Android Open Source - game_guess_lib Security






From Project

Back to project page game_guess_lib.

License

The source code is released under:

MIT License

If you think the Android project game_guess_lib listed in this page is inappropriate, such as containing malicious code/tools or violating the copyright, please email info at java2s dot com, thanks.

Java Source Code

/* Copyright (c) 2012 Google Inc.
 *// w w  w.ja  v  a  2 s  .  com
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.android.vending.billing.util;

import android.text.TextUtils;
import android.util.Log;

import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;

/**
 * Security-related methods. For a secure implementation, all of this code
 * should be implemented on a server that communicates with the
 * application on the device. For the sake of simplicity and clarity of this
 * example, this code is included here and is executed on the device. If you
 * must verify the purchases on the phone, you should obfuscate this code to
 * make it harder for an attacker to replace the code with stubs that treat all
 * purchases as verified.
 */
public class Security {

    private static final String TAG = "IABUtil/Security";

    private static final String KEY_FACTORY_ALGORITHM = "RSA";
    private static final String SIGNATURE_ALGORITHM = "SHA1withRSA";

    /**
     * Verifies that the data was signed with the given signature, and returns
     * the verified purchase. The data is in JSON format and signed
     * with a private key. The data also contains the {@link PurchaseState} and product ID of the purchase.
     * 
     * @param base64PublicKey
     *            the base64-encoded public key to use for verifying.
     * @param signedData
     *            the signed JSON string (signed, not encrypted)
     * @param signature
     *            the signature for the data, signed with the private key
     */
    public static boolean verifyPurchase(String base64PublicKey, String signedData, String signature) {
        if (signedData == null) {
            Log.e(TAG, "data is null");
            return false;
        }

        boolean verified = false;
        if (!TextUtils.isEmpty(signature)) {
            PublicKey key = Security.generatePublicKey(base64PublicKey);
            verified = Security.verify(key, signedData, signature);
            if (!verified) {
                Log.w(TAG, "signature does not match data.");
                return false;
            }
        }
        return true;
    }

    /**
     * Generates a PublicKey instance from a string containing the
     * Base64-encoded public key.
     * 
     * @param encodedPublicKey
     *            Base64-encoded public key
     * @throws IllegalArgumentException
     *             if encodedPublicKey is invalid
     */
    public static PublicKey generatePublicKey(String encodedPublicKey) {
        try {
            byte[] decodedKey = Base64.decode(encodedPublicKey);
            KeyFactory keyFactory = KeyFactory.getInstance(KEY_FACTORY_ALGORITHM);
            return keyFactory.generatePublic(new X509EncodedKeySpec(decodedKey));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        } catch (InvalidKeySpecException e) {
            Log.e(TAG, "Invalid key specification.");
            throw new IllegalArgumentException(e);
        } catch (Base64DecoderException e) {
            Log.e(TAG, "Base64 decoding failed.");
            throw new IllegalArgumentException(e);
        }
    }

    /**
     * Verifies that the signature from the server matches the computed
     * signature on the data. Returns true if the data is correctly signed.
     * 
     * @param publicKey
     *            public key associated with the developer account
     * @param signedData
     *            signed data from server
     * @param signature
     *            server signature
     * @return true if the data and signature match
     */
    public static boolean verify(PublicKey publicKey, String signedData, String signature) {
        Signature sig;
        try {
            sig = Signature.getInstance(SIGNATURE_ALGORITHM);
            sig.initVerify(publicKey);
            sig.update(signedData.getBytes());
            if (!sig.verify(Base64.decode(signature))) {
                Log.e(TAG, "Signature verification failed.");
                return false;
            }
            return true;
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, "NoSuchAlgorithmException.");
        } catch (InvalidKeyException e) {
            Log.e(TAG, "Invalid key specification.");
        } catch (SignatureException e) {
            Log.e(TAG, "Signature exception.");
        } catch (Base64DecoderException e) {
            Log.e(TAG, "Base64 decoding failed.");
        }
        return false;
    }
}




Java Source Code List

com.android.vending.billing.util.Base64DecoderException.java
com.android.vending.billing.util.Base64.java
com.android.vending.billing.util.IabException.java
com.android.vending.billing.util.IabHelper.java
com.android.vending.billing.util.IabResult.java
com.android.vending.billing.util.Inventory.java
com.android.vending.billing.util.Purchase.java
com.android.vending.billing.util.Security.java
com.android.vending.billing.util.SkuDetails.java
com.wkmf.guess.lib.common.Constants.java
com.wkmf.guess.lib.common.ads.GuessGameAdsListener.java
com.wkmf.guess.lib.common.ads.GuessGameAds.java
com.wkmf.guess.lib.common.api.GuessApi.java
com.wkmf.guess.lib.common.api.GuessRestApi.java
com.wkmf.guess.lib.common.async.DownloadTask.java
com.wkmf.guess.lib.common.dialog.DialogElement.java
com.wkmf.guess.lib.common.dialog.DialogModalListAdapter.java
com.wkmf.guess.lib.common.dialog.DialogModal.java
com.wkmf.guess.lib.data.GuessGameBDDHandler.java
com.wkmf.guess.lib.data.GuessSQL.java
com.wkmf.guess.lib.impl.GuessGameBaseApp.java
com.wkmf.guess.lib.impl.GuessGameImageDownload.java
com.wkmf.guess.lib.impl.GuessGameInterface.java
com.wkmf.guess.lib.purchase.items.GuessGameItems.java
com.wkmf.guess.lib.screen.GuessLevelScreen.java
com.wkmf.guess.lib.screen.GuessMainScreen.java
com.wkmf.guess.lib.screen.GuessQuestionScreen.java
com.wkmf.guess.lib.screen.adapter.LevelsAdapter.java
com.wkmf.guess.lib.screen.adapter.QuestionsAdapter.java
com.wkmf.guess.lib.service.GuessGameService.java
com.wkmf.guess.lib.service.GuessGameUpdater.java
com.wkmf.guess.lib.service.ServiceStarter.java
com.wkmf.guess.lib.structure.GuessConfig.java
com.wkmf.guess.lib.structure.GuessDrawable.java
com.wkmf.guess.lib.structure.GuessGame.java
com.wkmf.guess.lib.structure.GuessLevelType.java
com.wkmf.guess.lib.structure.GuessLevel.java
com.wkmf.guess.lib.structure.GuessQuestion.java