Spring Boot項目中使用 TrueLicense 生成和驗證License（服務器許可）

一 簡介

License，即版權許可證，一般用於收費軟件給付費用戶提供的訪問許可證明。根據應用部署位置的不同，一般可以分為以下兩種情況討論：

• 應用部署在開發者自己的雲服務器上。這種情況下用戶通過賬號登錄的形式遠程訪問，因此只需要在賬號登錄的時候校驗目標賬號的有效期、訪問權限等信息即可。
• 應用部署在客戶的內網環境。因為這種情況開發者無法控制客戶的網絡環境，也不能保證應用所在服務器可以訪問外網，因此通常的做法是使用服務器許可文件，在應用啟動的時候加載證書，然后在登錄或者其他關鍵操作的地方校驗證書的有效性。

注：限於文章篇幅，這里只討論代碼層面的許可限制，暫不考慮逆向破解等問題。此外，在下面我只講解關鍵代碼實現，完整代碼可以參考：gitee.com/zifangsky/L…

二 使用 TrueLicense 生成License

（1）使用Spring Boot構建測試項目ServerDemo，用於為客戶生成License許可文件：

注：這個完整的Demo項目可以參考：gitee.com/zifangsky/L…

i）在pom.xml中添加關鍵依賴：

<dependency> <groupId>de.schlichtherle.truelicense</groupId> <artifactId>truelicense-core</artifactId> <version>1.33</version> <scope>provided</scope> </dependency> 復制代碼

ii）校驗自定義的License參數：

TrueLicense的 de.schlichtherle.license.LicenseManager 類自帶的verify方法只校驗了我們后面頒發的許可文件的生效和過期時間，然而在實際項目中我們可能需要額外校驗應用部署的服務器的IP地址、MAC地址、CPU序列號、主板序列號等信息，因此我們需要復寫框架的部分方法以實現校驗自定義參數的目的。

首先需要添加一個自定義的可被允許的服務器硬件信息的實體類（如果校驗其他參數，可自行補充）：

package cn.zifangsky.license; import java.io.Serializable; import java.util.List; /** * 自定義需要校驗的License參數 * * @author zifangsky * @date 2018/4/23 * @since 1.0.0 */ public class LicenseCheckModel implements Serializable{ private static final long serialVersionUID = 8600137500316662317L; /** * 可被允許的IP地址 */ private List<String> ipAddress; /** * 可被允許的MAC地址 */ private List<String> macAddress; /** * 可被允許的CPU序列號 */ private String cpuSerial; /** * 可被允許的主板序列號 */ private String mainBoardSerial; //省略setter和getter方法 @Override public String toString() { return "LicenseCheckModel{" + "ipAddress=" + ipAddress + ", macAddress=" + macAddress + ", cpuSerial='" + cpuSerial + '\'' + ", mainBoardSerial='" + mainBoardSerial + '\'' + '}'; } } 復制代碼

其次，添加一個License生成類需要的參數：

package cn.zifangsky.license; import com.fasterxml.jackson.annotation.JsonFormat; import java.io.Serializable; import java.util.Date; /** * License生成類需要的參數 * * @author zifangsky * @date 2018/4/19 * @since 1.0.0 */ public class LicenseCreatorParam implements Serializable { private static final long serialVersionUID = -7793154252684580872L; /** * 證書subject */ private String subject; /** * 密鑰別稱 */ private String privateAlias; /** * 密鑰密碼（需要妥善保管，不能讓使用者知道） */ private String keyPass; /** * 訪問秘鑰庫的密碼 */ private String storePass; /** * 證書生成路徑 */ private String licensePath; /** * 密鑰庫存儲路徑 */ private String privateKeysStorePath; /** * 證書生效時間 */ @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8") private Date issuedTime = new Date(); /** * 證書失效時間 */ @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8") private Date expiryTime; /** * 用戶類型 */ private String consumerType = "user"; /** * 用戶數量 */ private Integer consumerAmount = 1; /** * 描述信息 */ private String description = ""; /** * 額外的服務器硬件校驗信息 */ private LicenseCheckModel licenseCheckModel; //省略setter和getter方法 @Override public String toString() { return "LicenseCreatorParam{" + "subject='" + subject + '\'' + ", privateAlias='" + privateAlias + '\'' + ", keyPass='" + keyPass + '\'' + ", storePass='" + storePass + '\'' + ", licensePath='" + licensePath + '\'' + ", privateKeysStorePath='" + privateKeysStorePath + '\'' + ", issuedTime=" + issuedTime + ", expiryTime=" + expiryTime + ", consumerType='" + consumerType + '\'' + ", consumerAmount=" + consumerAmount + ", description='" + description + '\'' + ", licenseCheckModel=" + licenseCheckModel + '}'; } } 復制代碼

添加抽象類AbstractServerInfos，用戶獲取服務器的硬件信息：

package cn.zifangsky.license; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import java.net.InetAddress; import java.net.NetworkInterface; import java.net.SocketException; import java.util.ArrayList; import java.util.Enumeration; import java.util.List; /** * 用於獲取客戶服務器的基本信息，如：IP、Mac地址、CPU序列號、主板序列號等 * * @author zifangsky * @date 2018/4/23 * @since 1.0.0 */ public abstract class AbstractServerInfos { private static Logger logger = LogManager.getLogger(AbstractServerInfos.class); /** * 組裝需要額外校驗的License參數 * @author zifangsky * @date 2018/4/23 14:23 * @since 1.0.0 * @return demo.LicenseCheckModel */ public LicenseCheckModel getServerInfos(){ LicenseCheckModel result = new LicenseCheckModel(); try { result.setIpAddress(this.getIpAddress()); result.setMacAddress(this.getMacAddress()); result.setCpuSerial(this.getCPUSerial()); result.setMainBoardSerial(this.getMainBoardSerial()); }catch (Exception e){ logger.error("獲取服務器硬件信息失敗",e); } return result; } /** * 獲取IP地址 * @author zifangsky * @date 2018/4/23 11:32 * @since 1.0.0 * @return java.util.List<java.lang.String> */ protected abstract List<String> getIpAddress() throws Exception; /** * 獲取Mac地址 * @author zifangsky * @date 2018/4/23 11:32 * @since 1.0.0 * @return java.util.List<java.lang.String> */ protected abstract List<String> getMacAddress() throws Exception; /** * 獲取CPU序列號 * @author zifangsky * @date 2018/4/23 11:35 * @since 1.0.0 * @return java.lang.String */ protected abstract String getCPUSerial() throws Exception; /** * 獲取主板序列號 * @author zifangsky * @date 2018/4/23 11:35 * @since 1.0.0 * @return java.lang.String */ protected abstract String getMainBoardSerial() throws Exception; /** * 獲取當前服務器所有符合條件的InetAddress * @author zifangsky * @date 2018/4/23 17:38 * @since 1.0.0 * @return java.util.List<java.net.InetAddress> */ protected List<InetAddress> getLocalAllInetAddress() throws Exception { List<InetAddress> result = new ArrayList<>(4); // 遍歷所有的網絡接口 for (Enumeration networkInterfaces = NetworkInterface.getNetworkInterfaces(); networkInterfaces.hasMoreElements(); ) { NetworkInterface iface = (NetworkInterface) networkInterfaces.nextElement(); // 在所有的接口下再遍歷IP for (Enumeration inetAddresses = iface.getInetAddresses(); inetAddresses.hasMoreElements(); ) { InetAddress inetAddr = (InetAddress) inetAddresses.nextElement(); //排除LoopbackAddress、SiteLocalAddress、LinkLocalAddress、MulticastAddress類型的IP地址 if(!inetAddr.isLoopbackAddress() /*&& !inetAddr.isSiteLocalAddress()*/ && !inetAddr.isLinkLocalAddress() && !inetAddr.isMulticastAddress()){ result.add(inetAddr); } } } return result; } /** * 獲取某個網絡接口的Mac地址 * @author zifangsky * @date 2018/4/23 18:08 * @since 1.0.0 * @param * @return void */ protected String getMacByInetAddress(InetAddress inetAddr){ try { byte[] mac = NetworkInterface.getByInetAddress(inetAddr).getHardwareAddress(); StringBuffer stringBuffer = new StringBuffer(); for(int i=0;i<mac.length;i++){ if(i != 0) { stringBuffer.append("-"); } //將十六進制byte轉化為字符串 String temp = Integer.toHexString(mac[i] & 0xff); if(temp.length() == 1){ stringBuffer.append("0" + temp); }else{ stringBuffer.append(temp); } } return stringBuffer.toString().toUpperCase(); } catch (SocketException e) { e.printStackTrace(); } return null; } } 復制代碼

獲取客戶Linux服務器的基本信息：

package cn.zifangsky.license; import org.apache.commons.lang3.StringUtils; import java.io.BufferedReader; import java.io.InputStreamReader; import java.net.InetAddress; import java.util.List; import java.util.stream.Collectors; /** * 用於獲取客戶Linux服務器的基本信息 * * @author zifangsky * @date 2018/4/23 * @since 1.0.0 */ public class LinuxServerInfos extends AbstractServerInfos { @Override protected List<String> getIpAddress() throws Exception { List<String> result = null; //獲取所有網絡接口 List<InetAddress> inetAddresses = getLocalAllInetAddress(); if(inetAddresses != null && inetAddresses.size() > 0){ result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList()); } return result; } @Override protected List<String> getMacAddress() throws Exception { List<String> result = null; //1. 獲取所有網絡接口 List<InetAddress> inetAddresses = getLocalAllInetAddress(); if(inetAddresses != null && inetAddresses.size() > 0){ //2. 獲取所有網絡接口的Mac地址 result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList()); } return result; } @Override protected String getCPUSerial() throws Exception { //序列號 String serialNumber = ""; //使用dmidecode命令獲取CPU序列號 String[] shell = {"/bin/bash","-c","dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"}; Process process = Runtime.getRuntime().exec(shell); process.getOutputStream().close(); BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream())); String line = reader.readLine().trim(); if(StringUtils.isNotBlank(line)){ serialNumber = line; } reader.close(); return serialNumber; } @Override protected String getMainBoardSerial() throws Exception { //序列號 String serialNumber = ""; //使用dmidecode命令獲取主板序列號 String[] shell = {"/bin/bash","-c","dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"}; Process process = Runtime.getRuntime().exec(shell); process.getOutputStream().close(); BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream())); String line = reader.readLine().trim(); if(StringUtils.isNotBlank(line)){ serialNumber = line; } reader.close(); return serialNumber; } } 復制代碼

獲取客戶Windows服務器的基本信息：

package cn.zifangsky.license; import java.net.InetAddress; import java.util.List; import java.util.Scanner; import java.util.stream.Collectors; /** * 用於獲取客戶Windows服務器的基本信息 * * @author zifangsky * @date 2018/4/23 * @since 1.0.0 */ public class WindowsServerInfos extends AbstractServerInfos { @Override protected List<String> getIpAddress() throws Exception { List<String> result = null; //獲取所有網絡接口 List<InetAddress> inetAddresses = getLocalAllInetAddress(); if(inetAddresses != null && inetAddresses.size() > 0){ result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList()); } return result; } @Override protected List<String> getMacAddress() throws Exception { List<String> result = null; //1. 獲取所有網絡接口 List<InetAddress> inetAddresses = getLocalAllInetAddress(); if(inetAddresses != null && inetAddresses.size() > 0){ //2. 獲取所有網絡接口的Mac地址 result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList()); } return result; } @Override protected String getCPUSerial() throws Exception { //序列號 String serialNumber = ""; //使用WMIC獲取CPU序列號 Process process = Runtime.getRuntime().exec("wmic cpu get processorid"); process.getOutputStream().close(); Scanner scanner = new Scanner(process.getInputStream()); if(scanner.hasNext()){ scanner.next(); } if(scanner.hasNext()){ serialNumber = scanner.next().trim(); } scanner.close(); return serialNumber; } @Override protected String getMainBoardSerial() throws Exception { //序列號 String serialNumber = ""; //使用WMIC獲取主板序列號 Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber"); process.getOutputStream().close(); Scanner scanner = new Scanner(process.getInputStream()); if(scanner.hasNext()){ scanner.next(); } if(scanner.hasNext()){ serialNumber = scanner.next().trim(); } scanner.close(); return serialNumber; } } 復制代碼

注：這里使用了模板方法模式，將不變部分的算法封裝到抽象類，而基本方法的具體實現則由子類來實現。更多內容可以參考我之前寫的文檔：模板方法模式

自定義LicenseManager，用於增加額外的服務器硬件信息校驗：

package cn.zifangsky.license; import de.schlichtherle.license.LicenseContent; import de.schlichtherle.license.LicenseContentException; import de.schlichtherle.license.LicenseManager; import de.schlichtherle.license.LicenseNotary; import de.schlichtherle.license.LicenseParam; import de.schlichtherle.license.NoLicenseInstalledException; import de.schlichtherle.xml.GenericCertificate; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import java.beans.XMLDecoder; import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; import java.io.UnsupportedEncodingException; import java.util.Date; import java.util.List; /** * 自定義LicenseManager，用於增加額外的服務器硬件信息校驗 * * @author zifangsky * @date 2018/4/23 * @since 1.0.0 */ public class CustomLicenseManager extends LicenseManager{ private static Logger logger = LogManager.getLogger(CustomLicenseManager.class); //XML編碼 private static final String XML_CHARSET = "UTF-8"; //默認BUFSIZE private static final int DEFAULT_BUFSIZE = 8 * 1024; public CustomLicenseManager() { } public CustomLicenseManager(LicenseParam param) { super(param); } /** * 復寫create方法 * @author zifangsky * @date 2018/4/23 10:36 * @since 1.0.0 * @param * @return byte[] */ @Override protected synchronized byte[] create( LicenseContent content, LicenseNotary notary) throws Exception { initialize(content); this.validateCreate(content); final GenericCertificate certificate = notary.sign(content); return getPrivacyGuard().cert2key(certificate); } /** * 復寫install方法，其中validate方法調用本類中的validate方法，校驗IP地址、Mac地址等其他信息 * @author zifangsky * @date 2018/4/23 10:40 * @since 1.0.0 * @param * @return de.schlichtherle.license.LicenseContent */ @Override protected synchronized LicenseContent install( final byte[] key, final LicenseNotary notary) throws Exception { final GenericCertificate certificate = getPrivacyGuard().key2cert(key); notary.verify(certificate); final LicenseContent content = (LicenseContent)this.load(certificate.getEncoded()); this.validate(content); setLicenseKey(key); setCertificate(certificate); return content; } /** * 復寫verify方法，調用本類中的validate方法，校驗IP地址、Mac地址等其他信息 * @author zifangsky * @date 2018/4/23 10:40 * @since 1.0.0 * @param * @return de.schlichtherle.license.LicenseContent */ @Override protected synchronized LicenseContent verify(final LicenseNotary notary) throws Exception { GenericCertificate certificate = getCertificate(); // Load license key from preferences, final byte[] key = getLicenseKey(); if (null == key){ throw new NoLicenseInstalledException(getLicenseParam().getSubject()); } certificate = getPrivacyGuard().key2cert(key); notary.verify(certificate); final LicenseContent content = (LicenseContent)this.load(certificate.getEncoded()); this.validate(content); setCertificate(certificate); return content; } /** * 校驗生成證書的參數信息 * @author zifangsky * @date 2018/5/2 15:43 * @since 1.0.0 * @param content 證書正文 */ protected synchronized void validateCreate(final LicenseContent content) throws LicenseContentException { final LicenseParam param = getLicenseParam(); final Date now = new Date(); final Date notBefore = content.getNotBefore(); final Date notAfter = content.getNotAfter(); if (null != notAfter && now.after(notAfter)){ throw new LicenseContentException("證書失效時間不能早於當前時間"); } if (null != notBefore && null != notAfter && notAfter.before(notBefore)){ throw new LicenseContentException("證書生效時間不能晚於證書失效時間"); } final String consumerType = content.getConsumerType(); if (null == consumerType){ throw new LicenseContentException("用戶類型不能為空"); } } /** * 復寫validate方法，增加IP地址、Mac地址等其他信息校驗 * @author zifangsky * @date 2018/4/23 10:40 * @since 1.0.0 * @param content LicenseContent */ @Override protected synchronized void validate(final LicenseContent content) throws LicenseContentException { //1. 首先調用父類的validate方法 super.validate(content); //2. 然后校驗自定義的License參數 //License中可被允許的參數信息 LicenseCheckModel expectedCheckModel = (LicenseCheckModel) content.getExtra(); //當前服務器真實的參數信息 LicenseCheckModel serverCheckModel = getServerInfos(); if(expectedCheckModel != null && serverCheckModel != null){ //校驗IP地址 if(!checkIpAddress(expectedCheckModel.getIpAddress(),serverCheckModel.getIpAddress())){ throw new LicenseContentException("當前服務器的IP沒在授權范圍內"); } //校驗Mac地址 if(!checkIpAddress(expectedCheckModel.getMacAddress(),serverCheckModel.getMacAddress())){ throw new LicenseContentException("當前服務器的Mac地址沒在授權范圍內"); } //校驗主板序列號 if(!checkSerial(expectedCheckModel.getMainBoardSerial(),serverCheckModel.getMainBoardSerial())){ throw new LicenseContentException("當前服務器的主板序列號沒在授權范圍內"); } //校驗CPU序列號 if(!checkSerial(expectedCheckModel.getCpuSerial(),serverCheckModel.getCpuSerial())){ throw new LicenseContentException("當前服務器的CPU序列號沒在授權范圍內"); } }else{ throw new LicenseContentException("不能獲取服務器硬件信息"); } } /** * 重寫XMLDecoder解析XML * @author zifangsky * @date 2018/4/25 14:02 * @since 1.0.0 * @param encoded XML類型字符串 * @return java.lang.Object */ private Object load(String encoded){ BufferedInputStream inputStream = null; XMLDecoder decoder = null; try { inputStream = new BufferedInputStream(new ByteArrayInputStream(encoded.getBytes(XML_CHARSET))); decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE),null,null); return decoder.readObject(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } finally { try { if(decoder != null){ decoder.close(); } if(inputStream != null){ inputStream.close(); } } catch (Exception e) { logger.error("XMLDecoder解析XML失敗",e); } } return null; } /** * 獲取當前服務器需要額外校驗的License參數 * @author zifangsky * @date 2018/4/23 14:33 * @since 1.0.0 * @return demo.LicenseCheckModel */ private LicenseCheckModel getServerInfos(){ //操作系統類型 String osName = System.getProperty("os.name").toLowerCase(); AbstractServerInfos abstractServerInfos = null; //根據不同操作系統類型選擇不同的數據獲取方法 if (osName.startsWith("windows")) { abstractServerInfos = new WindowsServerInfos(); } else if (osName.startsWith("linux")) { abstractServerInfos = new LinuxServerInfos(); }else{//其他服務器類型 abstractServerInfos = new LinuxServerInfos(); } return abstractServerInfos.getServerInfos(); } /** * 校驗當前服務器的IP/Mac地址是否在可被允許的IP范圍內<br/> * 如果存在IP在可被允許的IP/Mac地址范圍內，則返回true * @author zifangsky * @date 2018/4/24 11:44 * @since 1.0.0 * @return boolean */ private boolean checkIpAddress(List<String> expectedList,List<String> serverList){ if(expectedList != null && expectedList.size() > 0){ if(serverList != null && serverList.size() > 0){ for(String expected : expectedList){ if(serverList.contains(expected.trim())){ return true; } } } return false; }else { return true; } } /** * 校驗當前服務器硬件（主板、CPU等）序列號是否在可允許范圍內 * @author zifangsky * @date 2018/4/24 14:38 * @since 1.0.0 * @return boolean */ private boolean checkSerial(String expectedSerial,String serverSerial){ if(StringUtils.isNotBlank(expectedSerial)){ if(StringUtils.isNotBlank(serverSerial)){ if(expectedSerial.equals(serverSerial)){ return true; } } return false; }else{ return true; } } } 復制代碼

最后是License生成類，用於生成License證書：

package cn.zifangsky.license; import de.schlichtherle.license.CipherParam; import de.schlichtherle.license.DefaultCipherParam; import de.schlichtherle.license.DefaultLicenseParam; import de.schlichtherle.license.KeyStoreParam; import de.schlichtherle.license.LicenseContent; import de.schlichtherle.license.LicenseManager; import de.schlichtherle.license.LicenseParam; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import javax.security.auth.x500.X500Principal; import java.io.File; import java.text.MessageFormat; import java.util.prefs.Preferences; /** * License生成類 * * @author zifangsky * @date 2018/4/19 * @since 1.0.0 */ public class LicenseCreator { private static Logger logger = LogManager.getLogger(LicenseCreator.class); private final static X500Principal DEFAULT_HOLDER_AND_ISSUER = new X500Principal("CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN"); private LicenseCreatorParam param; public LicenseCreator(LicenseCreatorParam param) { this.param = param; } /** * 生成License證書 * @author zifangsky * @date 2018/4/20 10:58 * @since 1.0.0 * @return boolean */ public boolean generateLicense(){ try { LicenseManager licenseManager = new CustomLicenseManager(initLicenseParam()); LicenseContent licenseContent = initLicenseContent(); licenseManager.store(licenseContent,new File(param.getLicensePath())); return true; }catch (Exception e){ logger.error(MessageFormat.format("證書生成失敗：{0}",param),e); return false; } } /** * 初始化證書生成參數 * @author zifangsky * @date 2018/4/20 10:56 * @since 1.0.0 * @return de.schlichtherle.license.LicenseParam */ private LicenseParam initLicenseParam(){ Preferences preferences = Preferences.userNodeForPackage(LicenseCreator.class); //設置對證書內容加密的秘鑰 CipherParam cipherParam = new DefaultCipherParam(param.getStorePass()); KeyStoreParam privateStoreParam = new CustomKeyStoreParam(LicenseCreator.class ,param.getPrivateKeysStorePath() ,param.getPrivateAlias() ,param.getStorePass() ,param.getKeyPass()); LicenseParam licenseParam = new DefaultLicenseParam(param.getSubject() ,preferences ,privateStoreParam ,cipherParam); return licenseParam; } /** * 設置證書生成正文信息 * @author zifangsky * @date 2018/4/20 10:57 * @since 1.0.0 * @return de.schlichtherle.license.LicenseContent */ private LicenseContent initLicenseContent(){ LicenseContent licenseContent = new LicenseContent(); licenseContent.setHolder(DEFAULT_HOLDER_AND_ISSUER); licenseContent.setIssuer(DEFAULT_HOLDER_AND_ISSUER); licenseContent.setSubject(param.getSubject()); licenseContent.setIssued(param.getIssuedTime()); licenseContent.setNotBefore(param.getIssuedTime()); licenseContent.setNotAfter(param.getExpiryTime()); licenseContent.setConsumerType(param.getConsumerType()); licenseContent.setConsumerAmount(param.getConsumerAmount()); licenseContent.setInfo(param.getDescription()); //擴展校驗服務器硬件信息 licenseContent.setExtra(param.getLicenseCheckModel()); return licenseContent; } } 復制代碼

iii）添加一個生成證書的Controller：

這個Controller對外提供了兩個RESTful接口，分別是「獲取服務器硬件信息」和「生成證書」，示例代碼如下：

package cn.zifangsky.controller; import cn.zifangsky.license.AbstractServerInfos; import cn.zifangsky.license.LicenseCheckModel; import cn.zifangsky.license.LicenseCreator; import cn.zifangsky.license.LicenseCreatorParam; import cn.zifangsky.license.LinuxServerInfos; import cn.zifangsky.license.WindowsServerInfos; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import java.util.HashMap; import java.util.Map; /** * * 用於生成證書文件，不能放在給客戶部署的代碼里 * @author zifangsky * @date 2018/4/26 * @since 1.0.0 */ @RestController @RequestMapping("/license") public class LicenseCreatorController { /** * 證書生成路徑 */ @Value("${license.licensePath}") private String licensePath; /** * 獲取服務器硬件信息 * @author zifangsky * @date 2018/4/26 13:13 * @since 1.0.0 * @param osName 操作系統類型，如果為空則自動判斷 * @return com.ccx.models.license.LicenseCheckModel */ @RequestMapping(value = "/getServerInfos",produces = {MediaType.APPLICATION_JSON_UTF8_VALUE}) public LicenseCheckModel getServerInfos(@RequestParam(value = "osName",required = false) String osName) { //操作系統類型 if(StringUtils.isBlank(osName)){ osName = System.getProperty("os.name"); } osName = osName.toLowerCase(); AbstractServerInfos abstractServerInfos = null; //根據不同操作系統類型選擇不同的數據獲取方法 if (osName.startsWith("windows")) { abstractServerInfos = new WindowsServerInfos(); } else if (osName.startsWith("linux")) { abstractServerInfos = new LinuxServerInfos(); }else{//其他服務器類型 abstractServerInfos = new LinuxServerInfos(); } return abstractServerInfos.getServerInfos(); } /** * 生成證書 * @author zifangsky * @date 2018/4/26 13:13 * @since 1.0.0 * @param param 生成證書需要的參數，如：{"subject":"ccx-models","privateAlias":"privateKey","keyPass":"5T7Zz5Y0dJFcqTxvzkH5LDGJJSGMzQ","storePass":"3538cef8e7","licensePath":"C:/Users/zifangsky/Desktop/license.lic","privateKeysStorePath":"C:/Users/zifangsky/Desktop/privateKeys.keystore","issuedTime":"2018-04-26 14:48:12","expiryTime":"2018-12-31 00:00:00","consumerType":"User","consumerAmount":1,"description":"這是證書描述信息","licenseCheckModel":{"ipAddress":["192.168.245.1","10.0.5.22"],"macAddress":["00-50-56-C0-00-01","50-7B-9D-F9-18-41"],"cpuSerial":"BFEBFBFF000406E3","mainBoardSerial":"L1HF65E00X9"}} * @return java.util.Map<java.lang.String,java.lang.Object> */ @RequestMapping(value = "/generateLicense",produces = {MediaType.APPLICATION_JSON_UTF8_VALUE}) public Map<String,Object> generateLicense(@RequestBody(required = true) LicenseCreatorParam param) { Map<String,Object> resultMap = new HashMap<>(2); if(StringUtils.isBlank(param.getLicensePath())){ param.setLicensePath(licensePath); } LicenseCreator licenseCreator = new LicenseCreator(param); boolean result = licenseCreator.generateLicense(); if(result){ resultMap.put("result","ok"); resultMap.put("msg",param); }else{ resultMap.put("result","error"); resultMap.put("msg","證書文件生成失敗！"); } return resultMap; } } 復制代碼

（2）使用JDK自帶的 keytool 工具生成公私鑰證書庫：

假如我們設置公鑰庫密碼為：public_password1234，私鑰庫密碼為：private_password1234，則生成命令如下：

#生成命令 keytool -genkeypair -keysize 1024 -validity 3650 -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_password1234" -keypass "private_password1234" -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN" #導出命令 keytool -exportcert -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_password1234" -file "certfile.cer" #導入命令 keytool -import -alias "publicCert" -file "certfile.cer" -keystore "publicCerts.keystore" -storepass "public_password1234" 復制代碼

上述命令執行完成之后，會在當前路徑下生成三個文件，分別是：privateKeys.keystore、publicCerts.keystore、certfile.cer。其中文件certfile.cer不再需要可以刪除，文件privateKeys.keystore用於當前的 ServerDemo 項目給客戶生成license文件，而文件publicCerts.keystore則隨應用代碼部署到客戶服務器，用戶解密license文件並校驗其許可信息。

（3）為客戶生成license文件：

將 ServerDemo 項目部署到客戶服務器，通過以下接口獲取服務器的硬件信息（等license文件生成后需要刪除這個項目。當然也可以通過命令手動獲取客戶服務器的硬件信息，然后在開發者自己的電腦上生成license文件）：

 

 

注：上圖使用的是Firefox的RESTClient插件

然后生成license文件：

 

 

請求時需要在Header中添加一個Content-Type，其值為：application/json;charset=UTF-8。參數示例如下：

{
	"subject": "license_demo", "privateAlias": "privateKey", "keyPass": "private_password1234", "storePass": "public_password1234", "licensePath": "C:/Users/zifangsky/Desktop/license_demo/license.lic", "privateKeysStorePath": "C:/Users/zifangsky/Desktop/license_demo/privateKeys.keystore", "issuedTime": "2018-07-10 00:00:01", "expiryTime": "2019-12-31 23:59:59", "consumerType": "User", "consumerAmount": 1, "description": "這是證書描述信息", "licenseCheckModel": { "ipAddress": ["192.168.245.1", "10.0.5.22"], "macAddress": ["00-50-56-C0-00-01", "50-7B-9D-F9-18-41"], "cpuSerial": "BFEBFBFF000406E3", "mainBoardSerial": "L1HF65E00X9" } } 復制代碼

如果請求成功，那么最后會在 licensePath 參數設置的路徑生成一個license.lic的文件，這個文件就是給客戶部署代碼的服務器許可文件。

三 給客戶部署的應用中添加License校驗

（1）使用Spring Boot構建測試項目ServerDemo，用於模擬給客戶部署的應用：

注：這個完整的Demo項目可以參考：gitee.com/zifangsky/L…

（2）添加License校驗類需要的參數：

package cn.zifangsky.license; /** * License校驗類需要的參數 * * @author zifangsky * @date 2018/4/20 * @since 1.0.0 */ public class LicenseVerifyParam { /** * 證書subject */ private String subject; /** * 公鑰別稱 */ private String publicAlias; /** * 訪問公鑰庫的密碼 */ private String storePass; /** * 證書生成路徑 */ private String licensePath; /** * 密鑰庫存儲路徑 */ private String publicKeysStorePath; public LicenseVerifyParam() { } public LicenseVerifyParam(String subject, String publicAlias, String storePass, String licensePath, String publicKeysStorePath) { this.subject = subject; this.publicAlias = publicAlias; this.storePass = storePass; this.licensePath = licensePath; this.publicKeysStorePath = publicKeysStorePath; } //省略setter和getter方法 @Override public String toString() { return "LicenseVerifyParam{" + "subject='" + subject + '\'' + ", publicAlias='" + publicAlias + '\'' + ", storePass='" + storePass + '\'' + ", licensePath='" + licensePath + '\'' + ", publicKeysStorePath='" + publicKeysStorePath + '\'' + '}'; } } 復制代碼

然后再添加License校驗類：

package cn.zifangsky.license; import de.schlichtherle.license.*; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import java.io.File; import java.text.DateFormat; import java.text.MessageFormat; import java.text.SimpleDateFormat; import java.util.prefs.Preferences; /** * License校驗類 * * @author zifangsky * @date 2018/4/20 * @since 1.0.0 */ public class LicenseVerify { private static Logger logger = LogManager.getLogger(LicenseVerify.class); /** * 安裝License證書 * @author zifangsky * @date 2018/4/20 16:26 * @since 1.0.0 */ public synchronized LicenseContent install(LicenseVerifyParam param){ LicenseContent result = null; DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); //1. 安裝證書 try{ LicenseManager licenseManager = LicenseManagerHolder.getInstance(initLicenseParam(param)); licenseManager.uninstall(); result = licenseManager.install(new File(param.getLicensePath())); logger.info(MessageFormat.format("證書安裝成功，證書有效期：{0} - {1}",format.format(result.getNotBefore()),format.format(result.getNotAfter()))); }catch (Exception e){ logger.error("證書安裝失敗！",e); } return result; } /** * 校驗License證書 * @author zifangsky * @date 2018/4/20 16:26 * @since 1.0.0 * @return boolean */ public boolean verify(){ LicenseManager licenseManager = LicenseManagerHolder.getInstance(null); DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); //2. 校驗證書 try { LicenseContent licenseContent = licenseManager.verify(); // System.out.println(licenseContent.getSubject()); logger.info(MessageFormat.format("證書校驗通過，證書有效期：{0} - {1}",format.format(licenseContent.getNotBefore()),format.format(licenseContent.getNotAfter()))); return true; }catch (Exception e){ logger.error("證書校驗失敗！",e); return false; } } /** * 初始化證書生成參數 * @author zifangsky * @date 2018/4/20 10:56 * @since 1.0.0 * @param param License校驗類需要的參數 * @return de.schlichtherle.license.LicenseParam */ private LicenseParam initLicenseParam(LicenseVerifyParam param){ Preferences preferences = Preferences.userNodeForPackage(LicenseVerify.class); CipherParam cipherParam = new DefaultCipherParam(param.getStorePass()); KeyStoreParam publicStoreParam = new CustomKeyStoreParam(LicenseVerify.class ,param.getPublicKeysStorePath() ,param.getPublicAlias() ,param.getStorePass() ,null); return new DefaultLicenseParam(param.getSubject() ,preferences ,publicStoreParam ,cipherParam); } } 復制代碼

（3）添加Listener，用於在項目啟動的時候安裝License證書：

package cn.zifangsky.license; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationListener; import org.springframework.context.event.ContextRefreshedEvent; import org.springframework.stereotype.Component; /** * 在項目啟動時安裝證書 * * @author zifangsky * @date 2018/4/24 * @since 1.0.0 */ @Component public class LicenseCheckListener implements ApplicationListener<ContextRefreshedEvent> { private static Logger logger = LogManager.getLogger(LicenseCheckListener.class); /** * 證書subject */ @Value("${license.subject}") private String subject; /** * 公鑰別稱 */ @Value("${license.publicAlias}") private String publicAlias; /** * 訪問公鑰庫的密碼 */ @Value("${license.storePass}") private String storePass; /** * 證書生成路徑 */ @Value("${license.licensePath}") private String licensePath; /** * 密鑰庫存儲路徑 */ @Value("${license.publicKeysStorePath}") private String publicKeysStorePath; @Override public void onApplicationEvent(ContextRefreshedEvent event) { //root application context 沒有parent ApplicationContext context = event.getApplicationContext().getParent(); if(context == null){ if(StringUtils.isNotBlank(licensePath)){ logger.info("++++++++ 開始安裝證書 ++++++++"); LicenseVerifyParam param = new LicenseVerifyParam(); param.setSubject(subject); param.setPublicAlias(publicAlias); param.setStorePass(storePass); param.setLicensePath(licensePath); param.setPublicKeysStorePath(publicKeysStorePath); LicenseVerify licenseVerify = new LicenseVerify(); //安裝證書 licenseVerify.install(param); logger.info("++++++++ 證書安裝結束 ++++++++"); } } } } 復制代碼

注：上面代碼使用參數信息如下所示：

#License相關配置 license.subject=license_demo license.publicAlias=publicCert license.storePass=public_password1234 license.licensePath=C:/Users/zifangsky/Desktop/license_demo/license.lic license.publicKeysStorePath=C:/Users/zifangsky/Desktop/license_demo/publicCerts.keystore 復制代碼

（4）添加攔截器，用於在登錄的時候校驗License證書：

package cn.zifangsky.license; import com.alibaba.fastjson.JSON; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.HashMap; import java.util.Map; /** * LicenseCheckInterceptor * * @author zifangsky * @date 2018/4/25 * @since 1.0.0 */ public class LicenseCheckInterceptor extends HandlerInterceptorAdapter{ private static Logger logger = LogManager.getLogger(LicenseCheckInterceptor.class); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { LicenseVerify licenseVerify = new LicenseVerify(); //校驗證書是否有效 boolean verifyResult = licenseVerify.verify(); if(verifyResult){ return true; }else{ response.setCharacterEncoding("utf-8"); Map<String,String> result = new HashMap<>(1); result.put("result","您的證書無效，請核查服務器是否取得授權或重新申請證書！"); response.getWriter().write(JSON.toJSONString(result)); return false; } } } 復制代碼

（5）添加登錄頁面並測試：

添加一個登錄頁面，可以在license校驗失敗的時候給出錯誤提示：

<html xmlns:th="http://www.thymeleaf.org">
<head>
    <meta content="text/html;charset=UTF-8"/>
    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
    <meta name="viewport" content="width=device-width, initial-scale=1"/>
    <title>登錄頁面</title>
    <script src="https://cdn.bootcss.com/jquery/2.2.4/jquery.min.js"></script>
    <link href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
    <link href="https://cdn.bootcss.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet">
    <script src="https://cdn.bootcss.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
    <link rel="stylesheet" th:href="@{/css/style.css}"/>

    <script>
        //回車登錄
        function enterlogin(e) {
            var key = window.event ? e.keyCode : e.which;
            if (key === 13) {
                userLogin();
            }
        }

        //用戶密碼登錄
        function userLogin() {
            //獲取用戶名、密碼
            var username = $("#username").val();
            var password = $("#password").val();

            if (username == null || username === "") {
                $("#errMsg").text("請輸入登陸用戶名！");
                $("#errMsg").attr("style", "display:block");
                return;
            }
            if (password == null || password === "") {
                $("#errMsg").text("請輸入登陸密碼！");
                $("#errMsg").attr("style", "display:block");
                return;
            }

            $.ajax({
                url: "/check",
                type: "POST",
                dataType: "json",
                async: false,
                data: {
                    "username": username,
                    "password": password
                },
                success: function (data) {
                    if (data.code == "200") {
                        $("#errMsg").attr("style", "display:none");
                        window.location.href = '/userIndex';
                    } else if (data.result != null) {
                        $("#errMsg").text(data.result);
                        $("#errMsg").attr("style", "display:block");
                    } else {
                        $("#errMsg").text(data.msg);
                        $("#errMsg").attr("style", "display:block");
                    }
                }
            });
        }
    </script>
</head>
<body onkeydown="enterlogin(event);">
<div class="container">
    <div class="form row">
        <div class="form-horizontal col-md-offset-3" id="login_form">
            <h3 class="form-title">LOGIN</h3>
            <div class="col-md-9">
                <div class="form-group">
                    <i class="fa fa-user fa-lg"></i>
                    <input class="form-control required" type="text" placeholder="Username" id="username"
                           name="username" autofocus="autofocus" maxlength="20"/>
                </div>
                <div class="form-group">
                    <i class="fa fa-lock fa-lg"></i>
                    <input class="form-control required" type="password" placeholder="Password" id="password"
                           name="password" maxlength="8"/>
                </div>
                <div class="form-group">
                    <span class="errMsg" id="errMsg" style="display: none">錯誤提示</span>
                </div>
                <div class="form-group col-md-offset-9">
                    <button type="submit" class="btn btn-success pull-right" name="submit" onclick="userLogin()">登錄
                    </button>
                </div>
            </div>
        </div>
    </div>
</div>
</body>
</html>
復制代碼

i）啟動項目，可以發現之前生成的license證書可以正常使用：

 

 

這時訪問 http://127.0.0.1:7080/login ，可以正常登錄：

 

 

ii）重新生成license證書，並設置很短的有效期。

iii）重新啟動ClientDemo，並再次登錄，可以發現爆以下提示信息：

 

作者：zifangsky
鏈接：https://juejin.im/post/5b457b2a6fb9a04fb900ba02
來源：掘金
著作權歸作者所有。商業轉載請聯系作者獲得授權，非商業轉載請注明出處。