要验证签名，请确保以下内容:

To verify the signature you want to make sure of the following:

1. INAPP_PURCHASE_DATA不会以任何方式突变.任何编码或转义更改将导致无效的验证.确保它完整到达服务器的***方法是对它进行base64编码.
2. INAPP_DATA_SIGNATURE也必须保持完好无损，它应该已经进行了base64编码，因此将其发送到您的服务器应该没有问题.
3. openssl_verify 期望同时使用data和signature参数处于原始状态，因此base64会在验证之前进行解码.
4. 它也将signature_alg作为最后一个参数，在这种情况下，sha1WithRSAEncryption应该和默认值一样工作，但是如果有疑问，请尝试其他一些

1. INAPP_PURCHASE_DATA is not mutated in any way. Any encoding or escaping changes will result in a invalid verification. The best way to ensure it gets to your server intact is to base64 encoded it.
2. INAPP_DATA_SIGNATURE also must remain intact, it should already base64 encoded so sending that to your server should not be a problem.
3. openssl_verify expects both data and signature arguments to be in their raw state, so base64 decode before verifying.
4. It also takes signature_alg as the last argument, in this case sha1WithRSAEncryption should work as should the default, but if in doubt try a few other sha1 algorithms to see which ones work.

我***的猜测是为什么它现在对您不起作用，是因为您没有在服务器上收到INAPP_PURCHASE_DATA，而情况却与在应用程序上收到的相同.此 *** 问题也有同样的问题.

My best guess why it's not working for you right now is that you're not receiving the INAPP_PURCHASE_DATA on your server in the same condition that it was received on the app. This *** question had the same problem.