学习记录……
原文:Spring Boot项目中使用 TrueLicense 生成和验 | zifangsky的个人博客
Java:项目license证书控制_LLLLLiSHI的博客-CSDN博客_java license
license即版权许可证。实际使用中部署给客户的项目,不能随意被二次使用。那么就需要license证书对项目做出控制。
1 pom:
-
<!-- license处理 -->
-
<dependency>
-
<groupId>de.schlichtherle.truelicense</groupId>
-
<artifactId>truelicense-core</artifactId>
-
<version>1.33</version>
-
<scope>compile</scope>
-
</dependency>
2
服务端:生成license
客户端:对license做出验证
3 具体步骤
1、创建一个服务端项目和一个客户端项目
2、导入相关依赖及相关类
3、执行keytool命令,生成密钥库文件
4、调用服务端接口,以密钥库生成license文件
5、指定项目配置(如license路径),启动客户端
6、完
附1:服务端提供API
-
/**
-
* 用于生成证书文件,不能放在给客户部署的代码里
-
*
-
*/
-
@Api(tags = "license api")
-
@RestController
-
@RequestMapping("/license")
-
public class LicenseApi {
-
/**
-
* 证书生成路径
-
*/
-
@Value("${license.licensePath}")
-
private String licensePath;
-
/**
-
* 获取服务器硬件信息
-
*/
-
@ApiOperation(value = "获取服务器硬件信息")
-
@GetMapping(value = "/serverInfo")
-
public ResponseResult<LicenseCheckModel> getServerInfos(@RequestParam(value = "osName", required = false) String osName) {
-
//操作系统类型
-
if (StrUtil.isBlank(osName)) {
-
osName = System.getProperty("os.name");
-
}
-
osName = osName.toLowerCase();
-
AbstractServerInfos abstractServerInfos = null;
-
//根据不同操作系统类型选择不同的数据获取方法
-
if (osName.startsWith("windows")) {
-
abstractServerInfos = new WindowsServerInfos();
-
} else {
-
//其他服务器类型
-
abstractServerInfos = new LinuxServerInfos();
-
}
-
return ResponseResult.ok(abstractServerInfos.getServerInfos());
-
}
-
/**
-
* 生成证书
-
*/
-
@ApiOperation(value = "生成证书")
-
@PostMapping(value = "/generateLicense")
-
public ResponseResult generateLicense(@RequestBody(required = true) LicenseCreatorParam param) {
-
if (StrUtil.isBlank(param.getLicensePath())) {
-
param.setLicensePath(licensePath);
-
}
-
LicenseCreator licenseCreator = new LicenseCreator(param);
-
boolean result = licenseCreator.generateLicense();
-
if (result) {
-
return ResponseResult.ok("证书文件生成成功");
-
} else {
-
return ResponseResult.be("证书文件生成失败");
-
}
-
}
-
}
生成证书示例
-
{
-
"subject": "custom_license",
-
"privateAlias": "privateKey",
-
"keyPass": "private_password1234",
-
"storePass": "public_password1234",
-
"licensePath": "D:/temp/keytool/license.lic",
-
"privateKeysStorePath": "D:/temp/keytool/privateKeys.keystore",
-
"issuedTime": "2020-06-03 00:00:01",
-
"expiryTime": "2020-06-03 23:59:59",
-
"consumerType": "User",
-
"consumerAmount": 1,
-
"description": "这是证书描述信息",
-
"licenseCheckModel": {
-
"ipAddress": [
-
"1.1.1.1"
-
],
-
"macAddress": [
-
"A#-D5-D3-12-1F-D2"
-
],
-
"cpuSerial": "ADADADADA000239",
-
"mainBoardSerial": "199023140001"
-
}
-
}
附2:keytool命令
-
### license生成证书命令,JDK自带keytool工具
-
#生成:在当前目录下,生成一个名为privateKeys.keystore的密钥库,同时指定密钥库密码为public_password1234,第一个条目为privateKey,指定条目密码为private_password1234
-
keytool -genkeypair -keysize 1024 -validity 1 -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_password1234" -keypass "private_password1234" -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN"
-
#导出:将密钥库中privateKey的条目,导出到一个名为certfile.cer的数字文件
-
keytool -exportcert -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_password1234" -file "certfile.cer"
-
#导入:将刚刚导出的数字文件,导入为一个新的密钥库publicCerts.keystore
-
keytool -import -alias "publicCert" -file "certfile.cer" -keystore "publicCerts.keystore" -storepass "public_password1234"
-
参数释义:
-
alias:第一个条目别名
-
validity:证书有效期,单位:天
-
keystore:指定密钥库名称
-
storepass:指定密钥库密码
-
keypass:指定别名对应密码(私钥密码)
-
此三命令执行完之后,会生成三个文件:privateKeys.keystore,publicCerts.keystore,certfile.cer。
-
privateKeys.keystore:用于服务端生产license文件
-
publicCerts.keystore:随客户端项目部署
-
certfile.cer:暂存文件,删除即可
附3:代码
先说明服务端和客户端都需要通用的业务类:
AbstractServerInfos
-
/**
-
* 用于获取客户服务器的基本信息,如:IP、Mac地址、CPU序列号、主板序列号等
-
*
-
*/
-
@Data
-
@Slf4j
-
public abstract class AbstractServerInfos {
-
/**
-
* 组装需要额外校验的License参数
-
*/
-
public LicenseCheckModel getServerInfos() {
-
LicenseCheckModel result = new LicenseCheckModel();
-
try {
-
result.setIpAddress(this.getIpAddress());
-
result.setMacAddress(this.getMacAddress());
-
result.setCpuSerial(this.getCPUSerial());
-
result.setMainBoardSerial(this.getMainBoardSerial());
-
} catch (Exception e) {
-
log.error("获取服务器硬件信息失败", e);
-
}
-
return result;
-
}
-
/**
-
* 获取IP地址
-
*/
-
protected abstract List<String> getIpAddress() throws Exception;
-
/**
-
* 获取Mac地址
-
*/
-
protected abstract List<String> getMacAddress() throws Exception;
-
/**
-
* 获取CPU序列号
-
*/
-
protected abstract String getCPUSerial() throws Exception;
-
/**
-
* 获取主板序列号
-
*/
-
protected abstract String getMainBoardSerial() throws Exception;
-
/**
-
* 获取某个网络接口的Mac地址
-
*/
-
protected String getMacByInetAddress(InetAddress inetAddr) {
-
try {
-
byte[] mac = NetworkInterface.getByInetAddress(inetAddr).getHardwareAddress();
-
StringBuffer stringBuffer = new StringBuffer();
-
for (int i = 0; i < mac.length; i++) {
-
if (i != 0) {
-
stringBuffer.append("-");
-
}
-
//将十六进制byte转化为字符串
-
String temp = Integer.toHexString(mac[i] & 0xff);
-
if (temp.length() == 1) {
-
stringBuffer.append("0" + temp);
-
} else {
-
stringBuffer.append(temp);
-
}
-
}
-
return stringBuffer.toString().toUpperCase();
-
} catch (SocketException e) {
-
log.info("net:{}", JSON.toJSONString(inetAddr));
-
log.error("获取网络接口的Mac地址", e);
-
}
-
return null;
-
}
-
/**
-
* 获取当前服务器所有符合条件的InetAddress
-
*/
-
protected List<InetAddress> getLocalAllInetAddress() throws Exception {
-
List<InetAddress> result = new ArrayList<>(4);
-
// 遍历所有的网络接口
-
for (Enumeration networkInterfaces = NetworkInterface.getNetworkInterfaces(); networkInterfaces.hasMoreElements(); ) {
-
NetworkInterface iface = (NetworkInterface) networkInterfaces.nextElement();
-
// 在所有的接口下再遍历IP
-
for (Enumeration inetAddresses = iface.getInetAddresses(); inetAddresses.hasMoreElements(); ) {
-
InetAddress inetAddr = (InetAddress) inetAddresses.nextElement();
-
//排除LoopbackAddress、SiteLocalAddress、LinkLocalAddress、MulticastAddress类型的IP地址
-
/*&& !inetAddr.isSiteLocalAddress()*/
-
if (!inetAddr.isLoopbackAddress()
-
&& !inetAddr.isLinkLocalAddress()
-
&& !inetAddr.isMulticastAddress()) {
-
result.add(inetAddr);
-
}
-
}
-
}
-
return result;
-
}
-
}
CustomKeyStoreParam
-
/**
-
* 自定义KeyStoreParam,用于将公私钥存储文件存放到其他磁盘位置而不是项目中
-
*
-
*/
-
public class CustomKeyStoreParam extends AbstractKeyStoreParam {
-
/**
-
* 公钥/私钥在磁盘上的存储路径
-
*/
-
private String storePath;
-
private String alias;
-
private String storePwd;
-
private String keyPwd;
-
public CustomKeyStoreParam(Class clazz, String resource, String alias, String storePwd, String keyPwd) {
-
super(clazz, resource);
-
this.storePath = resource;
-
this.alias = alias;
-
this.storePwd = storePwd;
-
this.keyPwd = keyPwd;
-
}
-
@Override
-
public String getAlias() {
-
return alias;
-
}
-
@Override
-
public String getStorePwd() {
-
return storePwd;
-
}
-
@Override
-
public String getKeyPwd() {
-
return keyPwd;
-
}
-
/**
-
* 复写de.schlichtherle.license.AbstractKeyStoreParam的getStream()方法
-
* <br/>
-
* 用于将公私钥存储文件存放到其他磁盘位置而不是项目中
-
*/
-
@Override
-
public InputStream getStream() throws IOException {
-
final InputStream in = new FileInputStream(new File(storePath));
-
if (null == in) {
-
throw new FileNotFoundException(storePath);
-
}
-
return in;
-
}
-
}
CustomLicenseManager
-
/**
-
* 自定义LicenseManager,用于增加额外的服务器硬件信息校验
-
*
-
*/
-
@Slf4j
-
public class CustomLicenseManager extends LicenseManager {
-
/**
-
* XML编码
-
*/
-
private static final String XML_CHARSET = "UTF-8";
-
/**
-
* 默认 buf size
-
*/
-
private static final int DEFAULT_BUFSIZE = 8 * 1024;
-
public CustomLicenseManager() {
-
}
-
public CustomLicenseManager(LicenseParam param) {
-
super(param);
-
}
-
/**
-
* 复写create方法
-
*/
-
@Override
-
protected synchronized byte[] create(LicenseContent content, LicenseNotary notary) throws Exception {
-
initialize(content);
-
this.validateCreate(content);
-
final GenericCertificate certificate = notary.sign(content);
-
return getPrivacyGuard().cert2key(certificate);
-
}
-
/**
-
* 复写install方法,其中validate方法调用本类中的validate方法,校验IP地址、Mac地址等其他信息
-
*/
-
@Override
-
protected synchronized LicenseContent install(final byte[] key, final LicenseNotary notary) throws Exception {
-
final GenericCertificate certificate = getPrivacyGuard().key2cert(key);
-
notary.verify(certificate);
-
final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
-
this.validate(content);
-
setLicenseKey(key);
-
setCertificate(certificate);
-
return content;
-
}
-
/**
-
* 复写verify方法,调用本类中的validate方法,校验IP地址、Mac地址等其他信息
-
*/
-
@Override
-
protected synchronized LicenseContent verify(final LicenseNotary notary) throws Exception {
-
GenericCertificate certificate = getCertificate();
-
// Load license key from preferences,
-
final byte[] key = getLicenseKey();
-
if (null == key) {
-
throw new NoLicenseInstalledException(getLicenseParam().getSubject());
-
}
-
certificate = getPrivacyGuard().key2cert(key);
-
notary.verify(certificate);
-
final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
-
this.validate(content);
-
setCertificate(certificate);
-
return content;
-
}
-
/**
-
* 校验生成证书的参数信息
-
*/
-
protected synchronized void validateCreate(final LicenseContent content) throws LicenseContentException {
-
final LicenseParam param = getLicenseParam();
-
final Date now = new Date();
-
final Date notBefore = content.getNotBefore();
-
final Date notAfter = content.getNotAfter();
-
if (null != notAfter && now.after(notAfter)) {
-
throw new LicenseContentException("证书失效时间不能早于当前时间");
-
}
-
if (null != notBefore && null != notAfter && notAfter.before(notBefore)) {
-
throw new LicenseContentException("证书生效时间不能晚于证书失效时间");
-
}
-
final String consumerType = content.getConsumerType();
-
if (null == consumerType) {
-
throw new LicenseContentException("用户类型不能为空");
-
}
-
}
-
/**
-
* 复写validate方法,增加IP地址、Mac地址等其他信息校验
-
*/
-
@Override
-
protected synchronized void validate(final LicenseContent content) throws LicenseContentException {
-
//1. 首先调用父类的validate方法
-
super.validate(content);
-
//2. 然后校验自定义的License参数
-
//License中可被允许的参数信息
-
LicenseCheckModel expectedCheckModel = (LicenseCheckModel) content.getExtra();
-
//当前服务器真实的参数信息
-
LicenseCheckModel serverCheckModel = getServerInfos();
-
if (expectedCheckModel != null && serverCheckModel != null) {
-
//校验主板序列号
-
if (!checkSerial(expectedCheckModel.getMainBoardSerial(), serverCheckModel.getMainBoardSerial())) {
-
throw new LicenseContentException("当前服务器的主板序列号没在授权范围内");
-
}
-
//校验IP地址
-
if (!checkIpAddress(expectedCheckModel.getIpAddress(), serverCheckModel.getIpAddress())) {
-
throw new LicenseContentException("当前服务器的IP没在授权范围内");
-
}
-
//校验Mac地址
-
if (!checkIpAddress(expectedCheckModel.getMacAddress(), serverCheckModel.getMacAddress())) {
-
throw new LicenseContentException("当前服务器的Mac地址没在授权范围内");
-
}
-
//校验CPU序列号
-
if (!checkSerial(expectedCheckModel.getCpuSerial(), serverCheckModel.getCpuSerial())) {
-
throw new LicenseContentException("当前服务器的CPU序列号没在授权范围内");
-
}
-
} else {
-
throw new LicenseContentException("不能获取服务器硬件信息");
-
}
-
}
-
/**
-
* 重写XMLDecoder解析XML
-
*/
-
private Object load(String encoded) {
-
BufferedInputStream inputStream = null;
-
XMLDecoder decoder = null;
-
try {
-
// 替换自定义license参数类:以客户端定义的LicenseCheckModel,替换xml中服务端的LicenseCheckModel路径
-
String clazzName = LicenseCheckModel.class.getName();
-
encoded = encoded.replace("cn.test.license.LicenseCheckModel", clazzName);
-
inputStream = new BufferedInputStream(new ByteArrayInputStream(encoded.getBytes(XML_CHARSET)));
-
decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE), null, null);
-
return decoder.readObject();
-
} catch (UnsupportedEncodingException e) {
-
log.error("解析XML异常", e);
-
} finally {
-
try {
-
if (decoder != null) {
-
decoder.close();
-
}
-
if (inputStream != null) {
-
inputStream.close();
-
}
-
} catch (Exception e) {
-
log.error("XMLDecoder解析XML失败", e);
-
}
-
}
-
return null;
-
}
-
/**
-
* 获取当前服务器需要额外校验的License参数
-
*/
-
private LicenseCheckModel getServerInfos() {
-
//操作系统类型
-
String osName = System.getProperty("os.name").toLowerCase();
-
AbstractServerInfos abstractServerInfos = null;
-
//根据不同操作系统类型选择不同的数据获取方法
-
if (osName.startsWith("windows")) {
-
abstractServerInfos = new WindowsServerInfos();
-
} else if (osName.startsWith("linux")) {
-
abstractServerInfos = new LinuxServerInfos();
-
} else {
-
//其他服务器类型
-
abstractServerInfos = new LinuxServerInfos();
-
}
-
return abstractServerInfos.getServerInfos();
-
}
-
/**
-
* 校验当前服务器的IP/Mac地址是否在可被允许的IP范围内
-
* <br/>
-
* 如果存在IP在可被允许的IP/Mac地址范围内,则返回true
-
*/
-
private boolean checkIpAddress(List<String> expectedList, List<String> serverList) {
-
if (expectedList != null && expectedList.size() > 0) {
-
if (serverList != null && serverList.size() > 0) {
-
for (String expected : expectedList) {
-
if (serverList.contains(expected.trim())) {
-
return true;
-
}
-
}
-
}
-
return false;
-
} else {
-
return true;
-
}
-
}
-
/**
-
* 校验当前服务器硬件(主板、CPU等)序列号是否在可允许范围内
-
*/
-
private boolean checkSerial(String expectedSerial, String serverSerial) {
-
if (StrUtil.isNotBlank(expectedSerial)) {
-
if (StrUtil.isNotBlank(serverSerial)) {
-
return expectedSerial.equals(serverSerial);
-
}
-
return false;
-
} else {
-
return true;
-
}
-
}
-
}
LicenseCheckModel
-
/**
-
* 自定义需要校验的License参数
-
*
-
*/
-
@Data
-
@ApiModel("服务器校验信息")
-
public class LicenseCheckModel implements Serializable {
-
/**
-
* 可被允许的IP地址
-
*/
-
@ApiModelProperty("可被允许的IP地址")
-
private List<String> ipAddress;
-
/**
-
* 可被允许的MAC地址
-
*/
-
@ApiModelProperty("可被允许的MAC地址")
-
private List<String> macAddress;
-
/**
-
* 可被允许的CPU序列号
-
*/
-
@ApiModelProperty("可被允许的CPU序列号")
-
private String cpuSerial;
-
/**
-
* 可被允许的主板序列号
-
*/
-
@ApiModelProperty("可被允许的主板序列号")
-
private String mainBoardSerial;
-
}
LinuxServerInfos
-
/**
-
* 用于获取客户Linux服务器的基本信息
-
*
-
*/
-
public class LinuxServerInfos extends AbstractServerInfos {
-
@Override
-
protected List<String> getIpAddress() throws Exception {
-
List<String> result = null;
-
//获取所有网络接口
-
List<InetAddress> inetAddresses = getLocalAllInetAddress();
-
if (inetAddresses != null && inetAddresses.size() > 0) {
-
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
-
}
-
return result;
-
}
-
@Override
-
protected List<String> getMacAddress() throws Exception {
-
List<String> result = null;
-
//1. 获取所有网络接口
-
List<InetAddress> inetAddresses = getLocalAllInetAddress();
-
if (inetAddresses != null && inetAddresses.size() > 0) {
-
//2. 获取所有网络接口的Mac地址
-
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
-
}
-
return result;
-
}
-
@Override
-
protected String getCPUSerial() throws Exception {
-
//序列号
-
String serialNumber = "";
-
//使用dmidecode命令获取CPU序列号
-
String[] shell = {"/bin/bash", "-c", "dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"};
-
Process process = Runtime.getRuntime().exec(shell);
-
process.getOutputStream().close();
-
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
-
String line = reader.readLine().trim();
-
if (StrUtil.isNotBlank(line)) {
-
serialNumber = line;
-
}
-
reader.close();
-
return serialNumber;
-
}
-
@Override
-
protected String getMainBoardSerial() throws Exception {
-
//序列号
-
String serialNumber = "";
-
//使用dmidecode命令获取主板序列号
-
String[] shell = {"/bin/bash", "-c", "dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"};
-
Process process = Runtime.getRuntime().exec(shell);
-
process.getOutputStream().close();
-
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
-
String line = reader.readLine().trim();
-
if (StrUtil.isNotBlank(line)) {
-
serialNumber = line;
-
}
-
reader.close();
-
return serialNumber;
-
}
-
}
WindowsServerInfos
-
/**
-
* 用于获取客户Windows服务器的基本信息
-
*
-
*/
-
public class WindowsServerInfos extends AbstractServerInfos {
-
@Override
-
protected List<String> getIpAddress() throws Exception {
-
List<String> result = null;
-
//获取所有网络接口
-
List<InetAddress> inetAddresses = getLocalAllInetAddress();
-
if (inetAddresses != null && inetAddresses.size() > 0) {
-
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
-
}
-
return result;
-
}
-
@Override
-
protected List<String> getMacAddress() throws Exception {
-
List<String> result = null;
-
//1. 获取所有网络接口
-
List<InetAddress> inetAddresses = getLocalAllInetAddress();
-
if (inetAddresses != null && inetAddresses.size() > 0) {
-
//2. 获取所有网络接口的Mac地址
-
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
-
}
-
return result;
-
}
-
@Override
-
protected String getCPUSerial() throws Exception {
-
//序列号
-
String serialNumber = "";
-
//使用WMIC获取CPU序列号
-
Process process = Runtime.getRuntime().exec("wmic cpu get processorid");
-
process.getOutputStream().close();
-
Scanner scanner = new Scanner(process.getInputStream());
-
if (scanner.hasNext()) {
-
scanner.next();
-
}
-
if (scanner.hasNext()) {
-
serialNumber = scanner.next().trim();
-
}
-
scanner.close();
-
return serialNumber;
-
}
-
@Override
-
protected String getMainBoardSerial() throws Exception {
-
//序列号
-
String serialNumber = "";
-
//使用WMIC获取主板序列号
-
Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber");
-
process.getOutputStream().close();
-
Scanner scanner = new Scanner(process.getInputStream());
-
if (scanner.hasNext()) {
-
scanner.next();
-
}
-
if (scanner.hasNext()) {
-
serialNumber = scanner.next().trim();
-
}
-
scanner.close();
-
return serialNumber;
-
}
-
}
服务端:
yml
-
#License相关配置
-
license:
-
licensePath: license/license.lic
LicenseCreator
-
/**
-
* License生成类
-
*/
-
@Slf4j
-
public class LicenseCreator {
-
private final static X500Principal DEFAULT_HOLDER_AND_ISSUER = new X500Principal("CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN");
-
private LicenseCreatorParam param;
-
public LicenseCreator(LicenseCreatorParam param) {
-
this.param = param;
-
}
-
/**
-
* 生成License证书
-
*/
-
public boolean generateLicense() {
-
try {
-
LicenseManager licenseManager = new CustomLicenseManager(initLicenseParam());
-
LicenseContent licenseContent = initLicenseContent();
-
licenseManager.store(licenseContent, new File(param.getLicensePath()));
-
return true;
-
} catch (Exception e) {
-
log.error(MessageFormat.format("证书生成失败:{0}", param), e);
-
return false;
-
}
-
}
-
/**
-
* 初始化证书生成参数
-
*/
-
private LicenseParam initLicenseParam() {
-
Preferences preferences = Preferences.userNodeForPackage(LicenseCreator.class);
-
//设置对证书内容加密的秘钥
-
CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
-
KeyStoreParam privateStoreParam = new CustomKeyStoreParam(LicenseCreator.class
-
, param.getPrivateKeysStorePath()
-
, param.getPrivateAlias()
-
, param.getStorePass()
-
, param.getKeyPass());
-
LicenseParam licenseParam = new DefaultLicenseParam(param.getSubject()
-
, preferences
-
, privateStoreParam
-
, cipherParam);
-
return licenseParam;
-
}
-
/**
-
* 设置证书生成正文信息
-
*/
-
private LicenseContent initLicenseContent() {
-
LicenseContent licenseContent = new LicenseContent();
-
licenseContent.setHolder(DEFAULT_HOLDER_AND_ISSUER);
-
licenseContent.setIssuer(DEFAULT_HOLDER_AND_ISSUER);
-
licenseContent.setSubject(param.getSubject());
-
licenseContent.setIssued(param.getIssuedTime());
-
licenseContent.setNotBefore(param.getIssuedTime());
-
licenseContent.setNotAfter(param.getExpiryTime());
-
licenseContent.setConsumerType(param.getConsumerType());
-
licenseContent.setConsumerAmount(param.getConsumerAmount());
-
licenseContent.setInfo(param.getDescription());
-
//扩展校验服务器硬件信息
-
licenseContent.setExtra(param.getLicenseCheckModel());
-
return licenseContent;
-
}
-
}
LicenseCreatorParam
-
/**
-
* License生成类需要的参数
-
*
-
*/
-
@Data
-
@ApiModel("License需要的参数")
-
public class LicenseCreatorParam implements Serializable {
-
/**
-
* 证书subject
-
*/
-
@ApiModelProperty("证书subject")
-
private String subject;
-
/**
-
* 密钥别称
-
*/
-
@ApiModelProperty("密钥别称")
-
private String privateAlias;
-
/**
-
* 密钥密码(需要妥善保管,不能让使用者知道)
-
*/
-
@ApiModelProperty("密钥密码")
-
private String keyPass;
-
/**
-
* 访问秘钥库的密码
-
*/
-
@ApiModelProperty("访问秘钥库的密码")
-
private String storePass;
-
/**
-
* 证书生成路径
-
*/
-
@ApiModelProperty("证书生成路径")
-
private String licensePath;
-
/**
-
* 密钥库存储路径
-
*/
-
@ApiModelProperty("密钥库存储路径")
-
private String privateKeysStorePath;
-
/**
-
* 证书生效时间
-
*/
-
@ApiModelProperty("证书生效时间")
-
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
-
private Date issuedTime = new Date();
-
/**
-
* 证书失效时间
-
*/
-
@ApiModelProperty("证书失效时间")
-
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
-
private Date expiryTime;
-
/**
-
* 用户类型
-
*/
-
@ApiModelProperty("用户类型")
-
private String consumerType = "User";
-
/**
-
* 用户数量
-
*/
-
@ApiModelProperty("用户数量")
-
private Integer consumerAmount = 1;
-
/**
-
* 描述信息
-
*/
-
@ApiModelProperty("描述信息")
-
private String description = "";
-
/**
-
* 额外的服务器硬件校验信息
-
*/
-
@ApiModelProperty("服务器校验信息")
-
private LicenseCheckModel licenseCheckModel;
-
}
客户端:
yml:
-
##License相关配置
-
license:
-
subject: custom_license
-
publicAlias: publicCert
-
storePass: 1234567890asdfghjkl
-
licensePath: D:\temp\keytool\license.lic
-
publicKeysStorePath: D:\temp\keytool\publicCerts.keystore
LicenseManagerHolder
-
/**
-
* de.schlichtherle.license.LicenseManager的单例
-
*
-
*/
-
public class LicenseManagerHolder {
-
private static volatile LicenseManager LICENSE_MANAGER;
-
public static LicenseManager getInstance(LicenseParam param) {
-
if (LICENSE_MANAGER == null) {
-
synchronized (LicenseManagerHolder.class) {
-
if (LICENSE_MANAGER == null) {
-
LICENSE_MANAGER = new CustomLicenseManager(param);
-
}
-
}
-
}
-
return LICENSE_MANAGER;
-
}
-
}
LicenseVerify
-
/**
-
* License校验类
-
*
-
*/
-
@Slf4j
-
public class LicenseVerify {
-
/**
-
* 安装License证书
-
*/
-
public synchronized LicenseContent install(LicenseVerifyParam param) {
-
LicenseContent result = null;
-
//1. 安装证书
-
try {
-
LicenseManager licenseManager = LicenseManagerHolder.getInstance(initLicenseParam(param));
-
licenseManager.uninstall();
-
result = licenseManager.install(new File(param.getLicensePath()));
-
log.info("证书安装成功,证书有效期:{} - {}",
-
DateUtil.formatDateTime(result.getNotBefore()),
-
DateUtil.formatDateTime(result.getNotAfter()));
-
} catch (Exception e) {
-
log.error("证书安装失败!", e);
-
throw new BusinessException("证书安装失败");
-
}
-
return result;
-
}
-
/**
-
* 校验License证书
-
*/
-
public boolean verify() {
-
LicenseManager licenseManager = LicenseManagerHolder.getInstance(null);
-
//2. 校验证书
-
try {
-
LicenseContent licenseContent = licenseManager.verify();
-
log.info("证书校验通过,证书有效期:{} - {}",
-
DateUtil.formatDateTime(licenseContent.getNotBefore()),
-
DateUtil.formatDateTime(licenseContent.getNotAfter()));
-
return true;
-
} catch (Exception e) {
-
log.error("证书校验失败!", e);
-
return false;
-
}
-
}
-
/**
-
* 初始化证书生成参数
-
*/
-
private LicenseParam initLicenseParam(LicenseVerifyParam param) {
-
Preferences preferences = Preferences.userNodeForPackage(LicenseVerify.class);
-
CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
-
KeyStoreParam publicStoreParam = new CustomKeyStoreParam(LicenseVerify.class
-
, param.getPublicKeysStorePath()
-
, param.getPublicAlias()
-
, param.getStorePass()
-
, null);
-
return new DefaultLicenseParam(param.getSubject()
-
, preferences
-
, publicStoreParam
-
, cipherParam);
-
}
-
}
LicenseVerifyParam
-
/**
-
* License校验类需要的参数
-
*
-
*/
-
@Data
-
@NoArgsConstructor
-
@AllArgsConstructor
-
public class LicenseVerifyParam {
-
/**
-
* 证书subject
-
*/
-
private String subject;
-
/**
-
* 公钥别称
-
*/
-
private String publicAlias;
-
/**
-
* 访问公钥库的密码
-
*/
-
private String storePass;
-
/**
-
* 证书生成路径
-
*/
-
private String licensePath;
-
/**
-
* 密钥库存储路径
-
*/
-
private String publicKeysStorePath;
-
}
LicenseCheckListener
-
/**
-
* 在项目启动时安装证书
-
*
-
*/
-
@Slf4j
-
@Component
-
public class LicenseCheckListener implements ApplicationListener<ContextRefreshedEvent> {
-
/**
-
* 证书subject
-
*/
-
@Value("${license.subject}")
-
private String subject;
-
/**
-
* 公钥别称
-
*/
-
@Value("${license.publicAlias}")
-
private String publicAlias;
-
/**
-
* 访问公钥库的密码
-
*/
-
@Value("${license.storePass}")
-
private String storePass;
-
/**
-
* 证书生成路径
-
*/
-
@Value("${license.licensePath}")
-
private String licensePath;
-
/**
-
* 密钥库存储路径
-
*/
-
@Value("${license.publicKeysStorePath}")
-
private String publicKeysStorePath;
-
@Override
-
public void onApplicationEvent(ContextRefreshedEvent event) {
-
//root application context 没有parent
-
ApplicationContext context = event.getApplicationContext().getParent();
-
if (context == null) {
-
if (StrUtil.isNotBlank(licensePath)) {
-
log.info("++++++++ 开始安装证书 ++++++++");
-
LicenseVerifyParam param = new LicenseVerifyParam();
-
param.setSubject(subject);
-
param.setPublicAlias(publicAlias);
-
param.setStorePass(storePass);
-
param.setLicensePath(licensePath);
-
param.setPublicKeysStorePath(publicKeysStorePath);
-
LicenseVerify licenseVerify = new LicenseVerify();
-
//安装证书
-
licenseVerify.install(param);
-
log.info("++++++++ 证书安装结束 ++++++++");
-
}
-
}
-
}
-
}
LicenseCheckInterceptor
-
/**
-
* 拦截器校验证书是否合法
-
*
-
*/
-
@Slf4j
-
@Component
-
public class LicenseCheckInterceptor extends HandlerInterceptorAdapter {
-
@Override
-
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-
LicenseVerify licenseVerify = new LicenseVerify();
-
// 校验证书是否有效
-
boolean verifyResult = licenseVerify.verify();
-
if (verifyResult) {
-
return true;
-
} else {
-
log.warn("您的证书无效,请核查服务器是否取得授权或重新申请证书!");
-
throw new BusinessException("您的证书无效,请核查服务器是否取得授权或重新申请证书!");
-
}
-
}
-
}
完。