Package 

Class Security

  • 
public class Security

    Security-related methods. For a secure implementation, all of this code should be implemented on a server that communicates with the application on the device. For the sake of simplicity and clarity of this example, this code is included here and is executed on the device. If you must verify the purchases on the phone, you should obfuscate this code to make it harder for an attacker to replace the code with stubs that treat all purchases as verified.

    • Method Summary

      Modifier and Type Method Description
      static boolean verifyPurchase(String base64PublicKey, String signedData, String signature) Verifies that the data was signed with the given signature, and returnsthe verified purchase.
      static PublicKey generatePublicKey(String encodedPublicKey) Generates a PublicKey instance from a string containing theBase64-encoded public key.
      static boolean verify(PublicKey publicKey, String signedData, String signature) Verifies that the signature from the server matches the computedsignature on the data.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • verifyPurchase

         static boolean verifyPurchase(String base64PublicKey, String signedData, String signature)

        Verifies that the data was signed with the given signature, and returnsthe verified purchase. The data is in JSON format and signedwith a private key. The data also contains the PurchaseState and product ID of the purchase.

        Parameters:
        base64PublicKey - the base64-encoded public key to use for verifying.
        signedData - the signed JSON string (signed, not encrypted)
        signature - the signature for the data, signed with the private key

      • generatePublicKey

         static PublicKey generatePublicKey(String encodedPublicKey)

        Generates a PublicKey instance from a string containing theBase64-encoded public key.

        Parameters:
        encodedPublicKey - Base64-encoded public key

      • verify

         static boolean verify(PublicKey publicKey, String signedData, String signature)

        Verifies that the signature from the server matches the computedsignature on the data. Returns true if the data is correctly signed.

        Parameters:
        publicKey - public key associated with the developer account
        signedData - signed data from server
        signature - server signature