Fix SAM bridge security

1 files changed, 68 insertions, 13 deletions

diff --git a/src/main/java/ganarchy/friendcode/sam/I2PSamAuthUtil.java b/src/main/java/ganarchy/friendcode/sam/I2PSamAuthUtil.java
index fad222c..ff84551 100644
--- a/src/main/java/ganarchy/friendcode/sam/I2PSamAuthUtil.java
+++ b/src/main/java/ganarchy/friendcode/sam/I2PSamAuthUtil.java
@@ -1,32 +1,87 @@
 package ganarchy.friendcode.sam;
 
+import ganarchy.friendcode.util.ConfigUtil;
+import org.apache.commons.codec.binary.Base32;
+
+import java.security.SecureRandom;
+import java.util.Properties;
+
 /**
-* Helper for I2P SAM authentication.
-*/
+ * Helper for I2P SAM authentication.
+ */
 public class I2PSamAuthUtil {
     /**
-    * Returns the currently active SAM auth pair.
-    */
+     * The default username. It is used by default.
+     */
+    private static final String DEFAULT_USERNAME = "minecraft_friendcode";
+
+    /**
+     * Fallback authentication password, used on first install.
+     */
+    private static final AuthenticationPair INSECURE_FALLBACK =
+        new AuthenticationPair(DEFAULT_USERNAME, "friendcode");
+
+    /**
+     * Returns the currently active SAM auth pair.
+     */
     public static AuthenticationPair getAuthPair() {
-        return new AuthenticationPair("minecraft_friendcode", "friendcode");
+        AuthenticationPair strongAuthPair = getStrongAuthPair();
+        if (strongAuthPair != null) {
+            return strongAuthPair;
+        }
+        return INSECURE_FALLBACK;
     }
 
     /**
-    * Generates and stores a modern auth pair.
-    *
-    * @return The generated auth pair.
-    */
+     * Generates and stores a modern auth pair.
+     *
+     * @return The generated auth pair.
+     */
     public static AuthenticationPair upgradeAuthPair() {
-        return new AuthenticationPair("minecraft_friendcode", "friendcode");
+        var rand = new SecureRandom();
+        var bytes = new byte[16];
+        rand.nextBytes(bytes);
+        var b32 = new Base32().encodeToString(bytes);
+        Properties auth = new Properties();
+        auth.setProperty("i2p.sam.username", DEFAULT_USERNAME);
+        auth.setProperty("i2p.sam.password", b32);
+        if (ConfigUtil.updateSettings(auth)) {
+            return new AuthenticationPair(DEFAULT_USERNAME, b32);
+        } else {
+            return INSECURE_FALLBACK;
+        }
     }
 
     /**
-    * Returns whether strong auth is enabled.
-    */
+     * Returns whether strong auth is enabled.
+     */
     public static boolean isStrongAuth() {
-        return false;
+        return getStrongAuthPair() != null;
     }
 
+
+    /**
+     * Returns the currently active strong SAM auth pair, or null if using the
+     * weak fallback.
+     */
+    private static AuthenticationPair getStrongAuthPair() {
+        Properties auth = new Properties();
+        if (ConfigUtil.getSettings(auth)) {
+            String username = auth.getProperty("i2p.sam.username");
+            String password = auth.getProperty("i2p.sam.password");
+            if (username != null && password != null) {
+                return new AuthenticationPair(username, password);
+            }
+        }
+        return null;
+    }
+
+    /**
+     * An authentication pair.
+     *
+     * @param user     The username.
+     * @param password The password.
+     */
     public record AuthenticationPair(String user, String password) {
     }
 }