美文网首页iOS开发java
苹果内购IAP服务端验证-java篇

苹果内购IAP服务端验证-java篇

作者: KICHUN | 来源:发表于2019-02-27 11:29 被阅读0次

    苹果内购:

    只要你在苹果系统购买APP中虚拟物品(虚拟货币,VIP充值等),必须通过内购方式进行支付,苹果和商家进行三七开

    验证模式有两种:

    Validating Receipts With the App Store 通过访问苹果接口进行验证。
    Validating Receipts Locally 本地代码解码进行验证

    官方验证文档地址:https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html#//apple_ref/doc/uid/TP40010573-CH104-SW1

    官方文档说明


    image.png

    我这里主要说一下服务端验证模式,大致流程为

    • app进行支付,然后收到苹果的收据(一串很长的BASE64编码的字符串)
    • app请求服务端,将收据给到服务端,服务端拿到收据请求苹果服务器验证收据是否为真
    • 服务端验证收据真伪,验证当前支付的交易是否成功,成功则处理支付成功的业务逻辑

    进行代码前,首先使用postman将收据发送给苹果服务器,熟悉一下返回的数据结构


    image.png

    重点说一下我的理解

    在官方文档和各个私人博客中都没有明确说明要验证的内容,百度一整天得到的验证逻辑为
    苹果服务器只验证了收据的真伪,而收据包含多个交易的信息。
    所以,我们验证当status字段为0(即收据为真),且当前交易ID(app传递到后台)在收据交易列表中,即可认为交易支付成功
    同时app传递当前支付产品的ID(我们内部的商品ID),处理该商品的订单

    注意:这个接口可以多次请求,所以应当将交易ID与订单进行绑定,防止一个交易生成多个订单

    上验证代码,首先来一个百度的工具类,功能为组装请求数据,发送http请求

    
    import javax.net.ssl.*;
    import java.io.BufferedOutputStream;
    import java.io.BufferedReader;
    import java.io.InputStream;
    import java.io.InputStreamReader;
    import java.net.URL;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;
    import java.util.Locale;
    
    /**
     * 苹果IAP内购验证工具类
     * Created by wangqichang on 2019/2/26.
     */
    public class IosVerifyUtil {
        private static class TrustAnyTrustManager implements X509TrustManager {
    
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }
    
            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }
    
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[] {};
            }
        }
    
        private static class TrustAnyHostnameVerifier implements HostnameVerifier {
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        }
    
        private static final String url_sandbox = "https://sandbox.itunes.apple.com/verifyReceipt";
        private static final String url_verify = "https://buy.itunes.apple.com/verifyReceipt";
    
        /**
         * 苹果服务器验证
         *
         * @param receipt
         *            账单
         * @url 要验证的地址
         * @return null 或返回结果 沙盒 https://sandbox.itunes.apple.com/verifyReceipt
         *
         */
        public static String buyAppVerify(String receipt,int type) {
            //环境判断 线上/开发环境用不同的请求链接
            String url = "";
            if(type==0){
                url = url_sandbox; //沙盒测试
            }else{
                url = url_verify; //线上测试
            }
            //String url = EnvUtils.isOnline() ?url_verify : url_sandbox;
    
            try {
                SSLContext sc = SSLContext.getInstance("SSL");
                sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
                URL console = new URL(url);
                HttpsURLConnection conn = (HttpsURLConnection) console.openConnection();
                conn.setSSLSocketFactory(sc.getSocketFactory());
                conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
                conn.setRequestMethod("POST");
                conn.setRequestProperty("content-type", "text/json");
                conn.setRequestProperty("Proxy-Connection", "Keep-Alive");
                conn.setDoInput(true);
                conn.setDoOutput(true);
                BufferedOutputStream hurlBufOus = new BufferedOutputStream(conn.getOutputStream());
    
                String str = String.format(Locale.CHINA, "{\"receipt-data\":\"" + receipt + "\"}");//拼成固定的格式传给平台
                hurlBufOus.write(str.getBytes());
                hurlBufOus.flush();
    
                InputStream is = conn.getInputStream();
                BufferedReader reader = new BufferedReader(new InputStreamReader(is));
                String line = null;
                StringBuffer sb = new StringBuffer();
                while ((line = reader.readLine()) != null) {
                    sb.append(line);
                }
    
                return sb.toString();
            } catch (Exception ex) {
                System.out.println("苹果服务器异常");
                ex.printStackTrace();
            }
            return null;
        }
    
        /**
         * 用BASE64加密
         *
         * @param str
         * @return
         */
        public static String getBASE64(String str) {
            byte[] b = str.getBytes();
            String s = null;
            if (b != null) {
                s = new sun.misc.BASE64Encoder().encode(b);
            }
            return s;
        }
    
    }
    

    验证逻辑代码

    /**
         * 苹果内购校验
         * @param priceId 会员价格ID
         * @param transactionId 苹果内购交易ID
         * @param payload 校验体(base64字符串)
         * @return
         */
        @PostMapping("/iospay")
        public Map<String, Object> iosPay(Long priceId,String transactionId, String payload) {
            log.info("苹果内购校验开始,交易ID:" + transactionId + " base64校验体:" + payload);
            Shipper shipper = getLoginShipper();
            if (shipper == null) {
                return failure("未登录");
            }
    
            //线上环境验证
            String verifyResult = IosVerifyUtil.buyAppVerify(payload, 1);
            if (verifyResult == null) {
                return failure("苹果验证失败,返回数据为空");
            } else {
                log.info("线上,苹果平台返回JSON:" + verifyResult);
                JSONObject appleReturn = JSONObject.parseObject(verifyResult);
                String states = appleReturn.getString("status");
                //无数据则沙箱环境验证
                if ("21007".equals(states)) {
                    verifyResult = IosVerifyUtil.buyAppVerify(payload, 0);
                    log.info("沙盒环境,苹果平台返回JSON:" + verifyResult);
                    appleReturn = JSONObject.parseObject(verifyResult);
                    states = appleReturn.getString("status");
                }
                log.info("苹果平台返回值:appleReturn" + appleReturn);
                // 前端所提供的收据是有效的    验证成功
                if (states.equals("0")) {
                    String receipt = appleReturn.getString("receipt");
                    JSONObject returnJson = JSONObject.parseObject(receipt);
                    String inApp = returnJson.getString("in_app");
                    List<HashMap> inApps = JSONObject.parseArray(inApp, HashMap.class);
                    if (!CollectionUtils.isEmpty(inApps)) {
                        ArrayList<String> transactionIds = new ArrayList<String>();
                        for (HashMap app : inApps) {
                            transactionIds.add((String) app.get("transaction_id"));
                        }
                        //交易列表包含当前交易,则认为交易成功
                        if (transactionIds.contains(transactionId)) {
                            //处理业务逻辑
                            VipOrder vipOrder = vipOrderService.saveVipOrder(shipper, priceId, EnumPayType.APPLE_IN_APP_PURCHASES.getValue(),transactionId);
                            vipOrderService.paySuccess(vipOrder.getOrderCode(),null);
                            log.info("交易成功,新增并处理订单:{}",vipOrder.getOrderCode());
                            return success("充值成功");
                        }
                        return failure("当前交易不在交易列表中");
                    }
                    return failure("未能获取获取到交易列表");
                } else {
                    return failure("支付失败,错误码:" + states);
                }
            }
        }
    

    同学们可以直接copy,注意删除我个人的业务代码即可
    这个时候ios开发提出了一个问题,当支付完成,还没有发起验证,app闪退或关机时,岂不是无法生成订单?
    这个时候可以先保存到本地,每次app启动判断本地是否有尚未验证的交易,有则发起验证请求。验证返回成功则删除本地记录

    相关文章

      网友评论

        本文标题:苹果内购IAP服务端验证-java篇

        本文链接:https://www.haomeiwen.com/subject/gzjxuqtx.html