object Security
Security-related methods. For a secure implementation, all of this code should be implemented on a server that communicates with the application on the device. For the sake of simplicity and clarity of this example, this code is included here and is executed on the device. If you must verify the purchases on the phone, you should obfuscate this code to make it harder for an attacker to replace the code with stubs that treat all purchases as verified.
fun generatePublicKey(encodedPublicKey: String): PublicKey
Generates a PublicKey instance from a string containing the Base64-encoded public key. |
|
fun verify(publicKey: PublicKey, signedData: String, signature: String): Boolean
Verifies that the signature from the server matches the computed signature on the data. Returns true if the data is correctly signed. |
|
fun verifyPurchase(productId: String, base64PublicKey: String, signedData: String, signature: String): Boolean
Verifies that the data was signed with the given signature, and returns the verified purchase. The data is in JSON format and signed with a private key. The data also contains the purchaseState and product ID of the purchase. |