license

package
v0.0.0-...-c8dba2a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2019 License: MIT Imports: 18 Imported by: 1

Documentation

Index

Constants

View Source 
const CertificateType = "LITHIUM CERTIFICATE"

CertificateType is used to armour the public certificates of the server chain which issued the license.

View Source 
const EncryptedLicenseLabel = "Lithium License Encryption Key"

EncryptedLicenseLabel is used to identify a key which is used for symmetric cryptographic operations, and which has been protected by an asymmetric encryption layer.

View Source 
const EncryptedPayloadKeyLabel = "Lithium Encrypted Payload Key"

EncryptedPayloadKeyLabel is responsible for identifying an asymmetrically encrypted key used to perform symmetric encryption/decryption for encrypted payload objects.

View Source 
const LicenseKeyType = "LITHIUM LICENSE KEY"

LicenseKeyType is used to armour the Lithium license encryption key after it has been encrypted and encoded.

View Source 
const LicenseType = "LITHIUM LICENSE"

LicenseType is used to armour the Lithium license data when encrypted and encoded.

View Source 
const PrivateKeyType = "LITHIUM PRIVATE KEY"

PrivateKeyType is used to armour the machine's private key when PEM encoded and encrypted.

View Source 
const PublicKeyType = "LITHIUM PUBLIC KEY"

PublicKeyType is used to armour the machine's public key when PEM encoded.

View Source 
const SignatureType = "LITHIUM SIGNATURE"

SignatureType is used to armour the Lithium license data's signature data.

Variables

View Source 
var KeySize = 2048

KeySize is the size of the RSA key used for license encryption and decryption. 2048 is probably secure enough for any general use, however you can reduce this to 1024 or increase to 4096 to balance generation speed and security.

View Source 
var PrivateKeyName = "machine"

PrivateKeyName is the name of the private key file. It may be changed if you wish to enable multiple side-by-side installations with different keys. This is usually not necessary.

View Source 
var PublicKeyName = "machine.pub"

PublicKeyName is the name of your public key file. It may be changed if you wish to enable multiple side-by-side installations with different keys. This is usually not necessary.

Functions

func EncodeContainer 

func EncodeContainer(container *Container) ([]byte, error)

EncodeContainer will encode a license container into its binary format.

func EncodeData 

func EncodeData(data *Data) ([]byte, error)

EncodeData is responsible for encoding a license Data structure into its binary form for transfer between nodes or further processing.

Types

type CertManager 

type CertManager struct {
	Path    string
	Product *Product
}

CertManager is responsible for tracking the local node's certificates.

func NewCertManager 

func NewCertManager(prod *Product) *CertManager

NewCertManager is responsible for creating a new certificate manager instance. This instance will be responsible for creating, signing and persisting product certificates.

func (*CertManager) CreateRoot 

func (m *CertManager) CreateRoot(privKey *rsa.PrivateKey) (*x509.Certificate, error)

CreateRoot will create a new, self-signed, root certificate.

func (*CertManager) GetLocal 

func (m *CertManager) GetLocal() (*x509.Certificate, error)

GetLocal retrieves the certificate used to sign derivative licenses for the current server.

func (*CertManager) Prepare 

func (m *CertManager) Prepare(csr *x509.CertificateRequest, license *Data) *x509.Certificate

Prepare is responsible for preparing an x509 certificate to match a specific license's constraints.

func (*CertManager) SetLocal 

func (m *CertManager) SetLocal(cert *x509.Certificate) error

SetLocal will update the stored local certificate to match the certificate provided.

func (*CertManager) Sign 

func (m *CertManager) Sign(csr *x509.Certificate, privKey interface{}) (*x509.Certificate, error)

Sign is responsible for signing a provided certificate using the current product's certificate and private key. This then enables consumers of the resulting certificate to trace the authenticity of that certificate back to a single root certificate.

type Container 

type Container struct {
	Payload      EncryptedPayload
	Signature    *Signature
	Certificates []*x509.Certificate
}

Container represents

func ParseContainer 

func ParseContainer(licenseData []byte) (*Container, error)

ParseContainer is responsible for parsing a license file into its structured representation.

func (*Container) IsValid 

func (c *Container) IsValid(rootCertificate *x509.Certificate) (bool, error)

IsValid is responsible for determining whether a container is valid by validating the signature of its data and the certification chain of that signature.

func (*Container) License 

func (c *Container) License(privKey *rsa.PrivateKey, rootCert *x509.Certificate) (*Data, error)

License will extract and decode the license data from the encrypted license block in this container.

func (*Container) SetLicense 

func (c *Container) SetLicense(data *Data, pubKey *rsa.PublicKey) error

SetLicense will set the license data for this container. You will need to sign that data using your private key once you are finished. The public key you provide is used to ensure that the encryption key used to protect the license data is accessible by the intended client.

func (*Container) Sign 

func (c *Container) Sign(privateKey *rsa.PrivateKey, algorithm string) error

Sign will populate the signature structure with the correct signature and algorithm for the license data provided.

type Data 

type Data struct {
	Meta    *Metadata              `json:"meta"`
	Payload map[string]interface{} `json:"payload"`
}

Data represents the data of a license entry. Specifically, it includes the protocol specific metadata and the custom license payload data.

func DecodeData 

func DecodeData(data []byte) (*Data, error)

DecodeData is responsible for decoding a previously encoded, binary license data object, into its native format for further use.

func (*Data) IsValid 

func (l *Data) IsValid() (bool, error)

IsValid determines whether a license object is valid for use. It does so by checking that the metadata is present, that it is within the validity period and that there is a defined payload.

type EncryptedPayload 

type EncryptedPayload struct {
	Data      []byte `json:"data"`
	Key       []byte `json:"key"`
	IV        []byte `json:"iv"`
	Algorithm string `json:"algorithm"`
}

EncryptedPayload represents an encrypted license definition. It is encrypted using AES256 making use of the IV and Key provided. The Key itself is encrypted using RSA.

func (*EncryptedPayload) Decrypt 

func (p *EncryptedPayload) Decrypt(data interface{}, privKey *rsa.PrivateKey) error

Decrypt will transform an encrypted payload into the data variable you specify. This assumes that your provided private key matches the public key used to encrypt the symmetric key for the encrypted payload.

func (*EncryptedPayload) Encrypt 

func (p *EncryptedPayload) Encrypt(data interface{}, pubKey *rsa.PublicKey) error

Encrypt will encrypt the provided data in a reversible manner. The data is first serialized using JSON, following which it is encrypted using a symmetric encryption algorithm, adopting a cryptographically random key and initialization vector. The vector is stored alongside the data, and the key is encrypted using an asymmetric algorithm and the provided public key. Only someone in posession of the corresponding private key will be able to decrypt the symmetric encryption key, and thereby decrypt the contents of the data.

type KeyManager 

type KeyManager struct {
	MachineCode []byte
	Path        string
}

KeyManager provides a set of tools for accessing your machine's local key. This is tied to your machine and allows you to decrypt your license packs.

func NewKeyManager 

func NewKeyManager(machineCode []byte) *KeyManager

NewKeyManager returns a new KeyManager for your local machine using the given machine code to encrypt and decrypt local machine keys.

func (*KeyManager) GetPrivateKey 

func (m *KeyManager) GetPrivateKey() (*rsa.PrivateKey, error)

GetPrivateKey retrieves the private key for your local machine. This is used to decrypt license packs and sign child license files for later verification.

func (*KeyManager) GetPublicKey 

func (m *KeyManager) GetPublicKey() (*rsa.PublicKey, error)

GetPublicKey retrieves the public key for your local machine. This is used by upstream servers to identify and encrypt keys for your machine.

func (*KeyManager) ResetKeypair 

func (m *KeyManager) ResetKeypair() error

ResetKeypair will generate a new keypair for this machine, replacing the existing keypair and invalidating any licenses which were created for it.

type Metadata 

type Metadata struct {
	ID          string               `json:"id"`
	ActivatesOn time.Time            `json:"activates"`
	ExpiresOn   time.Time            `json:"expires"`
	Pack        map[string]*Template `json:"pack,omitempty"`
}

Metadata is the protocol specific metadata describing a license, including its unique identifier, valid date range and any child licenses it may issue.

type Product 

type Product struct {
	ID           string `json:"id"`
	Name         string `json:"name"`
	Organization string `json:"organization"`
}

Product tracks a product which makes use of Lithium for licensing purposes.

type Signature 

type Signature struct {
	Data      []byte
	Algorithm string
}

Signature represents the signature of a bundle of data.

type Template 

type Template struct {
	Count   int                    `json:"count"`
	Payload map[string]interface{} `json:"payload"`
	Pack    map[string]*Template   `json:"pack,omitempty"`
}

Template represents a class of licenses as well as the number of licenses of that type which may be generated.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.