com.kxsimon.money.util

类 Security

java.lang.Object

com.kxsimon.money.util.Security

public class Security
extends java.lang.Object

Security-related methods. For a secure implementation, all of this code should be implemented on a server that communicates with the application on the device. For the sake of simplicity and clarity of this example, this code is included here and is executed on the device. If you must verify the purchases on the phone, you should obfuscate this code to make it harder for an attacker to replace the code with stubs that treat all purchases as verified.

构造器概要

构造器

构造器和说明
Security()

方法概要

限定符和类型	方法和说明
static java.security.PublicKey	generatePublicKey(java.lang.String encodedPublicKey) Generates a PublicKey instance from a string containing the Base64-encoded public key.
static boolean	verify(java.security.PublicKey publicKey, java.lang.String signedData, java.lang.String signature) Verifies that the signature from the server matches the computed signature on the data.
static boolean	verifyPurchase(java.lang.String base64PublicKey, java.lang.String signedData, java.lang.String signature) Verifies that the data was signed with the given signature, and returns the verified purchase.

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

构造器详细资料

Security

public Security()

方法详细资料

verifyPurchase

public static boolean verifyPurchase(java.lang.String base64PublicKey,
                                     java.lang.String signedData,
                                     java.lang.String signature)

Verifies that the data was signed with the given signature, and returns the verified purchase. The data is in JSON format and signed with a private key. The data also contains the PurchaseState and product ID of the purchase.

参数:

base64PublicKey - the base64-encoded public key to use for verifying.

signedData - the signed JSON string (signed, not encrypted)

signature - the signature for the data, signed with the private key

generatePublicKey

public static java.security.PublicKey generatePublicKey(java.lang.String encodedPublicKey)

Generates a PublicKey instance from a string containing the Base64-encoded public key.

参数:

encodedPublicKey - Base64-encoded public key

抛出:

java.lang.IllegalArgumentException - if encodedPublicKey is invalid

verify

public static boolean verify(java.security.PublicKey publicKey,
                             java.lang.String signedData,
                             java.lang.String signature)

Verifies that the signature from the server matches the computed signature on the data. Returns true if the data is correctly signed.

参数:

publicKey - public key associated with the developer account

signedData - signed data from server

signature - server signature

返回:

true if the data and signature match