b98f8627ac
This pull request includes several changes to the `SecurityConfiguration` and other related classes to enhance security and configuration management. The most important changes involve adding new beans, modifying logging levels, and updating dependency injections. Enhancements to security configuration: * [`src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java`](diffhunk://#diff-49df1b16b72e9fcaa7d0c58f46c94ffda0033f5f5e3ddab90a88e2f9022b66f4L3-L36): Added new dependencies and beans for `GrantedAuthoritiesMapper`, `RelyingPartyRegistrationRepository`, and `OpenSaml4AuthenticationRequestResolver`. Removed unused imports and simplified the class by removing the `@Lazy` annotation from `UserService`. [[1]](diffhunk://#diff-49df1b16b72e9fcaa7d0c58f46c94ffda0033f5f5e3ddab90a88e2f9022b66f4L3-L36) [[2]](diffhunk://#diff-49df1b16b72e9fcaa7d0c58f46c94ffda0033f5f5e3ddab90a88e2f9022b66f4L46-L63) [[3]](diffhunk://#diff-49df1b16b72e9fcaa7d0c58f46c94ffda0033f5f5e3ddab90a88e2f9022b66f4L75-R52) [[4]](diffhunk://#diff-49df1b16b72e9fcaa7d0c58f46c94ffda0033f5f5e3ddab90a88e2f9022b66f4R66-L98) [[5]](diffhunk://#diff-49df1b16b72e9fcaa7d0c58f46c94ffda0033f5f5e3ddab90a88e2f9022b66f4L109-R85) [[6]](diffhunk://#diff-49df1b16b72e9fcaa7d0c58f46c94ffda0033f5f5e3ddab90a88e2f9022b66f4R96-R98) Logging improvements: * [`src/main/java/stirling/software/SPDF/EE/KeygenLicenseVerifier.java`](diffhunk://#diff-742f789731a32cb5aa20f7067ef18049002eec2a4909ef6f240d2a26bdcb53c4L97-R97): Changed the logging level from `info` to `debug` for the license validation response body to reduce log verbosity in production. Configuration updates: * [`src/main/java/stirling/software/SPDF/EE/EEAppConfig.java`](diffhunk://#diff-d842c2a4cf43f37ab5edcd644b19a51d614cb0e39963789e1c7e9fb28ddc1de8R30-R34): Added a new bean `ssoAutoLogin` to manage single sign-on auto-login configuration in the enterprise edition. These changes collectively enhance the security configuration and logging management of the application. Please provide a summary of the changes, including relevant motivation and context. Closes #(issue_number) ## Checklist - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have performed a self-review of my own code - [ ] I have attached images of the change if it is UI based - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] If my code has heavily changed functionality I have updated relevant docs on [Stirling-PDFs doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) - [ ] My changes generate no new warnings - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only)
205 lines
9.4 KiB
Java
205 lines
9.4 KiB
Java
package stirling.software.SPDF.EE;
|
|
|
|
import java.net.URI;
|
|
import java.net.http.HttpClient;
|
|
import java.net.http.HttpRequest;
|
|
import java.net.http.HttpResponse;
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.stereotype.Service;
|
|
|
|
import com.fasterxml.jackson.databind.JsonNode;
|
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
|
import com.posthog.java.shaded.org.json.JSONObject;
|
|
|
|
import lombok.extern.slf4j.Slf4j;
|
|
import stirling.software.SPDF.model.ApplicationProperties;
|
|
import stirling.software.SPDF.utils.GeneralUtils;
|
|
|
|
@Service
|
|
@Slf4j
|
|
public class KeygenLicenseVerifier {
|
|
private static final String ACCOUNT_ID = "e5430f69-e834-4ae4-befd-b602aae5f372";
|
|
private static final String BASE_URL = "https://api.keygen.sh/v1/accounts";
|
|
private static final ObjectMapper objectMapper = new ObjectMapper();
|
|
|
|
private final ApplicationProperties applicationProperties;
|
|
|
|
@Autowired
|
|
public KeygenLicenseVerifier(ApplicationProperties applicationProperties) {
|
|
this.applicationProperties = applicationProperties;
|
|
}
|
|
|
|
public boolean verifyLicense(String licenseKey) {
|
|
try {
|
|
log.info("Checking license key");
|
|
String machineFingerprint = generateMachineFingerprint();
|
|
|
|
// First, try to validate the license
|
|
JsonNode validationResponse = validateLicense(licenseKey, machineFingerprint);
|
|
if (validationResponse != null) {
|
|
boolean isValid = validationResponse.path("meta").path("valid").asBoolean();
|
|
String licenseId = validationResponse.path("data").path("id").asText();
|
|
if (!isValid) {
|
|
String code = validationResponse.path("meta").path("code").asText();
|
|
log.debug(code);
|
|
if ("NO_MACHINE".equals(code)
|
|
|| "NO_MACHINES".equals(code)
|
|
|| "FINGERPRINT_SCOPE_MISMATCH".equals(code)) {
|
|
log.info(
|
|
"License not activated for this machine. Attempting to activate...");
|
|
boolean activated =
|
|
activateMachine(licenseKey, licenseId, machineFingerprint);
|
|
if (activated) {
|
|
// Revalidate after activation
|
|
validationResponse = validateLicense(licenseKey, machineFingerprint);
|
|
isValid =
|
|
validationResponse != null
|
|
&& validationResponse
|
|
.path("meta")
|
|
.path("valid")
|
|
.asBoolean();
|
|
}
|
|
}
|
|
}
|
|
return isValid;
|
|
}
|
|
|
|
return false;
|
|
} catch (Exception e) {
|
|
log.error("Error verifying license: " + e.getMessage());
|
|
return false;
|
|
}
|
|
}
|
|
|
|
private JsonNode validateLicense(String licenseKey, String machineFingerprint)
|
|
throws Exception {
|
|
HttpClient client = HttpClient.newHttpClient();
|
|
String requestBody =
|
|
String.format(
|
|
"{\"meta\":{\"key\":\"%s\",\"scope\":{\"fingerprint\":\"%s\"}}}",
|
|
licenseKey, machineFingerprint);
|
|
HttpRequest request =
|
|
HttpRequest.newBuilder()
|
|
.uri(
|
|
URI.create(
|
|
BASE_URL
|
|
+ "/"
|
|
+ ACCOUNT_ID
|
|
+ "/licenses/actions/validate-key"))
|
|
.header("Content-Type", "application/vnd.api+json")
|
|
.header("Accept", "application/vnd.api+json")
|
|
// .header("Authorization", "License " + licenseKey)
|
|
.POST(HttpRequest.BodyPublishers.ofString(requestBody))
|
|
.build();
|
|
|
|
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
|
|
log.debug(" validateLicenseResponse body: " + response.body());
|
|
JsonNode jsonResponse = objectMapper.readTree(response.body());
|
|
if (response.statusCode() == 200) {
|
|
|
|
JsonNode metaNode = jsonResponse.path("meta");
|
|
boolean isValid = metaNode.path("valid").asBoolean();
|
|
|
|
String detail = metaNode.path("detail").asText();
|
|
String code = metaNode.path("code").asText();
|
|
|
|
log.debug("License validity: " + isValid);
|
|
log.debug("Validation detail: " + detail);
|
|
log.debug("Validation code: " + code);
|
|
|
|
int users =
|
|
jsonResponse
|
|
.path("data")
|
|
.path("attributes")
|
|
.path("metadata")
|
|
.path("users")
|
|
.asInt(0);
|
|
applicationProperties.getEnterpriseEdition().setMaxUsers(users);
|
|
log.info(applicationProperties.toString());
|
|
|
|
} else {
|
|
log.error("Error validating license. Status code: " + response.statusCode());
|
|
}
|
|
return jsonResponse;
|
|
}
|
|
|
|
private boolean activateMachine(String licenseKey, String licenseId, String machineFingerprint)
|
|
throws Exception {
|
|
HttpClient client = HttpClient.newHttpClient();
|
|
|
|
String hostname;
|
|
try {
|
|
hostname = java.net.InetAddress.getLocalHost().getHostName();
|
|
} catch (Exception e) {
|
|
hostname = "Unknown";
|
|
}
|
|
|
|
JSONObject body =
|
|
new JSONObject()
|
|
.put(
|
|
"data",
|
|
new JSONObject()
|
|
.put("type", "machines")
|
|
.put(
|
|
"attributes",
|
|
new JSONObject()
|
|
.put("fingerprint", machineFingerprint)
|
|
.put(
|
|
"platform",
|
|
System.getProperty(
|
|
"os.name")) // Added
|
|
// platform
|
|
// parameter
|
|
.put(
|
|
"name",
|
|
hostname)) // Added name parameter
|
|
.put(
|
|
"relationships",
|
|
new JSONObject()
|
|
.put(
|
|
"license",
|
|
new JSONObject()
|
|
.put(
|
|
"data",
|
|
new JSONObject()
|
|
.put(
|
|
"type",
|
|
"licenses")
|
|
.put(
|
|
"id",
|
|
licenseId)))));
|
|
|
|
HttpRequest request =
|
|
HttpRequest.newBuilder()
|
|
.uri(URI.create(BASE_URL + "/" + ACCOUNT_ID + "/machines"))
|
|
.header("Content-Type", "application/vnd.api+json")
|
|
.header("Accept", "application/vnd.api+json")
|
|
.header(
|
|
"Authorization",
|
|
"License " + licenseKey) // Keep the license key authentication
|
|
.POST(
|
|
HttpRequest.BodyPublishers.ofString(
|
|
body.toString())) // Send the JSON body
|
|
.build();
|
|
|
|
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
|
|
log.debug("activateMachine Response body: " + response.body());
|
|
if (response.statusCode() == 201) {
|
|
log.info("Machine activated successfully");
|
|
return true;
|
|
} else {
|
|
log.error(
|
|
"Error activating machine. Status code: {}, error: {}",
|
|
response.statusCode(),
|
|
response.body());
|
|
|
|
return false;
|
|
}
|
|
}
|
|
|
|
private String generateMachineFingerprint() {
|
|
return GeneralUtils.generateMachineFingerprint();
|
|
}
|
|
}
|