gitlab-license-plain 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5b42bef9bfea6e3ae767ae96c24ee93c2bf67a05252afd7a7e935800b6bfbaa9
+  data.tar.gz: d22767967ed75302255cbfd29e1839217135163e2193ca3ae3fa92cda1ca1128
+SHA512:
+  metadata.gz: c55b971d50997b23048ef582ebbe725b039bacf160a54e68f0b93bdcbe91b2091c0e9239a9344def9ea89ff458280900d9b249452f35779ea5bc8b2ee0665651
+  data.tar.gz: 5db2778d58dd8c440163da50cb0b95a2a448ebb87380abf39f4d7eda912a48b3ba416e8240e86210ede6ccd94198556017e9f7cc126c4c06d525e38a28a3cf74

data/lib/gitlab/license/boundary.rb

@@ -0,0 +1,40 @@
+module Gitlab
+  class License
+    module Boundary
+      BOUNDARY_START  = /(\A|\r?\n)-*BEGIN .+? LICENSE-*\r?\n/.freeze
+      BOUNDARY_END    = /\r?\n-*END .+? LICENSE-*(\r?\n|\z)/.freeze
+
+      class << self
+        def add_boundary(data, product_name)
+          data = remove_boundary(data)
+
+          product_name.upcase!
+
+          pad = lambda do |message, width|
+            total_padding = [width - message.length, 0].max
+
+            padding = total_padding / 2.0
+            [
+              '-' * padding.ceil,
+              message,
+              '-' * padding.floor
+            ].join
+          end
+
+          [
+            pad.call("BEGIN #{product_name} LICENSE", 60),
+            data.strip,
+            pad.call("END #{product_name} LICENSE", 60)
+          ].join("\n")
+        end
+
+        def remove_boundary(data)
+          after_boundary  = data.split(BOUNDARY_START).last
+          in_boundary     = after_boundary.split(BOUNDARY_END).first
+
+          in_boundary
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/license/encryptor.rb

@@ -0,0 +1,92 @@
+module Gitlab
+  class License
+    class Encryptor
+      class Error < StandardError; end
+      class KeyError < Error; end
+      class DecryptionError < Error; end
+
+      attr_accessor :key
+
+      def initialize(key)
+        raise KeyError, 'No RSA encryption key provided.' if key && !key.is_a?(OpenSSL::PKey::RSA)
+
+        @key = key
+      end
+
+      def encrypt(data)
+        raise KeyError, 'Provided key is not a private key.' unless key.private?
+
+        # Encrypt the data using symmetric AES encryption.
+        cipher = OpenSSL::Cipher::AES128.new(:CBC)
+        cipher.encrypt
+        aes_key = cipher.random_key
+        aes_iv  = cipher.random_iv
+
+        encrypted_data = cipher.update(data) + cipher.final
+
+        # Encrypt the AES key using asymmetric RSA encryption.
+        encrypted_key = key.private_encrypt(aes_key)
+
+        encryption_data = {
+          'data' => Base64.encode64(encrypted_data),
+          'key' => Base64.encode64(encrypted_key),
+          'iv' => Base64.encode64(aes_iv)
+        }
+
+        json_data = JSON.dump(encryption_data)
+        Base64.encode64(json_data)
+      end
+
+      def decrypt(data)
+        raise KeyError, 'Provided key is not a public key.' unless key.public?
+
+        json_data = Base64.decode64(data.chomp)
+
+        begin
+          encryption_data = JSON.parse(json_data)
+        rescue JSON::ParserError
+          raise DecryptionError, 'Encryption data is invalid JSON.'
+        end
+
+        unless %w[data key iv].all? { |key| encryption_data[key] }
+          raise DecryptionError, 'Required field missing from encryption data.'
+        end
+
+        encrypted_data  = Base64.decode64(encryption_data['data'])
+        encrypted_key   = Base64.decode64(encryption_data['key'])
+        aes_iv          = Base64.decode64(encryption_data['iv'])
+
+        begin
+          # Decrypt the AES key using asymmetric RSA encryption.
+          aes_key = self.key.public_decrypt(encrypted_key)
+        rescue OpenSSL::PKey::RSAError
+          raise DecryptionError, 'AES encryption key could not be decrypted.'
+        end
+
+        # Decrypt the data using symmetric AES encryption.
+        cipher = OpenSSL::Cipher::AES128.new(:CBC)
+        cipher.decrypt
+
+        begin
+          cipher.key = aes_key
+        rescue OpenSSL::Cipher::CipherError
+          raise DecryptionError, 'AES encryption key is invalid.'
+        end
+
+        begin
+          cipher.iv = aes_iv
+        rescue OpenSSL::Cipher::CipherError
+          raise DecryptionError, 'AES IV is invalid.'
+        end
+
+        begin
+          data = cipher.update(encrypted_data) + cipher.final
+        rescue OpenSSL::Cipher::CipherError
+          raise DecryptionError, 'Data could not be decrypted.'
+        end
+
+        data
+      end
+    end
+  end
+end

data/lib/gitlab/license/version.rb

@@ -0,0 +1,5 @@
+module Gitlab
+  class License
+    VERSION = '1.0.0'.freeze
+  end
+end

data/lib/gitlab/license.rb

@@ -0,0 +1,260 @@
+require 'openssl'
+require 'date'
+require 'json'
+require 'base64'
+
+require 'gitlab/license/version'
+require 'gitlab/license/encryptor'
+require 'gitlab/license/boundary'
+
+module Gitlab
+  class License
+    class Error < StandardError; end
+    class ImportError < Error; end
+    class ValidationError < Error; end
+
+    class << self
+      attr_reader :encryption_key
+      @encryption_key = nil
+
+      def encryption_key=(key)
+        raise ArgumentError, 'No RSA encryption key provided.' if key && !key.is_a?(OpenSSL::PKey::RSA)
+
+        @encryption_key = key
+        @encryptor = nil
+      end
+
+      def encryptor
+        @encryptor ||= Encryptor.new(encryption_key)
+      end
+
+      def import(data)
+        raise ImportError, 'No license data.' if data.nil?
+
+        begin
+          attributes = JSON.parse(data)
+        rescue JSON::ParseError
+          raise ImportError, 'License data is invalid JSON.'
+        end
+
+        new(attributes)
+      end
+    end
+
+    attr_reader :version
+    attr_accessor :licensee, :starts_at, :expires_at, :notify_admins_at,
+                  :notify_users_at, :block_changes_at, :last_synced_at, :next_sync_at,
+                  :activated_at, :restrictions, :cloud_licensing_enabled,
+                  :offline_cloud_licensing_enabled, :auto_renew_enabled, :seat_reconciliation_enabled,
+                  :operational_metrics_enabled, :generated_from_customers_dot
+
+    alias_method :issued_at, :starts_at
+    alias_method :issued_at=, :starts_at=
+
+    def initialize(attributes = {})
+      load_attributes(attributes)
+    end
+
+    def valid?
+      if !licensee || !licensee.is_a?(Hash) || licensee.empty?
+        false
+      elsif !starts_at || !starts_at.is_a?(Date)
+        false
+      elsif expires_at && !expires_at.is_a?(Date)
+        false
+      elsif notify_admins_at && !notify_admins_at.is_a?(Date)
+        false
+      elsif notify_users_at && !notify_users_at.is_a?(Date)
+        false
+      elsif block_changes_at && !block_changes_at.is_a?(Date)
+        false
+      elsif last_synced_at && !last_synced_at.is_a?(DateTime)
+        false
+      elsif next_sync_at && !next_sync_at.is_a?(DateTime)
+        false
+      elsif activated_at && !activated_at.is_a?(DateTime)
+        false
+      elsif restrictions && !restrictions.is_a?(Hash)
+        false
+      elsif !cloud_licensing? && offline_cloud_licensing?
+        false
+      else
+        true
+      end
+    end
+
+    def validate!
+      raise ValidationError, 'License is invalid' unless valid?
+    end
+
+    def will_expire?
+      expires_at
+    end
+
+    def will_notify_admins?
+      notify_admins_at
+    end
+
+    def will_notify_users?
+      notify_users_at
+    end
+
+    def will_block_changes?
+      block_changes_at
+    end
+
+    def will_sync?
+      next_sync_at
+    end
+
+    def activated?
+      activated_at
+    end
+
+    def expired?
+      will_expire? && Date.today >= expires_at
+    end
+
+    def notify_admins?
+      will_notify_admins? && Date.today >= notify_admins_at
+    end
+
+    def notify_users?
+      will_notify_users? && Date.today >= notify_users_at
+    end
+
+    def block_changes?
+      will_block_changes? && Date.today >= block_changes_at
+    end
+
+    def cloud_licensing?
+      cloud_licensing_enabled == true
+    end
+
+    def offline_cloud_licensing?
+      offline_cloud_licensing_enabled == true
+    end
+
+    def auto_renew?
+      auto_renew_enabled == true
+    end
+
+    def seat_reconciliation?
+      seat_reconciliation_enabled == true
+    end
+
+    def operational_metrics?
+      operational_metrics_enabled == true
+    end
+
+    def generated_from_customers_dot?
+      generated_from_customers_dot == true
+    end
+
+    def restricted?(key = nil)
+      if key
+        restricted? && restrictions.has_key?(key)
+      else
+        restrictions && restrictions.length >= 1
+      end
+    end
+
+    def attributes
+      hash = {}
+
+      hash['version'] = version
+      hash['licensee'] = licensee
+
+      # `issued_at` is the legacy name for starts_at.
+      # TODO: Move to starts_at in a next version.
+      hash['issued_at'] = starts_at
+      hash['expires_at'] = expires_at if will_expire?
+
+      hash['notify_admins_at'] = notify_admins_at if will_notify_admins?
+      hash['notify_users_at'] = notify_users_at if will_notify_users?
+      hash['block_changes_at'] = block_changes_at if will_block_changes?
+
+      hash['next_sync_at'] = next_sync_at if will_sync?
+      hash['last_synced_at'] = last_synced_at if will_sync?
+      hash['activated_at'] = activated_at if activated?
+
+      hash['cloud_licensing_enabled'] = cloud_licensing?
+      hash['offline_cloud_licensing_enabled'] = offline_cloud_licensing?
+      hash['auto_renew_enabled'] = auto_renew?
+      hash['seat_reconciliation_enabled'] = seat_reconciliation?
+      hash['operational_metrics_enabled'] = operational_metrics?
+
+      hash['generated_from_customers_dot'] = generated_from_customers_dot?
+
+      hash['restrictions'] = restrictions if restricted?
+
+      hash
+    end
+
+    def to_json(*_args)
+      JSON.dump(attributes)
+    end
+
+    def export(boundary: nil)
+      validate!
+
+      data = self.class.encryptor.encrypt(to_json)
+
+      data = Boundary.add_boundary(data, boundary) if boundary
+
+      data
+    end
+
+    private
+
+    def load_attributes(attributes)
+      attributes = attributes.transform_keys(&:to_s)
+
+      version = attributes['version'] || 1
+      raise ArgumentError, 'Version is too new' unless version && version == 1
+
+      @version = version
+
+      @licensee = attributes['licensee']
+
+      # `issued_at` is the legacy name for starts_at.
+      # TODO: Move to starts_at in a next version.
+      %w[issued_at expires_at notify_admins_at notify_users_at block_changes_at].each do |attr_name|
+        set_date_attribute(attr_name, attributes[attr_name])
+      end
+
+      %w[last_synced_at next_sync_at activated_at].each do |attr_name|
+        set_datetime_attribute(attr_name, attributes[attr_name])
+      end
+
+      %w[
+        cloud_licensing_enabled
+        offline_cloud_licensing_enabled
+        auto_renew_enabled
+        seat_reconciliation_enabled
+        operational_metrics_enabled
+        generated_from_customers_dot
+      ].each do |attr_name|
+        public_send("#{attr_name}=", attributes[attr_name] == true)
+      end
+
+      restrictions = attributes['restrictions']
+      if restrictions&.is_a?(Hash)
+        restrictions = restrictions.transform_keys(&:to_sym)
+        @restrictions = restrictions
+      end
+    end
+
+    def set_date_attribute(attr_name, value, date_class = Date)
+      value = date_class.parse(value) rescue nil if value.is_a?(String)
+
+      return unless value
+
+      public_send("#{attr_name}=", value)
+    end
+
+    def set_datetime_attribute(attr_name, value)
+      set_date_attribute(attr_name, value, DateTime)
+    end
+  end
+end

metadata

@@ -0,0 +1,131 @@
+--- !ruby/object:Gem::Specification
+name: gitlab-license-plain
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Satoshi Nakamoto
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2022-01-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.80.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.80.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.38.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.38.1
+description: 
+email:
+- satoshi@nakamoto.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/gitlab/license.rb
+- lib/gitlab/license/boundary.rb
+- lib/gitlab/license/encryptor.rb
+- lib/gitlab/license/version.rb
+homepage: https://github.com/andreimerfu/gitlab-license-plain
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key: 
+specification_version: 4
+summary: Gitlab Enterprise license
+test_files: []