RichUtils / pyxis.uzuki.live.richutilskt.module.iap / RInAppBilling / Security

Security

object Security

Security-related methods. For a secure implementation, all of this code should be implemented on a server that communicates with the application on the device. For the sake of simplicity and clarity of this example, this code is included here and is executed on the device. If you must verify the purchases on the phone, you should obfuscate this code to make it harder for an attacker to replace the code with stubs that treat all purchases as verified.

Functions

generatePublicKey

fun generatePublicKey(encodedPublicKey: String): PublicKey

Generates a PublicKey instance from a string containing the Base64-encoded public key.

verify

fun verify(publicKey: PublicKey, signedData: String, signature: String): Boolean

Verifies that the signature from the server matches the computed signature on the data. Returns true if the data is correctly signed.

verifyPurchase

fun verifyPurchase(productId: String, base64PublicKey: String, signedData: String, signature: String): Boolean

Verifies that the data was signed with the given signature, and returns the verified purchase. The data is in JSON format and signed with a private key. The data also contains the purchaseState and product ID of the purchase.