From 11077a002d61dda40709885bfce2a7e86d133051 Mon Sep 17 00:00:00 2001 From: games647 Date: Thu, 23 Jun 2022 12:37:13 +0200 Subject: [PATCH] Migrate public key to record --- .../listener/protocollib/EncryptionUtil.java | 10 ++++---- .../protocollib/VerifyResponseTask.java | 2 +- .../protocollib/packet/ClientPublicKey.java | 23 +------------------ .../protocollib/EncryptionUtilTest.java | 20 ++++++++-------- 4 files changed, 17 insertions(+), 38 deletions(-) diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java index ef210d78..d124eb07 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java @@ -147,8 +147,8 @@ class EncryptionUtil { } public static boolean verifyClientKey(ClientPublicKey clientKey, Instant verifyTimstamp) - throws SignatureException, NoSuchAlgorithmException, InvalidKeyException { - if (!verifyTimstamp.isBefore(clientKey.getExpiry())) { + throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { + if (!verifyTimstamp.isBefore(clientKey.expiry())) { return false; } @@ -156,7 +156,7 @@ class EncryptionUtil { // key of the signer verifier.initVerify(mojangSessionKey); verifier.update(toSignable(clientKey).getBytes(StandardCharsets.US_ASCII)); - return verifier.verify(clientKey.getSignature()); + return verifier.verify(clientKey.signature()); } public static boolean verifySignedNonce(byte[] nonce, PublicKey clientKey, long signatureSalt, byte[] signature) @@ -180,8 +180,8 @@ class EncryptionUtil { } private static String toSignable(ClientPublicKey clientPublicKey) { - long expiry = clientPublicKey.getExpiry().toEpochMilli(); - String encoded = KEY_ENCODER.encodeToString(clientPublicKey.getKey().getEncoded()); + long expiry = clientPublicKey.expiry().toEpochMilli(); + String encoded = KEY_ENCODER.encodeToString(clientPublicKey.key().getEncoded()); return expiry + "-----BEGIN RSA PUBLIC KEY-----\n" + encoded + "\n-----END RSA PUBLIC KEY-----\n"; } diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java index ed842980..5a156d64 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java @@ -262,7 +262,7 @@ public class VerifyResponseTask implements Runnable { startPacket.getStrings().write(0, username); EquivalentConverter converter = BukkitConverters.getWrappedPublicKeyDataConverter(); - var key = new WrappedProfileKeyData(clientKey.getExpiry(), clientKey.getKey(), sharedSecret); + var key = new WrappedProfileKeyData(clientKey.expiry(), clientKey.key(), sharedSecret); startPacket.getOptionals(converter).write(0, Optional.of(key)); } else { //uuid is ignored by the packet definition diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/packet/ClientPublicKey.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/packet/ClientPublicKey.java index f14b16f1..24c4733f 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/packet/ClientPublicKey.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/packet/ClientPublicKey.java @@ -28,27 +28,6 @@ package com.github.games647.fastlogin.bukkit.listener.protocollib.packet; import java.security.PublicKey; import java.time.Instant; -public class ClientPublicKey { +public record ClientPublicKey(Instant expiry, PublicKey key, byte[] signature) { - private final Instant expiry; - private final PublicKey key; - private final byte[] signature; - - public ClientPublicKey(Instant expiry, PublicKey key, byte[] signature) { - this.expiry = expiry; - this.key = key; - this.signature = signature; - } - - public Instant getExpiry() { - return expiry; - } - - public PublicKey getKey() { - return key; - } - - public byte[] getSignature() { - return signature; - } } diff --git a/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java b/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java index 781cca3a..dbe41ee3 100644 --- a/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java +++ b/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java @@ -90,7 +90,7 @@ public class EncryptionUtilTest { var clientKey = loadClientKey("client_keys/valid_public_key.json"); // Client expires at the exact second mentioned, so use it for verification - var expiredTimestamp = clientKey.getExpiry(); + var expiredTimestamp = clientKey.expiry(); assertThat(EncryptionUtil.verifyClientKey(clientKey, expiredTimestamp), is(false)); } @@ -100,7 +100,7 @@ public class EncryptionUtilTest { // expiration date changed should make the signature invalid // expiration should still be valid var clientKey = loadClientKey("client_keys/invalid_wrong_expiration.json"); - Instant expireTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS); + Instant expireTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS); assertThat(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp), is(false)); } @@ -110,7 +110,7 @@ public class EncryptionUtilTest { public void testInvalidChangedKey() throws Exception { // changed public key no longer corresponding to the signature var clientKey = loadClientKey("client_keys/invalid_wrong_key.json"); - Instant expireTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS); + Instant expireTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS); assertThat(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp), is(false)); } @@ -119,7 +119,7 @@ public class EncryptionUtilTest { public void testInvalidChangedSignature() throws Exception { // signature modified no longer corresponding to key and expiration date var clientKey = loadClientKey("client_keys/invalid_wrong_signature.json"); - Instant expireTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS); + Instant expireTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS); assertThat(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp), is(false)); } @@ -127,7 +127,7 @@ public class EncryptionUtilTest { @Test public void testValidClientKey() throws Exception { var clientKey = loadClientKey("client_keys/valid_public_key.json"); - var verificationTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS); + var verificationTimestamp = clientKey.expiry().minus(5, ChronoUnit.HOURS); assertThat(EncryptionUtil.verifyClientKey(clientKey, verificationTimestamp), is(true)); } @@ -135,7 +135,7 @@ public class EncryptionUtilTest { @Test public void testValidSignedNonce() throws Exception { ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json"); - PublicKey clientPublicKey = clientKey.getKey(); + PublicKey clientPublicKey = clientKey.key(); SignatureTestData testData = loadSignatureResource("signature/valid_signature.json"); byte[] nonce = testData.getNonce(); @@ -147,7 +147,7 @@ public class EncryptionUtilTest { @Test public void testIncorrectNonce() throws Exception { ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json"); - PublicKey clientPublicKey = clientKey.getKey(); + PublicKey clientPublicKey = clientKey.key(); SignatureTestData testData = loadSignatureResource("signature/incorrect_nonce.json"); byte[] nonce = testData.getNonce(); @@ -160,7 +160,7 @@ public class EncryptionUtilTest { public void testIncorrectSalt() throws Exception { // client generated ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json"); - PublicKey clientPublicKey = clientKey.getKey(); + PublicKey clientPublicKey = clientKey.key(); SignatureTestData testData = loadSignatureResource("signature/incorrect_salt.json"); byte[] nonce = testData.getNonce(); @@ -173,7 +173,7 @@ public class EncryptionUtilTest { public void testIncorrectSignature() throws Exception { // client generated ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json"); - PublicKey clientPublicKey = clientKey.getKey(); + PublicKey clientPublicKey = clientKey.key(); SignatureTestData testData = loadSignatureResource("signature/incorrect_signature.json"); byte[] nonce = testData.getNonce(); @@ -186,7 +186,7 @@ public class EncryptionUtilTest { public void testWrongPublicKeySigned() throws Exception { // load a different public key ClientPublicKey clientKey = loadClientKey("client_keys/invalid_wrong_key.json"); - PublicKey clientPublicKey = clientKey.getKey(); + PublicKey clientPublicKey = clientKey.key(); SignatureTestData testData = loadSignatureResource("signature/valid_signature.json"); byte[] nonce = testData.getNonce();