欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

game-center - 怎么用php验证game center GKLocalPlayer 返回的签名

程序员文章站 2022-05-24 15:25:55
...
game center就给出了下面几句验证的流程:
https://developer.apple.com/library/mac/documentation/GameKit/Referenc...:

下面是它的步骤:
1. Call [GKLocalPlayer generateIdentityVerificationSignatureWithCompletionHandler] in your app.(客户端调用此方法)

  1. Send the publicKeyURL, signature, salt, and timestamp parameters to the third party server used for authentication.(拿到game center 返回的数据发送给服务端校验)

  2. Use the publicKeyURL on the third party server to download the public key.(使用客户端提供的public key url下载公匙)

  3. Verify with the appropriate signing authority that the public key is signed by Apple.(验证是否是苹果公司签名的公匙?)

  4. Retrieve the player’s playerID and bundleID.(提取玩家的ID和App的BundleId.也是客户端提供)

  5. Concatenate into a data buffer the following information, in the order listed:

    The playerID parameter in UTF-8 format

    The bundleID parameter in UTF-8 format

    The timestamp parameter in Big-Endian UInt-64 format

    The salt parameter

  6. Generate a SHA-1 hash value for the buffer.(用上面的参数按照顺序SHA1生成hash值)

  7. Using the public key downloaded in step 3, verify that the hash value generated in step 7 matches the signature parameter provided by the API.(用第三步下载的公匙和game center提供的signature验证第7步生成的hash值)

我根据这些文档写了下面的代码:

$playerID = 'G:869***86';
$bundleID = 'com.****.gcc';
$signature =base64_decode('q/rE6vsNyb0458HzYs0TCK/Cz88JmAqob8DM1uwkl5Y9AKrFfZQo/HRtilGlCKvek40PVKUelL0qLZ8M3IBNdV+HshyZVB/SOdo1M7UG1xcqlkRCMlNYLqdpQgpw6GrK3zw4QyyG1Znk2K0AqKN7eeBwcj7KsF2tCFGQpvu+pB+4hEXUYVLRRJ5ElG05/mOzH5oKfugBestANEwPBSheN1FIOFBPVcCbp/9P7HamB3Yi3+rzE1Kv8KIKM5iOi01pIAFMmSfPYjKzrSHGOkI4/KSItAIFq9jQv67YvZP1oCQRttD/K+XvtxbikX++jB4pmq4ctaCZXeFrW6gXxIRGsA==');
$timestamp = 1429756461745;
$salt = '/Mxf3w==';
$pubkeyid  = openssl_pkey_get_public(file_get_contents('gc-sb-2.crt'));

$data = sha1($playerID.$bundleID.$timestamp.$salt);

var_dump(openssl_verify($data,$signature,$pubkeyid,OPENSSL_ALGO_SHA1));
openssl_free_key($pubkeyid);

上面的证书文件是通过下面的网站转换成pem,php不支持对.cer操作。
https://www.google.com.tw/url?sa=t&rct=j&q=&esrc=s&sou...

总是验证失败,请求各位大神帮帮忙,指点一下。

回复内容:

game center就给出了下面几句验证的流程:
https://developer.apple.com/library/mac/documentation/GameKit/Referenc...:

下面是它的步骤:
1. Call [GKLocalPlayer generateIdentityVerificationSignatureWithCompletionHandler] in your app.(客户端调用此方法)

  1. Send the publicKeyURL, signature, salt, and timestamp parameters to the third party server used for authentication.(拿到game center 返回的数据发送给服务端校验)

  2. Use the publicKeyURL on the third party server to download the public key.(使用客户端提供的public key url下载公匙)

  3. Verify with the appropriate signing authority that the public key is signed by Apple.(验证是否是苹果公司签名的公匙?)

  4. Retrieve the player’s playerID and bundleID.(提取玩家的ID和App的BundleId.也是客户端提供)

  5. Concatenate into a data buffer the following information, in the order listed:

    The playerID parameter in UTF-8 format

    The bundleID parameter in UTF-8 format

    The timestamp parameter in Big-Endian UInt-64 format

    The salt parameter

  6. Generate a SHA-1 hash value for the buffer.(用上面的参数按照顺序SHA1生成hash值)

  7. Using the public key downloaded in step 3, verify that the hash value generated in step 7 matches the signature parameter provided by the API.(用第三步下载的公匙和game center提供的signature验证第7步生成的hash值)

我根据这些文档写了下面的代码:

$playerID = 'G:869***86';
$bundleID = 'com.****.gcc';
$signature =base64_decode('q/rE6vsNyb0458HzYs0TCK/Cz88JmAqob8DM1uwkl5Y9AKrFfZQo/HRtilGlCKvek40PVKUelL0qLZ8M3IBNdV+HshyZVB/SOdo1M7UG1xcqlkRCMlNYLqdpQgpw6GrK3zw4QyyG1Znk2K0AqKN7eeBwcj7KsF2tCFGQpvu+pB+4hEXUYVLRRJ5ElG05/mOzH5oKfugBestANEwPBSheN1FIOFBPVcCbp/9P7HamB3Yi3+rzE1Kv8KIKM5iOi01pIAFMmSfPYjKzrSHGOkI4/KSItAIFq9jQv67YvZP1oCQRttD/K+XvtxbikX++jB4pmq4ctaCZXeFrW6gXxIRGsA==');
$timestamp = 1429756461745;
$salt = '/Mxf3w==';
$pubkeyid  = openssl_pkey_get_public(file_get_contents('gc-sb-2.crt'));

$data = sha1($playerID.$bundleID.$timestamp.$salt);

var_dump(openssl_verify($data,$signature,$pubkeyid,OPENSSL_ALGO_SHA1));
openssl_free_key($pubkeyid);

上面的证书文件是通过下面的网站转换成pem,php不支持对.cer操作。
https://www.google.com.tw/url?sa=t&rct=j&q=&esrc=s&sou...

总是验证失败,请求各位大神帮帮忙,指点一下。

在用POST或者GET传送数据时,如果数据里含有"+"(加号),但接收程序解析数据时,会把这个加号解析成空格。
解决办法:
在php里面,先用str_replace函数,将加号替换成"%2B",然后进行urlencode编码,在接收方用urldecode解码就可正常使用了。

客户端发送的“signature”这个参数里有“+”,需要替换成“%2B”