在SafetyNet认证中是否需要API密钥？

Question

在SafetyNet认证中是否需要API密钥？

androidgoogle-play-servicesapi-keyandroid-securitysafetynet

9

我已经成功创建了SafetyNet认证的后端服务和安卓客户端。当我发送JWS令牌到我的服务器并尝试验证其证书时，发现没有签署它的证书。

我应该在我的安卓应用程序中添加API密钥吗？

我的认证结果：

eyJhbGciOiJSUzI1NiIsIng1YyI6WyJNSUlFaURDQ0EzQ2dBd0lCQWdJSWNkK3ZTTGZWdWxrd0RRWUpLb1pJaHZjTkFRRUxCUUF3U1RFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBb1RDa2R2YjJkc1pTQkpibU14SlRBakJnTlZCQU1USEVkdmIyZHNaU0JKYm5SbGNtNWxkQ0JCZFhSb2IzSnBkSGtnUnpJd0hoY05NVFl3TnpFeU1UVTBNelUwV2hjTk1UY3dOekV4TURBd01EQXdXakJzTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVFc5MWJuUmhhVzRnVm1sbGR6RVRNQkVHQTFVRUNnd0tSMjl2WjJ4bElFbHVZekViTUJrR0ExVUVBd3dTWVhSMFpYTjBMbUZ1WkhKdmFXUXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3WEtyS0ZRRlBTckthS252NG9MSUhXNlVVMEk2STV2Q1FERFJOUlg2NWQrMVJLUWg0aDNoUHlTQ21MR2thREg0Q3Rud1lCdmRhWmZHUnVJVWx4K21zRjlkbU8rZzR0U2tSaXdrRzBxZ1VVN3docDk2ZHJoZkFrdDdPc2RzUWhmQWlTcmljdDlrTTRISElOVFVadjU0bXhkQmI0SkVBSlAvWlBDL2h5alAwRnlwNFlWVkdGN3RrQ09zUTVzYlB3cTBrbVJ0citobG41TXYwN1oxdkQwTG1MMU8yQy9qQUVCWGlhV3IzTjltenRXK2w3dEllOW1yY3FvUTB1UXdDWTd6YWdjb1czeFRmVExKVGdGTU5ZU0RtaDBEV2NZZUhidjNHQUtTR0hCSWZIWlQranhhZTlwam5pSi8zY3VmOWhVcUZPTGV3blI0TGdiTzNtSlc4a0dtWVFJREFRQUJvNElCVHpDQ0FVc3dIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUIwR0ExVWRFUVFXTUJTQ0VtRjBkR1Z6ZEM1aGJtUnliMmxrTG1OdmJUQm9CZ2dyQmdFRkJRY0JBUVJjTUZvd0t3WUlLd1lCQlFVSE1BS0dIMmgwZEhBNkx5OXdhMmt1WjI5dloyeGxMbU52YlM5SFNVRkhNaTVqY25Rd0t3WUlLd1lCQlFVSE1BR0dIMmgwZEhBNkx5OWpiR2xsYm5Sek1TNW5iMjluYkdVdVkyOXRMMjlqYzNBd0hRWURWUjBPQkJZRUZON1FsYndMa3BYbUNQbmxLS3FFdDdvc0JpYW5NQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVVTdDBHRmh1ODltaTFkdldCdHJ0aUdycGFnUzh3SVFZRFZSMGdCQm93R0RBTUJnb3JCZ0VFQWRaNUFnVUJNQWdHQm1lQkRBRUNBakF3QmdOVkhSOEVLVEFuTUNXZ0k2QWhoaDlvZEhSd09pOHZjR3RwTG1kdmIyZHNaUzVqYjIwdlIwbEJSekl1WTNKc01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQnV4UEpqeE9GcjlqOEJUT0swbGhNNy8zVUN3d2RjSTFFZExmRGx4NmJCWW53SmVPUThKdC9Vd1VkcTFGTWRMM2gydkVTYVFkUVdYQTVCWE9YenI1TXV2V0xYaldKRjRsb0E4VzBTVDQyUDd6MWsyT29qb3JsNXZabkhjY08vZzhFd0ZpRlVINCsydXF1NVFzWmpVZGxMS2FFUWhJZTcvU2x2Qk41eHlZd0RaMlp0R00rdlVnVlFkbXpaV0puTGNHZFVSUGN3N2tlOWlNTFZKcXUrR0Z4c1lJSXYwMW1EQlVlblNUNFRsYWlEUG1nUmwzN3lCQWpUNGVaQlBIRzBGUzhna3FKZzAzMnhjNFdPNE1WMk1ZeEN0NWVzSllaOU04Y09QRFVjOEVYOUlwbC9FT1IrL25Mb2NRSEhIazhJQlhsbDVGM2lnN1RpOGFCNTJUMFdRaEIrIiwiTUlJRDhEQ0NBdGlnQXdJQkFnSURBanFTTUEwR0NTcUdTSWIzRFFFQkN3VUFNRUl4Q3pBSkJnTlZCQVlUQWxWVE1SWXdGQVlEVlFRS0V3MUhaVzlVY25WemRDQkpibU11TVJzd0dRWURWUVFERXhKSFpXOVVjblZ6ZENCSGJHOWlZV3dnUTBFd0hoY05NVFV3TkRBeE1EQXdNREF3V2hjTk1UY3hNak14TWpNMU9UVTVXakJKTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNoTUtSMjl2WjJ4bElFbHVZekVsTUNNR0ExVUVBeE1jUjI5dloyeGxJRWx1ZEdWeWJtVjBJRUYxZEdodmNtbDBlU0JITWpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSndxQkhkYzJGQ1JPZ2FqZ3VEWVVFaThpVC94R1hBYWlFWis0SS9GOFluT0llNWEvbUVOdHpKRWlhQjBDMU5QVmFUT2dtS1Y3dXRaWDhiaEJZQVN4RjZVUDd4YlNEajBVL2NrNXZ1UjZSWEV6L1JURGZSSy9KOVUzbjIrb0d0dmg4RFFVQjhvTUFOQTJnaHpVV3gvL3pvOHB6Y0dqcjFMRVFUcmZTVGU1dm44TVhIN2xOVmc4eTVLcjBMU3krckVhaHF5ekZQZEZVdUxIOGdaWVIvTm5hZytZeXVFTldsbGhNZ1p4VVlpK0ZPVnZ1T0FTaERHS3V5Nmx5QVJ4em1aRUFTZzhHRjZsU1dNVGxKMTRyYnRDTW9VL000aWFyTk96MFlEbDVjRGZzQ3gzbnV2UlRQUHVqNXh0OTcwSlNYQ0RUV0puWjM3RGhGNWlSNDN4YStPY21rQ0F3RUFBYU9CNXpDQjVEQWZCZ05WSFNNRUdEQVdnQlRBZXBob2pZbjdxd1ZrREJGOXFuMWx1TXJNVGpBZEJnTlZIUTRFRmdRVVN0MEdGaHU4OW1pMWR2V0J0cnRpR3JwYWdTOHdEZ1lEVlIwUEFRSC9CQVFEQWdFR01DNEdDQ3NHQVFVRkJ3RUJCQ0l3SURBZUJnZ3JCZ0VGQlFjd0FZWVNhSFIwY0RvdkwyY3VjM2x0WTJRdVkyOXRNQklHQTFVZEV3RUIvd1FJTUFZQkFmOENBUUF3TlFZRFZSMGZCQzR3TERBcW9DaWdKb1lrYUhSMGNEb3ZMMmN1YzNsdFkySXVZMjl0TDJOeWJITXZaM1JuYkc5aVlXd3VZM0pzTUJjR0ExVWRJQVFRTUE0d0RBWUtLd1lCQkFIV2VRSUZBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQ0U0RXA0Qi9FQlpEWGdLdDEwS0E5TENPMHE2ejZ4RjlrSVFZZmVlUUZmdEpmNmlaQlpHN2VzbldQRGNZQ1pxMng1SWdCelV6Q2VRb1kzSU50T0F5bkllWXhCdDJpV2ZCVUZpd0U2b1RHaHN5cGI3cUVaVk1TR05KNlpsZElEZk0vaXBwVVJhVlM2bmVTWUxBRUhEMExQUHN2Q1FrMEU2c3BkbGVIbTJTd2Flc1NEV0IrZVhrbkdWcHpZZWtRVkEvTGxlbGtWRVNXQTZNQ2FHc2VxUVNwU2Z6bWhDWGZWVURCdmRtV0Y5ZlpPR3JYVzJsT1VoMW1Fd3BXanFOMHl2S25GVUV2L1RtRk5XQXJDYnRGNG1tazJ4Y3BNeTQ4R2FPWk9OOW11SUFzMG5INUFxcTNWdUR4M0NRUms2KzBOdFpsbXd1OVJZMjNuSE1BY0lTd1NIR0ZnPT0iXX0.eyJub25jZSI6IlVFMTViamRaVUVNdk4ybFJNRU5UVTJwQ1VXdE1Rak51VEU1WWRtOXZabnBPUm14WkwzcEhibXRWV21oS1ZrSkJTa3R1S3pkWFJHbDBUVnBzYkZORFppOWFMMjlGZUVKa2NEVnllQzlwUTFWUlluVlVlV2M5UFE9PSIsInRpbWVzdGFtcE1zIjoxNDkwNzg3MTQ3MzYxLCJhcGtQYWNrYWdlTmFtZSI6ImNvbS5leGFtcGxlLnNhbXBsZSIsImFwa0RpZ2VzdFNoYTI1NiI6ImtXVWZ3ZlpCSU9ib2UzRGtMM2RkeTFBbm1VdjM3cDFVYlduZ1Fkd1gwZHM9IiwiY3RzUHJvZmlsZU1hdGNoIjp0cnVlLCJleHRlbnNpb24iOiJDUVlZdUQyUmRqQVkiLCJhcGtDZXJ0aWZpY2F0ZURpZ2VzdFNoYTI1NiI6WyJ3ZU93UTZLUWdFZGx2bXJIV0VCRDlyZm96YnF6ZWU0ZlpPT2FXclpoc2NvPSJdLCJiYXNpY0ludGVncml0eSI6dHJ1ZX0.JXOvgIx0PufdyJ72Vo-FvTb_6Dwj7gcSxlXWHt8siVrgK2eMQA3V_eYbXS7NYkNUEXLLMNIfm8qEIwJQGYLUKE9GyaHjjuFt_YOkQMOzC8hh9VpIekS8bc_eRfvVajXzrFSRAigOnfVBrMGrVVpxsqtjqz1Y9ochGHwrjO2b8oZyw06HjzsnuT9YpLXakBg1azOYx9KP-_XkDaKW6_Lkfn6Rmo8hpatadIF5qn54W_UkXvvsG7d4P8h_7uvO66rRhK1OXg3Qhazta3B_XFtiLcmusaqmglopEW1hI07FAvrqzemuY-_4EcvReLKfo84rl_BuJmLFVtQtDyAHtzngxw

- pixel

1

也在这里提问：https://github.com/googlesamples/android-play-safetynet/issues/5 - MaciejGórski

3个回答

-2

你可以自己验证响应。以下是一些代码，可以帮助你解释JWT响应：

https://github.com/scottyab/safetynethelper/blob/master/safetynetlib/src/main/java/com/scottyab/safetynet/SafetyNetHelper.java

您需要在后端验证签名。如果您没有使用谷歌的易用服务，谷歌会告诉您需要检查什么：

验证兼容性检查响应

您应该采取措施确保兼容性检查响应实际来自 SafetyNet 服务，并包含与您的请求数据匹配的数据。

注意：您应该使用安全连接将整个 JWS 响应发送到自己的服务器进行验证。我们不建议您直接在应用程序中执行验证，因为在这种情况下，无法保证验证逻辑本身没有被修改。

按照以下步骤验证 JWS 消息的来源：

从 JWS 消息中提取 SSL 证书链。

验证 SSL 证书链并使用 SSL 主机名匹配来验证叶证书是否发给了 attest.android.com 主机名。

使用证书验证 JWS 消息的签名。

检查 JWS 消息的数据，确保其与原始请求中的数据匹配。特别是，请确保 nonce、时间戳、包名称和 SHA-256 哈希值匹配。

来自：https://developer.android.com/training/safetynet/attestation.html

- Scott Merritt

-2

我认为您错过了一些细节，根据文档 - 使用Google API验证响应：

注意：您需要API密钥才能访问Android设备验证API，并且该API受到速率限制。出于这些原因，您应仅在初始开发阶段进行测试时使用API。您不应在生产场景中使用此验证API。

尝试添加API密钥并检查行为是否有所改变。

希望这可以帮助您。

- Mr.Rebot

但我不想使用API进行验证，我更愿意在我的后端完成它。 - pixel

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- MaciejGórski · Accepted Answer

您需要在最新版本的Google Play服务中使用API密钥。

请参阅有关新的SafetyNetClient::attest(byte[], String)方法的文档。

作为附注，我强烈建议您将验证配额设置为1，以生成此处用于您的Android应用程序的密钥。

https://console.developers.google.com/projectselector/apis/api/androidcheck.googleapis.com/quotas

这个（几乎，有一个1的错误；）可以防止攻击者使用从你的客户端代码中检索出来的密钥：

curl --data '{"signedAttestation": "eyJhbGciOiJSUzI1NiIsIng1YyI6WyJNSUlFaURDQ0EzQ2dBd0lCQWdJSWNkK3ZTTGZWdWxrd0RRWUpLb1pJaHZjTkFRRUxCUUF3U1RFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBb1RDa2R2YjJkc1pTQkpibU14SlRBakJnTlZCQU1USEVkdmIyZHNaU0JKYm5SbGNtNWxkQ0JCZFhSb2IzSnBkSGtnUnpJd0hoY05NVFl3TnpFeU1UVTBNelUwV2hjTk1UY3dOekV4TURBd01EQXdXakJzTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVFc5MWJuUmhhVzRnVm1sbGR6RVRNQkVHQTFVRUNnd0tSMjl2WjJ4bElFbHVZekViTUJrR0ExVUVBd3dTWVhSMFpYTjBMbUZ1WkhKdmFXUXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3WEtyS0ZRRlBTckthS252NG9MSUhXNlVVMEk2STV2Q1FERFJOUlg2NWQrMVJLUWg0aDNoUHlTQ21MR2thREg0Q3Rud1lCdmRhWmZHUnVJVWx4K21zRjlkbU8rZzR0U2tSaXdrRzBxZ1VVN3docDk2ZHJoZkFrdDdPc2RzUWhmQWlTcmljdDlrTTRISElOVFVadjU0bXhkQmI0SkVBSlAvWlBDL2h5alAwRnlwNFlWVkdGN3RrQ09zUTVzYlB3cTBrbVJ0citobG41TXYwN1oxdkQwTG1MMU8yQy9qQUVCWGlhV3IzTjltenRXK2w3dEllOW1yY3FvUTB1UXdDWTd6YWdjb1czeFRmVExKVGdGTU5ZU0RtaDBEV2NZZUhidjNHQUtTR0hCSWZIWlQranhhZTlwam5pSi8zY3VmOWhVcUZPTGV3blI0TGdiTzNtSlc4a0dtWVFJREFRQUJvNElCVHpDQ0FVc3dIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUIwR0ExVWRFUVFXTUJTQ0VtRjBkR1Z6ZEM1aGJtUnliMmxrTG1OdmJUQm9CZ2dyQmdFRkJRY0JBUVJjTUZvd0t3WUlLd1lCQlFVSE1BS0dIMmgwZEhBNkx5OXdhMmt1WjI5dloyeGxMbU52YlM5SFNVRkhNaTVqY25Rd0t3WUlLd1lCQlFVSE1BR0dIMmgwZEhBNkx5OWpiR2xsYm5Sek1TNW5iMjluYkdVdVkyOXRMMjlqYzNBd0hRWURWUjBPQkJZRUZON1FsYndMa3BYbUNQbmxLS3FFdDdvc0JpYW5NQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVVTdDBHRmh1ODltaTFkdldCdHJ0aUdycGFnUzh3SVFZRFZSMGdCQm93R0RBTUJnb3JCZ0VFQWRaNUFnVUJNQWdHQm1lQkRBRUNBakF3QmdOVkhSOEVLVEFuTUNXZ0k2QWhoaDlvZEhSd09pOHZjR3RwTG1kdmIyZHNaUzVqYjIwdlIwbEJSekl1WTNKc01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQnV4UEpqeE9GcjlqOEJUT0swbGhNNy8zVUN3d2RjSTFFZExmRGx4NmJCWW53SmVPUThKdC9Vd1VkcTFGTWRMM2gydkVTYVFkUVdYQTVCWE9YenI1TXV2V0xYaldKRjRsb0E4VzBTVDQyUDd6MWsyT29qb3JsNXZabkhjY08vZzhFd0ZpRlVINCsydXF1NVFzWmpVZGxMS2FFUWhJZTcvU2x2Qk41eHlZd0RaMlp0R00rdlVnVlFkbXpaV0puTGNHZFVSUGN3N2tlOWlNTFZKcXUrR0Z4c1lJSXYwMW1EQlVlblNUNFRsYWlEUG1nUmwzN3lCQWpUNGVaQlBIRzBGUzhna3FKZzAzMnhjNFdPNE1WMk1ZeEN0NWVzSllaOU04Y09QRFVjOEVYOUlwbC9FT1IrL25Mb2NRSEhIazhJQlhsbDVGM2lnN1RpOGFCNTJUMFdRaEIrIiwiTUlJRDhEQ0NBdGlnQXdJQkFnSURBanFTTUEwR0NTcUdTSWIzRFFFQkN3VUFNRUl4Q3pBSkJnTlZCQVlUQWxWVE1SWXdGQVlEVlFRS0V3MUhaVzlVY25WemRDQkpibU11TVJzd0dRWURWUVFERXhKSFpXOVVjblZ6ZENCSGJHOWlZV3dnUTBFd0hoY05NVFV3TkRBeE1EQXdNREF3V2hjTk1UY3hNak14TWpNMU9UVTVXakJKTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNoTUtSMjl2WjJ4bElFbHVZekVsTUNNR0ExVUVBeE1jUjI5dloyeGxJRWx1ZEdWeWJtVjBJRUYxZEdodmNtbDBlU0JITWpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSndxQkhkYzJGQ1JPZ2FqZ3VEWVVFaThpVC94R1hBYWlFWis0SS9GOFluT0llNWEvbUVOdHpKRWlhQjBDMU5QVmFUT2dtS1Y3dXRaWDhiaEJZQVN4RjZVUDd4YlNEajBVL2NrNXZ1UjZSWEV6L1JURGZSSy9KOVUzbjIrb0d0dmg4RFFVQjhvTUFOQTJnaHpVV3gvL3pvOHB6Y0dqcjFMRVFUcmZTVGU1dm44TVhIN2xOVmc4eTVLcjBMU3krckVhaHF5ekZQZEZVdUxIOGdaWVIvTm5hZytZeXVFTldsbGhNZ1p4VVlpK0ZPVnZ1T0FTaERHS3V5Nmx5QVJ4em1aRUFTZzhHRjZsU1dNVGxKMTRyYnRDTW9VL000aWFyTk96MFlEbDVjRGZzQ3gzbnV2UlRQUHVqNXh0OTcwSlNYQ0RUV0puWjM3RGhGNWlSNDN4YStPY21rQ0F3RUFBYU9CNXpDQjVEQWZCZ05WSFNNRUdEQVdnQlRBZXBob2pZbjdxd1ZrREJGOXFuMWx1TXJNVGpBZEJnTlZIUTRFRmdRVVN0MEdGaHU4OW1pMWR2V0J0cnRpR3JwYWdTOHdEZ1lEVlIwUEFRSC9CQVFEQWdFR01DNEdDQ3NHQVFVRkJ3RUJCQ0l3SURBZUJnZ3JCZ0VGQlFjd0FZWVNhSFIwY0RvdkwyY3VjM2x0WTJRdVkyOXRNQklHQTFVZEV3RUIvd1FJTUFZQkFmOENBUUF3TlFZRFZSMGZCQzR3TERBcW9DaWdKb1lrYUhSMGNEb3ZMMmN1YzNsdFkySXVZMjl0TDJOeWJITXZaM1JuYkc5aVlXd3VZM0pzTUJjR0ExVWRJQVFRTUE0d0RBWUtLd1lCQkFIV2VRSUZBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQ0U0RXA0Qi9FQlpEWGdLdDEwS0E5TENPMHE2ejZ4RjlrSVFZZmVlUUZmdEpmNmlaQlpHN2VzbldQRGNZQ1pxMng1SWdCelV6Q2VRb1kzSU50T0F5bkllWXhCdDJpV2ZCVUZpd0U2b1RHaHN5cGI3cUVaVk1TR05KNlpsZElEZk0vaXBwVVJhVlM2bmVTWUxBRUhEMExQUHN2Q1FrMEU2c3BkbGVIbTJTd2Flc1NEV0IrZVhrbkdWcHpZZWtRVkEvTGxlbGtWRVNXQTZNQ2FHc2VxUVNwU2Z6bWhDWGZWVURCdmRtV0Y5ZlpPR3JYVzJsT1VoMW1Fd3BXanFOMHl2S25GVUV2L1RtRk5XQXJDYnRGNG1tazJ4Y3BNeTQ4R2FPWk9OOW11SUFzMG5INUFxcTNWdUR4M0NRUms2KzBOdFpsbXd1OVJZMjNuSE1BY0lTd1NIR0ZnPT0iXX0.eyJub25jZSI6IlVFMTViamRaVUVNdk4ybFJNRU5UVTJwQ1VXdE1Rak51VEU1WWRtOXZabnBPUm14WkwzcEhibXRWV21oS1ZrSkJTa3R1S3pkWFJHbDBUVnBzYkZORFppOWFMMjlGZUVKa2NEVnllQzlwUTFWUlluVlVlV2M5UFE9PSIsInRpbWVzdGFtcE1zIjoxNDkwNzg3MTQ3MzYxLCJhcGtQYWNrYWdlTmFtZSI6ImNvbS5leGFtcGxlLnNhbXBsZSIsImFwa0RpZ2VzdFNoYTI1NiI6ImtXVWZ3ZlpCSU9ib2UzRGtMM2RkeTFBbm1VdjM3cDFVYlduZ1Fkd1gwZHM9IiwiY3RzUHJvZmlsZU1hdGNoIjp0cnVlLCJleHRlbnNpb24iOiJDUVlZdUQyUmRqQVkiLCJhcGtDZXJ0aWZpY2F0ZURpZ2VzdFNoYTI1NiI6WyJ3ZU93UTZLUWdFZGx2bXJIV0VCRDlyZm96YnF6ZWU0ZlpPT2FXclpoc2NvPSJdLCJiYXNpY0ludGVncml0eSI6dHJ1ZX0.JXOvgIx0PufdyJ72Vo-FvTb_6Dwj7gcSxlXWHt8siVrgK2eMQA3V_eYbXS7NYkNUEXLLMNIfm8qEIwJQGYLUKE9GyaHjjuFt_YOkQMOzC8hh9VpIekS8bc_eRfvVajXzrFSRAigOnfVBrMGrVVpxsqtjqz1Y9ochGHwrjO2b8oZyw06HjzsnuT9YpLXakBg1azOYx9KP-_XkDaKW6_Lkfn6Rmo8hpatadIF5qn54W_UkXvvsG7d4P8h_7uvO66rRhK1OXg3Qhazta3B_XFtiLcmusaqmglopEW1hI07FAvrqzemuY-_4EcvReLKfo84rl_BuJmLFVtQtDyAHtzngxw"}' -H "Content-Type: application/json" -H "X-Android-Package: com.example" -H "X-Android-Cert: 1111111111111111111111111111111111111111" -X POST "https://www.googleapis.com/androidcheck/v1/attestations/verify?key=AIzaSyCmid3BBzBO0idOTNNRH-7RjCrA3xhvAho"

替换X-Android-Package，X-Android-Cert和key的值以测试带有Android应用程序限制的API密钥。