search

dnauck / Portable.Licensing

Portable.Licensing is a cross platform software licensing framework which allows you to implement licensing into your application or library. It provides you all tools to create and validate licenses for your software.
http://dev.nauck-it.de/projects/portable-licensing
MIT License
592 stars 173 forks source link

Check for null public key in License validation #21

Open GeertvanHorrik opened 9 years ago

GeertvanHorrik commented 9 years ago

We had an issue recently due to a configuration (the public key) being null. However, it was a bit weird to find the real issue because we got this:

[ERROR] [Orc.LicenseManager.Services.LicenseValidationService] [1] An error occurred while loading the license | [ArgumentNullException] System.ArgumentNullException: Value cannot be null.
Parameter name: s
   at System.Convert.FromBase64String(String s)
   at Portable.Licensing.License.VerifySignature(String publicKey)
   at Portable.Licensing.Validation.ValidationChainBuilder.<AssertValidLicense>d__1.MoveNext()
   at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
   at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
   at Orc.LicenseManager.Services.LicenseValidationService.ValidateLicense(String license) in c:\CI_WS\Ws\77085\Source\Orc_LicenseManager\src\Orc.LicenseManager.Client\Orc.LicenseManager.Client.Shared\Services\LicenseValidationService.cs:line 72

The real reason it fails is because the public key input is never checked in the license object. I think it would be a good idea to add a null reference check at the beginning of the method, or is this behavior intended?

dnauck commented 9 years ago

Sure we can check a invalid input. Maybe just return false on validation instead of throwing an exception.