couldn't verify android inapp billing via php server

Question

I need to verify android purchase data via php server but the verification alway return false. Here my android code in case purchase success:

if (result.isSuccess()) {
    //TODO send purchase info to web server, should verify bill info
    String postData = "purchase_data=" + purchase.getOriginalJson() + "&"
                    + "signature=" + purchase.getSignature();
    webView.postUrl(url, EncodingUtils.getBytes(postData, "BASE64"));
}

and here is my php code:

$receipt = $_POST['purchase_data'];
$billInfo = json_decode($receipt,true);
$signature = $_POST['signature'];
$public_key_base64 = "my base64 public key";
$key =  "-----BEGIN PUBLIC KEY-----\n".
        chunk_split($public_key_base64, 64,"\n").
       '-----END PUBLIC KEY-----';   

$key = openssl_get_publickey($key);

$signature = base64_decode($signature);

$result = openssl_verify($billInfo, $signature, $key);
if (0 === $result) {
        return false;
    } else if (1 !== $result) {
        return false;
    } else {
        return true;
    }

the returned value is always false. Who can tell me where my wrong? Thanks in advance

Answer 1

I found what you mistaked.

$receipt = $_POST['purchase_data'];
$billInfo = json_decode($receipt,true);
...
$result = openssl_verify($billInfo, $signature, $key);

you verified decoded object with key. so it is always be failed.

try this and get success,

$result = openssl_verify($receipt, $signature, $key);

signature verify string(purchase_data) not decoded OBJECT.