我无法搞清楚如何验证Androind应用程序内购买计费用我的Ruby on Rails的服务器。

I am having trouble figuring out how to verify Androind In-app Billing purchases with my Ruby on Rails server.

http://developer.android.com/guide/market/billing/billing_integrate.html

我觉得Android的给出了一个Security.java有某种方法来验证物理设备。从我的研究好像是（1）我需要弄清楚如何使用这个Security.java类我的Ruby on Rails的服务器或（2）我需要移植Security.java了Ruby。

I think that Android gives a Security.java that has some sort of method to verify on physical device. From my research it seems like either (1) I need to figure out how to use this Security.java class with my Ruby on Rails server or (2) I need to port Security.java to Ruby.

这是正确的？有谁知道另一种方式来验证收据？

Is this correct? Does anyone know another way to verify the receipt?

推荐答案

我刚刚想通了这一点。

基本上它的工作方式是，当购买成功了Android市场传回的消息（以JSON格式）与订单的详细信息和加密签名。在Security.java类的验证功能，确保邮件确实来自Android市场的应用程序使用你的公共密钥验证签名。

Basically the way it works is that when a purchase succeeds the android market sends back a message (formatted in JSON) with the order details and a cryptographic signature. In the Security.java class the verify function is making sure that the message really did come from the Android market application by verifying the signature using your public key.

如果你想使用自己的服务器中拌匀，你只需要签名和JSON的有效载荷传递到您的服务器，并验证服务器上的JSON有效载荷。如果你可以验证JSON数据从市场应用来了，你可以用它来创建你的服务器端订单的对象。然后，你可以给你的客户端应用程序响应的订单处理和更新你的用户界面。

If you want to use your own server in the mix, you simply need to pass the signature and json payload to your server and verify the json payload on your server. If you can verify that the json data came from the market application, you can use it to create your server side order objects. Then you can respond to your client application that the order was processed and update your UI.

我在我的应用程序只需添加服务器通信的东西在安全类做代替现有的验证功能的验证功能。

What I did in my app is just add in the server communication stuff in the Security class' verify function in place of the existing verify function.

真正的技巧是写签名验证code的红宝石。这里是什么工作：

The real trick is writing signature verification code in ruby. Here's what works:

base64_en coded_public_key是您的用户配置文件的密钥 SIG是签名财产被传递到地下城安全的例子 数据发回由市场JSON字符串。

base64_encoded_public_key is your key in your user profile sig is the signature property being passed into the Dungeons security example data is the json string sent back by the market.

require 'rubygems'
require 'openssl'
require 'base64'

base64_encoded_public_key = "YOUR KEY HERE"
data = "JSON_DATA_HERE"
sig = "SIGNATURE HERE"

key = OpenSSL::PKey::RSA.new(Base64.decode64(base64_encoded_public_key))

verified = key.verify( OpenSSL::Digest::SHA1.new, Base64.decode64(sig), data )