gitlab-license 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 003f891e0c79c5dad69dd13991814fd337dd842f
+  data.tar.gz: 9a324afa2d6c474d654baddded5d8c8f06c06e2c
+SHA512:
+  metadata.gz: 902fe5b33b61f2c259a638c4ed9bfdb05cade11046e4c7913557df9030e547ea29e8fa3e363208fd0d4f13b460b3300d646a78ef3d133444106aee2209d9850f
+  data.tar.gz: 0ca91a33ad564337b64b691ddd7badb405899bc3a7b1d6d8c8e45e08397e59b4a031d30836553ea7568f9ba49ae7c7d49af86063f08e3379b58cb152f9e18161

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.1.3

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in gitlab-license.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 GitLab B.V.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,162 @@
+# Gitlab::License
+
+gitlab-license helps you generate, verify and enforce software licenses. It is used in GitLab Enterprise Edition.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'gitlab-license'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install gitlab-license
+
+## Usage
+
+```ruby
+# Generate a key pair. You should do this only once.
+key_pair = OpenSSL::PKey::RSA.generate(2048)
+
+# Write it to a file to use in the license generation application.
+File.open("license_key", "w") { |f| f.write(key_pair.to_pem) }
+
+# Extract the public key.
+public_key = key_pair.public_key
+# Write it to a file to ship along with the main application.
+File.open("license_key.pub", "w") { |f| f.write(public_key.to_pem) }
+
+# In the license generation application, load the private key from a file.
+private_key = OpenSSL::PKey::RSA.new File.read("license_key")
+Gitlab::License.encryption_key = private_key
+
+# Build a new license.
+license = Gitlab::License.new
+
+# License information to be rendered as a table in the admin panel.
+# E.g.: "This instance of GitLab Enterprise Edition is licensed to:"
+# Specific keys don't matter, but there needs to be at least one.
+license.licensee = {
+  "Name"    => "Douwe Maan",
+  "Company" => "GitLab B.V.",
+  "Email"   => "douwe@gitlab.com"
+}
+
+# The date the license was issued. 
+# Required.
+license.issued_at         = Date.new(2015, 4, 24)
+# The date the license expires. 
+# Not required, to allow lifetime licenses.
+license.expires_at        = Date.new(2016, 4, 23)
+
+# The below dates are hardcoded in the license so that you can play with the
+# period after which there are "repercussions" to license expiration.
+
+# The date admins will be notified about the license's pending expiration. 
+# Not required.
+license.notify_admins_at  = Date.new(2016, 4, 19)
+
+# The date regular users will be notified about the license's pending expiration.
+# Not required.
+license.notify_users_at   = Date.new(2016, 4, 23)
+
+# The date "changes" like code pushes, issue or merge request creation 
+# or modification and project creation will be blocked.
+# Not required.
+license.block_changes_at  = Date.new(2016, 5, 7)
+
+# Restrictions bundled with this license.
+# Not required, to allow unlimited-user licenses for things like educational organizations.
+license.restrictions  = {
+  # The maximum allowed number of active users.
+  # Not required.
+  active_user_count: 10000
+
+  # We don't currently have any other restrictions, but we might in the future.
+}
+
+puts "License:"
+puts license
+
+# Export the license, which encrypts and encodes it.
+data = license.export
+
+puts "Exported license:"
+puts data
+
+# Write the license to a file to send to a customer.
+File.open("GitLabBV.gitlab-license", "w") { |f| f.write(data) }
+
+
+# In the customer's application, load the public key from a file.
+public_key = OpenSSL::PKey::RSA.new File.read("license_key.pub")
+Gitlab::License.encryption_key = public_key
+
+# Read the license from a file.
+data = File.read("GitLabBV.gitlab-license")
+
+# Import the license, which decodes and decrypts it.
+$license = Gitlab::License.import(data)
+
+puts "Imported license:"
+puts $license
+
+# Quit if the license is invalid
+unless $license
+  raise "The license is invalid."
+end
+
+# Quit if the active user count exceeds the allowed amount:
+if $license.restricted?(:active_user_count)
+  active_user_count = User.active.count
+  if active_user_count > $license.restrictions[:active_user_count]
+    raise "The active user count exceeds the allowed amount!"
+  end
+end
+
+# Show admins a message if the license is about to expire.
+if $license.notify_admins?
+  puts "The license is due to expire on #{$license.expires_at}."
+end
+
+# Show users a message if the license is about to expire.
+if $license.notify_users?
+  puts "The license is due to expire on #{$license.expires_at}."
+end
+
+# Block pushes when the license expired two weeks ago.
+module Gitlab
+  class GitAccess
+    # ...
+    def check(cmd, changes = nil)
+      if $license.block_changes?
+        return build_status_object(false, "License expired")
+      end
+
+      # Do other Git access verification
+      # ...
+    end
+    # ...
+  end
+end
+
+# Show information about the license in the admin panel.
+puts "This instance of GitLab Enterprise Edition is licensed to:"
+$license.licensee.each do |key, value|
+  puts "#{key}: #{value}"
+end
+
+if $license.expired?
+  puts "The license expired on #{$license.expires_at}"
+elsif $license.will_expire?
+  puts "The license will expire on #{$license.expires_at}"
+else
+  puts "The license will never expire."
+end
+```

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "gitlab/license"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/gitlab-license.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'gitlab/license/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "gitlab-license"
+  spec.version       = Gitlab::License::VERSION
+  spec.authors       = ["Douwe Maan"]
+  spec.email         = ["douwe@gitlab.com"]
+
+  spec.summary       = %q{gitlab-license helps you generate, verify and enforce software licenses.}
+  spec.homepage      = "https://gitlab.com/gitlab-org/gitlab-license"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.9"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "byebug"
+end

data/lib/gitlab/license.rb

@@ -0,0 +1,155 @@
+require "openssl"
+require "date"
+require "json"
+require "base64"
+
+require "gitlab/license/version"
+require "gitlab/license/encryptor"
+
+module Gitlab
+  class License
+    class << self
+      attr_accessor :encryption_key
+      @encryption_key = nil
+
+      def encryptor
+        unless self.encryption_key && self.encryption_key.is_a?(OpenSSL::PKey::RSA)
+          raise "No RSA encryption key provided."
+        end
+
+        Encryptor.new(self.encryption_key)
+      end
+
+      def import(data)
+        from_json(encryptor.decrypt(data))
+      end
+
+      def from_json(license_json)
+        new(JSON.parse(license_json))
+      end
+    end
+
+    attr_reader :version
+    attr_accessor :licensee, :issued_at, :expires_at
+    attr_accessor :notify_admins_at, :notify_users_at, :block_changes_at
+    attr_accessor :restrictions
+
+    def initialize(attributes = {})
+      load_attributes(attributes)
+    end
+
+    def valid?
+      return false if !licensee         || !licensee.is_a?(Hash) || licensee.length == 0
+      return false if !issued_at        || !issued_at.is_a?(Date)
+      return false if expires_at        && !expires_at.is_a?(Date)
+      return false if notify_admins_at  && !notify_admins_at.is_a?(Date)
+      return false if notify_users_at   && !notify_users_at.is_a?(Date)
+      return false if block_changes_at  && !block_changes_at.is_a?(Date)
+      return false if restrictions      && !restrictions.is_a?(Hash)
+
+      true
+    end
+
+    def validate!
+      raise "License is invalid" unless valid?
+    end
+
+    def will_expire?
+      self.expires_at
+    end
+
+    def will_notify_admins?
+      self.notify_admins_at
+    end
+
+    def will_notify_users?
+      self.notify_users_at
+    end
+
+    def will_block_changes?
+      self.block_changes_at
+    end
+
+    def expired?
+      will_expire? && Date.today >= self.expires_at
+    end
+
+    def notify_admins?
+      will_notify_admins? && Date.today >= self.notify_admins_at
+    end
+
+    def notify_users?
+      will_notify_users? && Date.today >= self.notify_users_at
+    end
+
+    def block_changes?
+      will_block_changes? && Date.today >= self.block_changes_at
+    end
+
+    def restricted?(key = nil)
+      if key
+        restricted? && restrictions.has_key?(key)
+      else
+        restrictions && restrictions.length >= 1
+      end
+    end
+
+    def attributes      
+      hash = {}
+
+      hash["version"]          = self.version
+      hash["licensee"]         = self.licensee
+
+      hash["issued_at"]        = self.issued_at
+      hash["expires_at"]       = self.expires_at       if self.will_expire?
+
+      hash["notify_admins_at"] = self.notify_admins_at if self.will_notify_admins?
+      hash["notify_users_at"]  = self.notify_users_at  if self.will_notify_users?
+      hash["block_changes_at"] = self.block_changes_at if self.will_block_changes?
+
+      hash["restrictions"]     = self.restrictions     if self.restricted?
+
+      hash
+    end
+
+    def to_json
+      JSON.dump(self.attributes)
+    end
+
+    def export
+      validate!
+
+      self.class.encryptor.encrypt(self.to_json)
+    end
+
+    private
+
+    def load_attributes(attributes)
+      attributes = Hash[attributes.map { |k, v| [k.to_s, v] }]
+
+      version = attributes["version"] || 1
+      unless version && version == 1
+        raise ArgumentError, "Version is too new"
+      end
+
+      @version = version
+
+      @licensee = attributes["licensee"]
+
+      %w(issued_at expires_at notify_admins_at notify_users_at block_changes_at).each do |attr|
+        value = attributes[attr]
+        value = Date.parse(value) rescue nil if value.is_a?(String)
+        
+        next unless value
+
+        send("#{attr}=", value)
+      end
+
+      restrictions = attributes["restrictions"]
+      if restrictions && restrictions.is_a?(Hash)
+        restrictions = Hash[restrictions.map { |k, v| [k.to_sym, v] }]
+        @restrictions = restrictions
+      end
+    end
+  end
+end

data/lib/gitlab/license/encryptor.rb

@@ -0,0 +1,63 @@
+module Gitlab
+  class License
+    class Encryptor
+      attr_accessor :key
+
+      def initialize(key)
+        @key = key
+      end
+
+      def encrypt(data)
+        unless key.private?
+          raise "Provided key is not a private key."
+        end
+
+        # Encrypt the data using symmetric AES encryption.
+        cipher = OpenSSL::Cipher::AES128.new(:CBC)
+        cipher.encrypt
+        aes_key = cipher.random_key
+        aes_iv  = cipher.random_iv
+
+        encrypted_data = cipher.update(data) + cipher.final
+
+        # Encrypt the AES key using asymmetric RSA encryption.
+        encrypted_key = self.key.private_encrypt(aes_key)
+
+        encryption_data = {
+          "data" => Base64.encode64(encrypted_data),
+          "key"  => Base64.encode64(encrypted_key),
+          "iv"   => Base64.encode64(aes_iv)
+        }
+
+        json_data = JSON.dump(encryption_data)
+        Base64.encode64(json_data)
+      end
+
+      def decrypt(data)
+        unless key.public?
+          raise "Provided key is not a public key."
+        end
+
+        json_data = Base64.decode64(data)
+        encryption_data = JSON.parse(json_data)
+
+        encrypted_data  = Base64.decode64(encryption_data["data"])
+        encrypted_key   = Base64.decode64(encryption_data["key"])
+        aes_iv          = Base64.decode64(encryption_data["iv"])
+
+        # Decrypt the AES key using asymmetric RSA encryption.
+        aes_key = self.key.public_decrypt(encrypted_key)
+
+        # Decrypt the data using symmetric AES encryption.
+        cipher = OpenSSL::Cipher::AES128.new(:CBC)
+        cipher.decrypt
+        cipher.key  = aes_key
+        cipher.iv   = aes_iv
+
+        data = cipher.update(encrypted_data) + cipher.final
+
+        data
+      end
+    end
+  end
+end

data/lib/gitlab/license/version.rb

@@ -0,0 +1,5 @@
+module Gitlab
+  class License
+    VERSION = "0.0.1"
+  end
+end

metadata

@@ -0,0 +1,99 @@
+--- !ruby/object:Gem::Specification
+name: gitlab-license
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Douwe Maan
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-04-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- douwe@gitlab.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- gitlab-license.gemspec
+- lib/gitlab/license.rb
+- lib/gitlab/license/encryptor.rb
+- lib/gitlab/license/version.rb
+homepage: https://gitlab.com/gitlab-org/gitlab-license
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: gitlab-license helps you generate, verify and enforce software licenses.
+test_files: []