MirrorHub/authlib-injector
0
0
Fork 1
mirror of https://github.com/yushijinhun/authlib-injector.git synced 2024-06-02 16:48:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #162 from yushijinhun/develop

Browse source 
Release v1.1.45
This commit is contained in:
Haowei Wen 2022-06-07 02:00:58 +08:00 committed by GitHub
parent ddd5081660 dbfcbf5b8c
commit 302d4972c5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 131 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
build.gradle
View file

@ -1,6 +1,6 @@
plugins {
id 'com.github.johnrengelman.shadow' version '7.0.0'
id 'com.palantir.git-version' version '0.12.3'
id 'com.github.johnrengelman.shadow' version '7.1.2'
id 'com.palantir.git-version' version '0.13.0'
id 'java'
}
@ -9,8 +9,8 @@ repositories {
}
dependencies {
implementation 'org.ow2.asm:asm:9.2'
testImplementation 'junit:junit:4.13.2'
implementation 'org.ow2.asm:asm:9.3'
testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2'
}
sourceCompatibility = 8
@ -46,6 +46,10 @@ processResources {
}
}
test {
useJUnitPlatform()
}
shadowJar {
classifier = null

3
src/main/java/moe/yushi/authlibinjector/transform/ClassTransformer.java
View file

@ -241,13 +241,14 @@ public class ClassTransformer implements ClassFileTransformer {
TransformHandle handle = new TransformHandle(loader, className, classfileBuffer);
TransformUnit[] unitsArray = units.toArray(new TransformUnit[0]);
handle.accept(unitsArray);
listeners.forEach(it -> it.onClassLoading(loader, className, handle.getFinalResult(), handle.getAppliedTransformers()));
Optional<byte[]> transformResult = handle.finish();
if (Config.printUntransformedClass && !transformResult.isPresent()) {
log(DEBUG, "No transformation is applied to [" + className + "]");
}
listeners.forEach(it -> it.onClassLoading(loader, className, handle.getFinalResult(), handle.getAppliedTransformers()));
long t2 = System.nanoTime();
synchronized (performanceMetrics) {

66
src/main/java/moe/yushi/authlibinjector/transform/support/YggdrasilKeyTransformUnit.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2021 Haowei Wen <yushijinhun@gmail.com> and contributors
* Copyright (C) 2022 Haowei Wen <yushijinhun@gmail.com> and contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
@ -16,11 +16,18 @@
*/
package moe.yushi.authlibinjector.transform.support;
import static moe.yushi.authlibinjector.util.Logging.Level.DEBUG;
import static org.objectweb.asm.Opcodes.ALOAD;
import static org.objectweb.asm.Opcodes.ASM9;
import static org.objectweb.asm.Opcodes.H_INVOKEVIRTUAL;
import static org.objectweb.asm.Opcodes.INVOKEVIRTUAL;
import static org.objectweb.asm.Opcodes.IRETURN;
import java.lang.invoke.MethodHandle;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Base64;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.CopyOnWriteArrayList;
@ -31,6 +38,8 @@ import moe.yushi.authlibinjector.transform.CallbackMethod;
import moe.yushi.authlibinjector.transform.CallbackSupport;
import moe.yushi.authlibinjector.transform.TransformContext;
import moe.yushi.authlibinjector.transform.TransformUnit;
import moe.yushi.authlibinjector.util.Logging;
import moe.yushi.authlibinjector.util.Logging.Level;
public class YggdrasilKeyTransformUnit implements TransformUnit {
@ -49,6 +58,35 @@ public class YggdrasilKeyTransformUnit implements TransformUnit {
return false;
}
@CallbackMethod
public static boolean verifyPropertySignatureNew(Signature mojangSignatureObj, String propertyValue, String base64Signature) {
byte[] sig = Base64.getDecoder().decode(base64Signature);
byte[] data = propertyValue.getBytes();
try {
mojangSignatureObj.update(data);
if (mojangSignatureObj.verify(sig))
return true;
} catch (SignatureException e) {
Logging.log(DEBUG, "Failed to verify signature with Mojang's key", e);
}
for (PublicKey customKey : PUBLIC_KEYS) {
try {
Signature signature = Signature.getInstance("SHA1withRSA");
signature.initVerify(customKey);
signature.update(data);
if (signature.verify(sig))
return true;
} catch (GeneralSecurityException e) {
Logging.log(DEBUG, "Failed to verify signature with custom key " + customKey, e);
}
}
Logging.log(Level.WARNING, "Failed to verify property signature");
return false;
}
@Override
public Optional<ClassVisitor> transform(ClassLoader classLoader, String className, ClassVisitor writer, TransformContext ctx) {
if ("com.mojang.authlib.yggdrasil.YggdrasilMinecraftSessionService".equals(className)) {
@ -73,6 +111,32 @@ public class YggdrasilKeyTransformUnit implements TransformUnit {
}
});
} else if ("com.mojang.authlib.yggdrasil.YggdrasilServicesKeyInfo".equals(className)) {
return Optional.of(new ClassVisitor(ASM9, writer) {
@Override
public MethodVisitor visitMethod(int access, String name, String desc, String signature, String[] exceptions) {
if ("validateProperty".equals(name) && "(Lcom/mojang/authlib/properties/Property;)Z".equals(desc)) {
ctx.markModified();
MethodVisitor mv = super.visitMethod(access, name, desc, signature, exceptions);
mv.visitCode();
mv.visitVarInsn(ALOAD, 0);
mv.visitMethodInsn(INVOKEVIRTUAL, "com/mojang/authlib/yggdrasil/YggdrasilServicesKeyInfo", "signature", "()Ljava/security/Signature;", false);
mv.visitVarInsn(ALOAD, 1);
mv.visitMethodInsn(INVOKEVIRTUAL, "com/mojang/authlib/properties/Property", "getValue", "()Ljava/lang/String;", false);
mv.visitVarInsn(ALOAD, 1);
mv.visitMethodInsn(INVOKEVIRTUAL, "com/mojang/authlib/properties/Property", "getSignature", "()Ljava/lang/String;", false);
CallbackSupport.invoke(ctx, mv, YggdrasilKeyTransformUnit.class, "verifyPropertySignatureNew");
mv.visitInsn(IRETURN);
mv.visitMaxs(-1, -1);
mv.visitEnd();
return null;
} else {
return super.visitMethod(access, name, desc, signature, exceptions);
}
}
});
} else {
return Optional.empty();
}

59
src/test/java/moe/yushi/authlibinjector/internal/fi/iki/elonen/ChunkedInputStreamTest.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2019 Haowei Wen <yushijinhun@gmail.com> and contributors
* Copyright (C) 2022 Haowei Wen <yushijinhun@gmail.com> and contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
@ -18,15 +18,14 @@ package moe.yushi.authlibinjector.internal.fi.iki.elonen;
import static java.nio.charset.StandardCharsets.US_ASCII;
import static moe.yushi.authlibinjector.util.IOUtils.asBytes;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import org.junit.Test;
import org.junit.jupiter.api.Test;
@SuppressWarnings("resource")
public class ChunkedInputStreamTest {
@ -76,99 +75,99 @@ public class ChunkedInputStreamTest {
assertEquals(underlying.read(), -1);
}
@Test(expected = EOFException.class)
@Test
public void testReadEOF1() throws IOException {
byte[] data = ("a").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(EOFException.class, () -> asBytes(in));
}
@Test(expected = EOFException.class)
@Test
public void testReadEOF2() throws IOException {
byte[] data = ("a\r").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(EOFException.class, () -> asBytes(in));
}
@Test(expected = EOFException.class)
@Test
public void testReadEOF3() throws IOException {
byte[] data = ("a\r\n").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(EOFException.class, () -> asBytes(in));
}
@Test(expected = EOFException.class)
@Test
public void testReadEOF4() throws IOException {
byte[] data = ("a\r\nabc").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(EOFException.class, () -> asBytes(in));
}
@Test(expected = EOFException.class)
@Test
public void testReadEOF5() throws IOException {
byte[] data = ("a\r\n123456789a\r").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(EOFException.class, () -> asBytes(in));
}
@Test(expected = EOFException.class)
@Test
public void testReadEOF6() throws IOException {
byte[] data = ("a\r\n123456789a\r\n").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(EOFException.class, () -> asBytes(in));
}
@Test(expected = EOFException.class)
@Test
public void testReadEOF7() throws IOException {
byte[] data = ("a\r\n123456789a\r\n0\r\n\r").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(EOFException.class, () -> asBytes(in));
}
@Test(expected = IOException.class)
@Test
public void testBadIn1() throws IOException {
byte[] data = ("-1").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(IOException.class, () -> asBytes(in));
}
@Test(expected = IOException.class)
@Test
public void testBadIn2() throws IOException {
byte[] data = ("a\ra").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(IOException.class, () -> asBytes(in));
}
@Test(expected = IOException.class)
@Test
public void testBadIn3() throws IOException {
byte[] data = ("a\r\n123456789aa").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(IOException.class, () -> asBytes(in));
}
@Test(expected = IOException.class)
@Test
public void testBadIn4() throws IOException {
byte[] data = ("a\r\n123456789a\ra").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(IOException.class, () -> asBytes(in));
}
@Test(expected = IOException.class)
@Test
public void testBadIn5() throws IOException {
byte[] data = ("a\r\n123456789a\r\n0\r\n\r-").getBytes(US_ASCII);
ByteArrayInputStream underlying = new ByteArrayInputStream(data);
InputStream in = new ChunkedInputStream(underlying);
asBytes(in);
assertThrows(IOException.class, () -> asBytes(in));
}
}

15
src/test/java/moe/yushi/authlibinjector/internal/fi/iki/elonen/FixedLengthInputStreamTest.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2019 Haowei Wen <yushijinhun@gmail.com> and contributors
* Copyright (C) 2022 Haowei Wen <yushijinhun@gmail.com> and contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
@ -17,16 +17,15 @@
package moe.yushi.authlibinjector.internal.fi.iki.elonen;
import static moe.yushi.authlibinjector.util.IOUtils.asBytes;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import org.junit.Test;
import org.junit.jupiter.api.Test;
@SuppressWarnings("resource")
public class FixedLengthInputStreamTest {
@ -58,10 +57,10 @@ public class FixedLengthInputStreamTest {
assertEquals(underlying.read(), 0x11);
}
@Test(expected = EOFException.class)
@Test
public void testReadEOF() throws IOException {
byte[] data = new byte[] { 0x11, 0x22, 0x33, 0x44, 0x55 };
InputStream in = new FixedLengthInputStream(new ByteArrayInputStream(data), 6);
asBytes(in);
assertThrows(EOFException.class, () -> asBytes(in));
}
}

6
src/test/java/moe/yushi/authlibinjector/test/DefaultURLRedirectorTest.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2020 Haowei Wen <yushijinhun@gmail.com> and contributors
* Copyright (C) 2022 Haowei Wen <yushijinhun@gmail.com> and contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
@ -18,9 +18,9 @@ package moe.yushi.authlibinjector.test;
import static java.util.Collections.emptyList;
import static java.util.Collections.emptyMap;
import static org.junit.Assert.assertEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.util.Optional;
import org.junit.Test;
import org.junit.jupiter.api.Test;
import moe.yushi.authlibinjector.APIMetadata;
import moe.yushi.authlibinjector.httpd.DefaultURLRedirector;

17
src/test/java/moe/yushi/authlibinjector/test/KeyUtilsTest.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2019 Haowei Wen <yushijinhun@gmail.com> and contributors
* Copyright (C) 2022 Haowei Wen <yushijinhun@gmail.com> and contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
@ -17,8 +17,9 @@
package moe.yushi.authlibinjector.test;
import static moe.yushi.authlibinjector.util.KeyUtils.decodePEMPublicKey;
import static org.junit.Assert.assertArrayEquals;
import org.junit.Test;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import org.junit.jupiter.api.Test;
public class KeyUtilsTest {
@ -34,14 +35,16 @@ public class KeyUtilsTest {
decodePEMPublicKey("-----BEGIN PUBLIC KEY-----\nf\n39/fw==\n-----END PUBLIC KEY-----\n"));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testDecodePublicKey3() {
decodePEMPublicKey("-----BEGIN PUBLIC KEY----- f39/fw== -----END PUBLIC KEY-----");
assertThrows(IllegalArgumentException.class,
() -> decodePEMPublicKey("-----BEGIN PUBLIC KEY----- f39/fw== -----END PUBLIC KEY-----"));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testDecodePublicKey4() {
decodePEMPublicKey("-----BEGIN PUBLIC KEY-----f39/fw==-----END NOT A PUBLIC KEY-----");
assertThrows(IllegalArgumentException.class,
() -> decodePEMPublicKey("-----BEGIN PUBLIC KEY-----f39/fw==-----END NOT A PUBLIC KEY-----"));
}
}

8
src/test/java/moe/yushi/authlibinjector/test/SkinWhitelistTest.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2020 Haowei Wen <yushijinhun@gmail.com> and contributors
* Copyright (C) 2022 Haowei Wen <yushijinhun@gmail.com> and contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
@ -17,9 +17,9 @@
package moe.yushi.authlibinjector.test;
import static moe.yushi.authlibinjector.transform.support.SkinWhitelistTransformUnit.domainMatches;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
import org.junit.jupiter.api.Test;
public class SkinWhitelistTest {

8
src/test/java/moe/yushi/authlibinjector/test/VersionSeriesDetectTest.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2019 Haowei Wen <yushijinhun@gmail.com> and contributors
* Copyright (C) 2022 Haowei Wen <yushijinhun@gmail.com> and contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
@ -17,11 +17,9 @@
package moe.yushi.authlibinjector.test;
import static moe.yushi.authlibinjector.transform.support.MainArgumentsTransformer.inferVersionSeries;
import static org.junit.Assert.assertEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.util.Optional;
import org.junit.Test;
import org.junit.jupiter.api.Test;
public class VersionSeriesDetectTest {