2017-08-09 17:01:37 -04:00
|
|
|
|
using Bit.Core.Models.Business;
|
|
|
|
|
|
using Bit.Core.Models.Table;
|
2017-08-16 23:15:09 -04:00
|
|
|
|
using Bit.Core.Repositories;
|
2017-08-09 17:01:37 -04:00
|
|
|
|
using Bit.Core.Utilities;
|
|
|
|
|
|
using Microsoft.AspNetCore.Hosting;
|
2017-08-17 17:10:34 -04:00
|
|
|
|
using Microsoft.Extensions.Logging;
|
2017-08-09 17:01:37 -04:00
|
|
|
|
using Newtonsoft.Json;
|
|
|
|
|
|
using System;
|
|
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
|
using System.IO;
|
2017-08-17 00:12:11 -04:00
|
|
|
|
using System.Linq;
|
2017-08-09 17:01:37 -04:00
|
|
|
|
using System.Security.Cryptography.X509Certificates;
|
|
|
|
|
|
using System.Text;
|
2017-08-16 17:08:20 -04:00
|
|
|
|
using System.Threading.Tasks;
|
2017-08-09 17:01:37 -04:00
|
|
|
|
|
|
|
|
|
|
namespace Bit.Core.Services
|
|
|
|
|
|
{
|
2017-08-22 15:27:29 -04:00
|
|
|
|
public class LicensingService : ILicensingService
|
2017-08-09 17:01:37 -04:00
|
|
|
|
{
|
|
|
|
|
|
private readonly X509Certificate2 _certificate;
|
|
|
|
|
|
private readonly GlobalSettings _globalSettings;
|
2017-08-16 23:15:09 -04:00
|
|
|
|
private readonly IUserRepository _userRepository;
|
2017-08-17 00:12:11 -04:00
|
|
|
|
private readonly IOrganizationRepository _organizationRepository;
|
2017-08-22 15:27:29 -04:00
|
|
|
|
private readonly IOrganizationUserRepository _organizationUserRepository;
|
|
|
|
|
|
private readonly ILogger<LicensingService> _logger;
|
2017-08-17 00:12:11 -04:00
|
|
|
|
|
|
|
|
|
|
private IDictionary<Guid, DateTime> _userCheckCache = new Dictionary<Guid, DateTime>();
|
2017-08-09 17:01:37 -04:00
|
|
|
|
|
2017-08-22 15:27:29 -04:00
|
|
|
|
public LicensingService(
|
2017-08-16 23:15:09 -04:00
|
|
|
|
IUserRepository userRepository,
|
2017-08-17 00:12:11 -04:00
|
|
|
|
IOrganizationRepository organizationRepository,
|
2017-08-22 15:27:29 -04:00
|
|
|
|
IOrganizationUserRepository organizationUserRepository,
|
2017-08-09 17:01:37 -04:00
|
|
|
|
IHostingEnvironment environment,
|
2017-08-22 15:27:29 -04:00
|
|
|
|
ILogger<LicensingService> logger,
|
2017-08-09 17:01:37 -04:00
|
|
|
|
GlobalSettings globalSettings)
|
|
|
|
|
|
{
|
2017-08-16 23:15:09 -04:00
|
|
|
|
_userRepository = userRepository;
|
2017-08-17 00:12:11 -04:00
|
|
|
|
_organizationRepository = organizationRepository;
|
2017-08-22 15:27:29 -04:00
|
|
|
|
_organizationUserRepository = organizationUserRepository;
|
2017-08-17 17:10:34 -04:00
|
|
|
|
_logger = logger;
|
2017-08-16 17:08:20 -04:00
|
|
|
|
|
2017-10-03 16:19:20 -04:00
|
|
|
|
var certThumbprint = "B34876439FCDA2846505B2EFBBA6C4A951313EBE";
|
2017-08-09 17:01:37 -04:00
|
|
|
|
_globalSettings = globalSettings;
|
2017-08-11 22:55:25 -04:00
|
|
|
|
_certificate = !_globalSettings.SelfHosted ? CoreHelpers.GetCertificate(certThumbprint)
|
|
|
|
|
|
: CoreHelpers.GetEmbeddedCertificate("licensing.cer", null);
|
|
|
|
|
|
if(_certificate == null || !_certificate.Thumbprint.Equals(CoreHelpers.CleanCertificateThumbprint(certThumbprint),
|
|
|
|
|
|
StringComparison.InvariantCultureIgnoreCase))
|
2017-08-09 17:01:37 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new Exception("Invalid licensing certificate.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-09-01 15:36:26 -04:00
|
|
|
|
if(_globalSettings.SelfHosted && !CoreHelpers.SettingHasValue(_globalSettings.LicenseDirectory))
|
2017-08-09 17:01:37 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException("No license directory.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-17 00:12:11 -04:00
|
|
|
|
public async Task ValidateOrganizationsAsync()
|
2017-08-09 17:01:37 -04:00
|
|
|
|
{
|
2017-08-11 22:55:25 -04:00
|
|
|
|
if(!_globalSettings.SelfHosted)
|
|
|
|
|
|
{
|
2017-08-17 00:12:11 -04:00
|
|
|
|
return;
|
2017-08-11 22:55:25 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-11-06 08:12:36 -05:00
|
|
|
|
var enabledOrgs = await _organizationRepository.GetManyByEnabledAsync();
|
|
|
|
|
|
_logger.LogInformation("Validating licenses for {0} organizations.", enabledOrgs.Count);
|
2017-08-17 17:10:34 -04:00
|
|
|
|
|
2017-11-06 08:12:36 -05:00
|
|
|
|
foreach(var org in enabledOrgs)
|
2017-08-17 00:12:11 -04:00
|
|
|
|
{
|
|
|
|
|
|
var license = ReadOrganiztionLicense(org);
|
2017-11-06 08:12:36 -05:00
|
|
|
|
if(license == null)
|
2017-08-17 00:12:11 -04:00
|
|
|
|
{
|
2018-04-13 09:25:54 -04:00
|
|
|
|
await DisableOrganizationAsync(org, null, "No license file.");
|
2017-11-06 08:12:36 -05:00
|
|
|
|
continue;
|
|
|
|
|
|
}
|
2017-08-17 17:10:34 -04:00
|
|
|
|
|
2017-11-06 08:12:36 -05:00
|
|
|
|
var totalLicensedOrgs = enabledOrgs.Count(o => o.LicenseKey.Equals(license.LicenseKey));
|
2018-04-13 09:25:54 -04:00
|
|
|
|
if(totalLicensedOrgs > 1)
|
2017-11-06 08:12:36 -05:00
|
|
|
|
{
|
2018-04-13 09:25:54 -04:00
|
|
|
|
await DisableOrganizationAsync(org, license, "Multiple organizations.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if(!license.VerifyData(org, _globalSettings))
|
|
|
|
|
|
{
|
|
|
|
|
|
await DisableOrganizationAsync(org, license, "Invalid data.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if(!license.VerifySignature(_certificate))
|
|
|
|
|
|
{
|
|
|
|
|
|
await DisableOrganizationAsync(org, license, "Invalid signature.");
|
2017-08-17 00:12:11 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2017-08-09 17:01:37 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-04-13 09:25:54 -04:00
|
|
|
|
private async Task DisableOrganizationAsync(Organization org, ILicense license, string reason)
|
2017-11-06 08:12:36 -05:00
|
|
|
|
{
|
2018-04-13 09:25:54 -04:00
|
|
|
|
_logger.LogInformation("Organization {0} ({1}) has an invalid license and is being disabled. Reason: {2}",
|
|
|
|
|
|
org.Id, org.Name, reason);
|
2017-11-06 08:12:36 -05:00
|
|
|
|
org.Enabled = false;
|
|
|
|
|
|
org.ExpirationDate = license?.Expires ?? DateTime.UtcNow;
|
|
|
|
|
|
org.RevisionDate = DateTime.UtcNow;
|
|
|
|
|
|
await _organizationRepository.ReplaceAsync(org);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-22 15:27:29 -04:00
|
|
|
|
public async Task ValidateUsersAsync()
|
|
|
|
|
|
{
|
|
|
|
|
|
if(!_globalSettings.SelfHosted)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var premiumUsers = await _userRepository.GetManyByPremiumAsync(true);
|
|
|
|
|
|
_logger.LogInformation("Validating premium for {0} users.", premiumUsers.Count);
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var user in premiumUsers)
|
|
|
|
|
|
{
|
|
|
|
|
|
await ProcessUserValidationAsync(user);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var nonPremiumUsers = await _userRepository.GetManyByPremiumAsync(false);
|
|
|
|
|
|
_logger.LogInformation("Checking to restore premium for {0} users.", nonPremiumUsers.Count);
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var user in nonPremiumUsers)
|
|
|
|
|
|
{
|
|
|
|
|
|
var details = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id);
|
2017-11-06 16:01:58 -05:00
|
|
|
|
if(details.Any(d => d.SelfHost && d.UsersGetPremium && d.Enabled))
|
2017-08-22 15:27:29 -04:00
|
|
|
|
{
|
2017-11-06 16:01:58 -05:00
|
|
|
|
_logger.LogInformation("Granting premium to user {0}({1}) because they are in an active organization " +
|
|
|
|
|
|
"with premium features.", user.Id, user.Email);
|
2017-08-22 15:27:29 -04:00
|
|
|
|
|
|
|
|
|
|
user.Premium = true;
|
|
|
|
|
|
user.MaxStorageGb = 10240; // 10 TB
|
|
|
|
|
|
user.RevisionDate = DateTime.UtcNow;
|
|
|
|
|
|
user.PremiumExpirationDate = null;
|
|
|
|
|
|
user.LicenseKey = null;
|
|
|
|
|
|
await _userRepository.ReplaceAsync(user);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-17 00:12:11 -04:00
|
|
|
|
public async Task<bool> ValidateUserPremiumAsync(User user)
|
2017-08-09 17:01:37 -04:00
|
|
|
|
{
|
2017-08-11 22:55:25 -04:00
|
|
|
|
if(!_globalSettings.SelfHosted)
|
|
|
|
|
|
{
|
|
|
|
|
|
return user.Premium;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-09 17:01:37 -04:00
|
|
|
|
if(!user.Premium)
|
|
|
|
|
|
{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-16 17:08:20 -04:00
|
|
|
|
// Only check once per day
|
|
|
|
|
|
var now = DateTime.UtcNow;
|
|
|
|
|
|
if(_userCheckCache.ContainsKey(user.Id))
|
|
|
|
|
|
{
|
|
|
|
|
|
var lastCheck = _userCheckCache[user.Id];
|
2017-08-16 23:45:40 -04:00
|
|
|
|
if(lastCheck < now && now - lastCheck < TimeSpan.FromDays(1))
|
2017-08-16 17:08:20 -04:00
|
|
|
|
{
|
|
|
|
|
|
return user.Premium;
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
_userCheckCache[user.Id] = now;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
_userCheckCache.Add(user.Id, now);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-17 17:10:34 -04:00
|
|
|
|
_logger.LogInformation("Validating premium license for user {0}({1}).", user.Id, user.Email);
|
2017-08-22 15:27:29 -04:00
|
|
|
|
return await ProcessUserValidationAsync(user);
|
|
|
|
|
|
}
|
2017-08-17 17:10:34 -04:00
|
|
|
|
|
2017-08-22 15:27:29 -04:00
|
|
|
|
private async Task<bool> ProcessUserValidationAsync(User user)
|
|
|
|
|
|
{
|
2017-08-09 17:01:37 -04:00
|
|
|
|
var license = ReadUserLicense(user);
|
2017-08-22 15:27:29 -04:00
|
|
|
|
var valid = license != null && license.VerifyData(user) && license.VerifySignature(_certificate);
|
|
|
|
|
|
|
|
|
|
|
|
if(!valid)
|
|
|
|
|
|
{
|
|
|
|
|
|
var details = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id);
|
2017-11-06 16:01:58 -05:00
|
|
|
|
valid = details.Any(d => d.SelfHost && d.UsersGetPremium && d.Enabled);
|
2017-08-22 15:27:29 -04:00
|
|
|
|
|
|
|
|
|
|
if(valid && (!string.IsNullOrWhiteSpace(user.LicenseKey) || user.PremiumExpirationDate.HasValue))
|
|
|
|
|
|
{
|
|
|
|
|
|
// user used to be on a license but is now part of a organization that gives them premium.
|
|
|
|
|
|
// update the record.
|
|
|
|
|
|
user.PremiumExpirationDate = null;
|
|
|
|
|
|
user.LicenseKey = null;
|
|
|
|
|
|
await _userRepository.ReplaceAsync(user);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if(!valid)
|
2017-08-16 17:08:20 -04:00
|
|
|
|
{
|
2017-08-17 17:10:34 -04:00
|
|
|
|
_logger.LogInformation("User {0}({1}) has an invalid license and premium is being disabled.",
|
|
|
|
|
|
user.Id, user.Email);
|
|
|
|
|
|
|
2017-08-16 23:15:09 -04:00
|
|
|
|
user.Premium = false;
|
2017-11-06 08:12:36 -05:00
|
|
|
|
user.PremiumExpirationDate = license?.Expires ?? DateTime.UtcNow;
|
2017-08-16 23:15:09 -04:00
|
|
|
|
user.RevisionDate = DateTime.UtcNow;
|
|
|
|
|
|
await _userRepository.ReplaceAsync(user);
|
2017-08-16 17:08:20 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-22 15:27:29 -04:00
|
|
|
|
return valid;
|
2017-08-09 17:01:37 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-11 17:06:31 -04:00
|
|
|
|
public bool VerifyLicense(ILicense license)
|
|
|
|
|
|
{
|
|
|
|
|
|
return license.VerifySignature(_certificate);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-11 22:55:25 -04:00
|
|
|
|
public byte[] SignLicense(ILicense license)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(_globalSettings.SelfHosted || !_certificate.HasPrivateKey)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException("Cannot sign licenses.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return license.Sign(_certificate);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-09 17:01:37 -04:00
|
|
|
|
private UserLicense ReadUserLicense(User user)
|
|
|
|
|
|
{
|
2017-08-11 22:55:25 -04:00
|
|
|
|
var filePath = $"{_globalSettings.LicenseDirectory}/user/{user.Id}.json";
|
2017-08-09 17:01:37 -04:00
|
|
|
|
if(!File.Exists(filePath))
|
|
|
|
|
|
{
|
|
|
|
|
|
return null;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var data = File.ReadAllText(filePath, Encoding.UTF8);
|
2017-08-16 17:08:20 -04:00
|
|
|
|
return JsonConvert.DeserializeObject<UserLicense>(data);
|
2017-08-09 17:01:37 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private OrganizationLicense ReadOrganiztionLicense(Organization organization)
|
|
|
|
|
|
{
|
2017-08-11 22:55:25 -04:00
|
|
|
|
var filePath = $"{_globalSettings.LicenseDirectory}/organization/{organization.Id}.json";
|
2017-08-09 17:01:37 -04:00
|
|
|
|
if(!File.Exists(filePath))
|
|
|
|
|
|
{
|
|
|
|
|
|
return null;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var data = File.ReadAllText(filePath, Encoding.UTF8);
|
2017-08-16 17:08:20 -04:00
|
|
|
|
return JsonConvert.DeserializeObject<OrganizationLicense>(data);
|
2017-08-09 17:01:37 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
