今天测试in_app billing 时,发现Security.java总是会出现 ‘Signature verification failed’ 的提示错误:
/**
* Verifies that the signature from the server matches the computed
* signature on the data. Returns true if the data is correctly signed.
*
* @param publicKey public key associated with the developer account
* @param signedData signed data from server
* @param signature server signature
* @return true if the data and signature match
*/
public static boolean verify(PublicKey publicKey, String signedData, String signature) {
if (Consts.DEBUG) {
Log.i(TAG, "signature: " + signature);
}
Signature sig;
try {
sig = Signature.getInstance(SIGNATURE_ALGORITHM);
sig.initVerify(publicKey);
sig.update(signedData.getBytes());
if (!sig.verify(Base64.decode(signature))) { // 这里总是返回 false ,难证不成功
Log.e(TAG, "Signature verification failed.");
return false; // 可以暂时设为 return true;
}
return true;
} catch (NoSuchAlgorithmException e) {
Log.e(TAG, "NoSuchAlgorithmException.");
} catch (InvalidKeyException e) {
Log.e(TAG, "Invalid key specification.");
} catch (SignatureException e) {
Log.e(TAG, "Signature exception.");
} catch (Base64DecoderException e) {
Log.e(TAG, "Base64 decoding failed.");
}
return false;
}
因为Signature verification failed ,所以总是返回 false, 所有些方法永远无法执行,如
DungeonsPurchaseObserver类中的
@Override
public void onPurchaseStateChange(PurchaseState purchaseState, String itemId,
int quantity, long purchaseTime, String developerPayload) { .....
//这个方法会因为 签名论证失败,而永远无法执行,所以你可以让签名验证部分的代码总是返回true来进行一般测试工作。
}
问题出现的原因: app 没有sign
That signature verification error can be caused by:
1.-A wrong public key. Maybe you've forgotten to copy some character. It happens :)
2.-The .apk must be signed. You can't use the debug.keystore, if you do your signature string will be empty.
And remember, for testing In-app billing:
Add Android Market public key to Security.java (String base64EncodedPublicKey = "your public key here"
)
Build in release mode and sign it (If you are using Eclipse, you can use the Export Wizard).
Upload the release version to Android Market, do not publish it, and create the product list.
Install the application onto your device ( adb -d install myapp.apk ) and make a test account primary on your device.
参考资料: