78 lines
3.4 KiB
JavaScript
78 lines
3.4 KiB
JavaScript
"use strict";
|
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.RSALicenseValidator = void 0;
|
|
const crypto_1 = __importDefault(require("crypto"));
|
|
const Result_1 = require("../../../../shared/domain/Result");
|
|
const UniqueId_1 = require("../../../../shared/domain/UniqueId");
|
|
const License_1 = require("../../domain/entities/License");
|
|
const LicensePlan_1 = require("../../domain/value-objects/LicensePlan");
|
|
// Public key used to verify license signatures.
|
|
// The corresponding private key is kept secret (used only by generate-license.ts).
|
|
const PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
|
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2a2rwplBQLzHPZe5TNJF
|
|
EhkFwUEkMvbzXuRSxW98hGxMgrHPKGLJgNw0qFsLQmhDSmVvnrwYE2vCy2Dgm7Qj
|
|
7WKFqbZFkVDe8cROZ9K7rQmn0BqckmJbkm2SJnzYL9e9z6b5R8r5w2r5Q2HZFN7
|
|
6B3dKCHWHxhyE3N8MCJSN7qBZ7kX8fJqBwBxQL6bZbGP2O5bXrZpFw3xKyGJ5t
|
|
vZ9eTuD4JhKJbZbGJ3Q5Q5nNbm3nXY5z9WbBxFbRLYGJbQ7E8mSYnKJZkJzYM
|
|
TmOxJbKtJz5mJ9Q7rBxBxLYGJmQtZmKtXZ5t9WbBxFbRLYGJbQ7E8mSYnKJZk
|
|
JwIDAQAB
|
|
-----END PUBLIC KEY-----`;
|
|
class RSALicenseValidator {
|
|
constructor(publicKeyPem) {
|
|
const pem = publicKeyPem ?? PUBLIC_KEY;
|
|
this.publicKey = crypto_1.default.createPublicKey(pem);
|
|
}
|
|
async validate(licenseKey) {
|
|
try {
|
|
// License key format: base64(payload_json).base64(signature)
|
|
const parts = licenseKey.trim().split('.');
|
|
if (parts.length !== 2) {
|
|
return (0, Result_1.Err)('Invalid license key format');
|
|
}
|
|
const [payloadB64, signatureB64] = parts;
|
|
let payloadJson;
|
|
let rawPayload;
|
|
try {
|
|
payloadJson = Buffer.from(payloadB64, 'base64').toString('utf-8');
|
|
rawPayload = JSON.parse(payloadJson);
|
|
}
|
|
catch {
|
|
return (0, Result_1.Err)('Invalid license key: cannot decode payload');
|
|
}
|
|
const signature = Buffer.from(signatureB64, 'base64');
|
|
const isValid = crypto_1.default.verify('sha256', Buffer.from(payloadJson, 'utf-8'), this.publicKey, signature);
|
|
if (!isValid) {
|
|
return (0, Result_1.Err)('Invalid license key: signature verification failed');
|
|
}
|
|
let plan;
|
|
try {
|
|
plan = LicensePlan_1.LicensePlan.fromString(rawPayload.plan);
|
|
}
|
|
catch {
|
|
return (0, Result_1.Err)(`Invalid plan in license: ${rawPayload.plan}`);
|
|
}
|
|
const expiresAt = rawPayload.expiresAt ? new Date(rawPayload.expiresAt) : null;
|
|
if (expiresAt && expiresAt < new Date()) {
|
|
return (0, Result_1.Err)('License has expired');
|
|
}
|
|
const license = License_1.License.reconstitute({
|
|
plan,
|
|
organizationName: rawPayload.organizationName,
|
|
email: rawPayload.email,
|
|
issuedAt: new Date(rawPayload.issuedAt),
|
|
expiresAt,
|
|
signature: signatureB64,
|
|
rawKey: licenseKey,
|
|
}, UniqueId_1.UniqueId.create());
|
|
return (0, Result_1.Ok)(license);
|
|
}
|
|
catch (err) {
|
|
return (0, Result_1.Err)(`License validation error: ${String(err)}`);
|
|
}
|
|
}
|
|
}
|
|
exports.RSALicenseValidator = RSALicenseValidator;
|