1. 先准备生成cer证书及私钥,公钥
## (1). 生成私匙库
# validity:私钥的有效期多少天 365
# alias:私钥别称 privateKey
# keystore: 指定私钥库文件的名称(生成在当前目录) privateKeys.keystore
# storepass:指定私钥库的密码(获取keystore信息所需的密码) public_password
# keypass:指定别名条目的密码(私钥的密码) private_password
keytool -genkeypair -keysize 1024 -validity 365 -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_password" -keypass "private_password" -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN"
此时会在cd的目录中生成 privateKeys.keystore 文件
## (2). 把私匙库内的公匙导出到一个文件当中
# alias:私钥别称 privateKey
# keystore:指定私钥库的名称(在当前目录查找) privateKeys.keystore
# storepass: 指定私钥库的密码 public_password
# file:证书名称 certfile.cer
keytool -exportcert -alias "privateKey" -keystore "privateKeys.keystore" -storepass "public_password" -file "certfile.cer"
此时会在cd的目录中生成 certfile.cer 文件
## (3). 再把这个证书文件导入到公匙库
# alias:公钥别称 publicCert
# file:证书名称 certfile.cer
# keystore:公钥文件名称 publicCerts.keystore
# storepass:指定私钥库的密码 public_password
keytool -import -alias "publicCert" -file "certfile.cer" -keystore "publicCerts.keystore" -storepass "public_password"
此时在命令窗口输入 y 回车,然后会在cd的目录中生成 publicCerts.keystore 文件,注意此时应该一共生成了三个文件分别是 privateKeys.keystore, certfile.cer,publicCerts.keystore
2. 在项目中添加maven依赖(truelicense):
<dependency>
<groupId>de.schlichtherle.truelicense</groupId>
<artifactId>truelicense-core</artifactId>
<version>1.33</version>
<scope>provided</scope>
</dependency>
3. 开始编写生成接口和验证接口目录结构如下图:
(1) CustomKeyStoreParam.java
package com.ruoyi.license.create;
import de.schlichtherle.license.AbstractKeyStoreParam;
import java.io.*;
/**
* 自定义KeyStoreParam,用于将公私钥存储文件存放到其他磁盘位置而不是项目中
*/
public class CustomKeyStoreParam extends AbstractKeyStoreParam {
/**
* 公钥/私钥在磁盘上的存储路径
*/
private String storePath;
private String alias;
private String storePwd;
private String keyPwd;
public CustomKeyStoreParam(Class clazz, String resource, String alias, String storePwd, String keyPwd) {
super(clazz, resource);
this.storePath = resource;
this.alias = alias;
this.storePwd = storePwd;
this.keyPwd = keyPwd;
}
@Override
public String getAlias() {
return alias;
}
@Override
public String getStorePwd() {
return storePwd;
}
@Override
public String getKeyPwd() {
return keyPwd;
}
/**
* 复写de.schlichtherle.license.AbstractKeyStoreParam的getStream()方法
* <br/>
* 用于将公私钥存储文件存放到其他磁盘位置而不是项目中
*/
@Override
public InputStream getStream() throws IOException {
final InputStream in = new FileInputStream(new File(storePath));
if (null == in) {
throw new FileNotFoundException(storePath);
}
return in;
}
}
(2) LicenseCreator.java
package com.ruoyi.license.create;
import com.ruoyi.license.verify.CustomLicenseManager;
import de.schlichtherle.license.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.security.auth.x500.X500Principal;
import java.io.File;
import java.text.MessageFormat;
import java.util.prefs.Preferences;
/**
* 证书生成器
*/
public class LicenseCreator {
private static Logger logger = LoggerFactory.getLogger(LicenseCreator.class);
private final static X500Principal DEFAULT_HOLDER_AND_ISSUER = new X500Principal("CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN");
private LicenseCreatorParam param;
public LicenseCreator(LicenseCreatorParam param) {
this.param = param;
}
/**
* 生成License证书
*/
public boolean generateLicense() {
try {
LicenseManager licenseManager = new CustomLicenseManager(initLicenseParam());
LicenseContent licenseContent = initLicenseContent();
licenseManager.store(licenseContent, new File(param.getLicensePath()));
return true;
} catch (Exception e) {
logger.error(MessageFormat.format("证书生成失败:{0}", param), e);
return false;
}
}
/**
* 初始化证书生成参数
*/
private LicenseParam initLicenseParam() {
Preferences preferences = Preferences.userNodeForPackage(LicenseCreator.class);
//设置对证书内容加密的秘钥
CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
KeyStoreParam privateStoreParam = new CustomKeyStoreParam(LicenseCreator.class
, param.getPrivateKeysStorePath()
, param.getPrivateAlias()
, param.getStorePass()
, param.getKeyPass());
LicenseParam licenseParam = new DefaultLicenseParam(param.getSubject()
, preferences
, privateStoreParam
, cipherParam);
return licenseParam;
}
/**
* 设置证书生成正文信息
*/
private LicenseContent initLicenseContent() {
LicenseContent licenseContent = new LicenseContent();
licenseContent.setHolder(DEFAULT_HOLDER_AND_ISSUER);
licenseContent.setIssuer(DEFAULT_HOLDER_AND_ISSUER);
licenseContent.setSubject(param.getSubject());
licenseContent.setIssued(param.getIssuedTime());
licenseContent.setNotBefore(param.getIssuedTime());
licenseContent.setNotAfter(param.getExpiryTime());
licenseContent.setConsumerType(param.getConsumerType());
licenseContent.setConsumerAmount(param.getConsumerAmount());
licenseContent.setInfo(param.getDescription());
//扩展校验服务器硬件信息
licenseContent.setExtra(param.getLicenseCheckModel());
return licenseContent;
}
}
(3) LicenseCreatorController.java
package com.ruoyi.license.create;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.license.model.AbstractServerInfos;
import com.ruoyi.license.model.LicenseCheckModel;
import com.ruoyi.license.model.LinuxServerInfos;
import com.ruoyi.license.model.WindowsServerInfos;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import java.util.HashMap;
import java.util.Map;
/**
* 证书生成路由
*/
@RestController
@RequestMapping("/license")
public class LicenseCreatorController {
/**
* 证书生成路径
*/
@Value("${license.createLicensePath}")
private String createLicensePath;
@Value("${license.privateKeysStorePath}")
private String privateKeysStorePath;
/**
* 获取服务器硬件信息
*/
@RequestMapping(value = "/getServerInfos", produces = {MediaType.APPLICATION_JSON_UTF8_VALUE})
public LicenseCheckModel getServerInfos(@RequestParam(value = "osName", required = false) String osName) {
//操作系统类型
if (StringUtils.isBlank(osName)) {
osName = System.getProperty("os.name");
}
osName = osName.toLowerCase();
AbstractServerInfos abstractServerInfos = null;
//根据不同操作系统类型选择不同的数据获取方法
if (osName.startsWith("windows")) {
abstractServerInfos = new WindowsServerInfos();
} else if (osName.startsWith("linux")) {
abstractServerInfos = new LinuxServerInfos();
} else {//其他服务器类型
abstractServerInfos = new LinuxServerInfos();
}
return abstractServerInfos.getServerInfos();
}
/**
* 生成证书
*/
@RequestMapping(value = "/generateLicense", produces = {MediaType.APPLICATION_JSON_UTF8_VALUE})
public Map<String, Object> generateLicense(@RequestBody(required = true) LicenseCreatorParam param) {
Map<String, Object> resultMap = new HashMap<>(2);
if (StringUtils.isBlank(param.getLicensePath())) {
param.setLicensePath(createLicensePath);
param.setPrivateKeysStorePath(privateKeysStorePath);
}
LicenseCreator licenseCreator = new LicenseCreator(param);
boolean result = licenseCreator.generateLicense();
if (result) {
resultMap.put("result", "ok");
resultMap.put("msg", param);
} else {
resultMap.put("result", "error");
resultMap.put("msg", "证书文件生成失败!");
}
return resultMap;
}
}
(4) LicenseCreatorParam.java
package com.ruoyi.license.create;
import com.fasterxml.jackson.annotation.JsonFormat;
import com.ruoyi.license.model.LicenseCheckModel;
import lombok.Data;
import java.io.Serializable;
import java.util.Date;
/**
* 证书生成参数
*/
@Data
public class LicenseCreatorParam implements Serializable {
private static final long serialVersionUID = -7793154252684580872L;
/**
* 证书subject
*/
private String subject;
/**
* 密钥别称
*/
private String privateAlias;
/**
* 密钥密码(需要妥善保管,不能让使用者知道)
*/
private String keyPass;
/**
* 访问秘钥库的密码
*/
private String storePass;
/**
* 证书生成路径
*/
private String licensePath;
/**
* 密钥库存储路径
*/
private String privateKeysStorePath;
/**
* 证书生效时间
*/
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
private Date issuedTime = new Date();
/**
* 证书失效时间
*/
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
private Date expiryTime;
/**
* 用户类型
*/
private String consumerType = "user";
/**
* 用户数量
*/
private Integer consumerAmount = 1;
/**
* 描述信息
*/
private String description = "";
/**
* 额外的服务器硬件校验信息
*/
private LicenseCheckModel licenseCheckModel;
}
(5) ApiConfig.java
package com.ruoyi.license.interceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
/**
* 接口拦截器
*/
@Configuration
public class ApiConfig extends WebMvcConfigurationSupport {
@Autowired
LicenseCheckInterceptor licenseCheckInterceptor;
@Override
protected void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(this.licenseCheckInterceptor).addPathPatterns("/**");
super.addInterceptors(registry);
}
}
(6) LicenseCheckInterceptor.java
package com.ruoyi.license.interceptor;
import com.ruoyi.common.exception.LicenseException;
import com.ruoyi.license.verify.LicenseVerify;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 拦截器校验证书是否合法
*/
@Slf4j
@SuppressWarnings("ALL")
@Component
public class LicenseCheckInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
LicenseVerify licenseVerify = new LicenseVerify();
log.info("开始验证证书是否有效");
// 校验证书是否有效
boolean verifyResult = licenseVerify.verify();
// verifyResult = false;
if (verifyResult) {
return true;
} else {
log.warn("您的证书无效,请核查服务器是否取得授权或重新申请证书!");
throw new LicenseException("您的证书无效,请核查服务器是否取得授权或重新申请证书!");
}
}
}
(7) AbstractServerInfos.java
package com.ruoyi.license.model;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
/**
* 用于获取客户服务器的基本信息,如:IP、Mac地址、CPU序列号、主板序列号等
*/
public abstract class AbstractServerInfos {
private static Logger logger = LoggerFactory.getLogger(AbstractServerInfos.class);
/**
* 组装需要额外校验的License参数
*/
public LicenseCheckModel getServerInfos() {
LicenseCheckModel result = new LicenseCheckModel();
try {
result.setIpAddress(this.getIpAddress());
result.setMacAddress(this.getMacAddress());
result.setCpuSerial(this.getCPUSerial());
result.setMainBoardSerial(this.getMainBoardSerial());
} catch (Exception e) {
logger.error("获取服务器硬件信息失败", e);
}
return result;
}
/**
* 获取IP地址
*
* @return java.util.List<java.lang.String>
*/
protected abstract List<String> getIpAddress() throws Exception;
/**
* 获取Mac地址
*
* @return java.util.List<java.lang.String>
*/
protected abstract List<String> getMacAddress() throws Exception;
/**
* 获取CPU序列号
*/
protected abstract String getCPUSerial() throws Exception;
/**
* 获取主板序列号
*/
protected abstract String getMainBoardSerial() throws Exception;
/**
* 获取当前服务器所有符合条件的InetAddress
*
* @return java.util.List<java.net.InetAddress>
* @author zifangsky
* @date 2018/4/23 17:38
* @since 1.0.0
*/
protected List<InetAddress> getLocalAllInetAddress() throws Exception {
List<InetAddress> result = new ArrayList<>(4);
// 遍历所有的网络接口
for (Enumeration networkInterfaces = NetworkInterface.getNetworkInterfaces(); networkInterfaces.hasMoreElements(); ) {
NetworkInterface iface = (NetworkInterface) networkInterfaces.nextElement();
// 在所有的接口下再遍历IP
for (Enumeration inetAddresses = iface.getInetAddresses(); inetAddresses.hasMoreElements(); ) {
InetAddress inetAddr = (InetAddress) inetAddresses.nextElement();
//排除LoopbackAddress、SiteLocalAddress、LinkLocalAddress、MulticastAddress类型的IP地址
if (!inetAddr.isLoopbackAddress() /*&& !inetAddr.isSiteLocalAddress()*/
&& !inetAddr.isLinkLocalAddress() && !inetAddr.isMulticastAddress()) {
result.add(inetAddr);
}
}
}
return result;
}
/**
* 获取某个网络接口的Mac地址
*/
protected String getMacByInetAddress(InetAddress inetAddr) {
try {
byte[] mac = NetworkInterface.getByInetAddress(inetAddr).getHardwareAddress();
StringBuffer stringBuffer = new StringBuffer();
for (int i = 0; i < mac.length; i++) {
if (i != 0) {
stringBuffer.append("-");
}
//将十六进制byte转化为字符串
String temp = Integer.toHexString(mac[i] & 0xff);
if (temp.length() == 1) {
stringBuffer.append("0" + temp);
} else {
stringBuffer.append(temp);
}
}
return stringBuffer.toString().toUpperCase();
} catch (SocketException e) {
e.printStackTrace();
}
return null;
}
}
(8) LicenseBaseModel.java
package com.ruoyi.license.model;
import lombok.Data;
import java.io.Serializable;
import java.util.Date;
/**
* 可被允许的服务器硬件信息的实体类
*/
@Data
public class LicenseBaseModel implements Serializable {
private static final long serialVersionUID = 8600137500316662317L;
private String subject;
private Date issued;
private Date notBefore;
private Date notAfter;
}
(9) LicenseCheckModel.java
package com.ruoyi.license.model;
import lombok.Data;
import java.io.Serializable;
import java.util.List;
/**
* 可被允许的服务器硬件信息的实体类
*/
@Data
public class LicenseCheckModel implements Serializable {
private static final long serialVersionUID = 8600137500316662317L;
/**
* 可被允许的IP地址
*/
private List<String> ipAddress;
/**
* 可被允许的MAC地址
*/
private List<String> macAddress;
/**
* 可被允许的CPU序列号
*/
private String cpuSerial;
/**
* 可被允许的主板序列号
*/
private String mainBoardSerial;
@Override
public String toString() {
return "LicenseCheckModel{" +
"ipAddress=" + ipAddress +
", macAddress=" + macAddress +
", cpuSerial='" + cpuSerial + '\'' +
", mainBoardSerial='" + mainBoardSerial + '\'' +
'}';
}
}
(10) LinuxServerInfos.java
package com.ruoyi.license.model;
import com.ruoyi.common.utils.StringUtils;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.util.List;
import java.util.stream.Collectors;
/**
* 用于获取客户Linux服务器的基本信息
*/
public class LinuxServerInfos extends AbstractServerInfos {
@Override
protected List<String> getIpAddress() throws Exception {
List<String> result = null;
//获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress();
if (inetAddresses != null && inetAddresses.size() > 0) {
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
}
return result;
}
@Override
protected List<String> getMacAddress() throws Exception {
List<String> result = null;
//1. 获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress();
if (inetAddresses != null && inetAddresses.size() > 0) {
//2. 获取所有网络接口的Mac地址
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
}
return result;
}
@Override
protected String getCPUSerial() throws Exception {
//序列号
String serialNumber = "";
//使用dmidecode命令获取CPU序列号
String[] shell = {"/bin/bash", "-c", "dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"};
Process process = Runtime.getRuntime().exec(shell);
process.getOutputStream().close();
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String line = reader.readLine().trim();
if (StringUtils.isNotBlank(line)) {
serialNumber = line;
}
reader.close();
return serialNumber;
}
@Override
protected String getMainBoardSerial() throws Exception {
//序列号
String serialNumber = "";
//使用dmidecode命令获取主板序列号
String[] shell = {"/bin/bash", "-c", "dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"};
Process process = Runtime.getRuntime().exec(shell);
process.getOutputStream().close();
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String line = reader.readLine().trim();
if (StringUtils.isNotBlank(line)) {
serialNumber = line;
}
reader.close();
return serialNumber;
}
}
(11) WindowsServerInfos.java
package com.ruoyi.license.model;
import java.net.InetAddress;
import java.util.List;
import java.util.Scanner;
import java.util.stream.Collectors;
/**
* 用于获取客户Windows服务器的基本信息
*/
public class WindowsServerInfos extends AbstractServerInfos {
@Override
protected List<String> getIpAddress() throws Exception {
List<String> result = null;
//获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress();
if (inetAddresses != null && inetAddresses.size() > 0) {
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
}
return result;
}
@Override
protected List<String> getMacAddress() throws Exception {
List<String> result = null;
//1. 获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress();
if (inetAddresses != null && inetAddresses.size() > 0) {
//2. 获取所有网络接口的Mac地址
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
}
return result;
}
@Override
protected String getCPUSerial() throws Exception {
//序列号
String serialNumber = "";
//使用WMIC获取CPU序列号
Process process = Runtime.getRuntime().exec("wmic cpu get processorid");
process.getOutputStream().close();
Scanner scanner = new Scanner(process.getInputStream());
if (scanner.hasNext()) {
scanner.next();
}
if (scanner.hasNext()) {
serialNumber = scanner.next().trim();
}
scanner.close();
return serialNumber;
}
@Override
protected String getMainBoardSerial() throws Exception {
//序列号
String serialNumber = "";
//使用WMIC获取主板序列号
Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber");
process.getOutputStream().close();
Scanner scanner = new Scanner(process.getInputStream());
if (scanner.hasNext()) {
scanner.next();
}
if (scanner.hasNext()) {
serialNumber = scanner.next().trim();
}
scanner.close();
return serialNumber;
}
}
(12) CustomLicenseManager.java
package com.ruoyi.license.verify;
import com.ruoyi.common.exception.LicenseException;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.bean.BeanUtils;
import com.ruoyi.license.model.*;
import de.schlichtherle.license.*;
import de.schlichtherle.xml.GenericCertificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.beans.XMLDecoder;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.UnsupportedEncodingException;
import java.util.Date;
import java.util.List;
/**
* 自定义LicenseManager,用于增加额外的服务器硬件信息校验
*/
public class CustomLicenseManager extends LicenseManager {
private static Logger logger = LoggerFactory.getLogger(CustomLicenseManager.class);
// XML编码
private static final String XML_CHARSET = "UTF-8";
// 默认BUFSIZE
private static final int DEFAULT_BUFSIZE = 8 * 1024;
public CustomLicenseManager() {
}
public CustomLicenseManager(LicenseParam param) {
super(param);
}
/**
* 复写create方法
*/
@Override
protected synchronized byte[] create(
LicenseContent content,
LicenseNotary notary)
throws Exception {
initialize(content);
this.validateCreate(content);
final GenericCertificate certificate = notary.sign(content);
return getPrivacyGuard().cert2key(certificate);
}
/**
* 复写install方法,其中validate方法调用本类中的validate方法,校验IP地址、Mac地址等其他信息
*/
@Override
protected synchronized LicenseContent install(
final byte[] key,
final LicenseNotary notary)
throws Exception {
final GenericCertificate certificate = getPrivacyGuard().key2cert(key);
notary.verify(certificate);
final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
this.validate(content);
setLicenseKey(key);
setCertificate(certificate);
return content;
}
/**
* 复写verify方法,调用本类中的validate方法,校验IP地址、Mac地址等其他信息
*/
@Override
protected synchronized LicenseContent verify(final LicenseNotary notary)
throws Exception {
GenericCertificate certificate = getCertificate();
// Load license key from preferences,
final byte[] key = getLicenseKey();
if (null == key) {
throw new NoLicenseInstalledException(getLicenseParam().getSubject());
}
certificate = getPrivacyGuard().key2cert(key);
notary.verify(certificate);
final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
this.validate(content);
setCertificate(certificate);
return content;
}
/**
* 校验生成证书的参数信息
*/
protected synchronized void validateCreate(final LicenseContent content)
throws LicenseContentException {
final LicenseParam param = getLicenseParam();
final Date now = new Date();
final Date notBefore = content.getNotBefore();
final Date notAfter = content.getNotAfter();
logger.debug("证书生效时间:" + notBefore + ",证书失效时间:" + notAfter);
if (null != notAfter && now.after(notAfter)) {
throw new LicenseContentException("证书失效时间不能早于当前时间");
}
if (null != notBefore && null != notAfter && notAfter.before(notBefore)) {
throw new LicenseContentException("证书生效时间不能晚于证书失效时间");
}
final String consumerType = content.getConsumerType();
if (null == consumerType) {
throw new LicenseContentException("用户类型不能为空");
}
}
/**
* 复写validate方法,增加IP地址、Mac地址等其他信息校验
*/
@Override
protected synchronized void validate(final LicenseContent content)
throws LicenseContentException, LicenseException {
//1. 首先调用父类的validate方法
super.validate(content);
//2. 然后校验自定义的License参数
// License中可被允许的参数信息
LicenseBaseModel licenseBaseModel = new LicenseBaseModel();
BeanUtils.copyBeanProp(licenseBaseModel, content);
// System.out.println("基本信息=====>" + licenseBaseModel);
LicenseCheckModel expectedCheckModel = (LicenseCheckModel) content.getExtra();
// System.out.println("证书额外验证信息=====>" + expectedCheckModel);
// 当前服务器真实的参数信息
LicenseCheckModel serverCheckModel = getServerInfos();
// System.out.println("当前服务器信息=====>" + serverCheckModel);
if (expectedCheckModel != null && serverCheckModel != null) {
//校验IP地址
if (!checkIpAddress(expectedCheckModel.getIpAddress(), serverCheckModel.getIpAddress())) {
throw new LicenseException("当前服务器的IP没在授权范围内");
}
//校验Mac地址
if (!checkIpAddress(expectedCheckModel.getMacAddress(), serverCheckModel.getMacAddress())) {
throw new LicenseException("当前服务器的Mac地址没在授权范围内");
}
// //校验主板序列号
// if (!checkSerial(expectedCheckModel.getMainBoardSerial(), serverCheckModel.getMainBoardSerial())) {
// throw new LicenseContentException("当前服务器的主板序列号没在授权范围内");
// }
//
// //校验CPU序列号
// if (!checkSerial(expectedCheckModel.getCpuSerial(), serverCheckModel.getCpuSerial())) {
// throw new LicenseContentException("当前服务器的CPU序列号没在授权范围内");
// }
} else {
// throw new LicenseException("不能获取服务器硬件信息");
}
}
/**
* 重写XMLDecoder解析XML
*/
private Object load(String encoded) {
BufferedInputStream inputStream = null;
XMLDecoder decoder = null;
try {
inputStream = new BufferedInputStream(new ByteArrayInputStream(encoded.getBytes(XML_CHARSET)));
decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE), null, null);
return decoder.readObject();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} finally {
try {
if (decoder != null) {
decoder.close();
}
if (inputStream != null) {
inputStream.close();
}
} catch (Exception e) {
logger.error("XMLDecoder解析XML失败", e);
}
}
return null;
}
/**
* 获取当前服务器需要额外校验的License参数
*/
private LicenseCheckModel getServerInfos() {
//操作系统类型
String osName = System.getProperty("os.name").toLowerCase();
AbstractServerInfos abstractServerInfos = null;
//根据不同操作系统类型选择不同的数据获取方法
if (osName.startsWith("windows")) {
abstractServerInfos = new WindowsServerInfos();
} else if (osName.startsWith("linux")) {
abstractServerInfos = new LinuxServerInfos();
} else {//其他服务器类型
abstractServerInfos = new LinuxServerInfos();
}
return abstractServerInfos.getServerInfos();
}
/**
* 校验当前服务器的IP/Mac地址是否在可被允许的IP范围内
* 如果存在IP在可被允许的IP/Mac地址范围内,则返回true
*/
private boolean checkIpAddress(List<String> expectedList, List<String> serverList) {
if (expectedList != null && expectedList.size() > 0) {
if (serverList != null && serverList.size() > 0) {
for (String expected : expectedList) {
if (serverList.contains(expected.trim())) {
return true;
}
}
}
return false;
} else {
return true;
}
}
/**
* 校验当前服务器硬件(主板、CPU等)序列号是否在可允许范围内
*/
private boolean checkSerial(String expectedSerial, String serverSerial) {
if (StringUtils.isNotBlank(expectedSerial)) {
if (StringUtils.isNotBlank(serverSerial)) {
if (expectedSerial.equals(serverSerial)) {
return true;
}
}
return false;
} else {
return true;
}
}
}
(13) LicenseCheckListener.java
package com.ruoyi.license.verify;
import com.ruoyi.common.utils.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.stereotype.Component;
/**
* 在项目启动时安装证书
*/
@Component
public class LicenseCheckListener implements ApplicationListener<ContextRefreshedEvent> {
private static Logger logger = LoggerFactory.getLogger(LicenseCheckListener.class);
/**
* 证书subject
*/
@Value("${license.subject}")
private String subject;
/**
* 公钥别称
*/
@Value("${license.publicAlias}")
private String publicAlias;
/**
* 访问公钥库的密码
*/
@Value("${license.storePass}")
private String storePass;
/**
* 证书生成路径
*/
@Value("${license.licensePath}")
private String licensePath;
/**
* 密钥库存储路径
*/
@Value("${license.publicKeysStorePath}")
private String publicKeysStorePath;
@Override
public void onApplicationEvent(ContextRefreshedEvent event) {
//root application context 没有parent
ApplicationContext context = event.getApplicationContext().getParent();
if (context == null) {
if (StringUtils.isNotBlank(licensePath)) {
logger.info("++++++++ 开始安装证书 ++++++++");
LicenseVerifyParam param = new LicenseVerifyParam();
param.setSubject(subject);
param.setPublicAlias(publicAlias);
param.setStorePass(storePass);
param.setLicensePath(licensePath);
param.setPublicKeysStorePath(publicKeysStorePath);
LicenseVerify licenseVerify = new LicenseVerify();
//安装证书
licenseVerify.install(param);
logger.info("++++++++ 证书安装结束 ++++++++");
}
}
}
}
(14) LicenseManagerHolder.java
package com.ruoyi.license.verify;
import de.schlichtherle.license.LicenseManager;
import de.schlichtherle.license.LicenseParam;
/**
* de.schlichtherle.license.LicenseManager的单例
*/
public class LicenseManagerHolder {
private static volatile LicenseManager LICENSE_MANAGER;
public static LicenseManager getInstance(LicenseParam param) {
if (LICENSE_MANAGER == null) {
synchronized (LicenseManagerHolder.class) {
if (LICENSE_MANAGER == null) {
LICENSE_MANAGER = new CustomLicenseManager(param);
}
}
}
return LICENSE_MANAGER;
}
}
(15) LicenseVerify.java
package com.ruoyi.license.verify;
import com.ruoyi.license.create.CustomKeyStoreParam;
import de.schlichtherle.license.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.text.DateFormat;
import java.text.MessageFormat;
import java.text.SimpleDateFormat;
import java.util.prefs.Preferences;
/**
* License校验类
*/
public class LicenseVerify {
private static Logger logger = LoggerFactory.getLogger(LicenseVerify.class);
/**
* 安装License证书
*/
public synchronized LicenseContent install(LicenseVerifyParam param){
LicenseContent result = null;
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
//1. 安装证书
try{
LicenseManager licenseManager = LicenseManagerHolder.getInstance(initLicenseParam(param));
licenseManager.uninstall();
result = licenseManager.install(new File(param.getLicensePath()));
logger.info(MessageFormat.format("证书安装成功,证书有效期:{0} - {1}",format.format(result.getNotBefore()),format.format(result.getNotAfter())));
}catch (Exception e){
logger.error("证书安装失败!",e);
}
return result;
}
/**
* 校验License证书
*/
public boolean verify() {
LicenseManager licenseManager = LicenseManagerHolder.getInstance(null);
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
//2. 校验证书
try {
LicenseContent licenseContent = licenseManager.verify();
logger.info("subject=======>" + licenseContent.getSubject());
logger.info(MessageFormat.format("证书校验通过,证书有效期:{0} - {1}", format.format(licenseContent.getNotBefore()),format.format(licenseContent.getNotAfter())));
return true;
}catch (Exception e){
logger.error("证书校验失败!",e);
return false;
}
}
/**
* 初始化证书生成参数
*/
private LicenseParam initLicenseParam(LicenseVerifyParam param){
Preferences preferences = Preferences.userNodeForPackage(LicenseVerify.class);
CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
KeyStoreParam publicStoreParam = new CustomKeyStoreParam(LicenseVerify.class
,param.getPublicKeysStorePath()
,param.getPublicAlias()
,param.getStorePass()
,null);
return new DefaultLicenseParam(param.getSubject()
,preferences
,publicStoreParam
,cipherParam);
}
}
(16) LicenseVerifyController.java
package com.ruoyi.license.verify;
import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.enums.BusinessType;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* 验证接口
*/
@RestController
@RequestMapping("/license")
public class LicenseVerifyController {
/**
* 验证信息
*/
@GetMapping("/verify")
@Log(title = "证书验证", businessType = BusinessType.OTHER)
public AjaxResult licenseVerify() {
return AjaxResult.success("验证成功");
}
}
(17) LicenseVerifyParam.java
package com.ruoyi.license.verify;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
/**
* License校验类需要的参数
*/
@Data
@NoArgsConstructor
@AllArgsConstructor
public class LicenseVerifyParam {
/**
* 证书subject
*/
private String subject;
/**
* 公钥别称
*/
private String publicAlias;
/**
* 访问公钥库的密码
*/
private String storePass;
/**
* 证书生成路径
*/
private String licensePath;
/**
* 密钥库存储路径
*/
private String publicKeysStorePath;
}
(18) 相关配置
license: privateKeysStorePath: D:/license/new/privateKeys.keystore createLicensePath: D:/license/new/license.lic subject: xxxx publicAlias: publicCert storePass: public_password licensePath: D:/license/license.lic publicKeysStorePath: D:/license/publicCerts.keystore
4. 证书测试
(1) 生成证书,将第一步生成的privateKeys.keystore文件放在对应目录(privateKeysStorePath)下 (先吧拦截器注释掉,否则有可能访问不到)
请求/license/generateLicense 参数为json,content-type 为 application/json 例如:
{
"subject" : "xxxx",
"privateAlias" : "privateKey",
"keyPass": "private_password",
"storePass" : "public_password",
"expiryTime": "2024-04-10 14:15:00",
"licenseCheckModel" : {
"ipAddress": ["000.000.0.000"],
"macAddress": ["XX-XX-XX-XX-XX-XX"],
"cpuSerial": "",
"mainBoardSerial": ""
}
}
若成功则会在配置的目录(createLicensePath)下生成license.lic文件,不成功一般是没有将对应的privateKeys.keystore放置或者是参数与第一步设置的参数不同步或者参数不合理导致
(2) 验证证书,将新生成的license.lic文件放到对应的目录(licensePath)下 (拦截器取消注释,然后重启)
请求/license/verify 查看响应