直接上代码:
function googleVerify($sdata,$google_public_key)
{
$sdata = json_decode($sdata,true);
$in_app_purchase_data = isset($sdata['receipt'])?$sdata['receipt']:"";
$in_app_data_signature = isset($sdata['signature'])?$sdata['signature']:"";
$public_key = "-----BEGIN PUBLIC KEY-----" . PHP_EOL .
chunk_split($google_public_key, 64, PHP_EOL) .
"-----END PUBLIC KEY-----";
$public_key_handle = openssl_pkey_get_public($public_key);
$result = openssl_verify($in_app_purchase_data, base64_decode($in_app_data_signature), $public_key_handle, OPENSSL_ALGO_SHA1);
$status = 0;
$purchaseTime = 0;
if($result == 1){
$status = 1;
$in_app_purchase_data = json_decode($in_app_purchase_data, true);
$purchaseTime = isset($in_app_purchase_data['purchaseTime'])?intval($in_app_purchase_data['purchaseTime']):0;
}
return ['status'=>$status,'purcaseTime' => intval($purchaseTime)];
}
参数说明:
$google_public_key:在google play console(https://play.google.com/apps/publish/)后台获取 : 开发工具》服务和API 中能看到的KEY.$sdata:格式如下:
//
//$sdata为字符串,非json对象//receipt,signature都是客户端购买后,google返回的数据
$sdata='{
"receipt": "{\"orderId\":\"GPA.3339-1d91-2716-249\",\"packageName\":\"con\",\"productId\":\"com.w.coin1\",\"purchaseTime\":1540265097944,\"purchaseState\":0,\"purchaseToken\":\"ogiafjoiY\"}",
"signature": "fFbfYTh2m/7nL9OZVTkw=="
}';
返回数据:
$status:== 1,为真订单,0为假订单
$purcaseTime: 订单购买的时间戳。