vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-28 03:20:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
Pulse/internal/license/pubkey.go
rcourtman 1490a6e6e3 revert: remove dual-key license verification 
Restored original license signing key from backup - key was never
compromised (private repo). Removes unnecessary dual-key complexity:

- Remove legacyPublicKey and SetLegacyPublicKey from license.go
- Simplify signature verification to single key
- Remove EmbeddedLegacyPublicKey from pubkey.go
- Remove PULSE_LICENSE_LEGACY_PUBLIC_KEY from Dockerfile and workflows
- Remove dual-key test
- Simplify mock.env
2026-02-03 21:29:21 +00:00

77 lines
2.3 KiB
Go
Raw Blame History

package license
import (
"crypto/ed25519"
"encoding/base64"
"os"
"strings"
"github.com/rs/zerolog/log"
)
// EmbeddedPublicKey is the production Ed25519 public key (base64 encoded).
// This should be set at build time via -ldflags or populated with the actual key.
// Example: go build -ldflags "-X github.com/rcourtman/pulse-go-rewrite/internal/license.EmbeddedPublicKey=BASE64_KEY"
var EmbeddedPublicKey string = ""
// InitPublicKey initializes the public key for license validation.
// Priority:
// 1. PULSE_LICENSE_PUBLIC_KEY environment variable (base64 encoded)
// 2. EmbeddedPublicKey (set at compile time via -ldflags)
// 3. If PULSE_LICENSE_DEV_MODE=true, skip validation (development only)
//
// Call this during application startup before any license operations.
func InitPublicKey() {
// Priority 1: Environment variable
if envKey := os.Getenv("PULSE_LICENSE_PUBLIC_KEY"); envKey != "" {
key, err := decodePublicKey(envKey)
if err != nil {
log.Error().Err(err).Msg("Failed to decode PULSE_LICENSE_PUBLIC_KEY, trying embedded key")
// Fall through to try embedded key instead of returning
} else {
SetPublicKey(key)
log.Info().Msg("License public key loaded from environment")
return
}
}
// Priority 2: Embedded key (set at compile time)
if EmbeddedPublicKey != "" {
key, err := decodePublicKey(EmbeddedPublicKey)
if err != nil {
log.Error().Err(err).Msg("Failed to decode embedded public key")
} else {
SetPublicKey(key)
log.Info().Msg("License public key loaded from embedded key")
return
}
}
// No key available
if os.Getenv("PULSE_LICENSE_DEV_MODE") == "true" {
log.Warn().Msg("License validation running in DEV MODE - signatures not verified")
} else {
log.Warn().Msg("No license public key configured - license activation will fail")
}
}
// decodePublicKey decodes a base64-encoded Ed25519 public key.
func decodePublicKey(encoded string) (ed25519.PublicKey, error) {
// Remove any whitespace
encoded = strings.TrimSpace(encoded)
// Try standard base64 first, then URL-safe
decoded, err := base64.StdEncoding.DecodeString(encoded)
if err != nil {
decoded, err = base64.RawURLEncoding.DecodeString(encoded)
if err != nil {
return nil, err
}
}
if len(decoded) != ed25519.PublicKeySize {
return nil, ErrMalformedLicense
}
return ed25519.PublicKey(decoded), nil
}
Reference in a new issue View git blame Copy permalink