applepay和常规国内的支付流程完全不一样,理解起来很复杂,我做完后有了一个理解:
首先在app管理在苹果网站上架一个产品,有对应的id和价格,名称等
1.客户在苹果前端购买完产品后会返回一个购买凭证信息,{"receipt-data" : "MIIT9wYJKoZIhvcNAQcCoIIT6DCCE……"},大概有8000+的长度,发送到客户端;
2.本地存储购买凭证后可根据需要生成业务订单号等信息;
3.将购买凭证、业务订单号等信息传至服务端进行购买校验;
4.Java服务端做的工作在这个地方,因为我这边会在成功后存在服务端数据库所以先做了校验是否是重复消费,没有重复消费后将购买凭证信息发送到苹果商店验证是否有效;
5.根据返回的结果判断是否成功,并进行业务处理;
0 正常
21000 App Store不能读取你提供的JSON对象
21002 receipt-data域的数据有问题
21003 receipt无法通过验证
21004 提供的shared secret不匹配你账号中的shared secret
21005 receipt服务器当前不可用
21006 receipt合法,但是订阅已过期。服务器接收到这个状态码时,receipt数据仍然会解码并一起发送
21007 receipt是Sandbox receipt,但却发送至生产系统的验证服务
21008 receipt是生产receipt,但却发送至Sandbox环境的验证服务
6.返回客户端
下面是Java服务端的代码,只有一个对外的购买凭证校验接口
/**
* 苹果支付回调验证
* 0 正常
* 21000 App Store不能读取你提供的JSON对象
* 21002 receipt-data域的数据有问题
* 21003 receipt无法通过验证
* 21004 提供的shared secret不匹配你账号中的shared secret
* 21005 receipt服务器当前不可用
* 21006 receipt合法,但是订阅已过期。服务器接收到这个状态码时,receipt数据仍然会解码并一起发送
* 21007 receipt是Sandbox receipt,但却发送至生产系统的验证服务
* 21008 receipt是生产receipt,但却发送至Sandbox环境的验证服务
* transactionId 单号
* receipt前端返回信息
* type 线上/开发环境用不同的请求链接(0:沙盒 1:线上)
*/
@PostMapping("/applePay/verify")
@ResponseBody
public String applePayVerify(@RequestBody @Valid String transactionId, String receiptDate,Integer type) throws Exception {
log.info("苹果支付回调验证param:{}", JSONObject.toJSONString(transactionId));
try {
//1.本地验证是否有重复订单号
List<PayOrderInfo> payOrderInfoList = tradeServiceForDb.getPayListByChannelTradeNo(transactionId);
if (CollectionUtils.isNotEmpty(payOrderInfoList)) {
log.info("此苹果订单号已存在对应支付成功订单,transactionId:{}", transactionId);
return dataJson("此苹果订单号已存在对应支付成功订单").toJSONString();
}
//2.先线上测试 发送平台验证
String verifyResult = ApplePayUtil.buyAppVerify(receiptDate, applePayType);
// 苹果服务器没有返回验证结果
if (verifyResult == null) {
log.error("苹果服务器无此订单信息,transactionId:{}", transactionId);
return errorJson("苹果服务器无此订单信息").toJSONString();
} else {
// 苹果验证有返回结果
log.info("苹果平台返回JSON:" + verifyResult);
JSONObject jsonObject = JSONObject.parseObject(verifyResult);
String states = jsonObject.getString("status");
if ("21007".equals(states)) {
//2.在沙盒测试 发送平台验证
verifyResult = ApplePayUtil.buyAppVerify(type, applePayType);
log.info("沙盒环境,苹果平台返回JSON:" + verifyResult);
jsonObject = JSONObject.parseObject(verifyResult);
states = jsonObject.getString("status");
return dataJson("沙盒环境,状态为:" + states).toJSONString();
}
log.info("苹果平台返回值param:{}" + jsonObject);
// 前端所提供的收据是有效的 验证成功
if (states.equals("0")) {
String r_receipt = jsonObject.getString("receipt");
JSONObject returnJson = JSONObject.parseObject(r_receipt);
String in_app = returnJson.getString("in_app");
JSONObject in_appJson = JSONObject.parseObject(in_app.substring(1, in_app.length() - 1));
String product_id = in_appJson.getString("product_id");
// 订单号
String transaction_id = in_appJson.getString("transaction_id");
//下面是具体的业务代码,根据需要,我这边将订单存入了数据库去判断是否是重复消费
//----------------------------------------------------------------------
return errorJson("苹果服务器验证单号或产品类型不一致").toJSONString();
} else {
log.error("苹果服务器验证receipt数据有问题,data:{}", receiptDate);
return errorJson("苹果服务器验证receipt数据有问题").toJSONString();
}
}
} catch (Exception e) {
log.error("苹果验证服务异常", e);
return errorJson("苹果服务异常").toString();
}
}
下面是发送苹果服务器校验具体工具类
public class ApplePayUtil {
private static class TrustAnyTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
}
private static class TrustAnyHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
private static final String url_sandbox = "https://sandbox.itunes.apple.com/verifyReceipt";
private static final String url_verify = "https://buy.itunes.apple.com/verifyReceipt";
/**
* 苹果服务器验证
*
* @param receipt 账单
* @return null 或返回结果 沙盒 https://sandbox.itunes.apple.com/verifyReceipt
* @url 要验证的地址
*/
public static String buyAppVerify(String receipt, int type) throws Exception {
//环境判断 线上/开发环境用不同的请求链接
String url = "";
if (type == 0) {
url = url_sandbox; //沙盒测试
} else {
url = url_verify; //线上测试
}
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());
URL console = new URL(url);
HttpsURLConnection conn = (HttpsURLConnection) console.openConnection();
conn.setSSLSocketFactory(sc.getSocketFactory());
conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
conn.setRequestMethod("POST");
conn.setRequestProperty("content-type", "text/json");
conn.setRequestProperty("Proxy-Connection", "Keep-Alive");
conn.setDoInput(true);
conn.setDoOutput(true);
BufferedOutputStream hurlBufOus = new BufferedOutputStream(conn.getOutputStream());
//拼成固定的格式传给平台
String str = String.format(Locale.CHINA, "{\"receipt-data\":\"" + receipt + "\"}");
hurlBufOus.write(str.getBytes());
hurlBufOus.flush();
InputStream is = conn.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
String line = null;
StringBuffer sb = new StringBuffer();
while ((line = reader.readLine()) != null) {
sb.append(line);
}
return sb.toString();
}
}
搞定收工,其实和正常支付流程来说不一样的是支付的工作都在苹果内部做好了,服务端只需要校验是否消费已经重复消费的问题就可以了!
最后加上沙盒测试环境苹果服务器返回的正确验证信息
{
"environment":"Sandbox",
"receipt":{
"in_app":[
{
"transaction_id":"1000000924533847",
"original_purchase_date":"2021-12-06 03:02:54 Etc/GMT",
"in_app_ownership_type":"PURCHASED",
"quantity":"1",
"original_transaction_id":"1000000924533847",
"purchase_date_pst":"2021-12-05 19:02:54 America/Los_Angeles",
"original_purchase_date_ms":"1638759774000",
"purchase_date_ms":"1638759774000",
"product_id":"test_001",
"original_purchase_date_pst":"2021-12-05 19:02:54 America/Los_Angeles",
"is_trial_period":"false",
"purchase_date":"2021-12-06 03:02:54 Etc/GMT"
}
],
"adam_id":0,
"receipt_creation_date":"2021-12-06 03:02:54 Etc/GMT",
"original_application_version":"1.0",
"app_item_id":0,
"original_purchase_date_ms":"1375340400000",
"request_date_ms":"1639398803764",
"original_purchase_date_pst":"2013-08-01 00:00:00 America/Los_Angeles",
"original_purchase_date":"2013-08-01 07:00:00 Etc/GMT",
"receipt_creation_date_pst":"2021-12-05 19:02:54 America/Los_Angeles",
"receipt_type":"ProductionSandbox",
"bundle_id":"xxx.appx.iap",
"receipt_creation_date_ms":"1638759774000",
"request_date":"2021-12-13 12:33:23 Etc/GMT",
"version_external_identifier":0,
"request_date_pst":"2021-12-13 04:33:23 America/Los_Angeles",
"download_id":0,
"application_version":"1"
},
"status":0
}