mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-09-05 01:16:15 +00:00
Code Issues Projects Releases Wiki Activity

Added JwtUtils::parse(), make ProcessLoginTask more robust

Browse Source
This commit is contained in:
Dylan K. Taylor
2020-05-13 13:36:42 +01:00
parent c69411c984
commit 8c2878fe5b
3 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/network/mcpe/auth/ProcessLoginTask.php
View File

@ -36,7 +36,6 @@ use function base64_decode;
use function bin2hex;
use function explode;
use function gmp_init;
use function json_decode;
use function openssl_verify;
use function str_split;
use function strlen;
@ -115,7 +114,11 @@ class ProcessLoginTask extends AsyncTask{
* @throws VerifyLoginException if errors are encountered
*/
private function validateToken(string $jwt, ?string &$currentPublicKey, bool $first = false) : void{
[$headB64, $payloadB64, $sigB64] = explode('.', $jwt);
try{
[$headers, $claims, $plainSignature] = JwtUtils::parse($jwt);
}catch(\UnexpectedValueException $e){
throw new VerifyLoginException("Failed to parse JWT: " . $e->getMessage(), 0, $e);
}
if($currentPublicKey === null){
if(!$first){
@ -123,7 +126,6 @@ class ProcessLoginTask extends AsyncTask{
}
//First link, check that it is self-signed
$headers = json_decode(JwtUtils::b64UrlDecode($headB64), true);
$currentPublicKey = $headers["x5u"];
}
@ -148,8 +150,6 @@ class ProcessLoginTask extends AsyncTask{
$this->authenticated = true; //we're signed into xbox live
}
$claims = json_decode(JwtUtils::b64UrlDecode($payloadB64), true);
$time = time();
if(isset($claims["nbf"]) and $claims["nbf"] > $time + self::CLOCK_DRIFT_MAX){
throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.tooEarly");