event.HandlerList;
+import org.jetbrains.annotations.NotNull;
+
+public class BukkitFastLoginAutoLoginEvent extends Event implements FastLoginAutoLoginEvent, Cancellable {
+
+    private static final HandlerList HANDLERS = new HandlerList();
+    private final LoginSession session;
+    private final StoredProfile profile;
+    private boolean cancelled;
+
+    public BukkitFastLoginAutoLoginEvent(LoginSession session, StoredProfile profile) {
+        super(true);
+
+        this.session = session;
+        this.profile = profile;
+    }
+
+    @Override
+    public LoginSession getSession() {
+        return session;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public boolean isCancelled() {
+        return cancelled;
+    }
+
+    @Override
+    public void setCancelled(boolean cancelled) {
+        this.cancelled = cancelled;
+    }
+
+    @Override
+    public @NotNull HandlerList getHandlers() {
+        return HANDLERS;
+    }
+
+    public static HandlerList getHandlerList() {
+        return HANDLERS;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPreLoginEvent.java

@@ -0,0 +1,73 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.event;
+
+import com.github.games647.fastlogin.core.shared.LoginSource;
+import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.bukkit.event.Event;
+import org.bukkit.event.HandlerList;
+import org.jetbrains.annotations.NotNull;
+
+public class BukkitFastLoginPreLoginEvent extends Event implements FastLoginPreLoginEvent {
+
+    private static final HandlerList HANDLERS = new HandlerList();
+    private final String username;
+    private final LoginSource source;
+    private final StoredProfile profile;
+
+    public BukkitFastLoginPreLoginEvent(String username, LoginSource source, StoredProfile profile) {
+        super(true);
+
+        this.username = username;
+        this.source = source;
+        this.profile = profile;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public LoginSource getSource() {
+        return source;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public @NotNull HandlerList getHandlers() {
+        return HANDLERS;
+    }
+
+    public static HandlerList getHandlerList() {
+        return HANDLERS;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPremiumToggleEvent.java

@@ -0,0 +1,64 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.event;
+
+import com.github.games647.fastlogin.core.shared.event.FastLoginPremiumToggleEvent;
+import com.github.games647.fastlogin.core.storage.StoredProfile;
+import org.bukkit.event.Event;
+import org.bukkit.event.HandlerList;
+import org.jetbrains.annotations.NotNull;
+
+public class BukkitFastLoginPremiumToggleEvent extends Event implements FastLoginPremiumToggleEvent {
+
+    private static final HandlerList HANDLERS = new HandlerList();
+    private final StoredProfile profile;
+    private final PremiumToggleReason reason;
+
+    public BukkitFastLoginPremiumToggleEvent(StoredProfile profile, PremiumToggleReason reason) {
+        super(true);
+        this.profile = profile;
+        this.reason = reason;
+    }
+
+    @Override
+    public StoredProfile getProfile() {
+        return profile;
+    }
+
+    @Override
+    public PremiumToggleReason getReason() {
+        return reason;
+    }
+
+    @Override
+    public @NotNull HandlerList getHandlers() {
+        return HANDLERS;
+    }
+
+    public static HandlerList getHandlerList() {
+        return HANDLERS;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java

@@ -0,0 +1,114 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import fr.xephi.authme.api.v3.AuthMeApi;
+import fr.xephi.authme.events.RestoreSessionEvent;
+import fr.xephi.authme.process.Management;
+import fr.xephi.authme.process.register.executors.ApiPasswordRegisterParams;
+import fr.xephi.authme.process.register.executors.RegistrationMethod;
+import org.bukkit.entity.Player;
+import org.bukkit.event.EventHandler;
+import org.bukkit.event.EventPriority;
+import org.bukkit.event.Listener;
+
+import java.lang.reflect.Field;
+
+/**
+ * GitHub: <a href="https://github.com/Xephi/AuthMeReloaded/">...</a>
+ * <p>
+ * Project page:
+ * <p>
+ * <a href="https://dev.bukkit.org/bukkit-plugins/authme-reloaded/">Bukkit</a>
+ * <p>
+ * <a href="https://www.spigotmc.org/resources/authme-reloaded.6269/">Spigot</a>
+ */
+public class AuthMeHook implements AuthPlugin<Player>, Listener {
+
+    private final FastLoginBukkit plugin;
+
+    private final AuthMeApi authmeAPI;
+    private Management authmeManagement;
+
+    public AuthMeHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+        this.authmeAPI = AuthMeApi.getInstance();
+
+        if (plugin.getCore().getConfig().getBoolean("respectIpLimit", false)) {
+            try {
+                Field managementField = this.authmeAPI.getClass().getDeclaredField("management");
+                managementField.setAccessible(true);
+                this.authmeManagement = (Management) managementField.get(this.authmeAPI);
+            } catch (NoSuchFieldException | IllegalAccessException exception) {
+                this.authmeManagement = null;
+            }
+        }
+    }
+
+    @EventHandler(priority = EventPriority.HIGHEST, ignoreCancelled = true)
+    public void onSessionRestore(RestoreSessionEvent restoreSessionEvent) {
+        Player player = restoreSessionEvent.getPlayer();
+
+        BukkitLoginSession session = plugin.getSession(player.spigot().getRawAddress());
+        if (session != null && session.isVerifiedPremium()) {
+            restoreSessionEvent.setCancelled(true);
+        }
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        if (authmeAPI.isAuthenticated(player)) {
+            plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
+            return false;
+        }
+
+        //skips registration and login
+        authmeAPI.forceLogin(player);
+        return true;
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        return authmeAPI.isRegistered(playerName);
+    }
+
+    @Override
+    //this automatically login the player too
+    public boolean forceRegister(Player player, String password) {
+        //if we have the management - we can trigger register with IP limit checks
+        if (authmeManagement != null) {
+            authmeManagement.performRegister(RegistrationMethod.PASSWORD_REGISTRATION,
+                    ApiPasswordRegisterParams.of(player, password, true));
+        } else {
+            authmeAPI.forceRegister(player, password);
+        }
+
+        return true;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/CrazyLoginHook.java

@@ -0,0 +1,140 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import de.st_ddt.crazylogin.CrazyLogin;
+import de.st_ddt.crazylogin.data.LoginPlayerData;
+import de.st_ddt.crazylogin.databases.CrazyLoginDataDatabase;
+import de.st_ddt.crazylogin.listener.PlayerListener;
+import de.st_ddt.crazylogin.metadata.Authenticated;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+
+import java.util.Optional;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+
+/**
+ * GitHub: <a href="https://github.com/ST-DDT/CrazyLogin">...</a>
+ * <p>
+ * Project page:
+ * <p>
+ * <a href="https://dev.bukkit.org/server-mods/crazylogin/">Bukkit</a>
+ */
+public class CrazyLoginHook implements AuthPlugin<Player> {
+
+    private final FastLoginBukkit plugin;
+
+    private final CrazyLogin crazyLoginPlugin;
+    private final PlayerListener playerListener;
+
+    public CrazyLoginHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+
+        crazyLoginPlugin = CrazyLogin.getPlugin();
+        playerListener = getListener();
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        //not thread-safe operation
+        Future<Optional<LoginPlayerData>> future = Bukkit.getScheduler().callSyncMethod(plugin, () -> {
+            LoginPlayerData playerData = crazyLoginPlugin.getPlayerData(player);
+            if (playerData != null) {
+                //mark the account as logged in
+                playerData.setLoggedIn(true);
+
+                String ip = player.getAddress().getAddress().getHostAddress();
+//this should be done after login to restore the inventory, show players, prevent potential memory leaks...
+//from: https://github.com/ST-DDT/CrazyLogin/blob/master/src/main/java/de/st_ddt/crazylogin/CrazyLogin.java#L1948
+                playerData.resetLoginFails();
+                player.setFireTicks(0);
+
+                if (playerListener != null) {
+                    playerListener.removeMovementBlocker(player);
+                    playerListener.disableHidenInventory(player);
+                    playerListener.disableSaveLogin(player);
+                    playerListener.unhidePlayer(player);
+                }
+
+//loginFailuresPerIP.remove(IP);
+//illegalCommandUsesPerIP.remove(IP);
+//tempBans.remove(IP);
+                playerData.addIP(ip);
+                player.setMetadata("Authenticated", new Authenticated(crazyLoginPlugin, player));
+                crazyLoginPlugin.unregisterDynamicHooks();
+                return Optional.of(playerData);
+            }
+
+            return Optional.empty();
+        });
+
+        try {
+            Optional<LoginPlayerData> result = future.get().filter(LoginPlayerData::isLoggedIn);
+            if (result.isPresent()) {
+                //SQL-Queries should run async
+                crazyLoginPlugin.getCrazyDatabase().saveWithoutPassword(result.get());
+                return true;
+            }
+        } catch (InterruptedException | ExecutionException ex) {
+            plugin.getLog().error("Failed to forceLogin player: {}", player, ex);
+            return false;
+        }
+
+        return false;
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        return crazyLoginPlugin.getPlayerData(playerName) != null;
+    }
+
+    @Override
+    public boolean forceRegister(Player player, String password) {
+        CrazyLoginDataDatabase crazyDatabase = crazyLoginPlugin.getCrazyDatabase();
+
+        //this executes a sql query and accesses only thread safe collections, so we can run it async
+        LoginPlayerData playerData = crazyLoginPlugin.getPlayerData(player.getName());
+        if (playerData == null) {
+            //create a fake account - this will be saved to the database with the password=FAILEDLOADING
+            //user cannot log in with that password unless the admin uses plain text
+            //this automatically marks the player as logged in
+            crazyDatabase.save(new LoginPlayerData(player));
+            return forceLogin(player);
+        }
+
+        return false;
+    }
+
+    protected PlayerListener getListener() {
+        FieldAccessor accessor = Accessors.getFieldAccessor(crazyLoginPlugin.getClass(), PlayerListener.class, true);
+        return (PlayerListener) accessor.get(crazyLoginPlugin);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/DelayedAuthHook.java

@@ -0,0 +1,106 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import org.bukkit.event.Listener;
+
+import java.lang.reflect.Constructor;
+import java.util.Arrays;
+import java.util.List;
+
+public class DelayedAuthHook implements Runnable {
+
+    private final FastLoginBukkit plugin;
+
+    public DelayedAuthHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public void run() {
+        plugin.setInitialized(isHookFound());
+    }
+
+    private boolean isHookFound() {
+        return plugin.getCore().getAuthPluginHook() != null || registerHooks();
+    }
+
+    private boolean registerHooks() {
+        AuthPlugin<Player> authPluginHook = getAuthHook();
+        if (authPluginHook == null) {
+            //run this check for exceptions (errors) and not found plugins
+            plugin.getLog().warn("No support offline Auth plugin found. ");
+            return false;
+        }
+
+        if (authPluginHook instanceof Listener) {
+            Bukkit.getPluginManager().registerEvents((Listener) authPluginHook, plugin);
+        }
+
+        if (plugin.getCore().getAuthPluginHook() == null) {
+            plugin.getLog().info("Hooking into auth plugin: {}", authPluginHook.getClass().getSimpleName());
+            plugin.getCore().setAuthPluginHook(authPluginHook);
+        }
+
+        return true;
+    }
+
+    private AuthPlugin<Player> getAuthHook() {
+        try {
+            List<Class<? extends AuthPlugin<Player>>> hooks = Arrays.asList(AuthMeHook.class,
+                    CrazyLoginHook.class, LogItHook.class, LoginSecurityHook.class, UltraAuthHook.class,
+                    XAuthHook.class);
+
+            for (Class<? extends AuthPlugin<Player>> clazz : hooks) {
+                String pluginName = clazz.getSimpleName();
+                pluginName = pluginName.substring(0, pluginName.length() - "Hook".length());
+                //uses only member classes which uses AuthPlugin interface (skip interfaces)
+                if (Bukkit.getPluginManager().isPluginEnabled(pluginName)) {
+                    //check only for enabled plugins. A single plugin could be disabled by plugin managers
+                    return newInstance(clazz);
+                }
+            }
+        } catch (ReflectiveOperationException ex) {
+            plugin.getLog().error("Couldn't load the auth hook class", ex);
+        }
+
+        return null;
+    }
+
+    protected AuthPlugin<Player> newInstance(Class<? extends AuthPlugin<Player>> clazz)
+            throws ReflectiveOperationException {
+        try {
+            Constructor<? extends AuthPlugin<Player>> cons = clazz.getDeclaredConstructor(FastLoginBukkit.class);
+            return cons.newInstance(plugin);
+        } catch (NoSuchMethodException noMethodEx) {
+            return clazz.getDeclaredConstructor().newInstance();
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/LogItHook.java

@@ -0,0 +1,81 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import io.github.lucaseasedup.logit.CancelledState;
+import io.github.lucaseasedup.logit.LogItCore;
+import io.github.lucaseasedup.logit.account.Account;
+import io.github.lucaseasedup.logit.session.SessionManager;
+import org.bukkit.entity.Player;
+
+import java.time.Instant;
+
+/**
+ * GitHub: <a href="https://github.com/XziomekX/LogIt">...</a>
+ * <p>
+ * Project page:
+ * <p>
+ * Bukkit: Unknown
+ * <p>
+ * Spigot: Unknown
+ */
+public class LogItHook implements AuthPlugin<Player> {
+
+    private final FastLoginBukkit plugin;
+
+    public LogItHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        SessionManager sessionManager = LogItCore.getInstance().getSessionManager();
+        if (sessionManager.isSessionAlive(player)) {
+            plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
+            return false;
+        }
+
+        return sessionManager.startSession(player) == CancelledState.NOT_CANCELLED;
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        return LogItCore.getInstance().getAccountManager().isRegistered(playerName);
+    }
+
+    @Override
+    public boolean forceRegister(Player player, String password) {
+        Account account = new Account(player.getName());
+        account.changePassword(password);
+
+        Instant now = Instant.now();
+        account.setLastActiveDate(now.getEpochSecond());
+        account.setRegistrationDate(now.getEpochSecond());
+        return LogItCore.getInstance().getAccountManager().insertAccount(account) == CancelledState.NOT_CANCELLED;
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/LoginSecurityHook.java

@@ -0,0 +1,77 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import com.lenis0012.bukkit.loginsecurity.LoginSecurity;
+import com.lenis0012.bukkit.loginsecurity.session.AuthService;
+import com.lenis0012.bukkit.loginsecurity.session.PlayerSession;
+import com.lenis0012.bukkit.loginsecurity.session.action.LoginAction;
+import com.lenis0012.bukkit.loginsecurity.session.action.RegisterAction;
+import org.bukkit.entity.Player;
+
+/**
+ * GitHub: <a href="https://github.com/lenis0012/LoginSecurity-2">...</a>
+ * <p>
+ * Project page:
+ * <p>
+ * <a href="https://dev.bukkit.org/bukkit-plugins/loginsecurity/">Bukkit</a>
+ * <p>
+ * <a href="https://www.spigotmc.org/resources/loginsecurity.19362/">Spigot</a>
+ */
+public class LoginSecurityHook implements AuthPlugin<Player> {
+
+    private final FastLoginBukkit plugin;
+
+    public LoginSecurityHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        PlayerSession session = LoginSecurity.getSessionManager().getPlayerSession(player);
+        if (session.isAuthorized()) {
+            plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
+            return true;
+        }
+
+        return session.isAuthorized()
+                || session.performAction(new LoginAction(AuthService.PLUGIN, plugin)).isSuccess();
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        PlayerSession session = LoginSecurity.getSessionManager().getOfflineSession(playerName);
+        return session.isRegistered();
+    }
+
+    @Override
+    public boolean forceRegister(Player player, String password) {
+        PlayerSession session = LoginSecurity.getSessionManager().getPlayerSession(player);
+        return session.performAction(new RegisterAction(AuthService.PLUGIN, plugin, password)).isSuccess();
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/UltraAuthHook.java

@@ -0,0 +1,85 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+import ultraauth.api.UltraAuthAPI;
+import ultraauth.managers.PlayerManager;
+
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+
+/**
+ * Project page:
+ * <p>
+ * <a href="https://dev.bukkit.org/bukkit-plugins/ultraauth-aa/">Bukkit</a>
+ * <p>
+ * <a href="https://www.spigotmc.org/resources/ultraauth.17044/">Spigot</a>
+ */
+public class UltraAuthHook implements AuthPlugin<Player> {
+
+    private final FastLoginBukkit plugin;
+
+    public UltraAuthHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        //not thread-safe
+        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(plugin, () -> {
+            if (UltraAuthAPI.isAuthenticated(player)) {
+                plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
+                return false;
+            }
+
+            UltraAuthAPI.authenticatedPlayer(player);
+            return UltraAuthAPI.isAuthenticated(player);
+        });
+
+        try {
+            return future.get();
+        } catch (InterruptedException | ExecutionException ex) {
+            plugin.getLog().error("Failed to forceLogin player: {}", player, ex);
+            return false;
+        }
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        return UltraAuthAPI.isRegisterd(playerName);
+    }
+
+    @Override
+    public boolean forceRegister(Player player, String password) {
+        UltraAuthAPI.setPlayerPasswordOnline(player, password);
+        //the register method silents any exception so check if our entry was saved
+        return PlayerManager.getInstance().checkPlayerPassword(player, password) && forceLogin(player);
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/XAuthHook.java

@@ -0,0 +1,110 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import de.luricos.bukkit.xAuth.xAuth;
+import de.luricos.bukkit.xAuth.xAuthPlayer;
+import org.bukkit.Bukkit;
+import org.bukkit.entity.Player;
+
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+
+/**
+ * GitHub: <a href="https://github.com/LycanDevelopment/xAuth/">...</a>
+ * <p>
+ * Project page:
+ * <p>
+ * <a href="https://dev.bukkit.org/bukkit-plugins/xauth/">Bukkit</a>
+ */
+public class XAuthHook implements AuthPlugin<Player> {
+
+    private final xAuth xAuthPlugin = xAuth.getPlugin();
+    private final FastLoginBukkit plugin;
+
+    public XAuthHook(FastLoginBukkit plugin) {
+        this.plugin = plugin;
+    }
+
+    @Override
+    public boolean forceLogin(Player player) {
+        //not thread-safe
+        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(plugin, () -> {
+            xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(player);
+            if (xAuthPlayer != null) {
+                if (xAuthPlayer.isAuthenticated()) {
+                    plugin.getLog().warn(ALREADY_AUTHENTICATED, player);
+                    return false;
+                }
+
+                //we checked that the player is premium (paid account)
+                xAuthPlayer.setPremium(true);
+
+                //unprotect the inventory, op status...
+                return xAuthPlugin.getPlayerManager().doLogin(xAuthPlayer);
+            }
+
+            return false;
+        });
+
+        try {
+            return future.get();
+        } catch (InterruptedException | ExecutionException ex) {
+            plugin.getLog().error("Failed to forceLogin player: {}", player, ex);
+            return false;
+        }
+    }
+
+    @Override
+    public boolean isRegistered(String playerName) {
+        //this will load the player if it's not in the cache
+        xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(playerName);
+        return xAuthPlayer != null && xAuthPlayer.isRegistered();
+    }
+
+    @Override
+    public boolean forceRegister(Player player, final String password) {
+        //not thread-safe
+        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(xAuthPlugin, () -> {
+            xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(player);
+            //this should run async because the plugin executes a sql query, but the method
+            //accesses non thread-safe collections :(
+            return xAuthPlayer != null
+                    && xAuthPlugin.getAuthClass(xAuthPlayer).adminRegister(player.getName(), password, null);
+
+        });
+
+        try {
+            //login in the player after registration
+            return future.get() && forceLogin(player);
+        } catch (InterruptedException | ExecutionException ex) {
+            plugin.getLog().error("Failed to forceRegister player: {}", player, ex);
+            return false;
+        }
+    }
+}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/AuthMeHook.java

@@ -1,61 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import com.avaje.ebeaninternal.api.ClassUtil;
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
-import fr.xephi.authme.api.API;
-import fr.xephi.authme.api.NewAPI;
-
-import org.bukkit.entity.Player;
-
-/**
- * Github: https://github.com/Xephi/AuthMeReloaded/
- * Project page:
- *
- * Bukkit: http://dev.bukkit.org/bukkit-plugins/authme-reloaded/
- * Spigot: https://www.spigotmc.org/resources/authme-reloaded.6269/
- */
-public class AuthMeHook implements AuthPlugin<Player> {
-
-    private final boolean isNewAPIAvailable;
-
-    public AuthMeHook() {
-        this.isNewAPIAvailable = ClassUtil.isPresent("fr.​xephi.​authme.​api.NewAPI");
-    }
-
-    @Override
-    @SuppressWarnings("deprecation")
-    public boolean forceLogin(Player player) {
-        //skips registration and login
-        if (isNewAPIAvailable) {
-            NewAPI.getInstance().forceLogin(player);
-        } else {
-            API.forceLogin(player);
-        }
-        
-        return true;
-    }
-
-    @Override
-    @SuppressWarnings("deprecation")
-    public boolean isRegistered(String playerName) throws Exception {
-        if (isNewAPIAvailable) {
-            return NewAPI.getInstance().isRegistered(playerName);
-        } else {
-            return API.isRegistered(playerName);
-        }
-    }
-
-    @Override
-    @SuppressWarnings("deprecation")
-    public boolean forceRegister(Player player, String password) {
-        if (isNewAPIAvailable) {
-            NewAPI.getInstance().forceRegister(player, password);
-        } else {
-            API.registerPlayer(player.getName(), password);
-            forceLogin(player);
-        }
-
-        return true;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/BukkitAuthPlugin.java

@@ -1,21 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
-import org.bukkit.entity.Player;
-
-/**
- * @deprecated please use com.github.games647.fastlogin.core.hooks.AuthPlugin<org.bukkit.entity.Player>
- */
-@Deprecated
-public interface BukkitAuthPlugin extends AuthPlugin<Player> {
-
-    @Override
-    boolean forceLogin(Player player);
-
-    @Override
-    boolean isRegistered(String playerName) throws Exception;
-
-    @Override
-    boolean forceRegister(Player player, String password);
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/CrazyLoginHook.java

@@ -1,115 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
-import de.st_ddt.crazylogin.CrazyLogin;
-import de.st_ddt.crazylogin.data.LoginPlayerData;
-import de.st_ddt.crazylogin.databases.CrazyLoginDataDatabase;
-import de.st_ddt.crazylogin.listener.PlayerListener;
-import de.st_ddt.crazylogin.metadata.Authenticated;
-
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
-import java.util.logging.Level;
-
-import org.apache.commons.lang.reflect.FieldUtils;
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-
-/**
- * Github: https://github.com/ST-DDT/CrazyLogin
- *
- * Project page:
- *
- * Bukkit: http://dev.bukkit.org/server-mods/crazylogin/
- */
-public class CrazyLoginHook implements AuthPlugin<Player> {
-
-    private final CrazyLogin crazyLoginPlugin = CrazyLogin.getPlugin();
-    private final PlayerListener playerListener = getListener();
-
-    @Override
-    public boolean forceLogin(Player player) {
-        //not thread-safe operation
-        Future<LoginPlayerData> future = Bukkit.getScheduler().callSyncMethod(crazyLoginPlugin, () -> {
-            LoginPlayerData playerData = crazyLoginPlugin.getPlayerData(player);
-            if (playerData != null) {
-                //mark the account as logged in
-                playerData.setLoggedIn(true);
-
-                String ip = player.getAddress().getAddress().getHostAddress();
-//this should be done after login to restore the inventory, unhide players, prevent potential memory leaks...
-//from: https://github.com/ST-DDT/CrazyLogin/blob/master/src/main/java/de/st_ddt/crazylogin/CrazyLogin.java#L1948
-                playerData.resetLoginFails();
-                player.setFireTicks(0);
-
-                if (playerListener != null) {
-                    playerListener.removeMovementBlocker(player);
-                    playerListener.disableHidenInventory(player);
-                    playerListener.disableSaveLogin(player);
-                    playerListener.unhidePlayer(player);
-                }
-
-//loginFailuresPerIP.remove(IP);
-//illegalCommandUsesPerIP.remove(IP);
-//tempBans.remove(IP);
-                playerData.addIP(ip);
-                player.setMetadata("Authenticated", new Authenticated(crazyLoginPlugin, player));
-                crazyLoginPlugin.unregisterDynamicHooks();
-                return playerData;
-            }
-
-            return null;
-        });
-
-        try {
-            LoginPlayerData result = future.get();
-            if (result != null && result.isLoggedIn()) {
-                //SQL-Queries should run async
-                crazyLoginPlugin.getCrazyDatabase().saveWithoutPassword(result);
-                return true;
-            }
-        } catch (InterruptedException | ExecutionException ex) {
-            crazyLoginPlugin.getLogger().log(Level.SEVERE, "Failed to forceLogin", ex);
-            return false;
-        }
-
-        return false;
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        return crazyLoginPlugin.getPlayerData(playerName) != null;
-    }
-
-    @Override
-    public boolean forceRegister(Player player, String password) {
-        CrazyLoginDataDatabase crazyDatabase = crazyLoginPlugin.getCrazyDatabase();
-
-        //this executes a sql query and accesses only thread safe collections so we can run it async
-        LoginPlayerData playerData = crazyLoginPlugin.getPlayerData(player.getName());
-        if (playerData == null) {
-            //create a fake account - this will be saved to the database with the password=FAILEDLOADING
-            //user cannot login with that password unless the admin uses plain text
-            //this automatically marks the player as logged in
-            playerData = new LoginPlayerData(player);
-            crazyDatabase.save(playerData);
-
-            return forceLogin(player);
-        }
-
-        return false;
-    }
-
-    private PlayerListener getListener() {
-        PlayerListener listener;
-        try {
-            listener = (PlayerListener) FieldUtils.readField(crazyLoginPlugin, "playerListener", true);
-        } catch (IllegalAccessException ex) {
-            crazyLoginPlugin.getLogger().log(Level.SEVERE, "Failed to get the listener instance for auto login", ex);
-            listener = null;
-        }
-
-        return listener;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/LogItHook.java

@@ -1,38 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
-import io.github.lucaseasedup.logit.CancelledState;
-import io.github.lucaseasedup.logit.LogItCore;
-import io.github.lucaseasedup.logit.account.Account;
-
-import org.bukkit.entity.Player;
-
-/**
- * Github: https://github.com/XziomekX/LogIt
- * Project page:
- *
- * Bukkit: Unknown
- * Spigot: Unknown
- */
-public class LogItHook implements AuthPlugin<Player> {
-
-    @Override
-    public boolean forceLogin(Player player) {
-        return LogItCore.getInstance().getSessionManager().startSession(player) == CancelledState.NOT_CANCELLED;
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        return LogItCore.getInstance().getAccountManager().isRegistered(playerName);
-    }
-
-    @Override
-    public boolean forceRegister(Player player, String password) {
-        Account account = new Account(player.getName());
-        account.changePassword(password);
-        account.setLastActiveDate(System.currentTimeMillis() / 1000);
-        account.setRegistrationDate(System.currentTimeMillis() / 1000);
-        return LogItCore.getInstance().getAccountManager().insertAccount(account) == CancelledState.NOT_CANCELLED;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/LoginSecurityHook.java

@@ -1,41 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-import com.lenis0012.bukkit.loginsecurity.LoginSecurity;
-import com.lenis0012.bukkit.loginsecurity.session.AuthService;
-import com.lenis0012.bukkit.loginsecurity.session.PlayerSession;
-import com.lenis0012.bukkit.loginsecurity.session.action.LoginAction;
-import com.lenis0012.bukkit.loginsecurity.session.action.RegisterAction;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-
-/**
- * Github: https://github.com/lenis0012/LoginSecurity-2 Project page:
- *
- * Bukkit: http://dev.bukkit.org/bukkit-plugins/loginsecurity/
- * Spigot: https://www.spigotmc.org/resources/loginsecurity.19362/
- */
-public class LoginSecurityHook implements AuthPlugin<Player> {
-
-    private final FastLoginBukkit plugin = (FastLoginBukkit) Bukkit.getPluginManager().getPlugin("FastLogin");
-
-    @Override
-    public boolean forceLogin(Player player) {
-        PlayerSession session = LoginSecurity.getSessionManager().getPlayerSession(player);
-        return session.performAction(new LoginAction(AuthService.PLUGIN, plugin)).isSuccess();
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        PlayerSession session = LoginSecurity.getSessionManager().getOfflineSession(playerName);
-        return session.isRegistered();
-    }
-
-    @Override
-    public boolean forceRegister(Player player, String password) {
-        PlayerSession session = LoginSecurity.getSessionManager().getPlayerSession(player);
-        return session.performAction(new RegisterAction(AuthService.PLUGIN, plugin, password)).isSuccess();
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/RoyalAuthHook.java

@@ -1,62 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
-import java.util.logging.Level;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-import org.royaldev.royalauth.AuthPlayer;
-import org.royaldev.royalauth.Config;
-import org.royaldev.royalauth.RoyalAuth;
-
-/**
- * Github: https://github.com/RoyalDev/RoyalAuth
- *
- * Project page:
- *
- * Bukkit: http://dev.bukkit.org/bukkit-plugins/royalauth/
- */
-public class RoyalAuthHook implements AuthPlugin<Player> {
-
-    private final RoyalAuth royalAuthPlugin = (RoyalAuth) Bukkit.getPluginManager().getPlugin("RoyalAuth");
-
-    @Override
-    public boolean forceLogin(Player player) {
-        AuthPlayer authPlayer = AuthPlayer.getAuthPlayer(player);
-
-        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(royalAuthPlugin, () -> {
-//https://github.com/RoyalDev/RoyalAuth/blob/master/src/main/java/org/royaldev/royalauth/commands/CmdLogin.java#L62
-//not thread-safe
-            authPlayer.login();
-
-            return authPlayer.isLoggedIn();
-        });
-
-        try {
-            return future.get();
-        } catch (InterruptedException | ExecutionException ex) {
-            royalAuthPlugin.getLogger().log(Level.SEVERE, "Failed to forceLogin", ex);
-            return false;
-        }
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        AuthPlayer authPlayer = AuthPlayer.getAuthPlayer(playerName);
-        return authPlayer.isRegistered();
-    }
-
-    @Override
-    public boolean forceRegister(Player player, String password) {
-//https://github.com/RoyalDev/RoyalAuth/blob/master/src/main/java/org/royaldev/royalauth/commands/CmdRegister.java#L50
-        AuthPlayer authPlayer = AuthPlayer.getAuthPlayer(player);
-
-        boolean registerSuccess = authPlayer.setPassword(password, Config.passwordHashType);
-
-        //login in the player after registration
-        return registerSuccess && forceLogin(player);
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/UltraAuthHook.java

@@ -1,58 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
-import java.util.logging.Level;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-import org.bukkit.plugin.Plugin;
-
-import ultraauth.api.UltraAuthAPI;
-import ultraauth.main.Main;
-import ultraauth.managers.PlayerManager;
-
-/**
- * Project page:
- *
- * Bukkit: http://dev.bukkit.org/bukkit-plugins/ultraauth-aa/
- * Spigot: https://www.spigotmc.org/resources/ultraauth.17044/
- */
-public class UltraAuthHook implements AuthPlugin<Player> {
-
-    private final Plugin ultraAuthPlugin = Main.main;
-
-    @Override
-    public boolean forceLogin(Player player) {
-        //not thread-safe
-        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(ultraAuthPlugin, () -> {
-            UltraAuthAPI.authenticatedPlayer(player);
-            return UltraAuthAPI.isAuthenticated(player);
-        });
-
-        try {
-            return future.get();
-        } catch (InterruptedException | ExecutionException ex) {
-            ultraAuthPlugin.getLogger().log(Level.SEVERE, "Failed to forceLogin", ex);
-            return false;
-        }
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        return UltraAuthAPI.isRegisterd(playerName);
-    }
-
-    @Override
-    public boolean forceRegister(Player player, String password) {
-        UltraAuthAPI.setPlayerPasswordOnline(player, password);
-        if (PlayerManager.getInstance().checkPlayerPassword(player, password)) {
-            //the register method silents any excpetion so check if our entry was saved
-            return forceLogin(player);
-        }
-
-        return false;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hooks/xAuthHook.java

@@ -1,83 +0,0 @@
-package com.github.games647.fastlogin.bukkit.hooks;
-
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-
-import de.luricos.bukkit.xAuth.xAuth;
-import de.luricos.bukkit.xAuth.xAuthPlayer;
-
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
-import java.util.logging.Level;
-
-import org.bukkit.Bukkit;
-
-import org.bukkit.entity.Player;
-
-/**
- * Github: https://github.com/LycanDevelopment/xAuth/
- *
- * Project page:
- *
- * Bukkit: http://dev.bukkit.org/bukkit-plugins/xauth/
- */
-public class xAuthHook implements AuthPlugin<Player> {
-
-    private final xAuth xAuthPlugin = xAuth.getPlugin();
-
-    @Override
-    public boolean forceLogin(Player player) {
-        //not thread-safe
-        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(xAuthPlugin, () -> {
-            xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(player);
-            if (xAuthPlayer != null) {
-                //we checked that the player is premium (paid account)
-                xAuthPlayer.setPremium(true);
-
-                //unprotect the inventory, op status...
-                return xAuthPlugin.getPlayerManager().doLogin(xAuthPlayer);
-            }
-
-            return false;
-        });
-
-        try {
-            return future.get();
-        } catch (InterruptedException | ExecutionException ex) {
-            xAuthPlugin.getLogger().log(Level.SEVERE, "Failed to forceLogin", ex);
-            return false;
-        }
-    }
-
-    @Override
-    public boolean isRegistered(String playerName) throws Exception {
-        //this will load the player if it's not in the cache
-        xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(playerName);
-        return xAuthPlayer != null && xAuthPlayer.isRegistered();
-    }
-
-    @Override
-    public boolean forceRegister(Player player, final String password) {
-        //not thread-safe
-        Future<Boolean> future = Bukkit.getScheduler().callSyncMethod(xAuthPlugin, () -> {
-            xAuthPlayer xAuthPlayer = xAuthPlugin.getPlayerManager().getPlayer(player);
-            if (xAuthPlayer != null) {
-                //this should run async because the plugin executes a sql query, but the method
-                //accesses non thread-safe collections :(
-                boolean registerSuccess = xAuthPlugin.getAuthClass(xAuthPlayer)
-                        .adminRegister(player.getName(), password, null);
-
-                return registerSuccess;
-            }
-
-            return false;
-        });
-
-        try {
-            //login in the player after registration
-            return future.get() && forceLogin(player);
-        } catch (InterruptedException | ExecutionException ex) {
-            xAuthPlugin.getLogger().log(Level.SEVERE, "Failed to forceLogin", ex);
-            return false;
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/BukkitJoinListener.java

@@ -1,53 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener;
-
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.bukkit.tasks.ForceLoginTask;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-import org.bukkit.event.EventHandler;
-import org.bukkit.event.EventPriority;
-import org.bukkit.event.Listener;
-import org.bukkit.event.player.PlayerJoinEvent;
-import org.bukkit.event.player.PlayerLoginEvent;
-import org.bukkit.event.player.PlayerLoginEvent.Result;
-import org.bukkit.event.player.PlayerQuitEvent;
-
-/**
- * This listener tells authentication plugins if the player has a premium account and we checked it successfully. So the
- * plugin can skip authentication.
- */
-public class BukkitJoinListener implements Listener {
-
-    private static final long DELAY_LOGIN = 20L / 2;
-
-    private final FastLoginBukkit plugin;
-
-    public BukkitJoinListener(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-    }
-
-    @EventHandler(priority = EventPriority.LOWEST)
-    public void onPlayerLogin(PlayerLoginEvent loginEvent) {
-        if (loginEvent.getResult() == Result.ALLOWED && !plugin.isServerFullyStarted()) {
-            loginEvent.disallow(Result.KICK_OTHER, plugin.getCore().getMessage("not-started"));
-        }
-    }
-
-    @EventHandler(ignoreCancelled = true)
-    public void onPlayerJoin(PlayerJoinEvent joinEvent) {
-        Player player = joinEvent.getPlayer();
-
-        if (!plugin.isBungeeCord()) {
-            //Wait before auth plugin and we received a message from BungeeCord initializes the player
-            Bukkit.getScheduler().runTaskLaterAsynchronously(plugin, new ForceLoginTask(plugin, player), DELAY_LOGIN);
-        }
-    }
-
-    @EventHandler
-    public void onPlayerQuit(PlayerQuitEvent quitEvent) {
-        Player player = quitEvent.getPlayer();
-        player.removeMetadata(plugin.getName(), plugin);
-        plugin.getCore().getPendingConfirms().remove(player.getUniqueId());
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/BungeeCordListener.java

@@ -1,120 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener;
-
-import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.bukkit.tasks.ForceLoginTask;
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-import com.google.common.io.ByteArrayDataInput;
-import com.google.common.io.ByteStreams;
-
-import java.io.File;
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.nio.file.Files;
-import java.util.List;
-import java.util.Set;
-import java.util.UUID;
-import java.util.logging.Level;
-import java.util.stream.Collectors;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-import org.bukkit.metadata.FixedMetadataValue;
-import org.bukkit.plugin.messaging.PluginMessageListener;
-
-/**
- * Responsible for receiving messages from a BungeeCord instance.
- *
- * This class also receives the plugin message from the bungeecord version of this plugin in order to get notified if
- * the connection is in online mode.
- */
-public class BungeeCordListener implements PluginMessageListener {
-
-    private static final String FILE_NAME = "proxy-whitelist.txt";
-
-    private final FastLoginBukkit plugin;
-    //null if whitelist is empty so bungeecord support is disabled
-    private final Set<UUID> proxyIds;
-
-    public BungeeCordListener(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-        this.proxyIds = loadBungeeCordIds();
-    }
-
-    @Override
-    public void onPluginMessageReceived(String channel, Player player, byte[] message) {
-        if (!channel.equals(plugin.getName())) {
-            return;
-        }
-
-        ByteArrayDataInput dataInput = ByteStreams.newDataInput(message);
-        String subchannel = dataInput.readUTF();
-        plugin.getLogger().log(Level.FINEST, "Received plugin message for subchannel {0} from {1}"
-                , new Object[]{subchannel, player});
-
-        String playerName = dataInput.readUTF();
-
-        //check if the player is still online or disconnected
-        Player checkedPlayer = plugin.getServer().getPlayerExact(playerName);
-        //fail if target player is blacklisted because already authed or wrong bungeecord id
-        if (checkedPlayer != null && !checkedPlayer.hasMetadata(plugin.getName())) {
-            //blacklist this target player for BungeeCord Id brute force attacks
-            player.setMetadata(plugin.getName(), new FixedMetadataValue(plugin, true));
-
-            //bungeecord UUID
-            long mostSignificantBits = dataInput.readLong();
-            long leastSignificantBits = dataInput.readLong();
-            UUID sourceId = new UUID(mostSignificantBits, leastSignificantBits);
-            plugin.getLogger().log(Level.FINEST, "Received proxy id {0} from {1}", new Object[]{sourceId, player});
-
-            //fail if BungeeCord support is disabled (id = null)
-            if (proxyIds.contains(sourceId)) {
-                readMessage(checkedPlayer, subchannel, playerName, player);
-            }
-        }
-    }
-
-    private void readMessage(Player checkedPlayer, String subchannel, String playerName, Player player) {
-        InetSocketAddress address = checkedPlayer.getAddress();
-        String id = '/' + address.getAddress().getHostAddress() + ':' + address.getPort();
-        if ("AUTO_LOGIN".equalsIgnoreCase(subchannel)) {
-            BukkitLoginSession playerSession = new BukkitLoginSession(playerName, true);
-            playerSession.setVerified(true);
-            plugin.getSessions().put(id, playerSession);
-            Bukkit.getScheduler().runTaskAsynchronously(plugin, new ForceLoginTask(plugin, player));
-        } else if ("AUTO_REGISTER".equalsIgnoreCase(subchannel)) {
-            Bukkit.getScheduler().runTaskAsynchronously(plugin, () -> {
-                AuthPlugin<Player> authPlugin = plugin.getCore().getAuthPluginHook();
-                try {
-                    //we need to check if the player is registered on Bukkit too
-                    if (authPlugin == null || !authPlugin.isRegistered(playerName)) {
-                        BukkitLoginSession playerSession = new BukkitLoginSession(playerName, false);
-                        playerSession.setVerified(true);
-                        plugin.getSessions().put(id, playerSession);
-                        new ForceLoginTask(plugin, player).run();
-                    }
-                } catch (Exception ex) {
-                    plugin.getLogger().log(Level.SEVERE, "Failed to query isRegistered", ex);
-                }
-            });
-        }
-    }
-
-    public Set<UUID> loadBungeeCordIds() {
-        File whitelistFile = new File(plugin.getDataFolder(), FILE_NAME);
-        try {
-            if (!whitelistFile.exists()) {
-                whitelistFile.createNewFile();
-            }
-
-            List<String> lines = Files.readAllLines(whitelistFile.toPath());
-            return lines.stream().map(String::trim).map(UUID::fromString).collect(Collectors.toSet());
-        } catch (IOException ex) {
-            plugin.getLogger().log(Level.SEVERE, "Failed to create file for Proxy whitelist", ex);
-        } catch (Exception ex) {
-            plugin.getLogger().log(Level.SEVERE, "Failed to retrieve proxy Id. Disabling BungeeCord support", ex);
-        }
-
-        return null;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionPacketListener.java

@@ -1,65 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener.protocollib;
-
-import com.comphenix.protocol.PacketType;
-import com.comphenix.protocol.events.PacketAdapter;
-import com.comphenix.protocol.events.PacketEvent;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-
-
-/**
- * Handles incoming encryption responses from connecting clients.
- * It prevents them from reaching the server because that cannot handle
- * it in offline mode.
- *
- * Moreover this manages a started premium check from
- * this plugin. So check if all data is correct and we can prove him as a
- * owner of a paid minecraft account.
- *
- * Receiving packet information:
- * http://wiki.vg/Protocol#Encryption_Response
- *
- * sharedSecret=encrypted byte array
- * verify token=encrypted byte array
- */
-public class EncryptionPacketListener extends PacketAdapter {
-
-    //hides the inherit Plugin plugin field, but we need this type
-    private final FastLoginBukkit plugin;
-
-    public EncryptionPacketListener(FastLoginBukkit plugin) {
-        //run async in order to not block the server, because we make api calls to Mojang
-        super(params(plugin, PacketType.Login.Client.ENCRYPTION_BEGIN).optionAsync());
-
-        this.plugin = plugin;
-    }
-
-    /**
-     * C->S : Handshake State=2
-     * C->S : Login Start
-     * S->C : Encryption Key Request
-     * (Client Auth)
-     * C->S : Encryption Key Response
-     * (Server Auth, Both enable encryption)
-     * S->C : Login Success (*)
-     *
-     * On offline logins is Login Start followed by Login Success
-     *
-     * Minecraft Server implementation
-     * https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L180
-     */
-    @Override
-    public void onPacketReceiving(PacketEvent packetEvent) {
-        if (packetEvent.isCancelled()) {
-            return;
-        }
-
-        Player sender = packetEvent.getPlayer();
-        byte[] sharedSecret = packetEvent.getPacket().getByteArrays().read(0);
-        
-        packetEvent.getAsyncMarker().incrementProcessingDelay();
-        VerifyResponseTask verifyTask = new VerifyResponseTask(plugin, packetEvent, sender, sharedSecret);
-        Bukkit.getScheduler().runTaskAsynchronously(plugin, verifyTask);
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/LoginSkinApplyListener.java

@@ -1,74 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener.protocollib;
-
-import com.comphenix.protocol.reflect.MethodUtils;
-import com.comphenix.protocol.reflect.accessors.Accessors;
-import com.comphenix.protocol.reflect.accessors.MethodAccessor;
-import com.comphenix.protocol.utility.MinecraftReflection;
-import com.comphenix.protocol.wrappers.WrappedGameProfile;
-import com.comphenix.protocol.wrappers.WrappedSignedProperty;
-import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-
-import java.lang.reflect.InvocationTargetException;
-import java.util.logging.Level;
-
-import org.bukkit.entity.Player;
-import org.bukkit.event.EventHandler;
-import org.bukkit.event.EventPriority;
-import org.bukkit.event.Listener;
-import org.bukkit.event.player.PlayerLoginEvent;
-import org.bukkit.event.player.PlayerLoginEvent.Result;
-
-public class LoginSkinApplyListener implements Listener {
-
-    private static final Class<?> GAME_PROFILE = MinecraftReflection.getGameProfileClass();
-
-    private static final MethodAccessor GET_PROPERTIES = Accessors.getMethodAccessor(GAME_PROFILE, "getProperties");
-
-    private final FastLoginBukkit plugin;
-
-    public LoginSkinApplyListener(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-    }
-
-    @EventHandler(priority = EventPriority.LOW)
-    //run this on the loginEvent to let skins plugins see the skin like in normal minecraft behaviour
-    public void onPlayerLogin(PlayerLoginEvent loginEvent) {
-        if (loginEvent.getResult() != Result.ALLOWED) {
-            return;
-        }
-
-        Player player = loginEvent.getPlayer();
-
-        if (plugin.getConfig().getBoolean("forwardSkin")) {
-            //go through every session, because player.getAddress is null 
-            //loginEvent.getAddress is just a InetAddress not InetSocketAddres, so not unique enough
-            for (BukkitLoginSession session : plugin.getSessions().values()) {
-                if (session.getUsername().equals(player.getName())) {
-                    String signature = session.getSkinSignature();
-                    String skinData = session.getEncodedSkinData();
-
-                    applySkin(player, skinData, signature);
-                    break;
-                }
-            }
-        }
-    }
-
-    private void applySkin(Player player, String skinData, String signature) {
-        WrappedGameProfile gameProfile = WrappedGameProfile.fromPlayer(player);
-        if (skinData != null && signature != null) {
-            WrappedSignedProperty skin = WrappedSignedProperty.fromValues("textures", skinData, signature);
-            try {
-                gameProfile.getProperties().put("textures", skin);
-            } catch (ClassCastException castException) {
-                Object map = GET_PROPERTIES.invoke(gameProfile.getHandle());
-                try {
-                    MethodUtils.invokeMethod(map, "put", new Object[]{"textures", skin.getHandle()});
-                } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException ex) {
-                    plugin.getLogger().log(Level.SEVERE, "Error setting premium skin", ex);
-                }
-            }
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java

@@ -1,74 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener.protocollib;
-
-import com.comphenix.protocol.ProtocolLibrary;
-import com.comphenix.protocol.events.PacketEvent;
-import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.core.PlayerProfile;
-import com.github.games647.fastlogin.core.shared.JoinManagement;
-
-import java.util.Random;
-import java.util.logging.Level;
-
-import org.bukkit.entity.Player;
-
-public class NameCheckTask extends JoinManagement<Player, ProtocolLibLoginSource> implements Runnable {
-
-    private final FastLoginBukkit plugin;
-    private final PacketEvent packetEvent;
-
-    private final Random random;
-
-    private final Player player;
-    private final String username;
-
-    public NameCheckTask(FastLoginBukkit plugin, PacketEvent packetEvent, Random random, Player player, String username) {
-        super(plugin.getCore(), plugin.getCore().getAuthPluginHook());
-
-        this.plugin = plugin;
-        this.packetEvent = packetEvent;
-        this.random = random;
-        this.player = player;
-        this.username = username;
-    }
-
-    @Override
-    public void run() {
-        try {
-            super.onLogin(username, new ProtocolLibLoginSource(plugin, packetEvent, player, random));
-        } finally {
-            ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
-        }
-    }
-
-    //minecraft server implementation
-    //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L161
-    @Override
-    public void requestPremiumLogin(ProtocolLibLoginSource source, PlayerProfile profile, String username, boolean registered) {
-        try {
-            source.setOnlineMode();
-        } catch (Exception ex) {
-            plugin.getLogger().log(Level.SEVERE, "Cannot send encryption packet. Falling back to cracked login", ex);
-            return;
-        }
-
-        String ip = player.getAddress().getAddress().getHostAddress();
-        core.getPendingLogins().put(ip + username, new Object());
-
-        String serverId = source.getServerId();
-        byte[] verify = source.getVerifyToken();
-
-        BukkitLoginSession playerSession = new BukkitLoginSession(username, serverId, verify, registered, profile);
-        plugin.getSessions().put(player.getAddress().toString(), playerSession);
-        //cancel only if the player has a paid account otherwise login as normal offline player
-        synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
-            packetEvent.setCancelled(true);
-        }
-    }
-
-    @Override
-    public void startCrackedSession(ProtocolLibLoginSource source, PlayerProfile profile, String username) {
-        BukkitLoginSession loginSession = new BukkitLoginSession(username, profile);
-        plugin.getSessions().put(player.getAddress().toString(), loginSession);
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java

@@ -1,99 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener.protocollib;
-
-import com.comphenix.protocol.PacketType;
-import com.comphenix.protocol.ProtocolLibrary;
-import com.comphenix.protocol.ProtocolManager;
-import com.comphenix.protocol.events.PacketContainer;
-import com.comphenix.protocol.events.PacketEvent;
-import com.comphenix.protocol.wrappers.WrappedChatComponent;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.core.shared.LoginSource;
-
-import java.lang.reflect.InvocationTargetException;
-import java.net.InetSocketAddress;
-import java.security.PublicKey;
-import java.util.Random;
-
-import org.bukkit.entity.Player;
-
-public class ProtocolLibLoginSource implements LoginSource {
-
-    private static final int VERIFY_TOKEN_LENGTH = 4;
-
-    private final FastLoginBukkit plugin;
-
-    private final PacketEvent packetEvent;
-    private final Player player;
-
-    private final Random random;
-
-    private String serverId;
-    private final byte[] verifyToken = new byte[VERIFY_TOKEN_LENGTH];
-
-    public ProtocolLibLoginSource(FastLoginBukkit plugin, PacketEvent packetEvent, Player player, Random random) {
-        this.plugin = plugin;
-        this.packetEvent = packetEvent;
-        this.player = player;
-        this.random = random;
-    }
-
-    @Override
-    public void setOnlineMode() throws Exception {
-        //randomized server id to make sure the request is for our server
-        //this could be relevant http://www.sk89q.com/2011/09/minecraft-name-spoofing-exploit/
-        serverId = Long.toString(random.nextLong(), 16);
-
-        //generate a random token which should be the same when we receive it from the client
-        random.nextBytes(verifyToken);
-        
-        sentEncryptionRequest();
-    }
-
-    @Override
-    public void kick(String message) throws Exception {
-        ProtocolManager protocolManager = ProtocolLibrary.getProtocolManager();
-
-        PacketContainer kickPacket = protocolManager.createPacket(PacketType.Login.Server.DISCONNECT);
-        kickPacket.getChatComponents().write(0, WrappedChatComponent.fromText(message));
-
-        try {
-            //send kick packet at login state
-            //the normal event.getPlayer.kickPlayer(String) method does only work at play state
-            protocolManager.sendServerPacket(player, kickPacket);
-        } finally {
-            //tell the server that we want to close the connection
-            player.kickPlayer("Disconnect");
-        }
-    }
-
-    @Override
-    public InetSocketAddress getAddress() {
-        return packetEvent.getPlayer().getAddress();
-    }
-
-    private void sentEncryptionRequest() throws InvocationTargetException {
-        ProtocolManager protocolManager = ProtocolLibrary.getProtocolManager();
-        /**
-         * Packet Information: http://wiki.vg/Protocol#Encryption_Request
-         *
-         * ServerID="" (String) key=public server key verifyToken=random 4 byte array
-         */
-        PacketContainer newPacket = protocolManager.createPacket(PacketType.Login.Server.ENCRYPTION_BEGIN);
-
-        newPacket.getStrings().write(0, serverId);
-        newPacket.getSpecificModifier(PublicKey.class).write(0, plugin.getServerKey().getPublic());
-
-        newPacket.getByteArrays().write(0, verifyToken);
-
-        //serverId is a empty string
-        protocolManager.sendServerPacket(player, newPacket);
-    }
-
-    public String getServerId() {
-        return serverId;
-    }
-
-    public byte[] getVerifyToken() {
-        return verifyToken;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/StartPacketListener.java

@@ -1,77 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener.protocollib;
-
-import com.comphenix.protocol.PacketType;
-import com.comphenix.protocol.events.PacketAdapter;
-import com.comphenix.protocol.events.PacketContainer;
-import com.comphenix.protocol.events.PacketEvent;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-
-import java.util.Random;
-import java.util.logging.Level;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-
-/**
- * Handles incoming start packets from connecting clients. It
- * checks if we can start checking if the player is premium and
- * start a request to the client that it should start online mode
- * login.
- *
- * Receiving packet information:
- * http://wiki.vg/Protocol#Login_Start
- *
- * String=Username
- */
-public class StartPacketListener extends PacketAdapter {
-
-    //hides the inherit Plugin plugin field, but we need a more detailed type than just Plugin
-    private final FastLoginBukkit plugin;
-
-    //just create a new once on plugin enable. This used for verify token generation
-    private final Random random = new Random();
-
-    public StartPacketListener(FastLoginBukkit plugin) {
-        //run async in order to not block the server, because we are making api calls to Mojang
-        super(params(plugin, PacketType.Login.Client.START).optionAsync());
-
-        this.plugin = plugin;
-    }
-
-    /**
-     * C->S : Handshake State=2
-     * C->S : Login Start
-     * S->C : Encryption Key Request
-     * (Client Auth)
-     * C->S : Encryption Key Response
-     * (Server Auth, Both enable encryption)
-     * S->C : Login Success (*)
-     *
-     * On offline logins is Login Start followed by Login Success
-     */
-    @Override
-    public void onPacketReceiving(PacketEvent packetEvent) {
-        if (packetEvent.isCancelled()
-                || plugin.getCore().getAuthPluginHook()== null || !plugin.isServerFullyStarted()) {
-            return;
-        }
-
-        Player player = packetEvent.getPlayer();
-
-        //this includes ip:port. Should be unique for an incoming login request with a timeout of 2 minutes
-        String sessionKey = player.getAddress().toString();
-
-        //remove old data every time on a new login in order to keep the session only for one person
-        plugin.getSessions().remove(sessionKey);
-
-        //player.getName() won't work at this state
-        PacketContainer packet = packetEvent.getPacket();
-
-        String username = packet.getGameProfiles().read(0).getName();
-        plugin.getLogger().log(Level.FINER, "Player {0} with {1} connecting", new Object[]{sessionKey, username});
-
-        packetEvent.getAsyncMarker().incrementProcessingDelay();
-        NameCheckTask nameCheckTask = new NameCheckTask(plugin, packetEvent, random, player, username);
-        Bukkit.getScheduler().runTaskAsynchronously(plugin, nameCheckTask);
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java

@@ -1,206 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener.protocollib;
-
-import com.comphenix.protocol.PacketType;
-import com.comphenix.protocol.ProtocolLibrary;
-import com.comphenix.protocol.ProtocolManager;
-import com.comphenix.protocol.events.PacketContainer;
-import com.comphenix.protocol.events.PacketEvent;
-import com.comphenix.protocol.injector.netty.Injector;
-import com.comphenix.protocol.injector.server.TemporaryPlayerFactory;
-import com.comphenix.protocol.reflect.FieldUtils;
-import com.comphenix.protocol.reflect.FuzzyReflection;
-import com.comphenix.protocol.wrappers.WrappedChatComponent;
-import com.comphenix.protocol.wrappers.WrappedGameProfile;
-import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
-import com.github.games647.fastlogin.bukkit.EncryptionUtil;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.security.PrivateKey;
-import java.util.Arrays;
-import java.util.UUID;
-import java.util.logging.Level;
-
-import javax.crypto.SecretKey;
-
-import org.bukkit.entity.Player;
-
-public class VerifyResponseTask implements Runnable {
-
-    private final FastLoginBukkit plugin;
-    private final PacketEvent packetEvent;
-
-    private final Player fromPlayer;
-
-    private final byte[] sharedSecret;
-
-    public VerifyResponseTask(FastLoginBukkit plugin, PacketEvent packetEvent, Player fromPlayer, byte[] sharedSecret) {
-        this.plugin = plugin;
-        this.packetEvent = packetEvent;
-        this.fromPlayer = fromPlayer;
-        this.sharedSecret = sharedSecret;
-    }
-
-    @Override
-    public void run() {
-        try {
-            BukkitLoginSession session = plugin.getSessions().get(fromPlayer.getAddress().toString());
-            if (session == null) {
-                disconnect(plugin.getCore().getMessage("invalid-requst"), true
-                        , "Player {0} tried to send encryption response at invalid state", fromPlayer.getAddress());
-            } else {
-                String ip = fromPlayer.getAddress().getAddress().getHostAddress();
-                plugin.getCore().getPendingLogins().remove(ip + session.getUsername());
-
-                verifyResponse(session);
-            }
-        } finally {
-            //this is a fake packet; it shouldn't be send to the server
-            synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
-                packetEvent.setCancelled(true);
-            }
-
-            ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
-        }
-    }
-
-    private void verifyResponse(BukkitLoginSession session) {
-        PrivateKey privateKey = plugin.getServerKey().getPrivate();
-
-        SecretKey loginKey = EncryptionUtil.decryptSharedKey(privateKey, sharedSecret);
-        if (!checkVerifyToken(session, privateKey) || !encryptConnection(loginKey)) {
-            return;
-        }
-
-        //this makes sure the request from the client is for us
-        //this might be relevant http://www.sk89q.com/2011/09/minecraft-name-spoofing-exploit/
-        String generatedId = session.getServerId();
-
-        //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L193
-        //generate the server id based on client and server data
-        byte[] serverIdHash = EncryptionUtil.getServerIdHash(generatedId, plugin.getServerKey().getPublic(), loginKey);
-        String serverId = (new BigInteger(serverIdHash)).toString(16);
-
-        String username = session.getUsername();
-        if (plugin.getCore().getApiConnector().hasJoinedServer(session, serverId)) {
-            plugin.getLogger().log(Level.FINE, "Player {0} has a verified premium account", username);
-
-            session.setVerified(true);
-            setPremiumUUID(session.getUuid());
-            receiveFakeStartPacket(username);
-        } else {
-            //user tried to fake a authentication
-            disconnect(plugin.getCore().getMessage("invalid-session"), true
-                    , "Player {0} ({1}) tried to log in with an invalid session ServerId: {2}"
-                    , session.getUsername(), fromPlayer.getAddress(), serverId);
-        }
-    }
-
-    private void setPremiumUUID(UUID premiumUUID) {
-        if (plugin.getConfig().getBoolean("premiumUuid") && premiumUUID != null) {
-            try {
-                Object networkManager = getNetworkManager();
-                //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/NetworkManager.java#L69
-                FieldUtils.writeField(networkManager, "spoofedUUID", premiumUUID, true);
-            } catch (Exception exc) {
-                plugin.getLogger().log(Level.SEVERE, "Error setting premium uuid", exc);
-            }
-        }
-    }
-
-    private boolean checkVerifyToken(BukkitLoginSession session, PrivateKey privateKey) {
-        byte[] requestVerify = session.getVerifyToken();
-        //encrypted verify token
-        byte[] responseVerify = packetEvent.getPacket().getByteArrays().read(1);
-
-        //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L182
-        if (!Arrays.equals(requestVerify, EncryptionUtil.decryptData(privateKey, responseVerify))) {
-            //check if the verify token are equal to the server sent one
-            disconnect(plugin.getCore().getMessage("invalid-verify-token"), true
-                    , "Player {0} ({1}) tried to login with an invalid verify token. Server: {2} Client: {3}"
-                    , session.getUsername(), packetEvent.getPlayer().getAddress(), requestVerify, responseVerify);
-            return false;
-        }
-
-        return true;
-    }
-
-    //try to get the networkManager from ProtocolLib
-    private Object getNetworkManager() throws IllegalAccessException, NoSuchFieldException {
-        Object injectorContainer = TemporaryPlayerFactory.getInjectorFromPlayer(fromPlayer);
-
-        //ChannelInjector
-        Injector rawInjector = FuzzyReflection.getFieldValue(injectorContainer, Injector.class, true);
-        return FieldUtils.readField(rawInjector, "networkManager", true);
-    }
-
-    private boolean encryptConnection(SecretKey loginKey) throws IllegalArgumentException {
-        try {
-            //get the NMS connection handle of this player
-            Object networkManager = getNetworkManager();
-
-            //try to detect the method by parameters
-            Method encryptMethod = FuzzyReflection
-                    .fromObject(networkManager).getMethodByParameters("a", SecretKey.class);
-
-            //encrypt/decrypt following packets
-            //the client expects this behaviour
-            encryptMethod.invoke(networkManager, loginKey);
-        } catch (Exception ex) {
-            plugin.getLogger().log(Level.SEVERE, "Couldn't enable encryption", ex);
-            disconnect(plugin.getCore().getMessage("error-kick"), false, "Couldn't enable encryption");
-            return false;
-        }
-
-        return true;
-    }
-
-    private void disconnect(String kickReason, boolean debug, String logMessage, Object... arguments) {
-        if (debug) {
-            plugin.getLogger().log(Level.FINE, logMessage, arguments);
-        } else {
-            plugin.getLogger().log(Level.SEVERE, logMessage, arguments);
-        }
-
-        kickPlayer(packetEvent.getPlayer(), kickReason);
-    }
-
-    private void kickPlayer(Player player, String reason) {
-        ProtocolManager protocolManager = ProtocolLibrary.getProtocolManager();
-
-        PacketContainer kickPacket = protocolManager.createPacket(PacketType.Login.Server.DISCONNECT);
-        kickPacket.getChatComponents().write(0, WrappedChatComponent.fromText(reason));
-
-        try {
-            //send kick packet at login state
-            //the normal event.getPlayer.kickPlayer(String) method does only work at play state
-            protocolManager.sendServerPacket(player, kickPacket);
-            //tell the server that we want to close the connection
-            player.kickPlayer("Disconnect");
-        } catch (InvocationTargetException ex) {
-            plugin.getLogger().log(Level.SEVERE, "Error sending kickpacket", ex);
-        }
-    }
-
-    //fake a new login packet in order to let the server handle all the other stuff
-    private void receiveFakeStartPacket(String username) {
-        ProtocolManager protocolManager = ProtocolLibrary.getProtocolManager();
-        
-        //see StartPacketListener for packet information
-        PacketContainer startPacket = protocolManager.createPacket(PacketType.Login.Client.START);
-
-        //uuid is ignored by the packet definition
-        WrappedGameProfile fakeProfile = new WrappedGameProfile(UUID.randomUUID(), username);
-        startPacket.getGameProfiles().write(0, fakeProfile);
-        try {
-            //we don't want to handle our own packets so ignore filters
-            protocolManager.recieveClientPacket(fromPlayer, startPacket, false);
-        } catch (InvocationTargetException | IllegalAccessException ex) {
-            plugin.getLogger().log(Level.WARNING, "Failed to fake a new start packet", ex);
-            //cancel the event in order to prevent the server receiving an invalid packet
-            kickPlayer(fromPlayer, plugin.getCore().getMessage("error-kick"));
-        }
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolLoginSource.java

@@ -1,35 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener.protocolsupport;
-
-import com.github.games647.fastlogin.core.shared.LoginSource;
-
-import java.net.InetSocketAddress;
-
-import protocolsupport.api.events.PlayerLoginStartEvent;
-
-public class ProtocolLoginSource implements LoginSource {
-
-    private final PlayerLoginStartEvent loginStartEvent;
-
-    public ProtocolLoginSource(PlayerLoginStartEvent loginStartEvent) {
-        this.loginStartEvent = loginStartEvent;
-    }
-
-    @Override
-    public void setOnlineMode() {
-        loginStartEvent.setOnlineMode(true);
-    }
-
-    @Override
-    public void kick(String message) {
-        loginStartEvent.denyLogin(message);
-    }
-
-    @Override
-    public InetSocketAddress getAddress() {
-        return loginStartEvent.getAddress();
-    }
-
-    public PlayerLoginStartEvent getLoginStartEvent() {
-        return loginStartEvent;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocolsupport/ProtocolSupportListener.java

@@ -1,76 +0,0 @@
-package com.github.games647.fastlogin.bukkit.listener.protocolsupport;
-
-import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.core.shared.JoinManagement;
-import com.github.games647.fastlogin.core.PlayerProfile;
-
-import java.net.InetSocketAddress;
-
-import org.bukkit.entity.Player;
-import org.bukkit.event.EventHandler;
-import org.bukkit.event.Listener;
-
-import protocolsupport.api.events.PlayerLoginStartEvent;
-import protocolsupport.api.events.PlayerPropertiesResolveEvent;
-
-public class ProtocolSupportListener extends JoinManagement<Player, ProtocolLoginSource> implements Listener {
-
-    private final FastLoginBukkit plugin;
-
-    public ProtocolSupportListener(FastLoginBukkit plugin) {
-        super(plugin.getCore(), plugin.getCore().getAuthPluginHook());
-
-        this.plugin = plugin;
-    }
-
-    @EventHandler
-    public void onLoginStart(PlayerLoginStartEvent loginStartEvent) {
-        plugin.setServerStarted();
-        if (loginStartEvent.isLoginDenied() || plugin.getCore().getAuthPluginHook() == null) {
-            return;
-        }
-
-        String username = loginStartEvent.getName();
-        InetSocketAddress address = loginStartEvent.getAddress();
-
-        //remove old data every time on a new login in order to keep the session only for one person
-        plugin.getSessions().remove(address.toString());
-
-        super.onLogin(username, new ProtocolLoginSource(loginStartEvent));
-    }
-
-    @EventHandler
-    public void onPropertiesResolve(PlayerPropertiesResolveEvent propertiesResolveEvent) {
-        InetSocketAddress address = propertiesResolveEvent.getAddress();
-        BukkitLoginSession session = plugin.getSessions().get(address.toString());
-
-        //skin was resolved -> premium player
-        if (propertiesResolveEvent.hasProperty("textures") && session != null) {
-            String ip = address.getAddress().getHostAddress();
-            plugin.getCore().getPendingLogins().remove(ip + session.getUsername());
-
-            session.setVerified(true);
-        }
-    }
-
-    @Override
-    public void requestPremiumLogin(ProtocolLoginSource source, PlayerProfile profile, String username, boolean registered) {
-        source.setOnlineMode();
-
-        String ip = source.getAddress().getAddress().getHostAddress();
-        plugin.getCore().getPendingLogins().put(ip + username, new Object());
-
-        BukkitLoginSession playerSession = new BukkitLoginSession(username, null, null, registered, profile);
-        plugin.getSessions().put(source.getAddress().toString(), playerSession);
-        if (plugin.getConfig().getBoolean("premiumUuid")) {
-            source.getLoginStartEvent().setUseOnlineModeUUID(true);
-        }
-    }
-
-    @Override
-    public void startCrackedSession(ProtocolLoginSource source, PlayerProfile profile, String username) {
-        BukkitLoginSession loginSession = new BukkitLoginSession(username, profile);
-        plugin.getSessions().put(source.getAddress().toString(), loginSession);
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/tasks/DelayedAuthHook.java

@@ -1,75 +0,0 @@
-package com.github.games647.fastlogin.bukkit.tasks;
-
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.bukkit.hooks.AuthMeHook;
-import com.github.games647.fastlogin.bukkit.hooks.CrazyLoginHook;
-import com.github.games647.fastlogin.bukkit.hooks.LogItHook;
-import com.github.games647.fastlogin.bukkit.hooks.LoginSecurityHook;
-import com.github.games647.fastlogin.bukkit.hooks.UltraAuthHook;
-import com.github.games647.fastlogin.bukkit.hooks.xAuthHook;
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-import com.google.common.collect.Lists;
-
-import java.util.List;
-import java.util.logging.Level;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-
-public class DelayedAuthHook implements Runnable {
-
-    private final FastLoginBukkit plugin;
-
-    public DelayedAuthHook(FastLoginBukkit plugin) {
-        this.plugin = plugin;
-    }
-
-    @Override
-    public void run() {
-        boolean hookFound = registerHooks();
-        if (plugin.isBungeeCord()) {
-            plugin.getLogger().info("BungeeCord setting detected. No auth plugin is required");
-        } else if (!hookFound) {
-            plugin.getLogger().warning("No auth plugin were found by this plugin "
-                    + "(other plugins could hook into this after the intialization of this plugin)"
-                    + "and bungeecord is deactivated. "
-                    + "Either one or both of the checks have to pass in order to use this plugin");
-        }
-    }
-
-    private boolean registerHooks() {
-        AuthPlugin<Player> authPluginHook = null;
-        try {
-            @SuppressWarnings("unchecked")
-            List<Class<? extends AuthPlugin<Player>>> supportedHooks = Lists.newArrayList(AuthMeHook.class
-                    , CrazyLoginHook.class, LogItHook.class, LoginSecurityHook.class, UltraAuthHook.class
-                    , xAuthHook.class);
-
-            for (Class<? extends AuthPlugin<Player>> clazz : supportedHooks) {
-                String pluginName = clazz.getSimpleName().replace("Hook", "");
-                //uses only member classes which uses AuthPlugin interface (skip interfaces)
-                if (Bukkit.getServer().getPluginManager().getPlugin(pluginName) != null) {
-                    //check only for enabled plugins. A single plugin could be disabled by plugin managers
-                    authPluginHook = clazz.newInstance();
-                    plugin.getLogger().log(Level.INFO, "Hooking into auth plugin: {0}", pluginName);
-                    break;
-                }
-            }
-        } catch (InstantiationException | IllegalAccessException ex) {
-            plugin.getLogger().log(Level.SEVERE, "Couldn't load the integration class", ex);
-        }
-
-        if (authPluginHook == null) {
-            //run this check for exceptions (errors) and not found plugins
-            plugin.getLogger().warning("No support offline Auth plugin found. ");
-            return false;
-        }
-
-        if (plugin.getCore().getAuthPluginHook() == null) {
-            plugin.getCore().setAuthPluginHook(authPluginHook);
-            plugin.setServerStarted();
-        }
-        
-        return true;
-    }
-}

bukkit/src/main/java/com/github/games647/fastlogin/bukkit/tasks/ForceLoginTask.java

@@ -1,133 +0,0 @@
-package com.github.games647.fastlogin.bukkit.tasks;
-
-import com.github.games647.fastlogin.bukkit.BukkitLoginSession;
-import com.github.games647.fastlogin.bukkit.FastLoginBukkit;
-import com.github.games647.fastlogin.core.AuthStorage;
-import com.github.games647.fastlogin.core.PlayerProfile;
-import com.github.games647.fastlogin.core.hooks.AuthPlugin;
-import com.google.common.io.ByteArrayDataOutput;
-import com.google.common.io.ByteStreams;
-
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
-import java.util.logging.Level;
-
-import org.bukkit.Bukkit;
-import org.bukkit.entity.Player;
-
-public class ForceLoginTask implements Runnable {
-
-    private final FastLoginBukkit plugin;
-    private final Player player;
-
-    public ForceLoginTask(FastLoginBukkit plugin, Player player) {
-        this.plugin = plugin;
-        this.player = player;
-    }
-
-    @Override
-    public void run() {
-        if (!isOnlineThreadSafe()) {
-            return;
-        }
-
-        //remove the bungeecord identifier if there is ones
-        String id = '/' + player.getAddress().getAddress().getHostAddress() + ':' + player.getAddress().getPort();
-        BukkitLoginSession session = plugin.getSessions().remove(id);
-        if (session == null) {
-            return;
-        }
-
-        AuthStorage storage = plugin.getCore().getStorage();
-        PlayerProfile playerProfile = session.getProfile();
-
-        //check if it's the same player as we checked before
-        if (session.isVerified() && player.getName().equals(session.getUsername())) {
-            //premium player
-            AuthPlugin<Player> authPlugin = plugin.getCore().getAuthPluginHook();
-            if (authPlugin == null) {
-                //maybe only bungeecord plugin
-                sendSuccessNotification();
-            } else {
-                boolean success = false;
-                if (isOnlineThreadSafe()) {
-                    if (plugin.getConfig().getBoolean("autoLogin")) {
-                        if (session.needsRegistration()) {
-                            success = forceRegister(authPlugin, player);
-                        } else {
-                            success = forceLogin(authPlugin, player);
-                        }
-                    } else {
-                        success = true;
-                    }
-                }
-
-                if (success) {
-                    //update only on success to prevent corrupt data
-                    if (playerProfile != null) {
-                        playerProfile.setUuid(session.getUuid());
-                        //save cracked players too
-                        playerProfile.setPremium(true);
-                        storage.save(playerProfile);
-                    }
-
-                    sendSuccessNotification();
-                }
-            }
-        } else {
-            //cracked player
-            if (playerProfile != null) {
-                playerProfile.setUuid(null);
-                playerProfile.setPremium(false);
-                storage.save(playerProfile);
-            }
-        }
-    }
-
-    private boolean forceRegister(AuthPlugin<Player> authPlugin, Player player) {
-        plugin.getLogger().log(Level.FINE, "Register player {0}", player.getName());
-
-        String generatedPassword = plugin.getCore().getPasswordGenerator().getRandomPassword(player);
-        boolean success = authPlugin.forceRegister(player, generatedPassword);
-        String message = plugin.getCore().getMessage("auto-register");
-        if (success && message != null) {
-            message = message.replace("%password", generatedPassword);
-            player.sendMessage(message);
-        }
-
-        return success;
-    }
-
-    private boolean forceLogin(AuthPlugin<Player> authPlugin, Player player) {
-        plugin.getLogger().log(Level.FINE, "Logging player {0} in", player.getName());
-        boolean success = authPlugin.forceLogin(player);
-
-        String message = plugin.getCore().getMessage("auto-login");
-        if (success && message != null) {
-            player.sendMessage(message);
-        }
-
-        return success;
-    }
-
-    private void sendSuccessNotification() {
-        if (plugin.isBungeeCord()) {
-            ByteArrayDataOutput dataOutput = ByteStreams.newDataOutput();
-            dataOutput.writeUTF("SUCCESS");
-
-            player.sendPluginMessage(plugin, plugin.getName(), dataOutput.toByteArray());
-        }
-    }
-
-    private boolean isOnlineThreadSafe() {
-        //the playerlist isn't thread-safe
-        Future<Boolean> onlineFuture = Bukkit.getScheduler().callSyncMethod(plugin, player::isOnline);
-
-        try {
-            return onlineFuture.get();
-        } catch (InterruptedException | ExecutionException ex) {
-            plugin.getLogger().log(Level.SEVERE, "Failed to perform thread-safe online check", ex);
-            return false;
-        }
-    }
-}

bukkit/src/main/resources/plugin.yml

@@ -1,23 +1,35 @@
-# project informations for Bukkit in order to register our plugin with all it components
+# project data for Bukkit in order to register our plugin with all it's components
 # ${-} are variables from Maven (pom.xml) which will be replaced after the build
 name: ${project.parent.name}
-version: ${project.version}
+version: ${project.version}-${git.commit.id.abbrev}
 main: ${project.groupId}.${project.artifactId}.${project.name}
 
-# meta informations for plugin managers
+# meta data for plugin managers
 authors: [games647, 'https://github.com/games647/FastLogin/graphs/contributors']
 description: |
     ${project.description}
 website: ${project.url}
 dev-url: ${project.url}
 
-# Load the plugin as early as possible to inject it for all players
-load: STARTUP
+# This plugin doesn't have to be transformed for compatibility with Minecraft >= 1.13
+api-version: '1.13'
 
 softdepend:
-    # We depend either ProtocolLib or ProtocolSupport
+    # We depend on either ProtocolLib or ProtocolSupport
     - ProtocolSupport
     - ProtocolLib
+    # Premium variable
+    - PlaceholderAPI
+    # Bedrock Player Bridge
+    - Geyser-Spigot
+    - floodgate
+    # Auth plugins
+    - AuthMe
+    - CrazyLogin
+    - LoginSecurity
+    - LogIt
+    - UltraAuth
+    - xAuth
 
 commands:
     ${project.parent.name}:
@@ -27,16 +39,11 @@ commands:
         permission: ${project.artifactId}.command.premium
 
     cracked:
-        description: 'Label the invoker or the player specified as cracked if he was marked premium before'
+        description: 'Label the invoker or the player specified as cracked if marked premium before'
         aliases: [unpremium]
         usage: /<command> [player]
         permission: ${project.artifactId}.command.cracked
 
-    import-auth:
-        description: 'Imports the auth data from another auto login'
-        usage: /<command> [player]
-        permission: ${project.artifactId}.command.import
-
 permissions:
     ${project.artifactId}.command.premium:
         description: 'Label themselves as premium'
@@ -54,4 +61,4 @@ permissions:
     ${project.artifactId}.command.cracked.other:
         description: 'Label others as cracked'
         children:
-            ${project.artifactId}.command.cracked: true
+            ${project.artifactId}.command.cracked: true

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/FastLoginBukkitTest.java

@@ -0,0 +1,50 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit;
+
+import com.github.games647.fastlogin.core.CommonUtil;
+import lombok.val;
+import net.md_5.bungee.api.chat.TextComponent;
+import net.md_5.bungee.chat.ComponentSerializer;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+class FastLoginBukkitTest {
+
+    @Test
+    void testRGB() {
+        val message = "&x00002a00002b&lText";
+        val msg = CommonUtil.translateColorCodes(message);
+        assertEquals(msg, "§x00002a00002b§lText");
+
+        @SuppressWarnings("deprecation")
+        val components = TextComponent.fromLegacyText(msg);
+        val expected = "{\"bold\":true,\"color\":\"#00a00b\",\"text\":\"Text\"}";
+        //noinspection deprecation
+        assertEquals(ComponentSerializer.toString(components), expected);
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/ReflectionTest.java

@@ -0,0 +1,43 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit;
+
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import fr.xephi.authme.api.v3.AuthMeApi;
+import fr.xephi.authme.process.Management;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+class ReflectionTest {
+
+    @Test
+    void testAuthMeManagementField() {
+        FieldAccessor accessor = Accessors.getFieldAccessor(AuthMeApi.class, Management.class, true);
+        assertNotNull(accessor.getField());
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/auth/protocollib/Base64Adapter.java

@@ -0,0 +1,49 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.google.gson.TypeAdapter;
+import com.google.gson.stream.JsonReader;
+import com.google.gson.stream.JsonWriter;
+import lombok.val;
+
+import java.io.IOException;
+import java.util.Base64;
+
+public class Base64Adapter extends TypeAdapter<byte[]> {
+
+    @Override
+    public void write(JsonWriter out, byte[] value) throws IOException {
+        val encoded = Base64.getEncoder().encodeToString(value);
+        out.value(encoded);
+    }
+
+    @Override
+    public byte[] read(JsonReader in) throws IOException {
+        String encoded = in.nextString();
+        return Base64.getDecoder().decode(encoded);
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/auth/protocollib/EncryptionUtilTest.java

@@ -0,0 +1,298 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.github.games647.fastlogin.bukkit.auth.protocollib.SignatureTestData.SignatureData;
+import com.github.games647.fastlogin.bukkit.auth.protocollib.packet.ClientPublicKey;
+import com.google.common.hash.Hashing;
+import lombok.val;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.math.BigInteger;
+import java.nio.charset.StandardCharsets;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.security.interfaces.RSAPublicKey;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.UUID;
+import java.util.concurrent.ThreadLocalRandom;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class EncryptionUtilTest {
+
+    @Test
+    void testVerifyToken() {
+        @SuppressWarnings("SharedThreadLocalRandom") val random = ThreadLocalRandom.current();
+        byte[] token = EncryptionUtil.generateVerifyToken(random);
+
+        assertAll(
+                () -> assertNotNull(token),
+                () -> assertEquals(token.length, 4)
+        );
+    }
+
+    @Test
+    void testServerKey() {
+        KeyPair keyPair = EncryptionUtil.generateKeyPair();
+
+        Key privateKey = keyPair.getPrivate();
+        assertEquals(privateKey.getAlgorithm(), "RSA");
+
+        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
+        assertEquals(publicKey.getAlgorithm(), "RSA");
+
+        // clients accept larger values than the standard vanilla server, but we shouldn't crash them
+        assertAll(
+                () -> assertTrue(publicKey.getModulus().bitLength() >= 1024),
+                () -> assertTrue(publicKey.getModulus().bitLength() < 8192)
+        );
+    }
+
+    @Test
+    void testExpiredClientKey() throws Exception {
+        val clientKey = com.github.games647.fastlogin.bukkit.auth.protocollib.ResourceLoader.loadClientKey("client_keys/valid_public_key.json");
+
+        // Client expires at the exact second mentioned, so use it for verification
+        val expiredTimestamp = clientKey.expiry();
+        assertFalse(EncryptionUtil.verifyClientKey(clientKey, expiredTimestamp, null));
+    }
+
+    @ParameterizedTest
+    @ValueSource(strings = {
+            // expiration date changed should make the signature invalid while still being not expired
+            "client_keys/invalid_wrong_expiration.json",
+            // changed public key no longer corresponding to the signature
+            "client_keys/invalid_wrong_key.json",
+            // signature modified no longer corresponding to key and expiration date
+            "client_keys/invalid_wrong_signature.json"
+    })
+    void testInvalidClientKey(String clientKeySource) throws Exception {
+        val clientKey = com.github.games647.fastlogin.bukkit.auth.protocollib.ResourceLoader.loadClientKey(clientKeySource);
+        Instant expireTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
+
+        assertFalse(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp, null));
+    }
+
+    @Test
+    void testValidClientKey() throws Exception {
+        val clientKey = com.github.games647.fastlogin.bukkit.auth.protocollib.ResourceLoader.loadClientKey("client_keys/valid_public_key.json");
+        val verificationTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
+
+        assertTrue(EncryptionUtil.verifyClientKey(clientKey, verificationTimestamp, null));
+    }
+
+    @Test
+    void testValid191ClientKey() throws Exception {
+        val clientKey = com.github.games647.fastlogin.bukkit.auth.protocollib.ResourceLoader.loadClientKey("client_keys/valid_public_key_19_1.json");
+        val verificationTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
+
+        val ownerPremiumId = UUID.fromString("0aaa2c13-922a-411b-b655-9b8c08404695");
+        assertTrue(EncryptionUtil.verifyClientKey(clientKey, verificationTimestamp, ownerPremiumId));
+    }
+
+    @Test
+    void testIncorrect191ClientOwner() throws Exception {
+        val clientKey = com.github.games647.fastlogin.bukkit.auth.protocollib.ResourceLoader.loadClientKey("client_keys/valid_public_key_19_1.json");
+        val verificationTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
+
+        val ownerPremiumId = UUID.fromString("61699b2e-d327-4a01-9f1e-0ea8c3f06bc6");
+        assertFalse(EncryptionUtil.verifyClientKey(clientKey, verificationTimestamp, ownerPremiumId));
+    }
+
+    @Test
+    void testDecryptSharedSecret() throws Exception {
+        KeyPair serverPair = EncryptionUtil.generateKeyPair();
+        val serverPK = serverPair.getPublic();
+
+        SecretKey secretKey = generateSharedKey();
+        byte[] encryptedSecret = encrypt(serverPK, secretKey.getEncoded());
+
+        SecretKey decryptSharedKey = EncryptionUtil.decryptSharedKey(serverPair.getPrivate(), encryptedSecret);
+        assertEquals(decryptSharedKey, secretKey);
+    }
+
+    private static byte[] encrypt(PublicKey receiverKey, byte... message)
+            throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
+            IllegalBlockSizeException, BadPaddingException {
+        val encryptCipher = Cipher.getInstance(receiverKey.getAlgorithm());
+        encryptCipher.init(Cipher.ENCRYPT_MODE, receiverKey);
+        return encryptCipher.doFinal(message);
+    }
+
+    private static SecretKeySpec generateSharedKey() {
+        // according to wiki.vg 16 bytes long
+        byte[] sharedKey = new byte[16];
+        ThreadLocalRandom.current().nextBytes(sharedKey);
+        // shared key is to be used for the AES/CFB8 stream cipher to encrypt the traffic
+        // therefore the encryption/decryption has to be AES
+        return new SecretKeySpec(sharedKey, "AES");
+    }
+
+    @Test
+    void testServerIdHash() throws Exception {
+        val serverId = "";
+        val sharedSecret = generateSharedKey();
+        val serverPK = com.github.games647.fastlogin.bukkit.auth.protocollib.ResourceLoader.loadClientKey("client_keys/valid_public_key.json").key();
+
+        String sessionHash = getServerHash(serverId, sharedSecret, serverPK);
+        assertEquals(EncryptionUtil.getServerIdHashString(serverId, sharedSecret, serverPK), sessionHash);
+    }
+
+    private static String getServerHash(@SuppressWarnings("SameParameterValue") CharSequence serverId,
+                                        SecretKey sharedSecret, PublicKey serverPK) {
+        // https://wiki.vg/Protocol_Encryption#Client
+        // sha1 := Sha1()
+        // sha1.update(ASCII encoding of the server id string from Encryption Request)
+        // sha1.update(shared secret)
+        // sha1.update(server's encoded public key from Encryption Request)
+        // hash := sha1.hexdigest() # String of hex characters
+        @SuppressWarnings("deprecation")
+        val hasher = Hashing.sha1().newHasher();
+        hasher.putString(serverId, StandardCharsets.US_ASCII);
+        hasher.putBytes(sharedSecret.getEncoded());
+        hasher.putBytes(serverPK.getEncoded());
+        //  It works by treating the sha1 output bytes as one large integer in two's complement and then printing the
+        //  integer in base 16, placing a minus sign if the interpreted number is negative.
+        // reference: 
+        // https://github.com/SpigotMC/BungeeCord/blob/ff5727c5ef9c0b56ad35f9816ae6bd660b622cf0/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java#L456
+        return new BigInteger(hasher.hash().asBytes()).toString(16);
+    }
+
+    @Test
+    void testServerIdHashWrongSecret() throws Exception {
+        val serverId = "";
+        val sharedSecret = generateSharedKey();
+        val serverPK = com.github.games647.fastlogin.bukkit.auth.protocollib.ResourceLoader.loadClientKey("client_keys/valid_public_key.json").key();
+
+        String sessionHash = getServerHash(serverId, sharedSecret, serverPK);
+        assertNotEquals(EncryptionUtil.getServerIdHashString("", generateSharedKey(), serverPK), sessionHash);
+    }
+
+    @Test
+    void testServerIdHashWrongServerKey() {
+        val serverId = "";
+        val sharedSecret = generateSharedKey();
+        val serverPK = EncryptionUtil.generateKeyPair().getPublic();
+
+        String sessionHash = getServerHash(serverId, sharedSecret, serverPK);
+        val wrongPK = EncryptionUtil.generateKeyPair().getPublic();
+        assertNotEquals(EncryptionUtil.getServerIdHashString("", sharedSecret, wrongPK), sessionHash);
+    }
+
+    @Test
+    void testValidSignedNonce() throws Exception {
+        ClientPublicKey clientKey = com.github.games647.fastlogin.bukkit.auth.protocollib.ResourceLoader.loadClientKey("client_keys/valid_public_key.json");
+        SignatureTestData testData = SignatureTestData.fromResource("signature/valid_signature.json");
+        assertTrue(verifySignedNonce(testData, clientKey));
+    }
+
+    @ParameterizedTest
+    @ValueSource(strings = {
+            "signature/incorrect_nonce.json",
+            "signature/incorrect_salt.json",
+            "signature/incorrect_signature.json",
+    })
+    void testIncorrectNonce(String signatureSource) throws Exception {
+        ClientPublicKey clientKey = com.github.games647.fastlogin.bukkit.auth.protocollib.ResourceLoader.loadClientKey("client_keys/valid_public_key.json");
+        SignatureTestData testData = SignatureTestData.fromResource(signatureSource);
+        assertFalse(verifySignedNonce(testData, clientKey));
+    }
+
+    @Test
+    void testWrongPublicKeySigned() throws Exception {
+        // load a different public key
+        ClientPublicKey clientKey = com.github.games647.fastlogin.bukkit.auth.protocollib.ResourceLoader.loadClientKey("client_keys/invalid_wrong_key.json");
+        SignatureTestData testData = SignatureTestData.fromResource("signature/valid_signature.json");
+        assertFalse(verifySignedNonce(testData, clientKey));
+    }
+
+    private static boolean verifySignedNonce(SignatureTestData testData, ClientPublicKey clientKey)
+            throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+        PublicKey clientPublicKey = clientKey.key();
+
+        byte[] nonce = testData.getNonce();
+        SignatureData signature = testData.getSignature();
+        long salt = signature.getSalt();
+        return EncryptionUtil.verifySignedNonce(nonce, clientPublicKey, salt, signature.getSignature());
+    }
+
+    @Test
+    void testNonce() throws Exception {
+        byte[] expected = {1, 2, 3, 4};
+        val serverKey = EncryptionUtil.generateKeyPair();
+        val encryptedNonce = encrypt(serverKey.getPublic(), expected);
+
+        assertTrue(EncryptionUtil.verifyNonce(expected, serverKey.getPrivate(), encryptedNonce));
+    }
+
+    @Test
+    void testNonceIncorrect() throws Exception {
+        byte[] expected = {1, 2, 3, 4};
+        val serverKey = EncryptionUtil.generateKeyPair();
+
+        // flipped first character
+        val encryptedNonce = encrypt(serverKey.getPublic(), new byte[]{0, 2, 3, 4});
+        assertFalse(EncryptionUtil.verifyNonce(expected, serverKey.getPrivate(), encryptedNonce));
+    }
+
+    @Test
+    void testNonceFailedDecryption() throws Exception {
+        byte[] expected = {1, 2, 3, 4};
+        val serverKey = EncryptionUtil.generateKeyPair();
+        // generate a new keypair that is different
+        val encryptedNonce = encrypt(EncryptionUtil.generateKeyPair().getPublic(), expected);
+
+        assertThrows(GeneralSecurityException.class,
+                () -> EncryptionUtil.verifyNonce(expected, serverKey.getPrivate(), encryptedNonce)
+        );
+    }
+
+    @Test
+    void testNonceIncorrectEmpty() {
+        byte[] expected = {1, 2, 3, 4};
+        val serverKey = EncryptionUtil.generateKeyPair();
+        byte[] encryptedNonce = {};
+
+        assertThrows(GeneralSecurityException.class,
+                () -> EncryptionUtil.verifyNonce(expected, serverKey.getPrivate(), encryptedNonce)
+        );
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/auth/protocollib/ResourceLoader.java

@@ -0,0 +1,101 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.github.games647.fastlogin.bukkit.auth.protocollib.packet.ClientPublicKey;
+import com.google.common.io.Resources;
+import com.google.gson.Gson;
+import com.google.gson.JsonObject;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemReader;
+
+import java.io.IOException;
+import java.io.Reader;
+import java.io.StringReader;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.time.Instant;
+import java.util.Base64;
+
+public class ResourceLoader {
+
+    private ResourceLoader() {
+        // Utility
+    }
+
+    public static RSAPrivateKey parsePrivateKey(String keySpec)
+        throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+        try (
+            Reader reader = new StringReader(keySpec);
+            PemReader pemReader = new PemReader(reader)
+        ) {
+            PemObject pemObject = pemReader.readPemObject();
+            byte[] content = pemObject.getContent();
+            KeySpec privateKeySpec = new PKCS8EncodedKeySpec(content);
+
+            KeyFactory factory = KeyFactory.getInstance("RSA");
+            return (RSAPrivateKey) factory.generatePrivate(privateKeySpec);
+        }
+    }
+
+    protected static ClientPublicKey loadClientKey(String path)
+        throws NoSuchAlgorithmException, IOException, InvalidKeySpecException {
+        URL keyUrl = Resources.getResource(path);
+
+        String lines = Resources.toString(keyUrl, StandardCharsets.US_ASCII);
+        JsonObject object = new Gson().fromJson(lines, JsonObject.class);
+
+        Instant expires = Instant.parse(object.getAsJsonPrimitive("expires_at").getAsString());
+        String key = object.getAsJsonPrimitive("key").getAsString();
+        RSAPublicKey publicKey = parsePublicKey(key);
+
+        byte[] signature = Base64.getDecoder().decode(object.getAsJsonPrimitive("signature").getAsString());
+        return ClientPublicKey.of(expires, publicKey, signature);
+    }
+
+    private static RSAPublicKey parsePublicKey(String keySpec)
+        throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
+        try (
+            Reader reader = new StringReader(keySpec);
+            PemReader pemReader = new PemReader(reader)
+        ) {
+            PemObject pemObject = pemReader.readPemObject();
+            byte[] content = pemObject.getContent();
+            KeySpec pubKeySpec = new X509EncodedKeySpec(content);
+
+            KeyFactory factory = KeyFactory.getInstance("RSA");
+            return (RSAPublicKey) factory.generatePublic(pubKeySpec);
+        }
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/auth/protocollib/SignatureTestData.java

@@ -0,0 +1,73 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.google.common.io.Resources;
+import com.google.gson.Gson;
+import com.google.gson.annotations.JsonAdapter;
+import lombok.val;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+public class SignatureTestData {
+
+    public static SignatureTestData fromResource(String resourceName) throws IOException {
+        val keyUrl = Resources.getResource(resourceName);
+        val encodedSignature = Resources.toString(keyUrl, StandardCharsets.US_ASCII);
+
+        return new Gson().fromJson(encodedSignature, SignatureTestData.class);
+    }
+
+    @JsonAdapter(Base64Adapter.class)
+    private byte[] nonce;
+
+    private SignatureData signature;
+
+    public byte[] getNonce() {
+        return nonce;
+    }
+
+    public SignatureData getSignature() {
+        return signature;
+    }
+
+    public static class SignatureData {
+
+        private long salt;
+
+        @JsonAdapter(Base64Adapter.class)
+        private byte[] signature;
+
+        public long getSalt() {
+            return salt;
+        }
+
+        public byte[] getSignature() {
+            return signature;
+        }
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/auth/protocollib/VerifyResponseTaskTest.java

@@ -0,0 +1,66 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.auth.protocollib;
+
+import com.comphenix.protocol.injector.packet.PacketRegistry;
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import com.comphenix.protocol.utility.MinecraftReflection;
+import org.bukkit.Bukkit;
+import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
+
+import java.util.Optional;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mockStatic;
+
+class VerifyResponseTaskTest {
+
+    private static final String NETTY_INJECTOR_CLASS =
+            "com.comphenix.protocol.injector.netty.channel.NettyChannelInjector";
+
+    @Test
+    void getNetworkManagerReflection() throws ClassNotFoundException {
+        try (
+                MockedStatic<Bukkit> bukkitMock = mockStatic(Bukkit.class);
+                MockedStatic<MinecraftReflection> reflectionMock = mockStatic(MinecraftReflection.class);
+                MockedStatic<PacketRegistry> registryMock = mockStatic(PacketRegistry.class)
+        ) {
+            bukkitMock.when(Bukkit::getVersion).thenReturn("git-Bukkit-18fbb24 (MC: 1.17)");
+            reflectionMock.when(MinecraftReflection::getMinecraftPackage).thenReturn("xyz");
+            reflectionMock.when(MinecraftReflection::getEnumProtocolClass).thenReturn(Object.class);
+
+            registryMock.when(() -> PacketRegistry.tryGetPacketClass(any())).thenReturn(Optional.empty());
+            
+            
+            Class<?> injectorClass = Class.forName(NETTY_INJECTOR_CLASS);
+            FieldAccessor accessor = Accessors.getFieldAccessorOrNull(injectorClass, "networkManager", Object.class);
+            assertNotNull(accessor.getField());
+        }
+    }
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/hook/CrazyLoginHookTest.java

@@ -0,0 +1,44 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.comphenix.protocol.reflect.accessors.Accessors;
+import com.comphenix.protocol.reflect.accessors.FieldAccessor;
+import de.st_ddt.crazylogin.CrazyLogin;
+import de.st_ddt.crazylogin.listener.PlayerListener;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+class CrazyLoginHookTest {
+
+    @Test
+    void testPlayerListener() {
+        FieldAccessor accessor = Accessors.getFieldAccessor(CrazyLogin.class, PlayerListener.class, true);
+        assertNotNull(accessor.getField());
+    }
+
+}

bukkit/src/test/java/com/github/games647/fastlogin/bukkit/hook/DelayedAuthHookTest.java

@@ -0,0 +1,60 @@
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2024 games647 and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.github.games647.fastlogin.bukkit.hook;
+
+import com.github.games647.fastlogin.core.hooks.AuthPlugin;
+import lombok.val;
+import org.bukkit.entity.Player;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+class DelayedAuthHookTest {
+
+    @Test
+    void createNewReflectiveInstance() throws ReflectiveOperationException {
+        val authHook = new DelayedAuthHook(null);
+        assertNotNull(authHook.newInstance(DummyHook.class));
+    }
+
+    public static class DummyHook implements AuthPlugin<Player> {
+
+        @Override
+        public boolean forceLogin(Player player) {
+            return false;
+        }
+
+        @Override
+        public boolean forceRegister(Player player, String password) {
+            return false;
+        }
+
+        @Override
+        public boolean isRegistered(String playerName) throws Exception {
+            return false;
+        }
+    }
+}

bukkit/src/test/java/integration/README.md

@@ -0,0 +1,53 @@
+# Integration tests for authentication
+
+## Description
+
+Projects require integration tests in order to check against errors that could only occur if connected to other
+components. However, they are heavier in terms of performance and require a more complex setup. Unit tests often make
+use of fake, mock, stubs, etc. implementations to test the unit in isolation and thus could hide issues across
+boundaries of a unit. Nevertheless, both are not replacement for each other.
+
+## Usage in this project
+
+The authentication system is a core component, so it requires some kind of testing. Here we are going to
+spin up a Spigot server and test with the supported authentication schemes against the implementation of MCProtocolLib.
+
+### Goals
+
+* OS platform independent
+* Reproducible, but not fixed to a specific image hash
+    * This is a dev container, so fixing it to feature/major version is enough instead of a version fixed by hash
+* Improve container spin up
+    * E.g. Remove/Reduce world generation
+
+### Note on automation
+
+The simplest solution it to use the official Mojang session and authentication servers. However, this would require
+a spare Minecraft account. Mocking the auth servers would be a solution to avoid this.
+
+## Related
+
+Interest blog article about integration tests and why they are necessary.
+https://software.rajivprab.com/2019/04/28/rethinking-software-testing-perspectives-from-the-world-of-hardware/
+
+## Issues
+
+### Slow startup
+
+Tried a lot of optimizations like only loading a single world without the nether or the end. However, there the startup
+is still slow. If you have any ideas on how to tune the startup parameters of the Minecraft server or the JVM
+itself to reduce the startup time, please suggest it.
+
+### Checkpoint
+
+An idea to optimize the time is to use CRIU (checkpoint and restore). So to save the process at a certain stage and
+restore all data multiple times. This could cause a lot of issues like open files have to be present. However, the
+impact is significant and since it runs inside the container all files, pids (pid=1) should be matching. Potential
+checkpoint locations are:
+
+* Direct before loading the plugins
+  * Likely before binding the port to prevent issues
+* After loading the libraries
+
+Nevertheless, the current state requires to run it with root and the Java support is currently still in progress.
+

bukkit/src/test/resources/client_keys/README.md

@@ -0,0 +1,27 @@
+# About
+
+This contains test resources for the unit tests. The files are extracted from the Minecraft directory with slight
+modifications. The files are found in `$MINECRAFT_HOME$/profilekeys/`, where `$MINECRAFT_HOME$` represents the
+OS-dependent minecraft folder.
+
+**Notable the files in this folder do not contain the private key information. It should be explicitly
+stripped before including it.**
+
+## Minecraft folder
+
+* Windows: `%appdata%\.minecraft`
+* Linux: `/home/username/.minecraft`
+* Mac: `~/Library/Application Support/minecraft`
+
+## Directory structure
+
+* `valid_public_key.json`: Extracted from the actual file
+* `invalid_wrong_expiration.json`: Changed the expiration date
+* `invalid_wrong_key.json`: Modified public key while keeping the RSA structure valid
+* `invalid_wrong_signature.json`: Changed a character in the public key signature
+
+## File content
+
+* `expires_at`: Expiration date
+* `key`: Public key from the original file out of `public_key.key`
+* `signature`: Mojang signed signature of this public key

bukkit/src/test/resources/client_keys/invalid_wrong_expiration.json

@@ -0,0 +1,5 @@
+{
+    "expires_at": "2022-06-20T07:31:47.318722344Z",
+    "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd3ZxDhcRWWru1XEBke6uYqmbnS2Oxyk\nOMj+QDKrkwUqhVJYciyXGsMx46Mgr/KIoGCcokP5OtIxc6+69/ZLqJ9PvM81kLIxAqyvfBMKMGjP\n376LgxTF1FeDpbe5zXaNRxfmnvQhS5YTLbzgk36qWVjqxJMG4VLVmh7RV5zWsb7XlckZb2zRHM2Y\nMHbEC+ggX+l6zQyfG1KK0MH5k+O6b0xD0rv1wm24sLOesTXH6RZG8cNE3ofdnavxjFodTOnra6w1\naiVcoUTdEPSS86wQwq9j0YCcAKOwMXsqbk9NhpujrdyJ94dev+ELwkNS7P0pPrcfiyFTQeJCZTXz\nJB36MwIDAQAB\n-----END RSA PUBLIC KEY-----\n",
+    "signature": "lfRXK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU="
+}

bukkit/src/test/resources/client_keys/invalid_wrong_key.json

@@ -0,0 +1,5 @@
+{
+    "expires_at": "2022-06-20T08:31:47.318722344Z",
+    "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOv23jt2QPyab6bPRBwH2ggmzQU3I+xmDpi3X5ZB5Em/4uzyZqNVLJc0gShpk0XsdoB28Nq1bPxczOTBxuXi3rg5ax5gL+iymDSU27DLM8s/33lOofzGPJUEQGKlFm0QelDKZ/q5Y/9inHE3hEJKf7h0tnmGahXFmZSF/nRz9GHnfSYpjtDr9bsZOzQuLhHXT5E4ksNRTFW41h0MlZ1qOhO+NiiVgk7LmgVYiV7RRbgO8U6RaCEqg5n28Ewo6QtzB+DF4NTDeu3E9BLH5G0npdUrVNhdRUWCFDmH6n9hqSIz2J7o6GvWqEvp0h9e/3qtLsoS60hnQXunrcWcPaEIYQIDAQAB\n-----END RSA PUBLIC KEY-----\n",
+    "signature": "lfRXK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU="
+}

bukkit/src/test/resources/client_keys/invalid_wrong_signature.json

@@ -0,0 +1,5 @@
+{
+    "expires_at": "2022-06-20T08:31:47.318722344Z",
+    "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd3ZxDhcRWWru1XEBke6uYqmbnS2Oxyk\nOMj+QDKrkwUqhVJYciyXGsMx46Mgr/KIoGCcokP5OtIxc6+69/ZLqJ9PvM81kLIxAqyvfBMKMGjP\n376LgxTF1FeDpbe5zXaNRxfmnvQhS5YTLbzgk36qWVjqxJMG4VLVmh7RV5zWsb7XlckZb2zRHM2Y\nMHbEC+ggX+l6zQyfG1KK0MH5k+O6b0xD0rv1wm24sLOesTXH6RZG8cNE3ofdnavxjFodTOnra6w1\naiVcoUTdEPSS86wQwq9j0YCcAKOwMXsqbk9NhpujrdyJ94dev+ELwkNS7P0pPrcfiyFTQeJCZTXz\nJB36MwIDAQAB\n-----END RSA PUBLIC KEY-----\n",
+    "signature": "lfRxK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU="
+}

bukkit/src/test/resources/client_keys/valid_public_key.json

@@ -0,0 +1,5 @@
+{
+    "expires_at": "2022-06-20T08:31:47.318722344Z",
+    "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd3ZxDhcRWWru1XEBke6uYqmbnS2Oxyk\nOMj+QDKrkwUqhVJYciyXGsMx46Mgr/KIoGCcokP5OtIxc6+69/ZLqJ9PvM81kLIxAqyvfBMKMGjP\n376LgxTF1FeDpbe5zXaNRxfmnvQhS5YTLbzgk36qWVjqxJMG4VLVmh7RV5zWsb7XlckZb2zRHM2Y\nMHbEC+ggX+l6zQyfG1KK0MH5k+O6b0xD0rv1wm24sLOesTXH6RZG8cNE3ofdnavxjFodTOnra6w1\naiVcoUTdEPSS86wQwq9j0YCcAKOwMXsqbk9NhpujrdyJ94dev+ELwkNS7P0pPrcfiyFTQeJCZTXz\nJB36MwIDAQAB\n-----END RSA PUBLIC KEY-----\n",
+    "signature": "lfRXK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU="
+}

bukkit/src/test/resources/client_keys/valid_public_key_19_1.json

@@ -0,0 +1,5 @@
+{
+  "expires_at": "2022-07-29T12:57:39.011Z",
+  "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYOUXdid0c09/eYoseLf8qG9fKQ/G2DY9wlSyEZaFMflwZ8ZpLFYigxzfaimpT3A5cbFIdIH2W2sYl5PwsKSs128GBh/rxXUEZlLkIkS+EfxyuMp9ITclxAjCqvFgfJbZHugtB9Ofi6knCEEgjFwMDh2efdpOXkCxtHuPFfnVzDJBbHWdlCCtJesMAnA2jCT7CqCwsi7sW2QxuTarqHP/cHKiBeBIu/SngGUB6eWmvAwERW5x2D+O26w8Z5sQCND3xQ4D868RALiPNG94TyKoJV+jKi0tTUmjGGs/1ksbSGDQb5xqIH0NYKZhoZrczYPNmJX4k7g5BA5RHX8AGORaQIDAQAB\n-----END RSA PUBLIC KEY-----\n",
+  "signature": "Fto/GDqEMTWpNrktWSi3tnP3ZZlo8r4Jled/5PKYRvaL/zksfjB2RK2O8pZL+w5mI2VAViTVAQmSJEF2o/BCb2L0zXp3/hC9VhZj5NTVi4KbHfnfMorj7/WJP2vvMgVxIxgLb3EEQXGS2Mmo0w2ikUVauwXgLWECvVt10KAZnTAWNIvpM8NUoZ2oCCxVimYHBtlwWQ7WvowAatP4ypa7fo3xhQg8Im1hvQDsFTNp58pgnd7l3l99xLj1uYOUJM06HGZJ/Xd0kzzJz44Csh4m50Q0RP4Nq5L+fYPeUx990Z1r1lw0sSayk+vA2Qnxgbs/z6KgkxfhBg7oOlp4ykl9cLC2kA/LdV6igqsdr/KoP4GWxwTA7RgQbhMkDFdmIg1W+gh3XqwASFQK2BAN/eAfmDTf8u9BtOEF7Ehn9uPOaiFiGztyaHxXNIkVSPTG2GXMFSijnd3Ms28jHYVY/67INTnDRmN0//KzBAoTRMe1S5idai19kug4EUVIRKDziipowzCPdbD18trdQGpK0dYOrw9XQiQd4N4V3eItpyAULGiZd8KcjgKo4orqgsUfNyhLI1keig7TyJUE3FkBOfX4hlZBm7Q/Wq4hwarlc5yZIjhsuivKV/q4tcnYYPwjP7kNMRsIApWG+yHmSIo8QfZhBiPxvtWSSLZgoFgnlxfaEko="
+}

bukkit/src/test/resources/signature/README.md

@@ -0,0 +1,16 @@
+# About
+
+This contains test resources for the unit tests. Files in this folder include pre-made cryptographic signatures.
+
+## Directory structure
+
+* `valid_signature.json`: Extracted using packet extract from an actual authentication
+* `incorrect_nonce.json`: Different nonce token simulating that the server expected a different token than signed
+* `incorrect_salt.json`: Salt sent is different to the content signed by the signature (changed salt field)
+* `incorrect_signature.json`: Changed signature
+
+## File content
+
+* `nonce`: Server generated nonce token
+* `salt`: Client generated random token that will be signed
+* `signature`: Nonce and salt signed using the client key from `valid_public_key.json`

bukkit/src/test/resources/signature/incorrect_nonce.json

@@ -0,0 +1,7 @@
+{
+    "nonce": "galNig\u003d\u003d",
+    "signature": {
+        "signature": "JlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d",
+        "salt": -2985008842905108412
+    }
+}

bukkit/src/test/resources/signature/incorrect_salt.json

@@ -0,0 +1,7 @@
+{
+    "nonce": "GalNig\u003d\u003d",
+    "signature": {
+        "signature": "JlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d",
+        "salt": -1985008842905108412
+    }
+}

bukkit/src/test/resources/signature/incorrect_signature.json

@@ -0,0 +1,7 @@
+{
+    "nonce": "GalNig\u003d\u003d",
+    "signature": {
+        "signature": "jlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d",
+        "salt": -2985008842905108412
+    }
+}

bukkit/src/test/resources/signature/valid_signature.json

@@ -0,0 +1,7 @@
+{
+    "nonce": "GalNig\u003d\u003d",
+    "signature": {
+        "signature": "JlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d",
+        "salt": -2985008842905108412
+    }
+}