license

package
v1.129.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 17, 2026 License: Apache-2.0 Imports: 9 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrSignatureInvalid = fmt.Errorf("signature is invalid")
	ErrSignatureMissing = fmt.Errorf("signature is missing")
)
View Source 
var PublicKeys = map[string][]byte{
	"1d3f7f6b50714fe7b895554dd65773b0": []byte(`-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugyKfZV2gIDaY1Rzkjoo
fbNywGa04sGQIAqYwifMay2e2xzqRwswTRHQnr9SIWypkN86Cfn6QzOB8kkjERC1
DPNdsiKdjBFdcLaxxdyHgrXLgfdzhh6We+Lpq19JT5LCK3PXleZgt/a0aRBpIc1l
xKs57d8MTWUTVh3W3WYi6LbqAPScdmSiG7A145HhKXmmtZFEv4puE5dKmS5lkV2d
VU789XWrNFk74FKKHVwYMdppqAabB6cRBmU8YFiVEULOn+d1FtKRbO/vv/fbA9nX
PUG/1PgEQHogP+3cC4J7b7s9+kBmtHkpSq9x+OUu/5B+nT21dooS6adfQiI8iB/+
NQIDAQAB
-----END PUBLIC KEY-----`),

	"bdee56560cfb43c9b28bf98eacafa646": []byte(`-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdSHE8v64QH/yELBoPBl
GanhS3AD5vMAaqLLFnftwjmDKrxWwqNB9w1GVJWb5gVLvt/UlE/k+HVr5HFdomVI
TMvnvxhD0UvNyGFuUbXBMvQPPW9joR48LcCBLZl+RZTqR5HRhsIbujiExRDnteaq
mU1jG/oVlQkRoyOYrObTeoD0BdcZAr2PdGvgvJvpZduZtrKvjvsSJEBYExoPtko+
8AqhMBAI+qX1/SMix21qpmYSYLNeqN2Pplna0p2MK8yyaHY8KSqTF90ZJF1+P0ZF
MLt6S8/6PIX9WD+vFqmDpW1GCkB+p2OfxsYiAIX1ej98Ck3hoPQnOuiFIovV8aFQ
bQIDAQAB
-----END PUBLIC KEY-----`),

	"de2c275656d04b1bb0f15cf70f0ea2a2": []byte(`-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hHg1HER6NYlsqBs+B+B
txibtctT6YB5kxgE1sz7UmVnlcLs+Olc4OZJwD4vLsEU60SVW0HRoTfaGaradv0R
GUIxlFRSOnzjZEMkm/YKL3sdPQigi2m9O0P5tC9LQvzk49dFg5HJxiLODCgWwJ9g
q3pGs8OaAc0dop/tqUE7WqQfHLWJdTPP5pVDLDWybfAO4OmgVmx+oVXdCfMVlOzu
num6SOF+eBuERXQGbEfnd6eSRVokWhfMCfXNPTYtq14DaK9tvX4uzHsub+Asn6UN
OBIAESJntpZfdDDrNqbfOQYql2rqx1lJtU7lVFbTQTkKhj4teInEGO6FvLzy0UE9
swIDAQAB
-----END PUBLIC KEY-----`),
}

Functions

func LicenseIsExpired 

func LicenseIsExpired(license *licensewrapper.LicenseWrapper) (bool, error)

LicenseIsExpired checks if a license has expired based on the expires_at entitlement. Works with both v1beta1 and v1beta2 licenses via the wrapper.

func LicenseIsExpiredV1 deprecated added in v1.129.0 

func LicenseIsExpiredV1(license *kotsv1beta1.License) (bool, error)

Deprecated: Use LicenseIsExpired with LicenseWrapper instead. This function is maintained for backward compatibility but will be removed in a future version.

func VerifyAndUpdateLicense added in v1.113.0 

func VerifyAndUpdateLicense(log *logger.CLILogger, license *licensewrapper.LicenseWrapper, preferredChannelSlug string, isAirgap bool) (*licensewrapper.LicenseWrapper, error)

VerifyAndUpdateLicense will update (if not airgapped), verify that the request channel slug is present, and return the possibly updated license. Note that this is a noop if the license passed in is nil.

func VerifyLicenseWrapper added in v1.129.0 

func VerifyLicenseWrapper(wrapper *licensewrapper.LicenseWrapper) (*licensewrapper.LicenseWrapper, error)

VerifyLicenseWrapper validates a license wrapper by delegating to the appropriate version-specific validation method. Returns the same wrapper if validation succeeds. This function supports both v1beta1 (MD5) and v1beta2 (SHA-256) licenses.

Behavior:

  • Cryptographic signature failures (invalid/tampered signature): Returns an error
  • Data validation errors (field mismatch between outer license and signed inner license): Logs a warning but returns success. This handles cases where Replicated SaaS adds fields to the signature that KOTS doesn't know about or defaults differently.

Note: This function validates the license signature only. Entitlement signature validation is handled separately where needed, matching the behavior of the deprecated VerifySignature function.

Types

type InnerSignature 

type InnerSignature struct {
	LicenseSignature []byte `json:"licenseSignature"`
	PublicKey        string `json:"publicKey"`
	KeySignature     []byte `json:"keySignature"`
}

type KeySignature 

type KeySignature struct {
	Signature   []byte `json:"signature"`
	GlobalKeyId string `json:"globalKeyId"`
}

type LicenseDataError 

type LicenseDataError struct {
	// contains filtered or unexported fields
}

func (LicenseDataError) Error 

func (e LicenseDataError) Error() string

type OuterSignature 

type OuterSignature struct {
	LicenseData    []byte `json:"licenseData"`
	InnerSignature []byte `json:"innerSignature"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.