问题
I am working on the IAB v3 in my android application. After every succes purchase, I want my app to send back the sign data and signature to my php server for verification by the public key generated by google developer console. I found the following code.
<?php
// $data and $signature are assumed to contain the data and the signature
// fetch public key from certificate and ready it
$fp = fopen("/src/openssl-0.9.6/demos/sign/cert.pem", "r");
$cert = fread($fp, 8192);
fclose($fp);
$pubkeyid = openssl_get_publickey($cert);
// state whether signature is okay or not
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1) {
echo "good";
} elseif ($ok == 0) {
echo "bad";
} else {
echo "ugly, error checking signature";
}
// free the key from memory
openssl_free_key($pubkeyid);
?>
Now I have a problem. The public key given by google is in String Base64 Encoded. I do not know how to convert that string key to a ".pem" format.
If I put my Base64 Encoded key to "$pubkeyid" on the above code. A warning will be given.
Warning: openssl_verify() [function.openssl-verify]: supplied key param cannot be coerced into a public key in myxxx.php.
How can I convert my String Base64 Encoded public key to the php accept format ?
Do anyone have the above experience or solution? Please help. Many thanks.
回答1:
To convert the long base64-encoded public key you get from Google into one that you can use in PHP, try this:
$base64EncodedPublicKeyFromGoogle = "..."; // This is the public key for your app you get from Google.
$openSslFriendlyKey = "-----BEGIN PUBLIC KEY-----\n" . chunk_split($base64EncodedPublicKeyFromGoogle, 64, "\n") . "-----END PUBLIC KEY-----";
Then you can pass that into openssl_get_publickey().
$publicKeyId = openssl_get_publickey($openSslFriendlyKey);
As you can see, the format from Google is almost the right kind. It just needs to be broken up into 64-character lines, and prepended/appended with the right header/footer.
You can also use the OpenSSL command to convert the public key like this:
openssl enc -base64 -d -in publickey.base64 -A | openssl rsa -inform DER -pubin > publickey.pem
Then you can read in the generated publickey.pem file with PHP and pass its contents to the openssl_get_publickey() function.
回答2:
My problem was fixed by this API.
https://github.com/mgoldsborough/google-play-in-app-billing-verification
回答3:
A complete solution to the poster's question:
<?php
// $data and $signature are assumed to contain the data and the signature
// Paste your google public key below:
$base64EncodedPublicKeyFromGoogle = "###############################"
//Convert the key to the right format for open SSL
$openSslFriendlyKey = "-----BEGIN PUBLIC KEY-----\n" . chunk_split($base64EncodedPublicKeyFromGoogle, 64, "\n") . "-----END PUBLIC KEY-----";
$publicKeyId = openssl_get_publickey($openSslFriendlyKey);
// free the key from memory
openssl_free_key($publicKeyId);
//Perform signature verification. Don't forget to decode the signature!
$ok = openssl_verify($data, base64_decode($signature), $publicKeyId, OPENSSL_ALGO_SHA1);
if ($ok == 1) {
echo "good";
} elseif ($ok == 0) {
echo "bad";
} else {
echo openssl_error_string();
}
?>
来源:https://stackoverflow.com/questions/14431379/android-in-app-billing-signature-verification-in-php-server