ILicenseResultListener.verifyLicense的signedData参数是什么? [英] What's in signedData parameter of ILicenseResultListener.verifyLicense?
问题描述
Android上的Google Play具有许可证检查服务, com.android.vending.licensing.ILicensingService
。它支持一个回调接口, ILicenseResultListener
。它有一个带有三个参数的 verifyLicense
方法。对于从Google Play下载的付费应用,请参阅第二张付费应用
> 这是为什么我想知道。
答案是在android-sdk-windows\extras\google\market_licensing\library\src\com\\在$ parse()方法中使用\google\android\vending\licensing\ResponseData.java。
signedData字符串是一个由6个字段组成的序列,通过|,可选择后跟冒号和& -separated name = value集合(如查询字符串)。例如:
0 | 17 | com.acme.myapp | 1 | AAAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHH == | 1480563297411:GR = 10& VT = 1480570457760> = 1481088857760
这个来自付费应用程式。
第一部分的6个字段为:
verifyLicense
的第一个参数
checkLicense
调用
UserID似乎是一个Base64编码的字符串。哪个用户识别,以及如何?有人认为,许可证持有人;但是如何?解码后得到一个长度为25个字节的字节数组。
对于一个侧载应用程序,基本字段全部存在。对于商店购买的应用程序,有额外的数据。额外数据字段的含义可在此处找到。具体而言,使用新购买的应用程序时,会出现以下额外字段:
- GR - 最大重试次数
- VT - 许可证有效性时间戳;指定何时需要重新检查许可证
- GT - 宽限期时间戳
关于UserID,我做了一些测试。我有三种情况: >在所有三种情况下,解码的用户ID匹配的前5个字节,其余的不是。因此,在用户标识中,包装唯一部分和用户唯一部分都不容易识别。值得注意的是,其余的是20个字节 - 可能是一个MD5散列。 UserID绝对不是任何合理编码的字符串,它看起来也不像二进制整数的结构。看似随机的比特模式指向哈希或密文。后者不太可能。 Google Play on Android has a service for license checks, And this is why I'm wondering. The answer is in android-sdk-windows\extras\google\market_licensing\library\src\com\google\android\vending\licensing\ResponseData.java, in the parse() method. The signedData string is a sequence of 6 fields, separated by |, optionally followed by colon and a &-separated name=value collection (like a query string). For example:
com.android.vending.licensing.ILicensingService
. It supports a callback interface, ILicenseResultListener
. It has a method verifyLicense
with three parameters. For a paid app that's been downloaded from Google Play, what comes in the second one, signedData
, please?0|17|com.acme.myapp|1|AAAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHH==|1480563297411:GR=10&VT=1480570457760>=1481088857760
This one comes from a paid app.
The 6 fields in the first section are:
- Response code (int) - presumably the same as the
verifyLicense
's first parameter - Nonce (int) - comes straight from the
checkLicense
call - Package name
- Version code
- User ID, with a comment "Application-specific user identifier"
- Timestamp (long) - not sure of what. Definitely not purchase; repeat runs return a different, later value. Probably that of license check itself.
UserID seems to be a Base64-encoded string. Which user does it identify, and how? The license holder, one presumes; but how? Decoding gives a byte array, 25 bytes long.
For a sideloaded app, the basic fields is all there is. For a store bought app, there's extra data. The meaning of extra data fields can be found here. Specifically, with a freshly bought app, the following extra fields come:
- GR - max retry count
- VT - license validity timestamp; specifies when the license needs to be rechecked
- GT - grace period timestamp
Regarding UserID, I did some tests. I have three cases:
- Package A, side-loaded
- Package A, downloaded for a fee from Play
- Package B, downloaded for free from Play (by the same user)
In all three cases, the first 5 bytes of the decoded UserID match, the rest don't. So neither the package unique part nor the user unique part can be easily identified in the UserID. Notably, the remainder is 20 bytes long - could be an MD5 hash. The UserID definitely isn't a string in any sensible encoding, and it doesn't look like a structure with binary integers, either. The seemingly random bit pattern points at either a hash, or a cyphertext. The latter is unlikely.
这篇关于ILicenseResultListener.verifyLicense的signedData参数是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!