如何通过Ruby服务器验证Android In-app Billing?
[英]How do I verify Android In-app Billing with a server with Ruby?
问题描述
I am having trouble figuring out how to verify Androind In-app Billing purchases with my Ruby on Rails server. 
我无法弄清楚如何使用我的Ruby on Rails服务器验证Androind In-app Billing购买。
http://developer.android.com/guide/market/billing/billing_integrate.html http://developer.android.com/guide/market/billing/billing_integrate.html
I think that Android gives a Security.java that has some sort of method to verify on physical device. 我认为Android提供了一种Security.java,它具有某种在物理设备上验证的方法。 From my research it seems like either (1) I need to figure out how to use this Security.java class with my Ruby on Rails server or (2) I need to port Security.java to Ruby. 从我的研究看起来似乎要么(1)我需要弄清楚如何在我的Ruby on Rails服务器上使用这个Security.java类,或者(2)我需要将Security.java移植到Ruby。
Is this correct? 它是否正确? Does anyone know another way to verify the receipt? 有谁知道验证收据的另一种方式?
2 个解决方案
解决方案1
25 已采纳 2011-05-15 20:50:23
I just figured this out. 我刚想通了。
Basically the way it works is that when a purchase succeeds the android market sends back a message (formatted in JSON) with the order details and a cryptographic signature. 基本上它的工作方式是当购买成功时,Android市场会发回一条消息(格式为JSON),其中包含订单详细信息和加密签名。 In the Security.java class the verify function is making sure that the message really did come from the Android market application by verifying the signature using your public key. 在Security.java类中,验证功能通过使用您的公钥验证签名来确保消息确实来自Android市场应用程序。
If you want to use your own server in the mix, you simply need to pass the signature and json payload to your server and verify the json payload on your server. 如果要在混合中使用自己的服务器,只需将签名和json有效负载传递给服务器并验证服务器上的json有效负载。 If you can verify that the json data came from the market application, you can use it to create your server side order objects. 如果您可以验证json数据是否来自市场应用程序,则可以使用它来创建服务器端订单对象。 Then you can respond to your client application that the order was processed and update your UI. 然后,您可以响应客户端应用程序处理订单并更新UI。
What I did in my app is just add in the server communication stuff in the Security class' verify function in place of the existing verify function. 我在我的应用程序中所做的只是在Security类的verify函数中添加服务器通信内容来代替现有的验证函数。
The real trick is writing signature verification code in ruby. 真正的诀窍是在ruby中编写签名验证码。 Here's what works: 这是有效的:
base64_encoded_public_key is your key in your user profile sig is the signature property being passed into the Dungeons security example data is the json string sent back by the market. base64_encoded_public_key是您的用户配置文件中的密钥sig是传递到Dungeons安全示例的签名属性数据是市场发回的json字符串。
require 'rubygems'
require 'openssl'
require 'base64'
base64_encoded_public_key = "YOUR KEY HERE"
data = "JSON_DATA_HERE"
sig = "SIGNATURE HERE"
key = OpenSSL::PKey::RSA.new(Base64.decode64(base64_encoded_public_key))
verified = key.verify( OpenSSL::Digest::SHA1.new, Base64.decode64(sig), data )
解决方案2
5 2011-09-29 09:39:08
This worked for me only after double Base64 decoding of signature. 只有在双Base64解码签名后,这才适用于我。
public_key = Base64.decode64(public_key_b64)
signature = Base64.decode64(Base64.decode64(signature_b64))
signed_data = Base64.decode64(signed_data_b64)
key = OpenSSL::PKey::RSA.new(public_key)
verified = key.verify(OpenSSL::Digest::SHA1.new, signature, signed_data)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.