android in_app billing Signature verification failed.

今天测试in_app billing 时,发现Security.java总是会出现 ‘Signature verification failed’ 的提示错误:

/**

     * Verifies that the signature from the server matches the computed

     * signature on the data.  Returns true if the data is correctly signed.

     *

     * @param publicKey public key associated with the developer account

     * @param signedData signed data from server

     * @param signature server signature

     * @return true if the data and signature match

     */

    public static boolean verify(PublicKey publicKey, String signedData, String signature) {

        if (Consts.DEBUG) {

            Log.i(TAG"signature: " + signature);

        }

        Signature sig;

        try {

            sig = Signature.getInstance(SIGNATURE_ALGORITHM);

            sig.initVerify(publicKey);

            sig.update(signedData.getBytes());

            if (!sig.verify(Base64.decode(signature))) {  // 这里总是返回 false ,难证不成功

                Log.e(TAG"Signature verification failed.");

                return false;  // 可以暂时设为 return true;

            }

            return true;

        } catch (NoSuchAlgorithmException e) {

            Log.e(TAG"NoSuchAlgorithmException.");

        } catch (InvalidKeyException e) {

            Log.e(TAG"Invalid key specification.");

        } catch (SignatureException e) {

            Log.e(TAG"Signature exception.");

        } catch (Base64DecoderException e) {

            Log.e(TAG"Base64 decoding failed.");

        }

        return false;

    }


因为 Signature verification failed  ,所以总是返回 false, 所有些方法永远无法执行,如 

DungeonsPurchaseObserver类中的 

@Override

        public void onPurchaseStateChange(PurchaseState purchaseState, String itemId,

                int quantity, long purchaseTime, String developerPayload) { .....

               //这个方法会因为  签名论证失败,而永远无法执行,所以你可以让签名验证部分的代码总是返回true来进行一般测试工作。 

}


问题出现的原因:  app 没有sign

That signature verification error can be caused by:

1.- A wrong public key. Maybe you've forgotten to copy some character. It happens :)

2.- The .apk must be signed. You can't use the debug.keystore, if you do your signature string will be empty.

And remember, for testing In-app billing:

  • Add Android Market public key to Security.java (String base64EncodedPublicKey = "your public key here")

  • Build in release mode and sign it (If you are using Eclipse, you can use the Export Wizard).

  • Upload the release version to Android Market, do not publish it, and create the product list.

  • Install the application onto your device ( adb -d install myapp.apk ) and make a test account primary on your device.



参考资料:

http://stackoverflow.com/questions/7070573/android-in-app-billing-security-java-says-signature-verification-failed

你可能感兴趣的:(android in_app billing Signature verification failed.)