Offline Node Lock - Accepting Offline Activation Response from Other Computer


#1

We are currently using LexActivator to perform offline node-locked license activations. We have integrated the LexActivator into our existing server and added the following two endpoints:

/license/generateOfflineActivationRequest/{licenseKey}
	LexActivator.SetLicenseKey(licenseKey);
	LexActivator.GenerateOfflineActivationRequest(path);

/license/uploadOfflineActivationResponse
	LexActivator.ActivateLicenseOffline(offlineActivationResponse);
	int licenseStatus = LexActivator.IsLicenseGenuine();
	if (LA_OK) ....

What we have observed is that a user can activate Cryptlex using an offline activation reponse with a different finger print if LexActivator has a license key stored that is not the same license key used to generate the offline activation response.
For example, if the user follows the normal flow:

/license/generateOfflineActivationRequest/KEY_USED_TO_GENERATE_REQUEST
User takes an offline response from an offline request generated on another users computer
/license/uploadOfflineActivationResponse

Everything works as expected and we get the exception that the machine fingerprint has changed since activation. However, if the user performs the following flow:

/license/generateOfflineActivationRequest/ANY_STRING
User takes an offline response from an offline request generated on another users computer
/license/uploadOfflineActivationResponse

Then the LexActivator returns a status of LA_OK.

It seems that the LexActivator should throw some sort of exception when a user tries to upload an offline response generated using a different license key than the current LexActivator license key. Are we missing some sort of validation in either of our endpoints? I don’t see any way to get the license key from the activation response to do any sort of validation. Or is there something in the policy we should be setting? Or is this possibly just a bug due to being unable to validate license keys while performing offline activations?


#2

Playing around a bit, I noticed that the License call back seems to be more accurate in this case. The sample code mentions that setting a license callback is recommended for floating licenses, but should we also be using it for a node locked offline license?


#3

Hi Simon,

You are observing this behavior because the machine is already activated.

If the machine is activated successfully, then trying to offline activate the activated machine using an invalid response won’t invalidate the existing activation.

You can confirm this by validating the status code during offline activation:

int status = LexActivator.ActivateLicenseOffline(offlineActivationResponse);

if(status != LA_OK) {
    cout << status;
}

Regards,
Adnan


#4

Thanks, Adnan! I didn’t realize that ActivateLicenseOffline returned a status as well which definitely helps. However, I’m still a bit confused.

I tried out the example on a machine that I had deactivated the license for, supplied an offline activation response locked to a different computer, and still saw the general status change to valid which I would not expect.

int originalStatus = LexActivator.IsLicenseValid() // Returns LA_FAIL (1)
int offlineUploadStatus = LexActivator.ActivateLicenseOffline(offlineResponseFromAnotherMachine) // Returns LA_FAIL (1)
int newStatus = LexActivator.IsLicenseValid() // Returns LA_OK (0)

I understand your note that if the machine was previously active that the license will not be inactivated, but I can’t understand why it switched from LA_FAIL to LA_OK in this scenario?

Another weird observation is that if we restart the server that loads in the LexActivator libraries we see the expected LA_FAIL again from IsLicenseValid.


#5

Hi Simon,

Confirming this is a bug (caching bug). We have fixed the issue and it will be available in the next release.


#6

Perfect, thanks for the quick replies Adnan! At this time is there any estimate of when the next build will be released?