android in_app billing Signature verification failed.

今天测试in_app billing 时，发现Security.java总是会出现 ‘Signature verification failed’的提示错误：

/**

     * Verifies that the signature from the server matches the computed

     * signature on the data.  Returns true if the data is correctly signed.

     *

     * @param publicKey public key associated with the developer account

     * @param signedData signed data from server

     * @param signature server signature

     * @return true if the data and signature match

     */

    public static boolean verify(PublicKey publicKey, String signedData, String signature) {

        if (Consts.DEBUG) {

            Log.i(TAG,"signature: " + signature);

        }

        Signature sig;

        try {

            sig = Signature.getInstance(SIGNATURE_ALGORITHM);

            sig.initVerify(publicKey);

            sig.update(signedData.getBytes());

            if (!sig.verify(Base64.decode(signature))) {  // 这里总是返回 false ，难证不成功

                Log.e(TAG,"Signature verification failed.");

                return false;  // 可以暂时设为 return true;

            }

            returntrue;

        } catch (NoSuchAlgorithmException e) {

            Log.e(TAG,"NoSuchAlgorithmException.");

        } catch (InvalidKeyException e) {

            Log.e(TAG,"Invalid key specification.");

        } catch (SignatureException e) {

            Log.e(TAG,"Signature exception.");

        } catch (Base64DecoderException e) {

            Log.e(TAG,"Base64 decoding failed.");

        }

        returnfalse;

    }

因为 Signature verification failed  ，所以总是返回 false, 所有些方法永远无法执行，如 

DungeonsPurchaseObserver类中的 

@Override

        public void onPurchaseStateChange(PurchaseState purchaseState, String itemId,

                int quantity, long purchaseTime, String developerPayload) { .....

               //这个方法会因为  签名论证失败，而永远无法执行，所以你可以让签名验证部分的代码总是返回true来进行一般测试工作。 

}

问题出现的原因：  app 没有sign

That signature verification error can be caused by:

1.- A wrong public key. Maybe you've forgotten to copy some character. It happens :)

2.- The .apk must be signed. You can't use the debug.keystore, if you do your signature string will be empty.

And remember, for testing In-app billing:

• Add Android Market public key to Security.java (String base64EncodedPublicKey = "your public key here")

• Build in release mode and sign it (If you are using Eclipse, you can use the Export Wizard).

• Upload the release version to Android Market, do not publish it, and create the product list.

• Install the application onto your device ( adb -d install myapp.apk ) and make a test account primary on your device.

参考资料：

http://stackoverflow.com/questions/7070573/android-in-app-billing-security-java-says-signature-verification-failed