环境
- MacOS 10.14.6
- JDK1.8
源码链接:
https://github.com/zuiyu-main/springboot-demo/tree/master/springboot-license
使用keytool工具生成签名文件
https://mp.weixin.qq.com/s?__biz=MzIwNzYzODIxMw==&mid=2247485388&idx=1&sn=dd51ac189b41c02a65f6df4577f481d4&chksm=970e1c66a0799570e8c7391ee5e9a3fd2fb09a29d05e3200671fed8d9f52c385d01671090c97#rd
生成私钥公钥
使用JDK自带的keytool
工具生成签名
keytool -genkeypair -keysize 1024 -validity 3650 -alias "zuiyuPrivateKey" -keypass "zuiyu_private_password_1234" -keystore "zuiyuPrivateKeys.keystore" -storepass "zuiyu_public_password_1234" -dname "CN=zuiyu,OU=zuiyu,O=zuiyu,L=BJ,ST=BJ,C=CN"
导出签名文件 zuiyuCertfile.cer
keytool -exportcert -alias "zuiyuPrivateKey" -keystore "zuiyuPrivateKeys.keystore" -storepass "zuiyu_public_password_1234" -file "zuiyuCertfile.cer"
导入签名文件
keytool -import -alias "zuiyuPublicCert" -file "zuiyuCertfile.cer" -keystore "zuiyuPublicCerts.keystore" -storepass "zuiyu_public_password_1234"
帮助命令(根据需要使用)
# 删除
keytool -delete -alias zuiyuPrivateKey -keystore "zuiyuPrivateKeys.keystore" -storepass "zuiyu_public_password_1234"
# 查看
keytool -list -v -keystore zuiyuPrivateKeys.keystore -storepass "zuiyu_public_password_1234"
最后
上述命令执行完成之后,会在当前路径下生成三个文件,分别是:zuiyuPrivateKeys.keystore、zuiyuPublicCerts.keystore、zuiyuCertfile.cer。其中文件zuiyuCertfile.cer不再需要可以删除,文件zuiyuPrivateKeys.keystore用于当前的license-server项目给客户生成license文件,而文件zuiyuPublicCerts.keystore则随应用代码部署到客户服务器,用户解密license文件并校验其许可信息。
license-common
如下license-common 内容较长,全部代码都有,可直接粘贴
如下license-common 内容较长,全部代码都有,可直接粘贴
如下license-common 内容较长,全部代码都有,可直接粘贴
可直接跳转源码GitHub
https://github.com/zuiyu-main/springboot-demo/tree/master/springboot-license
新建一个license-common
模块
pom.xml
中加入license
相关依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.47</version>
</dependency>
<!-- License -->
<dependency>
<groupId>de.schlichtherle.truelicense</groupId>
<artifactId>truelicense-core</artifactId>
<version>1.33</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.7</version>
</dependency>
修改pom.xml中打包插件配置
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
定义一个授权文件信息类 LicenseCreatorParam
public class LicenseCreatorParam implements Serializable {
private static final long serialVersionUID = -7793154252684580872L;
/**
* 证书subject
*/
private String subject;
/**
* 密钥别称
*/
private String privateAlias;
/**
* 密钥密码(需要妥善保管,不能让使用者知道)
*/
private String keyPass;
/**
* 访问秘钥库的密码
*/
private String storePass;
/**
* 证书生成路径
*/
private String licensePath;
/**
* 密钥库存储路径
*/
private String privateKeysStorePath;
/**
* 证书生效时间
*/
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
private Date issuedTime = new Date();
/**
* 证书失效时间
*/
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
private Date expiryTime;
/**
* 用户类型
*/
private String consumerType = "user";
/**
* 用户数量
*/
private Integer consumerAmount = 1;
/**
* 描述信息
*/
private String description = "";
/**
* 额外的服务器硬件校验信息
*/
private LicenseCheckModel licenseCheckModel;
// 省略get set
}
定义一个授权文件中系统信息类 LicenseCheckModel
public class LicenseCheckModel {
// private static final long serialVersionUID = 8600137500316662317L;
/**
* 可被允许的IP地址
*/
private Boolean checkIp;
private List<String> ipAddress;
private Boolean checkMac;
/**
* 可被允许的MAC地址
*/
private List<String> macAddress;
/**
* 可被允许的CPU序列号
*/
private String cpuSerial;
private Boolean checkCpu;
/**
* 可被允许的主板序列号
*/
private String mainBoardSerial;
private Boolean checkMainBoard;
// 省略get set
}
定义一个校验签名文件的信息类LicenseVerifyParam
public class LicenseVerifyParam {
/**
* 证书subject
*/
private String subject;
/**
* 公钥别称
*/
private String publicAlias;
/**
* 访问公钥库的密码
*/
private String storePass;
/**
* 证书生成路径
*/
private String licensePath;
/**
* 密钥库存储路径
*/
private String publicKeysStorePath;
public LicenseVerifyParam() {
}
public LicenseVerifyParam(String subject, String publicAlias, String storePass, String licensePath, String publicKeysStorePath) {
this.subject = subject;
this.publicAlias = publicAlias;
this.storePass = storePass;
this.licensePath = licensePath;
this.publicKeysStorePath = publicKeysStorePath;
}
// 省略get set
}
定义获取客户服务器信息的抽象类AbstractServerInfos
public abstract class AbstractServerInfos {
public static Logger log = LoggerFactory.getLogger(AbstractServerInfos.class);
/**
* 组装需要额外校验的License参数
*
* @return demo.LicenseCheckModel
*/
public LicenseCheckModel getServerInfos() {
LicenseCheckModel result = new LicenseCheckModel();
try {
result.setIpAddress(this.getIpAddress());
result.setMacAddress(this.getMacAddress());
result.setCpuSerial(this.getCPUSerial());
result.setMainBoardSerial(this.getMainBoardSerial());
} catch (Exception e) {
log.error("获取服务器硬件信息失败", e);
}
return result;
}
/**
* 获取IP地址
*
* @return java.util.List<java.lang.String>
*/
protected abstract List<String> getIpAddress() throws Exception;
/**
* 获取Mac地址
*
* @return java.util.List<java.lang.String>
*/
protected abstract List<String> getMacAddress() throws Exception;
/**
* 获取CPU序列号
*
* @return java.lang.String
*/
protected abstract String getCPUSerial() throws Exception;
/**
* 获取主板序列号
*
* @return java.lang.String
*/
protected abstract String getMainBoardSerial() throws Exception;
/**
* 获取当前服务器所有符合条件的InetAddress
*
* @return java.util.List<java.net.InetAddress>
*/
protected List<InetAddress> getLocalAllInetAddress() throws Exception {
List<InetAddress> result = new ArrayList<>(4);
// 遍历所有的网络接口
for (Enumeration networkInterfaces = NetworkInterface.getNetworkInterfaces(); networkInterfaces.hasMoreElements(); ) {
NetworkInterface iface = (NetworkInterface) networkInterfaces.nextElement();
// 在所有的接口下再遍历IP
for (Enumeration inetAddresses = iface.getInetAddresses(); inetAddresses.hasMoreElements(); ) {
InetAddress inetAddr = (InetAddress) inetAddresses.nextElement();
//排除LoopbackAddress、SiteLocalAddress、LinkLocalAddress、MulticastAddress类型的IP地址
if (!inetAddr.isLoopbackAddress() /*&& !inetAddr.isSiteLocalAddress()*/
&& !inetAddr.isLinkLocalAddress() && !inetAddr.isMulticastAddress()) {
result.add(inetAddr);
}
}
}
return result;
}
/**
* 获取某个网络接口的Mac地址
*
* @param
* @return void
*/
protected String getMacByInetAddress(InetAddress inetAddr) {
try {
byte[] mac = NetworkInterface.getByInetAddress(inetAddr).getHardwareAddress();
StringBuffer stringBuffer = new StringBuffer();
for (int i = 0; i < mac.length; i++) {
if (i != 0) {
stringBuffer.append("-");
}
//将十六进制byte转化为字符串
String temp = Integer.toHexString(mac[i] & 0xff);
if (temp.length() == 1) {
stringBuffer.append("0" + temp);
} else {
stringBuffer.append(temp);
}
}
return stringBuffer.toString().toUpperCase();
} catch (SocketException e) {
log.error("获取某个网络接口的Mac地址异常", e);
}
return null;
}
}
定义不同系统获取系统信息的方法LinuxServerInfos
,WindowsServerInfos
windows
public class WindowsServerInfos extends AbstractServerInfos {
@Override
protected List<String> getIpAddress() throws Exception {
List<String> result = null;
//获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress();
if (inetAddresses != null && inetAddresses.size() > 0) {
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
}
return result;
}
@Override
protected List<String> getMacAddress() throws Exception {
List<String> result = null;
//1. 获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress();
if (inetAddresses != null && inetAddresses.size() > 0) {
//2. 获取所有网络接口的Mac地址
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
}
return result;
}
@Override
protected String getCPUSerial() throws Exception {
//序列号
String serialNumber = "";
//使用WMIC获取CPU序列号
Process process = Runtime.getRuntime().exec("wmic cpu get processorid");
process.getOutputStream().close();
Scanner scanner = new Scanner(process.getInputStream());
if (scanner != null && scanner.hasNext()) {
scanner.next();
}
if (scanner.hasNext()) {
serialNumber = scanner.next().trim();
}
scanner.close();
return serialNumber;
}
@Override
protected String getMainBoardSerial() throws Exception {
//序列号
String serialNumber = "";
//使用WMIC获取主板序列号
Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber");
process.getOutputStream().close();
Scanner scanner = new Scanner(process.getInputStream());
if (scanner != null && scanner.hasNext()) {
scanner.next();
}
if (scanner.hasNext()) {
serialNumber = scanner.next().trim();
}
scanner.close();
return serialNumber;
}
}
public class LinuxServerInfos extends AbstractServerInfos {
@Override
protected List<String> getIpAddress() throws Exception {
List<String> result = null;
//获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress();
if (inetAddresses != null && inetAddresses.size() > 0) {
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
}
return result;
}
@Override
protected List<String> getMacAddress() throws Exception {
List<String> result = null;
//1. 获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress();
if (inetAddresses != null && inetAddresses.size() > 0) {
//2. 获取所有网络接口的Mac地址
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
}
return result;
}
@Override
protected String getCPUSerial() throws Exception {
//序列号
String serialNumber = "";
//使用dmidecode命令获取CPU序列号
String[] shell = {"/bin/bash", "-c", "dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"};
Process process = Runtime.getRuntime().exec(shell);
process.getOutputStream().close();
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
if (null == reader.readLine()) {
return serialNumber;
}
String line = reader.readLine().trim();
if (StringUtils.isNotBlank(line)) {
serialNumber = line;
}
reader.close();
return serialNumber;
}
@Override
protected String getMainBoardSerial() throws Exception {
//序列号
String serialNumber = "";
//使用dmidecode命令获取主板序列号
String[] shell = {"/bin/bash", "-c", "dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"};
Process process = Runtime.getRuntime().exec(shell);
process.getOutputStream().close();
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
if (null == reader.readLine()) {
return serialNumber;
}
String line = reader.readLine().trim();
if (StringUtils.isNotBlank(line)) {
serialNumber = line;
}
reader.close();
return serialNumber;
}
}
增加CustomLicenseManager
,用于自定义参数信息验证
public class CustomLicenseManager extends LicenseManager {
public static Logger log = LoggerFactory.getLogger(CustomLicenseManager.class);
//XML编码
private static final String XML_CHARSET = "UTF-8";
//默认BUFSIZE
private static final int DEFAULT_BUFSIZE = 8 * 1024;
public CustomLicenseManager() {
}
public CustomLicenseManager(LicenseParam param) {
super(param);
}
/**
* 复写create方法
*
* @return byte[]
*/
@Override
protected synchronized byte[] create(
LicenseContent content,
LicenseNotary notary)
throws Exception {
initialize(content);
this.validateCreate(content);
final GenericCertificate certificate = notary.sign(content);
return getPrivacyGuard().cert2key(certificate);
}
/**
* 复写install方法,其中validate方法调用本类中的validate方法,校验IP地址、Mac地址等其他信息
*
* @param
* @return de.schlichtherle.license.LicenseContent
*/
@Override
protected synchronized LicenseContent install(
final byte[] key,
final LicenseNotary notary)
throws Exception {
final GenericCertificate certificate = getPrivacyGuard().key2cert(key);
notary.verify(certificate);
final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
this.validate(content);
setLicenseKey(key);
setCertificate(certificate);
return content;
}
/**
* 复写verify方法,调用本类中的validate方法,校验IP地址、Mac地址等其他信息
*
* @param
* @return de.schlichtherle.license.LicenseContent
*/
@Override
protected synchronized LicenseContent verify(final LicenseNotary notary)
throws Exception {
GenericCertificate certificate = getCertificate();
// Load license key from preferences,
final byte[] key = getLicenseKey();
if (null == key) {
throw new NoLicenseInstalledException(getLicenseParam().getSubject());
}
certificate = getPrivacyGuard().key2cert(key);
notary.verify(certificate);
final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
this.validate(content);
setCertificate(certificate);
return content;
}
/**
* 校验生成证书的参数信息
*
* @param content 证书正文
*/
protected synchronized void validateCreate(final LicenseContent content)
throws LicenseContentException {
final LicenseParam param = getLicenseParam();
final Date now = new Date();
final Date notBefore = content.getNotBefore();
final Date notAfter = content.getNotAfter();
if (null != notAfter && now.after(notAfter)) {
throw new LicenseContentException("证书失效时间不能早于当前时间");
}
if (null != notBefore && null != notAfter && notAfter.before(notBefore)) {
throw new LicenseContentException("证书生效时间不能晚于证书失效时间");
}
final String consumerType = content.getConsumerType();
if (null == consumerType) {
throw new LicenseContentException("用户类型不能为空");
}
}
/**
* 复写validate方法,增加IP地址、Mac地址等其他信息校验
*
* @param content LicenseContent
*/
@Override
protected synchronized void validate(final LicenseContent content)
throws LicenseContentException {
//1. 首先调用父类的validate方法
super.validate(content);
//2. 然后校验自定义的License参数
//License中可被允许的参数信息
LicenseCheckModel expectedCheckModel = (LicenseCheckModel) content.getExtra();
if (expectedCheckModel != null) {
//当前服务器真实的参数信息
LicenseCheckModel serverCheckModel = getServerInfos();
if (serverCheckModel != null) {
//校验IP地址
if (expectedCheckModel.getCheckIp() && !checkIpAddress(expectedCheckModel.getIpAddress(), serverCheckModel.getIpAddress())) {
throw new LicenseContentException("当前服务器的IP没在授权范围内");
}
//校验Mac地址
if (expectedCheckModel.getCheckMac() && !checkIpAddress(expectedCheckModel.getMacAddress(), serverCheckModel.getMacAddress())) {
throw new LicenseContentException("当前服务器的Mac地址没在授权范围内");
}
//校验主板序列号
if (expectedCheckModel.getCheckMainBoard() && !checkSerial(expectedCheckModel.getMainBoardSerial(), serverCheckModel.getMainBoardSerial())) {
throw new LicenseContentException("当前服务器的主板序列号没在授权范围内");
}
//校验CPU序列号
if (expectedCheckModel.getCheckCpu() && !checkSerial(expectedCheckModel.getCpuSerial(), serverCheckModel.getCpuSerial())) {
throw new LicenseContentException("当前服务器的CPU序列号没在授权范围内");
}
} else {
throw new LicenseContentException("不能获取服务器硬件信息");
}
}
}
/**
* 重写XMLDecoder解析XML
*
* @param encoded XML类型字符串
* @return java.lang.Object
*/
private Object load(String encoded) {
// encoded = encoded.replace("com.modules.entity.LicenseCheckModel", "com.zuiyu.client.bean.LicenseCheckModel");
BufferedInputStream inputStream = null;
XMLDecoder decoder = null;
try {
inputStream = new BufferedInputStream(new ByteArrayInputStream(encoded.getBytes(XML_CHARSET)));
decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE), null, null);
return decoder.readObject();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} finally {
try {
if (decoder != null) {
decoder.close();
}
if (inputStream != null) {
inputStream.close();
}
} catch (Exception e) {
log.error("XMLDecoder解析XML失败", e);
}
}
return null;
}
/**
* 获取当前服务器需要额外校验的License参数
*
* @return demo.LicenseCheckModel
*/
private LicenseCheckModel getServerInfos() {
//操作系统类型
String osName = System.getProperty("os.name").toLowerCase();
AbstractServerInfos abstractServerInfos = null;
//根据不同操作系统类型选择不同的数据获取方法
if (osName.startsWith("windows")) {
abstractServerInfos = new WindowsServerInfos();
} else if (osName.startsWith("linux")) {
abstractServerInfos = new LinuxServerInfos();
} else {//其他服务器类型
abstractServerInfos = new LinuxServerInfos();
}
return abstractServerInfos.getServerInfos();
}
/**
* 校验当前服务器的IP/Mac地址是否在可被允许的IP范围内<br/>
* 如果存在IP在可被允许的IP/Mac地址范围内,则返回true
*
* @return boolean
*/
private boolean checkIpAddress(List<String> expectedList, List<String> serverList) {
if (expectedList != null && expectedList.size() > 0) {
if (serverList != null && serverList.size() > 0) {
for (String expected : expectedList) {
if (serverList.contains(expected.trim())) {
return true;
}
}
}
return false;
} else {
return true;
}
}
/**
* 校验当前服务器硬件(主板、CPU等)序列号是否在可允许范围内
*
* @param
* @return boolean
*/
private boolean checkSerial(String expectedSerial, String serverSerial) {
if (StringUtils.isNotBlank(expectedSerial)) {
if (StringUtils.isNotBlank(serverSerial)) {
if (expectedSerial.equals(serverSerial)) {
return true;
}
}
return false;
} else {
return true;
}
}
}
定义 CustomKeyStoreParam
,用于授权文件持久化磁盘
package com.zuiyu.common.license;
import de.schlichtherle.license.AbstractKeyStoreParam;
import java.io.*;
/**
* 自定义KeyStoreParam,用于将公私钥存储文件存放到其他磁盘位置而不是项目中
*/
public class CustomKeyStoreParam extends AbstractKeyStoreParam {
/**
* 公钥/私钥在磁盘上的存储路径
*/
private String storePath;
private String alias;
private String storePwd;
private String keyPwd;
public CustomKeyStoreParam(Class clazz, String resource, String alias, String storePwd, String keyPwd) {
super(clazz, resource);
this.storePath = resource;
this.alias = alias;
this.storePwd = storePwd;
this.keyPwd = keyPwd;
}
@Override
public String getAlias() {
return alias;
}
@Override
public String getStorePwd() {
return storePwd;
}
@Override
public String getKeyPwd() {
return keyPwd;
}
/**
* 复写de.schlichtherle.license.AbstractKeyStoreParam的getStream()方法<br/>
* 用于将公私钥存储文件存放到其他磁盘位置而不是项目中
*
* @param
* @return java.io.InputStream
*/
@Override
public InputStream getStream() throws IOException {
final InputStream in = new FileInputStream(new File(storePath));
if (null == in) {
throw new FileNotFoundException(storePath);
}
return in;
}
}
定义LicenseManagerHolder
,获取全局的唯一一个授权管理对象
public class LicenseManagerHolder {
private static volatile LicenseManager LICENSE_MANAGER;
public static LicenseManager getInstance(LicenseParam param) {
if (LICENSE_MANAGER == null) {
synchronized (LicenseManagerHolder.class) {
if (LICENSE_MANAGER == null) {
LICENSE_MANAGER = new CustomLicenseManager(param);
}
}
}
return LICENSE_MANAGER;
}
}
定义授权文件校验类 LicenseVerify
public class LicenseVerify {
public static Logger log = LoggerFactory.getLogger(LicenseVerify.class);
/**
* 安装License证书
*/
public synchronized LicenseContent install(LicenseVerifyParam param) {
LicenseContent result = null;
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
//1. 安装证书
try {
LicenseManager licenseManager = LicenseManagerHolder.getInstance(initLicenseParam(param));
licenseManager.uninstall();
result = licenseManager.install(new File(param.getLicensePath()));
log.info(MessageFormat.format("证书安装成功,证书有效期:{0} - {1}", format.format(result.getNotBefore()), format.format(result.getNotAfter())));
} catch (Exception e) {
log.error("证书安装失败!", e);
}
return result;
}
/**
* 校验License证书
*
* @return boolean
*/
public boolean verify() {
LicenseManager licenseManager = LicenseManagerHolder.getInstance(null);
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
//2. 校验证书
try {
LicenseContent licenseContent = licenseManager.verify();
// System.out.println(licenseContent.getSubject());
log.info(MessageFormat.format("证书校验通过,证书有效期:{0} - {1}", format.format(licenseContent.getNotBefore()), format.format(licenseContent.getNotAfter())));
return true;
} catch (Exception e) {
log.error("证书校验失败!", e);
return false;
}
}
/**
* 初始化证书生成参数
*
* @param param License校验类需要的参数
* @return de.schlichtherle.license.LicenseParam
*/
private LicenseParam initLicenseParam(LicenseVerifyParam param) {
Preferences preferences = Preferences.userNodeForPackage(LicenseVerify.class);
CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
KeyStoreParam publicStoreParam = new CustomKeyStoreParam(LicenseVerify.class
, param.getPublicKeysStorePath()
, param.getPublicAlias()
, param.getStorePass()
, null);
return new DefaultLicenseParam(param.getSubject()
, preferences
, publicStoreParam
, cipherParam);
}
}
定义授权文件生成辅助类 LicenseCreator
public class LicenseCreator {
public static Logger log = LoggerFactory.getLogger(LicenseCreator.class);
private final static X500Principal DEFAULT_HOLDER_AND_ISSUER = new X500Principal("CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN");
private LicenseCreatorParam param;
public LicenseCreator(LicenseCreatorParam param) {
this.param = param;
}
/**
* 生成License证书
*
* @return boolean
*/
public boolean generateLicense() {
try {
LicenseManager licenseManager = new CustomLicenseManager(initLicenseParam());
LicenseContent licenseContent = initLicenseContent();
licenseManager.store(licenseContent, new File(param.getLicensePath()));
return true;
} catch (Exception e) {
e.printStackTrace();
log.error(MessageFormat.format("证书生成失败:{0}", param), e.getMessage());
return false;
}
}
/**
* 初始化证书生成参数
*
* @return de.schlichtherle.license.LicenseParam
*/
private LicenseParam initLicenseParam() {
Preferences preferences = Preferences.userNodeForPackage(LicenseCreator.class);
//设置对证书内容加密的秘钥
CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
KeyStoreParam privateStoreParam = new CustomKeyStoreParam(LicenseCreator.class
, param.getPrivateKeysStorePath()
, param.getPrivateAlias()
, param.getStorePass()
, param.getKeyPass());
LicenseParam licenseParam = new DefaultLicenseParam(param.getSubject()
, preferences
, privateStoreParam
, cipherParam);
return licenseParam;
}
/**
* 设置证书生成正文信息
*
* @return de.schlichtherle.license.LicenseContent
*/
private LicenseContent initLicenseContent() {
LicenseContent licenseContent = new LicenseContent();
licenseContent.setHolder(DEFAULT_HOLDER_AND_ISSUER);
licenseContent.setIssuer(DEFAULT_HOLDER_AND_ISSUER);
licenseContent.setSubject(param.getSubject());
licenseContent.setIssued(param.getIssuedTime());
licenseContent.setNotBefore(param.getIssuedTime());
licenseContent.setNotAfter(param.getExpiryTime());
licenseContent.setConsumerType(param.getConsumerType());
licenseContent.setConsumerAmount(param.getConsumerAmount());
licenseContent.setInfo(param.getDescription());
//扩展校验服务器硬件信息
licenseContent.setExtra(param.getLicenseCheckModel());
return licenseContent;
}
}
能看到的这的是真爱吧,毕竟全是代码干货,没有一丁点的理论啊,这谁能hold住
下面就可以进入common
模块的打包了,打包结束就可以提供给server
模块和client
模块使用了
Maven common 模块打包
https://mp.weixin.qq.com/s?__biz=MzIwNzYzODIxMw==&mid=2247485375&idx=1&sn=07664bdeae20b775b12a3ce9cd3ea0f2&chksm=970e1c15a0799503a15070ebfd09fda60b065ea51d5b9c1ce32539ad5fdb232a8f92b2053822#rd
license-common,修改 pom.xml
中的打包插件为下面这种
<groupId>com.zuiyu</groupId>
<artifactId>license-common</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>license-common</name>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
执行idea中的打包,也就是 mvn install
需要引用该模块的代码项目pom.xml
中加入以下内容
<dependency>
<groupId>com.zuiyu</groupId>
<artifactId>license-common</artifactId>
<version>0.0.1-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
完整的核心pom.xml
文件如下,只保留打包相关
license-common
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.zuiyu</groupId>
<artifactId>license-common</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>license-common</name>
<description>license-client</description>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
</project>
license-server
引入license-common
模块
<dependency>
<groupId>com.zuiyu</groupId>
<artifactId>license-common</artifactId>
<version>0.0.1-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
创建 LicenseCreatorController
用于接口调用生成授权文件
@RestController
@RequestMapping("/license")
public class LicenseCreatorController {
public static Logger log = LoggerFactory.getLogger(LicenseCreatorController.class);
/**
* 证书生成路径
*/
@Value("${license.licensePath}")
private String licensePath;
@Value("${license.privateKeysStorePath}")
private String privateKeysStorePath;
/**
* 获取服务器硬件信息
*
* @param osName 操作系统类型,如果为空则自动判断
* @return com.ccx.models.license.LicenseCheckModel
*/
@RequestMapping(value = "/getServerInfos", produces = {MediaType.APPLICATION_JSON_UTF8_VALUE})
public LicenseCheckModel getServerInfos(@RequestParam(value = "osName", required = false) String osName) {
//操作系统类型
if (StringUtils.isBlank(osName)) {
osName = System.getProperty("os.name");
}
osName = osName.toLowerCase();
AbstractServerInfos abstractServerInfos = null;
//根据不同操作系统类型选择不同的数据获取方法
if (osName.startsWith("windows")) {
abstractServerInfos = new WindowsServerInfos();
} else if (osName.startsWith("linux")) {
abstractServerInfos = new LinuxServerInfos();
} else {//其他服务器类型
abstractServerInfos = new LinuxServerInfos();
}
return abstractServerInfos.getServerInfos();
}
/**
* 生成证书
*
* @param param 生成证书需要的参数,
* {
* "subject": "zuiyu_demo",
* "privateAlias": "zuiyuPrivateKey",
* "keyPass": "zuiyu_private_password_1234",
* "storePass": "zuiyu_public_password_1234",
* "licensePath": "/Users/cxt/Downloads/license/license7.lic",
* "privateKeysStorePath": "/Users/cxt/Downloads/license/privateKeys.keystore",
* "issuedTime": "2018-07-10 00:00:01",
* "expiryTime": "2022-12-31 23:59:59",
* "consumerType": "User",
* "consumerAmount": 1,
* "description": "这是证书描述信息",
* "licenseCheckModel": {
* "checkIp":false,
* "ipAddress": [""],
* "checkMac":true,
* "macAddress": ["aa-bb-cc-11"],
* "checkCpu":false,
* "cpuSerial": "",
* "checkMainBoard":false,
* "mainBoardSerial": ""
* }
* }
* @return java.util.Map<java.lang.String, java.lang.Object>
*/
@RequestMapping(value = "/generateLicense", produces = {MediaType.APPLICATION_JSON_UTF8_VALUE})
public Map<String, Object> generateLicense(HttpServletRequest request, @RequestBody LicenseCreatorParam param) {
Map<String, Object> resultMap = new HashMap<>(2);
if (StringUtils.isBlank(param.getLicensePath())) {
param.setLicensePath(licensePath);
}
String path = System.getProperty("user.dir") + privateKeysStorePath;
param.setPrivateKeysStorePath(path);
LicenseCreator licenseCreator = new LicenseCreator(param);
boolean result = licenseCreator.generateLicense();
if (result) {
resultMap.put("result", "ok");
resultMap.put("msg", param);
} else {
resultMap.put("result", "error");
resultMap.put("msg", "证书文件生成失败!");
}
return resultMap;
}
}
找到刚才生成的授权文件zuiyuPrivateKeys.keystore
放入项目根目录license/zuiyuPrivateKeys.keystore
修改application.properties
# license 默认生成地址
license.licensePath=/Users/cxt/Downloads/license/license.lic
# 授权签名文件相对项目的相对路径
license.privateKeysStorePath=/springboot-license/license-server/license/zuiyuPrivateKeys.keystore
完整的项目结构如下
├── HELP.md
├── README.md
├── license
│ └── zuiyuPrivateKeys.keystore
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ └── zuiyu
│ │ │ └── server
│ │ │ ├── LicenseServerApplication.java
│ │ │ └── controller
│ │ │ └── LicenseCreatorController.java
│ │ └── resources
│ │ └── application.properties
请求接口生成授权
Post localhost:8080/license/generateLicense
{
"subject": "zuiyu_demo",
"privateAlias": "zuiyuPrivateKey",
"keyPass": "zuiyu_private_password_1234",
"storePass": "zuiyu_public_password_1234",
"licensePath": "/Users/cxt/Downloads/license/license7.lic",
"privateKeysStorePath": "/Users/cxt/Downloads/license/privateKeys.keystore",
"issuedTime": "2018-07-10 00:00:01",
"expiryTime": "2022-12-31 23:59:59",
"consumerType": "User",
"consumerAmount": 1,
"description": "这是证书描述信息",
"licenseCheckModel": {
"checkIp":false,
"ipAddress": [""],
"checkMac":true,
"macAddress": ["aa-bb-cc-11"],
"checkCpu":false,
"cpuSerial": "",
"checkMainBoard":false,
"mainBoardSerial": ""
}
}
license-client
引入license-common
模块
<dependency>
<groupId>com.zuiyu</groupId>
<artifactId>license-common</artifactId>
<version>0.0.1-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
注册授权验证拦截器InterceptorConfig
@Component
public class InterceptorConfig implements WebMvcConfigurer {
@Resource
private LicenseCheckInterceptor licenseCheckInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 添加要拦截的url
registry.addInterceptor(licenseCheckInterceptor)
// 拦截的路径
.addPathPatterns("/**");
// 放行的路径
// .excludePathPatterns("/admin/login");
}
}
定义拦截器拦截请求验证授权 LicenseCheckInterceptor
@Component
public class LicenseCheckInterceptor implements HandlerInterceptor {
public static Logger log = LoggerFactory.getLogger(LicenseCheckInterceptor.class);
/**
* 进入controller层之前拦截请求
*
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
log.info("进入拦截器,验证证书可使用性");
LicenseVerify licenseVerify = new LicenseVerify();
//校验证书是否有效
boolean verifyResult = licenseVerify.verify();
if (verifyResult) {
log.info("验证成功,证书可用");
return true;
} else {
log.info("验证失败,证书无效");
response.setCharacterEncoding("utf-8");
Map<String, String> result = new HashMap<>(1);
result.put("result", "您的证书无效,请核查服务器是否取得授权或重新申请证书!");
response.getWriter().write(JSON.toJSONString(result));
return false;
}
}
/**
* 处理请求完成后视图渲染之前的处理操作
*
* @param request
* @param response
* @param handler
* @param modelAndView
* @throws Exception
*/
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
log.info("处理请求完成后视图渲染之前的处理操作");
}
/**
* 视图渲染之后的操作
*
* @param request
* @param response
* @param handler
* @param ex
* @throws Exception
*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
log.info("视图渲染之后的操作");
}
}
定义启动应用时检查授权LicenseCheckListener
@Component
public class LicenseCheckListener implements ApplicationListener<ContextRefreshedEvent> {
public static Logger log = LoggerFactory.getLogger(LicenseCheckListener.class);
/**
* 证书subject
*/
@Value("${license.subject}")
private String subject;
/**
* 公钥别称
*/
@Value("${license.publicAlias}")
private String publicAlias;
/**
* 访问公钥库的密码
*/
@Value("${license.storePass}")
private String storePass;
/**
* 证书生成路径
*/
@Value("${license.licensePath}")
private String licensePath;
/**
* 密钥库存储路径
*/
@Value("${license.publicKeysStorePath}")
private String publicKeysStorePath;
@Override
public void onApplicationEvent(ContextRefreshedEvent event) {
// root application context 没有parent
ApplicationContext context = event.getApplicationContext().getParent();
if (context == null) {
if (StringUtils.isNotBlank(licensePath)) {
log.info("++++++++ 开始安装证书 ++++++++");
LicenseVerifyParam param = new LicenseVerifyParam();
param.setSubject(subject);
param.setPublicAlias(publicAlias);
param.setStorePass(storePass);
param.setLicensePath(licensePath);
param.setPublicKeysStorePath(System.getProperty("user.dir") + publicKeysStorePath);
LicenseVerify licenseVerify = new LicenseVerify();
//安装证书
licenseVerify.install(param);
log.info("++++++++ 证书安装结束 ++++++++");
}
}
}
}
新建一个测试类,测试授权是否生效LoginController
public class LoginController {
public static Logger log = LoggerFactory.getLogger(LoginController.class);
@GetMapping(value = "login")
public Map<String, Object> test(@RequestParam(required = true) String loginName, @RequestParam(required = true) String password) {
Map<String, Object> result = new HashMap<>(1);
log.info(MessageFormat.format("登录名称:{0},密码:{1}", loginName, password));
//模拟登录
log.info("模拟登录被拦截检查证书可用性");
result.put("code", 200);
return result;
}
}
测试接口调用
get localhost:8082/login?loginName=111&password=111
完整代码结构如下
├── HELP.md
├── README.md
├── license
│ └── zuiyuPublicCerts.keystore
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ └── zuiyu
│ │ │ └── client
│ │ │ ├── LicenseClientApplication.java
│ │ │ ├── config
│ │ │ │ └── InterceptorConfig.java
│ │ │ ├── controller
│ │ │ │ └── LoginController.java
│ │ │ ├── interceptor
│ │ │ │ └── LicenseCheckInterceptor.java
│ │ │ └── license
│ │ │ └── LicenseCheckListener.java
│ │ └── resources
│ │ └── application.properties