How to authenticate the GKLocalPlayer on my 'third party server' using PHP?

Question

Please forgive my clumsiness, I\'m new to Stackoverflow, C#, and Objective C.

In a nutshell, I\'m trying to do what is answered in this question, but in PHP: How to

Answer 1

Thank you @garraeth, your code helped me implement the logic.

From the C# code, concat a payload data on server side is working fine for me. When using openssl_verify we needn't do the hash ourselves.

Also, I think validate the publicKeyUrl is form HTTPS and apple.com is required.

Some pseudo code here (Note that Apple has change the algorithm to OPENSSL_ALGO_SHA256 in 2015).

// do some urls, input params validate...

// do the signature validate
$payload = concatPayload($playerId, $bundleId, $timestamp, $salt);
$pubkeyId = openssl_pkey_get_public($pem);
$isValid = openssl_verify($payload, base64_decode($signature), 
$pubkeyId, OPENSSL_ALGO_SHA256);

function concatPayload($playerId, $bundleId, $timestamp, $salt) {
    $bytes = array_merge(
            unpack('C*', $playerId),
            unpack('C*', $bundleId),
            int64ToBigEndianArray($timestamp),
            base64ToByteArray($salt)
    );

    $payload = '';
    foreach ($bytes as $byte) {
        $payload .= chr($byte);
    }
    return $payload;
}

function int64ToBigEndianArray() {
    //... follow the C# code
}

function base64ToByteArray() {
    //...
}