[FEATURE] AuthRSAPassword AuthAESPassword

This commit is contained in:
Gravita 2021-04-07 15:20:09 +07:00
parent 70c2e1c1af
commit 7015d45088
6 changed files with 98 additions and 12 deletions

View file

@ -3,8 +3,8 @@
import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelHandlerContext;
import pro.gravit.launcher.events.request.AuthRequestEvent; import pro.gravit.launcher.events.request.AuthRequestEvent;
import pro.gravit.launcher.request.auth.AuthRequest; import pro.gravit.launcher.request.auth.AuthRequest;
import pro.gravit.launcher.request.auth.password.AuthECPassword; import pro.gravit.launcher.request.auth.password.*;
import pro.gravit.launcher.request.auth.password.AuthPlainPassword; import pro.gravit.launchserver.LaunchServer;
import pro.gravit.launchserver.auth.AuthException; import pro.gravit.launchserver.auth.AuthException;
import pro.gravit.launchserver.auth.AuthProviderPair; import pro.gravit.launchserver.auth.AuthProviderPair;
import pro.gravit.launchserver.auth.provider.AuthProvider; import pro.gravit.launchserver.auth.provider.AuthProvider;
@ -20,6 +20,7 @@
import pro.gravit.utils.helper.VerifyHelper; import pro.gravit.utils.helper.VerifyHelper;
import javax.crypto.BadPaddingException; import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException; import javax.crypto.IllegalBlockSizeException;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.Random; import java.util.Random;
@ -49,14 +50,7 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti
AuthProvider.authError("Don't skip Launcher Update"); AuthProvider.authError("Don't skip Launcher Update");
return; return;
} }
if (password instanceof AuthECPassword) {
try {
password = new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey
, ((AuthECPassword) password).password)));
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
throw new AuthException("Password decryption error");
}
}
if (clientData.isAuth) { if (clientData.isAuth) {
if (LogHelper.isDevEnabled()) { if (LogHelper.isDevEnabled()) {
LogHelper.warning("Client %s double auth", clientData.username == null ? ip : clientData.username); LogHelper.warning("Client %s double auth", clientData.username == null ? ip : clientData.username);
@ -75,6 +69,22 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti
AuthProvider provider = pair.provider; AuthProvider provider = pair.provider;
server.authHookManager.preHook.hook(context, clientData); server.authHookManager.preHook.hook(context, clientData);
provider.preAuth(login, password, ip); provider.preAuth(login, password, ip);
if(password instanceof Auth2FAPassword) {
AuthPlainPassword first = decryptPassword(server, ((Auth2FAPassword) password).firstPassword);
AuthPlainPassword second = decryptPassword(server, ((Auth2FAPassword) password).secondPassword);
if(first != null) {
((Auth2FAPassword) password).firstPassword = first;
}
if(second != null) {
((Auth2FAPassword) password).secondPassword = second;
}
}
else {
AuthPlainPassword passwd = decryptPassword(server, password);
if(passwd != null) {
password = passwd;
}
}
AuthProviderResult aresult = provider.auth(login, password, ip); AuthProviderResult aresult = provider.auth(login, password, ip);
if (!VerifyHelper.isValidUsername(aresult.username)) { if (!VerifyHelper.isValidUsername(aresult.username)) {
AuthProvider.authError(String.format("Illegal result: '%s'", aresult.username)); AuthProvider.authError(String.format("Illegal result: '%s'", aresult.username));
@ -120,6 +130,37 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti
} }
} }
@SuppressWarnings("deprecation")
public static AuthPlainPassword decryptPassword(LaunchServer server, AuthRequest.AuthPasswordInterface password) throws Exception {
if (password instanceof AuthECPassword) {
try {
return new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey
, ((AuthECPassword) password).password)));
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
throw new AuthException("Password decryption error");
}
}
if (password instanceof AuthAESPassword) {
try {
return new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey
, ((AuthAESPassword) password).password)));
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
throw new AuthException("Password decryption error");
}
}
if(password instanceof AuthRSAPassword) {
try {
Cipher cipher = SecurityHelper.newRSADecryptCipher(server.keyAgreementManager.rsaPrivateKey);
return new AuthPlainPassword(
IOHelper.decode(cipher.doFinal(((AuthRSAPassword) password).password))
);
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
throw new AuthException("Password decryption error");
}
}
return null;
}
public enum ConnectTypes { public enum ConnectTypes {
@Deprecated @Deprecated
SERVER, SERVER,

View file

@ -22,6 +22,7 @@ public final class AuthRequest extends Request<AuthRequestEvent> implements WebS
@LauncherNetworkAPI @LauncherNetworkAPI
private final ConnectTypes authType; private final ConnectTypes authType;
@Deprecated
public AuthRequest(String login, byte[] password) { public AuthRequest(String login, byte[] password) {
this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty"); this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty");
this.password = new AuthECPassword(password.clone()); this.password = new AuthECPassword(password.clone());
@ -30,7 +31,7 @@ public AuthRequest(String login, byte[] password) {
authType = ConnectTypes.CLIENT; authType = ConnectTypes.CLIENT;
} }
@Deprecated
public AuthRequest(String login, byte[] password, String auth_id) { public AuthRequest(String login, byte[] password, String auth_id) {
this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty"); this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty");
this.password = new AuthECPassword(password.clone()); this.password = new AuthECPassword(password.clone());
@ -39,6 +40,7 @@ public AuthRequest(String login, byte[] password, String auth_id) {
authType = ConnectTypes.CLIENT; authType = ConnectTypes.CLIENT;
} }
@Deprecated
public AuthRequest(String login, byte[] encryptedPassword, String auth_id, ConnectTypes authType) { public AuthRequest(String login, byte[] encryptedPassword, String auth_id, ConnectTypes authType) {
this.login = login; this.login = login;
this.password = new AuthECPassword(encryptedPassword.clone()); this.password = new AuthECPassword(encryptedPassword.clone());
@ -63,10 +65,13 @@ public AuthRequest(String login, AuthPasswordInterface password, String auth_id,
this.authType = authType; this.authType = authType;
} }
@SuppressWarnings("deprecation")
public static void registerProviders() { public static void registerProviders() {
if (!registerProviders) { if (!registerProviders) {
providers.register("plain", AuthPlainPassword.class); providers.register("plain", AuthPlainPassword.class);
providers.register("rsa2", AuthRSAPassword.class);
providers.register("rsa", AuthECPassword.class); providers.register("rsa", AuthECPassword.class);
providers.register("aes", AuthAESPassword.class);
providers.register("2fa", Auth2FAPassword.class); providers.register("2fa", Auth2FAPassword.class);
providers.register("signature", AuthSignaturePassword.class); providers.register("signature", AuthSignaturePassword.class);
providers.register("totp", AuthTOTPPassword.class); providers.register("totp", AuthTOTPPassword.class);

View file

@ -0,0 +1,18 @@
package pro.gravit.launcher.request.auth.password;
import pro.gravit.launcher.LauncherNetworkAPI;
import pro.gravit.launcher.request.auth.AuthRequest;
public class AuthAESPassword implements AuthRequest.AuthPasswordInterface {
@LauncherNetworkAPI
public final byte[] password;
public AuthAESPassword(byte[] aesEncryptedPassword) {
this.password = aesEncryptedPassword;
}
@Override
public boolean check() {
return true;
}
}

View file

@ -2,7 +2,7 @@
import pro.gravit.launcher.LauncherNetworkAPI; import pro.gravit.launcher.LauncherNetworkAPI;
import pro.gravit.launcher.request.auth.AuthRequest; import pro.gravit.launcher.request.auth.AuthRequest;
@Deprecated
public class AuthECPassword implements AuthRequest.AuthPasswordInterface { public class AuthECPassword implements AuthRequest.AuthPasswordInterface {
@LauncherNetworkAPI @LauncherNetworkAPI
public final byte[] password; public final byte[] password;

View file

@ -0,0 +1,16 @@
package pro.gravit.launcher.request.auth.password;
import pro.gravit.launcher.request.auth.AuthRequest;
public class AuthRSAPassword implements AuthRequest.AuthPasswordInterface {
public final byte[] password;
public AuthRSAPassword(byte[] rsaEncryptedPassword) {
this.password = rsaEncryptedPassword;
}
@Override
public boolean check() {
return true;
}
}

View file

@ -7,6 +7,12 @@ public class AuthSignaturePassword implements AuthRequest.AuthPasswordInterface
public byte[] publicKey; public byte[] publicKey;
public byte[] salt; public byte[] salt;
public AuthSignaturePassword(byte[] signature, byte[] publicKey, byte[] salt) {
this.signature = signature;
this.publicKey = publicKey;
this.salt = salt;
}
@Override @Override
public boolean check() { public boolean check() {
return true; return true;