如何从第三方的Node.js服务器进行身份验证游戏中心用户 [英] How to authenticate Game Center User from 3rd party node.js server

问题描述

我一直在试图获得新的iOS游戏中心GKPlayer方法，<一个href=\"https://developer.apple.com/library/ios/documentation/GameKit/Reference/GKLocalPlayer_Ref/Reference/Reference.html\">generateIdentityVerificationSignatureWithCompletionHandler,工作，所以我们可以安全地依赖于游戏中心凭据进行身份验证。我们使用Node.js的作为后端服务器，我一直在试图验证签名，但无济于事。

下面是在服务器端，我有code - 如果有任何人谁可以附和上缺少了什么，那会是AP preciated。这个问题已经回答了几分这里：<一href=\"http://stackoverflow.com/questions/17408729/how-to-authenticate-the-gklocalplayer-on-my-third-party-server\">How我的第三方服务器上验证GKLocalPlayer？，但Node.js的还没有具体被解决。需要注意的是下面的code不保证与签署授权（还）证书的有效性。

  //客户端发送以下有效载荷
    //json.playerId  -  UTF-8字符串
    //json.bundleId  -  UTF-8字符串
    //json.timestamp  - 十六进制字符串
    //json.salt  - 恩的base64 codeD
    //json.publicKeyURL  -  UTF-8字符串
    //json.signature  - 恩的base64 codeD
    VAR JSON = JSON.parse（req.body）;
    的console.log（JSON.stringify（JSON））;
    //拿到证书
    getCertificate（json.publicKeyURL，功能（CERT）{
        //读取FS文件现在，因为getCertificate DER格式返回证书
        FS =要求（FS）;
        fs.readFile（'/ GC-sb.pem'，'UTF8'，函数（ERR，数据）{
            如果（ERR）{
                的console.log（ERR）;
            }其他{
                的console.log（数据）;
            无功验证= crypto.createVerify（sha1WithRSAEncryption）;
            verifier.write（json.playerIdUTF8）;
            verifier.write（json.bundleIdUTF8）;
            verifier.write（json.hexTimestamp，六角）;
            verifier.write（json.salt的base64）;
            变种的isValid = verifier.verify（数据，json.signature的base64）;            的console.log（isValid方法：+的isValid）;
            }
        }）;
    }）;
 

有一件事我一直在使用Node.js的加密模块发现的是，它似乎想PEM格式的证书，我相信苹果检索格式为DER。直到我弄清楚如何将DER文件转换成PEM，我一直在使用临时转换为

  OpenSSL的X​​509 -in GC-sb.cer -inform德-outform PEM退房手续GC-sb.pem
 

对于我来说是能够首先验证签名最主要的。证书的转换和验证它反对签署授权以后还会来：）<​​/ P>

修改：我理解了它 - 我被散列playerId，bundleId，时间戳和盐，再使用散列值作为信息来验证。我需要的只是把这些信息的到验证，验证没有SHA-1散列（因为验证将照顾它）。我修改上面的code做它的工作。希望这有助于该遇到这个人。

解决方案

它似乎有一个NPM包吧。
https://github.com/maeltm/node-gamecenter-identity-verifier

I've been trying to get the new iOS Game Center GKPlayer method, generateIdentityVerificationSignatureWithCompletionHandler, working so we can securely rely on the Game Center credentials for authentication. We're using Node.js as the backend server, and I've been trying to verify the signature but to no avail.

Here is the code on the server side that I have - if there's anyone who can chime in on what's missing, that'd be appreciated. The question has been answered somewhat here: How to authenticate the GKLocalPlayer on my 'third party server'?, but Node.js hasn't specifically been tackled. Note that the code below doesn't ensures the validity of the certificate with a signing authority (yet).

    //Client sends the payload below
    //json.playerId - UTF-8 string
    //json.bundleId - UTF-8 string
    //json.timestamp - Hex string
    //json.salt - base64 encoded
    //json.publicKeyURL - UTF-8 string
    //json.signature - base64 encoded
    var json = JSON.parse(req.body);
    console.log(JSON.stringify(json));
    //get the certificate
    getCertificate(json.publicKeyURL, function(cert){
        //read file from fs for now, since getCertificate returns cert in DER format
        fs = require('fs');
        fs.readFile('/gc-sb.pem', 'utf8', function (err,data) {
            if (err) {
                console.log(err);
            } else {
                console.log(data);
            var verifier = crypto.createVerify("sha1WithRSAEncryption");
            verifier.write(json.playerId, "utf8");
            verifier.write(json.bundleId, "utf8");
            verifier.write(json.hexTimestamp, "hex");
            verifier.write(json.salt, "base64");
            var isValid = verifier.verify(data, json.signature, "base64");

            console.log("isvalid: " + isValid);
            }
        });
    });

One thing I've found using the crypto module in node.js is that it seems to want the certificate in PEM format, and I believe the format retrieved from Apple is DER. Until I figure out how to convert the DER file to PEM, I've temporarily converted it using

openssl x509 -in gc-sb.cer -inform der -outform pem -out gc-sb.pem

The main thing for me is being able to validate the signature first. Conversion of the certificate and verifying it against a signing authority will come later :)

EDIT: I've figured it out - I was hashing the playerId, bundleId, timestamp and salt, and then using the hashed value as information to verify. I needed to just put those pieces of information into the verifier to verify without the SHA-1 hash (since the verifier will be taking care of it). I've modified the code above to "make it work". Hope this helps anyone that comes across this.

解决方案

It's seems there's a npm package for it. https://github.com/maeltm/node-gamecenter-identity-verifier

这篇关于如何从第三方的Node.js服务器进行身份验证游戏中心用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！