Admob server-side verification php

PHP
// Google admob public key
$verifier_keys = '{"keys":[{"keyId":3335741209,"pem":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+nzvoGqvDeB9+SzE6igTl7TyK4JB\nbglwir9oTcQta8NuG26ZpZFxt+F2NDk7asTE6/2Yc8i1ATcGIqtuS5hv0Q==\n-----END PUBLIC KEY-----","base64":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+nzvoGqvDeB9+SzE6igTl7TyK4JBbglwir9oTcQta8NuG26ZpZFxt+F2NDk7asTE6/2Yc8i1ATcGIqtuS5hv0Q=="}]}';

// Google callback parameter string, get parameter
$query_string = '';

// json format public key string, array conversion, query according to callback parameter_ Key in string_ ID takes the corresponding public key to verify the signature
$verifier_keys_arr = json_decode($verifier_keys, true);
if(empty($verifier_keys_arr) || !is_array($verifier_keys_arr)){
    throw new Exception("wrong google public keys!");
}
// Two formats of public key, pem and base64 
$publicKey_pem = $verifier_keys_arr['keys'][0]['pem'];
$publicKey_base64 = $verifier_keys_arr['keys'][0]['base64'];
// Format of base64
$publicKeyString = "-----BEGIN PUBLIC KEY-----\n" . wordwrap($publicKey_base64, 64, "\n", true) . "\n-----END PUBLIC KEY-----";
// pem to public key resource object
$publicKey = openssl_pkey_get_public($publicKeyString);
// Note: publickey_ PEM, publickeystring and publickey can be signed normally

// Parsing callback parameters
parse_str($query_string, $query_arr);
// Signature result string
$signature = trim($query_arr['signature']);
// It is important to replace and complement the signature result string here
$signature = str_replace(['-', '_'], ['+', '/'], $signature);
$signature .= '===';

// Data element string to sign
$message = substr($query_string, 0, strpos($query_string, 'signature')-1);

$return = [
    'code' => 0,
    'message' => 'error'
];

//Verify the signature. Use $publicKey and $publicKey here_ PEM and $publickeystring are all OK
$success = openssl_verify($message, base64_decode($signature), $publicKey, OPENSSL_ALGO_SHA256);
if ($success === -1) {
    $return['message'] = '111111'.openssl_error_string();
} elseif ($success === 1) {
    $return['code'] = 1;
    $return['message'] = 'success';
} else {
    $return['message'] = '222222'.openssl_error_string();
}

var_dump($return);
Source

Also in PHP: