
I need to verify android purchase data via php server but the verification alway return false. Here my android code in case purchase success:

if (result.isSuccess()) {
    //TODO send purchase info to web server, should verify bill info
    String postData = "purchase_data=" + purchase.getOriginalJson() + "&"
                    + "signature=" + purchase.getSignature();
    webView.postUrl(url, EncodingUtils.getBytes(postData, "BASE64"));

and here is my php code:

$receipt = $_POST['purchase_data'];
$billInfo = json_decode($receipt,true);
$signature = $_POST['signature'];
$public_key_base64 = "my base64 public key";
$key =  "-----BEGIN PUBLIC KEY-----\n".
        chunk_split($public_key_base64, 64,"\n").
       '-----END PUBLIC KEY-----';   

$key = openssl_get_publickey($key);

$signature = base64_decode($signature);

$result = openssl_verify($billInfo, $signature, $key);
if (0 === $result) {
        return false;
    } else if (1 !== $result) {
        return false;
    } else {
        return true;

the returned value is always false. Who can tell me where my wrong? Thanks in advance

도움이 되었습니까?


I found what you mistaked.

$receipt = $_POST['purchase_data'];
$billInfo = json_decode($receipt,true);
$result = openssl_verify($billInfo, $signature, $key);

you verified decoded object with key. so it is always be failed.

try this and get success,

$result = openssl_verify($receipt, $signature, $key);

signature verify string(purchase_data) not decoded OBJECT.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top