evoleap-licensing 1.0.0.12

data/lib/evoleap_licensing/control_manager_helper.rb

@@ -0,0 +1,230 @@
+# frozen_string_literal: true
+
+require "time"
+
+module EvoleapLicensing
+  module ControlManagerHelper
+    def self.register(state)
+      initialize_state(state)
+      response = yield
+
+      if response["success"]
+        state.registered_at = Time.parse(response["first_registered_at"])
+        state.grace_period_for_validation_failures = response["validation_grace_period"]
+        state.reset_registration_failures
+        state.take_registration_params(response)
+        RegistrationResult.new(success: true)
+      else
+        state.add_registration_failure(Time.now.utc)
+        RegistrationResult.new(success: false, error_message: response["error"])
+      end
+    end
+
+    def self.validate_instance(strategy, state)
+      initialize_state(state)
+      current_time = Time.now.utc
+
+      unless state.registered?
+        return get_unregistered_instance_validity(strategy, state, current_time)
+      end
+
+      response = yield
+
+      is_server_time = false
+      if response.key?("time")
+        current_time = Time.parse(response["time"])
+        is_server_time = true
+      end
+
+      status = response["status"]
+
+      if status == ValidationStatus::SUCCESS
+        grace_period = response["validation_grace_period"].to_i
+        state.grace_period_for_validation_failures = grace_period
+        state.features = response["features"] || []
+      else
+        grace_period = state.grace_period_for_validation_failures
+      end
+
+      if status == ValidationStatus::SERVICE_UNREACHABLE || status == ValidationStatus::GENERAL_ERROR
+        get_server_unreachable_instance_validity(state, grace_period, current_time, is_server_time)
+      else
+        get_server_reached_instance_validity(state, current_time, response)
+      end
+    end
+
+    def self.validate_session(strategy, user_state, session_state, web_service_call)
+      initialize_state(user_state)
+      current_time = Time.now.utc
+
+      unless user_state.registered?
+        return get_unregistered_session_validity(strategy, user_state, current_time)
+      end
+
+      response = web_service_call.call
+
+      is_server_time = false
+      if response.key?("time")
+        current_time = Time.parse(response["time"])
+        is_server_time = true
+      end
+
+      status = response["status"]
+
+      if status == ValidationStatus::SUCCESS
+        grace_period = response["validation_grace_period"].to_i
+        user_state.grace_period_for_validation_failures = grace_period
+        user_state.features = response["features"] || []
+        session_state.update_from_session_response(response) if session_state.active? == false
+        session_state.update_from_extend_response(response) if session_state.active?
+        # Handle first session setup
+        unless session_state.active?
+          session_state.update_from_session_response(response)
+        end
+      else
+        grace_period = user_state.grace_period_for_validation_failures
+      end
+
+      if status == ValidationStatus::SERVICE_UNREACHABLE || status == ValidationStatus::GENERAL_ERROR
+        get_server_unreachable_session_validity(user_state, grace_period, current_time, is_server_time)
+      else
+        get_server_reached_session_validity(user_state, current_time, response)
+      end
+    end
+
+    # --- Private methods ---
+
+    def self.initialize_state(state)
+      state.first_launch_time ||= Time.now.utc
+    end
+    private_class_method :initialize_state
+
+    def self.get_unregistered_instance_validity(strategy, state, current_time)
+      if !ControlLogic.first_launch_time_valid?(state.first_launch_time, current_time)
+        state.number_of_failed_validation_attempts += 1
+        state.last_validation_status = ValidationStatus::USER_TAMPERING_DETECTED
+        return InstanceValidity.invalid(ValidationStatus::USER_TAMPERING_DETECTED)
+      end
+
+      if ControlLogic.time_inconsistency_detected?(state.first_launch_time, state.failed_registration_times, current_time, false)
+        state.number_of_failed_validation_attempts += 1
+        state.last_validation_status = ValidationStatus::USER_TAMPERING_DETECTED
+        return InstanceValidity.invalid(ValidationStatus::USER_TAMPERING_DETECTED)
+      end
+
+      ok, expiration = ControlLogic.in_grace_period_for_unregistered_product?(strategy, state.first_launch_time, current_time)
+      return InstanceValidity.unregistered_grace_period(expiration) if ok
+
+      state.number_of_failed_validation_attempts += 1
+      state.last_validation_status = ValidationStatus::REGISTRATION_REQUIRED
+      InstanceValidity.invalid(ValidationStatus::REGISTRATION_REQUIRED)
+    end
+    private_class_method :get_unregistered_instance_validity
+
+    def self.get_server_unreachable_instance_validity(state, grace_period, current_time, is_server_time)
+      if ControlLogic.time_inconsistency_detected?(state.last_successful_validation_time, state.failed_validation_times, current_time, is_server_time)
+        state.number_of_failed_validation_attempts += 1
+        state.last_validation_status = ValidationStatus::USER_TAMPERING_DETECTED
+        return InstanceValidity.invalid(ValidationStatus::USER_TAMPERING_DETECTED)
+      end
+
+      state.number_of_failed_validation_attempts += 1
+      state.add_validation_failure(current_time)
+
+      if state.last_successful_validation_time.nil?
+        return InstanceValidity.invalid(ValidationStatus::SERVICE_UNREACHABLE)
+      end
+
+      if state.last_validation_status == ValidationStatus::SUCCESS
+        ok, expiration = ControlLogic.in_grace_period_for_validation_failures?(
+          grace_period,
+          state.number_of_failed_validation_attempts,
+          state.last_successful_validation_time,
+          current_time
+        )
+        if ok
+          return InstanceValidity.validation_failure_grace_period(expiration)
+        end
+      end
+
+      InstanceValidity.invalid(ValidationStatus::SERVICE_UNREACHABLE)
+    end
+    private_class_method :get_server_unreachable_instance_validity
+
+    def self.get_server_reached_instance_validity(state, current_time, response)
+      state.reset_validation_failures
+      state.last_successful_validation_time = current_time
+      state.last_validation_status = response["status"]
+
+      if response["status"] == ValidationStatus::SUCCESS
+        InstanceValidity.valid
+      else
+        InstanceValidity.invalid(response["status"])
+      end
+    end
+    private_class_method :get_server_reached_instance_validity
+
+    def self.get_unregistered_session_validity(strategy, state, current_time)
+      if !ControlLogic.first_launch_time_valid?(state.first_launch_time, current_time)
+        state.number_of_failed_validation_attempts += 1
+        state.last_validation_status = ValidationStatus::USER_TAMPERING_DETECTED
+        return SessionValidity.invalid(ValidationStatus::USER_TAMPERING_DETECTED)
+      end
+
+      if ControlLogic.time_inconsistency_detected?(state.first_launch_time, state.failed_registration_times, current_time, false)
+        state.number_of_failed_validation_attempts += 1
+        state.last_validation_status = ValidationStatus::USER_TAMPERING_DETECTED
+        return SessionValidity.invalid(ValidationStatus::USER_TAMPERING_DETECTED)
+      end
+
+      ok, expiration = ControlLogic.in_grace_period_for_unregistered_product?(strategy, state.first_launch_time, current_time)
+      return SessionValidity.unregistered_grace_period(expiration) if ok
+
+      state.number_of_failed_validation_attempts += 1
+      state.last_validation_status = ValidationStatus::REGISTRATION_REQUIRED
+      SessionValidity.invalid(ValidationStatus::REGISTRATION_REQUIRED)
+    end
+    private_class_method :get_unregistered_session_validity
+
+    def self.get_server_unreachable_session_validity(state, grace_period, current_time, is_server_time)
+      if ControlLogic.time_inconsistency_detected?(state.last_successful_validation_time, state.failed_validation_times, current_time, is_server_time)
+        state.number_of_failed_validation_attempts += 1
+        state.last_validation_status = ValidationStatus::USER_TAMPERING_DETECTED
+        return SessionValidity.invalid(ValidationStatus::USER_TAMPERING_DETECTED)
+      end
+
+      state.number_of_failed_validation_attempts += 1
+      state.add_validation_failure(current_time)
+
+      if state.last_successful_validation_time.nil?
+        return SessionValidity.invalid(ValidationStatus::SERVICE_UNREACHABLE)
+      end
+
+      if state.last_validation_status == ValidationStatus::SUCCESS
+        ok, expiration = ControlLogic.in_grace_period_for_validation_failures?(
+          grace_period,
+          state.number_of_failed_validation_attempts,
+          state.last_successful_validation_time,
+          current_time
+        )
+        return SessionValidity.validation_failure_grace_period(expiration) if ok
+      end
+
+      SessionValidity.invalid(ValidationStatus::SERVICE_UNREACHABLE)
+    end
+    private_class_method :get_server_unreachable_session_validity
+
+    def self.get_server_reached_session_validity(state, current_time, response)
+      state.reset_validation_failures
+      state.last_successful_validation_time = current_time
+      state.last_validation_status = response["status"]
+
+      if response["status"] == ValidationStatus::SUCCESS
+        SessionValidity.valid(duration: response["session_duration"])
+      else
+        SessionValidity.invalid(response["status"])
+      end
+    end
+    private_class_method :get_server_reached_session_validity
+  end
+end

data/lib/evoleap_licensing/control_strategy.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class ControlStrategy
+    attr_accessor :grace_period_for_unregistered_product, :start_session_for_expired_session
+
+    def initialize(grace_period_for_unregistered_product: 0, start_session_for_expired_session: false)
+      @grace_period_for_unregistered_product = grace_period_for_unregistered_product
+      @start_session_for_expired_session = start_session_for_expired_session
+    end
+
+    def self.default
+      new
+    end
+  end
+end

data/lib/evoleap_licensing/encryption_handler.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require "openssl"
+require "base64"
+require "json"
+
+module EvoleapLicensing
+  module EncryptionHandler
+    def self.encrypt_payload(params, rsa_cipher)
+      aes = OpenSSL::Cipher::AES.new(128, :CBC)
+      aes.encrypt
+      aes_key = aes.random_key
+      iv = aes.random_iv
+
+      encrypted_aes_key = rsa_cipher.public_encrypt(aes_key)
+      encrypted_params = aes.update(params.to_json) + aes.final
+
+      final = []
+      final += encrypted_aes_key.bytes
+      final.push(0) # padding
+      final += iv.bytes
+      final.push(0) # padding
+      final += encrypted_params.bytes
+
+      encoded = Base64.strict_encode64(final.pack("C*"))
+      [aes_key, iv, encoded]
+    end
+
+    def self.decrypt_response(body, aes_key, aes_iv)
+      aes = OpenSSL::Cipher::AES.new(128, :CBC)
+      aes.decrypt
+      aes.key = aes_key
+      aes.iv = aes_iv
+      bytes = Base64.decode64(body)
+      aes.update(bytes) + aes.final
+    end
+
+    def self.rsa_key(public_key)
+      OpenSSL::PKey::RSA.new(public_key.strip)
+    end
+  end
+end

data/lib/evoleap_licensing/errors.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class Error < StandardError; end
+  class ConfigurationError < Error; end
+  class NotRegisteredError < Error; end
+  class NoActiveSessionError < Error; end
+  class ReentrancyError < Error; end
+end

data/lib/evoleap_licensing/identity/instance_identity.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class InstanceIdentity
+    attr_reader :data
+
+    def initialize(data = {})
+      @data = data.transform_keys(&:to_s)
+    end
+
+    def add(key, value)
+      @data[key.to_s] = value
+      self
+    end
+
+    def [](key)
+      @data[key.to_s]
+    end
+
+    def to_api_format
+      @data.map { |k, v| { "key" => k, "value" => v.to_s } }
+    end
+
+    def to_h
+      @data.dup
+    end
+
+    def self.from_hardware
+      identity = new
+      info = PlatformInfo.get_info
+      info.each { |k, v| identity.add(k, v.is_a?(Array) ? v.join(",") : v) }
+      identity
+    end
+
+    def self.from_hash(hash)
+      new(hash)
+    end
+  end
+end

data/lib/evoleap_licensing/identity/user_identity.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class UserIdentity
+    attr_reader :data
+
+    def initialize(data = {})
+      @data = data.transform_keys(&:to_s)
+    end
+
+    def add(key, value)
+      @data[key.to_s] = value
+      self
+    end
+
+    def [](key)
+      @data[key.to_s]
+    end
+
+    def to_api_format
+      @data.map { |k, v| { "key" => k, "value" => v.to_s } }
+    end
+
+    def to_h
+      @data.dup
+    end
+
+    def self.from_hash(hash)
+      new(hash)
+    end
+  end
+end

data/lib/evoleap_licensing/platform_info.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require "socket"
+
+module EvoleapLicensing
+  module PlatformInfo
+    def self.architecture
+      RUBY_PLATFORM
+    end
+
+    def self.mac_addresses
+      case RUBY_PLATFORM
+      when /linux/
+        read_linux_mac_addresses
+      when /darwin/
+        read_mac_mac_addresses
+      when /mswin|mingw/
+        read_windows_mac_addresses
+      else
+        []
+      end
+    rescue StandardError
+      []
+    end
+
+    def self.hostname
+      Socket.gethostname
+    rescue StandardError
+      nil
+    end
+
+    def self.ip_address
+      Socket.ip_address_list
+        .select { |addr| addr.ipv4? && !addr.ipv4_loopback? }
+        .first&.ip_address
+    rescue StandardError
+      nil
+    end
+
+    def self.get_info
+      info = {}
+      merge_if_available(info, :architecture) { architecture }
+      merge_if_available(info, :mac_addresses) { mac_addresses }
+      merge_if_available(info, :hostname) { hostname }
+      merge_if_available(info, :ip_address) { ip_address }
+      info
+    end
+
+    def self.merge_if_available(hash, key)
+      value = yield
+      hash[key] = value if value && !(value.respond_to?(:empty?) && value.empty?)
+    rescue StandardError
+      # Skip unavailable info
+    end
+    private_class_method :merge_if_available
+
+    def self.read_linux_mac_addresses
+      Dir.glob("/sys/class/net/*/address").filter_map do |path|
+        addr = File.read(path).strip
+        addr unless addr == "00:00:00:00:00:00"
+      end
+    end
+    private_class_method :read_linux_mac_addresses
+
+    def self.read_mac_mac_addresses
+      `ifconfig 2>/dev/null`.scan(/ether\s+([0-9a-f:]+)/i).flatten
+    end
+    private_class_method :read_mac_mac_addresses
+
+    def self.read_windows_mac_addresses
+      `getmac /fo csv /nh 2>nul`.scan(/([0-9A-F-]{17})/i).flatten
+    end
+    private_class_method :read_windows_mac_addresses
+  end
+end

data/lib/evoleap_licensing/results/component_checkin_result.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class ComponentCheckinResult
+    attr_reader :failure_reason
+
+    def initialize(success:, failure_reason: nil)
+      @success = success
+      @failure_reason = failure_reason
+    end
+
+    def success?
+      @success
+    end
+  end
+end

data/lib/evoleap_licensing/results/component_checkout_result.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class ComponentCheckoutResult
+    attr_reader :failure_reason, :components, :component_entitlements
+
+    def initialize(success:, failure_reason: nil, components: [], component_entitlements: [])
+      @success = success
+      @failure_reason = failure_reason
+      @components = components
+      @component_entitlements = component_entitlements
+    end
+
+    def success?
+      @success
+    end
+  end
+end

data/lib/evoleap_licensing/results/components_status.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class ComponentsStatus
+    attr_reader :components, :component_entitlements, :error_message
+
+    def initialize(success:, components: [], component_entitlements: [], error_message: nil)
+      @success = success
+      @components = components
+      @component_entitlements = component_entitlements
+      @error_message = error_message
+    end
+
+    def success?
+      @success
+    end
+  end
+end

data/lib/evoleap_licensing/results/instance_validity.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class InstanceValidity
+    attr_reader :invalid_reason, :grace_period_expiration
+
+    def initialize(valid:, invalid_reason: nil,
+                   in_validation_failure_grace_period: false,
+                   in_unregistered_grace_period: false,
+                   grace_period_expiration: nil)
+      @valid = valid
+      @invalid_reason = invalid_reason
+      @in_validation_failure_grace_period = in_validation_failure_grace_period
+      @in_unregistered_grace_period = in_unregistered_grace_period
+      @grace_period_expiration = grace_period_expiration
+    end
+
+    def valid?
+      @valid
+    end
+
+    def in_validation_failure_grace_period?
+      @in_validation_failure_grace_period
+    end
+
+    def in_unregistered_grace_period?
+      @in_unregistered_grace_period
+    end
+
+    def self.invalid(reason)
+      new(valid: false, invalid_reason: InvalidReason.from_validation_status(reason))
+    end
+
+    def self.valid
+      new(valid: true)
+    end
+
+    def self.unregistered_grace_period(expiration)
+      new(valid: true, in_unregistered_grace_period: true, grace_period_expiration: expiration)
+    end
+
+    def self.validation_failure_grace_period(expiration)
+      new(valid: true, in_validation_failure_grace_period: true, grace_period_expiration: expiration)
+    end
+  end
+end

data/lib/evoleap_licensing/results/license_info.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class LicenseInfo
+    attr_reader :owner_name, :owner_logo_url, :expiry, :error_message
+
+    def initialize(success:, owner_name: nil, owner_logo_url: nil, expiry: nil, error_message: nil)
+      @success = success
+      @owner_name = owner_name
+      @owner_logo_url = owner_logo_url
+      @expiry = expiry
+      @error_message = error_message
+    end
+
+    def success?
+      @success
+    end
+  end
+end

data/lib/evoleap_licensing/results/registration_result.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class RegistrationResult
+    attr_reader :error_message
+
+    def initialize(success:, error_message: nil)
+      @success = success
+      @error_message = error_message
+    end
+
+    def success?
+      @success
+    end
+  end
+end

data/lib/evoleap_licensing/results/session_validity.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class SessionValidity
+    attr_reader :invalid_reason, :validity_duration, :grace_period_expiration
+
+    def initialize(valid:, invalid_reason: nil, validity_duration: nil,
+                   in_validation_failure_grace_period: false,
+                   in_unregistered_grace_period: false,
+                   grace_period_expiration: nil)
+      @valid = valid
+      @invalid_reason = invalid_reason
+      @validity_duration = validity_duration
+      @in_validation_failure_grace_period = in_validation_failure_grace_period
+      @in_unregistered_grace_period = in_unregistered_grace_period
+      @grace_period_expiration = grace_period_expiration
+    end
+
+    def valid?
+      @valid
+    end
+
+    def in_validation_failure_grace_period?
+      @in_validation_failure_grace_period
+    end
+
+    def in_unregistered_grace_period?
+      @in_unregistered_grace_period
+    end
+
+    def self.invalid(reason)
+      new(valid: false, invalid_reason: InvalidReason.from_validation_status(reason))
+    end
+
+    def self.valid(duration: nil)
+      new(valid: true, validity_duration: duration)
+    end
+
+    def self.unregistered_grace_period(expiration)
+      new(valid: true, in_unregistered_grace_period: true, grace_period_expiration: expiration)
+    end
+
+    def self.validation_failure_grace_period(expiration)
+      new(valid: true, in_validation_failure_grace_period: true, grace_period_expiration: expiration)
+    end
+  end
+end

data/lib/evoleap_licensing/server_control_manager.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module EvoleapLicensing
+  class ServerControlManager
+    attr_reader :product_id, :version, :public_key, :strategy, :server_state
+
+    def initialize(product_id:, version:, public_key:, strategy: nil, server_state: nil)
+      @product_id = product_id
+      @version = version
+      @public_key = public_key
+      @strategy = strategy || ControlStrategy.default
+      @server_state = server_state || ServerState.new
+      @client = WebClient.new
+    end
+
+    # Register the server instance with the licensing service.
+    # Returns a RegistrationResult.
+    def register(license_key:, instance_identity:)
+      ControlManagerHelper.register(@server_state) do
+        WebService.register_instance(
+          product_id: @product_id,
+          license_key: license_key,
+          hardware_identity: instance_identity.to_api_format,
+          public_key: @public_key,
+          client: @client
+        )
+      end
+    end
+
+    # Validate the server instance against the licensing service.
+    # Returns an InstanceValidity.
+    def validate_instance(instance_identity:)
+      ControlManagerHelper.validate_instance(@strategy, @server_state) do
+        WebService.validate_instance(
+          product_id: @product_id,
+          instance_id: @server_state.instance_guid,
+          version: @version,
+          hardware_identity: instance_identity.to_api_format,
+          public_key: @public_key,
+          client: @client
+        )
+      end
+    end
+
+    # For testing: allow injecting a custom web client
+    def web_client=(client)
+      @client = client
+    end
+  end
+end