Extract the evaluator type and create Gitpod and Replicated licensors

Author: Simon Emms

components/licensor/ee/cmd/validate.go

@@ -33,7 +33,7 @@ var validateCmd = &cobra.Command{
 		}
 
 		domain, _ := cmd.Flags().GetString("domain")
-		e := licensor.NewEvaluator(lic, domain)
+		e := licensor.NewGitpodEvaluator(lic, domain)
 		if msg, valid := e.Validate(); !valid {
 			return xerrors.Errorf(msg)
 		}

components/licensor/ee/pkg/licensor/gitpod.go

@@ -0,0 +1,108 @@
+// Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+// Licensed under the Gitpod Enterprise Source Code License,
+// See License.enterprise.txt in the project root folder.
+
+package licensor
+
+import (
+	"crypto"
+	"crypto/rsa"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"time"
+)
+
+// GitpodEvaluator determines what a license allows for
+type GitpodEvaluator struct {
+	invalid string
+	lic     LicensePayload
+}
+
+// Validate returns false if the license isn't valid and a message explaining why that is.
+func (e *GitpodEvaluator) Validate() (msg string, valid bool) {
+	if e.invalid == "" {
+		return "", true
+	}
+
+	return e.invalid, false
+}
+
+// Enabled determines if a feature is enabled by the license
+func (e *GitpodEvaluator) Enabled(feature Feature) bool {
+	if e.invalid != "" {
+		return false
+	}
+
+	_, ok := e.lic.Level.allowance().Features[feature]
+	return ok
+}
+
+// HasEnoughSeats returns true if the license supports at least the give amount of seats
+func (e *GitpodEvaluator) HasEnoughSeats(seats int) bool {
+	if e.invalid != "" {
+		return false
+	}
+
+	return e.lic.Seats == 0 || seats <= e.lic.Seats
+}
+
+// Inspect returns the license information this evaluator holds.
+// This function is intended for transparency/debugging purposes only and must
+// never be used to determine feature eligibility under a license. All code making
+// those kinds of decisions must be part of the Evaluator.
+func (e *GitpodEvaluator) Inspect() LicensePayload {
+	return e.lic
+}
+
+// NewGitpodEvaluator produces a new license evaluator from a license key
+func NewGitpodEvaluator(key []byte, domain string) (res *GitpodEvaluator) {
+	if len(key) == 0 {
+		// fallback to the default license
+		return &GitpodEvaluator{
+			lic: defaultLicense,
+		}
+	}
+
+	deckey := make([]byte, base64.StdEncoding.DecodedLen(len(key)))
+	n, err := base64.StdEncoding.Decode(deckey, key)
+	if err != nil {
+		return &GitpodEvaluator{invalid: fmt.Sprintf("cannot decode key: %q", err)}
+	}
+	deckey = deckey[:n]
+
+	var lic licensePayload
+	err = json.Unmarshal(deckey, &lic)
+	if err != nil {
+		return &GitpodEvaluator{invalid: fmt.Sprintf("cannot unmarshal key: %q", err)}
+	}
+
+	keyWoSig, err := json.Marshal(lic.LicensePayload)
+	if err != nil {
+		return &GitpodEvaluator{invalid: fmt.Sprintf("cannot remarshal key: %q", err)}
+	}
+	hashed := sha256.Sum256(keyWoSig)
+
+	for _, k := range publicKeys {
+		err = rsa.VerifyPKCS1v15(k, crypto.SHA256, hashed[:], lic.Signature)
+		if err == nil {
+			break
+		}
+	}
+	if err != nil {
+		return &GitpodEvaluator{invalid: fmt.Sprintf("cannot verify key: %q", err)}
+	}
+
+	if !matchesDomain(lic.Domain, domain) {
+		return &GitpodEvaluator{invalid: "wrong domain"}
+	}
+
+	if lic.ValidUntil.Before(time.Now()) {
+		return &GitpodEvaluator{invalid: "not valid anymore"}
+	}
+
+	return &GitpodEvaluator{
+		lic: lic.LicensePayload,
+	}
+}

components/licensor/ee/pkg/licensor/licensor.go

@@ -115,57 +115,6 @@ var defaultLicense = LicensePayload{
 	// Domain, ValidUntil are free for all
 }
 
-// NewEvaluator produces a new license evaluator from a license key
-func NewEvaluator(key []byte, domain string) (res *Evaluator) {
-	if len(key) == 0 {
-		// fallback to the default license
-		return &Evaluator{
-			lic: defaultLicense,
-		}
-	}
-
-	deckey := make([]byte, base64.StdEncoding.DecodedLen(len(key)))
-	n, err := base64.StdEncoding.Decode(deckey, key)
-	if err != nil {
-		return &Evaluator{invalid: fmt.Sprintf("cannot decode key: %q", err)}
-	}
-	deckey = deckey[:n]
-
-	var lic licensePayload
-	err = json.Unmarshal(deckey, &lic)
-	if err != nil {
-		return &Evaluator{invalid: fmt.Sprintf("cannot unmarshal key: %q", err)}
-	}
-
-	keyWoSig, err := json.Marshal(lic.LicensePayload)
-	if err != nil {
-		return &Evaluator{invalid: fmt.Sprintf("cannot remarshal key: %q", err)}
-	}
-	hashed := sha256.Sum256(keyWoSig)
-
-	for _, k := range publicKeys {
-		err = rsa.VerifyPKCS1v15(k, crypto.SHA256, hashed[:], lic.Signature)
-		if err == nil {
-			break
-		}
-	}
-	if err != nil {
-		return &Evaluator{invalid: fmt.Sprintf("cannot verify key: %q", err)}
-	}
-
-	if !matchesDomain(lic.Domain, domain) {
-		return &Evaluator{invalid: "wrong domain"}
-	}
-
-	if lic.ValidUntil.Before(time.Now()) {
-		return &Evaluator{invalid: "not valid anymore"}
-	}
-
-	return &Evaluator{
-		lic: lic.LicensePayload,
-	}
-}
-
 func matchesDomain(pattern, domain string) bool {
 	if pattern == "" {
 		return true
@@ -184,46 +133,11 @@ func matchesDomain(pattern, domain string) bool {
 	return false
 }
 
-// Evaluator determines what a license allows for
-type Evaluator struct {
-	invalid string
-	lic     LicensePayload
-}
-
-// Validate returns false if the license isn't valid and a message explaining why that is.
-func (e *Evaluator) Validate() (msg string, valid bool) {
-	if e.invalid == "" {
-		return "", true
-	}
-
-	return e.invalid, false
-}
-
-// Enabled determines if a feature is enabled by the license
-func (e *Evaluator) Enabled(feature Feature) bool {
-	if e.invalid != "" {
-		return false
-	}
-
-	_, ok := e.lic.Level.allowance().Features[feature]
-	return ok
-}
-
-// HasEnoughSeats returns true if the license supports at least the give amount of seats
-func (e *Evaluator) HasEnoughSeats(seats int) bool {
-	if e.invalid != "" {
-		return false
-	}
-
-	return e.lic.Seats == 0 || seats <= e.lic.Seats
-}
-
-// Inspect returns the license information this evaluator holds.
-// This function is intended for transparency/debugging purposes only and must
-// never be used to determine feature eligibility under a license. All code making
-// those kinds of decisions must be part of the Evaluator.
-func (e *Evaluator) Inspect() LicensePayload {
-	return e.lic
+type Evaluator interface {
+	Enabled(feature Feature) bool
+	HasEnoughSeats(seats int) bool
+	Inspect() LicensePayload
+	Validate() (msg string, valid bool)
 }
 
 // Sign signs a license so that it can be used with the evaluator

components/licensor/ee/pkg/licensor/licensor_test.go

@@ -20,14 +20,14 @@ const (
 type licenseTest struct {
 	Name     string
 	License  *LicensePayload
-	Validate func(t *testing.T, eval *Evaluator)
+	Validate func(t *testing.T, eval *GitpodEvaluator)
 }
 
 func (test *licenseTest) Run(t *testing.T) {
 	t.Run(test.Name, func(t *testing.T) {
-		var eval *Evaluator
+		var eval *GitpodEvaluator
 		if test.License == nil {
-			eval = NewEvaluator(nil, "")
+			eval = NewGitpodEvaluator(nil, "")
 		} else {
 			priv, err := rsa.GenerateKey(rand.Reader, 2048)
 			if err != nil {
@@ -39,7 +39,7 @@ func (test *licenseTest) Run(t *testing.T) {
 				t.Fatalf("cannot sign license: %q", err)
 			}
 
-			eval = NewEvaluator(lic, domain)
+			eval = NewGitpodEvaluator(lic, domain)
 		}
 
 		test.Validate(t, eval)
@@ -81,7 +81,7 @@ func TestSeats(t *testing.T) {
 				Seats:      test.Licensed,
 				ValidUntil: validUntil,
 			},
-			Validate: func(t *testing.T, eval *Evaluator) {
+			Validate: func(t *testing.T, eval *GitpodEvaluator) {
 				withinLimits := eval.HasEnoughSeats(test.Probe)
 				if withinLimits != test.WithinLimits {
 					t.Errorf("HasEnoughSeats did not behave as expected: lic=%d probe=%d expected=%v actual=%v", test.Licensed, test.Probe, test.WithinLimits, withinLimits)
@@ -127,7 +127,7 @@ func TestFeatures(t *testing.T) {
 		lt := licenseTest{
 			Name:    test.Name,
 			License: lic,
-			Validate: func(t *testing.T, eval *Evaluator) {
+			Validate: func(t *testing.T, eval *GitpodEvaluator) {
 				unavailableFeatures := featureSet{}
 				for f := range allowanceMap[LevelEnterprise].Features {
 					unavailableFeatures[f] = struct{}{}
@@ -258,7 +258,7 @@ func TestEvalutorKeys(t *testing.T) {
 			}
 
 			var errmsg string
-			e := NewEvaluator(lic, dom)
+			e := NewGitpodEvaluator(lic, dom)
 			if msg, valid := e.Validate(); !valid {
 				errmsg = msg
 			}

components/licensor/ee/pkg/licensor/replicated.go

@@ -0,0 +1,111 @@
+// Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+// Licensed under the Gitpod Enterprise Source Code License,
+// See License.enterprise.txt in the project root folder.
+
+package licensor
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+)
+
+type replicatedFields struct {
+	Field string      `json:"field"`
+	Title string      `json:"title"`
+	Type  string      `json:"type"`
+	Value interface{} `json:"value"` // This is of type "fieldType"
+}
+
+// ReplicatedLicensePayload exists to convert the JSON structure to a LicensePayload
+type replicatedLicensePayload struct {
+	LicenseID      string             `json:"license_id"`
+	InstallationID string             `json:"installation_id"`
+	Assignee       string             `json:"assignee"`
+	ReleaseChannel string             `json:"release_channel"`
+	LicenseType    string             `json:"license_type"`
+	ExpirationTime time.Time          `json:"expiration_time"`
+	Fields         []replicatedFields `json:"fields"`
+}
+
+type ReplicatedEvaluator struct {
+	invalid string
+	lic     LicensePayload
+}
+
+func (e *ReplicatedEvaluator) Enabled(feature Feature) bool {
+	if e.invalid != "" {
+		return false
+	}
+
+	_, ok := e.lic.Level.allowance().Features[feature]
+	return ok
+}
+
+func (e *ReplicatedEvaluator) HasEnoughSeats(seats int) bool {
+	if e.invalid != "" {
+		return false
+	}
+
+	return e.lic.Seats == 0 || seats <= e.lic.Seats
+}
+
+func (e *ReplicatedEvaluator) Inspect() LicensePayload {
+	return e.lic
+}
+
+func (e *ReplicatedEvaluator) Validate() (msg string, valid bool) {
+	if e.invalid == "" {
+		return "", true
+	}
+
+	return e.invalid, false
+}
+
+// NewReplicatedEvaluator get the license data from the kots admin panel
+func NewReplicatedEvaluator(domain string) (res *ReplicatedEvaluator) {
+	client := http.Client{Timeout: 5 * time.Second}
+	resp, err := client.Get("http://kotsadm:3000/license/v1/license")
+	if err != nil {
+		return &ReplicatedEvaluator{invalid: fmt.Sprintf("cannot query kots admin, %q", err)}
+	}
+	defer resp.Body.Close()
+
+	var replicatedPayload replicatedLicensePayload
+	err = json.NewDecoder(resp.Body).Decode(&replicatedPayload)
+	if err != nil {
+		return &ReplicatedEvaluator{invalid: fmt.Sprintf("cannot decode json data, %q", err)}
+	}
+
+	lic := LicensePayload{
+		ID:         replicatedPayload.LicenseID,
+		ValidUntil: replicatedPayload.ExpirationTime,
+	}
+
+	// Search for the fields
+	for _, i := range replicatedPayload.Fields {
+		switch i.Field {
+		case "domain":
+			lic.Domain = i.Value.(string)
+
+		case "level":
+			lic.Level = LicenseLevel(i.Value.(float64))
+
+		case "seats":
+			lic.Seats = int(i.Value.(float64))
+		}
+	}
+
+	if !matchesDomain(lic.Domain, domain) {
+		return &ReplicatedEvaluator{invalid: "wrong domain"}
+	}
+
+	if lic.ValidUntil.Before(time.Now()) {
+		return &ReplicatedEvaluator{invalid: "not valid anymore"}
+	}
+
+	return &ReplicatedEvaluator{
+		lic: lic,
+	}
+}