Generating and Managing Plugin Licenses

This guide provides step-by-step instructions for creating a certificate in Salesforce, generating a license using the certificate, extracting the public key, and storing it in the Plugin__mdt record.

1. Create a Certificate in Salesforce

  1. Navigate to Certificate and Key Management:

    • Go to Setup in Salesforce.

    • Search for Certificate and Key Management in the Quick Find box.

  2. Create a New Certificate:

    • Click Create Self-Signed Certificate.

    • Enter a Label (e.g., PluginKey) and Unique Name (e.g., PluginKey).

    • Click Save.

  3. Certificate Details:

    • After saving, Salesforce generates a self-signed certificate with both a private key and a public key.

2. Generate a JWT License

  1. Create an Apex Script: Use the following script to generate a JWT license:

    String certificateDevName = 'DefaultKey'; // Replace with the Unique Name of your certificate
String pluginId = '@cloudpremise/helloWorldPlugin'; // Plugin ID
String version = '0.3.x.x'; // Plugin Version
String subscriberId = 'example_subscriber'; // Subscriber ID
DateTime expiration = DateTime.now().addYears(1); // Expiration date (1 year from now)
String audience = 'https://plugin.cloudpremise.com';

// Generate the license key using PluginManager
String licenseKey = PluginManager.generatePluginLicense(
	certificateDevName,
	audience,
    pluginId,
    version,
    subscriberId,
    expiration	
);

System.debug('Generated License Key: ' + licenseKey);

  2. Save the License Key:

    • Store the generated licenseKey in the License__c field of the Plugin__mdt record.

    • Use the Metadata API or a deployment process to update the metadata record.

3. Export the Certificate from Salesforce

  1. Go to Certificate and Key Management:

    • In Salesforce Setup, navigate to Certificate and Key Management.

  2. Download the Certificate:

    • Locate your certificate (e.g., DefaultKey).

    • Click Download Certificate to download a .crt file.

2. Extract the Public Key Using OpenSSL

  1. Install OpenSSL:

  2. Run the Following Command:

    • Use the .crt file you downloaded from Salesforce to extract the public key:

      openssl x509 -in DefaultKey.crt -pubkey -noout > publickey.pem

    • This command outputs the public key in PEM format to a file named publickey.pem.

  3. Open the publickey.pem File:

    • The file will look something like this:

      -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...
-----END PUBLIC KEY-----

3. Store the Public Key in Salesforce

  1. Copy the Public Key:

    • Open the publickey.pem file in a text editor.

    • Copy the entire content, including the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- lines.

  2. Update the Plugin__mdt Record:

    • Paste the public key into the PublicKey__c field of the relevant Plugin__mdt record.

4. Validate the License (namespace developers only)

Now that the public key is stored in Salesforce, you can use the 

String jwt = licenseKey; // We can get licenseKey in above step 1.
String pluginQualifiedApiName = 'Config';// Plugin QualifiedApiName
String audience = 'https://plugin.cloudpremise.com';
// Validate the license key with Public Key using PluginManager
PluginManager.validatePluginJwt(jwt,pluginQualifiedApiName, audience);

5. Best Practices

  1. Secure the Certificate:

    • Certificates in Salesforce contain private keys that should never be shared or exposed.

    • Limit access to the Certificate and Key Management settings.

  2. Use Public Keys for Validation:

    • Only distribute the public key for license validation.

    • Store the public key in the PublicKey__c field of Plugin__mdt.

  3. Rotate Certificates:

    • Periodically rotate your certificates and distribute updated public keys to ensure security.

  4. Test in Sandbox:

    • Test the entire license generation and validation process in a Salesforce sandbox before deploying to production.

6. Troubleshooting

  • License Expired: Ensure the expiration claim in the JWT is set to a future date using DateTime.addYears() or similar methods.

  • Invalid Public Key: Verify the formatting of the public key in PublicKey__c. Ensure no extra spaces or line breaks are added.

  • Signature Verification Failed: Ensure the license is generated with the same private key that corresponds to the public key stored in PublicKey__c.

PreviousForge PluginsNextIris Portal

Last updated