iAP服务端验证,网络上介绍的东西不多,找很很久才找到苹果的官方文档,记录下来。
Verifying an App Receipt
Communication with the App Store is structured as JSON
dictionaries, as defined in RFC 4627. To verify the receipt,
perform the following steps:
Retrieve the receipt data and base64 encode it (using the RFC 4648
form of base64). Use themethod
ofto locate the
app’s receipt, and then read the entire file.
If theappStoreReceiptURLmethod
is not available, you can fall back to the value of a
transaction'sproperty for
backward compatibility.
Create a JSON object with a single key namedreceipt-datawhose
value is the base64-encoded receipt data. Your JSON object should
look like this:
{
"receipt-data" : "(receipt bytes here)"
}
Send the JSON object to the App Store using an HTTP POST request.
The URL for the store ishttps://buy.itunes.apple.com/verifyReceipt.
The response received from the App Store is a JSON object with the
keysstatusandreceipt.
(When validating an auto-renewable subscription, the response
contains additional keys, as described in
{
"status" : 0,
"receipt" : { (receipt here) }
}
If the value of thestatuskey
is0,
this is a valid receipt. If the value is anything other
than0,
this receipt is invalid.
The value of thereceiptkey
is a JSON object that contains the receipt’s fields. For
information about the fields in a receipt,
see
下面这个差不多就是上面官方文档的中文介绍版本:
Verify an App Store Transaction Receipt
【苹果服务端验证一个应用程序商店交易收据有效性】
http://blog.csdn.net/saindy5828/article/details/6414014
同时还提供了JAVA版的代码:
public int verifyReceipt( byte[] receipt)
{
int status = -1;
//This is the URL of the REST webservice in iTunes App Store
URL url = new URL("https://buy.itunes.apple.com/verifyReceipt");
//make connection, use post mode
HttpsURLConnection connection = (HttpsURLConnection)
url.openConnection();
connection.setRequestMethod("POST");
connection.setDoOutput(true);
connection.setAllowUserInteraction(false);
//Encode the binary receipt data into Base 64
//Here I'm using org.apache.commons.codec.binary.Base64 as an
encoder, since commons-codec is already in Grails classpath
Base64 encoder = new Base64();
String encodedReceipt = new
String(encoder.encode(receipt));
//Create a JSON query object
//Here I'm using Grails'
org.codehaus.groovy.grails.web.json.JSONObject
Map map = new HashMap();
map.put("receipt-data", encodedReceipt);
JSONObject jsonObject = new JSONObject(map);
//Write the JSON query object to the connection output stream
PrintStream ps = new
PrintStream(connection.getOutputStream());
ps.print(jsonObject.toString());
ps.close();
//Call the service
BufferedReader br = new BufferedReader(new
InputStreamReader(connection.getInputStream()));
//Extract response
String str;
StringBuffer sb = new StringBuffer();
while ((str = br.readLine()) != null) {
sb.append(str);
sb.append("/n");
}
br.close();
String response = sb.toString();
//Deserialize response
JSONObject result = new JSONObject(response);
status = result.getInt("status");
if (status == 0) {
//provide content
} else {
//signal error, throw an exception, do your stuff honey!
}
return status ;
}
下面这个也类似,也有代码
下面这个分析的比较详细
============
客户端验证
下面李华明的这个是在客户端做验证:
-----------------
APPSTORE 官方文档