license verification services for user/org

2025-07-01 08:02:49 -05:00 · 2017-08-09 17:01:37 -04:00
parent 3deec076c7
commit a1d064ed9e
26 changed files with 457 additions and 2 deletions
--- a/src/Core/Models/Business/ILicense.cs
+++ b/src/Core/Models/Business/ILicense.cs
@ -0,0 +1,17 @@
+using System;
+using System.Security.Cryptography.X509Certificates;
+
+namespace Bit.Core.Models.Business
+{
+    public interface ILicense
+    {
+        string LicenseKey { get; set; }
+        int Version { get; set; }
+        DateTime Issued { get; set; }
+        DateTime Expires { get; set; }
+        bool Trial { get; set; }
+        string Signature { get; set; }
+        byte[] GetSignatureData();
+        bool VerifySignature(X509Certificate2 certificate);
+    }
+}
--- a/src/Core/Models/Business/OrganizationLicense.cs
+++ b/src/Core/Models/Business/OrganizationLicense.cs
@ -0,0 +1,119 @@
+using Bit.Core.Enums;
+using Bit.Core.Models.Table;
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+
+namespace Bit.Core.Models.Business
+{
+    public class OrganizationLicense : ILicense
+    {
+        public OrganizationLicense()
+        { }
+
+        public OrganizationLicense(Organization org)
+        {
+            LicenseKey = "";
+            Id = org.Id;
+            Name = org.Name;
+            Enabled = org.Enabled;
+            Seats = org.Seats;
+            MaxCollections = org.MaxCollections;
+            UseGroups = org.UseGroups;
+            UseDirectory = org.UseDirectory;
+            UseTotp = org.UseTotp;
+            MaxStorageGb = org.MaxStorageGb;
+            SelfHost = org.SelfHost;
+            Version = 1;
+        }
+
+        public string LicenseKey { get; set; }
+        public Guid Id { get; set; }
+        public string Name { get; set; }
+        public bool Enabled { get; set; }
+        public string Plan { get; set; }
+        public PlanType PlanType { get; set; }
+        public short? Seats { get; set; }
+        public short? MaxCollections { get; set; }
+        public bool UseGroups { get; set; }
+        public bool UseDirectory { get; set; }
+        public bool UseTotp { get; set; }
+        public short? MaxStorageGb { get; set; }
+        public bool SelfHost { get; set; }
+        public int Version { get; set; }
+        public DateTime Issued { get; set; }
+        public DateTime Expires { get; set; }
+        public bool Trial { get; set; }
+        public string Signature { get; set; }
+        public byte[] SignatureBytes => Convert.FromBase64String(Signature);
+
+        public byte[] GetSignatureData()
+        {
+            string data = null;
+            if(Version == 1)
+            {
+                data = string.Format("organization:{0}_{1}_{2}_{3}_{4}_{5}_{6}_{7}_{8}_{9}_{10}_{11}_{12}_{13}",
+                    Version,
+                    Utilities.CoreHelpers.ToEpocMilliseconds(Issued),
+                    Utilities.CoreHelpers.ToEpocMilliseconds(Expires),
+                    LicenseKey,
+                    Id,
+                    Enabled,
+                    PlanType,
+                    Seats,
+                    MaxCollections,
+                    UseGroups,
+                    UseDirectory,
+                    UseTotp,
+                    MaxStorageGb,
+                    SelfHost);
+            }
+            else
+            {
+                throw new NotSupportedException($"Version {Version} is not supported.");
+            }
+
+            return Encoding.UTF8.GetBytes(data);
+        }
+
+        public bool VerifyData(Organization organization)
+        {
+            if(Issued > DateTime.UtcNow)
+            {
+                return false;
+            }
+
+            if(Expires < DateTime.UtcNow)
+            {
+                return false;
+            }
+
+            if(Version == 1)
+            {
+                return
+                    organization.LicenseKey.Equals(LicenseKey, StringComparison.InvariantCultureIgnoreCase) &&
+                    organization.Enabled == Enabled &&
+                    organization.PlanType == PlanType &&
+                    organization.Seats == Seats &&
+                    organization.MaxCollections == MaxCollections &&
+                    organization.UseGroups == UseGroups &&
+                    organization.UseDirectory == UseDirectory &&
+                    organization.UseTotp == UseTotp && 
+                    organization.SelfHost == SelfHost;
+            }
+            else
+            {
+                throw new NotSupportedException($"Version {Version} is not supported.");
+            }
+        }
+
+        public bool VerifySignature(X509Certificate2 certificate)
+        {
+            using(var rsa = certificate.GetRSAPublicKey())
+            {
+                return rsa.VerifyData(GetSignatureData(), SignatureBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            }
+        }
+    }
+}
--- a/src/Core/Models/Business/UserLicense.cs
+++ b/src/Core/Models/Business/UserLicense.cs
@ -0,0 +1,90 @@
+using Bit.Core.Models.Table;
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+
+namespace Bit.Core.Models.Business
+{
+    public class UserLicense : ILicense
+    {
+        public UserLicense()
+        { }
+
+        public UserLicense(User user)
+        {
+            LicenseKey = "";
+            Id = user.Id;
+            Email = user.Email;
+            Version = 1;
+        }
+
+        public string LicenseKey { get; set; }
+        public Guid Id { get; set; }
+        public string Email { get; set; }
+        public bool Premium { get; set; }
+        public short? MaxStorageGb { get; set; }
+        public int Version { get; set; }
+        public DateTime Issued { get; set; }
+        public DateTime Expires { get; set; }
+        public bool Trial { get; set; }
+        public string Signature { get; set; }
+        public byte[] SignatureBytes => Convert.FromBase64String(Signature);
+
+        public byte[] GetSignatureData()
+        {
+            string data = null;
+            if(Version == 1)
+            {
+                data = string.Format("user:{0}_{1}_{2}_{3}_{4}_{5}_{6}_{7}",
+                    Version,
+                    Utilities.CoreHelpers.ToEpocMilliseconds(Issued),
+                    Utilities.CoreHelpers.ToEpocMilliseconds(Expires),
+                    LicenseKey,
+                    Id,
+                    Email,
+                    Premium,
+                    MaxStorageGb);
+            }
+            else
+            {
+                throw new NotSupportedException($"Version {Version} is not supported.");
+            }
+
+            return Encoding.UTF8.GetBytes(data);
+        }
+
+        public bool VerifyData(User user)
+        {
+            if(Issued > DateTime.UtcNow)
+            {
+                return false;
+            }
+
+            if(Expires < DateTime.UtcNow)
+            {
+                return false;
+            }
+
+            if(Version == 1)
+            {
+                return
+                    user.LicenseKey.Equals(LicenseKey, StringComparison.InvariantCultureIgnoreCase) &&
+                    user.Premium == Premium &&
+                    user.Email.Equals(Email, StringComparison.InvariantCultureIgnoreCase);
+            }
+            else
+            {
+                throw new NotSupportedException($"Version {Version} is not supported.");
+            }
+        }
+
+        public bool VerifySignature(X509Certificate2 certificate)
+        {
+            using(var rsa = certificate.GetRSAPublicKey())
+            {
+                return rsa.VerifyData(GetSignatureData(), SignatureBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            }
+        }
+    }
+}
--- a/src/Core/Models/Table/Organization.cs
+++ b/src/Core/Models/Table/Organization.cs
@ -19,12 +19,14 @@ namespace Bit.Core.Models.Table
        public bool UseGroups { get; set; }
        public bool UseDirectory { get; set; }
        public bool UseTotp { get; set; }
+        public bool SelfHost { get; set; }
        public long? Storage { get; set; }
        public short? MaxStorageGb { get; set; }
        public GatewayType? Gateway { get; set; }
        public string GatewayCustomerId { get; set; }
        public string GatewaySubscriptionId { get; set; }
        public bool Enabled { get; set; } = true;
+        public string LicenseKey { get; set; }
        public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
        public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;

--- a/src/Core/Models/Table/User.cs
+++ b/src/Core/Models/Table/User.cs
@ -35,6 +35,7 @@ namespace Bit.Core.Models.Table
        public GatewayType? Gateway { get; set; }
        public string GatewayCustomerId { get; set; }
        public string GatewaySubscriptionId { get; set; }
+        public string LicenseKey { get; set; }
        public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
        public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;