Add RSA keypair generation and upload in login process; update comments on username signature requirements

2025-11-16 19:45:46 -05:00
parent db3a2e2a59
commit 9a404df9d4
2 changed files with 23 additions and 8 deletions
--- a/src/OverteAuth.cpp
+++ b/src/OverteAuth.cpp
@@ -354,6 +354,21 @@ bool OverteAuth::login(const std::string& username, const std::string& password,
    }
    
    std::cout << "[OverteAuth] Successfully authenticated as " << username << std::endl;
+    
+    // Generate and upload RSA keypair for signature authentication
+    if (!hasKeypair()) {
+        std::cout << "[OverteAuth] Generating RSA keypair for signature authentication..." << std::endl;
+        if (generateKeypair()) {
+            if (uploadPublicKey()) {
+                std::cout << "[OverteAuth] Keypair generated and uploaded successfully" << std::endl;
+            } else {
+                std::cerr << "[OverteAuth] Warning: Failed to upload public key: " << m_lastError << std::endl;
+            }
+        } else {
+            std::cerr << "[OverteAuth] Warning: Failed to generate keypair" << std::endl;
+        }
+    }
+    
    return true;
 }

--- a/src/OverteClient.cpp
+++ b/src/OverteClient.cpp
@@ -1397,21 +1397,21 @@ void OverteClient::sendDomainConnectRequest() {
    qs.writeQString("");
    
    // 14. Directory services (metaverse) username (QString)
-    // TEMPORARILY DISABLED: Sending username might require signature
+    // NOTE: Sending a username requires a cryptographic signature (field 15) using a
+    // private key registered with the metaverse. Without a valid signature, the domain
+    // server will reject the connection. For now, we send empty string (anonymous mode).
+    // TODO: Implement RSA keypair generation and username signature
    std::string metaverseUsername = "";
-    // if (m_auth && m_auth->isAuthenticated()) {
-    //     metaverseUsername = m_auth->getUsername();
-    //     std::cout << "[OverteClient] Including metaverse username: " << metaverseUsername << std::endl;
-    // }
    qs.writeQString(metaverseUsername);
    
-    // 15. Username signature (QString) - empty (no keypair authentication yet)
+    // 15. Username signature (QString) - empty (no keypair authentication)
+    // This would be AccountInfo::getUsernameSignature(connectionToken) in official client
    qs.writeQString("");
    
-    // 16. Domain username (QString) - empty for now (domain-specific auth not yet implemented)
+    // 16. Domain username (QString) - for domain-specific auth (separate from metaverse)
    qs.writeQString("");
    
-    // 17. Domain access token:refreshToken (QString) - empty for now
+    // 17. Domain access token:refreshToken (QString) - for domain OAuth
    qs.writeQString("");

    // Append payload to packet