在应用程序内购买签名验证使用PHP的OpenSSL应用程序、PHP、OpenSSL
在试图遵循一些安全准则,在应用程序 购买这里: http://developer.android.com/guide/market/billing/billing_best_practices.html 我试图做的签名验证的服务器上,而不是 APP iteself。我想理想情况下使用PHP OpenSSL库和 它看起来像code,如以下应该工作:
$ public_key_str =的file_get_contents(./ PUBKEY /输出);
$ public_key_str =修剪($ public_key_str);
$键= openssl_get_publickey($ public_key_str);
如果(!$键)
{
回声可以\'吨得到公钥;
}
$签字= base64_de code($签字);
$确定= openssl_verify($数据,$签名,$键);
后续代码var_dump($行);
我知道,无论我的签名和公钥是正确的,但$确定为0!签名我尝试使用从应用程序内购买包串。猜猜我的关键是正确的,问题是在签名。当我尝试去code它的base64有:OpenSSL的ENC -base64 -d -in签名-A> signature.bin,我有串同base64_de code()。任何想法?
UPD:还我真的不understanf我要传递openssl_verify()为$的数据是什么?我的数据是这样的:
$数据= '{"nonce":5550262978898439313,"orders":[{"notificationId":"android.test.purchased","orderId":"transactionId.android.test.purchased","packageName":"com.ads.testbilling","productId":"android.test.purchased","purchaseTime":1308224646237,"purchaseState":0}]}';
解决方案
看一看OAuth.php我认为你可以在谷歌code.com得到它 它采用openssl_verify(),我认为他们正在使用的$ data是一个网址
HTTP://oauth.google$c $ c.com / SVN / code / PHP / OAuth.php
In an attempt to follow some of the security guidelines for in-app purchase here: http://developer.android.com/guide/market/billing/billing_best_practices.html I am trying to do signature validation on a server instead of in the app iteself. I would ideally like to use the php openssl libraries and it looks like code such as the following should work:
$public_key_str = file_get_contents("./pubKey/out");
$public_key_str = trim($public_key_str);
$key = openssl_get_publickey($public_key_str);
if(!$key)
{
echo 'Can\'t get public key';
}
$signature = base64_decode( $signature );
$ok = openssl_verify($data, $signature, $key);
var_dump($ok);
I know both my signature and public key are correct, but $ok is 0! Signature I try to use is string from the app purchase bundle. Guess my key is correct and the problem is in signature. When I try to decode it from base64 with: openssl enc -base64 -d -in signature -A > signature.bin, I have the string same with base64_decode(). Any ideas ?
UPD: also I don't really understanf what I should pass in openssl_verify() as $data ? My data looks like this:
$data = '{"nonce":5550262978898439313,"orders":[{"notificationId":"android.test.purchased","orderId":"transactionId.android.test.purchased","packageName":"com.ads.testbilling","productId":"android.test.purchased","purchaseTime":1308224646237,"purchaseState":0}]}';
解决方案
Have a look at OAuth.php I think you can get it at googlecode.com It uses openssl_verify() I think the $data they are using is an URL
http://oauth.googlecode.com/svn/code/php/OAuth.php
