diff --git a/connector/src/main/java/org/geysermc/connector/GeyserConnector.java b/connector/src/main/java/org/geysermc/connector/GeyserConnector.java index 137a6238..5f6f39a6 100644 --- a/connector/src/main/java/org/geysermc/connector/GeyserConnector.java +++ b/connector/src/main/java/org/geysermc/connector/GeyserConnector.java @@ -25,8 +25,6 @@ package org.geysermc.connector; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; import com.nukkitx.protocol.bedrock.BedrockPacketCodec; import com.nukkitx.protocol.bedrock.BedrockServer; import com.nukkitx.protocol.bedrock.v361.Bedrock_v361; @@ -47,9 +45,11 @@ import org.geysermc.connector.network.translators.TranslatorsInit; import org.geysermc.connector.plugin.GeyserPluginLoader; import org.geysermc.connector.plugin.GeyserPluginManager; import org.geysermc.connector.thread.PingPassthroughThread; +import org.geysermc.connector.utils.FileUtils; import org.geysermc.connector.utils.Toolbox; -import java.io.*; +import java.io.File; +import java.io.IOException; import java.net.InetSocketAddress; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; @@ -112,21 +112,11 @@ public class GeyserConnector implements Connector { logger.info("******************************************"); try { - File configFile = new File("config.yml"); - if (!configFile.exists()) { - FileOutputStream fos = new FileOutputStream(configFile); - InputStream is = GeyserConnector.class.getResourceAsStream("/config.yml"); - int data; - while ((data = is.read()) != -1) - fos.write(data); - is.close(); - fos.close(); - } + File configFile = FileUtils.fileOrCopiedFromResource("config.yml"); - ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory()); - config = objectMapper.readValue(configFile, GeyserConfiguration.class); + config = FileUtils.loadConfig(configFile, GeyserConfiguration.class); } catch (IOException ex) { - logger.severe("Failed to create config.yml! Make sure it's up to date and writable!"); + logger.severe("Failed to read/create config.yml! Make sure it's up to date and/or readable+writable!"); shutdown(); } diff --git a/connector/src/main/java/org/geysermc/connector/configuration/GeyserConfiguration.java b/connector/src/main/java/org/geysermc/connector/configuration/GeyserConfiguration.java index fad95505..6d6185f0 100644 --- a/connector/src/main/java/org/geysermc/connector/configuration/GeyserConfiguration.java +++ b/connector/src/main/java/org/geysermc/connector/configuration/GeyserConfiguration.java @@ -28,12 +28,16 @@ package org.geysermc.connector.configuration; import com.fasterxml.jackson.annotation.JsonProperty; import lombok.Getter; +import java.util.Map; + @Getter public class GeyserConfiguration { private BedrockConfiguration bedrock; private RemoteConfiguration remote; + private Map userAuths; + @JsonProperty("ping-passthrough") private boolean pingPassthrough; diff --git a/connector/src/main/java/org/geysermc/connector/configuration/UserAuthenticationInfo.java b/connector/src/main/java/org/geysermc/connector/configuration/UserAuthenticationInfo.java new file mode 100644 index 00000000..e8ce1424 --- /dev/null +++ b/connector/src/main/java/org/geysermc/connector/configuration/UserAuthenticationInfo.java @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2019 GeyserMC. http://geysermc.org + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * @author GeyserMC + * @link https://github.com/GeyserMC/Geyser + */ + +package org.geysermc.connector.configuration; + +public class UserAuthenticationInfo { + public String email; + public String password; +} \ No newline at end of file diff --git a/connector/src/main/java/org/geysermc/connector/network/UpstreamPacketHandler.java b/connector/src/main/java/org/geysermc/connector/network/UpstreamPacketHandler.java index 6309aeea..7a0f4616 100644 --- a/connector/src/main/java/org/geysermc/connector/network/UpstreamPacketHandler.java +++ b/connector/src/main/java/org/geysermc/connector/network/UpstreamPacketHandler.java @@ -25,36 +25,14 @@ package org.geysermc.connector.network; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.node.JsonNodeType; -import com.nimbusds.jose.JWSObject; import com.nukkitx.protocol.bedrock.BedrockPacket; import com.nukkitx.protocol.bedrock.packet.*; -import com.nukkitx.protocol.bedrock.util.EncryptionUtils; -import net.minidev.json.JSONObject; -import org.geysermc.api.events.player.PlayerFormResponseEvent; -import org.geysermc.api.window.CustomFormBuilder; -import org.geysermc.api.window.CustomFormWindow; -import org.geysermc.api.window.FormWindow; -import org.geysermc.api.window.component.InputComponent; -import org.geysermc.api.window.component.LabelComponent; -import org.geysermc.api.window.response.CustomFormResponse; import org.geysermc.connector.GeyserConnector; +import org.geysermc.connector.configuration.UserAuthenticationInfo; import org.geysermc.connector.network.session.GeyserSession; -import org.geysermc.connector.network.session.auth.BedrockAuthData; -import org.geysermc.connector.network.session.cache.WindowCache; import org.geysermc.connector.network.translators.Registry; import org.geysermc.connector.utils.LoginEncryptionUtils; -import javax.crypto.SecretKey; -import java.io.IOException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PublicKey; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECGenParameterSpec; -import java.util.UUID; - public class UpstreamPacketHandler extends LoggingPacketHandler { public UpstreamPacketHandler(GeyserConnector connector, GeyserSession session) { @@ -75,49 +53,7 @@ public class UpstreamPacketHandler extends LoggingPacketHandler { return true; } - JsonNode certData; - try { - certData = LoginEncryptionUtils.JSON_MAPPER.readTree(loginPacket.getChainData().toByteArray()); - } catch (IOException ex) { - throw new RuntimeException("Certificate JSON can not be read."); - } - - JsonNode certChainData = certData.get("chain"); - if (certChainData.getNodeType() != JsonNodeType.ARRAY) { - throw new RuntimeException("Certificate data is not valid"); - } - - boolean validChain; - try { - validChain = LoginEncryptionUtils.validateChainData(certChainData); - - connector.getLogger().debug(String.format("Is player data valid? %s", validChain)); - - JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText()); - JsonNode payload = LoginEncryptionUtils.JSON_MAPPER.readTree(jwt.getPayload().toBytes()); - - if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) { - throw new RuntimeException("AuthData was not found!"); - } - - JSONObject extraData = (JSONObject) jwt.getPayload().toJSONObject().get("extraData"); - session.setAuthenticationData(new BedrockAuthData(extraData.getAsString("displayName"), UUID.fromString(extraData.getAsString("identity")), extraData.getAsString("XUID"))); - - if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) { - throw new RuntimeException("Identity Public Key was not found!"); - } - - ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue()); - JWSObject clientJwt = JWSObject.parse(loginPacket.getSkinData().toString()); - EncryptionUtils.verifyJwt(clientJwt, identityPublicKey); - - if (EncryptionUtils.canUseEncryption()) { - startEncryptionHandshake(identityPublicKey); - } - } catch (Exception ex) { - session.disconnect("disconnectionScreen.internalError.cantConnect"); - throw new RuntimeException("Unable to complete login", ex); - } + LoginEncryptionUtils.encryptPlayerConnection(connector, session, loginPacket); PlayStatusPacket playStatus = new PlayStatusPacket(); playStatus.setStatus(PlayStatusPacket.Status.LOGIN_SUCCESS); @@ -153,63 +89,41 @@ public class UpstreamPacketHandler extends LoggingPacketHandler { @Override public boolean handle(ModalFormResponsePacket packet) { connector.getLogger().debug("Handled packet: " + packet.getClass().getSimpleName()); - WindowCache windowCache = session.getWindowCache(); - if (!windowCache.getWindows().containsKey(packet.getFormId())) - return false; + return LoginEncryptionUtils.authenticateFromForm(session, connector, packet.getFormData()); + } - FormWindow window = windowCache.getWindows().remove(packet.getFormId()); - window.setResponse(packet.getFormData().trim()); + private boolean couldLoginUserByName(String bedrockUsername) { + if (connector.getConfig().getUserAuths() != null) { + UserAuthenticationInfo info = connector.getConfig().getUserAuths().get(bedrockUsername); - if (session.isLoggedIn()) { - PlayerFormResponseEvent event = new PlayerFormResponseEvent(session, packet.getFormId(), window); - connector.getPluginManager().runEvent(event); - } else { - if (window instanceof CustomFormWindow) { - CustomFormWindow customFormWindow = (CustomFormWindow) window; - if (!customFormWindow.getTitle().equals("Login")) - return false; + if (info != null) { + connector.getLogger().info("using stored credentials for bedrock user " + session.getAuthenticationData().getName()); + session.authenticate(info.email, info.password); - CustomFormResponse response = (CustomFormResponse) customFormWindow.getResponse(); - session.authenticate(response.getInputResponses().get(2), response.getInputResponses().get(3)); - - // Clear windows so authentication data isn't accidentally cached - windowCache.getWindows().clear(); + // TODO send a message to bedrock user telling them they are connected (if nothing like a motd + // somes from the Java server w/in a few seconds) + return true; } } - return true; + + return false; } @Override public boolean handle(MovePlayerPacket packet) { connector.getLogger().debug("Handled packet: " + packet.getClass().getSimpleName()); if (!session.isLoggedIn()) { - CustomFormWindow window = new CustomFormBuilder("Login") - .addComponent(new LabelComponent("Minecraft: Java Edition account authentication.")) - .addComponent(new LabelComponent("Enter the credentials for your Minecraft: Java Edition account below.")) - .addComponent(new InputComponent("Email/Username", "account@geysermc.org", "")) - .addComponent(new InputComponent("Password", "123456", "")) - .build(); + // TODO it is safer to key authentication on something that won't change (UUID, not username) + if (!couldLoginUserByName(session.getAuthenticationData().getName())) { + LoginEncryptionUtils.showLoginWindow(session); + } + // else we were able to log the user in - session.sendForm(window, 1); return true; } return false; } - private void startEncryptionHandshake(PublicKey key) throws Exception { - KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); - generator.initialize(new ECGenParameterSpec("secp384r1")); - KeyPair serverKeyPair = generator.generateKeyPair(); - - byte[] token = EncryptionUtils.generateRandomToken(); - SecretKey encryptionKey = EncryptionUtils.getSecretKey(serverKeyPair.getPrivate(), key, token); - session.getUpstream().enableEncryption(encryptionKey); - - ServerToClientHandshakePacket packet = new ServerToClientHandshakePacket(); - packet.setJwt(EncryptionUtils.createHandshakeJwt(serverKeyPair, token).serialize()); - session.getUpstream().sendPacketImmediately(packet); - } - @Override public boolean handle(AnimatePacket packet) { return translateAndDefault(packet); diff --git a/connector/src/main/java/org/geysermc/connector/network/session/GeyserSession.java b/connector/src/main/java/org/geysermc/connector/network/session/GeyserSession.java index 88413494..b7ca7a2f 100644 --- a/connector/src/main/java/org/geysermc/connector/network/session/GeyserSession.java +++ b/connector/src/main/java/org/geysermc/connector/network/session/GeyserSession.java @@ -158,8 +158,12 @@ public class GeyserSession implements PlayerSession, Player { public void disconnect(String reason) { if (!closed) { loggedIn = false; - downstream.getSession().disconnect(reason); - upstream.disconnect(reason); + if (downstream != null && downstream.getSession() != null) { + downstream.getSession().disconnect(reason); + } + if (upstream != null) { + upstream.disconnect(reason); + } } } diff --git a/connector/src/main/java/org/geysermc/connector/utils/FileUtils.java b/connector/src/main/java/org/geysermc/connector/utils/FileUtils.java new file mode 100644 index 00000000..435bd603 --- /dev/null +++ b/connector/src/main/java/org/geysermc/connector/utils/FileUtils.java @@ -0,0 +1,35 @@ +package org.geysermc.connector.utils; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; +import org.geysermc.connector.GeyserConnector; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; + +public class FileUtils { + public static T loadConfig(File src, Class valueType) throws IOException { + ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory()); + return objectMapper.readValue(src, valueType); + } + + public static File fileOrCopiedFromResource(String name) throws IOException { + File file = new File(name); + if (!file.exists()) { + FileOutputStream fos = new FileOutputStream(file); + InputStream is = GeyserConnector.class.getResourceAsStream("/" + name); // resources need leading "/" prefix + + int data; + while ((data = is.read()) != -1) + fos.write(data); + is.close(); + fos.close(); + } + + return file; + } + + +} diff --git a/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java b/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java index 47584fcc..a68e8b5c 100644 --- a/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java +++ b/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java @@ -6,15 +6,35 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.JsonNodeType; import com.nimbusds.jose.JWSObject; import com.nukkitx.network.util.Preconditions; +import com.nukkitx.protocol.bedrock.packet.LoginPacket; +import com.nukkitx.protocol.bedrock.packet.ServerToClientHandshakePacket; import com.nukkitx.protocol.bedrock.util.EncryptionUtils; +import net.minidev.json.JSONObject; +import org.geysermc.api.events.player.PlayerFormResponseEvent; +import org.geysermc.api.window.CustomFormBuilder; +import org.geysermc.api.window.CustomFormWindow; +import org.geysermc.api.window.FormWindow; +import org.geysermc.api.window.component.InputComponent; +import org.geysermc.api.window.component.LabelComponent; +import org.geysermc.api.window.response.CustomFormResponse; +import org.geysermc.connector.GeyserConnector; +import org.geysermc.connector.network.session.GeyserSession; +import org.geysermc.connector.network.session.auth.BedrockAuthData; +import org.geysermc.connector.network.session.cache.WindowCache; +import javax.crypto.SecretKey; +import java.io.IOException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PublicKey; import java.security.interfaces.ECPublicKey; +import java.security.spec.ECGenParameterSpec; +import java.util.UUID; public class LoginEncryptionUtils { + private static final ObjectMapper JSON_MAPPER = new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); - public static final ObjectMapper JSON_MAPPER = new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); - - public static boolean validateChainData(JsonNode data) throws Exception { + private static boolean validateChainData(JsonNode data) throws Exception { ECPublicKey lastKey = null; boolean validChain = false; for (JsonNode node : data) { @@ -35,4 +55,115 @@ public class LoginEncryptionUtils { } return validChain; } + + public static void encryptPlayerConnection(GeyserConnector connector, GeyserSession session, LoginPacket loginPacket) { + JsonNode certData; + try { + certData = JSON_MAPPER.readTree(loginPacket.getChainData().toByteArray()); + } catch (IOException ex) { + throw new RuntimeException("Certificate JSON can not be read."); + } + + JsonNode certChainData = certData.get("chain"); + if (certChainData.getNodeType() != JsonNodeType.ARRAY) { + throw new RuntimeException("Certificate data is not valid"); + } + + encryptConnectionWithCert(connector, session, loginPacket.getSkinData().toString(), certChainData); + } + + private static void encryptConnectionWithCert(GeyserConnector connector, GeyserSession session, String playerSkin, JsonNode certChainData) { + try { + boolean validChain = validateChainData(certChainData); + + connector.getLogger().debug(String.format("Is player data valid? %s", validChain)); + + JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText()); + JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes()); + + if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) { + throw new RuntimeException("AuthData was not found!"); + } + + JSONObject extraData = (JSONObject) jwt.getPayload().toJSONObject().get("extraData"); + session.setAuthenticationData(new BedrockAuthData(extraData.getAsString("displayName"), UUID.fromString(extraData.getAsString("identity")), extraData.getAsString("XUID"))); + + if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) { + throw new RuntimeException("Identity Public Key was not found!"); + } + + ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue()); + JWSObject clientJwt = JWSObject.parse(playerSkin); + EncryptionUtils.verifyJwt(clientJwt, identityPublicKey); + + if (EncryptionUtils.canUseEncryption()) { + LoginEncryptionUtils.startEncryptionHandshake(session, identityPublicKey); + } + } catch (Exception ex) { + session.disconnect("disconnectionScreen.internalError.cantConnect"); + throw new RuntimeException("Unable to complete login", ex); + } + } + + private static void startEncryptionHandshake(GeyserSession session, PublicKey key) throws Exception { + KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); + generator.initialize(new ECGenParameterSpec("secp384r1")); + KeyPair serverKeyPair = generator.generateKeyPair(); + + byte[] token = EncryptionUtils.generateRandomToken(); + SecretKey encryptionKey = EncryptionUtils.getSecretKey(serverKeyPair.getPrivate(), key, token); + session.getUpstream().enableEncryption(encryptionKey); + + ServerToClientHandshakePacket packet = new ServerToClientHandshakePacket(); + packet.setJwt(EncryptionUtils.createHandshakeJwt(serverKeyPair, token).serialize()); + session.getUpstream().sendPacketImmediately(packet); + } + + private static int AUTH_FORM_ID = 1337; + + public static void showLoginWindow(GeyserSession session) { + CustomFormWindow window = new CustomFormBuilder("Login") + .addComponent(new LabelComponent("Minecraft: Java Edition account authentication.")) + .addComponent(new LabelComponent("Enter the credentials for your Minecraft: Java Edition account below.")) + .addComponent(new InputComponent("Email/Username", "account@geysermc.org", "")) + .addComponent(new InputComponent("Password", "123456", "")) + .build(); + + session.sendForm(window, AUTH_FORM_ID); + } + + public static boolean authenticateFromForm(GeyserSession session, GeyserConnector connector, String formData) { + WindowCache windowCache = session.getWindowCache(); + if (!windowCache.getWindows().containsKey(AUTH_FORM_ID)) + return false; + + FormWindow window = windowCache.getWindows().remove(AUTH_FORM_ID); + window.setResponse(formData.trim()); + + if (session.isLoggedIn()) { + PlayerFormResponseEvent event = new PlayerFormResponseEvent(session, AUTH_FORM_ID, window); + connector.getPluginManager().runEvent(event); + } else { + if (window instanceof CustomFormWindow) { + CustomFormWindow customFormWindow = (CustomFormWindow) window; + if (!customFormWindow.getTitle().equals("Login")) + return false; + + CustomFormResponse response = (CustomFormResponse) customFormWindow.getResponse(); + + if (response != null) { + String email = response.getInputResponses().get(2); + String password = response.getInputResponses().get(3); + + session.authenticate(email, password); + } + + // TODO should we clear the window cache in all cases or just if not already logged in? + // Clear windows so authentication data isn't accidentally cached + windowCache.getWindows().clear(); + } + } + return true; + } + } diff --git a/connector/src/main/resources/config.yml b/connector/src/main/resources/config.yml index 885e5cf7..72ddf186 100644 --- a/connector/src/main/resources/config.yml +++ b/connector/src/main/resources/config.yml @@ -21,6 +21,19 @@ remote: port: 25565 online-mode: false +## the Xbox/MCPE username is the key for the Java server auth-info +## this allows automatic configuration/login to the remote Java server +## if you are brave/stupid enough to put your Mojang account info into +## a config file +#userAuths: +# bluerkelp2: # MCPE/Xbox username +# email: not_really_my_email_address_mr_minecrafter53267@gmail.com # Mojang account email address +# password: "this isn't really my password" +# +# herpderp40300499303040503030300500293858393589: +# email: herpderp@derpherp.com +# password: dooooo + # Relay the MOTD, player count and max players from the remote server ping-passthrough: false