Google Play PHP Receipt Validation

2/10/2013 - 7:32 PM

Google Play PHP Receipt Validation

function ValidateGooglePlaySignature( $responseData, $signature, $publicKey, &$status, &$response )
{
    $responseData = trim( $responseData );
    $signature = trim( $signature );
    $response = json_decode( $responseData );

    // Create an RSA key compatible with openssl_verify from our Google Play sig
    $key =    "-----BEGIN PUBLIC KEY-----\n".
    chunk_split($publicKey, 64,"\n").
    '-----END PUBLIC KEY-----';
    $key = openssl_get_publickey( $key );
    
    // Pre-add signature to return array before we decode it
    $retArray = array( 'signature' => $signature );
    
    //Signature should be in binary format, but it comes as BASE64.
    $signature = base64_decode( $signature );
    
    //Verify the signature
    $result = openssl_verify( $responseData, $signature, $key, OPENSSL_ALGO_SHA1 );
    
    $status = ( 1 === $result ) ? 1 : 0;
    $retArray["status"] = $status;
    return $retArray;
}

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Google Play PHP Receipt Validation