Restrict VerifyLoginTask exception handling to known exceptions

everything else should produce a nice big stack trace for debugging purposes, because everything else is probably bugs

This fixes random exception error messages getting relayed to the client when a user does stupid things like editing the source code without knowing what they are doing.

src/pocketmine/network/VerifyLoginException.php

@@ -0,0 +1,28 @@
+<?php
+
+/*
+ *
+ *  ____            _        _   __  __ _                  __  __ ____
+ * |  _ \ ___   ___| | _____| |_|  \/  (_)_ __   ___      |  \/  |  _ \
+ * | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
+ * |  __/ (_) | (__|   <  __/ |_| |  | | | | | |  __/_____| |  | |  __/
+ * |_|   \___/ \___|_|\_\___|\__|_|  |_|_|_| |_|\___|     |_|  |_|_|
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * @author PocketMine Team
+ * @link http://www.pocketmine.net/
+ *
+ *
+*/
+
+declare(strict_types=1);
+
+namespace pocketmine\network;
+
+class VerifyLoginException extends \RuntimeException{
+
+}

src/pocketmine/network/mcpe/VerifyLoginTask.php

@@ -24,6 +24,7 @@ declare(strict_types=1);
 namespace pocketmine\network\mcpe;
 
 use pocketmine\network\mcpe\protocol\LoginPacket;
+use pocketmine\network\VerifyLoginException;
 use pocketmine\Player;
 use pocketmine\scheduler\AsyncTask;
 use pocketmine\Server;
@@ -70,7 +71,7 @@ class VerifyLoginTask extends AsyncTask{
 			$this->validateToken($packet->clientDataJwt, $currentKey);
 
 			$this->error = null;
-		}catch(\Throwable $e){
+		}catch(VerifyLoginException $e){
 			$this->error = $e->getMessage();
 		}
 	}
@@ -80,7 +81,7 @@ class VerifyLoginTask extends AsyncTask{
 	 * @param null|string $currentPublicKey
 	 * @param bool        $first
 	 *
-	 * @throws \RuntimeException if errors are encountered
+	 * @throws VerifyLoginException if errors are encountered
 	 */
 	private function validateToken(string $jwt, ?string &$currentPublicKey, bool $first = false) : void{
 		[$headB64, $payloadB64, $sigB64] = explode('.', $jwt);
@@ -89,7 +90,7 @@ class VerifyLoginTask extends AsyncTask{
 
 		if($currentPublicKey === null){
 			if(!$first){
-				throw new \RuntimeException("%pocketmine.disconnect.invalidSession.missingKey");
+				throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.missingKey");
 			}
 
 			//First link, check that it is self-signed
@@ -121,7 +122,7 @@ class VerifyLoginTask extends AsyncTask{
 
 		$v = openssl_verify("$headB64.$payloadB64", $derSignature, "-----BEGIN PUBLIC KEY-----\n" . wordwrap($currentPublicKey, 64, "\n", true) . "\n-----END PUBLIC KEY-----\n", OPENSSL_ALGO_SHA384);
 		if($v !== 1){
-			throw new \RuntimeException("%pocketmine.disconnect.invalidSession.badSignature");
+			throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.badSignature");
 		}
 
 		if($currentPublicKey === self::MOJANG_ROOT_PUBLIC_KEY){
@@ -132,11 +133,11 @@ class VerifyLoginTask extends AsyncTask{
 
 		$time = time();
 		if(isset($claims["nbf"]) and $claims["nbf"] > $time){
-			throw new \RuntimeException("%pocketmine.disconnect.invalidSession.tooEarly");
+			throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.tooEarly");
 		}
 
 		if(isset($claims["exp"]) and $claims["exp"] < $time){
-			throw new \RuntimeException("%pocketmine.disconnect.invalidSession.tooLate");
+			throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.tooLate");
 		}
 
 		$currentPublicKey = $claims["identityPublicKey"] ?? null; //if there are further links, the next link should be signed with this