我已在我的应用中实施了扩展文件和应用内购买。并且应用程序在测试版渠道上发布。
在测试时,我正在手动下载扩展文件以测试下面的代码,但却给出了错误。
E/LicenseValidator: Signature verification failed.
String userId = null;
// Skip signature check for unsuccessful requests
ResponseData data = null;
Log.i(TAG, "verify responseCode : " + responseCode);
if (responseCode == LICENSED || responseCode == NOT_LICENSED ||
responseCode == LICENSED_OLD_KEY) {
// Verify signature.
Log.i(TAG, "verify signature : " + signature);
try {
Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM);
sig.initVerify(publicKey);
sig.update(signedData.getBytes());
if (!sig.verify(Base64.decode(signature))) {
Log.e(TAG, "Signature verification failed.");
handleInvalidResponse();
return;
}
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
} catch (InvalidKeyException e) {
handleApplicationError(LicenseCheckerCallback.ERROR_INVALID_PUBLIC_KEY);
return;
} catch (SignatureException e) {
throw new RuntimeException(e);
} catch (Base64DecoderException e) {
Log.e(TAG, "Could not Base64-decode signature.");
handleInvalidResponse();
return;
}
signature和signedData在回复时不为null或为空。接收responseCode等于LICENSED
我已经使用Google Play控制台键检查了Base64编码的公共RSA密钥,它是相同的。代码sig.verify(signatureBytes)始终返回false。
使用相同应用进行应用内购买时,签名验证也无效。