今天测试in_app billing 时,发现Security.java总是会出现 ‘Signature verification failed’ 的提示错误:
/**
* Verifies that the signature from the server matches the computed
* signature on the data. Returns true if the data is correctly signed.
*
* @param publicKey public key associated with the developer account
* @param signedData signed data from server
* @param signature server signature
* @return true if the data and signature match
*/
public static boolean verify(PublicKey publicKey, String signedData, String signature) {
if (Consts.DEBUG) {
Log.i(TAG, "signature: " + signature);
}
Signature sig;
try {
sig = Signature.getInstance(SIGNATURE_ALGORITHM);
sig.initVerify(publicKey);
sig.update(signedData.getBytes());
if (!sig.verify(Base64.decode(signature))) { // 这里总是返回 false ,难证不成功
Log.e(TAG, "Signature verification failed.");
return false; // 可以暂时设为 return true;
}
return true;
} catch (NoSuchAlgorithmException e) {
Log.e(TAG, "NoSuchAlgorithmException.");
} catch (InvalidKeyException e) {
Log.e(TAG, "Invalid key specification.");
} catch (SignatureException e) {
Log.e(TAG, "Signature exception.");
} catch (Base64DecoderException e) {
Log.e(TAG, "Base64 decoding failed.");
}
return false;
}
因为Signature verification failed ,所以总是返回 false, 所有些方法永远无法执行,如
DungeonsPurchaseObserver类中的
@Override
public void onPurchaseStateChange(PurchaseState purchaseState, String itemId,
int quantity, long purchaseTime, String developerPayload) { .....
//这个方法会因为 签名论证失败,而永远无法执行,所以你可以让签名验证部分的代码总是返回true来进行一般测试工作。
}
问题出现的原因: app 没有sign
That signature verification error can be caused by:
1.-A wrong public key. Maybe you've forgotten to copy some character. It happens :)
2.-The .apk must be signed. You can't use the debug.keystore, if you do your signature string will be empty.
And remember, for testing In-app billing:
-
Add Android Market public key to Security.java (
String base64EncodedPublicKey = "your public key here"
) -
Build in release mode and sign it (If you are using Eclipse, you can use the Export Wizard).
-
Upload the release version to Android Market, do not publish it, and create the product list.
-
Install the application onto your device ( adb -d install myapp.apk ) and make a test account primary on your device.
参考资料: