Android Question INAPP_PURCHASE_DATA and INAPP_DATA_SIGNATURE

MarkQWE

Member
Licensed User
Longtime User
Aloha,

I'm trying to get the Data signature and Purchase data string from an In App Purchase to post to my server after the purchase is complete. I'm using a PHP script to verify the data before I write it to the database and allow the user to download. In the manager_PurchaseCompleted there is no option for this though I see it in the debugging code. If anyone could offer tips on accessing INAPP_PURCHASE_DATA and INAPP_DATA_SIGNATURE I would greatly appreciate it.
 

MarkQWE

Member
Licensed User
Longtime User
Put a breakpoint in PurchaseCompleted and inspect the Product object with the debugger. Do you see the required values?

Thanks for your reply.

Here is from the debug data:

---
Ending async operation: launchPurchaseFlow
Successful resultcode from purchase activity.
Purchase data: {"orderId":"12999...","packageName":"com.xxx.xxxxxxx","productId":"12345","purchaseTime":1415222294020,"purchaseState":0,"developerPayload":"purchase string","purchaseToken":"fkghjii..."}
Data signature: EHW4v...
---
I shortened some of it for demo purpose. When I pull it from the debug data and post these to my PHP script I can verify it using "function verify_market_in_app($signed_data, $signature, $public_key_base64)" - works great, but that is manually pulling it for testing.

On the developer site, I am looking at getBuyIntent() which holds the json string INAPP_PURCHASE_DATA and also INAPP_DATA_SIGNATURE, but am not sure how to access it...or whether this is the best way to go about it. Thought I should ask and see what other people are doing.
 
Upvote 0

MarkQWE

Member
Licensed User
Longtime User
You can get the signature with:
B4X:
Dim jo As JavaObject = Product
Log(jo.RunMethod("getSignature", null))

Thank you, Erel

I had been trying to use the reflector library with the purchase object earlier. Using your method I am able to get both strings.

Purchase.getOriginalJson()
Purchase.getSignature()
 
Upvote 0

peacemaker

Expert
Licensed User
Longtime User
Thank you, Erel
Purchase.getOriginalJson()
Purchase.getSignature()

Is it possible to share your way\code (including PHP) of checking the signature for all B4A community?

I found code for local signature checking, but how to implement for B4A ?:

B4X:
using System;
using System.Security.Cryptography;

namespace Assets.Scripts.Common
{
    public static class GooglePlayPurchaseGuard
    {
        /// <summary>
        /// Verify Google Play purchase. Protect you app against hack via Freedom. More info: http://mrtn.me/blog/2012/11/15/checking-google-play-signatures-on-net/
        /// </summary>
        /// <param name="purchaseJson">Purchase JSON string</param>
        /// <param name="base64Signature">Purchase signature string</param>
        /// <param name="xmlPublicKey">XML public key. Use http://superdry.apphb.com/tools/online-rsa-key-converter to convert RSA public key from Developer Console</param>
        /// <returns></returns>
        public static bool Verify(string purchaseJson, string base64Signature, string xmlPublicKey)
        {
            using (var provider = new RSACryptoServiceProvider())
            {
                try
                {
                    provider.FromXmlString(xmlPublicKey);

                    var signature = Convert.FromBase64String(base64Signature);
                    var sha = new SHA1Managed();
                    var data = System.Text.Encoding.UTF8.GetBytes(purchaseJson);

                    return provider.VerifyData(data, sha, signature);
                }
                catch (Exception e)
                {
                    UnityEngine.Debug.Log(e);
                }

                return false;
            }
        }
    }
}
 
Last edited:
Upvote 0

peacemaker

Expert
Licensed User
Longtime User
Here is Java code: http://stackoverflow.com/questions/...cation-of-receipt-in-dot-netc/5756322#5756322
Please, help to make for B4A.

I'm starting to make code module:
B4X:
'XMLPublicKey = XML public key. Use http://superdry.apphb.com/tools/online-rsa-key-converter to convert RSA public key from Developer Console
Sub Verify (XMLPublicKey As String, Product As Purchase)
Dim OriginalJson, base64Signature As String

Dim jo As JavaObject = Product
base64Signature = jo.RunMethod("getSignature", Null)
OriginalJson = jo.RunMethod("getOriginalJson", Null)

Dim su As StringUtils
Dim signature() As Byte, data(), sha() As Byte
signature = su.DecodeBase64(base64Signature)
data = OriginalJson.GetBytes("UTF8")

Dim ByteCon As ByteConverter
.....
'WHAT next ? :-(

End Sub
 
Last edited:
Upvote 0
Top