2

I can't verify ads watch ads on mobile but I can verify in dashboard on admob

error: error:0909006C:PEM routines:get_name:no start line

$publicKey = openssl_get_publickey($result['keys'][0]['pem']);

$query_string = $_SERVER['QUERY_STRING'];
parse_str($query_string, $query_arr);
$signature = trim($query_arr['signature']);
$signature = str_replace(['-', '_'], ['+', '/'], $signature);
signature .= '===';

    
$message = substr($query_string, 0, strpos($query_string, 'signature') - 1);

$return = [
   'code' => 0,
   'message' => 'error'
];
$success = openssl_verify($message, base64_decode($signature), $publicKey, OPENSSL_ALGO_SHA256);
if ($success === -1) {
  throw new ErrorException(openssl_error_string(), 400);
} elseif ($success === 1) {
   $return['code'] = 1;
   $return['message'] = 'success';
} else {
  throw new ErrorException(openssl_error_string(), 400);
}
Kanin Angnanon
  • 21
  • 1

1 Answers1

0

As the error says, it should start with -----BEGIN PUBLIC KEY----- and end with -----END PUBLIC KEY----- (Reference).

Also, there is no need of base64_decode() for signature in this case. Replace your line with:

$success = openssl_verify($message, $signature, $publicKey, OPENSSL_ALGO_SHA256);

Another example code for the SSV:

<?php
    if(isset($_GET["signature"])) {

        //Get current admob public keys
        $verifier_keys = file_get_contents('https://www.gstatic.com/admob/reward/verifier-keys.json');
        
        if(!$verifier_keys_arr = json_decode($verifier_keys, true)) {
            throw new Exception("Invalid Public Keys");
        } elseif(!is_array($verifier_keys_arr)) {
            throw new Exception("Empty Public Keys");
        }

        $public_key_pem = $verifier_keys_arr['keys'][0]['pem'];

        //Admob sdk will send the query string upon watching ad, just grab them:
        $query_string = $_SERVER['QUERY_STRING'];

        $signature = trim($_GET['signature']);
        // The important thing is the replacement and padding of the signature result string here
        $signature = str_replace(['-', '_'], ['+', '/'], $signature);
        $signature .= '===';

        // The data element string for signing
        $message = substr($query_string, 0, strpos($query_string, 'signature')-1);

        if(openssl_verify($message, $signature, $public_key_pem, OPENSSL_ALGO_SHA256)){
            //verified
            $output = "verified";

            //Get All keys from https://developers.google.com/admob/android/ssv#ssv_callback_parameters
            $reward_item = $_GET['reward_item'];
            $user_id = $_GET['user_id'];
            $custom_data = $_GET['custom_data'];

            //Now do your things after validating the ad response
            //for example
            if($custom_data==="GIVE_COINS") {
                //give coins
            } elseif($custom_data==="LEVEL_UP") {
                //level up
            }

        } else {
            //echo openssl_error_string();
            throw new Exception("Unable to verify the query");
        }
    } else {
        // do nothing, somebody just opened the link
        //echo `Error 404, this page not exists`
    }
?>
Amitoj
  • 171
  • 2
  • 15