a bit of security

19/fast.sh

@@ -4,5 +4,3 @@ rm build/libs/Raspberr*.jar
 rm build/libs/Raspberry*ources.jar
 mv build/libs/Raspberr* build/libs/RaspberryJamMod.jar
 cp build/libs/RaspberryJamMod.jar $APPDATA/.minecraft/mods/1.9/
-cp build/libs/RaspberryJamMod.jar $APPDATA/.minecraft/mods/1.9.4/
-

19/src/main/java/mobi/omegacentauri/raspberryjammod/APIHandler.java

@@ -4,13 +4,17 @@
 
 import java.io.BufferedReader;
 import java.io.DataOutputStream;
+import java.io.File;
+import java.io.FileReader;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.PrintWriter;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.net.ServerSocket;
 import java.net.Socket;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -22,6 +26,8 @@
 
 import javax.swing.text.html.HTMLDocument.HTMLReader.IsindexAction;
 
+import com.sun.org.apache.xml.internal.security.utils.Base64;
+
 import net.minecraft.block.Block;
 import net.minecraft.block.state.IBlockState;
 import net.minecraft.client.Minecraft;
@@ -107,12 +113,60 @@ public class APIHandler {
 	protected boolean havePlayer;
 	protected int playerId;
 	protected EntityPlayerMP playerMP;
+	protected List<String> usernames = null;
+	protected List<String> passwords = null;
+	protected boolean authenticated;
+	public static final String PASSWORD_DATA = "passwords.dat";
+	private String salt = null;
+	private boolean authenticationSetup;
 
 	public APIHandler(MCEventHandler eventHandler, PrintWriter writer) throws IOException {
+		this(eventHandler, writer, true);
+	}
+
+	public APIHandler(MCEventHandler eventHandler, PrintWriter writer, Boolean needAuthentication) throws IOException {
 		this.eventHandler = eventHandler;
 		this.writer = writer;
 		this.havePlayer = false;
 		this.playerMP = null;
+
+		if (needAuthentication) {
+			File pass = new File(PASSWORD_DATA); 
+			if (pass.exists()) {
+				passwords = new ArrayList<String>();
+				usernames = new ArrayList<String>();
+				BufferedReader r = new BufferedReader(new FileReader(pass));
+				String l;
+				while (null != (l=r.readLine())) {
+					String[] data = l.trim().split("\\s+");
+					usernames.add(data[0]);
+					passwords.add(data[1]);
+				}
+				r.close();
+			}
+
+			if (passwords != null) {
+				authenticated = false;
+				salt = null;
+				try {
+					MessageDigest md = MessageDigest.getInstance("MD5");
+					md.reset();
+
+					byte[] b = ("RaspberryJamMod"+System.currentTimeMillis()).getBytes("UTF-8"); 
+
+					md.update(b);
+
+					salt = Base64.encode(md.digest());
+				} catch (Exception e) {
+				}
+			}
+			else {
+				authenticated = true;
+			}
+		}
+		else {
+			this.authenticated = true;
+		}
 	}
 
 	protected boolean setup() {
@@ -164,11 +218,52 @@ protected boolean setup() {
 		}
 		return true;
 	}
+
+	void handleAuthentication(String input) throws IOException {
+		if (salt == null)
+			throw new IOException("salt generation error");
+
+		if (input.startsWith("security.authenticate(")) {
+			input = input.substring(22).trim();
+			if (input.length()<2) 
+				throw new IOException("authentication error");
+			input = input.substring(0,input.length()-1);
+			int count = usernames.size();
+			for (int i = 0 ; i < count ; i++) {
+				String data = salt + ":" + usernames.get(i) + ":" + passwords.get(i);
+				MessageDigest md;
+				try {
+					md = MessageDigest.getInstance("MD5");
+				} catch (NoSuchAlgorithmException e) {
+					throw new IOException("md5 error");
+				}
+				md.reset();
+
+				byte[] b = data.getBytes("UTF-8"); 
+
+				md.update(b);
+
+				String dataDigest = Base64.encode(md.digest());
+
+				if (input.equals(dataDigest)) {
+					authenticated = true;
+					return;
+				}
+			}
+			throw new IOException("authentication error");
+		}
+		sendLine("challenge "+salt);
+	}
 
-	void process(String clientSentence) {
+	void process(String clientSentence) throws IOException {
+		if (!authenticated) {
+			handleAuthentication(clientSentence);
+			return;
+		}
+
 		if (!setup())
 			return;
-
+		
 		Scanner scan = null;
 
 		try {	

19/src/main/java/mobi/omegacentauri/raspberryjammod/APIHandlerClientOnly.java

@@ -19,7 +19,7 @@
 public class APIHandlerClientOnly extends APIHandler {
 
 	public APIHandlerClientOnly(MCEventHandler eventHandler, PrintWriter writer) throws IOException {
-		super(eventHandler, writer);
+		super(eventHandler, writer, false);
 	}
 
 	@Override

19/src/main/java/mobi/omegacentauri/raspberryjammod/ScriptExternalCommand.java

@@ -68,8 +68,8 @@ public List getTabCompletionOptions(MinecraftServer server, ICommandSender sende
 			return null;
 		}
 
-                if (args.length != 1)
-                     return null;
+	    if (args.length != 1)
+	         return null;
 
 		int arg = 0;
 

19/src/main/java/mobi/omegacentauri/raspberryjammod/WSServer.java

@@ -92,7 +92,12 @@ public void onClose( WebSocket conn, int code, String reason, boolean remote ) {
 	public void onMessage( WebSocket conn, String message ) {
 		APIHandler apiHandler = handlers.get(conn);
 		if (apiHandler != null) {
-			apiHandler.process(message);
+			try {
+				apiHandler.process(message);
+			}
+			catch (Exception e) {
+				conn.close();
+			}
 		}
 	}
 

194/.gradle/gradle.log

@@ -46,4 +46,4 @@ remapping source...
 
 BUILD SUCCESSFUL
 
-Total time: 48.431 secs
+Total time: 43.132 secs

go.sh

@@ -1,5 +1,5 @@
 (cd 19 && sh fast.sh)
-(cd 194 && ln -s  sh fast.sh)
+(cd 194 && sh fast.sh)
 ./zip.sh
 rm build/libs/*
 ./gradlew.bat build

python2-scripts/mcpipy/console.py

@@ -26,6 +26,8 @@ def inputLine(prompt):
                     return 'quit()'
                 elif c.message == ' ':
                     return ''
+                elif "__" in c.message:
+                    sys.exit();
                 else:
                     return c.message
         time.sleep(0.2)

python2-scripts/mcpipy/mcpi/connection.py

@@ -1,9 +1,12 @@
+
 import socket
 import select
 import sys
 import atexit
 import os
 import platform
+import base64
+from hashlib import md5
 from util import flatten_parameters_to_string
 
 """ @author: Aron Nieminen, Mojang AB"""
@@ -53,6 +56,13 @@ def close(self):
             self.socket.close()
         except:
             pass
+
+    def authenticate(self, username, password):
+        challenge = self.sendReceive("world.getBlock",0,0,0)
+        if challenge.startswith("challenge "):
+            salt = challenge[10:].rstrip()
+            auth = base64.b64encode(md5(salt+":"+username+":"+password).digest())
+            self.send("security.authenticate", auth)
 
     def drain(self):
         """Drains the socket of incoming data"""

python2-scripts/mcpipy/mcpi/minecraft.py

@@ -5,6 +5,7 @@
 import math
 from os import environ
 from util import flatten,floorFlatten
+import security
 
 """ Minecraft PI low level api v0.1_1
 
@@ -185,8 +186,12 @@ def __init__(self, connection=None, autoId=True):
         else:
             self.conn = Connection()
 
+        if security.AUTHENTICATION_USERNAME and security.AUTHENTICATION_PASSWORD:
+            self.conn.authenticate(security.AUTHENTICATION_USERNAME, security.AUTHENTICATION_PASSWORD)
+
         self.camera = CmdCamera(self.conn)
         self.entity = CmdEntity(self.conn)
+
         if autoId:
             try:
                  playerId = int(environ['MINECRAFT_PLAYER_ID'])
@@ -196,9 +201,16 @@ def __init__(self, connection=None, autoId=True):
                     playerId = self.getPlayerId(environ['MINECRAFT_PLAYER_NAME'])
                     self.player = CmdPlayer(self.conn,playerId=playerId)
                 except:
-                    self.player = CmdPlayer(self.conn)
+                    if security.AUTHENTICATION_USERNAME:
+                        try:
+                            playerId = self.getPlayerId(security.AUTHENTICATION_USERNAME)
+                        except:
+                            self.player = CmdPlayer(self.conn)
+                    else:
+                        self.player = CmdPlayer(self.conn)
         else:
             self.player = CmdPlayer(self.conn)
+
         self.events = CmdEvents(self.conn)
         self.enabledNBT = False
 

python2-scripts/mcpipy/turtleconsole.py

@@ -28,6 +28,8 @@ def inputLine(prompt):
                     return 'quit()'
                 elif c.message == ' ':
                     return ''
+                elif "__" in c.message:
+                    sys.exit();
                 else:
                     return c.message
         time.sleep(0.2)