JAVA專案之蘋果IAP內購JAVA伺服器驗證流程詳解
阿新 • • 發佈:2019-02-08
1.前言
本部落格是經歷過多個專案檢驗的, 絕對真實, 適應於對蘋果iap內購稍微有些瞭解的JAVA開發人員, 認真看, 定能完美解決蘋果內購問題.
蘋果IAP內購支付實際上是"將客戶端支付後的一些資訊傳給後臺, 後臺拿著這些資訊在傳給蘋果支付平臺, 來驗證客戶端支付是否有效"的一個過程, 中間的難點有三個.
一是沙盒測試資料和線上測試資料的問題. 剛開始接入蘋果內購時,網上的各種測試一大堆, 幾乎你就找不到兩篇相同的資料, 這導致我剛開始做的時候踩了很多坑, 對於這種情況建議各位java開發者以實際測試資料為準, 因為我認為, 隨著時間往後, 蘋果平臺返回的測試資料還會變化, 請以真實得到的資料為準. 下面貼一下我當時專案的測試資料(這個專案是2017年11月左右的資料)
這個是沙箱測試資料(經過檢驗,正式的測試資料與沙箱測試資料結構是一樣,所以採用同一套程式碼即可)
得到前端支付資料,發給蘋果平臺,進行二次驗證{ "status": 0, "environment": "Sandbox", "receipt": { "receipt_type": "ProductionSandbox", "adam_id": 0, "app_item_id": 0, "bundle_id": "com.jiuying.twelveAnimal", "application_version": "0", "download_id": 0, "version_external_identifier": 0, "receipt_creation_date": "2018-01-05 10:06:12 Etc/GMT", "receipt_creation_date_ms": "1515146772000", "receipt_creation_date_pst": "2018-01-05 02:06:12 America/Los_Angeles", "request_date": "2018-01-05 10:06:14 Etc/GMT", "request_date_ms": "1515146774645", "request_date_pst": "2018-01-05 02:06:14 America/Los_Angeles", "original_purchase_date": "2013-08-01 07:00:00 Etc/GMT", "original_purchase_date_ms": "1375340400000", "original_purchase_date_pst": "2013-08-01 00:00:00 America/Los_Angeles", "original_application_version": "1.0", "in_app": [ { "quantity": "1", "product_id": "com.jiuying.twelveAnimal.6", //這個6是關鍵, 6就是蘋果客戶端支付的金額, 我們取到這個值,進行我們的業務邏輯即可 "transaction_id": "1000000364151484", "original_transaction_id": "1000000364151484", "purchase_date": "2018-01-05 10:06:11 Etc/GMT", "purchase_date_ms": "1515146771000", "purchase_date_pst": "2018-01-05 02:06:11 America/Los_Angeles", "original_purchase_date": "2018-01-05 10:06:11 Etc/GMT", "original_purchase_date_ms": "1515146771000", "original_purchase_date_pst": "2018-01-05 02:06:11 America/Los_Angeles", "is_trial_period": "false" } ] } }
上面的方法用到了一個工具類,如下/** * @throws Exception * 蘋果內購支付 * @Title: doIosRequest * @Description:Ios客戶端內購支付 * @param TransactionID :交易單號 需要客戶端傳過來的引數1 * @param Payload:需要客戶端傳過來的引數2 * @throws */ public Map<String, Object> doIosRequest(String TransactionID,String Payload, int userId) throws Exception { Map<String, Object> map = new HashMap<String, Object>(); Map<String, Object> mapChange = new HashMap<String, Object>(); System.out.println("客戶端傳過來的值1:"+TransactionID+"客戶端傳過來的值2:"+Payload); String verifyResult = IosVerifyUtil.buyAppVerify(Payload,1); //1.先線上測試 傳送平臺驗證 if (verifyResult == null) { // 蘋果伺服器沒有返回驗證結果 System.out.println("無訂單資訊!"); } else { // 蘋果驗證有返回結果 System.out.println("線上,蘋果平臺返回JSON:"+verifyResult); JSONObject job = JSONObject.parseObject(verifyResult); String states = job.getString("status"); if("21007".equals(states)){ //是沙盒環境,應沙盒測試,否則執行下面 verifyResult = IosVerifyUtil.buyAppVerify(Payload,0); //2.再沙盒測試 傳送平臺驗證 System.out.println("沙盒環境,蘋果平臺返回JSON:"+verifyResult); job = JSONObject.parseObject(verifyResult); states = job.getString("status"); } System.out.println("蘋果平臺返回值:job"+job); if (states.equals("0")){ // 前端所提供的收據是有效的 驗證成功 String r_receipt = job.getString("receipt"); JSONObject returnJson = JSONObject.parseObject(r_receipt); String in_app = returnJson.getString("in_app"); JSONObject in_appJson = JSONObject.parseObject(in_app.substring(1, in_app.length()-1)); String product_id = in_appJson.getString("product_id"); String transaction_id = in_appJson.getString("transaction_id"); // 訂單號 /************************************************+自己的業務邏輯**********************************************************/ //如果單號一致 則儲存到資料庫 if(TransactionID.equals(transaction_id)){ String [] moneys = product_id.split("\\."); //System.out.println("使用者ID:"+userId+",要充值的鑽石數:"+moneys[moneys.length-1]); mapChange = charge(Integer.parseInt(moneys[moneys.length-1]), 5, userId); map.put("money", moneys[moneys.length-1]); } /************************************************+自己的業務邏輯end**********************************************************/ if((boolean) mapChange.get("success")){//使用者鑽石數量新增成功 map.put("success", true); map.put("message", "充值鑽石成功!"); //map.put("status", states); }else{ map.put("success", false); map.put("message", "充值鑽石失敗!"); } } else { map.put("success", false); map.put("message", "receipt資料有問題"); map.put("status", states); } } return map; }
package com.miracle9.animal.util;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Locale;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
/**
* 蘋果IAP內購驗證工具類
* @ClassName: IosVerify
* @Description:Apple Pay
*/
public class IosVerifyUtil {
private static class TrustAnyTrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[] {};
}
}
private static class TrustAnyHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
private static final String url_sandbox = "https://sandbox.itunes.apple.com/verifyReceipt";
private static final String url_verify = "https://buy.itunes.apple.com/verifyReceipt";
/**
* 蘋果伺服器驗證
*
* @param receipt
* 賬單
* @url 要驗證的地址
* @return null 或返回結果 沙盒 https://sandbox.itunes.apple.com/verifyReceipt
*
*/
public static String buyAppVerify(String receipt,int type) {
//環境判斷 線上/開發環境用不同的請求連結
String url = "";
if(type==0){
url = url_sandbox; //沙盒測試
}else{
url = url_verify; //線上測試
}
//String url = EnvUtils.isOnline() ?url_verify : url_sandbox;
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
URL console = new URL(url);
HttpsURLConnection conn = (HttpsURLConnection) console.openConnection();
conn.setSSLSocketFactory(sc.getSocketFactory());
conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
conn.setRequestMethod("POST");
conn.setRequestProperty("content-type", "text/json");
conn.setRequestProperty("Proxy-Connection", "Keep-Alive");
conn.setDoInput(true);
conn.setDoOutput(true);
BufferedOutputStream hurlBufOus = new BufferedOutputStream(conn.getOutputStream());
String str = String.format(Locale.CHINA, "{\"receipt-data\":\"" + receipt + "\"}");//拼成固定的格式傳給平臺
hurlBufOus.write(str.getBytes());
hurlBufOus.flush();
InputStream is = conn.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
String line = null;
StringBuffer sb = new StringBuffer();
while ((line = reader.readLine()) != null) {
sb.append(line);
}
return sb.toString();
} catch (Exception ex) {
System.out.println("蘋果伺服器異常");
ex.printStackTrace();
}
return null;
}
/**
* 用BASE64加密
*
* @param str
* @return
*/
public static String getBASE64(String str) {
byte[] b = str.getBytes();
String s = null;
if (b != null) {
s = new sun.misc.BASE64Encoder().encode(b);
}
return s;
}
}