Implement player certificate fetching for Mojang auth

Borrows the fetchCertificates implementation from prismarine-auth

Author: evan-goode

src/client/mojangAuth.js

@@ -3,6 +3,7 @@ const yggdrasil = require('yggdrasil')
 const fs = require('fs').promises
 const mcDefaultFolderPath = require('minecraft-folder-path')
 const path = require('path')
+const crypto = require('crypto')
 
 const launcherDataFile = 'launcher_accounts.json'
 
@@ -33,6 +34,32 @@ module.exports = async function (client, options) {
     }
   }
 
+  // Adapted from https://github.com/PrismarineJS/prismarine-auth/blob/1aef6e1387d94fca839f2811d17ac6659ae556b4/src/TokenManagers/MinecraftJavaTokenManager.js#L101
+  const toDER = pem => pem.split('\n').slice(1, -1).reduce((acc, cur) => Buffer.concat([acc, Buffer.from(cur, 'base64')]), Buffer.alloc(0))
+  async function fetchCertificates (accessToken) {
+    const servicesServer = options.servicesServer ?? 'https://api.minecraftservices.com'
+    const headers = {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${accessToken}`
+    }
+    const res = await fetch(`${servicesServer}/player/certificates`, { headers, method: 'post' })
+    if (!res.ok) throw Error(`Certificates request returned status ${res.status}`)
+    const cert = await res.json()
+    const profileKeys = {
+      publicPEM: cert.keyPair.publicKey,
+      privatePEM: cert.keyPair.privateKey,
+      publicDER: toDER(cert.keyPair.publicKey),
+      privateDER: toDER(cert.keyPair.privateKey),
+      signature: Buffer.from(cert.publicKeySignature, 'base64'),
+      signatureV2: Buffer.from(cert.publicKeySignatureV2, 'base64'),
+      expiresOn: new Date(cert.expiresAt),
+      refreshAfter: new Date(cert.refreshedAfter)
+    }
+    profileKeys.public = crypto.createPublicKey({ key: profileKeys.publicDER, format: 'der', type: 'spki' })
+    profileKeys.private = crypto.createPrivateKey({ key: profileKeys.privateDER, format: 'der', type: 'pkcs8' })
+    return { profileKeys }
+  }
+
   function getProfileId (auths) {
     try {
       const lowerUsername = options.username.toLowerCase()
@@ -105,8 +132,25 @@ module.exports = async function (client, options) {
         client.session = session
         client.username = session.selectedProfile.name
         options.accessToken = session.accessToken
-        client.emit('session', session)
-        options.connect(client)
+
+        const finishCb = function (certificates) {
+          if (certificates !== null) {
+            Object.assign(client, certificates)
+          }
+          client.emit('session', session)
+          options.connect(client)
+        }
+
+        if (options.disableChatSigning) {
+          finishCb(null)
+        } else {
+          fetchCertificates(session.accessToken)
+            .catch(e => {
+              console.warn(`Failed to fetch player certificates: ${e}`)
+              return null
+            })
+            .then(finishCb)
+        }
       }
     }
 

src/index.d.ts

@@ -132,6 +132,7 @@ declare module 'minecraft-protocol' {
 		accessToken?: string
 		authServer?: string
 		authTitle?: string
+		servicesServer?: string
 		sessionServer?: string
 		keepAlive?: boolean
 		closeTimeout?: number