Android Billing-in App version 3 verify in server

Question

I build Android app with billing-in app(version 3). I want verify purchase in my server PHP with openssl_verify(). I neet four values: $data, $signature, $public_key and $SIGNATURE_ALGORITHM. I found a solution here, but it not understand to me in what form should be $data? I get responseData in Android app:

'{
"orderId":"12999763169054705758.1371079406387615",
"packageName":"com.example.app",
"productId":"exampleSku",
"purchaseTime":1345678900000,
"purchaseState":0,
"developerPayload":"bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQJo4pf9RzJ",
"purchaseToken":"rojeslcdyyiapnqcynkjyyjh"
}'

I have signature from app. How do I need to convert string so I can use it in the function php openssl_verify()?
Thanks.

R11baka R11baka · Accepted Answer · 2013-11-19T10:18:40

I use in my project

 public  function verifySignatureTransaction($signed_data, $signature, $public_key_base64) {
        $key = "-----BEGIN PUBLIC KEY-----\n" .
            chunk_split($public_key_base64, 64, "\n") .
            '-----END PUBLIC KEY-----';
        //using PHP to create an RSA key
        $key = openssl_pkey_get_public($key);

        if ($key === false) {
            throw new \InvalidArgumentException("Public key not valid");
        }
        $signature = base64_decode($signature);
        //using PHP's native support to verify the signature
        $result = openssl_verify(
            $signed_data,
            $signature,
            $key,
            OPENSSL_ALGO_SHA1
        );
        if (0 === $result) {
            return false;
        } else {
            if (1 !== $result) {
                return false;
            } else {
                return true;
            }
        }
    }

And $signed_data its json string without formatting

Android Billing-in App version 3 verify in server

1 Answers