Jump to content

support for java license client in license module

varun

By varun
in Extensions

 Share

Recommended Posts

varun Newbie

varun

Posted
Posted

Oure requirement is to have a license plugin for java. So that java based application can validate with license module of Blesta.

Is there anyone out there who have already done it. Or have some knowledge about the details of the license manager.

I had a go and found a few confusing bits in the license manager.

Especially with the signRsa function. It appears that the sign is done with the public_key. Normally its signing with private and verify with private.

Or is it a typo. Can anyone throw some light on this

timnboys Newbie

timnboys

Posted
Posted
9 hours ago, varun said:

Oure requirement is to have a license plugin for java. So that java based application can validate with license module of Blesta.

Is there anyone out there who have already done it. Or have some knowledge about the details of the license manager.

I had a go and found a few confusing bits in the license manager.

Especially with the signRsa function. It appears that the sign is done with the public_key. Normally its signing with private and verify with private.

Or is it a typo. Can anyone throw some light on this

ah....just try to convert what is done in php to the equivalent in java?

I cannot just do it for you because that would defeat the purpose and wouldn't "teach" you or you wouldn't learn anything from me "spoon-feeding" it for you. 

timnboys Newbie

timnboys

Posted
Posted
1 hour ago, activa said:

If your app is for mobile is complicated,you  have to use another approuch away from license manager .

not exactly I could make the license manager work for mobile since android uses java for its programming language and I could make app's that use the license manager plugin though as I stated to the op I ask they basically try first on some code to make it work and ask if they have problems showing the code they have tried and people like me who do know how to implement and make something like that will try to guide them in the right direction showing them what is wrong and how to fix it(though I won't do it for them for obvious reasons because if I do it all for them and they don't do anything for it that shows a lack of effect on the op's part and I may help but I want people to try at least first not to rely on someone to make it for them I never rely on someone to make stuff for myself because I learned how to make it myself for myself)

Blesta Addons Contributor

Blesta Addons

Posted
Posted

The license manager communicate with database to get the stored keys to encrypt/descrypt data, for mobile you need first to communicate with blesta database to get the keys, the better thing is to make a separate license manager for mobile .

mrrsm Newbie

mrrsm

Posted
Posted
On 9/5/2017 at 3:20 AM, varun said:

Especially with the signRsa function. It appears that the sign is done with the public_key. Normally its signing with private and verify with private.

This is quite confusing as technically this is frowned upon though the security library they are using seems to let them do it.  Most other languages won't let you sign things with the public key which will make it very hard to mimic in another language from what I can tell.  Maybe a dev can comment on the code because the comment on the function is different from what the parameters and code is doing. 

/**
 * Signs the given data using RSA signature with the provided private key
 *
 * @param string $data Data to be signed. A hash of this data will automatically be computed and the hash signed.
 * @param string $public_key The public key to use to sign the data
 * @param string $hmac_key The key used to compute the HMAC hash, if null will only compute a normal hash of the data
 * @param string $hash The hash to use (md5, sha1, sha256, sha512, etc.)
 * @return string The signature of the $data in base64 format
 */

 

Blesta Addons Contributor

Blesta Addons

Posted
Posted
On 11/09/2017 at 4:01 PM, mrrsm said:

This is quite confusing as technically this is frowned upon though the security library they are using seems to let them do it.  Most other languages won't let you sign things with the public key which will make it very hard to mimic in another language from what I can tell.  Maybe a dev can comment on the code because the comment on the function is different from what the parameters and code is doing. 


/**
 * Signs the given data using RSA signature with the provided private key
 *
 * @param string $data Data to be signed. A hash of this data will automatically be computed and the hash signed.
 * @param string $public_key The public key to use to sign the data
 * @param string $hmac_key The key used to compute the HMAC hash, if null will only compute a normal hash of the data
 * @param string $hash The hash to use (md5, sha1, sha256, sha512, etc.)
 * @return string The signature of the $data in base64 format
 */

 

i think is a mistake in the description , blesta fetch the public_key from the licensing server then it use it to sign the data, and send it to the license server, the license server use the same stored key to decrypt the key and check it .

not sure, but for blesta i think the private key is hmac_key .

 

mrrsm Newbie

mrrsm

Posted
Posted

The private key is the rsa private key that is saved on the server side.  They are just doing something strange by signing with the public key in the client. I'm hoping someone on the Blesta end can shed some light onto why it is done this way as most libraries won't let you do this.

This is the stackexchange post I found about signing with a public key for whatever, if anything, it is worth https://crypto.stackexchange.com/questions/2768/signing-with-public-key

timnboys Newbie

timnboys

Posted
Posted
34 minutes ago, mrrsm said:

The private key is the rsa private key that is saved on the server side.  They are just doing something strange by signing with the public key in the client. I'm hoping someone on the Blesta end can shed some light onto why it is done this way as most libraries won't let you do this.

This is the stackexchange post I found about signing with a public key for whatever, if anything, it is worth https://crypto.stackexchange.com/questions/2768/signing-with-public-key

I suggest @Paul @Tyson @Jono @Cody answer this for you lol.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...