springboot增加license授权认证

简介: springboot增加license授权认证

环境

  • MacOS 10.14.6
  • JDK1.8

源码链接:

https://github.com/zuiyu-main/springboot-demo/tree/master/springboot-license

使用keytool工具生成签名文件

https://mp.weixin.qq.com/s?__biz=MzIwNzYzODIxMw==&mid=2247485388&idx=1&sn=dd51ac189b41c02a65f6df4577f481d4&chksm=970e1c66a0799570e8c7391ee5e9a3fd2fb09a29d05e3200671fed8d9f52c385d01671090c97#rd

生成私钥公钥

  • 使用JDK自带的keytool工具生成签名
keytool -genkeypair -keysize 1024 -validity 3650 -alias "zuiyuPrivateKey" -keypass "zuiyu_private_password_1234" -keystore "zuiyuPrivateKeys.keystore" -storepass "zuiyu_public_password_1234" -dname "CN=zuiyu,OU=zuiyu,O=zuiyu,L=BJ,ST=BJ,C=CN"
  • 导出签名文件 zuiyuCertfile.cer
keytool -exportcert -alias "zuiyuPrivateKey" -keystore "zuiyuPrivateKeys.keystore" -storepass "zuiyu_public_password_1234" -file "zuiyuCertfile.cer"
  • 导入签名文件
keytool -import -alias "zuiyuPublicCert" -file "zuiyuCertfile.cer" -keystore "zuiyuPublicCerts.keystore" -storepass "zuiyu_public_password_1234"
  • 帮助命令(根据需要食用)
# 删除
keytool -delete -alias zuiyuPrivateKey -keystore "zuiyuPrivateKeys.keystore" -storepass "zuiyu_public_password_1234"
# 查看
keytool -list -v -keystore zuiyuPrivateKeys.keystore -storepass "zuiyu_public_password_1234"
  • 最后
    上述命令执行完成之后,会在当前路径下生成三个文件,分别是:zuiyuPrivateKeys.keystorezuiyuPublicCerts.keystorezuiyuCertfile.cer。其中文件zuiyuCertfile.cer不再需要可以删除,文件zuiyuPrivateKeys.keystore用于当前的license-server项目给客户生成license文件,而文件zuiyuPublicCerts.keystore则随应用代码部署到客户服务器,用户解密license文件并校验其许可信息。

license-common

如下license-common 内容较长,全部代码都有,可直接粘贴

如下license-common 内容较长,全部代码都有,可直接粘贴

如下license-common 内容较长,全部代码都有,可直接粘贴

可直接跳转源码GitHub

https://github.com/zuiyu-main/springboot-demo/tree/master/springboot-license

  • 新建一个license-common 模块
  • pom.xml 中加入license相关依赖
<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.47</version>
        </dependency>
        <!-- License -->
        <dependency>
            <groupId>de.schlichtherle.truelicense</groupId>
            <artifactId>truelicense-core</artifactId>
            <version>1.33</version>
        </dependency>
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.7</version>
        </dependency>
  • 修改pom.xml中打包插件配置
<build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.8.1</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
        </plugins>
    </build>
  • 定义一个授权文件信息类 LicenseCreatorParam
public class LicenseCreatorParam implements Serializable {
    private static final long serialVersionUID = -7793154252684580872L;
    /**
     * 证书subject
     */
    private String subject;
    /**
     * 密钥别称
     */
    private String privateAlias;
    /**
     * 密钥密码(需要妥善保管,不能让使用者知道)
     */
    private String keyPass;
    /**
     * 访问秘钥库的密码
     */
    private String storePass;
    /**
     * 证书生成路径
     */
    private String licensePath;
    /**
     * 密钥库存储路径
     */
    private String privateKeysStorePath;
    /**
     * 证书生效时间
     */
    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
    private Date issuedTime = new Date();
    /**
     * 证书失效时间
     */
    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
    private Date expiryTime;
    /**
     * 用户类型
     */
    private String consumerType = "user";
    /**
     * 用户数量
     */
    private Integer consumerAmount = 1;
    /**
     * 描述信息
     */
    private String description = "";
    /**
     * 额外的服务器硬件校验信息
     */
    private LicenseCheckModel licenseCheckModel;
    // 省略get set
}
  • 定义一个授权文件中系统信息类 LicenseCheckModel
public class LicenseCheckModel {
//    private static final long serialVersionUID = 8600137500316662317L;
    /**
     * 可被允许的IP地址
     */
    private Boolean checkIp;
    private List<String> ipAddress;
    private Boolean checkMac;
    /**
     * 可被允许的MAC地址
     */
    private List<String> macAddress;
    /**
     * 可被允许的CPU序列号
     */
    private String cpuSerial;
    private Boolean checkCpu;
    /**
     * 可被允许的主板序列号
     */
    private String mainBoardSerial;
    private Boolean checkMainBoard;
    // 省略get set
}
  • 定义一个校验签名文件的信息类LicenseVerifyParam
public class LicenseVerifyParam {
    /**
     * 证书subject
     */
    private String subject;
    /**
     * 公钥别称
     */
    private String publicAlias;
    /**
     * 访问公钥库的密码
     */
    private String storePass;
    /**
     * 证书生成路径
     */
    private String licensePath;
    /**
     * 密钥库存储路径
     */
    private String publicKeysStorePath;
    public LicenseVerifyParam() {
    }
    public LicenseVerifyParam(String subject, String publicAlias, String storePass, String licensePath, String publicKeysStorePath) {
        this.subject = subject;
        this.publicAlias = publicAlias;
        this.storePass = storePass;
        this.licensePath = licensePath;
        this.publicKeysStorePath = publicKeysStorePath;
    }
    // 省略get set
}
  • 定义获取客户服务器信息的抽象类AbstractServerInfos
public abstract class AbstractServerInfos {
    public static Logger log = LoggerFactory.getLogger(AbstractServerInfos.class);
    /**
     * 组装需要额外校验的License参数
     *
     * @return demo.LicenseCheckModel
     */
    public LicenseCheckModel getServerInfos() {
        LicenseCheckModel result = new LicenseCheckModel();
        try {
            result.setIpAddress(this.getIpAddress());
            result.setMacAddress(this.getMacAddress());
            result.setCpuSerial(this.getCPUSerial());
            result.setMainBoardSerial(this.getMainBoardSerial());
        } catch (Exception e) {
            log.error("获取服务器硬件信息失败", e);
        }
        return result;
    }
    /**
     * 获取IP地址
     *
     * @return java.util.List<java.lang.String>
     */
    protected abstract List<String> getIpAddress() throws Exception;
    /**
     * 获取Mac地址
     *
     * @return java.util.List<java.lang.String>
     */
    protected abstract List<String> getMacAddress() throws Exception;
    /**
     * 获取CPU序列号
     *
     * @return java.lang.String
     */
    protected abstract String getCPUSerial() throws Exception;
    /**
     * 获取主板序列号
     *
     * @return java.lang.String
     */
    protected abstract String getMainBoardSerial() throws Exception;
    /**
     * 获取当前服务器所有符合条件的InetAddress
     *
     * @return java.util.List<java.net.InetAddress>
     */
    protected List<InetAddress> getLocalAllInetAddress() throws Exception {
        List<InetAddress> result = new ArrayList<>(4);
        // 遍历所有的网络接口
        for (Enumeration networkInterfaces = NetworkInterface.getNetworkInterfaces(); networkInterfaces.hasMoreElements(); ) {
            NetworkInterface iface = (NetworkInterface) networkInterfaces.nextElement();
            // 在所有的接口下再遍历IP
            for (Enumeration inetAddresses = iface.getInetAddresses(); inetAddresses.hasMoreElements(); ) {
                InetAddress inetAddr = (InetAddress) inetAddresses.nextElement();
                //排除LoopbackAddress、SiteLocalAddress、LinkLocalAddress、MulticastAddress类型的IP地址
                if (!inetAddr.isLoopbackAddress() /*&& !inetAddr.isSiteLocalAddress()*/
                        && !inetAddr.isLinkLocalAddress() && !inetAddr.isMulticastAddress()) {
                    result.add(inetAddr);
                }
            }
        }
        return result;
    }
    /**
     * 获取某个网络接口的Mac地址
     *
     * @param
     * @return void
     */
    protected String getMacByInetAddress(InetAddress inetAddr) {
        try {
            byte[] mac = NetworkInterface.getByInetAddress(inetAddr).getHardwareAddress();
            StringBuffer stringBuffer = new StringBuffer();
            for (int i = 0; i < mac.length; i++) {
                if (i != 0) {
                    stringBuffer.append("-");
                }
                //将十六进制byte转化为字符串
                String temp = Integer.toHexString(mac[i] & 0xff);
                if (temp.length() == 1) {
                    stringBuffer.append("0" + temp);
                } else {
                    stringBuffer.append(temp);
                }
            }
            return stringBuffer.toString().toUpperCase();
        } catch (SocketException e) {
            log.error("获取某个网络接口的Mac地址异常", e);
        }
        return null;
    }
}
  • 定义不同系统获取系统信息的方法LinuxServerInfos,WindowsServerInfos
  • windows
public class WindowsServerInfos extends AbstractServerInfos {
    @Override
    protected List<String> getIpAddress() throws Exception {
        List<String> result = null;
        //获取所有网络接口
        List<InetAddress> inetAddresses = getLocalAllInetAddress();
        if (inetAddresses != null && inetAddresses.size() > 0) {
            result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
        }
        return result;
    }
    @Override
    protected List<String> getMacAddress() throws Exception {
        List<String> result = null;
        //1. 获取所有网络接口
        List<InetAddress> inetAddresses = getLocalAllInetAddress();
        if (inetAddresses != null && inetAddresses.size() > 0) {
            //2. 获取所有网络接口的Mac地址
            result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
        }
        return result;
    }
    @Override
    protected String getCPUSerial() throws Exception {
        //序列号
        String serialNumber = "";
        //使用WMIC获取CPU序列号
        Process process = Runtime.getRuntime().exec("wmic cpu get processorid");
        process.getOutputStream().close();
        Scanner scanner = new Scanner(process.getInputStream());
        if (scanner != null && scanner.hasNext()) {
            scanner.next();
        }
        if (scanner.hasNext()) {
            serialNumber = scanner.next().trim();
        }
        scanner.close();
        return serialNumber;
    }
    @Override
    protected String getMainBoardSerial() throws Exception {
        //序列号
        String serialNumber = "";
        //使用WMIC获取主板序列号
        Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber");
        process.getOutputStream().close();
        Scanner scanner = new Scanner(process.getInputStream());
        if (scanner != null && scanner.hasNext()) {
            scanner.next();
        }
        if (scanner.hasNext()) {
            serialNumber = scanner.next().trim();
        }
        scanner.close();
        return serialNumber;
    }
}
  • linux
public class LinuxServerInfos extends AbstractServerInfos {
  
      @Override
      protected List<String> getIpAddress() throws Exception {
          List<String> result = null;
  
          //获取所有网络接口
          List<InetAddress> inetAddresses = getLocalAllInetAddress();
  
          if (inetAddresses != null && inetAddresses.size() > 0) {
              result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
          }
  
          return result;
      }
  
      @Override
      protected List<String> getMacAddress() throws Exception {
          List<String> result = null;
  
          //1. 获取所有网络接口
          List<InetAddress> inetAddresses = getLocalAllInetAddress();
  
          if (inetAddresses != null && inetAddresses.size() > 0) {
              //2. 获取所有网络接口的Mac地址
              result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
          }
  
          return result;
      }
  
      @Override
      protected String getCPUSerial() throws Exception {
          //序列号
          String serialNumber = "";
  
          //使用dmidecode命令获取CPU序列号
          String[] shell = {"/bin/bash", "-c", "dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"};
          Process process = Runtime.getRuntime().exec(shell);
          process.getOutputStream().close();
  
          BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
  
          if (null == reader.readLine()) {
              return serialNumber;
          }
          String line = reader.readLine().trim();
          if (StringUtils.isNotBlank(line)) {
              serialNumber = line;
          }
  
          reader.close();
          return serialNumber;
      }
  
      @Override
      protected String getMainBoardSerial() throws Exception {
          //序列号
          String serialNumber = "";
  
          //使用dmidecode命令获取主板序列号
          String[] shell = {"/bin/bash", "-c", "dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"};
          Process process = Runtime.getRuntime().exec(shell);
          process.getOutputStream().close();
  
          BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
          if (null == reader.readLine()) {
              return serialNumber;
          }
          String line = reader.readLine().trim();
          if (StringUtils.isNotBlank(line)) {
              serialNumber = line;
          }
  
          reader.close();
          return serialNumber;
      }
  }
  • 增加CustomLicenseManager ,用于自定义参数信息验证
public class CustomLicenseManager extends LicenseManager {
    public static Logger log = LoggerFactory.getLogger(CustomLicenseManager.class);
    //XML编码
    private static final String XML_CHARSET = "UTF-8";
    //默认BUFSIZE
    private static final int DEFAULT_BUFSIZE = 8 * 1024;
    public CustomLicenseManager() {
    }
    public CustomLicenseManager(LicenseParam param) {
        super(param);
    }
    /**
     * 复写create方法
     *
     * @return byte[]
     */
    @Override
    protected synchronized byte[] create(
            LicenseContent content,
            LicenseNotary notary)
            throws Exception {
        initialize(content);
        this.validateCreate(content);
        final GenericCertificate certificate = notary.sign(content);
        return getPrivacyGuard().cert2key(certificate);
    }
    /**
     * 复写install方法,其中validate方法调用本类中的validate方法,校验IP地址、Mac地址等其他信息
     *
     * @param
     * @return de.schlichtherle.license.LicenseContent
     */
    @Override
    protected synchronized LicenseContent install(
            final byte[] key,
            final LicenseNotary notary)
            throws Exception {
        final GenericCertificate certificate = getPrivacyGuard().key2cert(key);
        notary.verify(certificate);
        final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
        this.validate(content);
        setLicenseKey(key);
        setCertificate(certificate);
        return content;
    }
    /**
     * 复写verify方法,调用本类中的validate方法,校验IP地址、Mac地址等其他信息
     *
     * @param
     * @return de.schlichtherle.license.LicenseContent
     */
    @Override
    protected synchronized LicenseContent verify(final LicenseNotary notary)
            throws Exception {
        GenericCertificate certificate = getCertificate();
        // Load license key from preferences,
        final byte[] key = getLicenseKey();
        if (null == key) {
            throw new NoLicenseInstalledException(getLicenseParam().getSubject());
        }
        certificate = getPrivacyGuard().key2cert(key);
        notary.verify(certificate);
        final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
        this.validate(content);
        setCertificate(certificate);
        return content;
    }
    /**
     * 校验生成证书的参数信息
     *
     * @param content 证书正文
     */
    protected synchronized void validateCreate(final LicenseContent content)
            throws LicenseContentException {
        final LicenseParam param = getLicenseParam();
        final Date now = new Date();
        final Date notBefore = content.getNotBefore();
        final Date notAfter = content.getNotAfter();
        if (null != notAfter && now.after(notAfter)) {
            throw new LicenseContentException("证书失效时间不能早于当前时间");
        }
        if (null != notBefore && null != notAfter && notAfter.before(notBefore)) {
            throw new LicenseContentException("证书生效时间不能晚于证书失效时间");
        }
        final String consumerType = content.getConsumerType();
        if (null == consumerType) {
            throw new LicenseContentException("用户类型不能为空");
        }
    }
    /**
     * 复写validate方法,增加IP地址、Mac地址等其他信息校验
     *
     * @param content LicenseContent
     */
    @Override
    protected synchronized void validate(final LicenseContent content)
            throws LicenseContentException {
        //1. 首先调用父类的validate方法
        super.validate(content);
        //2. 然后校验自定义的License参数
        //License中可被允许的参数信息
        LicenseCheckModel expectedCheckModel = (LicenseCheckModel) content.getExtra();
        if (expectedCheckModel != null) {
            //当前服务器真实的参数信息
            LicenseCheckModel serverCheckModel = getServerInfos();
            if (serverCheckModel != null) {
                //校验IP地址
                if (expectedCheckModel.getCheckIp() && !checkIpAddress(expectedCheckModel.getIpAddress(), serverCheckModel.getIpAddress())) {
                    throw new LicenseContentException("当前服务器的IP没在授权范围内");
                }
                //校验Mac地址
                if (expectedCheckModel.getCheckMac() && !checkIpAddress(expectedCheckModel.getMacAddress(), serverCheckModel.getMacAddress())) {
                    throw new LicenseContentException("当前服务器的Mac地址没在授权范围内");
                }
                //校验主板序列号
                if (expectedCheckModel.getCheckMainBoard() && !checkSerial(expectedCheckModel.getMainBoardSerial(), serverCheckModel.getMainBoardSerial())) {
                    throw new LicenseContentException("当前服务器的主板序列号没在授权范围内");
                }
                //校验CPU序列号
                if (expectedCheckModel.getCheckCpu() && !checkSerial(expectedCheckModel.getCpuSerial(), serverCheckModel.getCpuSerial())) {
                    throw new LicenseContentException("当前服务器的CPU序列号没在授权范围内");
                }
            } else {
                throw new LicenseContentException("不能获取服务器硬件信息");
            }
        }
    }
    /**
     * 重写XMLDecoder解析XML
     *
     * @param encoded XML类型字符串
     * @return java.lang.Object
     */
    private Object load(String encoded) {
//         encoded = encoded.replace("com.modules.entity.LicenseCheckModel", "com.zuiyu.client.bean.LicenseCheckModel");
        BufferedInputStream inputStream = null;
        XMLDecoder decoder = null;
        try {
            inputStream = new BufferedInputStream(new ByteArrayInputStream(encoded.getBytes(XML_CHARSET)));
            decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE), null, null);
            return decoder.readObject();
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        } finally {
            try {
                if (decoder != null) {
                    decoder.close();
                }
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Exception e) {
                log.error("XMLDecoder解析XML失败", e);
            }
        }
        return null;
    }
    /**
     * 获取当前服务器需要额外校验的License参数
     *
     * @return demo.LicenseCheckModel
     */
    private LicenseCheckModel getServerInfos() {
        //操作系统类型
        String osName = System.getProperty("os.name").toLowerCase();
        AbstractServerInfos abstractServerInfos = null;
        //根据不同操作系统类型选择不同的数据获取方法
        if (osName.startsWith("windows")) {
            abstractServerInfos = new WindowsServerInfos();
        } else if (osName.startsWith("linux")) {
            abstractServerInfos = new LinuxServerInfos();
        } else {//其他服务器类型
            abstractServerInfos = new LinuxServerInfos();
        }
        return abstractServerInfos.getServerInfos();
    }
    /**
     * 校验当前服务器的IP/Mac地址是否在可被允许的IP范围内<br/>
     * 如果存在IP在可被允许的IP/Mac地址范围内,则返回true
     *
     * @return boolean
     */
    private boolean checkIpAddress(List<String> expectedList, List<String> serverList) {
        if (expectedList != null && expectedList.size() > 0) {
            if (serverList != null && serverList.size() > 0) {
                for (String expected : expectedList) {
                    if (serverList.contains(expected.trim())) {
                        return true;
                    }
                }
            }
            return false;
        } else {
            return true;
        }
    }
    /**
     * 校验当前服务器硬件(主板、CPU等)序列号是否在可允许范围内
     *
     * @param
     * @return boolean
     */
    private boolean checkSerial(String expectedSerial, String serverSerial) {
        if (StringUtils.isNotBlank(expectedSerial)) {
            if (StringUtils.isNotBlank(serverSerial)) {
                if (expectedSerial.equals(serverSerial)) {
                    return true;
                }
            }
            return false;
        } else {
            return true;
        }
    }
}
  • 定义 CustomKeyStoreParam,用于授权文件持久化磁盘
package com.zuiyu.common.license;
import de.schlichtherle.license.AbstractKeyStoreParam;
import java.io.*;
/**
 * 自定义KeyStoreParam,用于将公私钥存储文件存放到其他磁盘位置而不是项目中
 */
public class CustomKeyStoreParam extends AbstractKeyStoreParam {
    /**
     * 公钥/私钥在磁盘上的存储路径
     */
    private String storePath;
    private String alias;
    private String storePwd;
    private String keyPwd;
    public CustomKeyStoreParam(Class clazz, String resource, String alias, String storePwd, String keyPwd) {
        super(clazz, resource);
        this.storePath = resource;
        this.alias = alias;
        this.storePwd = storePwd;
        this.keyPwd = keyPwd;
    }
    @Override
    public String getAlias() {
        return alias;
    }
    @Override
    public String getStorePwd() {
        return storePwd;
    }
    @Override
    public String getKeyPwd() {
        return keyPwd;
    }
    /**
     * 复写de.schlichtherle.license.AbstractKeyStoreParam的getStream()方法<br/>
     * 用于将公私钥存储文件存放到其他磁盘位置而不是项目中
     *
     * @param
     * @return java.io.InputStream
     */
    @Override
    public InputStream getStream() throws IOException {
        final InputStream in = new FileInputStream(new File(storePath));
        if (null == in) {
            throw new FileNotFoundException(storePath);
        }
        return in;
    }
}
  • 定义LicenseManagerHolder,获取全局的唯一一个授权管理对象
public class LicenseManagerHolder {
    private static volatile LicenseManager LICENSE_MANAGER;
    public static LicenseManager getInstance(LicenseParam param) {
        if (LICENSE_MANAGER == null) {
            synchronized (LicenseManagerHolder.class) {
                if (LICENSE_MANAGER == null) {
                    LICENSE_MANAGER = new CustomLicenseManager(param);
                }
            }
        }
        return LICENSE_MANAGER;
    }
}
  • 定义授权文件校验类 LicenseVerify
public class LicenseVerify {
    public static Logger log = LoggerFactory.getLogger(LicenseVerify.class);
    /**
     * 安装License证书
     */
    public synchronized LicenseContent install(LicenseVerifyParam param) {
        LicenseContent result = null;
        DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        //1. 安装证书
        try {
            LicenseManager licenseManager = LicenseManagerHolder.getInstance(initLicenseParam(param));
            licenseManager.uninstall();
            result = licenseManager.install(new File(param.getLicensePath()));
            log.info(MessageFormat.format("证书安装成功,证书有效期:{0} - {1}", format.format(result.getNotBefore()), format.format(result.getNotAfter())));
        } catch (Exception e) {
            log.error("证书安装失败!", e);
        }
        return result;
    }
    /**
     * 校验License证书
     *
     * @return boolean
     */
    public boolean verify() {
        LicenseManager licenseManager = LicenseManagerHolder.getInstance(null);
        DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        //2. 校验证书
        try {
            LicenseContent licenseContent = licenseManager.verify();
//            System.out.println(licenseContent.getSubject());
            log.info(MessageFormat.format("证书校验通过,证书有效期:{0} - {1}", format.format(licenseContent.getNotBefore()), format.format(licenseContent.getNotAfter())));
            return true;
        } catch (Exception e) {
            log.error("证书校验失败!", e);
            return false;
        }
    }
    /**
     * 初始化证书生成参数
     *
     * @param param License校验类需要的参数
     * @return de.schlichtherle.license.LicenseParam
     */
    private LicenseParam initLicenseParam(LicenseVerifyParam param) {
        Preferences preferences = Preferences.userNodeForPackage(LicenseVerify.class);
        CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
        KeyStoreParam publicStoreParam = new CustomKeyStoreParam(LicenseVerify.class
                , param.getPublicKeysStorePath()
                , param.getPublicAlias()
                , param.getStorePass()
                , null);
        return new DefaultLicenseParam(param.getSubject()
                , preferences
                , publicStoreParam
                , cipherParam);
    }
}
  • 定义授权文件生成辅助类 LicenseCreator
public class LicenseCreator {
    public static Logger log = LoggerFactory.getLogger(LicenseCreator.class);
    private final static X500Principal DEFAULT_HOLDER_AND_ISSUER = new X500Principal("CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN");
    private LicenseCreatorParam param;
    public LicenseCreator(LicenseCreatorParam param) {
        this.param = param;
    }
    /**
     * 生成License证书
     *
     * @return boolean
     */
    public boolean generateLicense() {
        try {
            LicenseManager licenseManager = new CustomLicenseManager(initLicenseParam());
            LicenseContent licenseContent = initLicenseContent();
            licenseManager.store(licenseContent, new File(param.getLicensePath()));
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            log.error(MessageFormat.format("证书生成失败:{0}", param), e.getMessage());
            return false;
        }
    }
    /**
     * 初始化证书生成参数
     *
     * @return de.schlichtherle.license.LicenseParam
     */
    private LicenseParam initLicenseParam() {
        Preferences preferences = Preferences.userNodeForPackage(LicenseCreator.class);
        //设置对证书内容加密的秘钥
        CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
        KeyStoreParam privateStoreParam = new CustomKeyStoreParam(LicenseCreator.class
                , param.getPrivateKeysStorePath()
                , param.getPrivateAlias()
                , param.getStorePass()
                , param.getKeyPass());
        LicenseParam licenseParam = new DefaultLicenseParam(param.getSubject()
                , preferences
                , privateStoreParam
                , cipherParam);
        return licenseParam;
    }
    /**
     * 设置证书生成正文信息
     *
     * @return de.schlichtherle.license.LicenseContent
     */
    private LicenseContent initLicenseContent() {
        LicenseContent licenseContent = new LicenseContent();
        licenseContent.setHolder(DEFAULT_HOLDER_AND_ISSUER);
        licenseContent.setIssuer(DEFAULT_HOLDER_AND_ISSUER);
        licenseContent.setSubject(param.getSubject());
        licenseContent.setIssued(param.getIssuedTime());
        licenseContent.setNotBefore(param.getIssuedTime());
        licenseContent.setNotAfter(param.getExpiryTime());
        licenseContent.setConsumerType(param.getConsumerType());
        licenseContent.setConsumerAmount(param.getConsumerAmount());
        licenseContent.setInfo(param.getDescription());
        //扩展校验服务器硬件信息
        licenseContent.setExtra(param.getLicenseCheckModel());
        return licenseContent;
    }
}
  • 能看到的这的是真爱吧,毕竟全是代码干货,没有一丁点的理论啊,这谁能hold住
    下面就可以进入common模块的打包了,打包结束就可以提供给server模块和client模块使用了

Maven common 模块打包

https://mp.weixin.qq.com/s?__biz=MzIwNzYzODIxMw==&mid=2247485375&idx=1&sn=07664bdeae20b775b12a3ce9cd3ea0f2&chksm=970e1c15a0799503a15070ebfd09fda60b065ea51d5b9c1ce32539ad5fdb232a8f92b2053822#rd

  • license-common,修改 pom.xml中的打包插件为下面这种
<groupId>com.zuiyu</groupId>
    <artifactId>license-common</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>license-common</name>
    
<build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.8.1</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
        </plugins>
    </build>
  • 执行idea中的打包,也就是 mvn install

  • 需要引用该模块的代码项目pom.xml中加入以下内容
<dependency>
            <groupId>com.zuiyu</groupId>
            <artifactId>license-common</artifactId>
            <version>0.0.1-SNAPSHOT</version>
            <scope>compile</scope>
        </dependency>
  • 完整的核心pom.xml文件如下,只保留打包相关
  • license-common
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.zuiyu</groupId>
    <artifactId>license-common</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>license-common</name>
    <description>license-client</description>
    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.8.1</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

license-server

  • 引入license-common 模块
<dependency>
            <groupId>com.zuiyu</groupId>
            <artifactId>license-common</artifactId>
            <version>0.0.1-SNAPSHOT</version>
            <scope>compile</scope>
        </dependency>
  • 创建 LicenseCreatorController用于接口调用生成授权文件
@RestController
@RequestMapping("/license")
public class LicenseCreatorController {
    public static Logger log = LoggerFactory.getLogger(LicenseCreatorController.class);
    /**
     * 证书生成路径
     */
    @Value("${license.licensePath}")
    private String licensePath;
    @Value("${license.privateKeysStorePath}")
    private String privateKeysStorePath;
    /**
     * 获取服务器硬件信息
     *
     * @param osName 操作系统类型,如果为空则自动判断
     * @return com.ccx.models.license.LicenseCheckModel
     */
    @RequestMapping(value = "/getServerInfos", produces = {MediaType.APPLICATION_JSON_UTF8_VALUE})
    public LicenseCheckModel getServerInfos(@RequestParam(value = "osName", required = false) String osName) {
        //操作系统类型
        if (StringUtils.isBlank(osName)) {
            osName = System.getProperty("os.name");
        }
        osName = osName.toLowerCase();
        AbstractServerInfos abstractServerInfos = null;
        //根据不同操作系统类型选择不同的数据获取方法
        if (osName.startsWith("windows")) {
            abstractServerInfos = new WindowsServerInfos();
        } else if (osName.startsWith("linux")) {
            abstractServerInfos = new LinuxServerInfos();
        } else {//其他服务器类型
            abstractServerInfos = new LinuxServerInfos();
        }
        return abstractServerInfos.getServerInfos();
    }
    /**
     * 生成证书
     *
     * @param param 生成证书需要的参数,
     *              {
     *     "subject": "zuiyu_demo",
     *     "privateAlias": "zuiyuPrivateKey",
     *     "keyPass": "zuiyu_private_password_1234",
     *     "storePass": "zuiyu_public_password_1234",
     *     "licensePath": "/Users/cxt/Downloads/license/license7.lic",
     *     "privateKeysStorePath": "/Users/cxt/Downloads/license/privateKeys.keystore",
     *     "issuedTime": "2018-07-10 00:00:01",
     *     "expiryTime": "2022-12-31 23:59:59",
     *     "consumerType": "User",
     *     "consumerAmount": 1,
     *     "description": "这是证书描述信息",
     *     "licenseCheckModel": {
     *         "checkIp":false,
     *         "ipAddress": [""],
     *         "checkMac":true,
     *         "macAddress": ["aa-bb-cc-11"],
     *         "checkCpu":false,
     *         "cpuSerial": "",
     *         "checkMainBoard":false,
     *         "mainBoardSerial": ""
     *     }
     * }
     * @return java.util.Map<java.lang.String, java.lang.Object>
     */
    @RequestMapping(value = "/generateLicense", produces = {MediaType.APPLICATION_JSON_UTF8_VALUE})
    public Map<String, Object> generateLicense(HttpServletRequest request, @RequestBody LicenseCreatorParam param) {
        Map<String, Object> resultMap = new HashMap<>(2);
        if (StringUtils.isBlank(param.getLicensePath())) {
            param.setLicensePath(licensePath);
        }
        String path = System.getProperty("user.dir") + privateKeysStorePath;
        param.setPrivateKeysStorePath(path);
        LicenseCreator licenseCreator = new LicenseCreator(param);
        boolean result = licenseCreator.generateLicense();
        if (result) {
            resultMap.put("result", "ok");
            resultMap.put("msg", param);
        } else {
            resultMap.put("result", "error");
            resultMap.put("msg", "证书文件生成失败!");
        }
        return resultMap;
    }
}
  • 找到刚才生成的授权文件zuiyuPrivateKeys.keystore放入项目根目录license/zuiyuPrivateKeys.keystore
  • 修改application.properties
# license 默认生成地址
license.licensePath=/Users/cxt/Downloads/license/license.lic
# 授权签名文件相对项目的相对路径
license.privateKeysStorePath=/springboot-license/license-server/license/zuiyuPrivateKeys.keystore
  • 完整的项目结构如下
├── HELP.md
├── README.md
├── license
│   └── zuiyuPrivateKeys.keystore
├── pom.xml
├── src
│   ├── main
│   │   ├── java
│   │   │   └── com
│   │   │       └── zuiyu
│   │   │           └── server
│   │   │               ├── LicenseServerApplication.java
│   │   │               └── controller
│   │   │                   └── LicenseCreatorController.java
│   │   └── resources
│   │       └── application.properties
  • 请求接口生成授权
Post localhost:8080/license/generateLicense
{
    "subject": "zuiyu_demo",
    "privateAlias": "zuiyuPrivateKey",
    "keyPass": "zuiyu_private_password_1234",
    "storePass": "zuiyu_public_password_1234",
    "licensePath": "/Users/cxt/Downloads/license/license7.lic",
    "privateKeysStorePath": "/Users/cxt/Downloads/license/privateKeys.keystore",
    "issuedTime": "2018-07-10 00:00:01",
    "expiryTime": "2022-12-31 23:59:59",
    "consumerType": "User",
    "consumerAmount": 1,
    "description": "这是证书描述信息",
    "licenseCheckModel": {
        "checkIp":false,
        "ipAddress": [""],
        "checkMac":true,
        "macAddress": ["aa-bb-cc-11"],
        "checkCpu":false,
        "cpuSerial": "",
        "checkMainBoard":false,
        "mainBoardSerial": ""
    }
}

license-client

  • 引入license-common 模块
<dependency>
            <groupId>com.zuiyu</groupId>
            <artifactId>license-common</artifactId>
            <version>0.0.1-SNAPSHOT</version>
            <scope>compile</scope>
        </dependency>
  • 注册授权验证拦截器InterceptorConfig
@Component
public class InterceptorConfig implements WebMvcConfigurer {
    @Resource
    private LicenseCheckInterceptor licenseCheckInterceptor;
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 添加要拦截的url
        registry.addInterceptor(licenseCheckInterceptor)
                // 拦截的路径
                .addPathPatterns("/**");
        // 放行的路径
//                .excludePathPatterns("/admin/login");
    }
}
  • 定义拦截器拦截请求验证授权 LicenseCheckInterceptor
@Component
public class LicenseCheckInterceptor implements HandlerInterceptor {
    public static Logger log = LoggerFactory.getLogger(LicenseCheckInterceptor.class);
    /**
     * 进入controller层之前拦截请求
     *
     * @param request
     * @param response
     * @param handler
     * @return
     * @throws Exception
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        log.info("进入拦截器,验证证书可使用性");
        LicenseVerify licenseVerify = new LicenseVerify();
        //校验证书是否有效
        boolean verifyResult = licenseVerify.verify();
        if (verifyResult) {
            log.info("验证成功,证书可用");
            return true;
        } else {
            log.info("验证失败,证书无效");
            response.setCharacterEncoding("utf-8");
            Map<String, String> result = new HashMap<>(1);
            result.put("result", "您的证书无效,请核查服务器是否取得授权或重新申请证书!");
            response.getWriter().write(JSON.toJSONString(result));
            return false;
        }
    }
    /**
     * 处理请求完成后视图渲染之前的处理操作
     *
     * @param request
     * @param response
     * @param handler
     * @param modelAndView
     * @throws Exception
     */
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
        log.info("处理请求完成后视图渲染之前的处理操作");
    }
    /**
     * 视图渲染之后的操作
     *
     * @param request
     * @param response
     * @param handler
     * @param ex
     * @throws Exception
     */
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
        log.info("视图渲染之后的操作");
    }
}
  • 定义启动应用时检查授权LicenseCheckListener
@Component
public class LicenseCheckListener implements ApplicationListener<ContextRefreshedEvent> {
    public static Logger log = LoggerFactory.getLogger(LicenseCheckListener.class);
    /**
     * 证书subject
     */
    @Value("${license.subject}")
    private String subject;
    /**
     * 公钥别称
     */
    @Value("${license.publicAlias}")
    private String publicAlias;
    /**
     * 访问公钥库的密码
     */
    @Value("${license.storePass}")
    private String storePass;
    /**
     * 证书生成路径
     */
    @Value("${license.licensePath}")
    private String licensePath;
    /**
     * 密钥库存储路径
     */
    @Value("${license.publicKeysStorePath}")
    private String publicKeysStorePath;
    @Override
    public void onApplicationEvent(ContextRefreshedEvent event) {
        // root application context 没有parent
        ApplicationContext context = event.getApplicationContext().getParent();
        if (context == null) {
            if (StringUtils.isNotBlank(licensePath)) {
                log.info("++++++++ 开始安装证书 ++++++++");
                LicenseVerifyParam param = new LicenseVerifyParam();
                param.setSubject(subject);
                param.setPublicAlias(publicAlias);
                param.setStorePass(storePass);
                param.setLicensePath(licensePath);
                param.setPublicKeysStorePath(System.getProperty("user.dir") + publicKeysStorePath);
                LicenseVerify licenseVerify = new LicenseVerify();
                //安装证书
                licenseVerify.install(param);
                log.info("++++++++ 证书安装结束 ++++++++");
            }
        }
    }
}
  • 新建一个测试类,测试授权是否生效LoginController
public class LoginController {
    public static Logger log = LoggerFactory.getLogger(LoginController.class);
    @GetMapping(value = "login")
    public Map<String, Object> test(@RequestParam(required = true) String loginName, @RequestParam(required = true) String password) {
        Map<String, Object> result = new HashMap<>(1);
        log.info(MessageFormat.format("登录名称:{0},密码:{1}", loginName, password));
        //模拟登录
        log.info("模拟登录被拦截检查证书可用性");
        result.put("code", 200);
        return result;
    }
}
  • 测试接口调用
get localhost:8082/login?loginName=111&password=111
  • 完整代码结构如下
├── HELP.md
├── README.md
├── license
│   └── zuiyuPublicCerts.keystore
├── pom.xml
├── src
│   ├── main
│   │   ├── java
│   │   │   └── com
│   │   │       └── zuiyu
│   │   │           └── client
│   │   │               ├── LicenseClientApplication.java
│   │   │               ├── config
│   │   │               │   └── InterceptorConfig.java
│   │   │               ├── controller
│   │   │               │   └── LoginController.java
│   │   │               ├── interceptor
│   │   │               │   └── LicenseCheckInterceptor.java
│   │   │               └── license
│   │   │                   └── LicenseCheckListener.java
│   │   └── resources
│   │       └── application.properties


相关实践学习
部署Stable Diffusion玩转AI绘画(GPU云服务器)
本实验通过在ECS上从零开始部署Stable Diffusion来进行AI绘画创作,开启AIGC盲盒。
目录
相关文章
|
23天前
|
安全 Java 数据库
安全无忧!在 Spring Boot 3.3 中轻松实现 TOTP 双因素认证
【10月更文挑战第8天】在现代应用程序开发中,安全性是一个不可忽视的重要环节。随着技术的发展,双因素认证(2FA)已经成为增强应用安全性的重要手段之一。本文将详细介绍如何在 Spring Boot 3.3 中实现基于时间的一次性密码(TOTP)双因素认证,让你的应用安全无忧。
58 5
|
3月前
|
SQL Java 测试技术
在Spring boot中 使用JWT和过滤器实现登录认证
在Spring boot中 使用JWT和过滤器实现登录认证
202 0
|
29天前
|
安全 Java 关系型数据库
springboot整合springsecurity,从数据库中认证
本文介绍了如何在SpringBoot应用中整合Spring Security,并从数据库中进行用户认证的完整步骤,包括依赖配置、数据库表创建、用户实体和仓库接口、用户详情服务类、安全配置类、控制器类以及数据库初始化器的实现。
76 3
springboot整合springsecurity,从数据库中认证
|
24天前
|
NoSQL Java Redis
shiro学习四:使用springboot整合shiro,正常的企业级后端开发shiro认证鉴权流程。使用redis做token的过滤。md5做密码的加密。
这篇文章介绍了如何使用Spring Boot整合Apache Shiro框架进行后端开发,包括认证和授权流程,并使用Redis存储Token以及MD5加密用户密码。
22 0
shiro学习四:使用springboot整合shiro,正常的企业级后端开发shiro认证鉴权流程。使用redis做token的过滤。md5做密码的加密。
|
3月前
|
消息中间件 安全 Java
Spring Boot 基于 SCRAM 认证集成 Kafka 的详解
【8月更文挑战第4天】本文详解Spring Boot结合SCRAM认证集成Kafka的过程。SCRAM为Kafka提供安全身份验证。首先确认Kafka服务已启用SCRAM,并准备认证凭据。接着,在`pom.xml`添加`spring-kafka`依赖,并在`application.properties`中配置Kafka属性,包括SASL_SSL协议与SCRAM-SHA-256机制。创建生产者与消费者类以实现消息的发送与接收功能。最后,通过实际消息传递测试集成效果与认证机制的有效性。
125 4
|
6月前
|
JavaScript Java 测试技术
基于springboot+vue.js的基于工程教育认证的计算机课程管理平台附带文章和源代码设计说明文档ppt
基于springboot+vue.js的基于工程教育认证的计算机课程管理平台附带文章和源代码设计说明文档ppt
49 6
|
5月前
|
存储 安全 Java
Spring Boot中的OAuth2认证与授权
Spring Boot中的OAuth2认证与授权
|
5月前
|
安全 Java Spring
教程:在Spring Boot应用中集成OAuth 2.0认证
教程:在Spring Boot应用中集成OAuth 2.0认证
1天搞定SpringBoot+Vue全栈开发 (9)JWT跨域认证
1天搞定SpringBoot+Vue全栈开发 (9)JWT跨域认证
|
5月前
|
NoSQL 安全 Linux
springboot+shiro+redis前后端分离实现认证(一)
springboot+shiro+redis前后端分离实现认证(一)
189 0