mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-05-19 04:05:31 +00:00
Code Issues Projects Releases Wiki Activity

Merge commit '09771849aefb70bc29202b160f65723cf926c974'

Browse Source 
# Conflicts:
#	resources/vanilla
#	src/pocketmine/network/mcpe/VerifyLoginTask.php
This commit is contained in:
Dylan K. Taylor 2020-06-17 21:10:59 +01:00
commit 8cabab20e3
2 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/network/mcpe/auth/ProcessLoginTask.php
View File

@ -28,12 +28,13 @@ use Mdanter\Ecc\Crypto\Key\PublicKeyInterface;
use Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer; use Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer;
use pocketmine\network\mcpe\JwtException; use pocketmine\network\mcpe\JwtException;
use pocketmine\network\mcpe\JwtUtils; use pocketmine\network\mcpe\JwtUtils;
use pocketmine\network\mcpe\protocol\LoginPacket;
use pocketmine\network\mcpe\protocol\types\login\JwtChainLinkBody; use pocketmine\network\mcpe\protocol\types\login\JwtChainLinkBody;
use pocketmine\network\mcpe\protocol\types\login\JwtHeader; use pocketmine\network\mcpe\protocol\types\login\JwtHeader;
use pocketmine\scheduler\AsyncTask; use pocketmine\scheduler\AsyncTask;
use function base64_decode; use function base64_decode;
use function serialize;
use function time; use function time;
use function unserialize;
class ProcessLoginTask extends AsyncTask{ class ProcessLoginTask extends AsyncTask{
private const TLS_KEY_ON_COMPLETION = "completion"; private const TLS_KEY_ON_COMPLETION = "completion";
@ -42,8 +43,10 @@ class ProcessLoginTask extends AsyncTask{
private const CLOCK_DRIFT_MAX = 60; private const CLOCK_DRIFT_MAX = 60;
/** @var LoginPacket */ /** @var string */
private $packet; private $chain;
/** @var string */
private $clientDataJwt;
/** /**
* @var string|null * @var string|null
@ -65,11 +68,13 @@ class ProcessLoginTask extends AsyncTask{
private $clientPublicKey = null; private $clientPublicKey = null;
/** /**
* @param string[] $chainJwts
* @phpstan-var \Closure(bool $isAuthenticated, bool $authRequired, ?string $error, ?PublicKeyInterface $clientPublicKey) : void $onCompletion * @phpstan-var \Closure(bool $isAuthenticated, bool $authRequired, ?string $error, ?PublicKeyInterface $clientPublicKey) : void $onCompletion
*/ */
public function __construct(LoginPacket $packet, bool $authRequired, \Closure $onCompletion){ public function __construct(array $chainJwts, string $clientDataJwt, bool $authRequired, \Closure $onCompletion){
$this->storeLocal(self::TLS_KEY_ON_COMPLETION, $onCompletion); $this->storeLocal(self::TLS_KEY_ON_COMPLETION, $onCompletion);
$this->packet = $packet; $this->chain = serialize($chainJwts);
$this->clientDataJwt = $clientDataJwt;
$this->authRequired = $authRequired; $this->authRequired = $authRequired;
} }
@ -83,12 +88,13 @@ class ProcessLoginTask extends AsyncTask{
} }
private function validateChain() : PublicKeyInterface{ private function validateChain() : PublicKeyInterface{
$packet = $this->packet; /** @var string[] $chain */
$chain = unserialize($this->chain);
$currentKey = null; $currentKey = null;
$first = true; $first = true;
foreach($packet->chainDataJwt->chain as $jwt){ foreach($chain as $jwt){
$this->validateToken($jwt, $currentKey, $first); $this->validateToken($jwt, $currentKey, $first);
if($first){ if($first){
$first = false; $first = false;
@ -98,7 +104,7 @@ class ProcessLoginTask extends AsyncTask{
/** @var string $clientKey */ /** @var string $clientKey */
$clientKey = $currentKey; $clientKey = $currentKey;
$this->validateToken($packet->clientDataJwt, $currentKey); $this->validateToken($this->clientDataJwt, $currentKey);
return (new DerPublicKeySerializer())->parse(base64_decode($clientKey, true)); return (new DerPublicKeySerializer())->parse(base64_decode($clientKey, true));
} }

2
src/network/mcpe/handler/LoginPacketHandler.php
View File

@ -270,7 +270,7 @@ class LoginPacketHandler extends PacketHandler{
* @throws \InvalidArgumentException * @throws \InvalidArgumentException
*/ */
protected function processLogin(LoginPacket $packet, bool $authRequired) : void{ protected function processLogin(LoginPacket $packet, bool $authRequired) : void{
$this->server->getAsyncPool()->submitTask(new ProcessLoginTask($packet, $authRequired, $this->authCallback)); $this->server->getAsyncPool()->submitTask(new ProcessLoginTask($packet->chainDataJwt->chain, $packet->clientDataJwt, $authRequired, $this->authCallback));
$this->session->setHandler(null); //drop packets received during login verification $this->session->setHandler(null); //drop packets received during login verification
} }