C# Класс Billing.Security

Security-related methods. For a secure implementation, all of this code should be implemented on a server that communicates with the application on the device. For the sake of simplicity and clarity of this example, this code is included here and is executed on the device. If you must verify the purchases on the phone, you should obfuscate this code to make it harder for an attacker to replace the code with stubs that treat all purchases as verified.

Показать файл Открыть проект

Открытые методы

Метод	Описание
GenerateNonce ( ) : long	Generates a nonce (a random number used once).
IsNonceKnown ( long nonce ) : bool
RemoveNonce ( long nonce ) : void
Verify ( IPublicKey publicKey, string signedData, string signature ) : bool	Verifies that the signature from the server matches the computed signature on the data. Returns true if the data is correctly signed.
VerifyPurchase ( string signedData, string signature ) : List	Verifies that the data was signed with the given signature, and returns the list of verified purchases. The data is in JSON format and contains a nonce (number used once) that we generated and that was signed (as part of the whole data string) with a private key. The data also contains the PurchaseState and product ID of the purchase. In the general case, there can be an array of purchase transactions because there may be delays in processing the purchase on the backend and then several purchases can be batched together.

Приватные методы

Метод	Описание
GeneratePublicKey ( string encodedPublicKey ) : IPublicKey	Generates a PublicKey instance from a string containing the Base64-encoded public key.

Описание методов

GenerateNonce() публичный статический Метод

Generates a nonce (a random number used once).

public static GenerateNonce ( ) : long
Результат	long

IsNonceKnown() публичный статический Метод

public static IsNonceKnown ( long nonce ) : bool
nonce	long
Результат	bool

RemoveNonce() публичный статический Метод

public static RemoveNonce ( long nonce ) : void
nonce	long
Результат	void

Verify() публичный статический Метод

Verifies that the signature from the server matches the computed signature on the data. Returns true if the data is correctly signed.

public static Verify ( IPublicKey publicKey, string signedData, string signature ) : bool
publicKey	IPublicKey	public key associated with the developer account
signedData	string	signed data from server
signature	string	server signature
Результат	bool

VerifyPurchase() публичный статический Метод

Verifies that the data was signed with the given signature, and returns the list of verified purchases. The data is in JSON format and contains a nonce (number used once) that we generated and that was signed (as part of the whole data string) with a private key. The data also contains the PurchaseState and product ID of the purchase. In the general case, there can be an array of purchase transactions because there may be delays in processing the purchase on the backend and then several purchases can be batched together.

public static VerifyPurchase ( string signedData, string signature ) : List
signedData	string	the signed JSON string (signed, not encrypted)
signature	string	the signature for the data, signed with the private key
Результат	List