118 lines
2.7 KiB
Go
118 lines
2.7 KiB
Go
package server
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
|
|
"github.com/Tnze/go-mc/net"
|
|
pk "github.com/Tnze/go-mc/net/packet"
|
|
)
|
|
|
|
var hasJoinedURL = func() *url.URL {
|
|
u, err := url.Parse("https://sessionserver.mojang.com/session/minecraft/hasJoined")
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return u
|
|
}()
|
|
|
|
func (s *Server) encryptionRequest(conn net.Conn) ([]byte, error) {
|
|
verify := make([]byte, 4)
|
|
_, _ = rand.Read(verify)
|
|
return verify, conn.WritePacket(pk.Marshal(0x01,
|
|
pk.String(""),
|
|
pk.ByteArray(s.publicKey),
|
|
pk.ByteArray(verify),
|
|
))
|
|
}
|
|
|
|
type profile struct {
|
|
ID string `json:"id"`
|
|
Name string `json:"name"`
|
|
IP string `json:"ip"`
|
|
}
|
|
|
|
func (p *profile) UUID() string {
|
|
return fmt.Sprintf("%s-%s-%s-%s-%s", p.ID[:8], p.ID[8:12], p.ID[12:16], p.ID[16:20], p.ID[20:32])
|
|
}
|
|
|
|
func (s *Server) encryptionResponse(conn net.Conn, username string, verify []byte) (*profile, []byte, error) {
|
|
var (
|
|
p pk.Packet
|
|
sharedSecret pk.ByteArray
|
|
verifyToken pk.ByteArray
|
|
)
|
|
|
|
err := conn.ReadPacket(&p)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("could not read packet: %w", err)
|
|
}
|
|
|
|
err = p.Scan(&sharedSecret, &verifyToken)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("could not scan packet: %w", err)
|
|
}
|
|
|
|
valid, err := s.verify(verifyToken, verify)
|
|
if err != nil || !valid {
|
|
return nil, nil, errors.New("could not verify token")
|
|
}
|
|
|
|
secret, err := rsa.DecryptPKCS1v15(rand.Reader, s.privateKey, sharedSecret)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("could not decrypt secret: %w", err)
|
|
}
|
|
|
|
serverID, err := digest(secret, s.publicKey)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("could not create digest: %w", err)
|
|
}
|
|
|
|
u := *hasJoinedURL
|
|
q := u.Query()
|
|
q.Set("username", username)
|
|
q.Set("serverId", serverID)
|
|
u.RawQuery = q.Encode()
|
|
|
|
res, err := http.Get(u.String())
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("could not join server API: %w", err)
|
|
}
|
|
defer res.Body.Close()
|
|
|
|
var player profile
|
|
if err := json.NewDecoder(res.Body).Decode(&player); err != nil {
|
|
return nil, nil, fmt.Errorf("could not decode profile: %w", err)
|
|
}
|
|
|
|
return &player, secret, nil
|
|
}
|
|
|
|
func (s *Server) verify(encryptedVerifyToken, actualVerifyToken []byte) (bool, error) {
|
|
decryptedVerifyToken, err := rsa.DecryptPKCS1v15(rand.Reader, s.privateKey, encryptedVerifyToken)
|
|
if err != nil {
|
|
return false, fmt.Errorf("error decrypting verify token: %v", err)
|
|
}
|
|
return bytes.Equal(decryptedVerifyToken, actualVerifyToken), nil
|
|
}
|
|
|
|
func encryptedConn(conn net.Conn, secret []byte) (io.Writer, error) {
|
|
block, err := aes.NewCipher(secret)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &cipher.StreamWriter{
|
|
S: newCFB8(block, secret, false),
|
|
W: conn,
|
|
}, nil
|
|
}
|