android in_app billing Signature verification failed.

今天测试in_app billing 时,发现Security.java总是会出现 ‘Signature verification failed’ 的提示错误:

/**

* Verifies that the signature from the server matches the computed

* signature on the data. Returns true if the data is correctly signed.

*

* @param publicKey public key associated with the developer account

* @param signedData signed data from server

* @param signature server signature

* @return true if the data and signature match

*/

public static boolean verify(PublicKey publicKey, String signedData, String signature) {

if (Consts.DEBUG) {

Log.i(TAG, "signature: " + signature);

}

Signature sig;

try {

sig = Signature.getInstance(SIGNATURE_ALGORITHM);

sig.initVerify(publicKey);

sig.update(signedData.getBytes());

if (!sig.verify(Base64.decode(signature))) { // 这里总是返回 false ,难证不成功

Log.e(TAG, "Signature verification failed.");

return false; // 可以暂时设为 return true;

}

return true;

} catch (NoSuchAlgorithmException e) {

Log.e(TAG, "NoSuchAlgorithmException.");

} catch (InvalidKeyException e) {

Log.e(TAG, "Invalid key specification.");

} catch (SignatureException e) {

Log.e(TAG, "Signature exception.");

} catch (Base64DecoderException e) {

Log.e(TAG, "Base64 decoding failed.");

}

return false;

}


因为Signature verification failed ,所以总是返回 false, 所有些方法永远无法执行,如

DungeonsPurchaseObserver类中的

@Override

public void onPurchaseStateChange(PurchaseState purchaseState, String itemId,

int quantity, long purchaseTime, String developerPayload) { .....

//这个方法会因为 签名论证失败,而永远无法执行,所以你可以让签名验证部分的代码总是返回true来进行一般测试工作。

}


问题出现的原因: app 没有sign

That signature verification error can be caused by:

1.-A wrong public key. Maybe you've forgotten to copy some character. It happens :)

2.-The .apk must be signed. You can't use the debug.keystore, if you do your signature string will be empty.

And remember, for testing In-app billing:

  • Add Android Market public key to Security.java (String base64EncodedPublicKey = "your public key here")

  • Build in release mode and sign it (If you are using Eclipse, you can use the Export Wizard).

  • Upload the release version to Android Market, do not publish it, and create the product list.

  • Install the application onto your device ( adb -d install myapp.apk ) and make a test account primary on your device.



参考资料:

http://stackoverflow.com/questions/7070573/android-in-app-billing-security-java-says-signature-verification-failed

你可能感兴趣的:(android)