Load multiple Mojang public keys from JSON file

As of 1.20, the game now loads profile property public keys and player
certificate public keys dynamically from
https://api.minecraftservices.com/publickeys. That route is currently
replying with more keys than just Mojang's original `ylB4B6m5` key, so
we should embed all of these into authlib-injector rather than just the
one.

This may not be a good solution long-term if the keys change, ideally
the keys could be fetched dynamically like the vanilla game does.

src/main/java/moe/yushi/authlibinjector/AuthlibInjector.java

@@ -298,6 +298,10 @@ private static ClassTransformer createTransformer(APIMetadata config) {
 		transformer.units.add(new YggdrasilKeyTransformUnit());
 		YggdrasilKeyTransformUnit.PLAYER_CERTIFICATE_PUBLIC_KEYS.addAll(config.getPlayerCertificateKeys());
 		YggdrasilKeyTransformUnit.PROFILE_PROPERTY_PUBLIC_KEYS.addAll(config.getProfilePropertyKeys());
+
+		log(INFO, "Loaded " + YggdrasilKeyTransformUnit.PLAYER_CERTIFICATE_PUBLIC_KEYS.size() + " player certificate public keys");
+		log(INFO, "Loaded " + YggdrasilKeyTransformUnit.PROFILE_PROPERTY_PUBLIC_KEYS.size() + " profile property public keys");
+
 		transformer.units.add(new VelocityProfileKeyTransformUnit());
 		transformer.units.add(new BungeeCordProfileKeyTransformUnit());
 		MainArgumentsTransformer.getArgumentsListeners().add(new AccountTypeTransformer()::transform);

src/main/java/moe/yushi/authlibinjector/transform/support/YggdrasilKeyTransformUnit.java

@@ -18,50 +18,77 @@
 
 import static java.lang.invoke.MethodHandles.publicLookup;
 import static java.lang.invoke.MethodType.methodType;
+import static java.util.Optional.ofNullable;
+import static java.util.stream.Collectors.toSet;
 import static moe.yushi.authlibinjector.util.IOUtils.asBytes;
+import static moe.yushi.authlibinjector.util.IOUtils.asString;
 import static moe.yushi.authlibinjector.util.Logging.Level.DEBUG;
 import static org.objectweb.asm.Opcodes.ALOAD;
 import static org.objectweb.asm.Opcodes.ARETURN;
 import static org.objectweb.asm.Opcodes.ASM9;
 import static org.objectweb.asm.Opcodes.IRETURN;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.UncheckedIOException;
 import java.lang.invoke.MethodHandle;
 import java.security.GeneralSecurityException;
 import java.security.InvalidKeyException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.Signature;
 import java.util.Base64;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
 import java.util.Optional;
-import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.concurrent.CopyOnWriteArraySet;
 import org.objectweb.asm.ClassVisitor;
 import org.objectweb.asm.MethodVisitor;
+import moe.yushi.authlibinjector.internal.org.json.simple.JSONArray;
+import moe.yushi.authlibinjector.internal.org.json.simple.JSONObject;
 import moe.yushi.authlibinjector.transform.CallbackMethod;
 import moe.yushi.authlibinjector.transform.TransformContext;
 import moe.yushi.authlibinjector.transform.TransformUnit;
+import moe.yushi.authlibinjector.util.JsonUtils;
 import moe.yushi.authlibinjector.util.KeyUtils;
 import moe.yushi.authlibinjector.util.Logging;
 import moe.yushi.authlibinjector.util.Logging.Level;
 
 public class YggdrasilKeyTransformUnit implements TransformUnit {
 
-	public static final List<PublicKey> PLAYER_CERTIFICATE_PUBLIC_KEYS = new CopyOnWriteArrayList<>();
-	public static final List<PublicKey> PROFILE_PROPERTY_PUBLIC_KEYS = new CopyOnWriteArrayList<>();
+	public static final Set<PublicKey> PLAYER_CERTIFICATE_PUBLIC_KEYS = new CopyOnWriteArraySet<>();
+	public static final Set<PublicKey> PROFILE_PROPERTY_PUBLIC_KEYS = new CopyOnWriteArraySet<>();
 
 	static {
-		PublicKey mojangPublicKey = loadMojangPublicKey();
-		PLAYER_CERTIFICATE_PUBLIC_KEYS.add(mojangPublicKey);
-		PROFILE_PROPERTY_PUBLIC_KEYS.add(mojangPublicKey);
+		// Load Mojang public keys from JSON file obtained from
+		// https://api.minecraftservices.com/publickeys
+		try (InputStream in = YggdrasilKeyTransformUnit.class.getResourceAsStream("/mojang_publickeys.json")) {
+			JSONObject keysJson = JsonUtils.asJsonObject(JsonUtils.parseJson(asString(asBytes(in))));
+
+			Set<PublicKey> playerCertificateKeys =
+					ofNullable(keysJson.get("playerCertificateKeys"))
+							.map(JsonUtils::asJsonArray)
+							.map(k -> ParseJSONPublicKeys(k))
+							.orElseGet(HashSet::new);
+			PLAYER_CERTIFICATE_PUBLIC_KEYS.addAll(playerCertificateKeys);
+
+			Set<PublicKey> profilePropertyKeys =
+					ofNullable(keysJson.get("profilePropertyKeys"))
+							.map(JsonUtils::asJsonArray)
+							.map(k -> ParseJSONPublicKeys(k))
+							.orElseGet(HashSet::new);
+			PROFILE_PROPERTY_PUBLIC_KEYS.addAll(profilePropertyKeys);
+		} catch (IOException | UncheckedIOException e) {
+			throw new RuntimeException("Failed to load Mojang public keys", e);
+		}
 	}
 
-	private static PublicKey loadMojangPublicKey() {
-		try (InputStream in = YggdrasilKeyTransformUnit.class.getResourceAsStream("/mojang_publickey.der")) {
-			return KeyUtils.parseX509PublicKey(asBytes(in));
-		} catch (GeneralSecurityException | IOException e) {
-			throw new RuntimeException("Failed to load Mojang public key", e);
-		}
+	private static Set<PublicKey> ParseJSONPublicKeys(JSONArray array) {
+		return array.stream()
+				.map(JsonUtils::asJsonObject)
+				.map(p -> p.get("publicKey"))
+				.map(JsonUtils::asJsonString)
+				.map(KeyUtils::parseSignaturePublicKeyBase64DER)
+				.collect(toSet());
 	}
 
 	@CallbackMethod

src/main/java/moe/yushi/authlibinjector/util/KeyUtils.java

@@ -51,6 +51,14 @@ public static PublicKey parseSignaturePublicKey(String pem) throws UncheckedIOEx
 		}
 	}
 
+	public static PublicKey parseSignaturePublicKeyBase64DER(String base64Der) throws UncheckedIOException {
+		try {
+			return parseX509PublicKey(Base64.getDecoder().decode(base64Der));
+		} catch (IllegalArgumentException | GeneralSecurityException e) {
+			throw newUncheckedIOException("Bad signature public key", e);
+		}
+	}
+
 	private KeyUtils() {}
 
 }

src/main/resources/mojang_publickeys.json

@@ -0,0 +1,12 @@
+{
+  "profilePropertyKeys" : [ {
+    "publicKey" : "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAylB4B6m5lz7jwrcFz6Fd/fnfUhcvlxsTSn5kIK/2aGG1C3kMy4VjhwlxF6BFUSnfxhNswPjh3ZitkBxEAFY25uzkJFRwHwVA9mdwjashXILtR6OqdLXXFVyUPIURLOSWqGNBtb08EN5fMnG8iFLgEJIBMxs9BvF3s3/FhuHyPKiVTZmXY0WY4ZyYqvoKR+XjaTRPPvBsDa4WI2u1zxXMeHlodT3lnCzVvyOYBLXL6CJgByuOxccJ8hnXfF9yY4F0aeL080Jz/3+EBNG8RO4ByhtBf4Ny8NQ6stWsjfeUIvH7bU/4zCYcYOq4WrInXHqS8qruDmIl7P5XXGcabuzQstPf/h2CRAUpP/PlHXcMlvewjmGU6MfDK+lifScNYwjPxRo4nKTGFZf/0aqHCh/EAsQyLKrOIYRE0lDG3bzBh8ogIMLAugsAfBb6M3mqCqKaTMAf/VAjh5FFJnjS+7bE+bZEV0qwax1CEoPPJL1fIQjOS8zj086gjpGRCtSy9+bTPTfTR/SJ+VUB5G2IeCItkNHpJX2ygojFZ9n5Fnj7R9ZnOM+L8nyIjPu3aePvtcrXlyLhH/hvOfIOjPxOlqW+O5QwSFP4OEcyLAUgDdUgyW36Z5mB285uKW/ighzZsOTevVUG2QwDItObIV6i8RCxFbN2oDHyPaO5j1tTaBNyVt8CAwEAAQ=="
+  }, {
+    "publicKey" : "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAra4Y2wu3rWEW7cDTDRRd4IvUD140Y12SaG3k4V3UwT/pDnnX5itOcYiZA0qf4VCpJDp2PifOL+Pr/ph/G9/6ZoIxkBeGENo+S7i9BqizJy9cmZocpyx+RkZaw9+frCGNLuYLrxziNWiXFACJSg2mHACR7+6NkGN8d/16/3PxMnvGSyLT7JKGUgqj1Q3oW7k+NLXR9sw6oRELOcnUvZVa2bcglv8vlcyPqqnBhydLfHI85Z5WnIYZviZ3Bb4dv5Fme726BGOtEY7kz40RfiwjT3xYKYKPJUS3/crPX6eugmWyrWdddKaePrW88bp17Z5NIStlJ5KJJk4coha8O+P7onDqmbHwLqPTeR51njkgZ+DJWT6fz8ku9OWQn6I/FxqN14iYIghDJijmKvEwsI7FJ5X2ttPXEvBYLmpj2j0lQQcUIqH7hkiZ+mCW0GYawJgbAeNAraM9sP+76MyAGITtAsXv1IQmah+7OeDJOToG2Kb1Dl0Va+HiP9MPpcnO7kbn6dqAyhNvRNmHnsUOiEcLhW9Rk7xz87IBV/cGKbUDgxu8cYY0P512DWt5+Jmr8W10FDFdLmkJt1taWxNxApM2CiFPCimk02koyLZDW9nqpWNw6qS/TOYPdz438qEuamtYUJ+u6WhBjK8xAJEAt5k3gDKX+nlTiG3N6se09D62fS8CAwEAAQ=="
+  } ],
+  "playerCertificateKeys" : [ {
+    "publicKey" : "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAylB4B6m5lz7jwrcFz6Fd/fnfUhcvlxsTSn5kIK/2aGG1C3kMy4VjhwlxF6BFUSnfxhNswPjh3ZitkBxEAFY25uzkJFRwHwVA9mdwjashXILtR6OqdLXXFVyUPIURLOSWqGNBtb08EN5fMnG8iFLgEJIBMxs9BvF3s3/FhuHyPKiVTZmXY0WY4ZyYqvoKR+XjaTRPPvBsDa4WI2u1zxXMeHlodT3lnCzVvyOYBLXL6CJgByuOxccJ8hnXfF9yY4F0aeL080Jz/3+EBNG8RO4ByhtBf4Ny8NQ6stWsjfeUIvH7bU/4zCYcYOq4WrInXHqS8qruDmIl7P5XXGcabuzQstPf/h2CRAUpP/PlHXcMlvewjmGU6MfDK+lifScNYwjPxRo4nKTGFZf/0aqHCh/EAsQyLKrOIYRE0lDG3bzBh8ogIMLAugsAfBb6M3mqCqKaTMAf/VAjh5FFJnjS+7bE+bZEV0qwax1CEoPPJL1fIQjOS8zj086gjpGRCtSy9+bTPTfTR/SJ+VUB5G2IeCItkNHpJX2ygojFZ9n5Fnj7R9ZnOM+L8nyIjPu3aePvtcrXlyLhH/hvOfIOjPxOlqW+O5QwSFP4OEcyLAUgDdUgyW36Z5mB285uKW/ighzZsOTevVUG2QwDItObIV6i8RCxFbN2oDHyPaO5j1tTaBNyVt8CAwEAAQ=="
+  }, {
+    "publicKey" : "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAt4t9NPuu7cktclnaH7eZj0omkLcJHeLz5MKsyJEntHZ0INtuBjSSul3Pp3pBeJN8k3ADdcdBLUN90bcAi7WsQqTx3Ft363q3W7TbM8j2iTEdp/0uVspoRt/DP1tkaWFs/w2WwUv9jbVoBUzfUc4pSTIxRwdjmqjZQfvjwKNDbOx3IhP2H0WXodbISejPi1wBZqNW4m1rnZAXp/EpUguxA8mobCa4vUCBkyFDyXdl69/wUSJHyCPmgcMJ364OlAhIqtwVPShBZObvrK/f0BYk6ShJD3N7TFDatSYsIIdcTKRknaIm91s+EsMrdB9U4Yw+ZJ/pyCB4S3vk8zfDCnb0DWIxYH3/EMzaxl77djmTmMzi/JDITup5z3jfWtRZmrAhU2/+W5IO5hEpo3/bCS9PXIY5xb41Lmp2ZO8dXKtyD66Chchy0W129n8vPl2GIruOdrxsjZAHnneyAb9jm0uaGaphwnEnuecX/qgHY6ZMtayvLLsPst8PO6R1vufMy8WqjK+j7LnC1krL7CPDg0NEhyQTmw5l+NCNjSlvB1juM9V4PARg0bYCOkGXm7ydRCjSSH8CJXZpwnd5cBB5WKAX3KPzutRgMi/LFwNSMZzFuUyXaYOZPpD259yqph1LmGqegEdDriACVU+dVEONFMm8eIuBofe7ljmsAFKW9BINwK0CAwEAAQ=="
+  } ]
+}