github.com/levb/mattermost-server@v5.3.1+incompatible/utils/license.go (about) 1 // Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package utils 5 6 import ( 7 "crypto" 8 "crypto/rsa" 9 "crypto/sha512" 10 "crypto/x509" 11 "encoding/base64" 12 "encoding/pem" 13 "fmt" 14 "io/ioutil" 15 "os" 16 "path/filepath" 17 "strconv" 18 "strings" 19 20 "github.com/mattermost/mattermost-server/mlog" 21 "github.com/mattermost/mattermost-server/model" 22 ) 23 24 var publicKey []byte = []byte(`-----BEGIN PUBLIC KEY----- 25 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZmShlU8Z8HdG0IWSZ8r 26 tSyzyxrXkJjsFUf0Ke7bm/TLtIggRdqOcUF3XEWqQk5RGD5vuq7Rlg1zZqMEBk8N 27 EZeRhkxyaZW8pLjxwuBUOnXfJew31+gsTNdKZzRjrvPumKr3EtkleuoxNdoatu4E 28 HrKmR/4Yi71EqAvkhk7ZjQFuF0osSWJMEEGGCSUYQnTEqUzcZSh1BhVpkIkeu8Kk 29 1wCtptODixvEujgqVe+SrE3UlZjBmPjC/CL+3cYmufpSNgcEJm2mwsdaXp2OPpfn 30 a0v85XL6i9ote2P+fLZ3wX9EoioHzgdgB7arOxY50QRJO7OyCqpKFKv6lRWTXuSt 31 hwIDAQAB 32 -----END PUBLIC KEY-----`) 33 34 func ValidateLicense(signed []byte) (bool, string) { 35 decoded := make([]byte, base64.StdEncoding.DecodedLen(len(signed))) 36 37 _, err := base64.StdEncoding.Decode(decoded, signed) 38 if err != nil { 39 mlog.Error(fmt.Sprintf("Encountered error decoding license, err=%v", err.Error())) 40 return false, "" 41 } 42 43 if len(decoded) <= 256 { 44 mlog.Error("Signed license not long enough") 45 return false, "" 46 } 47 48 // remove null terminator 49 for decoded[len(decoded)-1] == byte(0) { 50 decoded = decoded[:len(decoded)-1] 51 } 52 53 plaintext := decoded[:len(decoded)-256] 54 signature := decoded[len(decoded)-256:] 55 56 block, _ := pem.Decode(publicKey) 57 58 public, err := x509.ParsePKIXPublicKey(block.Bytes) 59 if err != nil { 60 mlog.Error(fmt.Sprintf("Encountered error signing license, err=%v", err.Error())) 61 return false, "" 62 } 63 64 rsaPublic := public.(*rsa.PublicKey) 65 66 h := sha512.New() 67 h.Write(plaintext) 68 d := h.Sum(nil) 69 70 err = rsa.VerifyPKCS1v15(rsaPublic, crypto.SHA512, d, signature) 71 if err != nil { 72 mlog.Error(fmt.Sprintf("Invalid signature, err=%v", err.Error())) 73 return false, "" 74 } 75 76 return true, string(plaintext) 77 } 78 79 func GetAndValidateLicenseFileFromDisk(location string) (*model.License, []byte) { 80 fileName := GetLicenseFileLocation(location) 81 82 if _, err := os.Stat(fileName); err != nil { 83 mlog.Debug(fmt.Sprintf("We could not find the license key in the database or on disk at %v", fileName)) 84 return nil, nil 85 } 86 87 mlog.Info(fmt.Sprintf("License key has not been uploaded. Loading license key from disk at %v", fileName)) 88 licenseBytes := GetLicenseFileFromDisk(fileName) 89 90 if success, licenseStr := ValidateLicense(licenseBytes); !success { 91 mlog.Error(fmt.Sprintf("Found license key at %v but it appears to be invalid.", fileName)) 92 return nil, nil 93 } else { 94 return model.LicenseFromJson(strings.NewReader(licenseStr)), licenseBytes 95 } 96 } 97 98 func GetLicenseFileFromDisk(fileName string) []byte { 99 file, err := os.Open(fileName) 100 if err != nil { 101 mlog.Error(fmt.Sprintf("Failed to open license key from disk at %v err=%v", fileName, err.Error())) 102 return nil 103 } 104 defer file.Close() 105 106 licenseBytes, err := ioutil.ReadAll(file) 107 if err != nil { 108 mlog.Error(fmt.Sprintf("Failed to read license key from disk at %v err=%v", fileName, err.Error())) 109 return nil 110 } 111 112 return licenseBytes 113 } 114 115 func GetLicenseFileLocation(fileLocation string) string { 116 if fileLocation == "" { 117 configDir, _ := FindDir("config") 118 return filepath.Join(configDir, "mattermost.mattermost-license") 119 } else { 120 return fileLocation 121 } 122 } 123 124 func GetClientLicense(l *model.License) map[string]string { 125 props := make(map[string]string) 126 127 props["IsLicensed"] = strconv.FormatBool(l != nil) 128 129 if l != nil { 130 props["Id"] = l.Id 131 props["Users"] = strconv.Itoa(*l.Features.Users) 132 props["LDAP"] = strconv.FormatBool(*l.Features.LDAP) 133 props["MFA"] = strconv.FormatBool(*l.Features.MFA) 134 props["SAML"] = strconv.FormatBool(*l.Features.SAML) 135 props["Cluster"] = strconv.FormatBool(*l.Features.Cluster) 136 props["Metrics"] = strconv.FormatBool(*l.Features.Metrics) 137 props["GoogleOAuth"] = strconv.FormatBool(*l.Features.GoogleOAuth) 138 props["Office365OAuth"] = strconv.FormatBool(*l.Features.Office365OAuth) 139 props["Compliance"] = strconv.FormatBool(*l.Features.Compliance) 140 props["MHPNS"] = strconv.FormatBool(*l.Features.MHPNS) 141 props["Announcement"] = strconv.FormatBool(*l.Features.Announcement) 142 props["Elasticsearch"] = strconv.FormatBool(*l.Features.Elasticsearch) 143 props["DataRetention"] = strconv.FormatBool(*l.Features.DataRetention) 144 props["IssuedAt"] = strconv.FormatInt(l.IssuedAt, 10) 145 props["StartsAt"] = strconv.FormatInt(l.StartsAt, 10) 146 props["ExpiresAt"] = strconv.FormatInt(l.ExpiresAt, 10) 147 props["Name"] = l.Customer.Name 148 props["Email"] = l.Customer.Email 149 props["Company"] = l.Customer.Company 150 props["PhoneNumber"] = l.Customer.PhoneNumber 151 props["EmailNotificationContents"] = strconv.FormatBool(*l.Features.EmailNotificationContents) 152 props["MessageExport"] = strconv.FormatBool(*l.Features.MessageExport) 153 props["CustomPermissionsSchemes"] = strconv.FormatBool(*l.Features.CustomPermissionsSchemes) 154 } 155 156 return props 157 }