36 private const TLS_KEY_ON_COMPLETION =
"completion";
43 public const LEGACY_MOJANG_ROOT_PUBLIC_KEY =
"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAECRXueJeTDqNRRgJi/vlRufByu/2G0i2Ebt6YMar5QX/R0DIIyrJMcUpruK4QveTfJSTp3Shlq4Gk34cD/4GUWwkv0DVuzeuB+tXija7HBxii03NHDbPAD0AKnLr2wdAp";
45 private string $chain;
56 private bool $authenticated =
false;
57 private ?
string $clientPublicKeyDer =
null;
65 private string $clientDataJwt,
66 private ?
string $rootAuthKeyDer,
67 private bool $authRequired,
68 \Closure $onCompletion
70 $this->
storeLocal(self::TLS_KEY_ON_COMPLETION, $onCompletion);
71 $this->chain = igbinary_serialize($chainJwts) ??
throw new AssumptionFailedError(
"This should never fail");
76 $this->clientPublicKeyDer = $this->validateChain();
77 AuthJwtHelper::validateSelfSignedToken($this->clientDataJwt, $this->clientPublicKeyDer);
80 $disconnectMessage = $e->getDisconnectMessage();
85 private function validateChain() : string{
87 $chain = igbinary_unserialize($this->chain);
89 $identityPublicKeyDer =
null;
91 foreach($chain as $jwt){
92 $claims = AuthJwtHelper::validateLegacyAuthToken($jwt, $identityPublicKeyDer);
93 if($this->rootAuthKeyDer !==
null && $identityPublicKeyDer === $this->rootAuthKeyDer){
94 $this->authenticated =
true;
96 if(!isset($claims->identityPublicKey)){
97 throw new VerifyLoginException(
"Missing identityPublicKey in chain link", KnownTranslationFactory::pocketmine_disconnect_invalidSession_missingKey());
99 $identityPublicKey = base64_decode($claims->identityPublicKey,
true);
100 if($identityPublicKey ===
false){
101 throw new VerifyLoginException(
"Invalid identityPublicKey: base64 error decoding");
103 $identityPublicKeyDer = $identityPublicKey;
106 if($identityPublicKeyDer ===
null){
107 throw new VerifyLoginException(
"No authentication chain links provided");
110 return $identityPublicKeyDer;
118 $callback = $this->fetchLocal(self::TLS_KEY_ON_COMPLETION);
119 $callback($this->authenticated, $this->authRequired, $this->error instanceof
NonThreadSafeValue ? $this->error->
deserialize() : $this->error, $this->clientPublicKeyDer);