diff --git a/src/main/java/me/braydon/license/model/License.java b/src/main/java/me/braydon/license/model/License.java
index 2f8dc4c..b29aaca 100644
--- a/src/main/java/me/braydon/license/model/License.java
+++ b/src/main/java/me/braydon/license/model/License.java
@@ -7,6 +7,7 @@ import lombok.ToString;
import me.braydon.license.exception.APIException;
import me.braydon.license.exception.LicenseHwidLimitExceededException;
import me.braydon.license.exception.LicenseIpLimitExceededException;
+import org.mindrot.jbcrypt.BCrypt;
import org.springframework.data.annotation.Id;
import org.springframework.data.mongodb.core.mapping.Document;
@@ -45,9 +46,6 @@ public class License {
/**
* The IPs used on this license.
- *
- * These IPs are encrypted using AES-256.
- *
*/
private Set ips;
@@ -79,19 +77,24 @@ public class License {
/**
* Invoked when this license is used.
*
- * @param ip the ip used
- * @param hwid the hardware id used
+ * @param ip the ip used
+ * @param ipSalt the IP salt to use
+ * @param hwid the hardware id used
*/
- public void use(@NonNull String ip, @NonNull String hwid) throws APIException {
- if (!ips.contains(ip) && ips.size() >= ipLimit) { // IP limit has been exceeded
+ public void use(@NonNull String ip, @NonNull String ipSalt, @NonNull String hwid) throws APIException {
+ String hashedIp = BCrypt.hashpw(ip, ipSalt); // Hash the IP
+
+ // IP limit has been exceeded
+ if (!ips.contains(hashedIp) && ips.size() >= ipLimit) {
throw new LicenseIpLimitExceededException();
}
- if (!hwids.contains(hwid) && hwids.size() >= hwidLimit) { // HWID limit has been exceeded
+ // HWID limit has been exceeded
+ if (!hwids.contains(hwid) && hwids.size() >= hwidLimit) {
throw new LicenseHwidLimitExceededException();
}
// The license was used
uses++; // Increment uses
- ips.add(ip); // Add the used IP
+ ips.add(hashedIp); // Add the used IP
hwids.add(hwid); // Add the used HWID
lastUsed = new Date(); // Last used now
}
diff --git a/src/main/java/me/braydon/license/service/LicenseService.java b/src/main/java/me/braydon/license/service/LicenseService.java
index 528227e..90da960 100644
--- a/src/main/java/me/braydon/license/service/LicenseService.java
+++ b/src/main/java/me/braydon/license/service/LicenseService.java
@@ -3,7 +3,6 @@ package me.braydon.license.service;
import jakarta.annotation.PostConstruct;
import lombok.NonNull;
import lombok.extern.slf4j.Slf4j;
-import me.braydon.license.common.RandomUtils;
import me.braydon.license.exception.APIException;
import me.braydon.license.exception.LicenseNotFoundException;
import me.braydon.license.model.License;
@@ -33,8 +32,14 @@ public final class LicenseService {
/**
* The salt to use for hashing license keys.
*/
- @Value("${key-salt}")
- @NonNull private String keySalt;
+ @Value("${salts.licenses}")
+ @NonNull private String licensesSalt;
+
+ /**
+ * The salt to use for hashing IP addresses.
+ */
+ @Value("${salts.ips}")
+ @NonNull private String ipsSalt;
@Autowired
public LicenseService(@NonNull LicenseRepository repository) {
@@ -68,7 +73,7 @@ public final class LicenseService {
String description, int ipLimit, int hwidLimit) {
// Create the new license
License license = new License();
- license.setKey(BCrypt.hashpw(key, keySalt)); // Hash the key
+ license.setKey(BCrypt.hashpw(key, licensesSalt)); // Hash the key
license.setProduct(product); // Use the given product
license.setDescription(description); // Use the given description, if any
license.setIps(new HashSet<>());
@@ -92,13 +97,13 @@ public final class LicenseService {
*/
public void check(@NonNull String key, @NonNull String product,
@NonNull String ip, @NonNull String hwid) throws APIException {
- Optional optionalLicense = repository.getLicense(BCrypt.hashpw(key, keySalt), product); // Get the license
+ Optional optionalLicense = repository.getLicense(BCrypt.hashpw(key, licensesSalt), product); // Get the license
if (optionalLicense.isEmpty()) { // License key not found
log.error("License key {} for product {} not found", key, product); // Log the error
throw new LicenseNotFoundException();
}
License license = optionalLicense.get(); // The license found
- license.use(ip, hwid); // Use the license
+ license.use(ip, ipsSalt, hwid); // Use the license
repository.save(license); // Save the used license
log.info("License key {} for product {} was used by {} ({})", key, product, ip, hwid);
}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 9a2912c..05a399e 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -3,9 +3,11 @@ server:
address: 0.0.0.0
port: 7500
-# The salt to use when hashing license keys.
-# This salt should be changed from the default.
-key-salt: "$2a$10$/nQyzQDMkCf97ZlJLLWa3O"
+# The salt to use when hashing license keys and IP addresses.
+# These salts should be changed from the default.
+salts:
+ licenses: "$2a$10$/nQyzQDMkCf97ZlJLLWa3O"
+ ips: "$2a$10$Xus.AHTCas97Ofx0tFs85O"
# Log Configuration
logging: