-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(license): implement license validation
Signed-off-by: sahil <sahilraja242@gmail.com>
- Loading branch information
Showing
8 changed files
with
230 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,142 @@ | ||
package license | ||
|
||
import "github.com/golang-jwt/jwt" | ||
import ( | ||
"errors" | ||
"github.com/accuknox/auto-policy-discovery/src/cluster" | ||
"github.com/golang-jwt/jwt" | ||
"github.com/mervick/aes-everywhere/go/aes256" | ||
"github.com/rs/zerolog/log" | ||
"k8s.io/client-go/kubernetes" | ||
"strings" | ||
) | ||
|
||
var privateKey = []byte("-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZRSpD6aSjfkeH\nUQv5gPzMw3jPf7izocKLsK9EDQrFFUlsosDMwklGHb9sRXR+sR0mLuzbV4r3KWCZ\ncdI57FiFL3N+7MLHCEKW0BmlddAItqgVqvD9hd6r7pZonC0Jlmw2fSPlSLdNuKov\nZf1wX3NK4dqDZ0o7X4rQvJ/15mL/q6f4BvIQ2ay4LtXl72V+xGl5HNb/aAIjMnkt\nTKSF5Bhmfwh/G1O6Qtm1R/dT/WpAqfwWQlXRoUCOzsSAsQDaQ5OQOkRAWGH9CXVg\n645PHfYssAMGpEGS/GcI6kDaZXJ5nO9mVAFkmmi1cGZ/Y+CVYj5n8bBAiXoOpfnb\nrdgSPqllAgMBAAECggEAHEIYZ+pOsTv2miUioVITLx+aSiSStXxLtQbnGLr4hF8L\nJG+7kzYOuSmb0L1s1CB9ic6PHE0TxCczyulIniN89N+RzjeFcsUCgiJxP3ml88gr\n7tuDifm8FxEKK3NqkSVpECIxBbxyKM/khJMnhhLICDx9Qttvhm7b+1+ZD26mQBnK\nJCCXCc0LocXL1shfy9ot4rKjF+lbkd2zC6NorQDfCl4eMaWZZuNjNdeaRSzsWn+u\nJVA3HjAdUTzvZBPHCFTvqbwWJ1/IGEc2FiQhrIHLy2ZJ+HjcQh3/HkDfS8PHQ6WZ\nU3GA51Ulu380DW0ZSeoQn+IlLkJ3RIaDXph4BF6V0QKBgQD6DlmEMpT8rsnDljH1\noly5Sy45T7RxG4EYsD2q3/kyEaJSJkyz5/bc0OCiD3m2+ub2G8561hu2opKLkFgf\nk60q82EDS7nupmMUbuioAT2Z/107fs+uGGb8GRkqLSBCdHlqDXyJqw/H530J082B\nuZokmd0/FCiOnvzy8XcU3wNF8QKBgQDeb047d6fS0E9zju6beHvJ5FlJelFk8ubF\no7StRmTV2c8oYIRZc+wSesP/r4ipmLLtrmV0z4e+/y+7ZcJNdiHB/tVtgwLDnekn\nvjgYTHc5twhzKHLFlz5CoatVrvjyMqiy4mil1scfIxVKhqgIC66tE7KLk2t/jDqa\niPCEiiOWtQKBgQDxOxawqfuBKT4MKcFYrqG1QAn/0BzLYTVRk/Rp/FhzLP/jMH+e\nr5E/xWJv9W3+UF6v3nN7nUJvFrc5XK8nB1hvrwtQGqXszSeYdsaMDWZYQjq3Qscn\ntPLlEXFtdstAUQ0weoJCbXxz5aaC7Im9NEi4NpdyWwglTsvHs5qlz99ggQKBgD7V\ncGMKFQVPRPJe0PZoHYfVkodYH0AGAbyY1wQPm5JxWbyNLzXZsjkyJsXGfzNxaDIO\nDqjlqvIAQiqMv0uEcFrNstqhpJk/tUo9yLjMeO17z85AAdPhOnw2ESE+MSKxvsfx\nfyBBwLQCBBSuXy8OpcRMiSY2eappIXDf+BlosE71AoGBAIT3eGRR61+oRMIceYih\nL/TAMwmS4ZVNANrMhMw6U7Qy6myfnyUacXeY2GGJhWseYS6LhEI5kjYD+W1v7hK1\nbN0VkBMLpc3Y5w/FMpfUvE9X1lWzHZucVWw7LHWVnjgPdWlf23m11NujrPPab+9N\ndTLggo4D7JL2dfoXhr3U9O/A\n-----END PRIVATE KEY-----\n") | ||
|
||
type ConfigLicense struct { | ||
k8sClient *kubernetes.Clientset | ||
} | ||
|
||
type License struct { | ||
UserId string | ||
Key string | ||
UserId string | ||
Key string | ||
PlatformUUID string | ||
} | ||
|
||
var cfg *ConfigLicense | ||
var Tkn *Token | ||
|
||
func InitializeConfig(k8sClient *kubernetes.Clientset) { | ||
cfg = &ConfigLicense{k8sClient: k8sClient} | ||
} | ||
|
||
func CheckLicenseSecret() error { | ||
log.Info().Msgf("fetching license secrets to validate discovery-engine licensing") | ||
secret, err := cluster.GetSecrets(cfg.k8sClient, "app:discovery-engine") | ||
if err != nil { | ||
log.Error().Msgf("error while fetching secrets for discovery engine licensing, error: %s", err.Error()) | ||
return err | ||
} | ||
if secret == nil { | ||
return nil | ||
} | ||
|
||
l := &License{ | ||
UserId: secret.StringData["user-id"], | ||
Key: secret.StringData["key"], | ||
} | ||
err = l.ValidateLicense() | ||
|
||
if err != nil { | ||
log.Error().Msgf("error while validating license retrieved through secrets, error: %s", err.Error()) | ||
return err | ||
} | ||
log.Info().Msgf("license validation successfully for user-id: %s with key: %s", l.UserId, l.Key) | ||
return nil | ||
} | ||
|
||
func (l *License) ValidateLicense() error { | ||
var err error | ||
|
||
l.PlatformUUID, err = cfg.getKubeSystemUUID() | ||
if err != nil { | ||
log.Error().Msgf("error while fetching uuid of kube-system namespace, error: %s", err.Error()) | ||
return err | ||
} | ||
|
||
decryptedKey, err := decryptKey(l.Key, l.PlatformUUID) | ||
if err != nil { | ||
log.Error().Msgf("error while decrypting license key, error: %s", err.Error()) | ||
return err | ||
} | ||
|
||
Tkn, err = validateToken(decryptedKey) | ||
if err != nil { | ||
log.Error().Msgf("error while validating jwt token") | ||
return err | ||
} | ||
|
||
log.Info().Msgf("license validation successfully for user: %s with license key: %s", l.UserId, l.Key) | ||
|
||
secret, err := cluster.CreateLicenseSecret(cfg.k8sClient, l.Key, l.UserId) | ||
if err != nil { | ||
log.Error().Msgf("error while creating secret for discovery engine license, error: %s", err.Error()) | ||
return err | ||
} | ||
|
||
log.Info().Msgf("secret created for discovery engine license with name: %s and uuid: %d", secret.GetName(), secret.GetUID()) | ||
return nil | ||
} | ||
|
||
func (cfg *ConfigLicense) getKubeSystemUUID() (string, error) { | ||
uuid, err := cluster.GetKubeSystemUUID(cfg.k8sClient) | ||
if err != nil { | ||
log.Error().Msgf("error while fetching uuid of kube-system namespace, error: %s", err.Error()) | ||
return "", err | ||
} | ||
return uuid, nil | ||
} | ||
|
||
func decryptKey(key string, platformUUID string) (string, error) { | ||
decryptedKey := aes256.Decrypt(key, platformUUID) | ||
tokenSplit := strings.Split(decryptedKey, ".") | ||
if len(tokenSplit) != 3 { | ||
log.Error().Msgf("invalid licence key") | ||
return "", errors.New("invalid license key") | ||
} | ||
return decryptedKey, nil | ||
} | ||
|
||
type Token struct { | ||
jwt.Claims | ||
jwt *jwt.Token | ||
claims *jwt.MapClaims | ||
} | ||
|
||
func (t *Token) ValidateToken() error { | ||
return nil | ||
func validateToken(decryptedKey string) (*Token, error) { | ||
|
||
claims := jwt.MapClaims{} | ||
|
||
jwtToken, err := jwt.ParseWithClaims(decryptedKey, claims, func(token *jwt.Token) (interface{}, error) { | ||
log.Info().Msgf("Signature: %v", token.Header) | ||
return privateKey, nil | ||
}) | ||
if err != nil { | ||
log.Error().Msgf("error while parsing jwt token, error: %s", err.Error()) | ||
return nil, err | ||
} | ||
return &Token{ | ||
jwt: jwtToken, | ||
claims: &claims, | ||
}, nil | ||
} | ||
|
||
func checkUserID(c *jwt.Claims) bool { | ||
func (t *Token) checkUserID() bool { | ||
return false | ||
} | ||
|
||
func getFeatures(c *jwt.Claims) []string { | ||
func (t *Token) getFeatures() []string { | ||
return nil | ||
} | ||
|
||
func WatchFeatures(features []string, expTime string) error { | ||
return nil | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.