Trinitycore: [Aurora] Authentication

Created on 11 Mar 2016 · 11Comments · Source: TrinityCore/TrinityCore

Description: Connection is closed after recieving the accounts list in battlenet account

Current behaviour: The client is blocked after recieving accounts list and disconnected after few seconds

Expected behaviour: We should me able to choose the account (if multiple) and retrieve realm lists

Steps to reproduce the problem:

Create an account
Log in

Branch(es): Aurora

TC hash/commit: 13c14b456847b696267c7ef6723646d9fc304e0a

Operating system: Windows 10

Battlenet server logs: https://gist.github.com/Nelidon/1a07ef1171706c8671ab
Aurora logs: https://gist.github.com/Nelidon/b3bde619724e5e81b759

@Shauren

Branch-master

Source

Ardinis

Most helpful comment

TLS 1.2 used - https://en.wikipedia.org/wiki/Transport_Layer_Security
Additional client specific stuff - leaf certificate must not be self signed, implies creating a certificate chain
Client verifies common name (CN) field on the certificate using a wildcard PREFIX search (not suffix) (the certificate I supplied uses CN=*.*)
Client loads the ROOT certificate used to sign certificate from a file named ca_bundle.txt.signed from CASC archive (connection_patcher changes this to tc_bundle.txt loaded from filesystem). As the name implies this file is signed and patcher removes signature check

https://github.com/TrinityCore/TrinityCore/blob/aurora/src/tools/connection_patcher/tc_bundle.txt
File structure:
JSON with certificate info
Url is matched by certificate CN
ShaHashPublicKeyInfo - not sure what exactly is hashed here - I dumped this value from client memory
SigningCertificates - the root certificate (not the one with CN=*.*)
260 padding bytes

Certificates file: https://github.com/TrinityCore/TrinityCore/blob/aurora/src/server/bnetserver/bnetserver.cert.pem
Private key: https://github.com/TrinityCore/TrinityCore/blob/aurora/src/server/bnetserver/bnetserver.key.pem

You can view the contents of these files using openssl commandline tools

Shauren on 15 Mar 2016

👍4

All 11 comments

Shauren on 11 Mar 2016

Update: 12/03/2015
Commit: 014ee052e45af51512f50149aee758312edd3f2f

Client is disconnected since the server doesn't send game accounts information but the client understand now the server correctly:

Aurora log: https://gist.github.com/Nelidon/8114b8c2f0f23844f272
Bnet: https://gist.github.com/Nelidon/c00c6ca8a1243530d777

Ardinis on 12 Mar 2016

There was no change to things being implemented or not in that commit - and since some version client sends a new packet (and expects a proper response) - not yet implemented.

Shauren on 12 Mar 2016

New required method implemented in 02d50a290c2fe14d452f5b75c9fb1333d04fab6a

Shauren on 14 Mar 2016

Realm list reached.

Ardinis on 15 Mar 2016

Undocumented change that I still haven't decided whether to keep it like that or not - realmlist.gamebuild now expects the exact wow build instead of "base build"

Shauren on 15 Mar 2016

Can you give more information about certificat file and public/private keys please.

Ardinis on 15 Mar 2016

You can view the contents of these files using openssl commandline tools

Shauren on 15 Mar 2016

👍4

Thank you for these information.

The worldserver doesn't detect any connections from the client after joining a realm
Aurora log: https://gist.github.com/Nelidon/ff4cc5b5df9d4aa76a06
The server should send information corresponding to AuthedToWoW

Ardinis on 18 Mar 2016

After some research the client need 3 new packets related to AuroraInterface (make a research on AuroraBackInterface.cpp) otherwise SMSG_AUTH_RESPONSE isn't considered.
Packets format is json

Ardinis on 19 Mar 2016

@shauren this can be closed?