PocketMine-MP 5.35.1 git-e32e836dad793a3a3c8ddd8927c00e112b1e576a
Loading...
Searching...
No Matches
ProcessOpenIdLoginTask.php
1<?php
2
3/*
4 *
5 * ____ _ _ __ __ _ __ __ ____
6 * | _ \ ___ ___| | _____| |_| \/ (_)_ __ ___ | \/ | _ \
7 * | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
8 * | __/ (_) | (__| < __/ |_| | | | | | | | __/_____| | | | __/
9 * |_| \___/ \___|_|\_\___|\__|_| |_|_|_| |_|\___| |_| |_|_|
10 *
11 * This program is free software: you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser General Public License as published by
13 * the Free Software Foundation, either version 3 of the License, or
14 * (at your option) any later version.
15 *
16 * @author PocketMine Team
17 * @link http://www.pocketmine.net/
18 *
19 *
20 */
21
22declare(strict_types=1);
23
24namespace pocketmine\network\mcpe\auth;
25
29use function base64_decode;
30
32 private const TLS_KEY_ON_COMPLETION = "completion";
33
34 public const MOJANG_AUDIENCE = "api://auth-minecraft-services/multiplayer";
35
43 private NonThreadSafeValue|string|null $error = "Unknown";
48 private bool $authenticated = false;
49 private ?string $clientPublicKeyDer = null;
50
54 public function __construct(
55 private string $jwt,
56 private string $issuer,
57 private string $mojangPublicKeyDer,
58 private string $clientDataJwt,
59 private bool $authRequired,
60 \Closure $onCompletion
61 ){
62 $this->storeLocal(self::TLS_KEY_ON_COMPLETION, $onCompletion);
63 }
64
65 public function onRun() : void{
66 try{
67 $this->clientPublicKeyDer = $this->validateChain();
68 $this->error = null;
69 }catch(VerifyLoginException $e){
70 $disconnectMessage = $e->getDisconnectMessage();
71 $this->error = $disconnectMessage instanceof Translatable ? new NonThreadSafeValue($disconnectMessage) : $disconnectMessage;
72 }
73 }
74
75 private function validateChain() : string{
76 $claims = AuthJwtHelper::validateOpenIdAuthToken($this->jwt, $this->mojangPublicKeyDer, issuer: $this->issuer, audience: self::MOJANG_AUDIENCE);
77 //validateToken will throw if the JWT is not valid
78 $this->authenticated = true;
79
80 $clientDerKey = base64_decode($claims->cpk, strict: true);
81 if($clientDerKey === false){
82 throw new VerifyLoginException("Invalid client public key: base64 error decoding");
83 }
84 //no further validation needed - OpenSSL will bail if the key is invalid
85 AuthJwtHelper::validateSelfSignedToken($this->clientDataJwt, $clientDerKey);
86
87 return $clientDerKey;
88 }
89
90 public function onCompletion() : void{
95 $callback = $this->fetchLocal(self::TLS_KEY_ON_COMPLETION);
96 $callback($this->authenticated, $this->authRequired, $this->error instanceof NonThreadSafeValue ? $this->error->deserialize() : $this->error, $this->clientPublicKeyDer);
97 }
98}
__construct(private string $jwt, private string $issuer, private string $mojangPublicKeyDer, private string $clientDataJwt, private bool $authRequired, \Closure $onCompletion)
storeLocal(string $key, mixed $complexData)