refact: Self-sign local and free licenses

Author: distantnative

src/Cms/License.php

@@ -164,7 +164,7 @@ public function isComplete(): bool
 			$this->domain !== null &&
 			$this->email !== null &&
 			$this->order !== null &&
-			($this->signature !== null || $this->isFreeAndLocal()) &&
+			$this->signature !== null &&
 			$this->hasValidEmailAddress() === true &&
 			$this->type() !== LicenseType::Invalid
 		) {
@@ -272,22 +272,21 @@ public function isOnCorrectDomain(): bool
 	 */
 	public function isSigned(): bool
 	{
-		// locally self-signed licenses do not need a signature
-		if ($this->isFreeAndLocal() === true) {
-			return true;
-		}
-
 		if ($this->signature === null) {
 			return false;
 		}
 
+		$data      = json_encode($this->signatureData());
+		$signature = hex2bin($this->signature);
+
+		if ($this->isFreeAndLocal() === true) {
+			return hash('sha256', $data) === $signature;
+		}
+
 		// get the public key
 		$pubKey = F::read($this->kirby->root('kirby') . '/kirby.pub');
 
 		// verify the license signature
-		$data      = json_encode($this->signatureData());
-		$signature = hex2bin($this->signature);
-
 		return openssl_verify($data, $signature, $pubKey, 'RSA-SHA256') === 1;
 	}
 
@@ -406,14 +405,14 @@ public function register(): static
 		}
 
 		if ($this->isFreeAndLocal() === true) {
-			$response = [
+			$response = $this->selfsign([
 				'activation' => date('Y-m-d H:i:s'),
+				'code'       => $this->code,
 				'date'       => date('Y-m-d H:i:s'),
 				'domain'     => $this->domain,
-				'code'       => $this->code,
+				'email'      => hash('sha256', $this->email . static::SALT),
 				'order'      => '12345678',
-				'email'      => $this->email
-			];
+			]);
 		}
 
 		// @codeCoverageIgnoreStart
@@ -496,6 +495,19 @@ public function save(): bool
 		);
 	}
 
+	/**
+	 * Self-signs a license file where registration
+	 * will not communicate with the license hub
+	 */
+	protected function selfsign(array $payload): array
+	{
+		return [
+			...$payload,
+			'email'     => $payload['email'],
+			'signature' => bin2hex(hash('sha256', json_encode($payload)))
+		];
+	}
+
 	/**
 	 * Returns the signature if available
 	 */

tests/Cms/System/LicenseTest.php

@@ -292,21 +292,6 @@ public function testIsOnCorrectDomain(): void
 		$this->assertTrue($license->isOnCorrectDomain());
 	}
 
-	public function testIsSignedFreeAndLocal(): void
-	{
-		$this->app->clone([
-			'server' => [
-				'REMOTE_ADDR' => '127.0.0.1',
-			]
-		]);
-
-		$license = new License(
-			code: LicenseType::Free->prefix()
-		);
-
-		$this->assertTrue($license->isSigned());
-	}
-
 	public function testLabel(): void
 	{
 		$license = new License();