Enhanced license expiration time verification mechanism

junian / Standard.Licensing

Easy-to-use licensing library for .NET Framework, Mono, .NET Core, and MAUI / Xamarin products

https://junian.dev/Standard.Licensing/

MIT License

554 stars 127 forks source link

Enhanced license expiration time verification mechanism #34

Closed shushu789 closed 5 months ago

shushu789 commented 6 months ago

Hello, this is a great library, it's great. But I want to know whether the verification mechanism of the license expiration time can be enhanced to add verification with the Internet time, because if the user modifies the local system time, the license can be made valid forever. If I missed something, please forgive me. Thanks

markadrake commented 5 months ago

@shushu789 what you stated looks true to me:

https://github.com/junian/Standard.Licensing/blob/dfbad0e0792f66abf97c848aec8595cabbfeceeb/src/Standard.Licensing/Validation/LicenseValidationExtensions.cs#L58

An additional method in the validation chain could be to phone home using a network time protocol and a built-in/configurable tolerance.

shushu789 commented 5 months ago

@markadrake Thanks for your reply, I implemented this problem myself using NTP time, and it works well now

junian commented 5 months ago

Hi @shushu789,

Thanks for bringing this up. I added an extenstion in v1.1.9 to use custom DateTime. Now you can do something like this:

var serverTime = GetServerTime();
var validationFailures = license.Validate()  
                                .ExpirationDate(systemDateTime: serverTime)  
                                .When(lic => lic.Type == LicenseType.Trial)  
                                .And()  
                                .Signature(publicKey)  
                                .AssertValidLicense();