C# 클래스 Billing.Security

Security-related methods. For a secure implementation, all of this code should be implemented on a server that communicates with the application on the device. For the sake of simplicity and clarity of this example, this code is included here and is executed on the device. If you must verify the purchases on the phone, you should obfuscate this code to make it harder for an attacker to replace the code with stubs that treat all purchases as verified.

파일 보기 프로젝트 열기: MarkEaton1/Monodroid-InApp-Billing

공개 메소드들

메소드	설명
GenerateNonce ( ) : long	Generates a nonce (a random number used once).
IsNonceKnown ( long nonce ) : bool
RemoveNonce ( long nonce ) : void
Verify ( IPublicKey publicKey, string signedData, string signature ) : bool	Verifies that the signature from the server matches the computed signature on the data. Returns true if the data is correctly signed.
VerifyPurchase ( string signedData, string signature ) : List	Verifies that the data was signed with the given signature, and returns the list of verified purchases. The data is in JSON format and contains a nonce (number used once) that we generated and that was signed (as part of the whole data string) with a private key. The data also contains the PurchaseState and product ID of the purchase. In the general case, there can be an array of purchase transactions because there may be delays in processing the purchase on the backend and then several purchases can be batched together.

비공개 메소드들

메소드	설명
GeneratePublicKey ( string encodedPublicKey ) : IPublicKey	Generates a PublicKey instance from a string containing the Base64-encoded public key.

메소드 상세

GenerateNonce() 공개 정적인 메소드

Generates a nonce (a random number used once).

public static GenerateNonce ( ) : long
리턴	long

IsNonceKnown() 공개 정적인 메소드

public static IsNonceKnown ( long nonce ) : bool
nonce	long
리턴	bool

RemoveNonce() 공개 정적인 메소드

public static RemoveNonce ( long nonce ) : void
nonce	long
리턴	void

Verify() 공개 정적인 메소드

Verifies that the signature from the server matches the computed signature on the data. Returns true if the data is correctly signed.

public static Verify ( IPublicKey publicKey, string signedData, string signature ) : bool
publicKey	IPublicKey	public key associated with the developer account
signedData	string	signed data from server
signature	string	server signature
리턴	bool

VerifyPurchase() 공개 정적인 메소드

Verifies that the data was signed with the given signature, and returns the list of verified purchases. The data is in JSON format and contains a nonce (number used once) that we generated and that was signed (as part of the whole data string) with a private key. The data also contains the PurchaseState and product ID of the purchase. In the general case, there can be an array of purchase transactions because there may be delays in processing the purchase on the backend and then several purchases can be batched together.

public static VerifyPurchase ( string signedData, string signature ) : List
signedData	string	the signed JSON string (signed, not encrypted)
signature	string	the signature for the data, signed with the private key
리턴	List