In-app billing verification. Does server side code

2019-08-17 15:20发布

站内问答 / Android
651 2 4

A lot of people ask how to write server side code for in-app billing verificartion. Can anybody publish such code? Or know where such code is. How to install in on the server? There are similar subjects

I could not understand it. I don't know php. Is it the next nightmare which I must study?

Thanks for help and advices.

2条回答
爱情/是我丢掉的垃圾
2楼-- · 2019-08-17 15:55

Actually it's pretty easy, you just need a small function like this in PHP:

function checkPayment($data, $signature)
{
    $base64EncodedPublicKey = "yourBase64PublicKey";
    $openSslFriendlyKey = "-----BEGIN PUBLIC KEY-----\n" . chunk_split($base64EncodedPublicKey, 64, "\n") .  "-----END PUBLIC KEY-----";
    $publicKeyId = openssl_get_publickey($openSslFriendlyKey);

    $result =  openssl_verify ($data, base64_decode($signature), $publicKeyId, OPENSSL_ALGO_SHA1);

    /*
    if ($result == 1) {
        echo "Success";
    } elseif ($result == 0) {
        echo "Verification Failed";
    }
    */

    return $result;
}
查看更多
0人赞 添加讨论(0) 举报
可以哭但决不认输i
3楼-- · 2019-08-17 16:16

Here is (uncompleted) python example:

from M2Crypto import BIO, RSA, EVP

ANDROID_PK = """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmZW0GxWr0v1ndLfxHbV2ruWcmQ
<some lines skipped>
cwWjx5sWSahVp0M5aYRysSkGGjSxe1wIDAQAB
-----END PUBLIC KEY-----"""

def validate_google_play_signature(signed_data, signature_base64, public_key):
    # http://stackoverflow.com/a/546476/227024
    bio = BIO.MemoryBuffer(public_key)
    rsa = RSA.load_pub_key_bio(bio)
    pubkey = EVP.PKey()
    pubkey.assign_rsa(rsa)

    pubkey.reset_context(md="sha1")
    pubkey.verify_init()
    pubkey.verify_update(signed_data)

    signature = base64.b64decode(signature_base64)
    return bool(pubkey.verify_final(signature))
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)