1. 首頁
  2. 問答
  3. Parse.com Cloud Code RSA驗證 - Android應用內購買驗證

Parse.com Cloud Code RSA驗證 - Android應用內購買驗證

2014-10-30 106 views
2

我試圖驗證Parse.com Cloud Code上的RSA簽名。基本上我正在嘗試在服務器上進行Android In App Purchase的收據驗證。Parse.com Cloud Code RSA驗證 - Android應用內購買驗證

Parse.com加密模塊不支持驗證方法。所以我找到了一個我輸入的在線的library

var KJUR = require("cloud/jsrsasign-4.7.0/npm/lib/jsrsasign.js"); 
var verifier = new KJUR.crypto.Signature({alg: "SHA1withRSA", prov: "cryptojs/jsrsa"}); 
verifier.initVerifyByCertificatePEM(publicKey); 
verifier.updateString(purchaseData); 
//verifier.updateHex(hexValue); 
var result = verifier.verify(signature);

我做錯了什麼,但不能真正說出什麼。我可能會把簽名,publicKey和purchaseData放在錯誤的地方。

的購買數據如下:(每Android的規格,我改變了數據)

var purchaseData = { 
    orderID: "12999763169854705758.1300523466622834", 
    packageName: "com.blabla.bla", 
    productID: e.purchase.SKU, 
    purchaseTime: new moment(time).valueOf(), 
    purchaseState: 0, 
    developerPayload: "74571d75-98b8-4327-942d-5379309c9033", 
    purchaseToken: "klsDmifojfknmbojimkkkdkm.AO-J1OyXvZ3RH1aPiPD2MIdOUu00FrCnuTCjl1-K3ZD4Puu0zXDPTOAKH3Dc1hq1DZwiNI-AgXwW18gDV3eU9kXCR1IwhADLvVeOSkyu5kzdUBoVNdA42Zc" 
};

我收到以下錯誤:

Result: TypeError: Cannot call method 'bitLength' of undefined 
at RSAKey._rsasign_verifyWithMessageHash [as verifyWithMessageHash] (jsrsasign-4.7.0/npm/lib/jsrsasign.js:251:3675) 
at verify (jsrsasign-4.7.0/npm/lib/jsrsasign.js:230:10483) 
at main.js:43:24

如果你有這樣做的任何以往的經驗,我會感謝您的幫助。由於

來源

2014-10-30 Leonardo Amigoni

回答

1

這裏是如何做到這一點:

var KJUR = require("cloud/jsrsasign.js"); 
var publicKey = 
    "-----BEGIN PUBLIC KEY-----\n" + 
    // your public key from google play 
    "-----END PUBLIC KEY-----\n"; 

var verifier = new KJUR.crypto.Signature({alg: "SHA1withRSA"}); 
verifier.init(publicKey); 
verifier.updateString(signedData); // signedData from IAB response 
var result = verifier.verify(KJUR.b64utohex(signature));

一定要簽名的base64從轉換爲十六進制。

來源

2014-11-06 08:53:46

1

我猜事情已經改變一點點與更新jsrasign - 我的解決辦法是這樣的:

雲/ lib中/ crypto.js:

// jsrasign expects to be running in a browser and expects these to be in the global namespace 
var navigator = {}, 
    window = {}; 

// Include contents of jsrsasign-latest-all-min.js from https://kjur.github.io/jsrsasign/ 

// ------------- Snip ------------- 

// Expose a Validate method 
exports.Validate = function(sText, sPublicKey, sSignature) { 
    var cVerifier = new KJUR.crypto.Signature({ alg: 'SHA1withRSA' }); 

    cVerifier.init("-----BEGIN PUBLIC KEY-----\n" + sPublicKey + "-----END PUBLIC KEY-----\n"); 
    cVerifier.updateString(sText); 
    return cVerifier.verify(b64utohex(sSignature)); 
};

雲/ MakePurchase.js:

var Crypto = require('cloud/lib/crypto'), 
    // You should have got this from https://play.google.com/apps/publish 
    sPublicKey = 'SomethingSlightlySecretUsing64CharactersWithNoSpacesOrNewLines'; 

// Assume you have done something to get back a Google receipt object containing: 
// json: A stringified JSON object with the purchase details 
// signature: A base64 string 
// payload: Data you might have set when you made the purchase 

if (Crypto.Validate(cReceipt.json, sPublicKey, cReceipt.signature)) { 
    // Purchase confirmed 
}

來源

2015-07-15 16:17:07

相關問題

 相關問題