如何从 3rd 方 node.js 服务器验证 Game Center 用户 [英] How to authenticate Game Center User from 3rd party node.js server

问题描述

我一直在尝试获取新的 iOS Game Center GKPlayer 方法，generateIdentityVerificationSignatureWithCompletionHandler，这样我们就可以安全地依赖 Game Center 凭据进行身份验证.我们使用 Node.js 作为后端服务器，我一直在尝试验证签名但无济于事.

I've been trying to get the new iOS Game Center GKPlayer method, generateIdentityVerificationSignatureWithCompletionHandler, working so we can securely rely on the Game Center credentials for authentication. We're using Node.js as the backend server, and I've been trying to verify the signature but to no avail.

这是我拥有的服务器端的代码 - 如果有任何人可以指出缺少的内容，那将不胜感激.这个问题已经在这里得到了一些回答:如何验证我的第三方服务器"上的 GKLocalPlayer?，但尚未专门处理 Node.js.请注意，下面的代码并不能确保具有签名机构的证书的有效性(目前).

Here is the code on the server side that I have - if there's anyone who can chime in on what's missing, that'd be appreciated. The question has been answered somewhat here: How to authenticate the GKLocalPlayer on my 'third party server'?, but Node.js hasn't specifically been tackled. Note that the code below doesn't ensures the validity of the certificate with a signing authority (yet).

    //Client sends the payload below
    //json.playerId - UTF-8 string
    //json.bundleId - UTF-8 string
    //json.timestamp - Hex string
    //json.salt - base64 encoded
    //json.publicKeyURL - UTF-8 string
    //json.signature - base64 encoded
    var json = JSON.parse(req.body);
    console.log(JSON.stringify(json));
    //get the certificate
    getCertificate(json.publicKeyURL, function(cert){
        //read file from fs for now, since getCertificate returns cert in DER format
        fs = require('fs');
        fs.readFile('/gc-sb.pem', 'utf8', function (err,data) {
            if (err) {
                console.log(err);
            } else {
                console.log(data);
            var verifier = crypto.createVerify("sha1WithRSAEncryption");
            verifier.write(json.playerId, "utf8");
            verifier.write(json.bundleId, "utf8");
            verifier.write(json.hexTimestamp, "hex");
            verifier.write(json.salt, "base64");
            var isValid = verifier.verify(data, json.signature, "base64");

            console.log("isvalid: " + isValid);
            }
        });
    });

我发现在 node.js 中使用加密模块的一件事是它似乎需要 PEM 格式的证书，我相信从 Apple 检索到的格式是 DER.在我弄清楚如何将 DER 文件转换为 PEM 之前，我暂时使用

One thing I've found using the crypto module in node.js is that it seems to want the certificate in PEM format, and I believe the format retrieved from Apple is DER. Until I figure out how to convert the DER file to PEM, I've temporarily converted it using

openssl x509 -in gc-sb.cer -inform der -outform pem -out gc-sb.pem

对我来说最重要的是能够首先验证签名.稍后将转换证书并根据签名机构对其进行验证:)

The main thing for me is being able to validate the signature first. Conversion of the certificate and verifying it against a signing authority will come later :)

编辑:我已经弄明白了——我正在对 playerId、bundleId、timestamp 和 salt 进行哈希处理，然后使用哈希值作为信息进行验证.我只需要将这些信息放入验证器即可在没有 SHA-1 哈希的情况下进行验证(因为验证器会处理它).我已经修改了上面的代码以让它工作".希望这对遇到此问题的人有所帮助.

EDIT: I've figured it out - I was hashing the playerId, bundleId, timestamp and salt, and then using the hashed value as information to verify. I needed to just put those pieces of information into the verifier to verify without the SHA-1 hash (since the verifier will be taking care of it). I've modified the code above to "make it work". Hope this helps anyone that comes across this.

推荐答案

以下是使用 nodejs 验证游戏中心身份的方法.它还将 der 证书格式即时转换为 pem.

Here is how you can validate gamecenter identity using nodejs. It convert also the der certificate format to pem on the fly.

var crypto = require('crypto');
var request = require('request');
var ref = require('ref');

var token = require('./test.json');

request({url: token.publicKeyURL, encoding: null}, function (error, response, body) {
    if (!error && response.statusCode == 200) {

        var verifier = crypto.createVerify("sha1");
        verifier.update(token.playerId, "utf8");
        verifier.update(token.bundleId, "utf8");

        var buf = ref.alloc('uint64');
        ref.writeUInt64BE(buf, 0, token.timestamp.toString());

        verifier.update(buf);
        verifier.update(token.salt, 'base64');

        var pmd = '-----BEGIN CERTIFICATE-----';

        var base64 = body.toString('base64');
        var size = base64.length;

        for (var i = 0; i < size; i = i + 64) {
            var end = i + 64 < size ? i + 64 : size;
            pmd = pmd + '
' + base64.substring(i, end);
        }

        pmd = pmd + '
-----END CERTIFICATE-----';

        var valid = verifier.verify(pmd, token.signature, "base64");

        console.log(valid);

    }
});

这篇关于如何从 3rd 方 node.js 服务器验证 Game Center 用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！