Fatal编程技术网
  • ruby/
  • 使用Ruby验证从Windows应用商店收到的IAP

使用Ruby验证从Windows应用商店收到的IAP

ruby windows-phone windows-store-apps

使用Ruby验证从Windows应用商店收到的IAP,ruby,in-app-purchase,windows-phone,windows-store-apps,xml-signature,Ruby,In App Purchase,Windows Phone,Windows Store Apps,Xml Signature,我正在尝试使用Ruby验证来自Windows应用商店的收据。我使用gem的方式如下: certificate = OpenSSL::X509::Certificate.new(cert) signed_document = Xmldsig::SignedDocument.new(xml) signed_document.validate(certificate) 但它无法使用采集的数据(在C#中工作)。有人幸运地使用xmldsig验证Windows应用商店收据吗 仅供参考,以下是cert和xm

我正在尝试使用Ruby验证来自Windows应用商店的收据。我使用gem的方式如下:

certificate = OpenSSL::X509::Certificate.new(cert)
signed_document = Xmldsig::SignedDocument.new(xml)
signed_document.validate(certificate)
但它无法使用采集的数据(在C#中工作)。有人幸运地使用xmldsig验证Windows应用商店收据吗

仅供参考,以下是
cert
xml
vars的初始化:

xml = <<-XML
<?xml version="1.0"?>
<Receipt Version="1.0" CertificateId="A656B9B1B3AA509EEA30222E6D5E7DBDA9822DCD" xmlns="http://schemas.microsoft.com/windows/2012/store/receipt">
  <ProductReceipt PurchasePrice="$20.89" PurchaseDate="2012-11-30T21:32:07.096Z" Id="2f9c5c8f-3e1d-4fc7-a871-ac58f7e78053" AppId="3ec6cd9a-ca82-4d38-bfdf-ecafdb35a738" ProductId="Test" ProductType="Consumable" PublisherDeviceId="Test" MicrosoftProductId="59ef70aa-7099-4679-889e-f21919bfd2c6" />
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <DigestValue>FyFb1HGm+yeOIjt18M6TPD4Qzeu469vwDbQs7w72mdA=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>noct5CYBtRwBxVxkUeZIzeDyruLGVBqBMuFuBytpouPLACnQ5dbzdRvWX4XN67IUo0J2FW8DoYcMbf3sAS+PeKKV8SLnU+l8K1hWEbbbugHZezStTzwwkYcZuCTnAk7BYO0aiZWuXm9GiZGT9iyXsYtU1/u87L+llnVibU/m7gV8tD3vG0tVkjzV20C8666mHUsY/jxeq3ed7YY9CT0SDrh5PeL4ESaopBLcncHo/e6lcjyoKbO3e6YuIpsi8DVueeKNhpTlwa5yc0O3qzc5SGnT4Kbhj9NBEXf15/oTaLlg7lJhnQZ0mY+yR8vc4D0SkqD6e5Uc4u64hnu+g3Hphg==</SignatureValue>
  </Signature>
</Receipt>
XML

cert = <<-CERT
-----BEGIN CERTIFICATE-----
MIIDFDCCAgCgAwIBAgIQrih3cQuSeL1CgpLFusfJsTAJBgUrDgMCHQUAMB8xHTAb
BgNVBAMTFElhcFJlY2VpcHRQcm9kdWN0aW9uMB4XDTEyMDIxNzAxMTYyNFoXDTM5
MTIzMTIzNTk1OVowHzEdMBsGA1UEAxMUSWFwUmVjZWlwdFByb2R1Y3Rpb24wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb0CeltVqOOIJiwNGgAr7Z0K4r
AYsHCa1oSFPJXtokz134bi2neJ8bHIKAnT0kwa3xViUxwp3+OZd2t2PshDv0ucZ5
dus6WCnuAw/MHVAodgLQMqYiKeM7VTIi3S1s3iV/66Y8KP7jH3CmE2XCXOQae+bQ
UuyGsTit0ScU7+MofODoNhvONs54n/K1WVnct2wWBpn8GGAS+l2mzOF0jXbMSjtz
7wuK77GeydG+x9paLuHIyCso7tjOqv/lvol5IIX0VnC5G2vC6dWR6MkNL5FzLXns
SuQgoYEUZXPlXJhsmv6oyyenaP0PpYJZcCLLVi1L2hcVo8B2DIEg3I3t8ch/AgMB
AAGjVDBSMFAGA1UdAQRJMEeAEHGLK3BRpCWDa2vU50kI73ehITAfMR0wGwYDVQQD
ExRJYXBSZWNlaXB0UHJvZHVjdGlvboIQrih3cQuSeL1CgpLFusfJsTAJBgUrDgMC
HQUAA4IBAQC4jmOu0H3j7AwVBvpQzPMLBd0GTimBXmJw+nruE+0Hh/0ywGTFNE+K
cQ21L4v+IuP8iMh3lpOcPb23ucuaoNSdWi375/KxrW831dbh+goqCZP7mWbxpnSn
FnuV+R1VPsQjdS+0tg5gjDKNMSx/2fH8krLAkidJ7rvUNmtEWMeVNk0/ZM/ECino
bMSSwbqUuc9Qql9T1epe+xv34a6eek+m4W0VXnLSuKhQS5jdILsyeJWHROZF5mrh
3DQuS0Ll5FzKmJxHf0hyXAo03SSA+x3JphAU4oYbkE9nRTU1tR6iq1D9ZxfQmvzm
IbMfyJ/y89PLs/ewHopSK7vQmGFjfjIl
-----END CERTIFICATE-----
CERT

xml=我可以看出摘要值和签名不正确

这通常是因为不正确的空格或规范化方法

示例代码仅验证签名。我确信这包括验证摘要值。这是两个独立的步骤

我没有C#环境,因此无法验证验证的实际输入

我对该声明的输入感兴趣:


signer.LoadXml((XmlElement)nodeList[0]); 



贝努瓦,你说得对,C代码似乎只验证签名而不是摘要。对于节点列表[0],它是给定XML上的签名节点。如果您需要更多信息,请告诉我。关于空白问题,我尝试了不同的方法来格式化给定的XML收据,但没有一种方法解决了这个问题。你知道如何格式化吗?事实上,这是一个“空白和新行”的问题。添加
xml=xml.gsub(/^\s+/,'').gsub(/\s+$/,'').gsub(/\n/,'')