'How to verify unity's GooglePlay in app billing signature?

from unity reference, to verify an in-app purchase(GooglePlay), we should get Payload from Receipt, then verify Payload.json(INAPP_PURCHASE_DATA) and Payload.signature(INAPP_DATA_SIGNATURE) like this:

const (
    cGooglePubKey = "MIIBIjANBgkqhki...............AQAB"
)

var (
    data = `{\"orderId\":\"GPA.A-B-C-D\",\"packageName\":\"com.x.y\",\"productId\":\"pdt1\",\"purchaseTime\":1653297088926,\"purchaseState\":0,\"purchaseToken\":\"xxxxx\",\"acknowledged\":false}`
    sign = "R6U/cmXT...RfOg=="
)

func main() {
    if ok, err := validateGooglePay(data, sign, cGooglePubKey); ok {
        println("YES!!")
    } else {
        println(err.Error())
    }
}

func validateGooglePay(purchaseData string, signature string, publicKey string) (bool, error) {
    decodePublic, err := base64.StdEncoding.DecodeString(publicKey)
    if err != nil {
        return false, err
    }
    pubInterface, err := x509.ParsePKIXPublicKey(decodePublic)
    if err != nil {
        return false, err
    }
    pubKey, _ := pubInterface.(*rsa.PublicKey)
    decodeSign, err := base64.StdEncoding.DecodeString(signature)
    if err != nil {
        return false, err
    }

    sh1 := sha1.New()
    sh1.Write([]byte(purchaseData))
    hashData := sh1.Sum(nil)
    result := rsa.VerifyPKCS1v15(pubKey, crypto.SHA1, hashData, decodeSign)
    if result != nil {
        return false, result
    }
    return true, nil
}

But I failed with "crypto/rsa: verification error"! And WHY?

I even use PHP to test, still failed:

<?php
if (checkGpBilling() !== true) {
 print("FAILED\n");   
}

function checkGpBilling() {
    $inappPurchaseData = '{\"orderId\":\"GPA.A-B-C-D\",\"packageName\":\"com.x.y\",\"productId\":\"pdt2\",\"purchaseTime\":1653297088926,\"purchaseState\":0,\"purchaseToken\":\"hmj...f3A\",\"acknowledged\":false}';
    $inappDataSignature = 'R6U/cmX...RfOg==';
    $googlePublicKey = 'MIIBIjANBgkqhki...AQAB';
 
    $publicKey = "-----BEGIN PUBLIC KEY-----". PHP_EOL .
                                                     chunk_split($googlePublicKey, 64, PHP_EOL) . 
                                                     "-----END PUBLIC KEY-----";
 
    $publicKeyHandle =  openssl_get_publickey($publicKey);
    $result = openssl_verify($inappPurchaseData, base64_decode($inappDataSignature), $publicKeyHandle, OPENSSL_ALGO_SHA1);
    if (1 !== $result) {
            print($result);
            return false;
    }
 
    return true;
}

Can anyone correct me if i was wrong, or please tell me the right way/code? thanks very much!

unity3dgo


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How do I find the size of the array in go

How to cache the compiled regex in Go

Adding metric labels in prometheus on the fly

Golang http request results in EOF errors when making multiple requests successively

Chromedp with Golang has deadline exceeded if element doesnt exist. Is there a way to extend the context timeout after a deadline?

Is a Go goroutine a coroutine?

How to delete an element from a Slice in Golang

Need help on creating a UDF, returning "Unable to create a new Lua state"

chromedp - Go - Show invalid printer settings error (-32000) - When setting WithMarginTop

How to sort map by value and if value equals then by key in Go?

How to correctly set Mock Row and Query for go-sqlmock

Mock functions in Go

How do I reverse an array in Go?

Increase Heap size in GO

Go linter in VS code not working for packages across multiple files?