Kick player with invalid chain data for additional security

The client should disallow players to join servers if they're not logged in, however this just adds a second layer of security in the event that it's somehow bypassed.
This commit is contained in:
RednedEpic 2020-08-12 10:42:02 -05:00
parent e02495ca7f
commit e2a9566926

View file

@ -105,6 +105,10 @@ public class LoginEncryptionUtils {
connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
if (!validChain) {
session.disconnect(LanguageUtils.getLocaleStringLog("geyser.auth.login.form.notice.desc"));
return;
}
JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes());