com.nukkitx.protocol.bedrock.util

Class EncryptionUtils

java.lang.Object

com.nukkitx.protocol.bedrock.util.EncryptionUtils

public class EncryptionUtils
extends Object

Constructor Summary

Constructors

Constructor and Description
EncryptionUtils()

Method Summary

Modifier and Type	Method and Description
static boolean	canUseEncryption() Check whether java supports the encryption required to authenticate sessions.
static com.nimbusds.jose.JWSObject	createHandshakeJwt(KeyPair serverKeyPair, byte[] token) Create handshake JWS used in the ServerToClientHandshakePacket which completes the encryption handshake.
static KeyPair	createKeyPair() Create EC key pair to be used for handshake and encryption
static ECPublicKey	generateKey(String b64) Generate EC public key from base 64 encoded string
static byte[]	generateRandomToken() Generate 16 bytes of random data for the handshake token using a SecureRandom
static ECPublicKey	getMojangPublicKey() Mojang's public key used to verify the JWT during login.
static SecretKey	getSecretKey(PrivateKey localPrivateKey, PublicKey remotePublicKey, byte[] token) Generate the secret key used to encrypt the connection
static void	signJwt(com.nimbusds.jose.JWSObject jws, ECPrivateKey key) Sign JWS object with a given private key.
static boolean	verifyChain(net.minidev.json.JSONArray chain) Verify the validity of the login chain data from the LoginPacket
static boolean	verifyJwt(com.nimbusds.jose.JWSObject jws, ECPublicKey key) Check whether a JWS object is valid for a given public key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EncryptionUtils

public EncryptionUtils()

Method Detail

generateKey

public static ECPublicKey generateKey(String b64)
                               throws NoSuchAlgorithmException,
                                      InvalidKeySpecException

Generate EC public key from base 64 encoded string

Parameters:

b64 - base 64 encoded key

Returns:

key generated

Throws:

NoSuchAlgorithmException - runtime does not support the EC key spec

InvalidKeySpecException - input does not conform with EC key spec

createKeyPair

public static KeyPair createKeyPair()

Create EC key pair to be used for handshake and encryption

Returns:

EC KeyPair

signJwt

public static void signJwt(com.nimbusds.jose.JWSObject jws,
                           ECPrivateKey key)
                    throws com.nimbusds.jose.JOSEException

Sign JWS object with a given private key.

Parameters:

jws - object to be signed

key - key to sign object with

Throws:

com.nimbusds.jose.JOSEException - invalid key provided

verifyJwt

public static boolean verifyJwt(com.nimbusds.jose.JWSObject jws,
                                ECPublicKey key)
                         throws com.nimbusds.jose.JOSEException

Check whether a JWS object is valid for a given public key.

Parameters:

jws - object to be verified

key - key to verify object with

Returns:

true if the JWS object is valid

Throws:

com.nimbusds.jose.JOSEException - invalid key provided

verifyChain

public static boolean verifyChain(net.minidev.json.JSONArray chain)
                           throws com.nimbusds.jose.JOSEException,
                                  ParseException,
                                  InvalidKeySpecException,
                                  NoSuchAlgorithmException

Verify the validity of the login chain data from the LoginPacket

Parameters:

chain - array of JWS objects

Returns:

chain validity

Throws:

com.nimbusds.jose.JOSEException - invalid JWS algorithm used

ParseException - invalid JWS object

InvalidKeySpecException - invalid EC key provided

NoSuchAlgorithmException - runtime does not support EC spec

getSecretKey

public static SecretKey getSecretKey(PrivateKey localPrivateKey,
                                     PublicKey remotePublicKey,
                                     byte[] token)
                              throws InvalidKeyException

Generate the secret key used to encrypt the connection

Parameters:

localPrivateKey - local private key

remotePublicKey - remote public key

token - token generated or received from the server

Returns:

secret key used to encrypt connection

Throws:

InvalidKeyException - keys provided are not EC spec

createHandshakeJwt

public static com.nimbusds.jose.JWSObject createHandshakeJwt(KeyPair serverKeyPair,
                                                             byte[] token)
                                                      throws com.nimbusds.jose.JOSEException

Create handshake JWS used in the ServerToClientHandshakePacket which completes the encryption handshake.

Parameters:

serverKeyPair - used to sign the JWT

token - salt for the encryption handshake

Returns:

signed JWS object

Throws:

com.nimbusds.jose.JOSEException - invalid key pair provided

generateRandomToken

public static byte[] generateRandomToken()

Generate 16 bytes of random data for the handshake token using a SecureRandom

Returns:

16 byte token

canUseEncryption

public static boolean canUseEncryption()

Check whether java supports the encryption required to authenticate sessions.

Returns:

can use encryption

getMojangPublicKey

public static ECPublicKey getMojangPublicKey()

Mojang's public key used to verify the JWT during login.

Returns:

Mojang's public EC key