Feat/plugin message encrypt

NookureStaff-API/build.gradle.kts

@@ -21,8 +21,6 @@ java {
 }
 
 dependencies {
-  testImplementation("org.junit.jupiter:junit-jupiter:5.9.2")
-  testRuntimeOnly("org.junit.platform:junit-platform-launcher")
   implementation(libs.configurateYaml)
   compileOnly(libs.protocol.buffers.lite)
   compileOnlyApi(libs.paperApi)

NookureStaff-API/src/main/java/com/nookure/staff/api/annotation/PluginMessageSecretKey.java

@@ -0,0 +1,14 @@
+package com.nookure.staff.api.annotation;
+
+import com.google.inject.BindingAnnotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target({ElementType.FIELD, ElementType.PARAMETER})
+@Retention(RetentionPolicy.RUNTIME)
+@BindingAnnotation
+public @interface PluginMessageSecretKey {
+}

NookureStaff-API/src/main/java/com/nookure/staff/api/config/common/PluginMessageConfig.java

@@ -0,0 +1,82 @@
+package com.nookure.staff.api.config.common;
+
+import org.spongepowered.configurate.objectmapping.ConfigSerializable;
+import org.spongepowered.configurate.objectmapping.meta.Comment;
+import org.spongepowered.configurate.objectmapping.meta.Setting;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.spec.SecretKeySpec;
+import java.util.Base64;
+
+@ConfigSerializable
+public class PluginMessageConfig {
+  @Setting
+  public boolean enabled = false;
+
+  @Setting
+  @Comment("""
+      Base64-encoded encryption key for plugin messages, generated if not present, must be 128, 192, or 256 bits
+      You should have the same key on all servers in the network
+      """)
+  public String encryptionKey;
+
+  @Setting
+  @Comment("""
+      It's a security feature to prevent players from tampering with the plugin messages
+      if the plugin detects tampering, it will disconnect the player
+      """)
+  public boolean playerTamperingDetection = true;
+
+  @Setting
+  @Comment("""
+      The message to send to the player when tampering is detected
+      """)
+  public String playerTamperingDetectionMessage = "<red>Plugin message tampering detected!";
+
+  public PluginMessageConfig() {
+    ensureEncryptionKey(256);
+  }
+
+  /**
+   * Generates a new encryption key with the specified length.
+   *
+   * @param length Key length in bits (must be 128, 192, or 256)
+   * @return Base64-encoded encryption key
+   */
+  private String generateEncryptionKey(final int length) {
+    try {
+      KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+      keyGen.init(length);
+      SecretKey secretKey = keyGen.generateKey();
+      return Base64.getEncoder().encodeToString(secretKey.getEncoded());
+    } catch (NoSuchAlgorithmException e) {
+      throw new RuntimeException("AES algorithm is not available", e);
+    }
+  }
+
+  /**
+   * Retrieves the SecretKey from the stored encryption key.
+   *
+   * @return A SecretKey instance
+   */
+  public SecretKey getSecretKey() {
+    if (encryptionKey == null || encryptionKey.isEmpty()) {
+      throw new IllegalStateException("Encryption key is not set");
+    }
+
+    byte[] decodedKey = Base64.getDecoder().decode(encryptionKey);
+    return new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
+  }
+
+  /**
+   * Generates and sets a new encryption key if none is present.
+   */
+  public void ensureEncryptionKey(final int length) {
+    if (encryptionKey == null || encryptionKey.isEmpty()) {
+      encryptionKey = generateEncryptionKey(length);
+    }
+  }
+}

NookureStaff-API/src/main/java/com/nookure/staff/api/exception/DataIntegrityCheckFailedException.java

@@ -0,0 +1,11 @@
+package com.nookure.staff.api.exception;
+
+public class DataIntegrityCheckFailedException extends RuntimeException {
+  public DataIntegrityCheckFailedException(String message) {
+    super(message);
+  }
+
+  public DataIntegrityCheckFailedException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}

NookureStaff-API/src/main/java/com/nookure/staff/api/messaging/Channels.java

@@ -2,4 +2,5 @@
 
 public class Channels {
   public static final String EVENTS = "nkstaff:events";
+  public static final String COMMANDS = "nkstaff:commands";
 }

NookureStaff-API/src/main/java/com/nookure/staff/api/messaging/EventMessenger.java

@@ -12,10 +12,17 @@
 import java.util.Optional;
 
 public abstract class EventMessenger implements AutoCloseable {
+  private final Logger logger;
+  private final NookureStaff plugin;
+
   @Inject
-  private Logger logger;
-  @Inject
-  private NookureStaff plugin;
+  public EventMessenger(
+      @NotNull final Logger logger,
+      @NotNull final NookureStaff plugin
+  ) {
+    this.logger = logger;
+    this.plugin = plugin;
+  }
 
   /**
    * Prepares the event transport for use.

NookureStaff-API/src/main/java/com/nookure/staff/api/service/EncryptService.java

@@ -0,0 +1,25 @@
+package com.nookure.staff.api.service;
+
+import org.jetbrains.annotations.NotNull;
+
+import javax.crypto.SecretKey;
+
+public interface EncryptService {
+  /**
+   * Encrypts the given data with the given secret key.
+   *
+   * @param data      The data to encrypt.
+   * @param secretKey The secret key to encrypt the data with.
+   * @return The encrypted data.
+   */
+  byte @NotNull [] encrypt(byte @NotNull [] data, @NotNull final SecretKey secretKey);
+
+  /**
+   * Decrypts the given data with the given secret key.
+   *
+   * @param data      The data to decrypt.
+   * @param secretKey The secret key to decrypt the data with.
+   * @return The decrypted data.
+   */
+  byte @NotNull [] decrypt(byte @NotNull [] data, @NotNull final SecretKey secretKey);
+}

NookureStaff-API/src/main/java/com/nookure/staff/api/util/ServerUtils.java

@@ -1,6 +1,7 @@
 package com.nookure.staff.api.util;
 
 import com.nookure.staff.api.Permissions;
+import com.nookure.staff.api.PlayerWrapper;
 import org.bukkit.Bukkit;
 import org.jetbrains.annotations.NotNull;
 
@@ -55,6 +56,14 @@ public void broadcastStaffMessage(@NotNull String message) {
     broadcast(message, Permissions.STAFF_PERMISSION);
   }
 
+  /**
+   * Send a command to the proxy server console
+   *
+   * @param command The command to send
+   * @param sender  The sender of the command
+   */
+  abstract public void sendCommandToProxy(@NotNull String command, @NotNull PlayerWrapper sender);
+
   static {
     isPaper = hasClass("com.destroystokyo.paper.PaperConfig") ||
         hasClass("io.papermc.paper.configuration.Configuration");