使用 PHP 验证 Windows 8 购买(收据)

我需要验证在 Windows 8 应用服务器端使用 PHP 进行的应用内购买.MSDN 的 文档页面 仅在 C# 中有一个示例.现在我花了一整天的时间来寻找一种在 PHP 中实现它的方法.没有成功.在整个 Internet 上,只有 .NET 示例与此主题相关.

I need to verify in-app purchases made in Windows 8 applications server-side using PHP. MSDN's documentation page has an example only in C#. Right now I've spent a whole day by searching for a way to do it in PHP. No success. All over the internet there are only .NET examples on this topic.

我找到了一些关于签名 XML 和 x509 的部分信息,一些库(xmlseclibs - 无用,使用不支持 sha256 的 openssl_* 函数;phpseclib - 看起来很有希望,但他们的文档和示例很差,没有帮助).

I've found some partial information about signed XML and x509, some libraries (xmlseclibs - useless, uses openssl_* functions which do not support sha256; phpseclib - looks promising but their documentation and examples are poor with no help).

是否可以在不学习有关已签名 XML、RSA 和 x509 的所有内容的情况下以某种方式做到这一点?现在我几乎阅读了所有内容,但到处都是关于编码的信息.无需验证.

Is it possible to do it somehow without learning everything about signed XML, RSA and x509? Right now I've read almost everything but everywhere is info only about encoding. Nothing about verifying.

推荐答案

我设法使用 xmlseclibs 库.

另外,您需要启用 php curl.

Also, you need php curl enabled.

do {
    $doc = new DOMDocument();

    $xml = $_POST['receipt_data']; // your receipt xml here!

    // strip unwanted chars - IMPORTANT!!!
    $xml = str_replace(array("
","	", ""), "", $xml);
    //some (probably mostly WP8) receipts have unnecessary spaces instead of tabs
    $xml = preg_replace('/s+/', " ", $xml);
    $xml = str_replace("> <", "><", $xml);

    $doc->loadXML($xml);
    $receipt = $doc->getElementsByTagName('Receipt')->item(0);
    $certificateId = $receipt->getAttribute('CertificateId');

    $ch = curl_init("https://lic.apps.microsoft.com/licensing/certificateserver/?cid=$certificateId");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

    $publicKey = curl_exec($ch);
    $errno = curl_errno($ch);
    $errmsg = curl_error($ch);
    curl_close($ch);

    if ($errno != 0) {
        $verifyFailed = true;
        break;
    }

    // Verify xml signature
    require('./xmlseclibs.php');
    $objXMLSecDSig = new XMLSecurityDSig();
    $objDSig = $objXMLSecDSig->locateSignature($doc);
    if (!$objDSig) {
        $verifyFailed = true;
        break;
    }
    try {
        $objXMLSecDSig->canonicalizeSignedInfo();
        $retVal = $objXMLSecDSig->validateReference();
        if (!$retVal) {
            throw new Exception("Error Processing Request", 1);
        }
        $objKey = $objXMLSecDSig->locateKey();
        if (!$objKey) {
            throw new Exception("Error Processing Request", 1);
        }
        $key = NULL;
        $objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
        if (! $objKeyInfo->key && empty($key)) {
            $objKey->loadKey($publicKey);
        }
        if (!$objXMLSecDSig->verify($objKey)) {
            throw new Exception("Error Processing Request", 1);
        }
    } catch (Exception $e) {
        $verifyFailed = true;
        break;
    }

    $productReceipt = $doc->getElementsByTagName('ProductReceipt')->item(0);
    $prodictId = $productReceipt->getAttribute('ProductId');
    $purchaseDate = $productReceipt->getAttribute('PurchaseDate');
} while(0);

if ($verifyFailed) {
    // invalid receipt
} else {
    // valid receipt
}

相关文章