From e2a956692620dd09dc46afe9c0774bb26c4fc3ca Mon Sep 17 00:00:00 2001
From: RednedEpic <redned235@gmail.com>
Date: Wed, 12 Aug 2020 10:42:02 -0500
Subject: [PATCH] Kick player with invalid chain data for additional security

The client should disallow players to join servers if they're not logged in, however this just adds a second layer of security in the event that it's somehow bypassed.
---
 .../org/geysermc/connector/utils/LoginEncryptionUtils.java    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java b/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java
index 3d4dd506..8a13d054 100644
--- a/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java
+++ b/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java
@@ -105,6 +105,10 @@ public class LoginEncryptionUtils {
 
             connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
 
+            if (!validChain) {
+                session.disconnect(LanguageUtils.getLocaleStringLog("geyser.auth.login.form.notice.desc"));
+                return;
+            }
             JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
             JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes());