Created
February 11, 2019 05:47
-
-
Save ponnamkarthik/3e949f6929c26fbd7cab3df249c58bcc to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BillingClient mBillingClient; | |
| // To get key go to Developer Console > Select your app > Development Tools > Services & APIs. | |
| String base64Key = "PLACE_YOUR_KEY_HERE"; | |
| mBillingClient = BillingClient.newBuilder(this).setListener(new PurchasesUpdatedListener() { | |
| @Override | |
| public void onPurchasesUpdated(int responseCode, @Nullable List<Purchase> purchases) { | |
| for(Purchase purchase: purchases) { | |
| // When every a new purchase is made | |
| // Here we verify our purchase | |
| if (!verifyValidSignature(purchase.getOriginalJson(), purchase.getSignature())) { | |
| // Invalid purchase | |
| // show error to user | |
| Log.i(TAG, "Got a purchase: " + purchase + "; but signature is bad. Skipping..."); | |
| return; | |
| } else { | |
| // purchase is valid | |
| // Perform actions | |
| } | |
| } | |
| } | |
| }).build(); | |
| // create this function | |
| /** | |
| * Verifies that the purchase was signed correctly for this developer's public key. | |
| * <p>Note: It's strongly recommended to perform such check on your backend since hackers can | |
| * replace this method with "constant true" if they decompile/rebuild your app. | |
| * </p> | |
| */ | |
| private boolean verifyValidSignature(String signedData, String signature) { | |
| try { | |
| return Security.verifyPurchase(base64Key, signedData, signature); | |
| } catch (IOException e) { | |
| Log.e(TAG, "Got an exception trying to validate a purchase: " + e); | |
| return false; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment