org.cloudburstmc.protocol.bedrock.util

Class EncryptionUtils

java.lang.Object

org.cloudburstmc.protocol.bedrock.util.EncryptionUtils

public final class EncryptionUtils
extends java.lang.Object

Method Summary

Modifier and Type	Method and Description
static javax.crypto.Cipher	createCipher(boolean gcm, boolean encrypt, javax.crypto.SecretKey key)
static com.nimbusds.jose.JWSObject	createHandshakeJwt(java.security.KeyPair serverKeyPair, byte[] token) Create handshake JWS used in the ServerToClientHandshakePacket which completes the encryption handshake.
static java.security.KeyPair	createKeyPair() Create EC key pair to be used for handshake and encryption
static java.security.interfaces.ECPublicKey	generateKey(java.lang.String b64) Generate EC public key from base 64 encoded string
static byte[]	generateRandomToken() Generate 16 bytes of random data for the handshake token using a SecureRandom
static java.security.interfaces.ECPublicKey	getMojangPublicKey() Mojang's public key used to verify the JWT during login.
static javax.crypto.SecretKey	getSecretKey(java.security.PrivateKey localPrivateKey, java.security.PublicKey remotePublicKey, byte[] token) Generate the secret key used to encrypt the connection
static void	signJwt(com.nimbusds.jose.JWSObject jws, java.security.interfaces.ECPrivateKey key) Sign JWS object with a given private key.
static boolean	verifyChain(java.util.List<com.nimbusds.jwt.SignedJWT> chain) Verify the validity of the login chain data from the LoginPacket
static boolean	verifyJwt(com.nimbusds.jose.JWSObject jws, java.security.interfaces.ECPublicKey key) Check whether a JWS object is valid for a given public key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

generateKey

public static java.security.interfaces.ECPublicKey generateKey(java.lang.String b64)
                                                        throws java.security.NoSuchAlgorithmException,
                                                               java.security.spec.InvalidKeySpecException

Generate EC public key from base 64 encoded string

Parameters:

b64 - base 64 encoded key

Returns:

key generated

Throws:

java.security.NoSuchAlgorithmException - runtime does not support the EC key spec

java.security.spec.InvalidKeySpecException - input does not conform with EC key spec

createKeyPair

public static java.security.KeyPair createKeyPair()

Create EC key pair to be used for handshake and encryption

Returns:

EC KeyPair

signJwt

public static void signJwt(com.nimbusds.jose.JWSObject jws,
                           java.security.interfaces.ECPrivateKey key)
                    throws com.nimbusds.jose.JOSEException

Sign JWS object with a given private key.

Parameters:

jws - object to be signed

key - key to sign object with

Throws:

com.nimbusds.jose.JOSEException - invalid key provided

verifyJwt

public static boolean verifyJwt(com.nimbusds.jose.JWSObject jws,
                                java.security.interfaces.ECPublicKey key)
                         throws com.nimbusds.jose.JOSEException

Check whether a JWS object is valid for a given public key.

Parameters:

jws - object to be verified

key - key to verify object with

Returns:

true if the JWS object is valid

Throws:

com.nimbusds.jose.JOSEException - invalid key provided

verifyChain

public static boolean verifyChain(java.util.List<com.nimbusds.jwt.SignedJWT> chain)
                           throws com.nimbusds.jose.JOSEException,
                                  java.security.spec.InvalidKeySpecException,
                                  java.security.NoSuchAlgorithmException

Verify the validity of the login chain data from the LoginPacket

Parameters:

chain - array of JWS objects

Returns:

chain validity

Throws:

com.nimbusds.jose.JOSEException - invalid JWS algorithm used

java.security.spec.InvalidKeySpecException - invalid EC key provided

java.security.NoSuchAlgorithmException - runtime does not support EC spec

getSecretKey

public static javax.crypto.SecretKey getSecretKey(java.security.PrivateKey localPrivateKey,
                                                  java.security.PublicKey remotePublicKey,
                                                  byte[] token)
                                           throws java.security.InvalidKeyException

Generate the secret key used to encrypt the connection

Parameters:

localPrivateKey - local private key

remotePublicKey - remote public key

token - token generated or received from the server

Returns:

secret key used to encrypt connection

Throws:

java.security.InvalidKeyException - keys provided are not EC spec

createHandshakeJwt

public static com.nimbusds.jose.JWSObject createHandshakeJwt(java.security.KeyPair serverKeyPair,
                                                             byte[] token)
                                                      throws com.nimbusds.jose.JOSEException

Create handshake JWS used in the ServerToClientHandshakePacket which completes the encryption handshake.

Parameters:

serverKeyPair - used to sign the JWT

token - salt for the encryption handshake

Returns:

signed JWS object

Throws:

com.nimbusds.jose.JOSEException - invalid key pair provided

generateRandomToken

public static byte[] generateRandomToken()

Generate 16 bytes of random data for the handshake token using a SecureRandom

Returns:

16 byte token

getMojangPublicKey

public static java.security.interfaces.ECPublicKey getMojangPublicKey()

Mojang's public key used to verify the JWT during login.

Returns:

Mojang's public EC key

createCipher

public static javax.crypto.Cipher createCipher(boolean gcm,
                                               boolean encrypt,
                                               javax.crypto.SecretKey key)