PHP服务器端验证IAB总是openssl_verify返回0 [英] PHP server side IAB verification openssl_verify always returns 0
问题描述
我用下面的函数(服务器端PHP)来验证IAB v3的交易:
I'm using the following function (server side php) to verify a IAB v3 transaction:
我是从Android应用程序传递:
I'm passing from the android app:
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
String signed_data=data.getStringExtra(IabHelper.RESPONSE_INAPP_PURCHASE_DATA);
String signature=data.getStringExtra(IabHelper.RESPONSE_INAPP_SIGNATURE);
我有一种感觉,它可能是与我路过签名。
我用下面的Android的方法来连接code,因为没有编码,我得到一个错误:
I have a feeling it may have something to do with the signature I'm passing. I'm using the following Android method to encode it, because without encoding I get an error:
public String URLsafe(String text){
try {
return URLEncoder.encode(text, "utf-8");
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();;
}
return null;
}
我通过了网址
http://www.example.com/handlepayment.php?signature=....&data=....
public String getXmlFromUrl(String url) {
String xml = null;
try {
// defaultHttpClient
DefaultHttpClient httpClient = new MyHttpClient_ALKS(myContext.getApplicationContext());
HttpPost httpPost = new HttpPost(url);
HttpResponse httpResponse = httpClient.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
xml = EntityUtils.toString(httpEntity);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return xml;
}
到服务器:
function verify_play($signed_data, $signature)
{
global $public_key_base64;
$pkey = "-----BEGIN PUBLIC KEY-----\n".
chunk_split($public_key_base64, 64,"\n").
'-----END PUBLIC KEY-----';
//using PHP to create an RSA key
$pkey = openssl_get_publickey($pkey);
//$signature should be in binary format, but it comes as BASE64.
//So, I'll convert it.
$signature = base64_decode($signature);
//using PHP's native support to verify the signature
$result = openssl_verify(
$signed_data,
$signature,
$pkey,
OPENSSL_ALGO_SHA1);
if (0 === $result)
{
return false;
}
else if (1 !== $result)
{
return false;
}
else
{
return true;
}
} ;
它似乎总是返回false($结果= 0),任何人任何想法,为什么?如何传递签名未设有codeD,或者我应该使用哪种编码?
It always seem to return false ($result=0), anybody any idea why? How can I pass the signature un-encoded, or which encoding should I use?
推荐答案
在我的经验 openssl_get_publickey()只有当你有一个X的公共密钥生成公钥资源0.509证书。
In my experience openssl_get_publickey() only creates public key resources when you have a public key in an X.509 cert.
我的建议是使用 phpseclib,一个纯粹的PHP执行RSA 。例如:
My recommendation would be to use phpseclib, a pure PHP RSA implementation. eg.
function verify_play($signed_data, $signature)
{
global $public_key_base64;
$rsa = new Crypt_RSA();
$rsa->loadKey($public_key_base64);
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$signature = base64_decode($signature);
return $rsa->verify($signed_data, $signature);
}
这篇关于PHP服务器端验证IAB总是openssl_verify返回0的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
