堆棧內存溢出
  簡體   English   中英

使用 xmlsec1 驗證 Windows 8 應用內購買收據

[英]Verifying Windows 8 inapp-purchase receipt with xmlsec1

 原文  2014-04-07 12:37:38       xml/ windows-8/ in-app-purchase/ xmlsec/ xmlsec1

問題描述

如何使用 xmlsec1 驗證 Win8 應用內購買收據? 這是我要做的事情:

  1. 我的樣本收據(保存在文件receipt.xml ):

     <?xml version="1.0"?> <Receipt Version="1.0" ReceiptDate="2012-08-30T23:10:05Z" CertificateId="b809e47cd0110a4db043b3f73e83acd917fe1336" ReceiptDeviceId="4e362949-acc3-fe3a-e71b-89893eb4f528"> <AppReceipt Id="8ffa256d-eca8-712a-7cf8-cbf5522df24b" AppId="55428GreenlakeApps.CurrentAppSimulatorEventTest_z7q3q7z11crfr" PurchaseDate="2012-06-04T23:07:24Z" LicenseType="Full" /> <ProductReceipt Id="6bbf4366-6fb2-8be8-7947-92fd5f683530" ProductId="Product1" PurchaseDate="2012-08-30T23:08:52Z" ExpirationDate="2012-09-02T23:08:49Z" ProductType="Durable" AppId="55428GreenlakeApps.CurrentAppSimulatorEventTest_z7q3q7z11crfr" /> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <DigestValue>cdiU06eD8X/w1aGCHeaGCG9w/kWZ8I099rw4mmPpvdU=</DigestValue> </Reference> </SignedInfo> <SignatureValue>SjRIxS/2r2P6ZdgaR9bwUSa6ZItYYFpKLJZrnAa3zkMylbiWjh9oZGGng2p6/gtBHC2dSTZlLbqnysJjl7mQp/A3wKaIkzjyRXv3kxoVaSV0pkqiPt04cIfFTP0JZkE5QD/vYxiWjeyGp1dThEM2RV811sRWvmEs/hHhVxb32e8xCLtpALYx3a9lW51zRJJN0eNdPAvNoiCJlnogAoTToUQLHs72I1dECnSbeNPXiG7klpy5boKKMCZfnVXXkneWvVFtAA1h2sB7ll40LEHO4oYN6VzD+uKd76QOgGmsu9iGVyRvvmMtahvtL1/pxoxsTRedhKq6zrzCfT8qfh3C1w==</SignatureValue> </Signature>

  2. 使用CertificateId ,我使用此 url檢索證書並將其保存到文件cert 以下是其內容:

     -----BEGIN CERTIFICATE----- MIIDyTCCArGgAwIBAgIQNP+YKvSo8IVArhlhpgc/xjANBgkqhkiG9w0BAQsFADCB jjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Jl ZG1vbmQxHjAcBgNVBAoMFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UECwwN V2luZG93cyBTdG9yZTEgMB4GA1UEAwwXV2luZG93cyBTdG9yZSBMaWNlbnNpbmcw HhcNMTExMTE3MjMwNTAyWhcNMzYxMTEwMjMxMzQ0WjCBjjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1JlZG1vbmQxHjAcBgNVBAoM FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UECwwNV2luZG93cyBTdG9yZTEg MB4GA1UEAwwXV2luZG93cyBTdG9yZSBMaWNlbnNpbmcwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQCcr4/vgqZFtzMqy3jO0XHjBUNx6j7ZTXEnNpLl2VSe zVQA9KK2RlvroXKhYMUUdJpw+txm1mqi/W7D9QOYTq1e83GLhWC9IRh/OSmSYt0e kgVLB+icyRH3dtpYcJ5sspU2huPf4I/Nc06OuXlMsD9MU4Ug9IBD2HSDBEquhGRo xV64YuEH4645oB14LlEay0+JZlkKZ/mVhx/sdzSBfrda1X/Ckc7SOgnTSM3d/DnO 5DKwV2WYn+7i/rBqe4/op6IqQMrPpHyem9Sny+i0xiUMA+1IwkX0hs0gvHM6zDww TMDiTapbCy9LnmMx65oMq56hhsQydLEmquq8lVYUDEzLAgMBAAGjITAfMB0GA1Ud DgQWBBREzrOBz7zw+HWskxonOXAPMa6+NzANBgkqhkiG9w0BAQsFAAOCAQEAeVtN 4c6muxO6yfht9SaxEfleUBIjGfe0ewLBp00Ix7b7ldJ/lUQcA6y+Drrl7vjmkHQK OU3uZiFbCxTvgTcoz9o+1rzR/WPXmqH5bqu6ua/UrobGKavAScqqI/G6o56Xmx/y oErWN0VapN370crKJvNWxh3yw8DCl+W0EcVRiWX5lFsMBNBbVpK4Whp+VhkSJilu iRpe1B35Q8EqOz/4RQkOpVI0dREnuSYkBy/h2ggCtiQ5yfvH5zCdcfhFednYDevS axmt3W5WuHz8zglkg+OQ3qpXaXySRlrmLdxEmWu2MOiZbQkU2ZjBSQmvFAOy0dd6 P1YLS4+Eyh5drQJc0Q== -----END CERTIFICATE-----

  3. 然后我試試這個: xmlsec1 --verify --print-debug --pubkey-cert-pem cert receipt.xml 這是輸出:

     func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha256:subj=unknown:error=12:invalid data:data and digest do not match FAIL SignedInfo References (ok/all): 0/1 Manifests References (ok/all): 0/0 = VERIFICATION CONTEXT == Status: invalid == flags: 0x00000000 == flags2: 0x00000000 == Key Info Read Ctx: = KEY INFO READ CONTEXT == flags: 0x00000000 == flags2: 0x00000000 == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 === KeyReq: ==== keyId: NULL ==== keyType: 0x00000000 ==== keyUsage: 0xffffffff ==== keyBitsSize: 0 === list size: 0 == Key Info Write Ctx: = KEY INFO WRITE CONTEXT == flags: 0x00000000 == flags2: 0x00000000 == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 === KeyReq: ==== keyId: NULL ==== keyType: 0x00000001 ==== keyUsage: 0xffffffff ==== keyBitsSize: 0 === list size: 0 == Signature Transform Ctx: == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL === Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#) === Transform: rsa-sha256 (href=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256) == Signature Method: === Transform: rsa-sha256 (href=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256) == SignedInfo References List: === list size: 1 = REFERENCE VERIFICATION CONTEXT == Status: invalid == URI: "" == Reference Transform Ctx: == TRANSFORMS CTX (status=2) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL === Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature) === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315) === Transform: sha256 (href=http://www.w3.org/2001/04/xmlenc#sha256) === Transform: membuf-transform (href=NULL) == Digest Method: === Transform: sha256 (href=http://www.w3.org/2001/04/xmlenc#sha256) == Manifest References List: === list size: 0 Error: failed to verify file "receipt.xml"

難道我做錯了什么? 我應該提供哪些參數來正確驗證收據? 或者它確實無效(那么有人可以向我提供有效的收據嗎?)?

1 個解決方案

解決方案1
 2 已采納  2014-04-10 19:30:24

我發現如果從receipt.xml刪除所有額外的空格,驗證就會成功。 如果文件在下載和保存時確實包含此文件,則您可能必須通過sed或其他方式運行該文件以將其刪除(如果它確實存在並且您不是自己意外添加的)。

# xmlsec1 --verify --print-debug --pubkey-cert-pem cert receipt.xml
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
= VERIFICATION CONTEXT
== Status: succeeded
== flags: 0x00000000
== flags2: 0x00000000
== Key Info Read Ctx:
= KEY INFO READ CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: rsa
==== keyType: 0x00000001
==== keyUsage: 0x00000002
==== keyBitsSize: 0
=== list size: 0
== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000001
==== keyUsage: 0xffffffff
==== keyBitsSize: 0
=== list size: 0
== Signature Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#)
=== Transform: rsa-sha256 (href=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256)
=== Transform: membuf-transform (href=NULL)
== Signature Method:
=== Transform: rsa-sha256 (href=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256)
== Signature Key:
== KEY
=== method: RSAKeyValue
=== key type: Private
=== key usage: -1
=== rsa key: size = 2048
=== list size: 1
=== X509 Data:
==== Certificate:
==== Subject Name: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Windows Store/CN=Windows Store Licensing
==== Issuer Name: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Windows Store/CN=Windows Store Licensing
==== Issuer Serial: 34FF982AF4A8F08540AE1961A6073FC6
== SignedInfo References List:
=== list size: 1
= REFERENCE VERIFICATION CONTEXT
== Status: succeeded
== URI: ""
== Reference Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
=== Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
=== Transform: sha256 (href=http://www.w3.org/2001/04/xmlenc#sha256)
=== Transform: membuf-transform (href=NULL)
== Digest Method:
=== Transform: sha256 (href=http://www.w3.org/2001/04/xmlenc#sha256)
== Manifest References List:
=== list size: 0

請記住,簽名對確切的文件有效,逐個字符。 對文件的任何更改,甚至是用於格式化的空格,都會使簽名無效。 我懷疑您打開文件時進行了一些格式設置,也許您使用該格式保存了它。

編輯

我忘記了您在為receipt.xml發布的內容中也缺少結束標記。 不過,我懷疑它在您的文件副本中,因為xmlsec1會告訴您如果不是(正如它告訴我的那樣;我必須手動添加它)。

嘗試使用xmllint --noblanks --output receipt.xml receipt.xml刪除不需要的空格和 CR/LF。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 在Python中驗證Windows 8的Inapp購買收據簽名 xmlsec無法驗證簽名 xmlsec在退出時是否返回0? 驗證Windows Phone應用程序內購買收據 MacBook m1 上的 XMLSEC Python 在Mac OS 10.6.8上安裝XMLSec時出錯 使用python 3.4在linux服務器中安裝xmlsec時出錯 如何在 Mac OS X 上使用 openssl 安裝 xmlsec 嘗試執行命令時出現“xmlsec.exe 停止工作”錯誤 - 我的 xmlsec 設置有問題嗎? Signer Gem和XMLSEC格式-在xml中添加模量和指數
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM