Springboot 添加License 以及生成证书和证书验证
1. 先准备生成cer证书及私钥,公钥
## (1). 生成私匙库
# validity:私钥的有效期多少天 365
# alias:私钥别称 privateKey
# keystore: 指定私钥库文件的名称(生成在当前目录) privateKeys.keystore
# storepass:指定私钥库的密码(获取keystore信息所需的密码) public_password
# keypass:指定别名条目的密码(私钥的密码) private_password
keytool -genkeypair -keysize 1024 -validity 365 -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_password" -keypass "private_password" -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN"
此时会在cd的目录中生成 privateKeys.keystore 文件
## (2). 把私匙库内的公匙导出到一个文件当中
# alias:私钥别称 privateKey
# keystore:指定私钥库的名称(在当前目录查找) privateKeys.keystore
# storepass: 指定私钥库的密码 public_password
# file:证书名称 certfile.cer
keytool -exportcert -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_password" -file "certfile.cer"
此时会在cd的目录中生成 certfile.cer 文件
## (3). 再把这个证书文件导入到公匙库
# alias:公钥别称 publicCert
# file:证书名称 certfile.cer
# keystore:公钥文件名称 publicCerts.keystore
# storepass:指定私钥库的密码 public_password
keytool -import -alias "publicCert" -file "certfile.cer" -keystore "publicCerts.keystore" -storepass "public_password"
此时在命令窗口输入 y 回车,然后会在cd的目录中生成 publicCerts.keystore 文件,注意此时应该一共生成了三个文件分别是 privateKeys.keystore, certfile.cer,publicCerts.keystore
2. 在项目中添加maven依赖(truelicense):
<dependency>
<groupId>de.schlichtherle.truelicense</groupId>
<artifactId>truelicense-core</artifactId>
<version>1.33</version>
<scope>provided</scope>
</dependency>
3. 开始编写生成接口和验证接口目录结构如下图:
(1) CustomKeyStoreParam.java
package com.ruoyi.license.create; import de.schlichtherle.license.AbstractKeyStoreParam; import java.io.*; /** * 自定义KeyStoreParam,用于将公私钥存储文件存放到其他磁盘位置而不是项目中 */ public class CustomKeyStoreParam extends AbstractKeyStoreParam { /** * 公钥/私钥在磁盘上的存储路径 */ private String storePath; private String alias; private String storePwd; private String keyPwd; public CustomKeyStoreParam(Class clazz, String resource, String alias, String storePwd, String keyPwd) { super(clazz, resource); this.storePath = resource; this.alias = alias; this.storePwd = storePwd; this.keyPwd = keyPwd; } @Override public String getAlias() { return alias; } @Override public String getStorePwd() { return storePwd; } @Override public String getKeyPwd() { return keyPwd; } /** * 复写de.schlichtherle.license.AbstractKeyStoreParam的getStream()方法 * <br/> * 用于将公私钥存储文件存放到其他磁盘位置而不是项目中 */ @Override public InputStream getStream() throws IOException { final InputStream in = new FileInputStream(new File(storePath)); if (null == in) { throw new FileNotFoundException(storePath); } return in; } }
(2) LicenseCreator.java
package com.ruoyi.license.create; import com.ruoyi.license.verify.CustomLicenseManager; import de.schlichtherle.license.*; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.security.auth.x500.X500Principal; import java.io.File; import java.text.MessageFormat; import java.util.prefs.Preferences; /** * 证书生成器 */ public class LicenseCreator { private static Logger logger = LoggerFactory.getLogger(LicenseCreator.class); private final static X500Principal DEFAULT_HOLDER_AND_ISSUER = new X500Principal("CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN"); private LicenseCreatorParam param; public LicenseCreator(LicenseCreatorParam param) { this.param = param; } /** * 生成License证书 */ public boolean generateLicense() { try { LicenseManager licenseManager = new CustomLicenseManager(initLicenseParam()); LicenseContent licenseContent = initLicenseContent(); licenseManager.store(licenseContent, new File(param.getLicensePath())); return true; } catch (Exception e) { logger.error(MessageFormat.format("证书生成失败:{0}", param), e); return false; } } /** * 初始化证书生成参数 */ private LicenseParam initLicenseParam() { Preferences preferences = Preferences.userNodeForPackage(LicenseCreator.class); //设置对证书内容加密的秘钥 CipherParam cipherParam = new DefaultCipherParam(param.getStorePass()); KeyStoreParam privateStoreParam = new CustomKeyStoreParam(LicenseCreator.class , param.getPrivateKeysStorePath() , param.getPrivateAlias() , param.getStorePass() , param.getKeyPass()); LicenseParam licenseParam = new DefaultLicenseParam(param.getSubject() , preferences , privateStoreParam , cipherParam); return licenseParam; } /** * 设置证书生成正文信息 */ private LicenseContent initLicenseContent() { LicenseContent licenseContent = new LicenseContent(); licenseContent.setHolder(DEFAULT_HOLDER_AND_ISSUER); licenseContent.setIssuer(DEFAULT_HOLDER_AND_ISSUER); licenseContent.setSubject(param.getSubject()); licenseContent.setIssued(param.getIssuedTime()); licenseContent.setNotBefore(param.getIssuedTime()); licenseContent.setNotAfter(param.getExpiryTime()); licenseContent.setConsumerType(param.getConsumerType()); licenseContent.setConsumerAmount(param.getConsumerAmount()); licenseContent.setInfo(param.getDescription()); //扩展校验服务器硬件信息 licenseContent.setExtra(param.getLicenseCheckModel()); return licenseContent; } }
(3) LicenseCreatorController.java
package com.ruoyi.license.create; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.license.model.AbstractServerInfos; import com.ruoyi.license.model.LicenseCheckModel; import com.ruoyi.license.model.LinuxServerInfos; import com.ruoyi.license.model.WindowsServerInfos; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import java.util.HashMap; import java.util.Map; /** * 证书生成路由 */ @RestController @RequestMapping("/license") public class LicenseCreatorController { /** * 证书生成路径 */ @Value("${license.createLicensePath}") private String createLicensePath; @Value("${license.privateKeysStorePath}") private String privateKeysStorePath; /** * 获取服务器硬件信息 */ @RequestMapping(value = "/getServerInfos", produces = {MediaType.APPLICATION_JSON_UTF8_VALUE}) public LicenseCheckModel getServerInfos(@RequestParam(value = "osName", required = false) String osName) { //操作系统类型 if (StringUtils.isBlank(osName)) { osName = System.getProperty("os.name"); } osName = osName.toLowerCase(); AbstractServerInfos abstractServerInfos = null; //根据不同操作系统类型选择不同的数据获取方法 if (osName.startsWith("windows")) { abstractServerInfos = new WindowsServerInfos(); } else if (osName.startsWith("linux")) { abstractServerInfos = new LinuxServerInfos(); } else {//其他服务器类型 abstractServerInfos = new LinuxServerInfos(); } return abstractServerInfos.getServerInfos(); } /** * 生成证书 */ @RequestMapping(value = "/generateLicense", produces = {MediaType.APPLICATION_JSON_UTF8_VALUE}) public Map<String, Object> generateLicense(@RequestBody(required = true) LicenseCreatorParam param) { Map<String, Object> resultMap = new HashMap<>(2); if (StringUtils.isBlank(param.getLicensePath())) { param.setLicensePath(createLicensePath); param.setPrivateKeysStorePath(privateKeysStorePath); } LicenseCreator licenseCreator = new LicenseCreator(param); boolean result = licenseCreator.generateLicense(); if (result) { resultMap.put("result", "ok"); resultMap.put("msg", param); } else { resultMap.put("result", "error"); resultMap.put("msg", "证书文件生成失败!"); } return resultMap; } }
(4) LicenseCreatorParam.java
package com.ruoyi.license.create; import com.fasterxml.jackson.annotation.JsonFormat; import com.ruoyi.license.model.LicenseCheckModel; import lombok.Data; import java.io.Serializable; import java.util.Date; /** * 证书生成参数 */ @Data public class LicenseCreatorParam implements Serializable { private static final long serialVersionUID = -7793154252684580872L; /** * 证书subject */ private String subject; /** * 密钥别称 */ private String privateAlias; /** * 密钥密码(需要妥善保管,不能让使用者知道) */ private String keyPass; /** * 访问秘钥库的密码 */ private String storePass; /** * 证书生成路径 */ private String licensePath; /** * 密钥库存储路径 */ private String privateKeysStorePath; /** * 证书生效时间 */ @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8") private Date issuedTime = new Date(); /** * 证书失效时间 */ @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8") private Date expiryTime; /** * 用户类型 */ private String consumerType = "user"; /** * 用户数量 */ private Integer consumerAmount = 1; /** * 描述信息 */ private String description = ""; /** * 额外的服务器硬件校验信息 */ private LicenseCheckModel licenseCheckModel; }
(5) ApiConfig.java
package com.ruoyi.license.interceptor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport; /** * 接口拦截器 */ @Configuration public class ApiConfig extends WebMvcConfigurationSupport { @Autowired LicenseCheckInterceptor licenseCheckInterceptor; @Override protected void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(this.licenseCheckInterceptor).addPathPatterns("/**"); super.addInterceptors(registry); } }
(6) LicenseCheckInterceptor.java
package com.ruoyi.license.interceptor; import com.ruoyi.common.exception.LicenseException; import com.ruoyi.license.verify.LicenseVerify; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * 拦截器校验证书是否合法 */ @Slf4j @SuppressWarnings("ALL") @Component public class LicenseCheckInterceptor extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { LicenseVerify licenseVerify = new LicenseVerify(); log.info("开始验证证书是否有效"); // 校验证书是否有效 boolean verifyResult = licenseVerify.verify(); // verifyResult = false; if (verifyResult) { return true; } else { log.warn("您的证书无效,请核查服务器是否取得授权或重新申请证书!"); throw new LicenseException("您的证书无效,请核查服务器是否取得授权或重新申请证书!"); } } }
(7) AbstractServerInfos.java
package com.ruoyi.license.model; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.net.InetAddress; import java.net.NetworkInterface; import java.net.SocketException; import java.util.ArrayList; import java.util.Enumeration; import java.util.List; /** * 用于获取客户服务器的基本信息,如:IP、Mac地址、CPU序列号、主板序列号等 */ public abstract class AbstractServerInfos { private static Logger logger = LoggerFactory.getLogger(AbstractServerInfos.class); /** * 组装需要额外校验的License参数 */ public LicenseCheckModel getServerInfos() { LicenseCheckModel result = new LicenseCheckModel(); try { result.setIpAddress(this.getIpAddress()); result.setMacAddress(this.getMacAddress()); result.setCpuSerial(this.getCPUSerial()); result.setMainBoardSerial(this.getMainBoardSerial()); } catch (Exception e) { logger.error("获取服务器硬件信息失败", e); } return result; } /** * 获取IP地址 * * @return java.util.List<java.lang.String> */ protected abstract List<String> getIpAddress() throws Exception; /** * 获取Mac地址 * * @return java.util.List<java.lang.String> */ protected abstract List<String> getMacAddress() throws Exception; /** * 获取CPU序列号 */ protected abstract String getCPUSerial() throws Exception; /** * 获取主板序列号 */ protected abstract String getMainBoardSerial() throws Exception; /** * 获取当前服务器所有符合条件的InetAddress * * @return java.util.List<java.net.InetAddress> * @author zifangsky * @date 2018/4/23 17:38 * @since 1.0.0 */ protected List<InetAddress> getLocalAllInetAddress() throws Exception { List<InetAddress> result = new ArrayList<>(4); // 遍历所有的网络接口 for (Enumeration networkInterfaces = NetworkInterface.getNetworkInterfaces(); networkInterfaces.hasMoreElements(); ) { NetworkInterface iface = (NetworkInterface) networkInterfaces.nextElement(); // 在所有的接口下再遍历IP for (Enumeration inetAddresses = iface.getInetAddresses(); inetAddresses.hasMoreElements(); ) { InetAddress inetAddr = (InetAddress) inetAddresses.nextElement(); //排除LoopbackAddress、SiteLocalAddress、LinkLocalAddress、MulticastAddress类型的IP地址 if (!inetAddr.isLoopbackAddress() /*&& !inetAddr.isSiteLocalAddress()*/ && !inetAddr.isLinkLocalAddress() && !inetAddr.isMulticastAddress()) { result.add(inetAddr); } } } return result; } /** * 获取某个网络接口的Mac地址 */ protected String getMacByInetAddress(InetAddress inetAddr) { try { byte[] mac = NetworkInterface.getByInetAddress(inetAddr).getHardwareAddress(); StringBuffer stringBuffer = new StringBuffer(); for (int i = 0; i < mac.length; i++) { if (i != 0) { stringBuffer.append("-"); } //将十六进制byte转化为字符串 String temp = Integer.toHexString(mac[i] & 0xff); if (temp.length() == 1) { stringBuffer.append("0" + temp); } else { stringBuffer.append(temp); } } return stringBuffer.toString().toUpperCase(); } catch (SocketException e) { e.printStackTrace(); } return null; } }
(8) LicenseBaseModel.java
package com.ruoyi.license.model; import lombok.Data; import java.io.Serializable; import java.util.Date; /** * 可被允许的服务器硬件信息的实体类 */ @Data public class LicenseBaseModel implements Serializable { private static final long serialVersionUID = 8600137500316662317L; private String subject; private Date issued; private Date notBefore; private Date notAfter; }
(9) LicenseCheckModel.java
package com.ruoyi.license.model; import lombok.Data; import java.io.Serializable; import java.util.List; /** * 可被允许的服务器硬件信息的实体类 */ @Data public class LicenseCheckModel implements Serializable { private static final long serialVersionUID = 8600137500316662317L; /** * 可被允许的IP地址 */ private List<String> ipAddress; /** * 可被允许的MAC地址 */ private List<String> macAddress; /** * 可被允许的CPU序列号 */ private String cpuSerial; /** * 可被允许的主板序列号 */ private String mainBoardSerial; @Override public String toString() { return "LicenseCheckModel{" + "ipAddress=" + ipAddress + ", macAddress=" + macAddress + ", cpuSerial='" + cpuSerial + '\'' + ", mainBoardSerial='" + mainBoardSerial + '\'' + '}'; } }
(10) LinuxServerInfos.java
package com.ruoyi.license.model; import com.ruoyi.common.utils.StringUtils; import java.io.BufferedReader; import java.io.InputStreamReader; import java.net.InetAddress; import java.util.List; import java.util.stream.Collectors; /** * 用于获取客户Linux服务器的基本信息 */ public class LinuxServerInfos extends AbstractServerInfos { @Override protected List<String> getIpAddress() throws Exception { List<String> result = null; //获取所有网络接口 List<InetAddress> inetAddresses = getLocalAllInetAddress(); if (inetAddresses != null && inetAddresses.size() > 0) { result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList()); } return result; } @Override protected List<String> getMacAddress() throws Exception { List<String> result = null; //1. 获取所有网络接口 List<InetAddress> inetAddresses = getLocalAllInetAddress(); if (inetAddresses != null && inetAddresses.size() > 0) { //2. 获取所有网络接口的Mac地址 result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList()); } return result; } @Override protected String getCPUSerial() throws Exception { //序列号 String serialNumber = ""; //使用dmidecode命令获取CPU序列号 String[] shell = {"/bin/bash", "-c", "dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"}; Process process = Runtime.getRuntime().exec(shell); process.getOutputStream().close(); BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream())); String line = reader.readLine().trim(); if (StringUtils.isNotBlank(line)) { serialNumber = line; } reader.close(); return serialNumber; } @Override protected String getMainBoardSerial() throws Exception { //序列号 String serialNumber = ""; //使用dmidecode命令获取主板序列号 String[] shell = {"/bin/bash", "-c", "dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"}; Process process = Runtime.getRuntime().exec(shell); process.getOutputStream().close(); BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream())); String line = reader.readLine().trim(); if (StringUtils.isNotBlank(line)) { serialNumber = line; } reader.close(); return serialNumber; } }
(11) WindowsServerInfos.java
package com.ruoyi.license.model; import java.net.InetAddress; import java.util.List; import java.util.Scanner; import java.util.stream.Collectors; /** * 用于获取客户Windows服务器的基本信息 */ public class WindowsServerInfos extends AbstractServerInfos { @Override protected List<String> getIpAddress() throws Exception { List<String> result = null; //获取所有网络接口 List<InetAddress> inetAddresses = getLocalAllInetAddress(); if (inetAddresses != null && inetAddresses.size() > 0) { result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList()); } return result; } @Override protected List<String> getMacAddress() throws Exception { List<String> result = null; //1. 获取所有网络接口 List<InetAddress> inetAddresses = getLocalAllInetAddress(); if (inetAddresses != null && inetAddresses.size() > 0) { //2. 获取所有网络接口的Mac地址 result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList()); } return result; } @Override protected String getCPUSerial() throws Exception { //序列号 String serialNumber = ""; //使用WMIC获取CPU序列号 Process process = Runtime.getRuntime().exec("wmic cpu get processorid"); process.getOutputStream().close(); Scanner scanner = new Scanner(process.getInputStream()); if (scanner.hasNext()) { scanner.next(); } if (scanner.hasNext()) { serialNumber = scanner.next().trim(); } scanner.close(); return serialNumber; } @Override protected String getMainBoardSerial() throws Exception { //序列号 String serialNumber = ""; //使用WMIC获取主板序列号 Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber"); process.getOutputStream().close(); Scanner scanner = new Scanner(process.getInputStream()); if (scanner.hasNext()) { scanner.next(); } if (scanner.hasNext()) { serialNumber = scanner.next().trim(); } scanner.close(); return serialNumber; } }
(12) CustomLicenseManager.java
package com.ruoyi.license.verify; import com.ruoyi.common.exception.LicenseException; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.bean.BeanUtils; import com.ruoyi.license.model.*; import de.schlichtherle.license.*; import de.schlichtherle.xml.GenericCertificate; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.beans.XMLDecoder; import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; import java.io.UnsupportedEncodingException; import java.util.Date; import java.util.List; /** * 自定义LicenseManager,用于增加额外的服务器硬件信息校验 */ public class CustomLicenseManager extends LicenseManager { private static Logger logger = LoggerFactory.getLogger(CustomLicenseManager.class); // XML编码 private static final String XML_CHARSET = "UTF-8"; // 默认BUFSIZE private static final int DEFAULT_BUFSIZE = 8 * 1024; public CustomLicenseManager() { } public CustomLicenseManager(LicenseParam param) { super(param); } /** * 复写create方法 */ @Override protected synchronized byte[] create( LicenseContent content, LicenseNotary notary) throws Exception { initialize(content); this.validateCreate(content); final GenericCertificate certificate = notary.sign(content); return getPrivacyGuard().cert2key(certificate); } /** * 复写install方法,其中validate方法调用本类中的validate方法,校验IP地址、Mac地址等其他信息 */ @Override protected synchronized LicenseContent install( final byte[] key, final LicenseNotary notary) throws Exception { final GenericCertificate certificate = getPrivacyGuard().key2cert(key); notary.verify(certificate); final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded()); this.validate(content); setLicenseKey(key); setCertificate(certificate); return content; } /** * 复写verify方法,调用本类中的validate方法,校验IP地址、Mac地址等其他信息 */ @Override protected synchronized LicenseContent verify(final LicenseNotary notary) throws Exception { GenericCertificate certificate = getCertificate(); // Load license key from preferences, final byte[] key = getLicenseKey(); if (null == key) { throw new NoLicenseInstalledException(getLicenseParam().getSubject()); } certificate = getPrivacyGuard().key2cert(key); notary.verify(certificate); final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded()); this.validate(content); setCertificate(certificate); return content; } /** * 校验生成证书的参数信息 */ protected synchronized void validateCreate(final LicenseContent content) throws LicenseContentException { final LicenseParam param = getLicenseParam(); final Date now = new Date(); final Date notBefore = content.getNotBefore(); final Date notAfter = content.getNotAfter(); logger.debug("证书生效时间:" + notBefore + ",证书失效时间:" + notAfter); if (null != notAfter && now.after(notAfter)) { throw new LicenseContentException("证书失效时间不能早于当前时间"); } if (null != notBefore && null != notAfter && notAfter.before(notBefore)) { throw new LicenseContentException("证书生效时间不能晚于证书失效时间"); } final String consumerType = content.getConsumerType(); if (null == consumerType) { throw new LicenseContentException("用户类型不能为空"); } } /** * 复写validate方法,增加IP地址、Mac地址等其他信息校验 */ @Override protected synchronized void validate(final LicenseContent content) throws LicenseContentException, LicenseException { //1. 首先调用父类的validate方法 super.validate(content); //2. 然后校验自定义的License参数 // License中可被允许的参数信息 LicenseBaseModel licenseBaseModel = new LicenseBaseModel(); BeanUtils.copyBeanProp(licenseBaseModel, content); // System.out.println("基本信息=====>" + licenseBaseModel); LicenseCheckModel expectedCheckModel = (LicenseCheckModel) content.getExtra(); // System.out.println("证书额外验证信息=====>" + expectedCheckModel); // 当前服务器真实的参数信息 LicenseCheckModel serverCheckModel = getServerInfos(); // System.out.println("当前服务器信息=====>" + serverCheckModel); if (expectedCheckModel != null && serverCheckModel != null) { //校验IP地址 if (!checkIpAddress(expectedCheckModel.getIpAddress(), serverCheckModel.getIpAddress())) { throw new LicenseException("当前服务器的IP没在授权范围内"); } //校验Mac地址 if (!checkIpAddress(expectedCheckModel.getMacAddress(), serverCheckModel.getMacAddress())) { throw new LicenseException("当前服务器的Mac地址没在授权范围内"); } // //校验主板序列号 // if (!checkSerial(expectedCheckModel.getMainBoardSerial(), serverCheckModel.getMainBoardSerial())) { // throw new LicenseContentException("当前服务器的主板序列号没在授权范围内"); // } // // //校验CPU序列号 // if (!checkSerial(expectedCheckModel.getCpuSerial(), serverCheckModel.getCpuSerial())) { // throw new LicenseContentException("当前服务器的CPU序列号没在授权范围内"); // } } else { // throw new LicenseException("不能获取服务器硬件信息"); } } /** * 重写XMLDecoder解析XML */ private Object load(String encoded) { BufferedInputStream inputStream = null; XMLDecoder decoder = null; try { inputStream = new BufferedInputStream(new ByteArrayInputStream(encoded.getBytes(XML_CHARSET))); decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE), null, null); return decoder.readObject(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } finally { try { if (decoder != null) { decoder.close(); } if (inputStream != null) { inputStream.close(); } } catch (Exception e) { logger.error("XMLDecoder解析XML失败", e); } } return null; } /** * 获取当前服务器需要额外校验的License参数 */ private LicenseCheckModel getServerInfos() { //操作系统类型 String osName = System.getProperty("os.name").toLowerCase(); AbstractServerInfos abstractServerInfos = null; //根据不同操作系统类型选择不同的数据获取方法 if (osName.startsWith("windows")) { abstractServerInfos = new WindowsServerInfos(); } else if (osName.startsWith("linux")) { abstractServerInfos = new LinuxServerInfos(); } else {//其他服务器类型 abstractServerInfos = new LinuxServerInfos(); } return abstractServerInfos.getServerInfos(); } /** * 校验当前服务器的IP/Mac地址是否在可被允许的IP范围内 * 如果存在IP在可被允许的IP/Mac地址范围内,则返回true */ private boolean checkIpAddress(List<String> expectedList, List<String> serverList) { if (expectedList != null && expectedList.size() > 0) { if (serverList != null && serverList.size() > 0) { for (String expected : expectedList) { if (serverList.contains(expected.trim())) { return true; } } } return false; } else { return true; } } /** * 校验当前服务器硬件(主板、CPU等)序列号是否在可允许范围内 */ private boolean checkSerial(String expectedSerial, String serverSerial) { if (StringUtils.isNotBlank(expectedSerial)) { if (StringUtils.isNotBlank(serverSerial)) { if (expectedSerial.equals(serverSerial)) { return true; } } return false; } else { return true; } } }
(13) LicenseCheckListener.java
package com.ruoyi.license.verify; import com.ruoyi.common.utils.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationListener; import org.springframework.context.event.ContextRefreshedEvent; import org.springframework.stereotype.Component; /** * 在项目启动时安装证书 */ @Component public class LicenseCheckListener implements ApplicationListener<ContextRefreshedEvent> { private static Logger logger = LoggerFactory.getLogger(LicenseCheckListener.class); /** * 证书subject */ @Value("${license.subject}") private String subject; /** * 公钥别称 */ @Value("${license.publicAlias}") private String publicAlias; /** * 访问公钥库的密码 */ @Value("${license.storePass}") private String storePass; /** * 证书生成路径 */ @Value("${license.licensePath}") private String licensePath; /** * 密钥库存储路径 */ @Value("${license.publicKeysStorePath}") private String publicKeysStorePath; @Override public void onApplicationEvent(ContextRefreshedEvent event) { //root application context 没有parent ApplicationContext context = event.getApplicationContext().getParent(); if (context == null) { if (StringUtils.isNotBlank(licensePath)) { logger.info("++++++++ 开始安装证书 ++++++++"); LicenseVerifyParam param = new LicenseVerifyParam(); param.setSubject(subject); param.setPublicAlias(publicAlias); param.setStorePass(storePass); param.setLicensePath(licensePath); param.setPublicKeysStorePath(publicKeysStorePath); LicenseVerify licenseVerify = new LicenseVerify(); //安装证书 licenseVerify.install(param); logger.info("++++++++ 证书安装结束 ++++++++"); } } } }
(14) LicenseManagerHolder.java
package com.ruoyi.license.verify; import de.schlichtherle.license.LicenseManager; import de.schlichtherle.license.LicenseParam; /** * de.schlichtherle.license.LicenseManager的单例 */ public class LicenseManagerHolder { private static volatile LicenseManager LICENSE_MANAGER; public static LicenseManager getInstance(LicenseParam param) { if (LICENSE_MANAGER == null) { synchronized (LicenseManagerHolder.class) { if (LICENSE_MANAGER == null) { LICENSE_MANAGER = new CustomLicenseManager(param); } } } return LICENSE_MANAGER; } }
(15) LicenseVerify.java
package com.ruoyi.license.verify; import com.ruoyi.license.create.CustomKeyStoreParam; import de.schlichtherle.license.*; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.File; import java.text.DateFormat; import java.text.MessageFormat; import java.text.SimpleDateFormat; import java.util.prefs.Preferences; /** * License校验类 */ public class LicenseVerify { private static Logger logger = LoggerFactory.getLogger(LicenseVerify.class); /** * 安装License证书 */ public synchronized LicenseContent install(LicenseVerifyParam param){ LicenseContent result = null; DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); //1. 安装证书 try{ LicenseManager licenseManager = LicenseManagerHolder.getInstance(initLicenseParam(param)); licenseManager.uninstall(); result = licenseManager.install(new File(param.getLicensePath())); logger.info(MessageFormat.format("证书安装成功,证书有效期:{0} - {1}",format.format(result.getNotBefore()),format.format(result.getNotAfter()))); }catch (Exception e){ logger.error("证书安装失败!",e); } return result; } /** * 校验License证书 */ public boolean verify() { LicenseManager licenseManager = LicenseManagerHolder.getInstance(null); DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); //2. 校验证书 try { LicenseContent licenseContent = licenseManager.verify(); logger.info("subject=======>" + licenseContent.getSubject()); logger.info(MessageFormat.format("证书校验通过,证书有效期:{0} - {1}", format.format(licenseContent.getNotBefore()),format.format(licenseContent.getNotAfter()))); return true; }catch (Exception e){ logger.error("证书校验失败!",e); return false; } } /** * 初始化证书生成参数 */ private LicenseParam initLicenseParam(LicenseVerifyParam param){ Preferences preferences = Preferences.userNodeForPackage(LicenseVerify.class); CipherParam cipherParam = new DefaultCipherParam(param.getStorePass()); KeyStoreParam publicStoreParam = new CustomKeyStoreParam(LicenseVerify.class ,param.getPublicKeysStorePath() ,param.getPublicAlias() ,param.getStorePass() ,null); return new DefaultLicenseParam(param.getSubject() ,preferences ,publicStoreParam ,cipherParam); } }
(16) LicenseVerifyController.java
package com.ruoyi.license.verify; import com.ruoyi.common.annotation.Log; import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.enums.BusinessType; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; /** * 验证接口 */ @RestController @RequestMapping("/license") public class LicenseVerifyController { /** * 验证信息 */ @GetMapping("/verify") @Log(title = "证书验证", businessType = BusinessType.OTHER) public AjaxResult licenseVerify() { return AjaxResult.success("验证成功"); } }
(17) LicenseVerifyParam.java
package com.ruoyi.license.verify; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; /** * License校验类需要的参数 */ @Data @NoArgsConstructor @AllArgsConstructor public class LicenseVerifyParam { /** * 证书subject */ private String subject; /** * 公钥别称 */ private String publicAlias; /** * 访问公钥库的密码 */ private String storePass; /** * 证书生成路径 */ private String licensePath; /** * 密钥库存储路径 */ private String publicKeysStorePath; }
(18) 相关配置
license: privateKeysStorePath: D:/license/new/privateKeys.keystore createLicensePath: D:/license/new/license.lic subject: xxxx publicAlias: publicCert storePass: public_password licensePath: D:/license/license.lic publicKeysStorePath: D:/license/publicCerts.keystore
4. 证书测试
(1) 生成证书,将第一步生成的privateKeys.keystore文件放在对应目录(privateKeysStorePath)下 (先吧拦截器注释掉,否则有可能访问不到)
请求/license/generateLicense 参数为json,content-type 为 application/json 例如:
{
"subject" : "xxxx",
"privateAlias" : "privateKey",
"keyPass": "private_password",
"storePass" : "public_password",
"expiryTime": "2024-04-10 14:15:00",
"licenseCheckModel" : {
"ipAddress": ["000.000.0.000"],
"macAddress": ["XX-XX-XX-XX-XX-XX"],
"cpuSerial": "",
"mainBoardSerial": ""
}
}
若成功则会在配置的目录(createLicensePath)下生成license.lic文件,不成功一般是没有将对应的privateKeys.keystore放置或者是参数与第一步设置的参数不同步或者参数不合理导致
(2) 验证证书,将新生成的license.lic文件放到对应的目录(licensePath)下 (拦截器取消注释,然后重启)
请求/license/verify 查看响应
