在接google play的充值渠道,用户购买和支付都在客户端完成操作,用户支付完成后,客户端会下发支付信息给充值平台(php开发的),充值平台需要验证这些信息的合法性。请教有开发过的同学,如何使用php验证支付信息。
订单相关信息
"nonce" : 1836535032137741465,
"orders" :
[{ "notificationId" : "android.test.purchased",
"orderId" : "transactionId.android.test.purchased",
"packageName" : "com.example.dungeons",
"productId" : "android.test.purchased",
"developerPayload" : "bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQJo4pf9RzJ",
"purchaseTime" : 1290114783411,
"purchaseState" : 0,
"purchaseToken" : "rojeslcdyyiapnqcynkjyyjh" }]
}
这是文档http://developer.android.com/guide/google/play/billing/billing_overview.html
得到高人的指点。可以这么验证。
- $signture_data = '{"nonce":2923936465474897294,"orders":[{"notificationId":"android.test.purchased","orderId":"transactionId.android.test.purchased","packageName":"com.kunlun.fysg.test","productId":"android.test.purchased","purchaseTime":1346916115611,"purchaseState":0}]}';
-
- $signture = '';
-
- //google app 提供的public key
- $public_key = "";
-
- $public_key = chunk_split($public_key, 64, "\n") . "-----END PUBLIC KEY-----";
-
- $public_key_handle = openssl_get_publickey($public_key);
- $result = openssl_verify($signture_data, base64_decode($signture), $public_key_handle, OPENSSL_ALGO_SHA1);
- if ($result == 1)
- {
- echo "good";
- }
- elseif ($ok == 0)
- {
- echo "bad";
- }
- else
- {
- echo "ugly, error checking signature";
- }