verhas / license3j Goto Github PK

Hi,

We are working on a standalone application where License3j is used for Licensing feature, and License3j in turn uses bouncy castle (bcprov-jdk16-1.46.jar). Our product is a jar and we repackage the class files of License3J and its dependencies (in this case the BCprov jar) into this jar.

When we tried to execute our application through command line, we are getting the following exception, “JCE cannot authenticate the provider BC” (Please find the attached stack trace).

Caused by: org.bouncycastle.openpgp.PGPException: Exception creating cipher
at org.bouncycastle.openpgp.PGPSecretKey.extractKeyData(Unknown Source)
~[LicenseGenerator-2.0.0-467.jar:na]
at org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown Sourc
e) ~[LicenseGenerator-2.0.0-467.jar:na]
at org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown Sourc
e) ~[LicenseGenerator-2.0.0-467.jar:na]
at com.verhas.licensor.License.encodeLicense(License.java:465) ~[License
Generator-2.0.0-467.jar:na]
at com.truvenhealth.analyticsengine.licensegenerator.LicenseGeneratorImp
l.createLicense(LicenseGeneratorImpl.java:105) ~[LicenseGenerator-2.0.0-467.jar:
na]
... 2 common frames omitted
Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC
at javax.crypto.Cipher.getInstance(DashoA13_..) ~[na:1.6]
... 7 common frames omitted
Caused by: java.util.jar.JarException: Cannot parse file:/C:/Users/dharanirajd/D
esktop/Test/Test3/LicenseGenerator-2.0.0-467.jar
at javax.crypto.SunJCE_c.a(DashoA13_..) ~[na:1.6]
at javax.crypto.SunJCE_b.b(DashoA13_..) ~[na:1.6]
at javax.crypto.SunJCE_b.a(DashoA13_..) ~[na:1.6]
... 8 common frames omitted

While making the BC as an installed/bundled provider (placing the bcprov jar in the jre ext folder worked), we do not want this. We want the bcprov classes to be within our jar and want the BC to be registered dynamically.

We tried with the following scenarios, like,

1. Set the Bouncy castle jar in the classpath
2. Set the Provider dynamically with the priority, as, “Security.insertProviderAt(new BouncyCastleProvider(), 2)”
3. Also edited the java.policy file and set the grant permission for the bouncy castle jar.

Even after all the above 3 steps we are still getting the above exception.

But if we place the bouncy castle jar in the JAVA’s ext folder, then it’s working, but we didn’t want to go with that approach.

Can you please help us with your suggestions on how to get this working.

Thanks and Regards
Raga

Dear all,
It's my first time with License3j. I 'm following the tutorial "http://verhas.github.io/License3j/tuto.html" but I have a problem in the last step.
If i write
license3j.bat decode --license-file=license.out --keyring-file="C:\Users\Utente\AppData\Roaming\gnupg\pubring.gpg"
the following error is reported
log4j:WARN No appenders could be found for logger (com.verhas.licensor.License).

log4j:WARN Please initialize the log4j system properly.
Usage: java -cp license3j.jar License3j decode options
mandatory options are:
--license-file, --keyring-file, [ --output ] [--charset]
Exception in thread "main" java.lang.NullPointerException
at java.io.ByteArrayInputStream.(ByteArrayInputStream.java:106)
at com.verhas.licensor.License.setLicenseEncoded(License.java:543)
at com.verhas.licensor.License.setLicenseEncoded(License.java:508)
at com.verhas.licensor.License.setLicenseEncodedFromFile(License.java:48
9)
at License3j.decode(License3j.java:102)
at License3j.main(License3j.java:173)
"cmd" non è riconosciuto come comando interno o esterno,
un programma eseguibile o un file batch.

Can you help me?

Exception in thread "main" java.lang.IllegalArgumentException: Can't find signing key in key ring.
at com.verhas.licensor.License.loadKey(License.java:438)
at com.verhas.licensor.License.loadKey(License.java:396)
at com.verhas.licensor.License.loadKey(License.java:251)
at License3j.encode(License3j.java:34)
at License3j.main(License3j.java:150)
pub 4096R/ADADBA50 created: 2015-05-22 expires: never usage: SC
trust: ultimate validity: ultimate
sub 4096R/BCEA7B3E created: 2015-05-22 expires: never usage: S
ultimate. XXXXXXXX(Licensor at XXXX.com) [email protected]

If we use this then the same license can be validated on multiple machines, is there any other way to overcome this using license3j?
Thank you in advance.

Needs to use an Instant type and an ISO format. You're clearly living and testing in UTC+1 or UTC-1, because all your test cases are an hour out. I have a test cluster across multiple timezones.

Hi Peter,

i have a problem to generate licenses on Linux (Ubuntu) machines. On Windows the license3j.bat works fine.

I get following exception: Exception in thread "main" java.lang.IllegalArgumentException: Can't find signing key in key ring.

The CLI call is:
./license3j.sh encode --license-file=liz.txt --keyring-file=secring.gpg --key="xxx (gfdsg) [email protected]" --password=gheim--output=liz.lic

Have you an idea what the problem is? I tried Java SDK 6,7 and 8 wih the 1.0.8 release.

Best regards,
Marco

Hi, thanks for sharing your great project!
I started following your tutorial to generate a license. When you mention the file license3j.bat, you said

This time you have to start the command line processor included in the license3j JAR file.

But the JAR file in maven repository does not include that file, which I think is right. Maybe, you need to update the tutorial and link to this github project, since it is the only place where I found license3j.bat.

On the other hand, and here is the real issue, I included license3j-1.0.7.jar to my project in order to use License3j.main(String[]). However, this class is in the default package, thus it is not possible to import it from a named package. You can read about this here.

I managed to call License3j.main(String[]) using reflection, but I think that class should be inside com.verhas or com.verhas.utils.

Referring to the documentation on http://verhas.github.io/License3j/sample.html, the example shows using the LicenseDate class to verify the dates.

This is missing... Is there another way, or should I revert to standard date validation?

The central release was compiled with Java 10 and uses class file version 54.

Please can you compile with java 7 or 8 so it can be used more widely?

Hi,
I am currently using version 2.0.0 from maven central repository in my application.
The tool snyk.com we use to check for any vulnerabilities marking License3j with the following two errors

1. Insecure Encryption [High Severity][https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32369] in org.bouncycastle:[email protected]
2. Deserialization of Untrusted Data [High Severity][https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32412] in org.bouncycastle:[email protected]

It indicates that both are introduced by com.verhas:[email protected] > org.bouncycastle:[email protected] > org.bouncycastle:[email protected]

And that this issue was fixed in versions: 1.60 of bcpg-jdk15on and bcprov-jdk15on dependencies of org.bouncycastle

Is there a near future plans to prepare a new version of License3j that includes the version 1.60 of above artefacts of org.bouncycastle ?

Or
Can you tell me how I can prepare one in my own workspace?

Thanks in advance
Tezcan

hi @verhas ,
This is a great project.
Can this codebase be used in a commercial project?
Can you add a LICENSE.txt file for this codebase, Apache License 2.0, MIT, or Others?
Thanks!

What the status of the 1.0.8 version? Is it still under development? Should I use 1.0.7 version?
Just inserted a few lines from the readme.

        <dependency>
            <groupId>com.verhas</groupId>
            <artifactId>license3j</artifactId>
            <version>1.0.8</version>
        </dependency>

And I got:

Could not find artifact com.verhas:license3j:jar:1.0.8 in central (https://repo.maven.apache.org/maven2)

I'm trying to encode a new license file, but i got the following error :

Exception in thread "main" java.lang.IllegalArgumentException: Can't find signing key in key ring.
at com.verhas.licensor.License.loadKey(License.java:392)
at com.verhas.licensor.License.loadKey(License.java:348)
at com.verhas.licensor.License.loadKey(License.java:214)
at License3j.encode(License3j.java:84)
at License3j.main(License3j.java:170)

Today I encountered, that as I loaded a certain library (i.e. icepdf), suddenly my otherwise valid license was no longer recognized as properly signed. As I dug through the code, the issue appears to be originating from the bouncy castle library, which is included and loaded by icepdf.

In particular, the issue encounters, because in the License class on line 140, the following function call
final var cipher = Cipher.getInstance(key.getAlgorithm());
Does no longer return the "SunJCE: Cipher.RSA -> com.sun.crypto.provider.RSACipher" but instead, the "BC: Cipher.RSA -> org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi$NoPadding" Cipher.

The latter decrypts the signature in a substantially different way as the first, native Cipher implementation as it "padds" the decrypted digest to 255 bytes. See the following example:

Decrypted signature with SunJCE: Cipher.RSA (Also the message digest generated by the digester):
[-59, -25, -68, -101, 12, -88, 80, 0, 59, 69, -43, 47, 94, 28, -12, 72, 34, 48, 97, -71, 30, -19, 113, -117, 96, 49, -39, -106, -98, -120, -90, -80, -114, 87, 124, 30, -16, 3, 61, 71, -13, -92, 118, -54, 16, -7, 105, 19, 48, 46, 59, 48, 120, 54, -12, 97, -21, -75, -21, 73, 50, -26, 18, -34]

Decrypted signature with BC: Cipher.RSA:
[1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, -59, -25, -68, -101, 12, -88, 80, 0, 59, 69, -43, 47, 94, 28, -12, 72, 34, 48, 97, -71, 30, -19, 113, -117, 96, 49, -39, -106, -98, -120, -90, -80, -114, 87, 124, 30, -16, 3, 61, 71, -13, -92, 118, -54, 16, -7, 105, 19, 48, 46, 59, 48, 120, 54, -12, 97, -21, -75, -21, 73, 50, -26, 18, -34]

Due to this, the following array comparison (Line 143)
return Arrays.equals(digestValue, sigDigest);
will FAIL and the license will be marked unsigned.

At this point, I'm not quite sure how to fix this issue, but a reasonable approach would be to enforce the selection of Sun's Cipher.RSA, no matter which other crypto libraries are loaded.

Cheers
Maurice

I tried to execute the license3j.sh script to encode a license, but it references a missing folder lib.

I built the project with maven

           mvn clean package

but neither are dependencies (bouncycastle) compiled together with the source code into a runnable jar file nor is this lib folder generated.

well, I guess that's not a good idea.

I am using the HardwareBinder class to generate a UUID and include it in the license file generated by a license creator java app. Then I use this UUID to validate the license in the actual app. The problem is that the HardwareBinder class gives me a different UUID after some time. For example, the UUID is the same for two days then it changes. Also, there was a time when I restarted the computer and the UUID changed. What can this be related to? Is it maybe the OS? Has anybody had this problem before?

Dear Sir,

The Bouncy Castle 1.52 removes the PGPPublicKeyRingCollection(InputStream).

By overview I've googled and found some example coding at [1]. If I'm not wrong it may be as the following: -

//        final PGPPublicKeyRingCollection pgpRing = new PGPPublicKeyRingCollection(
//                PGPUtil.getDecoderStream(keyIn));
        final BcPGPPublicKeyRingCollection  pgpRing = new BcPGPPublicKeyRingCollection(
                                              PGPUtil.getDecoderStream(keyIn));

Could you please help to consider? Thank you very much for your help in advance. I'm looking forward to hearing from you soon.

Regards,

Charlee Ch.

[1] https://gerrit.googlesource.com/gerrit/+/2ec9cf967754f99a314646d9398fe888b54ea9a0

Hello, I can only use java 8, but I still want to use your License3j.
Should I try the 2.0.0 release ? Or it is already outdated?

Is there possibility to have new sample and how to document as old one not applicable for new version.

Hi I am using Java 8 and license3j-3.1.5.jar using eclipse get this error :

java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.javafx.application.LauncherImpl.launchApplicationWithArgs(LauncherImpl.java:389) at com.sun.javafx.application.LauncherImpl.launchApplication(LauncherImpl.java:328) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at sun.launcher.LauncherHelper$FXHelper.main(LauncherHelper.java:873) Caused by: java.lang.RuntimeException: Exception in Application start method at com.sun.javafx.application.LauncherImpl.launchApplication1(LauncherImpl.java:917) at com.sun.javafx.application.LauncherImpl.lambda$launchApplication$1(LauncherImpl.java:182) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.NoClassDefFoundError: javax0/license3j/io/LicenseReader at chart.AlnairMainClient.checkLicense(AlnairMainClient.java:615) at chart.AlnairMainClient.start(AlnairMainClient.java:270) at com.sun.javafx.application.LauncherImpl.lambda$launchApplication1$8(LauncherImpl.java:863) at com.sun.javafx.application.PlatformImpl.lambda$runAndWait$7(PlatformImpl.java:326) at com.sun.javafx.application.PlatformImpl.lambda$null$5(PlatformImpl.java:295) at java.security.AccessController.doPrivileged(Native Method) at com.sun.javafx.application.PlatformImpl.lambda$runLater$6(PlatformImpl.java:294) at com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:95) at com.sun.glass.ui.win.WinApplication._runLoop(Native Method) at com.sun.glass.ui.win.WinApplication.lambda$null$3(WinApplication.java:177) ... 1 more Caused by: java.lang.ClassNotFoundException: javax0.license3j.io.LicenseReader at java.net.URLClassLoader.findClass(URLClassLoader.java:382) at java.lang.ClassLoader.loadClass(ClassLoader.java:419) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352) at java.lang.ClassLoader.loadClass(ClassLoader.java:352)

[edit] Apologies. Issue was caused by mixing up GPG's options. All working now.

Hello,

i am trying to bind a macAdress with a licence, but i can't use setUseHwAddress().
i was on licence3j 1.0.5 so i thought it was a versioning problem so i tried to put 1.0.8 but it dosen't exist?

my dependency :

com.verhas
license3j
1.0.8

i can't find any jar in 1.0.8, even after many time looking on the internet ?

tell me if i am doing wrong pls xD
Thanks,
Quentin.

Hi , I am using "license3j-2.0.0-JVM8.jar" with Java 8 . The commands given in the documentation refer to Java 11 commands. There is no Repl class in this jar.

So can you please share the commands to create the license file with this jar.
Thank you.

Thanks @verhas, great library. I plan to leverage your library in a project so took a deep dive into the code.

Suggest the following to improve performance:

1. Prefer NetworkInterface.networkInterfaces(), which returns a Stream

   License3j/src/main/java/javax0/license3j/hardware/Network.java

   Line 28 in 2be3a26

   return Collections.list(NetworkInterface.getNetworkInterfaces()).stream()

2. Return a Stream instead of collecting into a List

   License3j/src/main/java/javax0/license3j/hardware/Network.java

   Line 30 in 2be3a26

   .map(Network.Interface.Data::new).collect(Collectors.toList());

3. So here we can call sorted (an intermediate operation) instead of sort

   License3j/src/main/java/javax0/license3j/hardware/HashCalculator.java

   Line 37 in 2be3a26

   networkInterfaces.sort(Comparator.comparing(a -> a.name));

4. Finally, terminal operation here on the Stream interfaces.forEach(ni -> ...

   License3j/src/main/java/javax0/license3j/hardware/HashCalculator.java

   Line 27 in 2be3a26

   for (final var ni : interfaces) {

I would be happy to raise a PR for the above this weekend, if you like.

Hi,

I am using the license3j and using HardwareBinder getMachineIdString() method to get the hardware id as string BUT the id changed even if no hardware changed so I got deferent id values some times if the network disconnect to the router and connect again.

I have this problem to create the license, "I was not found or loaded the main class com.javax0.license3j.License3j" when I run it from windows cmd.

Hi,
i just encoded a license file with a German vowel (ä) as a feature value.
When loading the license file with

License lic = new License();
try {
  lic.loadKeyRingFromResource("license3j/pubring.gpg", digest);
  lic.setLicenseEncodedFromFile(licenseFileName);
} catch(Exception e) { }

and ask for that value i get back "ä".
The plain license file is UTF-8.
Am i missing here something or could this be a bug of your tool ?

I have a use case where i have to a string with colon in the license file. If i try this i get an Exception.

Here a sample code:

        File f = new File("test.lic");
        License license = new License();
        license.add(Feature.Create.stringFeature("id", "03:12:13"));
        license.add(Feature.Create.dateFeature("feature1", new Date()));
        license.add(Feature.Create.dateFeature("feature2", new Date()));
        LicenseWriter licenseWriter = new LicenseWriter(f.getAbsoluteFile());
        licenseWriter.write(license, IOFormat.STRING);
        
        LicenseReader reader = new LicenseReader(f);
        License license1  = reader.read(IOFormat.STRING);
        System.out.println(license1.get("id").getString());

output

Exception in thread "main" java.lang.IllegalArgumentException: Feature string representation needs '=' after the type
	at javax0.license3j.Feature.splitString(Feature.java:87)
	at javax0.license3j.License$Create.from(License.java:494)
	at javax0.license3j.io.LicenseReader.read(LicenseReader.java:109)
	at com.x.main(x.java:32)

Can you please check if it is a bug?

Shouldn't this line use keyPair.getPublic() - which seems to include the algorithm - and not just the encoded byte portion - when generating the byte array of the public key to place in your application?

When testing this, I couldn't get it to work with just the encoded byte portion. Upon attempting to load the public key in, the LicenseKeyPair.getAlgorithm() call would always fail in this code block, because it was not finding the right ASCII byte representation of the algorithm at the beginning of buffer.

private static String getAlgorithm(byte[] buffer){ for(int i = 0 ; i < buffer.length ; i ++){ if( buffer[i] == 0x00){ return new String(Arrays.copyOf(buffer,i),StandardCharsets.UTF_8); } } throw new IllegalArgumentException("key does not contain algorithm specification"); }

After changing keyPair.getPair().getPublic().getEncoded() to just keyPair.getPublic() things seemed to work better for me.

I am being asked a passphrase during building for the maven-gpg-plugin. Which passphrase is this?

In the travis, the unit tests are working properly, I guess it may be running in UTC timezone.

In my case, and probably most of other people laptops, the timezone ins't UTC, and the tests should be work correctly in different timezones.

Basically we can fix it changing:

final var now = new Date(1545047719295L);

to

final var now = Date.from(LocalDateTime.of(2018,12, 17, 12, 55, 19, 295 * 1000000)
                .toInstant(ZoneOffset.UTC));

First of all, thank you for this project

On the master branch, when I run mvn verify I get:

[INFO] --- maven-compiler-plugin:3.7.0:testCompile (default-testCompile) @ license3j ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 7 source files to /___/License3j/target/test-classes
[INFO] -------------------------------------------------------------
[ERROR] COMPILATION ERROR : 
[INFO] -------------------------------------------------------------
[ERROR] /___/License3j/src/test/java/com/javax0/license3j/filecompare/FilesAre.java:[77,19] cannot find symbol
  symbol:   method isComment()
  location: variable a of type com.javax0.license3j.filecompare.SourceLine
[ERROR] /___/License3j/src/test/java/com/javax0/license3j/filecompare/FilesAre.java:[77,36] cannot find symbol
  symbol:   method isComment()
  location: variable b of type com.javax0.license3j.filecompare.SourceLine
[INFO] 2 errors 
[INFO] -------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

This is confirmed by travis status:
https://travis-ci.org/verhas/License3j/branches

I have switched to jdk8 branch where I could successfully run this command:

mvn verify -Dgpg.skip=true

I noticed this feature.
You can delete the last characters of the encrypted license and the license can still be decrypted.
Please tell me why this is happening.

Exception in thread "main" java.lang.NoClassDefFoundError: org/bouncycastle/asn1/DEREncodable
at org.bouncycastle.openpgp.PGPKeyRing.readSignaturesAndTrust(Unknown Source)
at org.bouncycastle.openpgp.PGPKeyRing.readUserIDs(Unknown Source)
at org.bouncycastle.openpgp.PGPSecretKeyRing.(Unknown Source)
at org.bouncycastle.openpgp.PGPObjectFactory.nextObject(Unknown Source)
at org.bouncycastle.openpgp.PGPSecretKeyRingCollection.(Unknown Source)
at com.verhas.licensor.License.loadKey(License.java:440)
at com.verhas.licensor.License.loadKey(License.java:404)
at com.verhas.licensor.License.loadKey(License.java:250)
at License3j.encode(License3j.java:34)
at License3j.main(License3j.java:152)
Caused by: java.lang.ClassNotFoundException: org.bouncycastle.asn1.DEREncodable
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)

Exception in thread "main" java.lang.SecurityException: class "org.bouncycastle.asn1.DEREncodable"'s signer information does not match signer information of other classes in theame package
at java.lang.ClassLoader.checkCerts(ClassLoader.java:895)
at java.lang.ClassLoader.preDefineClass(ClassLoader.java:665)
at java.lang.ClassLoader.defineClass(ClassLoader.java:758)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:467)
at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run(URLClassLoader.java:368)
at java.net.URLClassLoader$1.run(URLClassLoader.java:362)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:361)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at org.bouncycastle.openpgp.PGPKeyRing.readSignaturesAndTrust(Unknown Source)
at org.bouncycastle.openpgp.PGPKeyRing.readUserIDs(Unknown Source)
at org.bouncycastle.openpgp.PGPSecretKeyRing.(Unknown Source)
at org.bouncycastle.openpgp.PGPObjectFactory.nextObject(Unknown Source)
at org.bouncycastle.openpgp.PGPSecretKeyRingCollection.(Unknown Source)
at com.verhas.licensor.License.loadKey(License.java:440)
at com.verhas.licensor.License.loadKey(License.java:404)
at com.verhas.licensor.License.loadKey(License.java:250)
at License3j.encode(License3j.java:34)
at License3j.main(License3j.java:152)
:lib/bcpg-jdk15+-1.46.jar:lib/bcpg-jdk15on-1.46.jar:lib/bcpg-jdk16-1.46.jar:lib/bcprov-jdk15on-1.50.jar:lib/bcprov-jdk15on-152.jar:lib/bcprov-jdk16-140.jar:lib/bcprov-jdk16-1.44ar:lib/bcprov-jdk16-1.44-sources.jar:lib/license3j-1.0.5.jar:lib/license3j-1.0.8-SNAPSHOT.jar:lib/license3j-1.0.8-SNAPSHOT-javadoc.jar:lib/License3j.class

Hello,
I would like to report following issue.
Tests conducted by my team with new license3j version have failed due to using “getName()” method which returns mnemonic plus index number as name (“net14”, “net16” etc.). When in our network we turn on VPN connection, new interfaces appear and some old disappear from our list. While they are filtered out thanks to your current changes, they introduce change on accepted interfaces index part (interface that was “net12” becomes “net14”), causing our license to expire.
Thank you in advance for your help.
Best regards,
Jerzy Bogusławski

RSA decryption error - IllegalBlockSizeException: Data must not be longer than 128 or 256 bytes depend how to generate private and public key
It's correct to be verified one license if is authentic with generated public key
how can I solve this?

On the page https://github.com/verhas/License3j/wiki/sample the fraud link is not accessible.

If you are debugging, not serious or for some other reason do not want this extra security check to be performed then you can pass null as second argument to method loadKeyRingFromResource(). For more information why you need to include your digest into the code and pass it to the key ring loading have a look at the page {{./fraud.html}}.

Dear Sir,

The Bouncy Castle 1.51 removes the PGPSecretKey.extractPrivateKey(String), it cause the License3j some exception as

java.lang.NoSuchMethodError: org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey([CLjava/lang/String;)Lorg/bouncycastle/openpgp/PGPPrivateKey;
at com.verhas.licensor.License.encodeLicense(License.java:482)

By overview I've googled and found some example coding at [1]. If I'm not wrong it may be as the following: -

        PGPSecretKey                key          = null;
        String                      pin          = null;
        PGPDigestCalculatorProvider calcProvider = null;
        PBESecretKeyDecryptor       decryptor    = null;
        PGPPrivateKey               pKey         = null;
        try {
            key          = //Loading key
            pin          = "some-pin";
            calcProvider = new JcaPGPDigestCalculatorProviderBuilder().
                                    setProvider(BouncyCastleProvider.PROVIDER_NAME).
                                    build();
            decryptor    = new JcePBESecretKeyDecryptorBuilder(calcProvider).
                                    setProvider(BouncyCastleProvider.PROVIDER_NAME).
                                    build(pin.toCharArray());
            pKey         = key.extractPrivateKey(decryptor);

        } catch (PGPException e) {
            // TODO Handle the exception
            e.printStackTrace();
        } finally {
            key          = null;
            pin          = null;
            calcProvider = null;
            decryptor    = null;
            pKey         = null;
        }

Could you please help to consider? Thank you very much for your help in advance. I'm looking forward to hearing from you soon.

Regards,

Charlee Ch.

[1] https://github.com/bcgit/bc-java/blob/master/pg/src/test/java/org/bouncycastle/openpgp/test/PGPUnicodeTest.java

GnuPG doesn't generate keys the same way as before...
I tried to follow the tutorial but I can't since there are not pubring.pgp and secring.pgp.

Is there any way to make it work ?

To avoid that users (not customers ;)) re-packaging the jar: is a hash calculated from the original jar or do you think that will cause too much trouble for the paying customers?

The commands of the REPL application are all lower case (i.e. generatekeys instead of generateKeys), which is inconsistent with the "help" command output, as well as the readme.

Dear verhas,

The first issue I found is the lack of version 1.0.8 in the central repository. Which also seems not exist in the project.

The second, which I am having struggles with, is the error to find/load the main class. Either with package "com.javax0.license3j.License3j" or simply "License3j". I am using java 8 and the Windows .bat file.

Moreover, I used the branch jdk8 and the license3j-1.0.7 tag with no success. Hope you can help, thank you.

In your home you describe the creation of a key pair through:

$ java -cp license3j-3.0.0.jar javax0.license3j.Repl

but in the jar i've downloaded, it does not exist the class.
It si somtheing missing or the docs are outdated?

Best regards

Damiano

Hello,

I think your project is great (found it via your article) and would like to use it for a project!

However, the 2.0.0 release is affected by a couple of BouncyCastle vulnerabilities (and 3.0.0-SNAPSHOT is not, since the library was upgraded):
https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32369
https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32412

May I ask when are you planning to release 3.0.0?

Thank you!

Great library. Thank you. The License class though needs IMHO the following method :

    /**
     * Get an unmodifiable map of feature names to features.
     * 
     * @return the name to feature map
     */
    public Map<String, Feature> getFeatures() {
        return Collections.unmodifiableMap(features);
    }

There are multiple use cases for this. Let me mention just as an example conversion to JSON.

Regards
Nikolay

I am having a weird issue where license verification. For me same license and same public key works in Windows but it does not work on Ubuntu

This works as expected but when I try same exact files on Ubuntu machine:

What could cause this issue?

Hi,

I am using license3j to read the license file that i have.

It seems, It's not closing the inputstream whenever we are reading the license file.

I am using setLicenseEncodedFromFile(File, CharSet) method.

Below is the piece of code that i seen in License class

public License setLicenseEncoded(InputStream inputStream, String charset)
        throws IOException, PGPException {
        final ByteArrayInputStream keyIn = new ByteArrayInputStream(
            publicKeyRing);
        final InputStream decoderInputStream = PGPUtil
            .getDecoderStream(inputStream);
}    

Here inside getDecoderStream we are only reseting the inputStream, We are not closing after reading it.

Am i doing something wrong?

Please help!

I did as the doc said, just can't get through it, please help...

Dear Sir,

Regarding to the decoding, we are able to pass the inputstream as a parameter as the following: -

InputStream ins = //load file/string/resource/etc as as stream.
license.setLicenseEncode(ins);

Please correct me, if I'm wrong. I though that it would be nice to have the same way for encoding as well. Could you please help to consider to open the setLicense(final InputStream is) method to be a public method?

Regards,

Charlee Ch.