PocketMine-MP 5.35.1 git-e32e836dad793a3a3c8ddd8927c00e112b1e576a
Loading...
Searching...
No Matches
LoginPacketHandler.php
1<?php
2
3/*
4 *
5 * ____ _ _ __ __ _ __ __ ____
6 * | _ \ ___ ___| | _____| |_| \/ (_)_ __ ___ | \/ | _ \
7 * | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
8 * | __/ (_) | (__| < __/ |_| | | | | | | | __/_____| | | | __/
9 * |_| \___/ \___|_|\_\___|\__|_| |_|_|_| |_|\___| |_| |_|_|
10 *
11 * This program is free software: you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser General Public License as published by
13 * the Free Software Foundation, either version 3 of the License, or
14 * (at your option) any later version.
15 *
16 * @author PocketMine Team
17 * @link http://www.pocketmine.net/
18 *
19 *
20 */
21
22declare(strict_types=1);
23
24namespace pocketmine\network\mcpe\handler;
25
37use pocketmine\network\mcpe\protocol\types\login\AuthenticationType;
49use Ramsey\Uuid\Uuid;
50use Ramsey\Uuid\UuidInterface;
51use function chr;
52use function count;
53use function gettype;
54use function is_array;
55use function is_object;
56use function json_decode;
57use function md5;
58use function ord;
59use function var_export;
60use const JSON_THROW_ON_ERROR;
61
70 public function __construct(
71 private Server $server,
72 private NetworkSession $session,
73 private \Closure $playerInfoConsumer,
74 private \Closure $authCallback
75 ){}
76
77 private static function calculateUuidFromXuid(string $xuid) : UuidInterface{
78 $hash = md5("pocket-auth-1-xuid:" . $xuid, binary: true);
79 $hash[6] = chr((ord($hash[6]) & 0x0f) | 0x30); // set version to 3
80 $hash[8] = chr((ord($hash[8]) & 0x3f) | 0x80); // set variant to RFC 4122
81
82 return Uuid::fromBytes($hash);
83 }
84
85 public function handleLogin(LoginPacket $packet) : bool{
86 $authInfo = $this->parseAuthInfo($packet->authInfoJson);
87
88 if($authInfo->AuthenticationType === AuthenticationType::FULL->value){
89 try{
90 [$headerArray, $claimsArray,] = JwtUtils::parse($authInfo->Token);
91 }catch(JwtException $e){
92 throw PacketHandlingException::wrap($e, "Error parsing authentication token");
93 }
94 $header = $this->mapXboxTokenHeader($headerArray);
95 $claims = $this->mapXboxTokenBody($claimsArray);
96
97 $legacyUuid = self::calculateUuidFromXuid($claims->xid);
98 $username = $claims->xname;
99 $xuid = $claims->xid;
100
101 $authRequired = $this->processLoginCommon($packet, $username, $legacyUuid, $xuid);
102 if($authRequired === null){
103 //plugin cancelled
104 return true;
105 }
106 $this->processOpenIdLogin($authInfo->Token, $header->kid, $packet->clientDataJwt, $authRequired);
107
108 }elseif($authInfo->AuthenticationType === AuthenticationType::SELF_SIGNED->value){
109 try{
110 $chainData = json_decode($authInfo->Certificate, flags: JSON_THROW_ON_ERROR);
111 }catch(\JsonException $e){
112 throw PacketHandlingException::wrap($e, "Error parsing self-signed certificate chain");
113 }
114 if(!is_object($chainData)){
115 throw new PacketHandlingException("Unexpected type for self-signed certificate chain: " . gettype($chainData) . ", expected object");
116 }
117 try{
118 $chain = $this->defaultJsonMapper("Self-signed auth chain JSON")->map($chainData, new LegacyAuthChain());
119 }catch(\JsonMapper_Exception $e){
120 throw PacketHandlingException::wrap($e, "Error mapping self-signed certificate chain");
121 }
122 if(count($chain->chain) > 1 || !isset($chain->chain[0])){
123 throw new PacketHandlingException("Expected exactly one certificate in self-signed certificate chain, got " . count($chain->chain));
124 }
125
126 try{
127 [, $claimsArray, ] = JwtUtils::parse($chain->chain[0]);
128 }catch(JwtException $e){
129 throw PacketHandlingException::wrap($e, "Error parsing self-signed certificate");
130 }
131 if(!isset($claimsArray["extraData"]) || !is_array($claimsArray["extraData"])){
132 throw new PacketHandlingException("Expected \"extraData\" to be present in self-signed certificate");
133 }
134
135 try{
136 $claims = $this->defaultJsonMapper("Self-signed auth JWT 'extraData'")->map($claimsArray["extraData"], new LegacyAuthIdentityData());
137 }catch(\JsonMapper_Exception $e){
138 throw PacketHandlingException::wrap($e, "Error mapping self-signed certificate extraData");
139 }
140
141 if(!Uuid::isValid($claims->identity)){
142 throw new PacketHandlingException("Invalid UUID string in self-signed certificate: " . $claims->identity);
143 }
144 $legacyUuid = Uuid::fromString($claims->identity);
145 $username = $claims->displayName;
146 $xuid = "";
147
148 $authRequired = $this->processLoginCommon($packet, $username, $legacyUuid, $xuid);
149 if($authRequired === null){
150 //plugin cancelled
151 return true;
152 }
153 $this->processSelfSignedLogin($chain->chain, $packet->clientDataJwt, $authRequired);
154 }else{
155 throw new PacketHandlingException("Unsupported authentication type: $authInfo->AuthenticationType");
156 }
157
158 return true;
159 }
160
161 private function processLoginCommon(LoginPacket $packet, string $username, UuidInterface $legacyUuid, string $xuid) : ?bool{
162 if(!Player::isValidUserName($username)){
163 $this->session->disconnectWithError(KnownTranslationFactory::disconnectionScreen_invalidName());
164
165 return null;
166 }
167
168 $clientData = $this->parseClientData($packet->clientDataJwt);
169
170 try{
171 $skin = $this->session->getTypeConverter()->getSkinAdapter()->fromSkinData(ClientDataToSkinDataHelper::fromClientData($clientData));
172 }catch(\InvalidArgumentException | InvalidSkinException $e){
173 $this->session->disconnectWithError(
174 reason: "Invalid skin: " . $e->getMessage(),
175 disconnectScreenMessage: KnownTranslationFactory::disconnectionScreen_invalidSkin()
176 );
177
178 return null;
179 }
180
181 if($xuid !== ""){
182 $playerInfo = new XboxLivePlayerInfo(
183 $xuid,
184 $username,
185 $legacyUuid,
186 $skin,
187 $clientData->LanguageCode,
188 (array) $clientData
189 );
190 }else{
191 $playerInfo = new PlayerInfo(
192 $username,
193 $legacyUuid,
194 $skin,
195 $clientData->LanguageCode,
196 (array) $clientData
197 );
198 }
199 ($this->playerInfoConsumer)($playerInfo);
200
201 $ev = new PlayerPreLoginEvent(
202 $playerInfo,
203 $this->session->getIp(),
204 $this->session->getPort(),
205 $this->server->requiresAuthentication()
206 );
207 if($this->server->getNetwork()->getValidConnectionCount() > $this->server->getMaxPlayers()){
208 $ev->setKickFlag(PlayerPreLoginEvent::KICK_FLAG_SERVER_FULL, KnownTranslationFactory::disconnectionScreen_serverFull());
209 }
210 if(!$this->server->isWhitelisted($playerInfo->getUsername())){
211 $ev->setKickFlag(PlayerPreLoginEvent::KICK_FLAG_SERVER_WHITELISTED, KnownTranslationFactory::pocketmine_disconnect_whitelisted());
212 }
213
214 $banMessage = null;
215 if(($banEntry = $this->server->getNameBans()->getEntry($playerInfo->getUsername())) !== null){
216 $banReason = $banEntry->getReason();
217 $banMessage = $banReason === "" ? KnownTranslationFactory::pocketmine_disconnect_ban_noReason() : KnownTranslationFactory::pocketmine_disconnect_ban($banReason);
218 }elseif(($banEntry = $this->server->getIPBans()->getEntry($this->session->getIp())) !== null){
219 $banReason = $banEntry->getReason();
220 $banMessage = KnownTranslationFactory::pocketmine_disconnect_ban($banReason !== "" ? $banReason : KnownTranslationFactory::pocketmine_disconnect_ban_ip());
221 }
222 if($banMessage !== null){
223 $ev->setKickFlag(PlayerPreLoginEvent::KICK_FLAG_BANNED, $banMessage);
224 }
225
226 $ev->call();
227 if(!$ev->isAllowed()){
228 $this->session->disconnect($ev->getFinalDisconnectReason(), $ev->getFinalDisconnectScreenMessage());
229 return null;
230 }
231
232 return $ev->isAuthRequired();
233 }
234
238 protected function parseAuthInfo(string $authInfo) : AuthenticationInfo{
239 try{
240 $authInfoJson = json_decode($authInfo, associative: false, flags: JSON_THROW_ON_ERROR);
241 }catch(\JsonException $e){
242 throw PacketHandlingException::wrap($e);
243 }
244 if(!is_object($authInfoJson)){
245 throw new PacketHandlingException("Unexpected type for auth info data: " . gettype($authInfoJson) . ", expected object");
246 }
247
248 $mapper = $this->defaultJsonMapper("Root authentication info JSON");
249 try{
250 $clientData = $mapper->map($authInfoJson, new AuthenticationInfo());
251 }catch(\JsonMapper_Exception $e){
252 throw PacketHandlingException::wrap($e);
253 }
254 return $clientData;
255 }
256
261 protected function mapXboxTokenHeader(array $headerArray) : XboxAuthJwtHeader{
262 $mapper = $this->defaultJsonMapper("OpenID JWT header");
263 try{
264 $header = $mapper->map($headerArray, new XboxAuthJwtHeader());
265 }catch(\JsonMapper_Exception $e){
266 throw PacketHandlingException::wrap($e);
267 }
268 return $header;
269 }
270
275 protected function mapXboxTokenBody(array $bodyArray) : XboxAuthJwtBody{
276 $mapper = $this->defaultJsonMapper("OpenID JWT body");
277 try{
278 $header = $mapper->map($bodyArray, new XboxAuthJwtBody());
279 }catch(\JsonMapper_Exception $e){
280 throw PacketHandlingException::wrap($e);
281 }
282 return $header;
283 }
284
288 protected function parseClientData(string $clientDataJwt) : ClientData{
289 try{
290 [, $clientDataClaims, ] = JwtUtils::parse($clientDataJwt);
291 }catch(JwtException $e){
292 throw PacketHandlingException::wrap($e);
293 }
294
295 $mapper = $this->defaultJsonMapper("ClientData JWT body");
296 try{
297 $clientData = $mapper->map($clientDataClaims, new ClientData());
298 }catch(\JsonMapper_Exception $e){
299 throw PacketHandlingException::wrap($e);
300 }
301 return $clientData;
302 }
303
310 protected function processOpenIdLogin(string $token, string $keyId, string $clientData, bool $authRequired) : void{
311 $this->session->setHandler(null); //drop packets received during login verification
312
313 $authKeyProvider = $this->server->getAuthKeyProvider();
314
315 $authKeyProvider->getKey($keyId)->onCompletion(
316 function(array $issuerAndKey) use ($token, $clientData, $authRequired) : void{
317 [$issuer, $mojangPublicKeyPem] = $issuerAndKey;
318 $this->server->getAsyncPool()->submitTask(new ProcessOpenIdLoginTask($token, $issuer, $mojangPublicKeyPem, $clientData, $authRequired, $this->authCallback));
319 },
320 fn() => ($this->authCallback)(false, $authRequired, "Unrecognized authentication key ID: $keyId", null)
321 );
322 }
323
327 protected function processSelfSignedLogin(array $legacyCertificate, string $clientDataJwt, bool $authRequired) : void{
328 $this->session->setHandler(null); //drop packets received during login verification
329
330 $this->server->getAsyncPool()->submitTask(new ProcessLegacyLoginTask($legacyCertificate, $clientDataJwt, rootAuthKeyDer: null, authRequired: $authRequired, onCompletion: $this->authCallback));
331 }
332
333 private function defaultJsonMapper(string $logContext) : \JsonMapper{
334 $mapper = new \JsonMapper();
335 $mapper->bExceptionOnMissingData = true;
336 $mapper->undefinedPropertyHandler = $this->warnUndefinedJsonPropertyHandler($logContext);
337 $mapper->bStrictObjectTypeChecking = true;
338 $mapper->bEnforceMapType = false;
339 return $mapper;
340 }
341
345 private function warnUndefinedJsonPropertyHandler(string $context) : \Closure{
346 return fn(object $object, string $name, mixed $value) => $this->session->getLogger()->warning(
347 "$context: Unexpected JSON property for " . (new \ReflectionClass($object))->getShortName() . ": " . $name . " = " . var_export($value, return: true)
348 );
349 }
350}
__construct(private Server $server, private NetworkSession $session, private \Closure $playerInfoConsumer, private \Closure $authCallback)
processOpenIdLogin(string $token, string $keyId, string $clientData, bool $authRequired)
processSelfSignedLogin(array $legacyCertificate, string $clientDataJwt, bool $authRequired)