mirror of
https://github.com/GravitLauncher/Launcher
synced 2024-12-23 00:51:01 +03:00
[FEATURE] AuthRSAPassword AuthAESPassword
This commit is contained in:
parent
70c2e1c1af
commit
7015d45088
6 changed files with 98 additions and 12 deletions
|
@ -3,8 +3,8 @@
|
||||||
import io.netty.channel.ChannelHandlerContext;
|
import io.netty.channel.ChannelHandlerContext;
|
||||||
import pro.gravit.launcher.events.request.AuthRequestEvent;
|
import pro.gravit.launcher.events.request.AuthRequestEvent;
|
||||||
import pro.gravit.launcher.request.auth.AuthRequest;
|
import pro.gravit.launcher.request.auth.AuthRequest;
|
||||||
import pro.gravit.launcher.request.auth.password.AuthECPassword;
|
import pro.gravit.launcher.request.auth.password.*;
|
||||||
import pro.gravit.launcher.request.auth.password.AuthPlainPassword;
|
import pro.gravit.launchserver.LaunchServer;
|
||||||
import pro.gravit.launchserver.auth.AuthException;
|
import pro.gravit.launchserver.auth.AuthException;
|
||||||
import pro.gravit.launchserver.auth.AuthProviderPair;
|
import pro.gravit.launchserver.auth.AuthProviderPair;
|
||||||
import pro.gravit.launchserver.auth.provider.AuthProvider;
|
import pro.gravit.launchserver.auth.provider.AuthProvider;
|
||||||
|
@ -20,6 +20,7 @@
|
||||||
import pro.gravit.utils.helper.VerifyHelper;
|
import pro.gravit.utils.helper.VerifyHelper;
|
||||||
|
|
||||||
import javax.crypto.BadPaddingException;
|
import javax.crypto.BadPaddingException;
|
||||||
|
import javax.crypto.Cipher;
|
||||||
import javax.crypto.IllegalBlockSizeException;
|
import javax.crypto.IllegalBlockSizeException;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
import java.util.Random;
|
import java.util.Random;
|
||||||
|
@ -49,14 +50,7 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti
|
||||||
AuthProvider.authError("Don't skip Launcher Update");
|
AuthProvider.authError("Don't skip Launcher Update");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (password instanceof AuthECPassword) {
|
|
||||||
try {
|
|
||||||
password = new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey
|
|
||||||
, ((AuthECPassword) password).password)));
|
|
||||||
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
|
|
||||||
throw new AuthException("Password decryption error");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (clientData.isAuth) {
|
if (clientData.isAuth) {
|
||||||
if (LogHelper.isDevEnabled()) {
|
if (LogHelper.isDevEnabled()) {
|
||||||
LogHelper.warning("Client %s double auth", clientData.username == null ? ip : clientData.username);
|
LogHelper.warning("Client %s double auth", clientData.username == null ? ip : clientData.username);
|
||||||
|
@ -75,6 +69,22 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti
|
||||||
AuthProvider provider = pair.provider;
|
AuthProvider provider = pair.provider;
|
||||||
server.authHookManager.preHook.hook(context, clientData);
|
server.authHookManager.preHook.hook(context, clientData);
|
||||||
provider.preAuth(login, password, ip);
|
provider.preAuth(login, password, ip);
|
||||||
|
if(password instanceof Auth2FAPassword) {
|
||||||
|
AuthPlainPassword first = decryptPassword(server, ((Auth2FAPassword) password).firstPassword);
|
||||||
|
AuthPlainPassword second = decryptPassword(server, ((Auth2FAPassword) password).secondPassword);
|
||||||
|
if(first != null) {
|
||||||
|
((Auth2FAPassword) password).firstPassword = first;
|
||||||
|
}
|
||||||
|
if(second != null) {
|
||||||
|
((Auth2FAPassword) password).secondPassword = second;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
AuthPlainPassword passwd = decryptPassword(server, password);
|
||||||
|
if(passwd != null) {
|
||||||
|
password = passwd;
|
||||||
|
}
|
||||||
|
}
|
||||||
AuthProviderResult aresult = provider.auth(login, password, ip);
|
AuthProviderResult aresult = provider.auth(login, password, ip);
|
||||||
if (!VerifyHelper.isValidUsername(aresult.username)) {
|
if (!VerifyHelper.isValidUsername(aresult.username)) {
|
||||||
AuthProvider.authError(String.format("Illegal result: '%s'", aresult.username));
|
AuthProvider.authError(String.format("Illegal result: '%s'", aresult.username));
|
||||||
|
@ -120,6 +130,37 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("deprecation")
|
||||||
|
public static AuthPlainPassword decryptPassword(LaunchServer server, AuthRequest.AuthPasswordInterface password) throws Exception {
|
||||||
|
if (password instanceof AuthECPassword) {
|
||||||
|
try {
|
||||||
|
return new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey
|
||||||
|
, ((AuthECPassword) password).password)));
|
||||||
|
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
|
||||||
|
throw new AuthException("Password decryption error");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (password instanceof AuthAESPassword) {
|
||||||
|
try {
|
||||||
|
return new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey
|
||||||
|
, ((AuthAESPassword) password).password)));
|
||||||
|
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
|
||||||
|
throw new AuthException("Password decryption error");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(password instanceof AuthRSAPassword) {
|
||||||
|
try {
|
||||||
|
Cipher cipher = SecurityHelper.newRSADecryptCipher(server.keyAgreementManager.rsaPrivateKey);
|
||||||
|
return new AuthPlainPassword(
|
||||||
|
IOHelper.decode(cipher.doFinal(((AuthRSAPassword) password).password))
|
||||||
|
);
|
||||||
|
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
|
||||||
|
throw new AuthException("Password decryption error");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
public enum ConnectTypes {
|
public enum ConnectTypes {
|
||||||
@Deprecated
|
@Deprecated
|
||||||
SERVER,
|
SERVER,
|
||||||
|
|
|
@ -22,6 +22,7 @@ public final class AuthRequest extends Request<AuthRequestEvent> implements WebS
|
||||||
@LauncherNetworkAPI
|
@LauncherNetworkAPI
|
||||||
private final ConnectTypes authType;
|
private final ConnectTypes authType;
|
||||||
|
|
||||||
|
@Deprecated
|
||||||
public AuthRequest(String login, byte[] password) {
|
public AuthRequest(String login, byte[] password) {
|
||||||
this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty");
|
this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty");
|
||||||
this.password = new AuthECPassword(password.clone());
|
this.password = new AuthECPassword(password.clone());
|
||||||
|
@ -30,7 +31,7 @@ public AuthRequest(String login, byte[] password) {
|
||||||
authType = ConnectTypes.CLIENT;
|
authType = ConnectTypes.CLIENT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Deprecated
|
||||||
public AuthRequest(String login, byte[] password, String auth_id) {
|
public AuthRequest(String login, byte[] password, String auth_id) {
|
||||||
this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty");
|
this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty");
|
||||||
this.password = new AuthECPassword(password.clone());
|
this.password = new AuthECPassword(password.clone());
|
||||||
|
@ -39,6 +40,7 @@ public AuthRequest(String login, byte[] password, String auth_id) {
|
||||||
authType = ConnectTypes.CLIENT;
|
authType = ConnectTypes.CLIENT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Deprecated
|
||||||
public AuthRequest(String login, byte[] encryptedPassword, String auth_id, ConnectTypes authType) {
|
public AuthRequest(String login, byte[] encryptedPassword, String auth_id, ConnectTypes authType) {
|
||||||
this.login = login;
|
this.login = login;
|
||||||
this.password = new AuthECPassword(encryptedPassword.clone());
|
this.password = new AuthECPassword(encryptedPassword.clone());
|
||||||
|
@ -63,10 +65,13 @@ public AuthRequest(String login, AuthPasswordInterface password, String auth_id,
|
||||||
this.authType = authType;
|
this.authType = authType;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("deprecation")
|
||||||
public static void registerProviders() {
|
public static void registerProviders() {
|
||||||
if (!registerProviders) {
|
if (!registerProviders) {
|
||||||
providers.register("plain", AuthPlainPassword.class);
|
providers.register("plain", AuthPlainPassword.class);
|
||||||
|
providers.register("rsa2", AuthRSAPassword.class);
|
||||||
providers.register("rsa", AuthECPassword.class);
|
providers.register("rsa", AuthECPassword.class);
|
||||||
|
providers.register("aes", AuthAESPassword.class);
|
||||||
providers.register("2fa", Auth2FAPassword.class);
|
providers.register("2fa", Auth2FAPassword.class);
|
||||||
providers.register("signature", AuthSignaturePassword.class);
|
providers.register("signature", AuthSignaturePassword.class);
|
||||||
providers.register("totp", AuthTOTPPassword.class);
|
providers.register("totp", AuthTOTPPassword.class);
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
package pro.gravit.launcher.request.auth.password;
|
||||||
|
|
||||||
|
import pro.gravit.launcher.LauncherNetworkAPI;
|
||||||
|
import pro.gravit.launcher.request.auth.AuthRequest;
|
||||||
|
|
||||||
|
public class AuthAESPassword implements AuthRequest.AuthPasswordInterface {
|
||||||
|
@LauncherNetworkAPI
|
||||||
|
public final byte[] password;
|
||||||
|
|
||||||
|
public AuthAESPassword(byte[] aesEncryptedPassword) {
|
||||||
|
this.password = aesEncryptedPassword;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean check() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
import pro.gravit.launcher.LauncherNetworkAPI;
|
import pro.gravit.launcher.LauncherNetworkAPI;
|
||||||
import pro.gravit.launcher.request.auth.AuthRequest;
|
import pro.gravit.launcher.request.auth.AuthRequest;
|
||||||
|
@Deprecated
|
||||||
public class AuthECPassword implements AuthRequest.AuthPasswordInterface {
|
public class AuthECPassword implements AuthRequest.AuthPasswordInterface {
|
||||||
@LauncherNetworkAPI
|
@LauncherNetworkAPI
|
||||||
public final byte[] password;
|
public final byte[] password;
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
package pro.gravit.launcher.request.auth.password;
|
||||||
|
|
||||||
|
import pro.gravit.launcher.request.auth.AuthRequest;
|
||||||
|
|
||||||
|
public class AuthRSAPassword implements AuthRequest.AuthPasswordInterface {
|
||||||
|
public final byte[] password;
|
||||||
|
|
||||||
|
public AuthRSAPassword(byte[] rsaEncryptedPassword) {
|
||||||
|
this.password = rsaEncryptedPassword;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean check() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
|
@ -7,6 +7,12 @@ public class AuthSignaturePassword implements AuthRequest.AuthPasswordInterface
|
||||||
public byte[] publicKey;
|
public byte[] publicKey;
|
||||||
public byte[] salt;
|
public byte[] salt;
|
||||||
|
|
||||||
|
public AuthSignaturePassword(byte[] signature, byte[] publicKey, byte[] salt) {
|
||||||
|
this.signature = signature;
|
||||||
|
this.publicKey = publicKey;
|
||||||
|
this.salt = salt;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean check() {
|
public boolean check() {
|
||||||
return true;
|
return true;
|
||||||
|
|
Loading…
Reference in a new issue