diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java index 1ea89786..d548f05b 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java @@ -3,8 +3,8 @@ import io.netty.channel.ChannelHandlerContext; import pro.gravit.launcher.events.request.AuthRequestEvent; import pro.gravit.launcher.request.auth.AuthRequest; -import pro.gravit.launcher.request.auth.password.AuthECPassword; -import pro.gravit.launcher.request.auth.password.AuthPlainPassword; +import pro.gravit.launcher.request.auth.password.*; +import pro.gravit.launchserver.LaunchServer; import pro.gravit.launchserver.auth.AuthException; import pro.gravit.launchserver.auth.AuthProviderPair; import pro.gravit.launchserver.auth.provider.AuthProvider; @@ -20,6 +20,7 @@ import pro.gravit.utils.helper.VerifyHelper; import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import java.security.SecureRandom; import java.util.Random; @@ -49,14 +50,7 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti AuthProvider.authError("Don't skip Launcher Update"); return; } - if (password instanceof AuthECPassword) { - try { - password = new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey - , ((AuthECPassword) password).password))); - } catch (IllegalBlockSizeException | BadPaddingException ignored) { - throw new AuthException("Password decryption error"); - } - } + if (clientData.isAuth) { if (LogHelper.isDevEnabled()) { LogHelper.warning("Client %s double auth", clientData.username == null ? ip : clientData.username); @@ -75,6 +69,22 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti AuthProvider provider = pair.provider; server.authHookManager.preHook.hook(context, clientData); provider.preAuth(login, password, ip); + if(password instanceof Auth2FAPassword) { + AuthPlainPassword first = decryptPassword(server, ((Auth2FAPassword) password).firstPassword); + AuthPlainPassword second = decryptPassword(server, ((Auth2FAPassword) password).secondPassword); + if(first != null) { + ((Auth2FAPassword) password).firstPassword = first; + } + if(second != null) { + ((Auth2FAPassword) password).secondPassword = second; + } + } + else { + AuthPlainPassword passwd = decryptPassword(server, password); + if(passwd != null) { + password = passwd; + } + } AuthProviderResult aresult = provider.auth(login, password, ip); if (!VerifyHelper.isValidUsername(aresult.username)) { AuthProvider.authError(String.format("Illegal result: '%s'", aresult.username)); @@ -120,6 +130,37 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti } } + @SuppressWarnings("deprecation") + public static AuthPlainPassword decryptPassword(LaunchServer server, AuthRequest.AuthPasswordInterface password) throws Exception { + if (password instanceof AuthECPassword) { + try { + return new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey + , ((AuthECPassword) password).password))); + } catch (IllegalBlockSizeException | BadPaddingException ignored) { + throw new AuthException("Password decryption error"); + } + } + if (password instanceof AuthAESPassword) { + try { + return new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey + , ((AuthAESPassword) password).password))); + } catch (IllegalBlockSizeException | BadPaddingException ignored) { + throw new AuthException("Password decryption error"); + } + } + if(password instanceof AuthRSAPassword) { + try { + Cipher cipher = SecurityHelper.newRSADecryptCipher(server.keyAgreementManager.rsaPrivateKey); + return new AuthPlainPassword( + IOHelper.decode(cipher.doFinal(((AuthRSAPassword) password).password)) + ); + } catch (IllegalBlockSizeException | BadPaddingException ignored) { + throw new AuthException("Password decryption error"); + } + } + return null; + } + public enum ConnectTypes { @Deprecated SERVER, diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/AuthRequest.java b/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/AuthRequest.java index e51b8505..256bf190 100644 --- a/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/AuthRequest.java +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/AuthRequest.java @@ -22,6 +22,7 @@ public final class AuthRequest extends Request implements WebS @LauncherNetworkAPI private final ConnectTypes authType; + @Deprecated public AuthRequest(String login, byte[] password) { this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty"); this.password = new AuthECPassword(password.clone()); @@ -30,7 +31,7 @@ public AuthRequest(String login, byte[] password) { authType = ConnectTypes.CLIENT; } - + @Deprecated public AuthRequest(String login, byte[] password, String auth_id) { this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty"); this.password = new AuthECPassword(password.clone()); @@ -39,6 +40,7 @@ public AuthRequest(String login, byte[] password, String auth_id) { authType = ConnectTypes.CLIENT; } + @Deprecated public AuthRequest(String login, byte[] encryptedPassword, String auth_id, ConnectTypes authType) { this.login = login; this.password = new AuthECPassword(encryptedPassword.clone()); @@ -63,10 +65,13 @@ public AuthRequest(String login, AuthPasswordInterface password, String auth_id, this.authType = authType; } + @SuppressWarnings("deprecation") public static void registerProviders() { if (!registerProviders) { providers.register("plain", AuthPlainPassword.class); + providers.register("rsa2", AuthRSAPassword.class); providers.register("rsa", AuthECPassword.class); + providers.register("aes", AuthAESPassword.class); providers.register("2fa", Auth2FAPassword.class); providers.register("signature", AuthSignaturePassword.class); providers.register("totp", AuthTOTPPassword.class); diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthAESPassword.java b/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthAESPassword.java new file mode 100644 index 00000000..974afbec --- /dev/null +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthAESPassword.java @@ -0,0 +1,18 @@ +package pro.gravit.launcher.request.auth.password; + +import pro.gravit.launcher.LauncherNetworkAPI; +import pro.gravit.launcher.request.auth.AuthRequest; + +public class AuthAESPassword implements AuthRequest.AuthPasswordInterface { + @LauncherNetworkAPI + public final byte[] password; + + public AuthAESPassword(byte[] aesEncryptedPassword) { + this.password = aesEncryptedPassword; + } + + @Override + public boolean check() { + return true; + } +} diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthECPassword.java b/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthECPassword.java index b4e19f93..4e0d202e 100644 --- a/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthECPassword.java +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthECPassword.java @@ -2,7 +2,7 @@ import pro.gravit.launcher.LauncherNetworkAPI; import pro.gravit.launcher.request.auth.AuthRequest; - +@Deprecated public class AuthECPassword implements AuthRequest.AuthPasswordInterface { @LauncherNetworkAPI public final byte[] password; diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthRSAPassword.java b/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthRSAPassword.java new file mode 100644 index 00000000..cf126905 --- /dev/null +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthRSAPassword.java @@ -0,0 +1,16 @@ +package pro.gravit.launcher.request.auth.password; + +import pro.gravit.launcher.request.auth.AuthRequest; + +public class AuthRSAPassword implements AuthRequest.AuthPasswordInterface { + public final byte[] password; + + public AuthRSAPassword(byte[] rsaEncryptedPassword) { + this.password = rsaEncryptedPassword; + } + + @Override + public boolean check() { + return true; + } +} diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthSignaturePassword.java b/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthSignaturePassword.java index 7996aa2b..7a2f4eae 100644 --- a/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthSignaturePassword.java +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/request/auth/password/AuthSignaturePassword.java @@ -7,6 +7,12 @@ public class AuthSignaturePassword implements AuthRequest.AuthPasswordInterface public byte[] publicKey; public byte[] salt; + public AuthSignaturePassword(byte[] signature, byte[] publicKey, byte[] salt) { + this.signature = signature; + this.publicKey = publicKey; + this.salt = salt; + } + @Override public boolean check() { return true;