如何使用Java JDK 1.7在我的第三方服务器上验证GKLocalPlayer?

时间:2014-02-19 17:41:58

标签: java ios authentication verification

使用Apple的Game Center身份验证验证步骤outlined here,下面的验证逻辑已使用Java实现。但是,这总是失败。

import java.net.URL;

import java.nio.ByteBuffer;

import java.nio.ByteOrder;

import java.security.KeyPair;

import java.security.KeyPairGenerator;

import java.security.MessageDigest;

import java.security.PrivateKey;

import java.security.PublicKey;

import java.security.SecureRandom;

import java.security.Signature;

import java.security.cert.Certificate;

import java.security.cert.CertificateFactory;

import java.security.spec.AlgorithmParameterSpec;

import java.util.Arrays;

import javax.crypto.Cipher;

import javax.xml.bind.DatatypeConverter;

public class Verifier {

    public static void main(String[] args) {

        verify1();   

    }



    public static void verify1() {

        try {

            byte[] playerID = "G:90082947".getBytes("UTF-8");

            byte[] bundleID = "com.appledts.GameCenterSamples".getBytes("UTF-8");



            long ts = 1392078336714L;

            final ByteBuffer tsByteBuffer = ByteBuffer.allocate(8);

            tsByteBuffer.order(ByteOrder.BIG_ENDIAN);

            tsByteBuffer.putLong(ts);           

            byte[] timestamp = tsByteBuffer.array();



            byte[] salt = DatatypeConverter.parseBase64Binary("xmvbZQ==");



            byte[] sigToCheck = DatatypeConverter.parseBase64Binary("AmyNbm+7wJOjXv6GXI/vAEcl6gSX1AKxPr3GeExSYCiaxVaAeIvC23TWtp1/Vd/szfq1r1OzwrvkHeSSiskWMsMXaGQWUmiGtCnf9fqBU75T5PwNLCj4H9Nd5QENCMV/CFgVyGEi4X6Wlp18kqJPk/ooS6jLJwcWIe6DyrR1bQHl6YzKTfB4ACl2JEccBDz8dArKTrh4vFcQF4a+DtERm283Y2ue1DwG8lqWrYhsRO5v7vrW3lVpn5t25QXc+Y35zJ/il+lZJxKAgASwrKaq3G8RStdkeXCER23fSYhTmbLFqkFRWnmzu38hmLt5/iivUbm8NgELXP0SyQoYLMvfmA==");



            ByteBuffer dataBuffer = ByteBuffer.allocate(playerID.length+bundleID.length+8+salt.length)

                .put(playerID)

                .put(bundleID)

                .put(timestamp)

                .put(salt);





            Certificate cert = CertificateFactory.getInstance("X.509")

                    .generateCertificate(new URL("https://sandbox.gc.apple.com/public-key/gc-sb.cer").openConnection().getInputStream());





            Signature sig = Signature.getInstance("SHA1withRSA");

            sig.initVerify(cert);



            sig.update(dataBuffer);



            final boolean verify = sig.verify(sigToCheck);

            System.out.println("signature verifies: " + verify);                            



        } catch (Exception e) {            

            e.printStackTrace();

        }

    }        

}

从iOS 7客户端向服务器传输数据时没有丢失位。通过将二进制位写入xCode和Java的文件,生成它们的十六进制,并查看是否存在任何差异(注意,差异只显示文件名差异)来验证这一点:

$ xxd -i salt_Java.txt salt_java.xxd

$ xxd -i salt_xcode.txt salt_xcode.xxd

$ xxd -i sigToCheck_Java.txt sigToCheck_java.xxd

$ xxd -i sigToCheck_xcode.txt sigToCheck_xcode.xxd

$ diff salt_java.xxd salt_xcode.xxd 

1c1

< unsigned char salt_Java_txt[] = {

---

> unsigned char salt_xcode_txt[] = {

4c4

< unsigned int salt_Java_txt_len = 4;

---

> unsigned int salt_xcode_txt_len = 4;

$ diff sigToCheck_java.xxd sigToCheck_xcode.xxd 

1c1

< unsigned char sigToCheck_Java_txt[] = {

---

> unsigned char sigToCheck_xcode_txt[] = {

25c25

< unsigned int sigToCheck_Java_txt_len = 256;

---

> unsigned int sigToCheck_xcode_txt_len = 256;

$

我认为这是因为Signature class使用的基础Java库而失败,因为Objective-C solution listed here似乎成功验证了相同的凭据。

我的下一次尝试是使用Java的[Cipher]和[MessageDigest]库而不是[Signature]库,但这也失败了。我怀疑在使用提供的签名位检查签名摘要位之前还缺少其他步骤。

final MessageDigest md = MessageDigest.getInstance("SHA1");

byte[] digest = md.digest(dataBuffer.array());

// RSA decrypt

Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");

cipher.init(Cipher.DECRYPT_MODE, cert);

byte[] decrypted = cipher.doFinal(sigToCheck);    



System.out.println("signature verifies: " + Arrays.equals(digest, decrypted));

是否有其他方法可以验证数字签名或上述解决方案中的任何差距?

2 个答案:

答案 0 :(得分:2)

问题似乎是您传递给Signature.update()的ByteBuffer。如果通过更改

传递基础数组 
sig.update(dataBuffer);


sig.update(dataBuffer.array());

验证似乎成功。基于the documentation for Signature.update(ByteBuffer),我怀疑这是因为它试图从您在缓冲区中写入的最后位置读取,而不是找到任何数据。

答案 1 :(得分:0)

仍然不确定为什么Signature.verify失败,但现在找到了解决办法:解密签名以检查,并从解密的散列中取消打包SHA1散列,并与数据缓冲区摘要进行比较。如果两者匹配,则它验证游戏中心用户凭证,否则不验证。请参阅下面的示例代码。

 final MessageDigest md = MessageDigest.getInstance("SHA-1");
 byte[] digest = md.digest(dataBuffer.array());

 Cipher c2 = Cipher.getInstance("RSA/ECB/PKCS1Padding");
 c2.init(Cipher.DECRYPT_MODE, cert.getPublicKey());
 byte[] decrypted2 = c2.doFinal(sigToCheck);
 final byte[] unpaddedSHA1 = Utils.unpadSHA1(decrypted2);

 System.out.println("signature verifies: " + Arrays.equals(digest, unpaddedSHA1));

upadSHA1的定义如下:

private static final String SHA1_PAD = "3021300906052b0e03021a05000414";
private static final byte[] sha1pad = DatatypeConverter.parseHexBinary(SHA1_PAD);

public static byte[] unpadSHA1(byte[] padded) throws BadPaddingException {
    int k = 0;

    if (padded.length < sha1pad.length) {
        throw new BadPaddingException("Padding string too short");
    }
    while (true) {
        if (padded[k] != sha1pad[k]) {
            break;
        }
        k++;                  
        if (k == sha1pad.length) {
            break;
        }
    }
    int n = padded.length - k;
    if (n > 256) {
        throw new BadPaddingException("Padding string too short");
    }
    byte[] data = new byte[n];
    System.arraycopy(padded, padded.length - n, data, 0, n);
    return data;
}
相关问题
最新问题