mirror of
https://github.com/GravitLauncher/Launcher
synced 2024-12-31 20:59:54 +03:00
[FEATURE] AuthRSAPassword AuthAESPassword
This commit is contained in:
parent
70c2e1c1af
commit
7015d45088
6 changed files with 98 additions and 12 deletions
|
@ -3,8 +3,8 @@
|
|||
import io.netty.channel.ChannelHandlerContext;
|
||||
import pro.gravit.launcher.events.request.AuthRequestEvent;
|
||||
import pro.gravit.launcher.request.auth.AuthRequest;
|
||||
import pro.gravit.launcher.request.auth.password.AuthECPassword;
|
||||
import pro.gravit.launcher.request.auth.password.AuthPlainPassword;
|
||||
import pro.gravit.launcher.request.auth.password.*;
|
||||
import pro.gravit.launchserver.LaunchServer;
|
||||
import pro.gravit.launchserver.auth.AuthException;
|
||||
import pro.gravit.launchserver.auth.AuthProviderPair;
|
||||
import pro.gravit.launchserver.auth.provider.AuthProvider;
|
||||
|
@ -20,6 +20,7 @@
|
|||
import pro.gravit.utils.helper.VerifyHelper;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Random;
|
||||
|
@ -49,14 +50,7 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti
|
|||
AuthProvider.authError("Don't skip Launcher Update");
|
||||
return;
|
||||
}
|
||||
if (password instanceof AuthECPassword) {
|
||||
try {
|
||||
password = new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey
|
||||
, ((AuthECPassword) password).password)));
|
||||
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
|
||||
throw new AuthException("Password decryption error");
|
||||
}
|
||||
}
|
||||
|
||||
if (clientData.isAuth) {
|
||||
if (LogHelper.isDevEnabled()) {
|
||||
LogHelper.warning("Client %s double auth", clientData.username == null ? ip : clientData.username);
|
||||
|
@ -75,6 +69,22 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti
|
|||
AuthProvider provider = pair.provider;
|
||||
server.authHookManager.preHook.hook(context, clientData);
|
||||
provider.preAuth(login, password, ip);
|
||||
if(password instanceof Auth2FAPassword) {
|
||||
AuthPlainPassword first = decryptPassword(server, ((Auth2FAPassword) password).firstPassword);
|
||||
AuthPlainPassword second = decryptPassword(server, ((Auth2FAPassword) password).secondPassword);
|
||||
if(first != null) {
|
||||
((Auth2FAPassword) password).firstPassword = first;
|
||||
}
|
||||
if(second != null) {
|
||||
((Auth2FAPassword) password).secondPassword = second;
|
||||
}
|
||||
}
|
||||
else {
|
||||
AuthPlainPassword passwd = decryptPassword(server, password);
|
||||
if(passwd != null) {
|
||||
password = passwd;
|
||||
}
|
||||
}
|
||||
AuthProviderResult aresult = provider.auth(login, password, ip);
|
||||
if (!VerifyHelper.isValidUsername(aresult.username)) {
|
||||
AuthProvider.authError(String.format("Illegal result: '%s'", aresult.username));
|
||||
|
@ -120,6 +130,37 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti
|
|||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("deprecation")
|
||||
public static AuthPlainPassword decryptPassword(LaunchServer server, AuthRequest.AuthPasswordInterface password) throws Exception {
|
||||
if (password instanceof AuthECPassword) {
|
||||
try {
|
||||
return new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey
|
||||
, ((AuthECPassword) password).password)));
|
||||
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
|
||||
throw new AuthException("Password decryption error");
|
||||
}
|
||||
}
|
||||
if (password instanceof AuthAESPassword) {
|
||||
try {
|
||||
return new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(server.runtime.passwordEncryptKey
|
||||
, ((AuthAESPassword) password).password)));
|
||||
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
|
||||
throw new AuthException("Password decryption error");
|
||||
}
|
||||
}
|
||||
if(password instanceof AuthRSAPassword) {
|
||||
try {
|
||||
Cipher cipher = SecurityHelper.newRSADecryptCipher(server.keyAgreementManager.rsaPrivateKey);
|
||||
return new AuthPlainPassword(
|
||||
IOHelper.decode(cipher.doFinal(((AuthRSAPassword) password).password))
|
||||
);
|
||||
} catch (IllegalBlockSizeException | BadPaddingException ignored) {
|
||||
throw new AuthException("Password decryption error");
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public enum ConnectTypes {
|
||||
@Deprecated
|
||||
SERVER,
|
||||
|
|
|
@ -22,6 +22,7 @@ public final class AuthRequest extends Request<AuthRequestEvent> implements WebS
|
|||
@LauncherNetworkAPI
|
||||
private final ConnectTypes authType;
|
||||
|
||||
@Deprecated
|
||||
public AuthRequest(String login, byte[] password) {
|
||||
this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty");
|
||||
this.password = new AuthECPassword(password.clone());
|
||||
|
@ -30,7 +31,7 @@ public AuthRequest(String login, byte[] password) {
|
|||
authType = ConnectTypes.CLIENT;
|
||||
}
|
||||
|
||||
|
||||
@Deprecated
|
||||
public AuthRequest(String login, byte[] password, String auth_id) {
|
||||
this.login = VerifyHelper.verify(login, VerifyHelper.NOT_EMPTY, "Login can't be empty");
|
||||
this.password = new AuthECPassword(password.clone());
|
||||
|
@ -39,6 +40,7 @@ public AuthRequest(String login, byte[] password, String auth_id) {
|
|||
authType = ConnectTypes.CLIENT;
|
||||
}
|
||||
|
||||
@Deprecated
|
||||
public AuthRequest(String login, byte[] encryptedPassword, String auth_id, ConnectTypes authType) {
|
||||
this.login = login;
|
||||
this.password = new AuthECPassword(encryptedPassword.clone());
|
||||
|
@ -63,10 +65,13 @@ public AuthRequest(String login, AuthPasswordInterface password, String auth_id,
|
|||
this.authType = authType;
|
||||
}
|
||||
|
||||
@SuppressWarnings("deprecation")
|
||||
public static void registerProviders() {
|
||||
if (!registerProviders) {
|
||||
providers.register("plain", AuthPlainPassword.class);
|
||||
providers.register("rsa2", AuthRSAPassword.class);
|
||||
providers.register("rsa", AuthECPassword.class);
|
||||
providers.register("aes", AuthAESPassword.class);
|
||||
providers.register("2fa", Auth2FAPassword.class);
|
||||
providers.register("signature", AuthSignaturePassword.class);
|
||||
providers.register("totp", AuthTOTPPassword.class);
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
package pro.gravit.launcher.request.auth.password;
|
||||
|
||||
import pro.gravit.launcher.LauncherNetworkAPI;
|
||||
import pro.gravit.launcher.request.auth.AuthRequest;
|
||||
|
||||
public class AuthAESPassword implements AuthRequest.AuthPasswordInterface {
|
||||
@LauncherNetworkAPI
|
||||
public final byte[] password;
|
||||
|
||||
public AuthAESPassword(byte[] aesEncryptedPassword) {
|
||||
this.password = aesEncryptedPassword;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean check() {
|
||||
return true;
|
||||
}
|
||||
}
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
import pro.gravit.launcher.LauncherNetworkAPI;
|
||||
import pro.gravit.launcher.request.auth.AuthRequest;
|
||||
|
||||
@Deprecated
|
||||
public class AuthECPassword implements AuthRequest.AuthPasswordInterface {
|
||||
@LauncherNetworkAPI
|
||||
public final byte[] password;
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
package pro.gravit.launcher.request.auth.password;
|
||||
|
||||
import pro.gravit.launcher.request.auth.AuthRequest;
|
||||
|
||||
public class AuthRSAPassword implements AuthRequest.AuthPasswordInterface {
|
||||
public final byte[] password;
|
||||
|
||||
public AuthRSAPassword(byte[] rsaEncryptedPassword) {
|
||||
this.password = rsaEncryptedPassword;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean check() {
|
||||
return true;
|
||||
}
|
||||
}
|
|
@ -7,6 +7,12 @@ public class AuthSignaturePassword implements AuthRequest.AuthPasswordInterface
|
|||
public byte[] publicKey;
|
||||
public byte[] salt;
|
||||
|
||||
public AuthSignaturePassword(byte[] signature, byte[] publicKey, byte[] salt) {
|
||||
this.signature = signature;
|
||||
this.publicKey = publicKey;
|
||||
this.salt = salt;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean check() {
|
||||
return true;
|
||||
|
|
Loading…
Reference in a new issue