我正在使用一个简单的 PHP 脚本来验证 Android 订单以解析客户的下载。
$receipt = $_GET['purchaseData'];
$billInfo = json_decode($receipt,true);
$signature = $_GET['dataSignature'];
$public_key_base64 = "xxxxxxxxxxxxxxxx";
$key = "-----BEGIN PUBLIC KEY-----\n".
chunk_split($public_key_base64, 64,"\n").
'-----END PUBLIC KEY-----';
$key = openssl_get_publickey($key);
$signature = base64_decode($signature);
//$result = openssl_verify($billInfo, $signature, $key);
$result = openssl_verify($receipt, $signature, $key);
if (0 === $result) {
echo "0";
} else if (1 !== $result) {
echo "1";
} else {
echo "Hello World!";
}
//added the var_dump($result); as asked by A-2-A
var_dump($result);
结果是0int(0)
我在发布订单后通过应用程序下了一个真实的订单,当尝试验证订单时,我得到的结果是“0”。
我尝试直接HTTP访问
https://domain.com/thankyou.php?purchaseData={"packageName":"com.example.app","orderId":"GPA.1234-5678-1234-98608","productId":"product","developerPayload":"mypurchasetoken","purchaseTime":1455346586453,"purchaseState":0,"developerPayload":"mypurchasetoken","purchaseToken":"ggedobflmccnemedgplmodhp...."}&dataSignature=gwmBf...
我保留第一个问题,因为我的结果仍然是一个猜测。经过进一步调查,我认为这是谷歌发送的签名没有以一种干净的方式被读取的原因。
The signature=gwmBfgGudpG5iPp3L0OnepNlx
当浏览器将其读取为ƒ ~®v‘¹ˆúw
怎样才能让它以正确的方式被阅读呢?