苹果内购:
只要你在苹果系统购买APP中虚拟物品(虚拟货币,VIP充值等),必须通过内购方式进行支付,苹果和商家进行三七开
验证模式有两种:
Validating Receipts With the App Store 通过访问苹果接口进行验证。
Validating Receipts Locally 本地代码解码进行验证
官方验证文档地址:https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html#//apple_ref/doc/uid/TP40010573-CH104-SW1
官方文档说明
image
我这里主要说一下服务端验证模式,大致流程为
-
app进行支付,然后收到苹果的收据(一串很长的BASE64编码的字符串)
-
app请求服务端,将收据给到服务端,服务端拿到收据请求苹果服务器验证收据是否为真
-
服务端验证收据真伪,验证当前支付的交易是否成功,成功则处理支付成功的业务逻辑
进行代码前,首先使用postman将收据发送给苹果服务器,熟悉一下返回的数据结构
image
重点说一下我的理解
在官方文档和各个私人博客中都没有明确说明要验证的内容,百度一整天得到的验证逻辑为
苹果服务器只验证了收据的真伪,而收据包含多个交易的信息。
所以,我们验证当status字段为0(即收据为真),且当前交易ID(app传递到后台)在收据交易列表中,即可认为交易支付成功
同时app传递当前支付产品的ID(我们内部的商品ID),处理该商品的订单
注意:这个接口可以多次请求,所以应当将交易ID与订单进行绑定,防止一个交易生成多个订单
上验证代码,首先来一个百度的工具类,功能为组装请求数据,发送http请求
package com.qh.app.utils;
import javax.net.ssl.*;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Locale;
/**
* @Author :
* @Date: 2019/10/31 14:11
* @Desc: 苹果IAP内购验证工具类
**/
public class IosVerifyUtil {
private static class TrustAnyTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[] {};
}
}
private static class TrustAnyHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
private static final String url_sandbox = "https://sandbox.itunes.apple.com/verifyReceipt";
private static final String url_verify = "https://buy.itunes.apple.com/verifyReceipt";
/**
* 苹果服务器验证
*
* @param receipt
* 账单
* @url 要验证的地址
* @return null 或返回结果 沙盒 https://sandbox.itunes.apple.com/verifyReceipt
*
*/
public static String buyAppVerify(String receipt,int type) {
//环境判断 线上/开发环境用不同的请求链接
String url = "";
if(type==0){
url = url_sandbox; //沙盒测试
}else{
url = url_verify; //线上测试
}
//String url = EnvUtils.isOnline() ?url_verify : url_sandbox;
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
URL console = new URL(url);
HttpsURLConnection conn = (HttpsURLConnection) console.openConnection();
conn.setSSLSocketFactory(sc.getSocketFactory());
conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
conn.setRequestMethod("POST");
conn.setRequestProperty("content-type", "text/json");
conn.setRequestProperty("Proxy-Connection", "Keep-Alive");
conn.setDoInput(true);
conn.setDoOutput(true);
BufferedOutputStream hurlBufOus = new BufferedOutputStream(conn.getOutputStream());
String str = String.format(Locale.CHINA, "{\"receipt-data\":\"" + receipt + "\"}");//拼成固定的格式传给平台
hurlBufOus.write(str.getBytes());
hurlBufOus.flush();
InputStream is = conn.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
String line = null;
StringBuffer sb = new StringBuffer();
while ((line = reader.readLine()) != null) {
sb.append(line);
}
return sb.toString();
} catch (Exception ex) {
System.out.println("苹果服务器异常");
ex.printStackTrace();
}
return null;
}
/**
* 用BASE64加密
*
* @param str
* @return
*/
public static String getBASE64(String str) {
byte[] b = str.getBytes();
String s = null;
if (b != null) {
s = new sun.misc.BASE64Encoder().encode(b);
}
return s;
}
}
验证逻辑代码
@Override
public BaseResponse buyCoins(VerifyReceiptRequest verifyReceiptRequest) {
//线上环境验证
String verifyResult = IosVerifyUtil.buyAppVerify(verifyReceiptRequest.getPayload(),1);
if (verifyResult == null) {
return BaseResponse.error("苹果验证失败,返回数据为空");
}
JSONObject appleReturn = JSONObject.parseObject(verifyResult);
String states = appleReturn.getString("status");
//无数据则沙箱环境验证
if ("21007".equals(states)) {
verifyResult = IosVerifyUtil.buyAppVerify(verifyReceiptRequest.getPayload(), 0);
appleReturn = JSONObject.parseObject(verifyResult);
states = appleReturn.getString("status");
}
// 前端所提供的收据是有效的 验证成功
if ("0".equals(states)) {
String receipt = appleReturn.getString("receipt");
JSONObject returnJson = JSONObject.parseObject(receipt);
//校验bundle_id
String bundle_id = returnJson.getString("bundle_id");
if(StringUtils.isNullOrEmpty(verifyReceiptRequest.getBundleId()) || !verifyReceiptRequest.getBundleId().equals(bundle_id)){
return BaseResponse.error("充值校验失败");
}
String inApp = returnJson.getString("in_app");
List<InAppElement> bj = JSON.parseArray(inApp, InAppElement.class);
if (bj==null || bj.size()==0) {
return BaseResponse.error("未能获取获取到交易列表");
}
for (InAppElement app : bj) {
if(app.getTransaction_id().equals(verifyReceiptRequest.getTransactionId())){
//去重
CoinHistoryEntity coinHistoryEntity1 = appCoinHistoryRepository.queryBytransactionId(verifyReceiptRequest.getTransactionId());
if(coinHistoryEntity1!=null){
return BaseResponse.error("该交易单号已被记录");
}
//处理业务逻辑
CoinHistoryEntity coinHistoryEntity = new CoinHistoryEntity();
coinHistoryEntity.setBundleId(bundle_id);
coinHistoryEntity.setPayLoad(verifyReceiptRequest.getPayload());
coinHistoryEntity.setProductId(app.getProduct_id());
String [] moneys = app.getProduct_id().split("\\_");
coinHistoryEntity.setMoney(new BigDecimal(moneys[1]));
coinHistoryEntity.setNewCoins(new BigDecimal(moneys[2]));
//查询该学生已有的金币余额
CoinHistoryEntity coinHistoryEntity2 = appCoinHistoryRepository.queryByStuId(verifyReceiptRequest.getStuId());
if(coinHistoryEntity2!=null){
coinHistoryEntity.setCoins(coinHistoryEntity2.getCoins().add(new BigDecimal(moneys[2])));
}else {
coinHistoryEntity.setCoins(new BigDecimal(moneys[2]));
}
//记录学生
coinHistoryEntity.setStuId(verifyReceiptRequest.getStuId());
coinHistoryEntity.setTransactionId(verifyReceiptRequest.getTransactionId());
coinHistoryEntity.setCreateBy(verifyReceiptRequest.getStuId());
coinHistoryEntity.setCreateTime(new Date());
coinHistoryEntity = appCoinHistoryRepository.save(coinHistoryEntity);
return BaseResponse.ok("充值校验成功")
.put("transactionId",coinHistoryEntity.getTransactionId())
.put("coins",coinHistoryEntity.getCoins());
}
}
}
return BaseResponse.error("充值校验失败");
}
同学们可以直接copy,注意删除我个人的业务代码即可
这个时候ios开发提出了一个问题,当支付完成,还没有发起验证,app闪退或关机时,岂不是无法生成订单?
这个时候可以先保存到本地,每次app启动判断本地是否有尚未验证的交易,有则发起验证请求。验证返回成功则删除本地记录
说明:关注微信公众号【村中一少】,回复“电子书”按照提示信息获取对应书籍目录序号,如回复【1】,即可获得电子书【研磨设计模式.陈臣.王斌.扫描版.pdf】下载地址,所有电子均为免费。
这些电子书仅仅用于学习,如果喜欢请购买正版图书!请支持原版作者!
网友评论