如何实施google play安全验证购买服务器端?

时间:2016-10-27 10:58:57

标签: java php android openssl google-play

我想用PHP语言实现in-app purchase verification服务器端。 我测试了这个link但是为了正确的数据集返回了错误。

java函数:

public class Security {
    private static final String TAG = "IABUtil/Security";

    private static final String KEY_FACTORY_ALGORITHM = "RSA";
    private static final String SIGNATURE_ALGORITHM = "SHA1withRSA";


    public static boolean verifyPurchase(String base64PublicKey, String signedData, String signature) {
        if (TextUtils.isEmpty(signedData) || TextUtils.isEmpty(base64PublicKey) ||
                TextUtils.isEmpty(signature)) {
            Log.e(TAG, "Purchase verification failed: missing data.");
            return false;
        }

        PublicKey key = Security.generatePublicKey(base64PublicKey);
        return Security.verify(key, signedData, signature);
    }

    public static PublicKey generatePublicKey(String encodedPublicKey) {
        try {
            byte[] decodedKey = Base64.decode(encodedPublicKey);
            KeyFactory keyFactory = KeyFactory.getInstance(KEY_FACTORY_ALGORITHM);
            return keyFactory.generatePublic(new X509EncodedKeySpec(decodedKey));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        } catch (InvalidKeySpecException e) {
            Log.e(TAG, "Invalid key specification.");
            throw new IllegalArgumentException(e);
        } catch (Base64DecoderException e) {
            Log.e(TAG, "Base64 decoding failed.");
            throw new IllegalArgumentException(e);
        }
    }

    public static boolean verify(PublicKey publicKey, String signedData, String signature) {
        ...
    }
}

我试过这段代码:

function verify_market_in_app($signed_data, $signature, $public_key_base64) 
{
    $key =  "-----BEGIN PUBLIC KEY-----\n".
        chunk_split($public_key_base64, 64,"\n").
        '-----END PUBLIC KEY-----';   
    //using PHP to create an RSA key
    $key = openssl_get_publickey($key);
    //$signature should be in binary format, but it comes as BASE64. 
    //So, I'll convert it.
    $signature = base64_decode($signature);   
    //using PHP's native support to verify the signature
    $result = openssl_verify(
            $signed_data,
            $signature,
            $key,
            OPENSSL_ALGO_SHA1);
    if (0 === $result) 
    {
        return false;
    }
    else if (1 !== $result)
    {
        return false;
    }
    else 
    {
        return true;
    }
}

但这不能正常工作。

我使用openssl_error_string()函数并收到此错误:

error:0906D064:PEM routines:PEM_read_bio:bad base64 decode

任何人都可以帮忙吗?

0 个答案:

没有答案
相关问题
最新问题