We are trying to implement In-App purchase subscription offer. In our server we are generating the encoded signature based on product id, offer id and user hashname. When the encoded signature is used to make the purchase, it always returns this error : code - 12 (invalidSignature). Cannot connect to iTunes Store. Following is our Node code. Please help us fix this issue. TIA
const UUID = require("uuid-v4");
const microtime = require('microtime');
const express = require('express');
const router = express.Router();
const EC = require("elliptic").ec;
const ec = new EC("secp256k1");
const crypto = require('crypto');
const BN = require('bn.js')
const privateKey = 'private_key_goes_here'; //utf-8 pkcs#8 key
const PrivateKeyBuff = new Buffer(privateKey);
function asn1SigSigToConcatSig(asn1SigBuffer) {
let buff = Buffer.concat([
asn1SigBuffer.r.toArrayLike(Buffer, 'be', 32),
asn1SigBuffer.s.toArrayLike(Buffer, 'be', 32)
]);
return buff.toString('base64')
}
router.post('/',(req, res)=>{
const appBundleId = "bundle.id";
const keyIdentifier = "key_id";
const nonce = String(UUID()).toLowerCase();// Should be lower case
const timestamp = microtime.now();
const productIdentifier = req.body.productIdentifier;
const offerIdentifier = req.body.offerIdentifier;
const applicationUsername = req.body.username;
const payload = appBundleId + '\u2063' + keyIdentifier + '\u2063' + productIdentifier + '\u2063' + offerIdentifier + '\u2063' + applicationUsername + '\u2063' + nonce + '\u2063' + timestamp;
let shaMsg = crypto.createHash("sha256").update(payload).digest();
let bnMsg = new BN(shaMsg);
let signObj = ec.sign(bnMsg, PrivateKeyBuff);
const signature = signObj;
let derSign = signature.toDER();
let base64EncodedSignature = asn1SigSigToConcatSig(signature);
;
let response = {
"nonce": nonce,
"timestamp": timestamp,
"keyIdentifier": keyIdentifier,
"signeture": base64EncodedSignature
}
console.log("signature ", signature);
console.log("response ", response)
res.type('json').send(response);
});
module.exports = router;