doodle/cmd/doodle-admin/command/verify_level.go
Noah Petherbridge 82884c79ae Signed Levels and Levelpacks
Add the ability for the free version of the game to allow loading levels that
use embedded custom doodads if those levels are signed.

* Uses the same signing keys as the JWT token for license registrations.
* Levels and Levelpacks can both be signed. So individual levels with embedded
  doodads can work in free versions of the game.
* Levelpacks now support embedded doodads properly: the individual levels in
  the pack don't need to embed a custom doodad, but if the doodad exists in
  the levelpack's doodads/ folder it will load from there instead - for full
  versions of the game OR when the levelpack is signed.

Signatures are computed by getting a listing of embedded assets inside the
zipfile (the assets/ folder in levels, and the doodads/ + levels/ folders
in levelpacks). Thus for individual signed levels, the level geometry and
metadata may be changed without breaking the signature but if custom doodads
are changed the signature will break.

The doodle-admin command adds subcommands to `sign-level` and `verify-level`
to manage signatures on levels and levelpacks.

When using the `doodad levelpack create` command, any custom doodads the
levels mention that are found in your profile directory get embedded into
the zipfile by default (with --doodads custom).
2023-02-18 17:37:54 -08:00

74 lines
1.8 KiB
Go

package command
import (
"strings"
"git.kirsle.net/SketchyMaze/doodle/pkg/level"
"git.kirsle.net/SketchyMaze/doodle/pkg/levelpack"
"git.kirsle.net/SketchyMaze/doodle/pkg/license"
"git.kirsle.net/SketchyMaze/doodle/pkg/license/levelsigning"
"git.kirsle.net/SketchyMaze/doodle/pkg/log"
"github.com/urfave/cli/v2"
)
// VerifyLevel a license key for Sketchy Maze.
var VerifyLevel *cli.Command
func init() {
VerifyLevel = &cli.Command{
Name: "verify-level",
Usage: "check the signature on a level or levelpack file.",
Flags: []cli.Flag{
&cli.StringFlag{
Name: "key",
Aliases: []string{"k"},
Usage: "Public key .pem file that signed the level",
Required: true,
},
&cli.StringFlag{
Name: "filename",
Aliases: []string{"f"},
Usage: "File name of the .level or .levelpack",
Required: true,
},
},
Action: func(c *cli.Context) error {
key, err := license.AdminLoadPublicKey(c.String("key"))
if err != nil {
return cli.Exit(err.Error(), 1)
}
filename := c.String("filename")
if strings.HasSuffix(filename, ".level") {
lvl, err := level.LoadJSON(filename)
if err != nil {
return cli.Exit(err.Error(), 1)
}
// Verify it.
if ok := levelsigning.VerifyLevel(key, lvl); !ok {
log.Error("Signature is not valid!")
return cli.Exit("", 1)
} else {
log.Info("Level signature is OK!")
}
} else if strings.HasSuffix(filename, ".levelpack") {
lp, err := levelpack.LoadFile(filename)
if err != nil {
return cli.Exit(err.Error(), 1)
}
// Verify it.
if ok := levelsigning.VerifyLevelPack(key, lp); !ok {
log.Error("Signature is not valid!")
return cli.Exit("", 1)
} else {
log.Info("Levelpack signature is OK!")
}
}
return nil
},
}
}