ISS-001: MachineFingerprint.GetFingerprint() — null-safe WMI property reads - processorID and SerialNumber accessed with ?. and ?? string.Empty - prevents NullReferenceException on machines with missing WMI properties ISS-005: LicenseValidator.Validate() — SHA256CryptoServiceProvider in using block - disposed on all code paths (success and failure) ISS-006: Lsv2Client.Connect() — close TcpClient on timeout - _tcp.Close() called when ConnectAsync.Wait() times out - aborts pending socket task instead of leaking thread-pool slot Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
44 lines
1.7 KiB
C#
44 lines
1.7 KiB
C#
using System;
|
|
using System.Security.Cryptography;
|
|
using System.Text;
|
|
|
|
namespace NcProgramManager.Licensing
|
|
{
|
|
internal class LicenseValidator : ILicenseValidator
|
|
{
|
|
// Real vendor public key -- generated 2026-05-17 with LicenseGenerator keygen.
|
|
private const string PublicKeyXml = "<RSAKeyValue><Modulus>jym+FWWeMb4g2ijaPlMn427s36sdv0FkDp5mKX+wMYGgRSIwUoDnG6nVCj6Z9k25uDf7714BXbg0IaJ/C8KE5TMgqgqsWA9hT79CdJR1eADM5jwMCo43mIIMuDplzdlmgfaW/JwE7QsxzdpfpW1uxU5DVJzsV/RZaRabTK2nSsvzHclMvB+jIQ9VobwTAyYhrvF7nYLtSdGl4YvvZ1O2fzJudvrlCrl5nnRqfPZC+0YnEwcLW0BzWxMiH0UGR/Gz4h7L05OkEwiXYtO+vkslkxIA6jraU0qjoFfDCaZ6HajWZ8lphCpw00Nwa8nEvaiuCRqN/lVOm/9kHXFuAXtA/Q==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
|
|
|
|
private readonly string _publicKeyXml;
|
|
|
|
// Uses embedded vendor public key.
|
|
internal LicenseValidator() : this(PublicKeyXml) { }
|
|
|
|
// Accepts any public key XML — used in unit tests.
|
|
internal LicenseValidator(string publicKeyXml)
|
|
{
|
|
_publicKeyXml = publicKeyXml;
|
|
}
|
|
|
|
public bool Validate(string fingerprint, string licenseBase64)
|
|
{
|
|
try
|
|
{
|
|
byte[] signature = Convert.FromBase64String(licenseBase64);
|
|
byte[] data = Encoding.UTF8.GetBytes(fingerprint);
|
|
using (var rsa = new RSACryptoServiceProvider())
|
|
{
|
|
rsa.FromXmlString(_publicKeyXml);
|
|
using (var sha256 = new SHA256CryptoServiceProvider())
|
|
{
|
|
return rsa.VerifyData(data, sha256, signature);
|
|
}
|
|
}
|
|
}
|
|
catch
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
}
|