1. 首页
  2. 问答
  3. Parse.com Cloud Code RSA验证 - Android应用内购买验证

Parse.com Cloud Code RSA验证 - Android应用内购买验证

2014-10-30 89 views
2

我试图验证Parse.com Cloud Code上的RSA签名。基本上我正在尝试在服务器上进行Android In App Purchase的收据验证。Parse.com Cloud Code RSA验证 - Android应用内购买验证

Parse.com加密模块不支持验证方法。所以我找到了一个我输入的在线的library

var KJUR = require("cloud/jsrsasign-4.7.0/npm/lib/jsrsasign.js"); 
var verifier = new KJUR.crypto.Signature({alg: "SHA1withRSA", prov: "cryptojs/jsrsa"}); 
verifier.initVerifyByCertificatePEM(publicKey); 
verifier.updateString(purchaseData); 
//verifier.updateHex(hexValue); 
var result = verifier.verify(signature);

我做错了什么,但不能真正说出什么。我可能会把签名,publicKey和purchaseData放在错误的地方。

的购买数据如下:(每Android的规格,我改变了数据)

var purchaseData = { 
    orderID: "12999763169854705758.1300523466622834", 
    packageName: "com.blabla.bla", 
    productID: e.purchase.SKU, 
    purchaseTime: new moment(time).valueOf(), 
    purchaseState: 0, 
    developerPayload: "74571d75-98b8-4327-942d-5379309c9033", 
    purchaseToken: "klsDmifojfknmbojimkkkdkm.AO-J1OyXvZ3RH1aPiPD2MIdOUu00FrCnuTCjl1-K3ZD4Puu0zXDPTOAKH3Dc1hq1DZwiNI-AgXwW18gDV3eU9kXCR1IwhADLvVeOSkyu5kzdUBoVNdA42Zc" 
};

我收到以下错误:

Result: TypeError: Cannot call method 'bitLength' of undefined 
at RSAKey._rsasign_verifyWithMessageHash [as verifyWithMessageHash] (jsrsasign-4.7.0/npm/lib/jsrsasign.js:251:3675) 
at verify (jsrsasign-4.7.0/npm/lib/jsrsasign.js:230:10483) 
at main.js:43:24

如果你有这样做的任何以往的经验,我会感谢您的帮助。由于

来源

2014-10-30 Leonardo Amigoni

回答

1

这里是如何做到这一点:

var KJUR = require("cloud/jsrsasign.js"); 
var publicKey = 
    "-----BEGIN PUBLIC KEY-----\n" + 
    // your public key from google play 
    "-----END PUBLIC KEY-----\n"; 

var verifier = new KJUR.crypto.Signature({alg: "SHA1withRSA"}); 
verifier.init(publicKey); 
verifier.updateString(signedData); // signedData from IAB response 
var result = verifier.verify(KJUR.b64utohex(signature));

一定要签名的base64从转换为十六进制。

来源

2014-11-06 08:53:46

1

我猜事情已经改变一点点与更新jsrasign - 我的解决办法是这样的:

云/ lib中/ crypto.js:

// jsrasign expects to be running in a browser and expects these to be in the global namespace 
var navigator = {}, 
    window = {}; 

// Include contents of jsrsasign-latest-all-min.js from https://kjur.github.io/jsrsasign/ 

// ------------- Snip ------------- 

// Expose a Validate method 
exports.Validate = function(sText, sPublicKey, sSignature) { 
    var cVerifier = new KJUR.crypto.Signature({ alg: 'SHA1withRSA' }); 

    cVerifier.init("-----BEGIN PUBLIC KEY-----\n" + sPublicKey + "-----END PUBLIC KEY-----\n"); 
    cVerifier.updateString(sText); 
    return cVerifier.verify(b64utohex(sSignature)); 
};

云/ MakePurchase.js:

var Crypto = require('cloud/lib/crypto'), 
    // You should have got this from https://play.google.com/apps/publish 
    sPublicKey = 'SomethingSlightlySecretUsing64CharactersWithNoSpacesOrNewLines'; 

// Assume you have done something to get back a Google receipt object containing: 
// json: A stringified JSON object with the purchase details 
// signature: A base64 string 
// payload: Data you might have set when you made the purchase 

if (Crypto.Validate(cReceipt.json, sPublicKey, cReceipt.signature)) { 
    // Purchase confirmed 
}

来源

2015-07-15 16:17:07

相关问题

 相关问题