Generating and Managing Plugin Licenses

1. Create a Certificate in Salesforce

1. Navigate to Certificate and Key Management:

   • Go to Setup in Salesforce.

   • Search for Certificate and Key Management in the Quick Find box.

2. Create a New Certificate:

   • Click Create Self-Signed Certificate.

   • Enter a Label (e.g., PluginKey) and Unique Name (e.g., PluginKey).

   • Click Save.

3. Certificate Details:

   • After saving, Salesforce generates a self-signed certificate with both a private key and a public key.

2. Generate a JWT License

1. Create an Apex Script: Use the following script to generate a JWT license:

   Copy

   String certificateDevName = 'DefaultKey'; // Replace with the Unique Name of your certificate
   String pluginId = '@cloudpremise/helloWorldPlugin'; // Plugin ID
   String version = '0.3.x.x'; // Plugin Version
   String subscriberId = 'example_subscriber'; // Subscriber ID
   DateTime expiration = DateTime.now().addYears(1); // Expiration date (1 year from now)
   String audience = 'https://plugin.cloudpremise.com';
   
   // Generate the license key using PluginManager
   String licenseKey = PluginManager.generatePluginLicense(
   	certificateDevName,
   	audience,
       pluginId,
       version,
       subscriberId,
       expiration	
   );
   
   System.debug('Generated License Key: ' + licenseKey);

2. Save the License Key:

   • Store the generated licenseKey in the License__c field of the Plugin__mdt record.

   • Use the Metadata API or a deployment process to update the metadata record.

3. Export the Certificate from Salesforce

1. Go to Certificate and Key Management:

   • In Salesforce Setup, navigate to Certificate and Key Management.

2. Download the Certificate:

   • Locate your certificate (e.g., DefaultKey).

   • Click Download Certificate to download a .crt file.

2. Extract the Public Key Using OpenSSL

1. Install OpenSSL:

   • If you don’t already have OpenSSL installed, download it from OpenSSL's official site and install it.

2. Run the Following Command:

   • Use the .crt file you downloaded from Salesforce to extract the public key:

   • This command outputs the public key in PEM format to a file named publickey.pem.

3. Open the publickey.pem File:

   • The file will look something like this:

3. Store the Public Key in Salesforce

1. Copy the Public Key:

   • Open the publickey.pem file in a text editor.

   • Copy the entire content, including the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- lines.

2. Update the Plugin__mdt Record:

   • Paste the public key into the PublicKey__c field of the relevant Plugin__mdt record.

4. Validate the License (namespace developers only)

Now that the public key is stored in Salesforce, you can use the

5. Best Practices

1. Secure the Certificate:

   • Certificates in Salesforce contain private keys that should never be shared or exposed.

   • Limit access to the Certificate and Key Management settings.

2. Use Public Keys for Validation:

   • Only distribute the public key for license validation.

   • Store the public key in the PublicKey__c field of Plugin__mdt.

3. Rotate Certificates:

   • Periodically rotate your certificates and distribute updated public keys to ensure security.

4. Test in Sandbox:

   • Test the entire license generation and validation process in a Salesforce sandbox before deploying to production.

6. Troubleshooting

• License Expired: Ensure the expiration claim in the JWT is set to a future date using DateTime.addYears() or similar methods.

• Invalid Public Key: Verify the formatting of the public key in PublicKey__c. Ensure no extra spaces or line breaks are added.

• Signature Verification Failed: Ensure the license is generated with the same private key that corresponds to the public key stored in PublicKey__c.