/** * Verifies that the response was signed with the given signature * and, optionally, for the right package * * @param AndroidMarket_Licensing_ResponseData|string $responseData * @param string $signature * @return bool */ public function verify($responseData, $signature) { if ($responseData instanceof AndroidMarket_Licensing_ResponseData) { $response = $responseData; } else { $response = new AndroidMarket_Licensing_ResponseData($responseData); } //check package name is valid if (!empty($this->_packageName) && $this->_packageName !== $response->getPackageName()) { return false; } if (!$response->isLicensed()) { return false; } $result = openssl_verify($responseData, base64_decode($signature), $this->_publicKey, self::SIGNATURE_ALGORITHM); //openssl_verify returns 1 for a valid signature if (0 === $result) { return false; } else { if (1 !== $result) { require_once 'AndroidMarket/Licensing/RuntimeException.php'; throw new AndroidMarket_Licensing_RuntimeException('Unknown error verifying the signature in openssl_verify'); } } return true; }
/** * @dataProvider errorResponseCodeProvider */ public function testErroneousResponseIsNotLicensed($responseCode) { $data = $responseCode . '|1448316265|uk.co.davidcaunt.android.licensingtest|1|ANlOHQOP0LkZ7Y0/zy7PIkZ2Nh5B73SgoA==|1308692145367'; $response = new AndroidMarket_Licensing_ResponseData($data); $this->assertFalse($response->isLicensed()); }