com.nukkitx.protocol.bedrock.util.EncryptionUtils Java Examples

The following examples show how to use com.nukkitx.protocol.bedrock.util.EncryptionUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PacketHandler.java    From BedrockConnect with GNU General Public License v3.0 7 votes vote down vote up
private static boolean validateChainData(JsonNode data) throws Exception {
    ECPublicKey lastKey = null;
    boolean validChain = false;
    for (JsonNode node : data) {
        JWSObject jwt = JWSObject.parse(node.asText());

        if (!validChain) {
            validChain = verifyJwt(jwt, EncryptionUtils.getMojangPublicKey());
        }

        if (lastKey != null) {
            verifyJwt(jwt, lastKey);
        }

        JsonNode payloadNode = Server.JSON_MAPPER.readTree(jwt.getPayload().toString());
        JsonNode ipkNode = payloadNode.get("identityPublicKey");
        Preconditions.checkState(ipkNode != null && ipkNode.getNodeType() == JsonNodeType.STRING, "identityPublicKey node is missing in chain");
        lastKey = EncryptionUtils.generateKey(ipkNode.asText());
    }
    return validChain;
}
 
Example #2
Source File: LoginEncryptionUtils.java    From Geyser with MIT License 6 votes vote down vote up
private static boolean validateChainData(JsonNode data) throws Exception {
    ECPublicKey lastKey = null;
    boolean validChain = false;
    for (JsonNode node : data) {
        JWSObject jwt = JWSObject.parse(node.asText());

        if (!validChain) {
            validChain = EncryptionUtils.verifyJwt(jwt, EncryptionUtils.getMojangPublicKey());
        }

        if (lastKey != null) {
            EncryptionUtils.verifyJwt(jwt, lastKey);
        }

        JsonNode payloadNode = JSON_MAPPER.readTree(jwt.getPayload().toString());
        JsonNode ipkNode = payloadNode.get("identityPublicKey");
        Preconditions.checkState(ipkNode != null && ipkNode.getNodeType() == JsonNodeType.STRING, "identityPublicKey node is missing in chain");
        lastKey = EncryptionUtils.generateKey(ipkNode.asText());
    }
    return validChain;
}
 
Example #3
Source File: UpstreamPacketHandler.java    From ProxyPass with GNU Affero General Public License v3.0 6 votes vote down vote up
private static boolean validateChainData(JsonNode data) throws Exception {
    ECPublicKey lastKey = null;
    boolean validChain = false;
    for (JsonNode node : data) {
        JWSObject jwt = JWSObject.parse(node.asText());

        if (!validChain) {
            validChain = verifyJwt(jwt, EncryptionUtils.getMojangPublicKey());
        }

        if (lastKey != null) {
            verifyJwt(jwt, lastKey);
        }

        JsonNode payloadNode = ProxyPass.JSON_MAPPER.readTree(jwt.getPayload().toString());
        JsonNode ipkNode = payloadNode.get("identityPublicKey");
        Preconditions.checkState(ipkNode != null && ipkNode.getNodeType() == JsonNodeType.STRING, "identityPublicKey node is missing in chain");
        lastKey = EncryptionUtils.generateKey(ipkNode.asText());
    }
    return validChain;
}
 
Example #4
Source File: DownstreamPacketHandler.java    From ProxyPass with GNU Affero General Public License v3.0 6 votes vote down vote up
public boolean handle(ServerToClientHandshakePacket packet) {
    try {
        SignedJWT saltJwt = SignedJWT.parse(packet.getJwt());
        URI x5u = saltJwt.getHeader().getX509CertURL();
        ECPublicKey serverKey = EncryptionUtils.generateKey(x5u.toASCIIString());
        SecretKey key = EncryptionUtils.getSecretKey(this.player.getProxyKeyPair().getPrivate(), serverKey,
                Base64.getDecoder().decode(saltJwt.getJWTClaimsSet().getStringClaim("salt")));
        session.enableEncryption(key);
    } catch (ParseException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException e) {
        throw new RuntimeException(e);
    }

    ClientToServerHandshakePacket clientToServerHandshake = new ClientToServerHandshakePacket();
    session.sendPacketImmediately(clientToServerHandshake);
    return true;
}
 
Example #5
Source File: LoginEncryptionUtils.java    From Geyser with MIT License 5 votes vote down vote up
private static void encryptConnectionWithCert(GeyserConnector connector, GeyserSession session, String clientData, JsonNode certChainData) {
    try {
        boolean validChain = validateChainData(certChainData);

        connector.getLogger().debug(String.format("Is player data valid? %s", validChain));

        JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
        JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes());

        if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
            throw new RuntimeException("AuthData was not found!");
        }

        JsonNode extraData = payload.get("extraData");
        session.setAuthenticationData(new AuthData(
                extraData.get("displayName").asText(),
                UUID.fromString(extraData.get("identity").asText()),
                extraData.get("XUID").asText()
        ));

        if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
            throw new RuntimeException("Identity Public Key was not found!");
        }

        ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue());
        JWSObject clientJwt = JWSObject.parse(clientData);
        EncryptionUtils.verifyJwt(clientJwt, identityPublicKey);

        session.setClientData(JSON_MAPPER.convertValue(JSON_MAPPER.readTree(clientJwt.getPayload().toBytes()), BedrockClientData.class));

        if (EncryptionUtils.canUseEncryption()) {
            LoginEncryptionUtils.startEncryptionHandshake(session, identityPublicKey);
        }
    } catch (Exception ex) {
        session.disconnect("disconnectionScreen.internalError.cantConnect");
        throw new RuntimeException("Unable to complete login", ex);
    }
}
 
Example #6
Source File: LoginEncryptionUtils.java    From Geyser with MIT License 5 votes vote down vote up
private static void startEncryptionHandshake(GeyserSession session, PublicKey key) throws Exception {
    KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
    generator.initialize(new ECGenParameterSpec("secp384r1"));
    KeyPair serverKeyPair = generator.generateKeyPair();

    byte[] token = EncryptionUtils.generateRandomToken();
    SecretKey encryptionKey = EncryptionUtils.getSecretKey(serverKeyPair.getPrivate(), key, token);
    session.getUpstream().getSession().enableEncryption(encryptionKey);

    ServerToClientHandshakePacket packet = new ServerToClientHandshakePacket();
    packet.setJwt(EncryptionUtils.createHandshakeJwt(serverKeyPair, token).serialize());
    session.sendUpstreamPacketImmediately(packet);
}
 
Example #7
Source File: ForgeryUtils.java    From ProxyPass with GNU Affero General Public License v3.0 5 votes vote down vote up
public static SignedJWT forgeAuthData(KeyPair pair, JSONObject extraData) {
    String publicKeyBase64 = Base64.getEncoder().encodeToString(pair.getPublic().getEncoded());
    URI x5u = URI.create(publicKeyBase64);

    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.ES384).x509CertURL(x5u).build();

    long timestamp = System.currentTimeMillis();
    Date nbf = new Date(timestamp - TimeUnit.SECONDS.toMillis(1));
    Date exp = new Date(timestamp + TimeUnit.DAYS.toMillis(1));

    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
            .notBeforeTime(nbf)
            .expirationTime(exp)
            .issueTime(exp)
            .issuer("self")
            .claim("certificateAuthority", true)
            .claim("extraData", extraData)
            .claim("identityPublicKey", publicKeyBase64)
            .build();

    SignedJWT jwt = new SignedJWT(header, claimsSet);

    try {
        EncryptionUtils.signJwt(jwt, (ECPrivateKey) pair.getPrivate());
    } catch (JOSEException e) {
        throw new RuntimeException(e);
    }

    return jwt;
}
 
Example #8
Source File: ForgeryUtils.java    From ProxyPass with GNU Affero General Public License v3.0 5 votes vote down vote up
public static JWSObject forgeSkinData(KeyPair pair, JSONObject skinData) {
    URI x5u = URI.create(Base64.getEncoder().encodeToString(pair.getPublic().getEncoded()));

    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.ES384).x509CertURL(x5u).build();

    JWSObject jws = new JWSObject(header, new Payload(skinData));

    try {
        EncryptionUtils.signJwt(jws, (ECPrivateKey) pair.getPrivate());
    } catch (JOSEException e) {
        throw new RuntimeException(e);
    }

    return jws;
}