需求背景:给第三方做私服部署但是防止源码泄露
一.使用JDK自带的 keytool 工具生成公私钥证书库
#生成命令
keytool -genkeypair -keysize 1024 -validity 3650 -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_777" -keypass "private_777" -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN"
#导出命令
keytool -exportcert -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_777" -file "certfile.cer"
#导入命令
keytool -import -alias "publicCert" -file "certfile.cer" -keystore "publicCerts.keystore" -storepass "public_777"
上述命令执行完成之后,会在当前路径下生成三个文件,分别是:privateKeys.keystore、publicCerts.keystore、certfile.cer。其中文件certfile.cer不再需要可以删除,文件privateKeys.keystore用于当前的 cloud-license-serve 项目给客户生成license文件,而文件publicCerts.keystore则随应用代码部署到客户服务器,用户解密license文件并校验其许可信息。
二.为客户项目生成license文件
通过调后台服务端接口生成license文件,可根据不同参数生成简单,复杂,高级证书,大致参数如下
{
"subject": "license_lawtrust",
"privateAlias": "privateKey",
"keyPass": "private_7777",//私钥库密码,步骤1的密码必须一致
"storePass": "public_777",//公钥库密码,和步骤1的密码保持一致
"licensePath": "/Users/shaoyingle/shaoyingle/workspace/lawtrust.git/src/main/resources/license/license.lic",//要生成证书位置
"privateKeysStorePath": "/Users/shaoyingle/Documents/work/license/privateKeys.keystore",//私钥证书
"issuedTime": "2021-05-14 00:00:01",//生效时间
"expiryTime": "2022-08-03 20:30:19",//过期时间
"consumerType": "User",
"consumerAmount": 1,
"description": "lawtrust证书"
}
高级证书需要添加服务器硬件信息
"ipAddress": [
"172.16.1.126",
"192.168.56.1"
],
"macAddress": [
"00-E1-4C-68-07-B5",
"0A-00-27-00-00-10"
],
"cpuSerial": "178BFBFF00860F01",
"mainBoardSerial": "BBDW0820AG001635"
三 .客户部署的应用中添加License校验
<!-- License -->
<dependency>
<groupId>de.schlichtherle.truelicense</groupId>
<artifactId>truelicense-core</artifactId>
<version>1.33</version>
</dependency>
配置文件
#License相关配置
license:
subject: license_lawtrust
publicAlias: publicCert
storePass: public_777
licensePath=src/main/resources/license/license.lic //window
publicKeysStorePath=src/main/resources/license/publicCerts.keystore //window系统该路径改成绝对路径
1.在项目启动bean实例完成时候安装证书,在拦截器添加效验证书
完整代码地址:https://gitee.com/shaoyingle/springboot-license