forked from verhas/License3j
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfraud.html
123 lines (88 loc) · 6.47 KB
/
fraud.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
| Generated by Apache Maven Doxia at Sep 2, 2012
| Rendered using Apache Maven Fluido Skin 1.2.1
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>License3j - Fraud license3j</title>
<link rel="stylesheet" href="./css/apache-maven-fluido.min.css" />
<link rel="stylesheet" href="./css/site.css" />
<link rel="stylesheet" href="./css/print.css" media="print" />
<script type="text/javascript" src="./js/apache-maven-fluido.min.js"></script>
<meta name="Date-Revision-yyyymmdd" content="20120902" />
<meta http-equiv="Content-Language" content="en" />
</head>
<body class="topBarDisabled">
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<a href="http://www.verhas.com/" id="bannerLeft">
<img src="http://www.verhas.com/images/logo.jpg" alt="License3j"/>
</a>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li id="publishDate">Last Published: 2012-09-02</li>
<li class="divider">|</li> <li id="projectVersion">Version: 1.0.4</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div class="well sidebar-nav">
<h3>Verhas & Verhas Software Craftsmen</h3>
<ul>
<li class="none">
<a href="http://www.verhas.com" class="externalLink" title="Company Home page">Company Home page</a>
</li>
</ul>
<h3>License3j Application Documentation</h3>
<ul>
<li class="none">
<a href="home.html" title="Home Page">Home Page</a>
</li>
<li class="none">
<a href="apidocs/index.html" title="Api Reference">Api Reference</a>
</li>
</ul>
<h3>Project Documentation</h3>
<ul>
<li class="collapsed">
<a href="project-info.html" title="Project Information">Project Information</a>
</li>
<li class="collapsed">
<a href="project-reports.html" title="Project Reports">Project Reports</a>
</li>
</ul>
<hr class="divider" />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="http://nexus.sonatype.org/oss-repository-hosting.html/license3j" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
<img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span9" >
<p>There is no 100% secure license handling and license3j can be overcome. This is not the question how to make it total secure, but rather how much a code can do to make so secure that there is no reason to brake the license enforcement.</p><p>License3j runs in a Java environment. The easiest way to store the key ring file is in a resource file inside a jar or war file. The format of this file is simple and a ZIP program can be used even by a novice user to replace the ring file to their own ring file and generate their own licenses. To avoid this license3j provides API to check the checksum of the key ring file and also the id of the key that was used to decode the license.</p><p>The checksum of the key ring file has to be copied into the Java source code and you may even apply (if you want) some obfuscation code so it will be hard to replace it and when the key ring is loaded it will ensure that the ring itself was not tampered.</p><div><pre> 4. lic.loadKeyRingFromResource("pubring.gpg", digest);</pre></div><p>License3j also provides easy way to get this byte array in Java syntax. Just dump an ecoded license onto your screen using the program <tt>license3j.bat</tt> and you will get not only the license text but also the ID of the key that was used to encode the key and also the digest of the key ring.</p><p>In case you have more than one signing key for licenses you can also check which key was used to sign the license. You may limit the function of your program based on the signing key. For example you will not accept a commercial license that was signed by a demo license key. To do that you can access the key ID calling the method <tt>getDecodeKeyId()</tt>:</p><div><pre> assert -3623885160523215197L == lic.getDecodeKeyId();</pre></div><p>The code above you can see in its environment in the unit test <tt>TestEncoding.java</tt> available in the source distribution of license3j.</p>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row span16">Copyright © 2012.
All Rights Reserved.
</div>
</div>
</footer>
</body>
</html>