icense,即版權許可證,一般用於收費軟件給付費用戶提供的訪問許可證明。根據應用部署位置的不同,一般可以分為以下兩種情況討論:
- 應用部署在開發者自己的雲服務器上。這種情況下用戶通過賬號登錄的形式遠程訪問,因此只需要在賬號登錄的時候校驗目標賬號的有效期、訪問權限等信息即可。
- 應用部署在客戶的內網環境。因為這種情況開發者無法控制客戶的網絡環境,也不能保證應用所在服務器可以訪問外網,因此通常的做法是使用服務器許可文件,在應用啟動的時候加載證書,然后在登錄或者其他關鍵操作的地方校驗證書的有效性。
注:限於文章篇幅,這里只討論代碼層面的許可限制,暫不考慮逆向破解等問題。此外,在下面我只講解關鍵代碼實現,完整代碼可以參考: gitee.com/zifangsky/L…
二 使用 TrueLicense 生成License
(1)使用Spring Boot構建測試項目ServerDemo,用於為客戶生成License許可文件:
注:這個完整的Demo項目可以參考: gitee.com/zifangsky/L…
i)在pom.xml中添加關鍵依賴:
de.schlichtherle.truelicense
truelicense-core
1.33
provided
復制代碼
ii)校驗自定義的License參數:
TrueLicense的 de.schlichtherle.license.LicenseManager 類自帶的verify方法只校驗了我們后面頒發的許可文件的生效和過期時間,然而在實際項目中我們可能需要額外校驗應用部署的服務器的IP地址、MAC地址、CPU序列號、主板序列號等信息,因此我們需要復寫框架的部分方法以實現校驗自定義參數的目的。
首先需要添加一個自定義的可被允許的服務器硬件信息的實體類(如果校驗其他參數,可自行補充):
package cn.zifangsky.license;
import java.io.Serializable;
import java.util.List;
/**
* 自定義需要校驗的License參數
*
* @author zifangsky
* @date 2018/4/23
* @since 1.0.0
*/
public class LicenseCheckModel implements Serializable{
private static final long serialVersionUID = 8600137500316662317L;
/**
* 可被允許的IP地址
*/
private List ipAddress;
/**
* 可被允許的MAC地址
*/
private List macAddress;
/**
* 可被允許的CPU序列號
*/
private String cpuSerial;
/**
* 可被允許的主板序列號
*/
private String mainBoardSerial;
//省略setter和getter方法
@Override
public String toString() {
return "LicenseCheckModel{" +
"ipAddress=" + ipAddress +
", macAddress=" + macAddress +
", cpuSerial='" + cpuSerial + ''' +
", mainBoardSerial='" + mainBoardSerial + ''' +
'}';
}
}
復制代碼
其次,添加一個License生成類需要的參數:
package cn.zifangsky.license;
import com.fasterxml.jackson.annotation.JsonFormat;
import java.io.Serializable;
import java.util.Date;
/**
* License生成類需要的參數
*
* @author zifangsky
* @date 2018/4/19
* @since 1.0.0
*/
public class LicenseCreatorParam implements Serializable {
private static final long serialVersionUID = -7793154252684580872L;
/**
* 證書subject
*/
private String subject;
/**
* 密鑰別稱
*/
private String privateAlias;
/**
* 密鑰密碼(需要妥善保管,不能讓使用者知道)
*/
private String keyPass;
/**
* 訪問秘鑰庫的密碼
*/
private String storePass;
/**
* 證書生成路徑
*/
private String licensePath;
/**
* 密鑰庫存儲路徑
*/
private String privateKeysStorePath;
/**
* 證書生效時間
*/
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
private Date issuedTime = new Date();
/**
* 證書失效時間
*/
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
private Date expiryTime;
/**
* 用戶類型
*/
private String consumerType = "user";
/**
* 用戶數量
*/
private Integer consumerAmount = 1;
/**
* 描述信息
*/
private String description = "";
/**
* 額外的服務器硬件校驗信息
*/
private LicenseCheckModel licenseCheckModel;
//省略setter和getter方法
@Override
public String toString() {
return "LicenseCreatorParam{" +
"subject='" + subject + ''' +
", privateAlias='" + privateAlias + ''' +
", keyPass='" + keyPass + ''' +
", storePass='" + storePass + ''' +
", licensePath='" + licensePath + ''' +
", privateKeysStorePath='" + privateKeysStorePath + ''' +
", issuedTime=" + issuedTime +
", expiryTime=" + expiryTime +
", consumerType='" + consumerType + ''' +
", consumerAmount=" + consumerAmount +
", description='" + description + ''' +
", licenseCheckModel=" + licenseCheckModel +
'}';
}
}
復制代碼
添加抽象類AbstractServerInfos,用戶獲取服務器的硬件信息:
package cn.zifangsky.license;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
/**
* 用於獲取客戶服務器的基本信息,如:IP、Mac地址、CPU序列號、主板序列號等
*
* @author zifangsky
* @date 2018/4/23
* @since 1.0.0
*/
public abstract class AbstractServerInfos {
private static Logger logger = LogManager.getLogger(AbstractServerInfos.class);
/**
* 組裝需要額外校驗的License參數
* @author zifangsky
* @date 2018/4/23 14:23
* @since 1.0.0
* @return demo.LicenseCheckModel
*/
public LicenseCheckModel getServerInfos(){
LicenseCheckModel result = new LicenseCheckModel();
try {
result.setIpAddress(this.getIpAddress());
result.setMacAddress(this.getMacAddress());
result.setCpuSerial(this.getCPUSerial());
result.setMainBoardSerial(this.getMainBoardSerial());
}catch (Exception e){
logger.error("獲取服務器硬件信息失敗",e);
}
return result;
}
/**
* 獲取IP地址
* @author zifangsky
* @date 2018/4/23 11:32
* @since 1.0.0
* @return java.util.List
*/
protected abstract List getIpAddress() throws Exception;
/**
* 獲取Mac地址
* @author zifangsky
* @date 2018/4/23 11:32
* @since 1.0.0
* @return java.util.List
*/
protected abstract List getMacAddress() throws Exception;
/**
* 獲取CPU序列號
* @author zifangsky
* @date 2018/4/23 11:35
* @since 1.0.0
* @return java.lang.String
*/
protected abstract String getCPUSerial() throws Exception;
/**
* 獲取主板序列號
* @author zifangsky
* @date 2018/4/23 11:35
* @since 1.0.0
* @return java.lang.String
*/
protected abstract String getMainBoardSerial() throws Exception;
/**
* 獲取當前服務器所有符合條件的InetAddress
* @author zifangsky
* @date 2018/4/23 17:38
* @since 1.0.0
* @return java.util.List
*/
protected List getLocalAllInetAddress() throws Exception {
List result = new ArrayList(4);
// 遍歷所有的網絡接口
for (Enumeration networkInterfaces = NetworkInterface.getNetworkInterfaces(); networkInterfaces.hasMoreElements(); ) {
NetworkInterface iface = (NetworkInterface) networkInterfaces.nextElement();
// 在所有的接口下再遍歷IP
for (Enumeration inetAddresses = iface.getInetAddresses(); inetAddresses.hasMoreElements(); ) {
InetAddress inetAddr = (InetAddress) inetAddresses.nextElement();
//排除LoopbackAddress、SiteLocalAddress、LinkLocalAddress、MulticastAddress類型的IP地址
if(!inetAddr.isLoopbackAddress() /*&& !inetAddr.isSiteLocalAddress()*/
&& !inetAddr.isLinkLocalAddress() && !inetAddr.isMulticastAddress()){
result.add(inetAddr);
}
}
}
return result;
}
/**
* 獲取某個網絡接口的Mac地址
* @author zifangsky
* @date 2018/4/23 18:08
* @since 1.0.0
* @param
* @return void
*/
protected String getMacByInetAddress(InetAddress inetAddr){
try {
byte[] mac = NetworkInterface.getByInetAddress(inetAddr).getHardwareAddress();
StringBuffer stringBuffer = new StringBuffer();
for(int i=0;i<mac.length;i++){
if(i != 0) {
stringBuffer.append("-");
}
//將十六進制byte轉化為字符串
String temp = Integer.toHexString(mac[i] & 0xff);
if(temp.length() == 1){
stringBuffer.append("0" + temp);
}else{
stringBuffer.append(temp);
}
}
return stringBuffer.toString().toUpperCase();
} catch (SocketException e) {
e.printStackTrace();
}
return null;
}
}
復制代碼
獲取客戶Linux服務器的基本信息:
package cn.zifangsky.license;
import org.apache.commons.lang3.StringUtils;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.util.List;
import java.util.stream.Collectors;
/**
* 用於獲取客戶Linux服務器的基本信息
*
* @author zifangsky
* @date 2018/4/23
* @since 1.0.0
*/
public class LinuxServerInfos extends AbstractServerInfos {
@Override
protected List getIpAddress() throws Exception {
List result = null;
//獲取所有網絡接口
List inetAddresses = getLocalAllInetAddress();
if(inetAddresses != null && inetAddresses.size() > 0){
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
}
return result;
}
@Override
protected List getMacAddress() throws Exception {
List result = null;
//1. 獲取所有網絡接口
List inetAddresses = getLocalAllInetAddress();
if(inetAddresses != null && inetAddresses.size() > 0){
//2. 獲取所有網絡接口的Mac地址
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
}
return result;
}
@Override
protected String getCPUSerial() throws Exception {
//序列號
String serialNumber = "";
//使用dmidecode命令獲取CPU序列號
String[] shell = {"/bin/bash","-c","dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"};
Process process = Runtime.getRuntime().exec(shell);
process.getOutputStream().close();
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String line = reader.readLine().trim();
if(StringUtils.isNotBlank(line)){
serialNumber = line;
}
reader.close();
return serialNumber;
}
@Override
protected String getMainBoardSerial() throws Exception {
//序列號
String serialNumber = "";
//使用dmidecode命令獲取主板序列號
String[] shell = {"/bin/bash","-c","dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"};
Process process = Runtime.getRuntime().exec(shell);
process.getOutputStream().close();
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String line = reader.readLine().trim();
if(StringUtils.isNotBlank(line)){
serialNumber = line;
}
reader.close();
return serialNumber;
}
}
復制代碼
獲取客戶Windows服務器的基本信息:
package cn.zifangsky.license;
import java.net.InetAddress;
import java.util.List;
import java.util.Scanner;
import java.util.stream.Collectors;
/**
* 用於獲取客戶Windows服務器的基本信息
*
* @author zifangsky
* @date 2018/4/23
* @since 1.0.0
*/
public class WindowsServerInfos extends AbstractServerInfos {
@Override
protected List getIpAddress() throws Exception {
List result = null;
//獲取所有網絡接口
List inetAddresses = getLocalAllInetAddress();
if(inetAddresses != null && inetAddresses.size() > 0){
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
}
return result;
}
@Override
protected List getMacAddress() throws Exception {
List result = null;
//1. 獲取所有網絡接口
List inetAddresses = getLocalAllInetAddress();
if(inetAddresses != null && inetAddresses.size() > 0){
//2. 獲取所有網絡接口的Mac地址
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
}
return result;
}
@Override
protected String getCPUSerial() throws Exception {
//序列號
String serialNumber = "";
//使用WMIC獲取CPU序列號
Process process = Runtime.getRuntime().exec("wmic cpu get processorid");
process.getOutputStream().close();
Scanner scanner = new Scanner(process.getInputStream());
if(scanner.hasNext()){
scanner.next();
}
if(scanner.hasNext()){
serialNumber = scanner.next().trim();
}
scanner.close();
return serialNumber;
}
@Override
protected String getMainBoardSerial() throws Exception {
//序列號
String serialNumber = "";
//使用WMIC獲取主板序列號
Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber");
process.getOutputStream().close();
Scanner scanner = new Scanner(process.getInputStream());
if(scanner.hasNext()){
scanner.next();
}
if(scanner.hasNext()){
serialNumber = scanner.next().trim();
}
scanner.close();
return serialNumber;
}
}
復制代碼
注:這里使用了模板方法模式,將不變部分的算法封裝到抽象類,而基本方法的具體實現則由子類來實現。更多內容可以參考我之前寫的文檔:模板方法模式
自定義LicenseManager,用於增加額外的服務器硬件信息校驗:
package cn.zifangsky.license;
import de.schlichtherle.license.LicenseContent;
import de.schlichtherle.license.LicenseContentException;
import de.schlichtherle.license.LicenseManager;
import de.schlichtherle.license.LicenseNotary;
import de.schlichtherle.license.LicenseParam;
import de.schlichtherle.license.NoLicenseInstalledException;
import de.schlichtherle.xml.GenericCertificate;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.beans.XMLDecoder;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.UnsupportedEncodingException;
import java.util.Date;
import java.util.List;
/**
* 自定義LicenseManager,用於增加額外的服務器硬件信息校驗
*
* @author zifangsky
* @date 2018/4/23
* @since 1.0.0
*/
public class CustomLicenseManager extends LicenseManager{
private static Logger logger = LogManager.getLogger(CustomLicenseManager.class);
//XML編碼
private static final String XML_CHARSET = "UTF-8";
//默認BUFSIZE
private static final int DEFAULT_BUFSIZE = 8 * 1024;
public CustomLicenseManager() {
}
public CustomLicenseManager(LicenseParam param) {
super(param);
}
/**
* 復寫create方法
* @author zifangsky
* @date 2018/4/23 10:36
* @since 1.0.0
* @param
* @return byte[]
*/
@Override
protected synchronized byte[] create(
LicenseContent content,
LicenseNotary notary)
throws Exception {
initialize(content);
this.validateCreate(content);
final GenericCertificate certificate = notary.sign(content);
return getPrivacyGuard().cert2key(certificate);
}
/**
* 復寫install方法,其中validate方法調用本類中的validate方法,校驗IP地址、Mac地址等其他信息
* @author zifangsky
* @date 2018/4/23 10:40
* @since 1.0.0
* @param
* @return de.schlichtherle.license.LicenseContent
*/
@Override
protected synchronized LicenseContent install(
final byte[] key,
final LicenseNotary notary)
throws Exception {
final GenericCertificate certificate = getPrivacyGuard().key2cert(key);
notary.verify(certificate);
final LicenseContent content = (LicenseContent)this.load(certificate.getEncoded());
this.validate(content);
setLicenseKey(key);
setCertificate(certificate);
return content;
}
/**
* 復寫verify方法,調用本類中的validate方法,校驗IP地址、Mac地址等其他信息
* @author zifangsky
* @date 2018/4/23 10:40
* @since 1.0.0
* @param
* @return de.schlichtherle.license.LicenseContent
*/
@Override
protected synchronized LicenseContent verify(final LicenseNotary notary)
throws Exception {
GenericCertificate certificate = getCertificate();
// Load license key from preferences,
final byte[] key = getLicenseKey();
if (null == key){
throw new NoLicenseInstalledException(getLicenseParam().getSubject());
}
certificate = getPrivacyGuard().key2cert(key);
notary.verify(certificate);
final LicenseContent content = (LicenseContent)this.load(certificate.getEncoded());
this.validate(content);
setCertificate(certificate);
return content;
}
/**
* 校驗生成證書的參數信息
* @author zifangsky
* @date 2018/5/2 15:43
* @since 1.0.0
* @param content 證書正文
*/
protected synchronized void validateCreate(final LicenseContent content)
throws LicenseContentException {
final LicenseParam param = getLicenseParam();
final Date now = new Date();
final Date notBefore = content.getNotBefore();
final Date notAfter = content.getNotAfter();
if (null != notAfter && now.after(notAfter)){
throw new LicenseContentException("證書失效時間不能早於當前時間");
}
if (null != notBefore && null != notAfter && notAfter.before(notBefore)){
throw new LicenseContentException("證書生效時間不能晚於證書失效時間");
}
final String consumerType = content.getConsumerType();
if (null == consumerType){
throw new LicenseContentException("用戶類型不能為空");
}
}
/**
* 復寫validate方法,增加IP地址、Mac地址等其他信息校驗
* @author zifangsky
* @date 2018/4/23 10:40
* @since 1.0.0
* @param content LicenseContent
*/
@Override
protected synchronized void validate(final LicenseContent content)
throws LicenseContentException {
//1. 首先調用父類的validate方法
super.validate(content);
//2. 然后校驗自定義的License參數
//License中可被允許的參數信息
LicenseCheckModel expectedCheckModel = (LicenseCheckModel) content.getExtra();
//當前服務器真實的參數信息
LicenseCheckModel serverCheckModel = getServerInfos();
if(expectedCheckModel != null && serverCheckModel != null){
//校驗IP地址
if(!checkIpAddress(expectedCheckModel.getIpAddress(),serverCheckModel.getIpAddress())){
throw new LicenseContentException("當前服務器的IP沒在授權范圍內");
}
//校驗Mac地址
if(!checkIpAddress(expectedCheckModel.getMacAddress(),serverCheckModel.getMacAddress())){
throw new LicenseContentException("當前服務器的Mac地址沒在授權范圍內");
}
//校驗主板序列號
if(!checkSerial(expectedCheckModel.getMainBoardSerial(),serverCheckModel.getMainBoardSerial())){
throw new LicenseContentException("當前服務器的主板序列號沒在授權范圍內");
}
//校驗CPU序列號
if(!checkSerial(expectedCheckModel.getCpuSerial(),serverCheckModel.getCpuSerial())){
throw new LicenseContentException("當前服務器的CPU序列號沒在授權范圍內");
}
}else{
throw new LicenseContentException("不能獲取服務器硬件信息");
}
}
/**
* 重寫XMLDecoder解析XML
* @author zifangsky
* @date 2018/4/25 14:02
* @since 1.0.0
* @param encoded XML類型字符串
* @return java.lang.Object
*/
private Object load(String encoded){
BufferedInputStream inputStream = null;
XMLDecoder decoder = null;
try {
inputStream = new BufferedInputStream(new ByteArrayInputStream(encoded.getBytes(XML_CHARSET)));
decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE),null,null);
return decoder.readObject();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} finally {
try {
if(decoder != null){
decoder.close();
}
if(inputStream != null){
inputStream.close();
}
} catch (Exception e) {
logger.error("XMLDecoder解析XML失敗",e);
}
}
return null;
}
/**
* 獲取當前服務器需要額外校驗的License參數
* @author zifangsky
* @date 2018/4/23 14:33
* @since 1.0.0
* @return demo.LicenseCheckModel
*/
private LicenseCheckModel getServerInfos(){
//操作系統類型
String osName = System.getProperty("os.name").toLowerCase();
AbstractServerInfos abstractServerInfos = null;
//根據不同操作系統類型選擇不同的數據獲取方法
if (osName.startsWith("windows")) {
abstractServerInfos = new WindowsServerInfos();
} else if (osName.startsWith("linux")) {
abstractServerInfos = new LinuxServerInfos();
}else{//其他服務器類型
abstractServerInfos = new LinuxServerInfos();
}
return abstractServerInfos.getServerInfos();
}
/**
* 校驗當前服務器的IP/Mac地址是否在可被允許的IP范圍內
* 如果存在IP在可被允許的IP/Mac地址范圍內,則返回true
* @author zifangsky
* @date 2018/4/24 11:44
* @since 1.0.0
* @return boolean
*/
private boolean checkIpAddress(List expectedList,List serverList){
if(expectedList != null && expectedList.size() > 0){
if(serverList != null && serverList.size() > 0){
for(String expected : expectedList){
if(serverList.contains(expected.trim())){
return true;
}
}
}
return false;
}else {
return true;
}
}
/**
* 校驗當前服務器硬件(主板、CPU等)序列號是否在可允許范圍內
* @author zifangsky
* @date 2018/4/24 14:38
* @since 1.0.0
* @return boolean
*/
private boolean checkSerial(String expectedSerial,String serverSerial){
if(StringUtils.isNotBlank(expectedSerial)){
if(StringUtils.isNotBlank(serverSerial)){
if(expectedSerial.equals(serverSerial)){
return true;
}
}
return false;
}else{
return true;
}
}
}
復制代碼
最后是License生成類,用於生成License證書:
package cn.zifangsky.license;
import de.schlichtherle.license.CipherParam;
import de.schlichtherle.license.DefaultCipherParam;
import de.schlichtherle.license.DefaultLicenseParam;
import de.schlichtherle.license.KeyStoreParam;
import de.schlichtherle.license.LicenseContent;
import de.schlichtherle.license.LicenseManager;
import de.schlichtherle.license.LicenseParam;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import javax.security.auth.x500.X500Principal;
import java.io.File;
import java.text.MessageFormat;
import java.util.prefs.Preferences;
/**
* License生成類
*
* @author zifangsky
* @date 2018/4/19
* @since 1.0.0
*/
public class LicenseCreator {
private static Logger logger = LogManager.getLogger(LicenseCreator.class);
private final static X500Principal DEFAULT_HOLDER_AND_ISSUER = new X500Principal("CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN");
private LicenseCreatorParam param;
public LicenseCreator(LicenseCreatorParam param) {
this.param = param;
}
/**
* 生成License證書
* @author zifangsky
* @date 2018/4/20 10:58
* @since 1.0.0
* @return boolean
*/
public boolean generateLicense(){
try {
LicenseManager licenseManager = new CustomLicenseManager(initLicenseParam());
LicenseContent licenseContent = initLicenseContent();
licenseManager.store(licenseContent,new File(param.getLicensePath()));
return true;
}catch (Exception e){
logger.error(MessageFormat.format("證書生成失敗:{0}",param),e);
return false;
}
}
/**
* 初始化證書生成參數
* @author zifangsky
* @date 2018/4/20 10:56
* @since 1.0.0
* @return de.schlichtherle.license.LicenseParam
*/
private LicenseParam initLicenseParam(){
Preferences preferences = Preferences.userNodeForPackage(LicenseCreator.class);
//設置對證書內容加密的秘鑰
CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
KeyStoreParam privateStoreParam = new CustomKeyStoreParam(LicenseCreator.class
,param.getPrivateKeysStorePath()
,param.getPrivateAlias()
,param.getStorePass()
,param.getKeyPass());
LicenseParam licenseParam = new DefaultLicenseParam(param.getSubject()
,preferences
,privateStoreParam
,cipherParam);
return licenseParam;
}
/**
* 設置證書生成正文信息
* @author zifangsky
* @date 2018/4/20 10:57
* @since 1.0.0
* @return de.schlichtherle.license.LicenseContent
*/
private LicenseContent initLicenseContent(){
LicenseContent licenseContent = new LicenseContent();
licenseContent.setHolder(DEFAULT_HOLDER_AND_ISSUER);
licenseContent.setIssuer(DEFAULT_HOLDER_AND_ISSUER);
licenseContent.setSubject(param.getSubject());
licenseContent.setIssued(param.getIssuedTime());
licenseContent.setNotBefore(param.getIssuedTime());
licenseContent.setNotAfter(param.getExpiryTime());
licenseContent.setConsumerType(param.getConsumerType());
licenseContent.setConsumerAmount(param.getConsumerAmount());
licenseContent.setInfo(param.getDescription());
//擴展校驗服務器硬件信息
licenseContent.setExtra(param.getLicenseCheckModel());
return licenseContent;
}
}
復制代碼
iii)添加一個生成證書的Controller:
這個Controller對外提供了兩個RESTful接口,分別是「獲取服務器硬件信息」和「生成證書」,示例代碼如下:
package cn.zifangsky.controller;
import cn.zifangsky.license.AbstractServerInfos;
import cn.zifangsky.license.LicenseCheckModel;
import cn.zifangsky.license.LicenseCreator;
import cn.zifangsky.license.LicenseCreatorParam;
import cn.zifangsky.license.LinuxServerInfos;
import cn.zifangsky.license.WindowsServerInfos;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import java.util.HashMap;
import java.util.Map;
/**
*
* 用於生成證書文件,不能放在給客戶部署的代碼里
* @author zifangsky
* @date 2018/4/26
* @since 1.0.0
*/
@RestController
@RequestMapping("/license")
public class LicenseCreatorController {
/**
* 證書生成路徑
*/
@Value("${license.licensePath}")
private String licensePath;
/**
* 獲取服務器硬件信息
* @author zifangsky
* @date 2018/4/26 13:13
* @since 1.0.0
* @param osName 操作系統類型,如果為空則自動判斷
* @return com.ccx.models.license.LicenseCheckModel
*/
@RequestMapping(value = "/getServerInfos",produces = {MediaType.APPLICATION_JSON_UTF8_VALUE})
public LicenseCheckModel getServerInfos(@RequestParam(value = "osName",required = false) String osName) {
//操作系統類型
if(StringUtils.isBlank(osName)){
osName = System.getProperty("os.name");
}
osName = osName.toLowerCase();
AbstractServerInfos abstractServerInfos = null;
//根據不同操作系統類型選擇不同的數據獲取方法
if (osName.startsWith("windows")) {
abstractServerInfos = new WindowsServerInfos();
} else if (osName.startsWith("linux")) {
abstractServerInfos = new LinuxServerInfos();
}else{//其他服務器類型
abstractServerInfos = new LinuxServerInfos();
}
return abstractServerInfos.getServerInfos();
}
/**
* 生成證書
* @author zifangsky
* @date 2018/4/26 13:13
* @since 1.0.0
* @param param 生成證書需要的參數,如:{"subject":"ccx-models","privateAlias":"privateKey","keyPass":"5T7Zz5Y0dJFcqTxvzkH5LDGJJSGMzQ","storePass":"3538cef8e7","licensePath":"C:/Users/zifangsky/Desktop/license.lic","privateKeysStorePath":"C:/Users/zifangsky/Desktop/privateKeys.keystore","issuedTime":"2018-04-26 14:48:12","expiryTime":"2018-12-31 00:00:00","consumerType":"User","consumerAmount":1,"description":"這是證書描述信息","licenseCheckModel":{"ipAddress":["192.168.245.1","10.0.5.22"],"macAddress":["00-50-56-C0-00-01","50-7B-9D-F9-18-41"],"cpuSerial":"BFEBFBFF000406E3","mainBoardSerial":"L1HF65E00X9"}}
* @return java.util.Map
*/
@RequestMapping(value = "/generateLicense",produces = {MediaType.APPLICATION_JSON_UTF8_VALUE})
public Map generateLicense(@RequestBody(required = true) LicenseCreatorParam param) {
Map resultMap = new HashMap(2);
if(StringUtils.isBlank(param.getLicensePath())){
param.setLicensePath(licensePath);
}
LicenseCreator licenseCreator = new LicenseCreator(param);
boolean result = licenseCreator.generateLicense();
if(result){
resultMap.put("result","ok");
resultMap.put("msg",param);
}else{
resultMap.put("result","error");
resultMap.put("msg","證書文件生成失敗!");
}
return resultMap;
}
}
復制代碼
(2)使用JDK自帶的 keytool 工具生成公私鑰證書庫:
假如我們設置公鑰庫密碼為: public_password1234 ,私鑰庫密碼為: private_password1234 ,則生成命令如下:
#生成命令 keytool -genkeypair -keysize 1024 -validity 3650 -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_password1234" -keypass "private_password1234" -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN" #導出命令 keytool -exportcert -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_password1234" -file "certfile.cer" #導入命令 keytool -import -alias "publicCert" -file "certfile.cer" -keystore "publicCerts.keystore" -storepass "public_password1234" 復制代碼
上述命令執行完成之后,會在當前路徑下生成三個文件,分別是:privateKeys.keystore、publicCerts.keystore、certfile.cer。 其中文件certfile.cer不再需要可以刪除,文件privateKeys.keystore用於當前的 ServerDemo 項目給客戶生成license文件,而文件publicCerts.keystore則隨應用代碼部署到客戶服務器,用戶解密license文件並校驗其許可信息 。
(3)為客戶生成license文件:
將 ServerDemo 項目部署到客戶服務器,通過以下接口獲取服務器的硬件信息(等license文件生成后需要刪除這個項目。當然也可以通過命令手動獲取客戶服務器的硬件信息,然后在開發者自己的電腦上生成license文件):
注:上圖使用的是 Firefox 的 RESTClient 插件
然后生成license文件:
請求時需要在Header中添加一個 Content-Type ,其值為: application/json;charset=UTF-8 。參數示例如下:
{
"subject": "license_demo",
"privateAlias": "privateKey",
"keyPass": "private_password1234",
"storePass": "public_password1234",
"licensePath": "C:/Users/zifangsky/Desktop/license_demo/license.lic",
"privateKeysStorePath": "C:/Users/zifangsky/Desktop/license_demo/privateKeys.keystore",
"issuedTime": "2018-07-10 00:00:01",
"expiryTime": "2019-12-31 23:59:59",
"consumerType": "User",
"consumerAmount": 1,
"description": "這是證書描述信息",
"licenseCheckModel": {
"ipAddress": ["192.168.245.1", "10.0.5.22"],
"macAddress": ["00-50-56-C0-00-01", "50-7B-9D-F9-18-41"],
"cpuSerial": "BFEBFBFF000406E3",
"mainBoardSerial": "L1HF65E00X9"
}
}
復制代碼
如果請求成功,那么最后會在 licensePath 參數設置的路徑生成一個 license.lic 的文件,這個文件就是給客戶部署代碼的服務器許可文件。
三 給客戶部署的應用中添加License校驗
(1)使用Spring Boot構建測試項目ServerDemo,用於模擬給客戶部署的應用:
注:這個完整的Demo項目可以參考: gitee.com/zifangsky/L…
(2)添加License校驗類需要的參數:
package cn.zifangsky.license;
/**
* License校驗類需要的參數
*
* @author zifangsky
* @date 2018/4/20
* @since 1.0.0
*/
public class LicenseVerifyParam {
/**
* 證書subject
*/
private String subject;
/**
* 公鑰別稱
*/
private String publicAlias;
/**
* 訪問公鑰庫的密碼
*/
private String storePass;
/**
* 證書生成路徑
*/
private String licensePath;
/**
* 密鑰庫存儲路徑
*/
private String publicKeysStorePath;
public LicenseVerifyParam() {
}
public LicenseVerifyParam(String subject, String publicAlias, String storePass, String licensePath, String publicKeysStorePath) {
this.subject = subject;
this.publicAlias = publicAlias;
this.storePass = storePass;
this.licensePath = licensePath;
this.publicKeysStorePath = publicKeysStorePath;
}
//省略setter和getter方法
@Override
public String toString() {
return "LicenseVerifyParam{" +
"subject='" + subject + ''' +
", publicAlias='" + publicAlias + ''' +
", storePass='" + storePass + ''' +
", licensePath='" + licensePath + ''' +
", publicKeysStorePath='" + publicKeysStorePath + ''' +
'}';
}
}
復制代碼
然后再添加License校驗類:
package cn.zifangsky.license;
import de.schlichtherle.license.*;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.io.File;
import java.text.DateFormat;
import java.text.MessageFormat;
import java.text.SimpleDateFormat;
import java.util.prefs.Preferences;
/**
* License校驗類
*
* @author zifangsky
* @date 2018/4/20
* @since 1.0.0
*/
public class LicenseVerify {
private static Logger logger = LogManager.getLogger(LicenseVerify.class);
/**
* 安裝License證書
* @author zifangsky
* @date 2018/4/20 16:26
* @since 1.0.0
*/
public synchronized LicenseContent install(LicenseVerifyParam param){
LicenseContent result = null;
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
//1. 安裝證書
try{
LicenseManager licenseManager = LicenseManagerHolder.getInstance(initLicenseParam(param));
licenseManager.uninstall();
result = licenseManager.install(new File(param.getLicensePath()));
logger.info(MessageFormat.format("證書安裝成功,證書有效期:{0} - {1}",format.format(result.getNotBefore()),format.format(result.getNotAfter())));
}catch (Exception e){
logger.error("證書安裝失敗!",e);
}
return result;
}
/**
* 校驗License證書
* @author zifangsky
* @date 2018/4/20 16:26
* @since 1.0.0
* @return boolean
*/
public boolean verify(){
LicenseManager licenseManager = LicenseManagerHolder.getInstance(null);
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
//2. 校驗證書
try {
LicenseContent licenseContent = licenseManager.verify();
// System.out.println(licenseContent.getSubject());
logger.info(MessageFormat.format("證書校驗通過,證書有效期:{0} - {1}",format.format(licenseContent.getNotBefore()),format.format(licenseContent.getNotAfter())));
return true;
}catch (Exception e){
logger.error("證書校驗失敗!",e);
return false;
}
}
/**
* 初始化證書生成參數
* @author zifangsky
* @date 2018/4/20 10:56
* @since 1.0.0
* @param param License校驗類需要的參數
* @return de.schlichtherle.license.LicenseParam
*/
private LicenseParam initLicenseParam(LicenseVerifyParam param){
Preferences preferences = Preferences.userNodeForPackage(LicenseVerify.class);
CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
KeyStoreParam publicStoreParam = new CustomKeyStoreParam(LicenseVerify.class
,param.getPublicKeysStorePath()
,param.getPublicAlias()
,param.getStorePass()
,null);
return new DefaultLicenseParam(param.getSubject()
,preferences
,publicStoreParam
,cipherParam);
}
}
復制代碼
(3)添加Listener,用於在項目啟動的時候安裝License證書:
package cn.zifangsky.license;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.stereotype.Component;
/**
* 在項目啟動時安裝證書
*
* @author zifangsky
* @date 2018/4/24
* @since 1.0.0
*/
@Component
public class LicenseCheckListener implements ApplicationListener {
private static Logger logger = LogManager.getLogger(LicenseCheckListener.class);
/**
* 證書subject
*/
@Value("${license.subject}")
private String subject;
/**
* 公鑰別稱
*/
@Value("${license.publicAlias}")
private String publicAlias;
/**
* 訪問公鑰庫的密碼
*/
@Value("${license.storePass}")
private String storePass;
/**
* 證書生成路徑
*/
@Value("${license.licensePath}")
private String licensePath;
/**
* 密鑰庫存儲路徑
*/
@Value("${license.publicKeysStorePath}")
private String publicKeysStorePath;
@Override
public void onApplicationEvent(ContextRefreshedEvent event) {
//root application context 沒有parent
ApplicationContext context = event.getApplicationContext().getParent();
if(context == null){
if(StringUtils.isNotBlank(licensePath)){
logger.info("++++++++ 開始安裝證書 ++++++++");
LicenseVerifyParam param = new LicenseVerifyParam();
param.setSubject(subject);
param.setPublicAlias(publicAlias);
param.setStorePass(storePass);
param.setLicensePath(licensePath);
param.setPublicKeysStorePath(publicKeysStorePath);
LicenseVerify licenseVerify = new LicenseVerify();
//安裝證書
licenseVerify.install(param);
logger.info("++++++++ 證書安裝結束 ++++++++");
}
}
}
}
復制代碼
注:上面代碼使用參數信息如下所示:
#License相關配置 license.subject=license_demo license.publicAlias=publicCert license.storePass=public_password1234 license.licensePath=C:/Users/zifangsky/Desktop/license_demo/license.lic license.publicKeysStorePath=C:/Users/zifangsky/Desktop/license_demo/publicCerts.keystore 復制代碼
(4)添加攔截器,用於在登錄的時候校驗License證書:
package cn.zifangsky.license;
import com.alibaba.fastjson.JSON;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;
/**
* LicenseCheckInterceptor
*
* @author zifangsky
* @date 2018/4/25
* @since 1.0.0
*/
public class LicenseCheckInterceptor extends HandlerInterceptorAdapter{
private static Logger logger = LogManager.getLogger(LicenseCheckInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
LicenseVerify licenseVerify = new LicenseVerify();
//校驗證書是否有效
boolean verifyResult = licenseVerify.verify();
if(verifyResult){
return true;
}else{
response.setCharacterEncoding("utf-8");
Map result = new HashMap(1);
result.put("result","您的證書無效,請核查服務器是否取得授權或重新申請證書!");
response.getWriter().write(JSON.toJSONString(result));
return false;
}
}
}
復制代碼
(5)添加登錄頁面並測試:
添加一個登錄頁面,可以在license校驗失敗的時候給出錯誤提示:
//回車登錄
function enterlogin(e) {
var key = window.event ? e.keyCode : e.which;
if (key === 13) {
userLogin();
}
}
//用戶密碼登錄
function userLogin() {
//獲取用戶名、密碼
var username = $("#username").val();
var password = $("#password").val();
if (username == null || username === "") {
$("#errMsg").text("請輸入登陸用戶名!");
$("#errMsg").attr("style", "display:block");
return;
}
if (password == null || password === "") {
$("#errMsg").text("請輸入登陸密碼!");
$("#errMsg").attr("style", "display:block");
return;
}
$.ajax({
url: "/check",
type: "POST",
dataType: "json",
async: false,
data: {
"username": username,
"password": password
},
success: function (data) {
if (data.code == "200") {
$("#errMsg").attr("style", "display:none");
window.location.href = '/userIndex';
} else if (data.result != null) {
$("#errMsg").text(data.result);
$("#errMsg").attr("style", "display:block");
} else {
$("#errMsg").text(data.msg);
$("#errMsg").attr("style", "display:block");
}
}
});
}
LOGIN
錯誤提示
復制代碼
i)啟動項目,可以發現之前生成的license證書可以正常使用:
這時訪問 http://127.0.0.1:7080/login ,可以正常登錄:
ii)重新生成license證書,並設置很短的有效期。
iii)重新啟動ClientDemo,並再次登錄,可以發現爆以下提示信息:
至此,關於使用 TrueLicense 生成和驗證License就結束了,文章中沒有說到的類可以自行參考示例源碼,謝謝閱讀。