feedc0de/FastLogin
1
0
Fork 0
forked from TuxCoding/FastLogin
Code Pull Requests Activity

Migrate public key to record

Browse Source
This commit is contained in:
games647
2022-06-23 12:37:13 +02:00
parent d9bf7267a6
commit 11077a002d
4 changed files with 17 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java
View File

@ -147,8 +147,8 @@ class EncryptionUtil {
}
public static boolean verifyClientKey(ClientPublicKey clientKey, Instant verifyTimstamp)
throws SignatureException, NoSuchAlgorithmException, InvalidKeyException {
if (!verifyTimstamp.isBefore(clientKey.getExpiry())) {
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
if (!verifyTimstamp.isBefore(clientKey.expiry())) {
return false;
}
@ -156,7 +156,7 @@ class EncryptionUtil {
// key of the signer
verifier.initVerify(mojangSessionKey);
verifier.update(toSignable(clientKey).getBytes(StandardCharsets.US_ASCII));
return verifier.verify(clientKey.getSignature());
return verifier.verify(clientKey.signature());
}
public static boolean verifySignedNonce(byte[] nonce, PublicKey clientKey, long signatureSalt, byte[] signature)
@ -180,8 +180,8 @@ class EncryptionUtil {
}
private static String toSignable(ClientPublicKey clientPublicKey) {
long expiry = clientPublicKey.getExpiry().toEpochMilli();
String encoded = KEY_ENCODER.encodeToString(clientPublicKey.getKey().getEncoded());
long expiry = clientPublicKey.expiry().toEpochMilli();
String encoded = KEY_ENCODER.encodeToString(clientPublicKey.key().getEncoded());
return expiry + "-----BEGIN RSA PUBLIC KEY-----\n" + encoded + "\n-----END RSA PUBLIC KEY-----\n";
}

2
bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java
View File

@ -262,7 +262,7 @@ public class VerifyResponseTask implements Runnable {
startPacket.getStrings().write(0, username);
EquivalentConverter<WrappedProfileKeyData> converter = BukkitConverters.getWrappedPublicKeyDataConverter();
var key = new WrappedProfileKeyData(clientKey.getExpiry(), clientKey.getKey(), sharedSecret);
var key = new WrappedProfileKeyData(clientKey.expiry(), clientKey.key(), sharedSecret);
startPacket.getOptionals(converter).write(0, Optional.of(key));
} else {
//uuid is ignored by the packet definition

23
bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/packet/ClientPublicKey.java
View File

@ -28,27 +28,6 @@ package com.github.games647.fastlogin.bukkit.listener.protocollib.packet;
import java.security.PublicKey;
import java.time.Instant;
public class ClientPublicKey {
public record ClientPublicKey(Instant expiry, PublicKey key, byte[] signature) {
private final Instant expiry;
private final PublicKey key;
private final byte[] signature;
public ClientPublicKey(Instant expiry, PublicKey key, byte[] signature) {
this.expiry = expiry;
this.key = key;
this.signature = signature;
}
public Instant getExpiry() {
return expiry;
}
public PublicKey getKey() {
return key;
}
public byte[] getSignature() {
return signature;
}
}

20
bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java
View File

@ -90,7 +90,7 @@ public class EncryptionUtilTest {
var clientKey = loadClientKey("client_keys/valid_public_key.json");
// Client expires at the exact second mentioned, so use it for verification
var expiredTimestamp = clientKey.getExpiry();
var expiredTimestamp = clientKey.expiry();
assertThat(EncryptionUtil.verifyClientKey(clientKey, expiredTimestamp), is(false));
}
@ -100,7 +100,7 @@ public class EncryptionUtilTest {
// expiration date changed should make the signature invalid
// expiration should still be valid
var clientKey = loadClientKey("client_keys/invalid_wrong_expiration.json");
Instant expireTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS);
Instant expireTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
assertThat(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp), is(false));
}
@ -110,7 +110,7 @@ public class EncryptionUtilTest {
public void testInvalidChangedKey() throws Exception {
// changed public key no longer corresponding to the signature
var clientKey = loadClientKey("client_keys/invalid_wrong_key.json");
Instant expireTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS);
Instant expireTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
assertThat(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp), is(false));
}
@ -119,7 +119,7 @@ public class EncryptionUtilTest {
public void testInvalidChangedSignature() throws Exception {
// signature modified no longer corresponding to key and expiration date
var clientKey = loadClientKey("client_keys/invalid_wrong_signature.json");
Instant expireTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS);
Instant expireTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
assertThat(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp), is(false));
}
@ -127,7 +127,7 @@ public class EncryptionUtilTest {
@Test
public void testValidClientKey() throws Exception {
var clientKey = loadClientKey("client_keys/valid_public_key.json");
var verificationTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS);
var verificationTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS);
assertThat(EncryptionUtil.verifyClientKey(clientKey, verificationTimestamp), is(true));
}
@ -135,7 +135,7 @@ public class EncryptionUtilTest {
@Test
public void testValidSignedNonce() throws Exception {
ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json");
PublicKey clientPublicKey = clientKey.getKey();
PublicKey clientPublicKey = clientKey.key();
SignatureTestData testData = loadSignatureResource("signature/valid_signature.json");
byte[] nonce = testData.getNonce();
@ -147,7 +147,7 @@ public class EncryptionUtilTest {
@Test
public void testIncorrectNonce() throws Exception {
ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json");
PublicKey clientPublicKey = clientKey.getKey();
PublicKey clientPublicKey = clientKey.key();
SignatureTestData testData = loadSignatureResource("signature/incorrect_nonce.json");
byte[] nonce = testData.getNonce();
@ -160,7 +160,7 @@ public class EncryptionUtilTest {
public void testIncorrectSalt() throws Exception {
// client generated
ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json");
PublicKey clientPublicKey = clientKey.getKey();
PublicKey clientPublicKey = clientKey.key();
SignatureTestData testData = loadSignatureResource("signature/incorrect_salt.json");
byte[] nonce = testData.getNonce();
@ -173,7 +173,7 @@ public class EncryptionUtilTest {
public void testIncorrectSignature() throws Exception {
// client generated
ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json");
PublicKey clientPublicKey = clientKey.getKey();
PublicKey clientPublicKey = clientKey.key();
SignatureTestData testData = loadSignatureResource("signature/incorrect_signature.json");
byte[] nonce = testData.getNonce();
@ -186,7 +186,7 @@ public class EncryptionUtilTest {
public void testWrongPublicKeySigned() throws Exception {
// load a different public key
ClientPublicKey clientKey = loadClientKey("client_keys/invalid_wrong_key.json");
PublicKey clientPublicKey = clientKey.getKey();
PublicKey clientPublicKey = clientKey.key();
SignatureTestData testData = loadSignatureResource("signature/valid_signature.json");
byte[] nonce = testData.getNonce();