Java Code Examples for com.nukkitx.protocol.bedrock.util.EncryptionUtils

The following examples show how to use com.nukkitx.protocol.bedrock.util.EncryptionUtils. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: BedrockConnect   Source File: PacketHandler.java    License: GNU General Public License v3.0 7 votes vote down vote up
private static boolean validateChainData(JsonNode data) throws Exception {
    ECPublicKey lastKey = null;
    boolean validChain = false;
    for (JsonNode node : data) {
        JWSObject jwt = JWSObject.parse(node.asText());

        if (!validChain) {
            validChain = verifyJwt(jwt, EncryptionUtils.getMojangPublicKey());
        }

        if (lastKey != null) {
            verifyJwt(jwt, lastKey);
        }

        JsonNode payloadNode = Server.JSON_MAPPER.readTree(jwt.getPayload().toString());
        JsonNode ipkNode = payloadNode.get("identityPublicKey");
        Preconditions.checkState(ipkNode != null && ipkNode.getNodeType() == JsonNodeType.STRING, "identityPublicKey node is missing in chain");
        lastKey = EncryptionUtils.generateKey(ipkNode.asText());
    }
    return validChain;
}
 
Example 2
Source Project: Geyser   Source File: LoginEncryptionUtils.java    License: MIT License 6 votes vote down vote up
private static boolean validateChainData(JsonNode data) throws Exception {
    ECPublicKey lastKey = null;
    boolean validChain = false;
    for (JsonNode node : data) {
        JWSObject jwt = JWSObject.parse(node.asText());

        if (!validChain) {
            validChain = EncryptionUtils.verifyJwt(jwt, EncryptionUtils.getMojangPublicKey());
        }

        if (lastKey != null) {
            EncryptionUtils.verifyJwt(jwt, lastKey);
        }

        JsonNode payloadNode = JSON_MAPPER.readTree(jwt.getPayload().toString());
        JsonNode ipkNode = payloadNode.get("identityPublicKey");
        Preconditions.checkState(ipkNode != null && ipkNode.getNodeType() == JsonNodeType.STRING, "identityPublicKey node is missing in chain");
        lastKey = EncryptionUtils.generateKey(ipkNode.asText());
    }
    return validChain;
}
 
Example 3
private static boolean validateChainData(JsonNode data) throws Exception {
    ECPublicKey lastKey = null;
    boolean validChain = false;
    for (JsonNode node : data) {
        JWSObject jwt = JWSObject.parse(node.asText());

        if (!validChain) {
            validChain = verifyJwt(jwt, EncryptionUtils.getMojangPublicKey());
        }

        if (lastKey != null) {
            verifyJwt(jwt, lastKey);
        }

        JsonNode payloadNode = ProxyPass.JSON_MAPPER.readTree(jwt.getPayload().toString());
        JsonNode ipkNode = payloadNode.get("identityPublicKey");
        Preconditions.checkState(ipkNode != null && ipkNode.getNodeType() == JsonNodeType.STRING, "identityPublicKey node is missing in chain");
        lastKey = EncryptionUtils.generateKey(ipkNode.asText());
    }
    return validChain;
}
 
Example 4
public boolean handle(ServerToClientHandshakePacket packet) {
    try {
        SignedJWT saltJwt = SignedJWT.parse(packet.getJwt());
        URI x5u = saltJwt.getHeader().getX509CertURL();
        ECPublicKey serverKey = EncryptionUtils.generateKey(x5u.toASCIIString());
        SecretKey key = EncryptionUtils.getSecretKey(this.player.getProxyKeyPair().getPrivate(), serverKey,
                Base64.getDecoder().decode(saltJwt.getJWTClaimsSet().getStringClaim("salt")));
        session.enableEncryption(key);
    } catch (ParseException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException e) {
        throw new RuntimeException(e);
    }

    ClientToServerHandshakePacket clientToServerHandshake = new ClientToServerHandshakePacket();
    session.sendPacketImmediately(clientToServerHandshake);
    return true;
}
 
Example 5
Source Project: Geyser   Source File: LoginEncryptionUtils.java    License: MIT License 5 votes vote down vote up
private static void encryptConnectionWithCert(GeyserConnector connector, GeyserSession session, String clientData, JsonNode certChainData) {
    try {
        boolean validChain = validateChainData(certChainData);

        connector.getLogger().debug(String.format("Is player data valid? %s", validChain));

        JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
        JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes());

        if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
            throw new RuntimeException("AuthData was not found!");
        }

        JsonNode extraData = payload.get("extraData");
        session.setAuthenticationData(new AuthData(
                extraData.get("displayName").asText(),
                UUID.fromString(extraData.get("identity").asText()),
                extraData.get("XUID").asText()
        ));

        if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
            throw new RuntimeException("Identity Public Key was not found!");
        }

        ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue());
        JWSObject clientJwt = JWSObject.parse(clientData);
        EncryptionUtils.verifyJwt(clientJwt, identityPublicKey);

        session.setClientData(JSON_MAPPER.convertValue(JSON_MAPPER.readTree(clientJwt.getPayload().toBytes()), BedrockClientData.class));

        if (EncryptionUtils.canUseEncryption()) {
            LoginEncryptionUtils.startEncryptionHandshake(session, identityPublicKey);
        }
    } catch (Exception ex) {
        session.disconnect("disconnectionScreen.internalError.cantConnect");
        throw new RuntimeException("Unable to complete login", ex);
    }
}
 
Example 6
Source Project: Geyser   Source File: LoginEncryptionUtils.java    License: MIT License 5 votes vote down vote up
private static void startEncryptionHandshake(GeyserSession session, PublicKey key) throws Exception {
    KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
    generator.initialize(new ECGenParameterSpec("secp384r1"));
    KeyPair serverKeyPair = generator.generateKeyPair();

    byte[] token = EncryptionUtils.generateRandomToken();
    SecretKey encryptionKey = EncryptionUtils.getSecretKey(serverKeyPair.getPrivate(), key, token);
    session.getUpstream().getSession().enableEncryption(encryptionKey);

    ServerToClientHandshakePacket packet = new ServerToClientHandshakePacket();
    packet.setJwt(EncryptionUtils.createHandshakeJwt(serverKeyPair, token).serialize());
    session.sendUpstreamPacketImmediately(packet);
}
 
Example 7
public static SignedJWT forgeAuthData(KeyPair pair, JSONObject extraData) {
    String publicKeyBase64 = Base64.getEncoder().encodeToString(pair.getPublic().getEncoded());
    URI x5u = URI.create(publicKeyBase64);

    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.ES384).x509CertURL(x5u).build();

    long timestamp = System.currentTimeMillis();
    Date nbf = new Date(timestamp - TimeUnit.SECONDS.toMillis(1));
    Date exp = new Date(timestamp + TimeUnit.DAYS.toMillis(1));

    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
            .notBeforeTime(nbf)
            .expirationTime(exp)
            .issueTime(exp)
            .issuer("self")
            .claim("certificateAuthority", true)
            .claim("extraData", extraData)
            .claim("identityPublicKey", publicKeyBase64)
            .build();

    SignedJWT jwt = new SignedJWT(header, claimsSet);

    try {
        EncryptionUtils.signJwt(jwt, (ECPrivateKey) pair.getPrivate());
    } catch (JOSEException e) {
        throw new RuntimeException(e);
    }

    return jwt;
}
 
Example 8
public static JWSObject forgeSkinData(KeyPair pair, JSONObject skinData) {
    URI x5u = URI.create(Base64.getEncoder().encodeToString(pair.getPublic().getEncoded()));

    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.ES384).x509CertURL(x5u).build();

    JWSObject jws = new JWSObject(header, new Payload(skinData));

    try {
        EncryptionUtils.signJwt(jws, (ECPrivateKey) pair.getPrivate());
    } catch (JOSEException e) {
        throw new RuntimeException(e);
    }

    return jws;
}