forked from Limework/RediSkript
Highly improve encryption security
This commit is contained in:
parent
2e33fe4779
commit
2482e67bca
@ -7,6 +7,7 @@
|
|||||||
<element id="extracted-dir" path="$MAVEN_REPOSITORY$/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar" path-in-jar="/" />
|
<element id="extracted-dir" path="$MAVEN_REPOSITORY$/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar" path-in-jar="/" />
|
||||||
<element id="extracted-dir" path="$MAVEN_REPOSITORY$/org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar" path-in-jar="/" />
|
<element id="extracted-dir" path="$MAVEN_REPOSITORY$/org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar" path-in-jar="/" />
|
||||||
<element id="extracted-dir" path="$MAVEN_REPOSITORY$/org/json/json/20190722/json-20190722.jar" path-in-jar="/" />
|
<element id="extracted-dir" path="$MAVEN_REPOSITORY$/org/json/json/20190722/json-20190722.jar" path-in-jar="/" />
|
||||||
|
<element id="extracted-dir" path="$MAVEN_REPOSITORY$/org/cryptomator/siv-mode/1.4.0/siv-mode-1.4.0.jar" path-in-jar="/" />
|
||||||
<element id="directory" name="sourcecode">
|
<element id="directory" name="sourcecode">
|
||||||
<element id="module-source" name="SkLimework" />
|
<element id="module-source" name="SkLimework" />
|
||||||
</element>
|
</element>
|
||||||
|
7
.idea/dictionaries/Govindas.xml
Normal file
7
.idea/dictionaries/Govindas.xml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
<component name="ProjectDictionaryState">
|
||||||
|
<dictionary name="Govindas">
|
||||||
|
<words>
|
||||||
|
<w>jedis</w>
|
||||||
|
</words>
|
||||||
|
</dictionary>
|
||||||
|
</component>
|
@ -7,9 +7,16 @@
|
|||||||
</component>
|
</component>
|
||||||
<component name="ChangeListManager">
|
<component name="ChangeListManager">
|
||||||
<list default="true" id="61139119-6327-48a6-9183-0df6346ed8d8" name="Default Changelist" comment="">
|
<list default="true" id="61139119-6327-48a6-9183-0df6346ed8d8" name="Default Changelist" comment="">
|
||||||
|
<change afterPath="$PROJECT_DIR$/.idea/dictionaries/Govindas.xml" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/.idea/artifacts/SkLimework_jar.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/artifacts/SkLimework_jar.xml" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/SkLimework.jar" beforeDir="false" afterPath="$PROJECT_DIR$/SkLimework.jar" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/SkLimework.jar" beforeDir="false" afterPath="$PROJECT_DIR$/SkLimework.jar" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/pom.xml" beforeDir="false" afterPath="$PROJECT_DIR$/pom.xml" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/src/main/java/net/limework/skLimework/AddonPlugin.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/net/limework/skLimework/AddonPlugin.java" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/src/main/java/net/limework/skLimework/AddonPlugin.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/net/limework/skLimework/AddonPlugin.java" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/src/main/java/net/limework/skLimework/Events/RedisSub.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/net/limework/skLimework/Events/RedisSub.java" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/src/main/java/net/limework/skLimework/Events/onRedisMessage.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/net/limework/skLimework/Events/onRedisMessage.java" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/src/main/java/net/limework/skLimework/elements/EffSendMessage.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/net/limework/skLimework/elements/EffSendMessage.java" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/src/main/resources/config.yml" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/resources/config.yml" afterDir="false" />
|
||||||
</list>
|
</list>
|
||||||
<option name="SHOW_DIALOG" value="false" />
|
<option name="SHOW_DIALOG" value="false" />
|
||||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||||
@ -105,10 +112,22 @@
|
|||||||
</option>
|
</option>
|
||||||
</component>
|
</component>
|
||||||
<component name="WindowStateProjectService">
|
<component name="WindowStateProjectService">
|
||||||
<state x="163" y="0" key="SettingsEditor" timestamp="1590579862132">
|
<state x="488" y="73" key="#com.intellij.ide.util.MemberChooser" timestamp="1591617069198">
|
||||||
<screen x="0" y="0" width="1366" height="728" />
|
<screen x="0" y="0" width="1366" height="728" />
|
||||||
</state>
|
</state>
|
||||||
<state x="163" y="0" key="SettingsEditor/0.0.1366.728@0.0.1366.728" timestamp="1590579862132" />
|
<state x="488" y="73" key="#com.intellij.ide.util.MemberChooser/0.0.1366.728@0.0.1366.728" timestamp="1591617069198" />
|
||||||
|
<state x="413" y="118" key="#com.intellij.util.ui.classpath.ChooseLibrariesDialog" timestamp="1591616099905">
|
||||||
|
<screen x="0" y="0" width="1366" height="728" />
|
||||||
|
</state>
|
||||||
|
<state x="413" y="118" key="#com.intellij.util.ui.classpath.ChooseLibrariesDialog/0.0.1366.728@0.0.1366.728" timestamp="1591616099905" />
|
||||||
|
<state x="355" y="237" key="FileChooserDialogImpl" timestamp="1591616084452">
|
||||||
|
<screen x="0" y="0" width="1366" height="728" />
|
||||||
|
</state>
|
||||||
|
<state x="355" y="237" key="FileChooserDialogImpl/0.0.1366.728@0.0.1366.728" timestamp="1591616084452" />
|
||||||
|
<state x="163" y="0" key="SettingsEditor" timestamp="1591616503146">
|
||||||
|
<screen x="0" y="0" width="1366" height="728" />
|
||||||
|
</state>
|
||||||
|
<state x="163" y="0" key="SettingsEditor/0.0.1366.728@0.0.1366.728" timestamp="1591616503146" />
|
||||||
<state x="346" y="49" width="672" height="678" key="search.everywhere.popup" timestamp="1590580687500">
|
<state x="346" y="49" width="672" height="678" key="search.everywhere.popup" timestamp="1590580687500">
|
||||||
<screen x="0" y="0" width="1366" height="728" />
|
<screen x="0" y="0" width="1366" height="728" />
|
||||||
</state>
|
</state>
|
||||||
|
BIN
SkLimework.jar
BIN
SkLimework.jar
Binary file not shown.
5
pom.xml
5
pom.xml
@ -87,5 +87,10 @@
|
|||||||
<artifactId>json</artifactId>
|
<artifactId>json</artifactId>
|
||||||
<version>20190722</version>
|
<version>20190722</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.cryptomator</groupId>
|
||||||
|
<artifactId>siv-mode</artifactId>
|
||||||
|
<version>1.4.0</version>
|
||||||
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
</project>
|
</project>
|
@ -13,6 +13,8 @@ import net.limework.skLimework.elements.ExprMessage;
|
|||||||
import org.bukkit.Bukkit;
|
import org.bukkit.Bukkit;
|
||||||
import org.bukkit.configuration.file.FileConfiguration;
|
import org.bukkit.configuration.file.FileConfiguration;
|
||||||
import org.bukkit.plugin.java.JavaPlugin;
|
import org.bukkit.plugin.java.JavaPlugin;
|
||||||
|
import org.cryptomator.siv.SivMode;
|
||||||
|
import org.cryptomator.siv.UnauthenticCiphertextException;
|
||||||
import redis.clients.jedis.JedisPool;
|
import redis.clients.jedis.JedisPool;
|
||||||
import redis.clients.jedis.JedisPoolConfig;
|
import redis.clients.jedis.JedisPoolConfig;
|
||||||
|
|
||||||
@ -40,9 +42,10 @@ public class AddonPlugin extends JavaPlugin {
|
|||||||
private JedisPool jedisPool;
|
private JedisPool jedisPool;
|
||||||
private RedisSub redisSub;
|
private RedisSub redisSub;
|
||||||
private ExecutorService service;
|
private ExecutorService service;
|
||||||
private Cipher encryptionCipher;
|
|
||||||
private Cipher decryptionCipher;
|
|
||||||
private boolean encryptionEnabled;
|
private boolean encryptionEnabled;
|
||||||
|
private String encryptionKey;
|
||||||
|
private String macKey;
|
||||||
|
private final SivMode AES_SIV = new SivMode();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onEnable(){
|
public void onEnable(){
|
||||||
@ -52,47 +55,8 @@ public class AddonPlugin extends JavaPlugin {
|
|||||||
encryptionEnabled = config.getBoolean("Redis.EncryptMessages");
|
encryptionEnabled = config.getBoolean("Redis.EncryptMessages");
|
||||||
if (encryptionEnabled) {
|
if (encryptionEnabled) {
|
||||||
// AES-128 encryption
|
// AES-128 encryption
|
||||||
String configKey = config.getString("Redis.EncryptionKey");
|
encryptionKey = config.getString("Redis.EncryptionKey");
|
||||||
byte[] key = null;
|
macKey = config.getString("Redis.MacKey");
|
||||||
assert configKey != null;
|
|
||||||
key = configKey.getBytes(StandardCharsets.UTF_8);
|
|
||||||
MessageDigest sha = null;
|
|
||||||
try {
|
|
||||||
sha = MessageDigest.getInstance("SHA-1");
|
|
||||||
} catch (NoSuchAlgorithmException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
assert sha != null;
|
|
||||||
key = sha.digest(key);
|
|
||||||
key = Arrays.copyOf(key, 16);
|
|
||||||
SecretKeySpec encryptionKey = new SecretKeySpec(key, "AES");
|
|
||||||
|
|
||||||
encryptionCipher = null;
|
|
||||||
try {
|
|
||||||
encryptionCipher = Cipher.getInstance("AES/SIV/PKCS5Padding");
|
|
||||||
} catch (NoSuchAlgorithmException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
} catch (NoSuchPaddingException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
try {
|
|
||||||
encryptionCipher.init(Cipher.ENCRYPT_MODE, encryptionKey);
|
|
||||||
} catch (InvalidKeyException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
decryptionCipher = null;
|
|
||||||
try {
|
|
||||||
decryptionCipher = Cipher.getInstance("AES/SIV/PKCS5Padding");
|
|
||||||
} catch (NoSuchAlgorithmException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
} catch (NoSuchPaddingException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
try {
|
|
||||||
decryptionCipher.init(Cipher.DECRYPT_MODE, encryptionKey);
|
|
||||||
} catch (InvalidKeyException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
addon = Skript.registerAddon(this);
|
addon = Skript.registerAddon(this);
|
||||||
@ -157,23 +121,11 @@ public class AddonPlugin extends JavaPlugin {
|
|||||||
|
|
||||||
public boolean isEncryptionEnabled() { return encryptionEnabled; }
|
public boolean isEncryptionEnabled() { return encryptionEnabled; }
|
||||||
|
|
||||||
public String encrypt(String message) {
|
public String decrypt(byte[] message) throws UnauthenticCiphertextException, IllegalBlockSizeException {
|
||||||
String encrypted = null;
|
return new String(AES_SIV.decrypt(encryptionKey.getBytes(), macKey.getBytes(), message), StandardCharsets.UTF_8);
|
||||||
try {
|
|
||||||
encrypted = Base64.getEncoder().encodeToString(encryptionCipher.doFinal(message.getBytes(StandardCharsets.UTF_8)));
|
|
||||||
} catch (IllegalBlockSizeException | BadPaddingException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
return encrypted;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String decrypt(String message) {
|
public byte[] encrypt(String message) {
|
||||||
String decrypted = null;
|
return AES_SIV.encrypt(encryptionKey.getBytes(), macKey.getBytes(), message.getBytes());
|
||||||
try {
|
|
||||||
decrypted = new String(decryptionCipher.doFinal(Base64.getDecoder().decode(message)), StandardCharsets.UTF_8);
|
|
||||||
} catch (IllegalBlockSizeException | BadPaddingException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
return decrypted;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3,31 +3,35 @@ package net.limework.skLimework.Events;
|
|||||||
import net.limework.skLimework.AddonPlugin;
|
import net.limework.skLimework.AddonPlugin;
|
||||||
import org.bukkit.Bukkit;
|
import org.bukkit.Bukkit;
|
||||||
import org.bukkit.ChatColor;
|
import org.bukkit.ChatColor;
|
||||||
|
import org.cryptomator.siv.UnauthenticCiphertextException;
|
||||||
import org.json.JSONObject;
|
import org.json.JSONObject;
|
||||||
import redis.clients.jedis.Jedis;
|
import redis.clients.jedis.BinaryJedis;
|
||||||
import redis.clients.jedis.JedisPubSub;
|
import redis.clients.jedis.BinaryJedisPubSub;
|
||||||
import redis.clients.jedis.exceptions.JedisConnectionException;
|
import redis.clients.jedis.exceptions.JedisConnectionException;
|
||||||
|
|
||||||
|
import javax.crypto.IllegalBlockSizeException;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
|
||||||
public class RedisSub extends JedisPubSub implements Runnable{
|
public class RedisSub extends BinaryJedisPubSub implements Runnable{
|
||||||
|
|
||||||
private AddonPlugin plugin;
|
private AddonPlugin plugin;
|
||||||
private Jedis j;
|
private BinaryJedis j;
|
||||||
private String[] channels;
|
|
||||||
private Boolean isShuttingDown = false;
|
private Boolean isShuttingDown = false;
|
||||||
|
private List<String> channels;
|
||||||
|
|
||||||
public RedisSub(AddonPlugin plugin, Jedis j, List<String> channels) {
|
public RedisSub(AddonPlugin plugin, BinaryJedis j, List<String> channels) {
|
||||||
this.plugin = plugin;
|
this.plugin = plugin;
|
||||||
this.j = j;
|
this.j = j;
|
||||||
this.channels = channels.toArray(new String[0]);
|
this.channels = channels;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void run(){
|
public void run(){
|
||||||
try{
|
try{
|
||||||
this.j.subscribe(this, channels);
|
this.j.subscribe(this, channels.get(0).getBytes(), channels.get(1).getBytes(), channels.get(2).getBytes(), channels.get(3).getBytes(), channels.get(4).getBytes());
|
||||||
|
|
||||||
} catch (Exception je){
|
} catch (Exception je){
|
||||||
plugin.getLogger().warning("Lost connection to redis!");
|
plugin.getLogger().warning("Lost connection to redis!");
|
||||||
newJedis();
|
newJedis();
|
||||||
@ -56,11 +60,21 @@ public class RedisSub extends JedisPubSub implements Runnable{
|
|||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onMessage(String channel, String message) {
|
public void onMessage(byte[] channel, byte[] message) {
|
||||||
|
AddonPlugin plugin = (AddonPlugin) Bukkit.getPluginManager().getPlugin("SKLimework");
|
||||||
|
String channelString = new String(channel);
|
||||||
try {
|
try {
|
||||||
JSONObject json = new JSONObject(message);
|
String decrypted = null;
|
||||||
|
try {
|
||||||
|
assert plugin != null;
|
||||||
|
decrypted = plugin.decrypt(message);
|
||||||
|
} catch (UnauthenticCiphertextException | IllegalBlockSizeException e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
assert decrypted != null;
|
||||||
|
JSONObject j = new JSONObject(decrypted);
|
||||||
//System.out.println("Message got from channel: "+channel +" and the Message: " +json.toString());
|
//System.out.println("Message got from channel: "+channel +" and the Message: " +json.toString());
|
||||||
plugin.getServer().getPluginManager().callEvent(new onRedisMessage(channel, json.getString("Message")));
|
plugin.getServer().getPluginManager().callEvent(new onRedisMessage(channelString, j.getString("Message")));
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
Bukkit.getLogger().warning(ChatColor.translateAlternateColorCodes('&', "&2[&aGBot&a] &cI Got a Message that Was empty from channel "+ channel +" Please check your code that you used to send the message. ^ ignore the error."));
|
Bukkit.getLogger().warning(ChatColor.translateAlternateColorCodes('&', "&2[&aGBot&a] &cI Got a Message that Was empty from channel "+ channel +" Please check your code that you used to send the message. ^ ignore the error."));
|
||||||
|
@ -17,12 +17,8 @@ public class onRedisMessage extends Event {
|
|||||||
this.channelName = channelName;
|
this.channelName = channelName;
|
||||||
AddonPlugin instance = (AddonPlugin) Bukkit.getPluginManager().getPlugin("SKLimework");
|
AddonPlugin instance = (AddonPlugin) Bukkit.getPluginManager().getPlugin("SKLimework");
|
||||||
assert instance != null;
|
assert instance != null;
|
||||||
if (instance.isEncryptionEnabled()) {
|
|
||||||
this.message = instance.decrypt(message);
|
|
||||||
} else {
|
|
||||||
this.message = message;
|
this.message = message;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -11,9 +11,11 @@ import org.bukkit.Bukkit;
|
|||||||
import org.bukkit.ChatColor;
|
import org.bukkit.ChatColor;
|
||||||
import org.bukkit.event.Event;
|
import org.bukkit.event.Event;
|
||||||
import org.json.JSONObject;
|
import org.json.JSONObject;
|
||||||
import redis.clients.jedis.Jedis;
|
import redis.clients.jedis.BinaryJedis;
|
||||||
import redis.clients.jedis.exceptions.JedisConnectionException;
|
import redis.clients.jedis.exceptions.JedisConnectionException;
|
||||||
|
|
||||||
|
import java.nio.charset.StandardCharsets;
|
||||||
|
|
||||||
public class EffSendMessage extends Effect {
|
public class EffSendMessage extends Effect {
|
||||||
//"hi"
|
//"hi"
|
||||||
static {
|
static {
|
||||||
@ -36,18 +38,19 @@ public class EffSendMessage extends Effect {
|
|||||||
}
|
}
|
||||||
assert plugin != null;
|
assert plugin != null;
|
||||||
plugin.getJedisExecutionService().execute(() -> {
|
plugin.getJedisExecutionService().execute(() -> {
|
||||||
Jedis j = plugin.getJedisPool().getResource();
|
BinaryJedis j = plugin.getJedisPool().getResource();
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
try {
|
|
||||||
if (plugin.isEncryptionEnabled()) {
|
|
||||||
json.put("Message", plugin.encrypt(message));
|
|
||||||
} else {
|
|
||||||
json.put("Message", message);
|
json.put("Message", message);
|
||||||
}
|
|
||||||
json.put("Type", "Skript");
|
json.put("Type", "Skript");
|
||||||
j.publish(channel, json.toString());
|
json.put("Date", System.nanoTime()); //for unique string every time & PING calculations
|
||||||
|
byte[] msg;
|
||||||
|
if (plugin.isEncryptionEnabled()) {
|
||||||
|
msg = plugin.encrypt(json.toString());
|
||||||
|
} else {
|
||||||
|
msg = message.getBytes(StandardCharsets.UTF_8);
|
||||||
|
}
|
||||||
|
j.publish(channel.getBytes(), msg);
|
||||||
//System.out.println("SkriptSide sent MESSAGE: ["+ message + "] to channel: " + channel + " and json: \n" + json.toString());
|
//System.out.println("SkriptSide sent MESSAGE: ["+ message + "] to channel: " + channel + " and json: \n" + json.toString());
|
||||||
}catch (Exception e){e.printStackTrace();}
|
|
||||||
j.close();
|
j.close();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -9,6 +9,7 @@ Redis:
|
|||||||
#useful if SSL is disabled
|
#useful if SSL is disabled
|
||||||
EncryptMessages: false
|
EncryptMessages: false
|
||||||
EncryptionKey: "16CHARACTERS KEY"
|
EncryptionKey: "16CHARACTERS KEY"
|
||||||
|
MacKey: "16CHARACTERS KEY"
|
||||||
|
|
||||||
Channels:
|
Channels:
|
||||||
- "Channel1"
|
- "Channel1"
|
||||||
|
Loading…
Reference in New Issue
Block a user