cryptolens / cryptolens-java Goto Github PK

oshi 5.3.1 will throw an exception when getting machine code on Windows 11. This problem can be fixed by updating oshi to 5.3.8

Hello team,
I accidentally found that in case of some errors, an incorrect exception messages is printed into the error stream, e.g.:
[Ljava.lang.StackTraceElement;@5d91ae08

This happens because of two places in the LicenseKey code where System.err.println(ex.getStackTrace()); is used:
here and here

The fix might be to just replace it with: ex.printStackTrace(System.err);

Hello,

After downloading and adding the latest .jar file, the classes in .iocryptolens are empty. I tried multiple versions now, but could not succeed. When is the maven release planned?

My errors:

Exception in thread "main" java.lang.NoClassDefFoundError: io/cryptolens/models/ActivateModel
at main.Main.validateKey(Main.java:111)
at main.Main.initializeConfig(Main.java:97)
at main.MainMenu.(MainMenu.java:62)
at main.Main.main(Main.java:75)
Caused by: java.lang.ClassNotFoundException: io.cryptolens.models.ActivateModel
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)

Hello team,
We have faced an issue with the offline activation - LicenseKey.LoadFromString(key, licenseContent) method does not check a product ID, so it's possible to get a valid key for an activation file for a different product.
I think this is fine, since we can easily check the product ID once we have a LicenseKey object, but it might not very obvious for new users that this check needs to be done, since there is no mention in the documentation. Also, online activation methods - Key.Activate does product ID check already, so I would expect the same behavior for the offline activation.

Having said that, I think it would be nice to either add a few words about the necessity of product ID check into the documentation: https://github.com/Cryptolens/cryptolens-java#offline-activation-savingloading-licenses
Or to add an additional 'productId' parameter into LicenseKey.LoadFromString methods.

It should take in a model (the parameters) and return an object of the desired type.

Hi,

to help with our packaging of this library it would really help if it got released in maven central.

Is it possible for you to release to maven central?

Thanks.

First of all, this API is amazing. It facilitated the entire licensing process and it works like a charm, and with pretty good security too.

Anyway, I developed a licensed Android app and I tried to get my product's licenses node-locked, that is, generating ANDROID_IDs and checking whether the keys are on the right machines. I always got errors saying that the licenses are not on the right machine although their IDs are correctly registered on the Web CPanel. The docs say I should call 'isOnRightMachine' with parameter v=2 if I am using Cryptolens-android.jar

There is another section of the documentation that says that 'getMachineCode' doesn't work on Android, which is correct. Which is why I had to generate Android IDs to identify a device, despite their shortcoming. However, I had to analyze the source code to know that 'isOnRightMachine' actually has a paramter that says 'machine code', that is not explicitly mentioned anywhere in the docs. It would be pretty useful if you inform Android Devs to explicitly specify the machine code in 'isOnRightMachine()' parameters instead of setting v = 2.

Also, concerning Android IDs, for now they're pretty much the only reliable identifier for newer Android versions. An Android ID will reset upon factory reset, but also, if the Android version is 8.0 or higher, the Android IDs is unique to the operating system, the device's user, AND the app's signing key itself. That's why you also have to inform the devs that using Android IDs should only reliable when you have a STATIC app signature key across all devices, all updates, all releases..etc

It's worth mentioning that 'getDeviceId()' does not work anymore due to the impossible permission it requires (PRIVILEGED_READ_PHONE_STATE) which requires the device to be in 'Enterprise Mode' (no normal end-users have this on).

Cheers!

Hi,

I was looking into a security issue in a dependency of cryptolens.

That is: https://nvd.nist.gov/vuln/detail/CVE-2022-25647 for gson 2.8.5.

I see that latest version in pom.xml is 2.9.1, but latest jar in release 1.26 seems to contain 2.8.5.
(via file in jar: META-INF/maven/com.google.code.gson/gson/pom.xml)

If so, can you release a jar with newest deps as in source code pom.xml?

Thanks

Are you still planning to release to maven central? This can help with external dependency management.

Hello,
I'm receiving 401 error (WebAPIError) while trying to activate a key with Java library.
I'm using v1.25 of Cryptolens. I've tried both android and non-android versions of library.

My code below:

private static void checkLicense() {
    String RSAPubKey = "MyRSAPubKey";
    String auth = "MyAuthKey";
    
    LicenseKey license = null;
    String licenseFilePath = "./de_license.lic";
    String licenseKeyPath = "./key.txt";
    APIError error = new APIError();

    try {
        String licenseString = new String(Files.readAllBytes(Paths.get(licenseFilePath)));
        license = LicenseKey.LoadFromString(RSAPubKey, licenseString, 30);
    } catch (IOException ein) {
        try {
            String licenseKey = new String(Files.readAllBytes(Paths.get(licenseKeyPath)));
            license = Key.Activate(auth, RSAPubKey, new ActivateModel(14771, licenseKey, Helpers.GetMachineCode(2)), error);
            System.out.println(error.message);
            System.out.println(error.errorType);

            if (Helpers.IsOnRightMachine(license, 2)) {
                try {
                    BufferedWriter writer = new BufferedWriter(new FileWriter(licenseFilePath));
                    writer.write(license.SaveAsString());
                    writer.close();
                } catch (IOException ignored) {
                }
            }
        } catch (IOException ignored) {
        }
    }

    if (!Helpers.IsOnRightMachine(license, 2)) {
        throw new IllegalArgumentException("Wrong license key!");
    }
}

In order to support multiple features, the GUI will write those into a separate data object called 'cryptolens_features' associated with a license key (based on the template provided in 'cryptolens_featuretemplate' data object in the product).

Earlier, this information was stored in the notes field, which we need to fix to account for this change.

The affected method is: https://github.com/Cryptolens/cryptolens-java/blob/master/src/main/java/io/cryptolens/methods/Helpers.java#L219

Hello everybody,where can I download Cryptolens java library?

https://app.cryptolens.io/docs/api/v3/GetKey