增加license管理；修复密码验证错误

pom.xml

@@ -15,7 +15,7 @@
     </parent>
 
     <properties>
-        <auth.version>product-v2-1.0.3-rc1</auth.version>
+        <auth.version>product-v2-1.0.3-rc4</auth.version>
         <config.version>product-v1-1.0.4-rc1</config.version>
         <crypto.version>product-v1-1.0.4-rc1</crypto.version>
     </properties>
@@ -61,7 +61,8 @@
             <resource>
                 <directory>src/main/resources</directory>
                 <excludes>
-                    <exclude>bootstrap.yml</exclude>
+<!--                    <exclude>bootstrap.yml</exclude>-->
+                    <exclude>license.dat</exclude>
                 </excludes>
             </resource>
         </resources>

src/assembly/bin/startup.sh

@@ -7,7 +7,7 @@ TEMP_DIR="-Djava.io.tmpdir=/tmp"
 PROFILE="default"
 CONFIG_URL="http://c0:8082"
 JVM_OPTS="-Xmx64M -Xms64M"
-JAVA_OPTS="-server $JVM_OPTS -XX:+UseCompressedOops -XX:+UseG1GC"
+JAVA_OPTS="-server $JVM_OPTS -XX:+UseCompressedOops -XX:+UseG1GC -DlicenseFile=$BASE_LOC/config/license.dat"
 SPRING_OPTS="--spring.cloud.config.uri=$CONFIG_URL --spring.profiles.active=$PROFILE --logging.config=$BASE_LOC/config/logback-custom.xml"
 JAR_NAME="$APP_NAME.jar"
 

src/assembly/server-dist.xml

@@ -22,6 +22,7 @@
             <outputDirectory>config</outputDirectory>
             <includes>
                 <include>**/*.xml</include>
+                <include>**/*.dat</include>
             </includes>
             <fileMode>755</fileMode>
         </fileSet>

src/main/java/com/keymobile/sso/conf/LicenseChecker.java

+package com.keymobile.sso.conf;
+
+import com.keymobile.crypto.aes.AESUtil;
+import com.keymobile.sso.logging.LogConstants;
+import com.keymobile.sso.logging.LogManager;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.time.LocalDate;
+import java.util.Base64;
+
+@Component
+public class LicenseChecker {
+
+    private String readLicense() throws IOException {
+        Path path = Paths.get(SystemVariable.getLicenseFileName());
+        return new String(Files.readAllBytes(path));
+    }
+
+    boolean check() throws InvalidAlgorithmParameterException, NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, BadPaddingException, InvalidKeyException, IOException {
+        SecretKey secretKey = new SecretKeySpec(Base64.getDecoder().decode("NCXgEu++tYgACfaC0zt7E+Ti5CR4AZ3NkTVhfvsgEjc="), "AES");
+        IvParameterSpec ivParameterSpec = new IvParameterSpec(Base64.getDecoder().decode("2w6UWLMm0Om7fCAfpfkyeA=="));
+
+        String expiredDate = AESUtil.decryptPasswordBased(readLicense(), secretKey, ivParameterSpec);
+
+        LocalDate expired = LocalDate.parse(expiredDate);
+        LogManager.logInfo(LogConstants.CTX_AUDIT, "License will expire at " + expiredDate + ".");
+
+        LocalDate current = LocalDate.now();
+
+        if (!expired.isAfter(current)) {
+            return false;
+        } else {
+            return true;
+        }
+    }
+
+}

src/main/java/com/keymobile/sso/conf/RESTAuthenticationEntryPoint.java

 package com.keymobile.sso.conf;
 
-import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.security.core.AuthenticationException;
@@ -14,7 +13,7 @@ public class RESTAuthenticationEntryPoint implements AuthenticationEntryPoint {
 
     @Override
     public void commence(HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException authException)
-            throws IOException, ServletException {
+            throws IOException {
         response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
     }
 

src/main/java/com/keymobile/sso/conf/RESTAuthenticationSuccessHandler.java

 package com.keymobile.sso.conf;
 
+import com.keymobile.sso.logging.LogConstants;
+import com.keymobile.sso.logging.LogManager;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -17,6 +20,8 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
 
     @Value("${self.web.login.allowRoot:true}")
     private boolean rootAllowLogin = true;
+    @Autowired
+    private LicenseChecker licenseChecker;
 
     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
@@ -27,8 +32,25 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
         UserDetails userDetails = (UserDetails) authentication.getPrincipal();
         String userNameWithIdAttached = userDetails.getUsername();
         if (userNameWithIdAttached.split(":")[0].equalsIgnoreCase("root")
-                && !rootAllowLogin)
+                && !rootAllowLogin) {
             returnStatus = "root not allow login";
+        }
+
+        if (!SystemVariable.isDisableLicenceCheck()) {
+            try {
+                if (!licenseChecker.check()) {
+                    returnStatus = "license expired";
+                }
+                LogManager.logInfo(LogConstants.CTX_AUDIT, "License checked.");
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+
+        if (returnStatus.equals("ok")) {
+            LogManager.logInfo(LogConstants.CTX_AUDIT, userNameWithIdAttached + " 登录了系统");
+        }
+
         PrintWriter writer = response.getWriter();
         writer.write(returnStatus);
         writer.flush();

src/main/java/com/keymobile/sso/conf/SsoSecurityConfig.java

 package com.keymobile.sso.conf;
 
-import org.apache.commons.codec.digest.DigestUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-
-import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 
@@ -28,13 +24,21 @@ public class SsoSecurityConfig {
 
     @Bean
     public PasswordEncoder passwordEncoder() {
-        return NoOpPasswordEncoder.getInstance();
+        return new PasswordEncoder() {
+            public String encode(CharSequence rawPassword) {
+                return rawPassword.toString();
+            }
+
+            public boolean matches(CharSequence rawPassword, String encodedPassword) {
+                return encode(rawPassword).equals(encodedPassword);
+            }
+        };
     }
 
     @Bean
     protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http.authorizeHttpRequests((request) -> {
-            request.anyRequest().permitAll();
+            request.anyRequest().authenticated();
         });
         http.csrf((httpSecurityCsrfConfigurer) -> {
             httpSecurityCsrfConfigurer.disable();
@@ -56,19 +60,5 @@ public class SsoSecurityConfig {
         return http.build();
     }
 
-    class SHA1PasswordEncoder implements PasswordEncoder {
-
-        @Override
-        public String encode(CharSequence charSequence) {
-            return DigestUtils.sha1Hex(charSequence.toString());
-        }
-
-        @Override
-        public boolean matches(CharSequence charSequence, String s) {
-            return DigestUtils.sha1Hex(charSequence.toString()).equals(s);
-        }
-
-    }
-
 }
 

src/main/java/com/keymobile/sso/conf/SystemVariable.java

+package com.keymobile.sso.conf;
+
+import org.apache.commons.lang.StringUtils;
+
+public class SystemVariable {
+
+    private static String disableLicenceCheck = "";
+    private static String licenseFileName = "";
+
+    static {
+        disableLicenceCheck = System.getProperty("disableLicenceCheck");
+        licenseFileName = System.getProperty("licenseFile");
+
+        System.out.println("------------ SSO Global Settings ------------");
+        System.out.println("disableLicenceCheck:" + isDisableLicenceCheck());
+        System.out.println("licenseFile:" + getLicenseFileName());
+        System.out.println("-----------------------------------------------------");
+    }
+
+    public static boolean isDisableLicenceCheck() {
+        if (StringUtils.isNotEmpty(disableLicenceCheck) && disableLicenceCheck.equals("true")) {
+            return true;
+        }
+        return false;
+    }
+
+    public static String getLicenseFileName() {
+        if (StringUtils.isNotEmpty(licenseFileName)) {
+            return licenseFileName;
+        }
+        return "classpath:license.dat";
+    }
+
+
+}
\ No newline at end of file

src/main/resources/license.dat

+tEAS/DJglXGdXIq0wZaHfQ==
\ No newline at end of file