Documentation ¶
Overview ¶
Package license provides functions to create, sign and verify ocis licenses.
Index ¶
Constants ¶
This section is empty.
Variables ¶
Functions ¶
func New ¶
func New(p Payload) license
New creates a new license instance. This function also sets the created date in the payload to `time.Now()`
func Sign ¶
func Sign(l *license, crt x509.Certificate, privateKey ed25519.PrivateKey) error
Sign uses the privateKey to sign the payload part of the license and then adds the signature and the certificate to the license header. If the certificate can't verify the signature an error is returned.
func ValidatePeriod ¶
func Verify ¶
func Verify(r io.Reader, rootCert x509.Certificate) (license, error)
Verify reads the license and verifies the signature. If the signature is correct the license will be parsed and returned. If the signature is incorrect or the parsing fails, an error will be returned. This method does NOT verify the content e.g. it does not check if the license is expired. The caller is expected to do content based checks. The expected format of the signature is 'base64(json(header)).base64(json(payload))'.
Types ¶
type Header ¶
type Header struct { // Version represents the license version. // This field enables us to change license handling or format in the future. Version int `json:"version"` // The signature of the payload. PayloadSignature []byte `json:"payload_signature"` // The certificate with which the signature was calculated. Certificate []byte `json:"certificate"` }
Header contains technical info about the license. The header is not signed and therefor the values should not be trusted blindly.
type Payload ¶
type Payload struct { ID string `json:"id"` // The type of the license e.g. 'commercial' or 'non-commercial' etc. Type string `json:"type"` // The target environment for the license e.g. 'production' or 'staging' etc. Environment string `json:"environment"` // The time of the creation Created time.Time `json:"created"` // The limit of users // This field can be nil. A nil value means it's unrestricted. MaxUsers *int `json:"max_users"` // The licensed features e.g. 'core', 'full-text-search', etc. Features []string `json:"features"` // The sla type e.g. '24x7' or '9x5' SLAType string `json:"sla_type"` // The origin of the license. I.e. who issued the license. Origin string `json:"origin"` // The license receiver LicenseeName string `json:"licensee_name"` // The possible grace periods after the expiration of the license. // The key is the order of the periods. I.e. '1' is the first period // '2' is the second etc. GracePeriods map[int]string `json:"grace_periods"` // The start time of the license. NotBefore time.Time `json:"not_before"` // The end time of the license. NotAfter time.Time `json:"not_after"` // Additional can hold fields which are not yet defined. Additional map[string]interface{} `json:"additional,omitempty"` }
Payload contains the business information of the license. The payload gets signed and can be verified by checking the signature in the header using the certificate from the header. The values can be trusted when the signature was verified.