Standard.Licensing
Standard.Licensing copied to clipboard
junian
Multiple enumeration of AssertValidLicense results in incorrect validation
When given an invalid license, AssertValidLicense returns an IEnumerable with a ValidationFailure on the first enumeration but an empty IEnumerable on the second enumeration.
As a workaround, I suggest users of the library use ToArray or alike to enumerate the IEnumerable only once.
The reason for this behavior is the current implementation of the validators collection in ValidationChainBuilder as a queue. In AssertValidLicense, all validators will be dequeued every time, resulting in different results.
I suggest either the usage of a list or the change of AssertValidLicense behavior to throw instead of returning failures. The name indicates a throw on invalid licenses and could potentially be dangerous to people relying on the implied behavior.
using Standard.Licensing;
using Standard.Licensing.Validation;
var keyGenerator = Standard.Licensing.Security.Cryptography.KeyGenerator.Create();
var keyPair = keyGenerator.GenerateKeyPair();
var publicKey = keyPair.ToPublicKeyString();
var invalidLicense = @"<License>
<Signature>WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFg=</Signature>
</License>";
var licenseToVerify = License.Load(invalidLicense);
var validationFailures = licenseToVerify
.Validate()
.Signature(publicKey)
.AssertValidLicense();
Console.WriteLine("validationFailures.Length: " + validationFailures.ToArray().Length);
Console.WriteLine("validationFailures.Length: " + validationFailures.ToArray().Length);
// validationFailures.Length: 1
// validationFailures.Length: 0
