From 05a71d8cc5185aa9e46ef5f9754bb862464c13e0 Mon Sep 17 00:00:00 2001
From: "Dylan K. Taylor" <dktapps@pmmp.io>
Date: Sat, 4 Oct 2025 12:48:29 +0100
Subject: [PATCH] PrepareEncryptionTask: verify client key before entering task
 this ensures that whoever's giving invalid keys to the task gets properly
 blamed

---
 src/network/mcpe/encryption/PrepareEncryptionTask.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/network/mcpe/encryption/PrepareEncryptionTask.php b/src/network/mcpe/encryption/PrepareEncryptionTask.php
index 5c982bad0..5167b7aea 100644
--- a/src/network/mcpe/encryption/PrepareEncryptionTask.php
+++ b/src/network/mcpe/encryption/PrepareEncryptionTask.php
@@ -51,6 +51,9 @@ class PrepareEncryptionTask extends AsyncTask{
 		private string $clientPub,
 		\Closure $onCompletion
 	){
+		//make sure the key is valid before we break the stack trace
+		//TODO: maybe in the future we should require OpenSSLAsymmetricKey here instead of string
+		JwtUtils::parseDerPublicKey($this->clientPub);
 		if(self::$SERVER_PRIVATE_KEY === null){
 			$serverPrivateKey = openssl_pkey_new(["ec" => ["curve_name" => "secp384r1"]]);
 			if($serverPrivateKey === false){