From c30c3ee12320670ac9462330f7dce77dcdb78705 Mon Sep 17 00:00:00 2001 From: Evan Goode Date: Thu, 24 Oct 2024 18:15:21 -0400 Subject: [PATCH] Use empty publicKeySignature in dummy ProfileKeyFilter response If we send an invalid signature here (`AA==`), then the vanilla server will throw an error while handling the LoginHelloC2S packet, even if `enforce-secure-profile` is `false` in `server.properties`. The client will be disconnected with the message "Invalid signature for profile public key. Try restarting your game." It's better to send an empty string; the server will simply ignore the missing publicKeySignature if `enforce-secure-profile` is false. Resolves https://github.com/unmojang/drasl/issues/109. --- .../moe/yushi/authlibinjector/httpd/ProfileKeyFilter.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/moe/yushi/authlibinjector/httpd/ProfileKeyFilter.java b/src/main/java/moe/yushi/authlibinjector/httpd/ProfileKeyFilter.java index d0e5a53..f4b8d6f 100644 --- a/src/main/java/moe/yushi/authlibinjector/httpd/ProfileKeyFilter.java +++ b/src/main/java/moe/yushi/authlibinjector/httpd/ProfileKeyFilter.java @@ -74,8 +74,8 @@ private JSONObject makeDummyResponse() { keyPairObj.put("privateKey", privateKeyPEM); keyPairObj.put("publicKey", publicKeyPEM); response.put("keyPair", keyPairObj); - response.put("publicKeySignature", "AA=="); - response.put("publicKeySignatureV2", "AA=="); + response.put("publicKeySignature", ""); + response.put("publicKeySignatureV2", ""); response.put("expiresAt", DateTimeFormatter.ISO_INSTANT.format(expiresAt)); response.put("refreshedAfter", DateTimeFormatter.ISO_INSTANT.format(refreshedAfter)); return response;