forked from GeyserMC/Geyser
Kick player with invalid chain data for additional security
The client should disallow players to join servers if they're not logged in, however this just adds a second layer of security in the event that it's somehow bypassed.
This commit is contained in:
parent
e02495ca7f
commit
e2a9566926
1 changed files with 4 additions and 0 deletions
|
@ -105,6 +105,10 @@ public class LoginEncryptionUtils {
|
||||||
|
|
||||||
connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
|
connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
|
||||||
|
|
||||||
|
if (!validChain) {
|
||||||
|
session.disconnect(LanguageUtils.getLocaleStringLog("geyser.auth.login.form.notice.desc"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
|
JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
|
||||||
JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes());
|
JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes());
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue