spa-using-curitytokenhandler/validate-license.sh at main · curityio/spa-using-curitytokenhandler · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash

cd "$(dirname "${BASH_SOURCE[0]}")"

#
# A utility to decode a JWT payload
#
base64url_decode() {
  local len=$((${#1} % 4))
  local result="$1"
  if [ $len -eq 2 ]; then result="$1"'=='
  elif [ $len -eq 3 ]; then result="$1"'='
  fi
  echo "$result" | tr '_-' '/+' | base64 --decode
}

#
# Get a license for the Curity Identity Server
#
if [ ! -f './license.json' ]; then
  echo 'Please copy a license.json file into the root folder'
  exit 1
fi

#
# Do some license validation to prevent cryptic problems later
#
LICENSE_DATA=$(cat './license.json')
LICENSE_JWT=$(echo $LICENSE_DATA | jq -r .License)
LICENSE_PAYLOAD=$(base64url_decode $(echo $LICENSE_JWT | cut -d '.' -f 2))

#
# Check for token handler permissions
#
FEATURE=$(echo $LICENSE_PAYLOAD | jq -r '.Features[]  | select(.feature == "applications")')
if [ "$FEATURE" == '' ]; then
  echo 'The license.json file does not include the applications feature'
  exit 1
fi

#
# For Curity deployments, check for the financial grade package
#
if [ "$DEPLOYMENT" == 'curity' ]; then
  FEATURE=$(echo $LICENSE_PAYLOAD | jq -r '.Features[]  | select(.feature == "financial-grade")')
  if [ "$FEATURE" == '' ]; then
    echo 'The license.json file does not include the financial-grade feature'
    exit 1
  fi
fi