Game-center-How to Use php to verify the signature returned by gamecenterGKLocalPlayer

Gamecenter provides the following verification process: developer. apple. comlibrarymacdocumentationGameKitReferenc... the following is the procedure: 1. call [GKLocalPlayergenerateIdentityVerificationSignatureWithCo... game center provides the following verification procedures:
Https://developer.apple.com/library/mac/documentation/gamekit/referenc ...:

The procedure is as follows:
1. Call [GKLocalPlayer generateIdentityVerificationSignatureWithCompletionHandler] in your app. (The client calls this method)

1. Send the publicKeyURL, signature, salt, and timestamp parameters to the third party server used for authentication. (get the data returned by the game center and Send it to the server for verification)

2. Use the publicKeyURL on the third party server to download the public key. (Use the public key url provided by the client to download the public key)

3. Verify with the appropriate signing authority that the public key is signed by Apple. (Verify if it is the public key signed by Apple ?)

4. Retrieve the player's playerID and bundleID. (extract the player ID and App BundleId. This is also provided by the client)

5. Concatenate into a data buffer the following information, in the order listed:

   ThePlayerIDParameter in UTF-8 format

   TheBundleIDParameter in UTF-8 format

   TheTimestampParameter in Big-Endian UInt-64 format

   TheSaltParameter

6. Generate a SHA-1 hash value for the buffer. (the hash value is generated by using the above parameters in sequence SHA1)

7. Using the public key downloaded in step 3, verify that the hash value generated in step 7 matches the signature parameter provided by the API. (use the public key downloaded in step 3 and the signature provided by game center to verify the hash value generated in step 1)

Based on these documents, I wrote the following code:

$playerID = 'G:869***86';$bundleID = 'com.****.gcc';$signature =base64_decode('q/rE6vsNyb0458HzYs0TCK/Cz88JmAqob8DM1uwkl5Y9AKrFfZQo/HRtilGlCKvek40PVKUelL0qLZ8M3IBNdV+HshyZVB/SOdo1M7UG1xcqlkRCMlNYLqdpQgpw6GrK3zw4QyyG1Znk2K0AqKN7eeBwcj7KsF2tCFGQpvu+pB+4hEXUYVLRRJ5ElG05/mOzH5oKfugBestANEwPBSheN1FIOFBPVcCbp/9P7HamB3Yi3+rzE1Kv8KIKM5iOi01pIAFMmSfPYjKzrSHGOkI4/KSItAIFq9jQv67YvZP1oCQRttD/K+XvtxbikX++jB4pmq4ctaCZXeFrW6gXxIRGsA==');$timestamp = 1429756461745;$salt = '/Mxf3w==';$pubkeyid  = openssl_pkey_get_public(file_get_contents('gc-sb-2.crt'));$data = sha1($playerID.$bundleID.$timestamp.$salt);var_dump(openssl_verify($data,$signature,$pubkeyid,OPENSSL_ALGO_SHA1));openssl_free_key($pubkeyid);

The certificate file above is converted to pem through the following website. php does not support. cer operations.
Https://www.google.com.tw/url? Sa = t & RDBMS = j & q = & esrc = s & sou...

Verification always fails. Please kindly advise.

Reply content:

Game center provides the following verification procedures:
Https://developer.apple.com/library/mac/documentation/gamekit/referenc ...:

The procedure is as follows:
1. Call [GKLocalPlayer generateIdentityVerificationSignatureWithCompletionHandler] in your app. (The client calls this method)

1. Send the publicKeyURL, signature, salt, and timestamp parameters to the third party server used for authentication. (get the data returned by the game center and Send it to the server for verification)

2. Use the publicKeyURL on the third party server to download the public key. (Use the public key url provided by the client to download the public key)

3. Verify with the appropriate signing authority that the public key is signed by Apple. (Verify if it is the public key signed by Apple ?)

4. Retrieve the player's playerID and bundleID. (extract the player ID and App BundleId. This is also provided by the client)

5. Concatenate into a data buffer the following information, in the order listed:

   ThePlayerIDParameter in UTF-8 format

   TheBundleIDParameter in UTF-8 format

   TheTimestampParameter in Big-Endian UInt-64 format

   TheSaltParameter

6. Generate a SHA-1 hash value for the buffer. (the hash value is generated by using the above parameters in sequence SHA1)

7. Using the public key downloaded in step 3, verify that the hash value generated in step 7 matches the signature parameter provided by the API. (use the public key downloaded in step 3 and the signature provided by game center to verify the hash value generated in step 1)

Based on these documents, I wrote the following code:

$playerID = 'G:869***86';$bundleID = 'com.****.gcc';$signature =base64_decode('q/rE6vsNyb0458HzYs0TCK/Cz88JmAqob8DM1uwkl5Y9AKrFfZQo/HRtilGlCKvek40PVKUelL0qLZ8M3IBNdV+HshyZVB/SOdo1M7UG1xcqlkRCMlNYLqdpQgpw6GrK3zw4QyyG1Znk2K0AqKN7eeBwcj7KsF2tCFGQpvu+pB+4hEXUYVLRRJ5ElG05/mOzH5oKfugBestANEwPBSheN1FIOFBPVcCbp/9P7HamB3Yi3+rzE1Kv8KIKM5iOi01pIAFMmSfPYjKzrSHGOkI4/KSItAIFq9jQv67YvZP1oCQRttD/K+XvtxbikX++jB4pmq4ctaCZXeFrW6gXxIRGsA==');$timestamp = 1429756461745;$salt = '/Mxf3w==';$pubkeyid  = openssl_pkey_get_public(file_get_contents('gc-sb-2.crt'));$data = sha1($playerID.$bundleID.$timestamp.$salt);var_dump(openssl_verify($data,$signature,$pubkeyid,OPENSSL_ALGO_SHA1));openssl_free_key($pubkeyid);

The certificate file above is converted to pem through the following website. php does not support. cer operations.
Https://www.google.com.tw/url? Sa = t & RDBMS = j & q = & esrc = s & sou...

Verification always fails. Please kindly advise.

When transmitting data using POST or GET, if the data contains "+" (plus sign), but the receiving program parses the data, the plus sign is parsed into a space.
Solution:
In php, use the str_replace function, replace the plus sign with "% 2B", and then encode the urlencode. the receiver can use urldecode for decoding.

The "signature" parameter sent by the client contains "+", which must be replaced with "% 2B"