1

我有一个关于开发人员有效负载的问题,我一直在阅读文档,但仍然发现自己很难理解我仍然不了解的 verifydeveloperpayload:

boolean verifyDeveloperPayload(Purchase p) {
        String payload = p.getDeveloperPayload();
        /*
         * TODO: verify that the developer payload of the purchase is correct. It will be
         * the same one that you sent when initiating the purchase.
         *
         * WARNING: Locally generating a random string when starting a purchase and
         * verifying it here might seem like a good approach, but this will fail in the
         * case where the user purchases an item on one device and then uses your app on
         * a different device, because on the other device you will not have access to the
         * random string you originally generated.
         *
         * So a good developer payload has these characteristics:
         *
         * 1. If two different users purchase an item, the payload is different between them,
         *    so that one user's purchase can't be replayed to another user.
         *
         * 2. The payload must be such that you can verify it even when the app wasn't the
         *    one who initiated the purchase flow (so that items purchased by the user on
         *    one device work on other devices owned by the user).
         *
         * Using your own server to store and verify developer payloads across app
         * installations is recommended.
         */
        return true;
    }

如果我的代码是

public void onClick(View v) {
    String item1;
    // TODO Auto-generated method stub
     switch(v.getId()) {
        case R.id.button1: {
            /* TODO: for security, generate your payload here for verification. See the comments on
             *        verifyDeveloperPayload() for more info. Since this is a SAMPLE, we just use
             *        an empty string, but on a production app you should carefully generate this. */

            item1 = "item1";
            String payload = email+item1;

            mHelper.launchPurchaseFlow(this, SKU_2006, RC_REQUEST,
                    mPurchaseFinishedListener, payload);
            break;
            }
         }

}

布尔 verifyDeveloperPayload 中的字符串有效负载是否等于我的 onClick 方法中的字符串有效负载?

我如何以及在哪里比较有效载荷?

4

1 回答 1

8

根据这里的android文档,它指出

第五个参数包含一个“开发人员有效负载”字符串,您可以使用它来发送有关订单的补充信息(它可以是一个空字符串)。通常,这用于传递唯一标识此购买请求的字符串令牌。如果您指定字符串值,Google Play 会将此字符串与购买响应一起返回。随后,当您查询此次购买时,Google Play 会返回此字符串以及购买详情。

安全建议:最好传入一个字符串,以帮助您的应用程序识别进行购买的用户,以便您以后可以验证这是该用户的合法购买。对于消耗品,您可以使用随机生成的字符串,但对于非消耗品,您应该使用唯一标识用户的字符串。

因此,对于产品 ID SKU_2006,如果您启动了购买流程,String payload = email+item1;那么 Google Play 将在响应中返回相同的有效负载,因此您会在这里得到它

boolean verifyDeveloperPayload(Purchase p) {
        String payload = p.getDeveloperPayload();
..
}

现在,让我用代码来定义整个场景:

首先,您将发起一个购买请求,如下所示

String payload = getUserEmailFromAndroidAccounts() + itemUniqueId;

mHelper.launchPurchaseFlow(new PurchaseFinishListener(itemUniqueId), SKU_GAS, 10001,   
   mPurchaseFinishedListener, payload);

如果采购订单成功,来自 Google Play 的响应数据将存储在一个 Purchase 对象中,该对象会传回给侦听器。

    private class PurchaseFinishListener implements IabHelper.OnIabPurchaseFinishedListener {
   private final String mItemUniqeId;
    public PurchaseFinishListener(String itemUniqeId) {

            mItemUniqeId = itemUniqeId;
        }

       public void onIabPurchaseFinished(IabResult result, Purchase purchase) 
       {
          if (result.isFailure()) {
             Log.d(TAG, "Error purchasing: " + result);
             return;
          }      
    if (!verifyDeveloperPayLoad(mItemUniqeId , purchase)) {
     Log.d(TAG, "Authenticity verification failed");
             return;
    }

    // set your product as purchased in your DB or server

    }
    }

现在您的 verifyDeveloperPayLoad(purchase) 方法应如下所示:

 private boolean verifyDeveloperPayLoad(String itemUniqueId , Purchase purchase) {
        String responsePayload = purchase.getDeveloperPayload();
        String computedPayload = getUserEmailFromAndroidAccounts() + itemUniqueId;

        return responsePayload != null && responsePayload.equals(computedPayload);
    }

如果你仔细观察过代码,你肯定会理解工作流程是怎样的。

有关基于订阅的购买和一次性购买的更多信息,请访问 Android 网站。

于 2014-11-20T05:35:54.020 回答