關於Google Play支付校驗我之前在網上也找過大量的相關資料,發現大多數都是采用publicKey的方式來校驗訂單,但是在Google Play提供的官方實例中publicKey其實在客戶端也是存在的,所以這種校驗想要偽造其實是非常容易的,Google並未像Apple那樣提供一個接口來校驗訂單的信息,但是提供了一個獲取訂單狀態的接口,我們可以通過這個接口在GooglePlay服務器獲取某個訂單,查看其狀態是否合法達到校驗目的。
接口地址:https://developers.google.com/android-publisher/api-ref/purchases/products
要使用上面的接口獲取訂單首先是需要登錄認證的,這相比其它的平台稍微復雜了一點點,但是Google也提供了完整的庫,並不需要我們做過多的開發。
在開發之前我們需要設置一些基本參數(接口地址:https://play.google.com/apps/publish/?dev_acc=08522487669089675329#ApiAccessPlace)
1. 首先要在Google Developers Console上創建一個項目(參考圖下)
2. 項目創建成功之后需要創建Service Account(參考圖下)
---------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------
3. Service account 授權(參考圖下)
4. Service account創建成功之后生成P12 key文件(參考圖下)
+++++------------------------------------------------------------------------------------------+++++ 准備工作至此結束
1. 添加Maven項目依賴
<dependency> <groupId>com.google.apis</groupId> <artifactId>google-api-services-androidpublisher</artifactId> <version>v2-rev19-1.20.0</version> </dependency>
2. 獲取訂單狀態信息完成校驗
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; import com.google.api.client.http.HttpTransport; import com.google.api.client.json.jackson2.JacksonFactory; import com.google.api.client.util.SecurityUtils; import com.google.api.services.androidpublisher.AndroidPublisher; import com.google.api.services.androidpublisher.AndroidPublisherScopes; import com.google.api.services.androidpublisher.model.ProductPurchase; import java.io.File; import java.io.FileInputStream; import java.security.PrivateKey; /** * Google Play 支付校驗示例. * * @author Kevin Zou <kevinz@skfiy.org> */ public class GooglePlaySample { public static void main(String[] args) throws Exception { HttpTransport transport = GoogleNetHttpTransport.newTrustedTransport(); PrivateKey privateKey = SecurityUtils.loadPrivateKeyFromKeyStore( SecurityUtils.getPkcs12KeyStore(), new FileInputStream(new File("{P12 key file}")), // 生成的P12文件 "notasecret", "privatekey", "notasecret"); GoogleCredential credential = new GoogleCredential.Builder() .setTransport(transport).setJsonFactory(JacksonFactory.getDefaultInstance()) .setServiceAccountId("{Email address}") // e.g.: 626891557797-frclnjv31rn4ss81ch746g9t6pd3mmej@developer.gserviceaccount.com .setServiceAccountScopes(AndroidPublisherScopes.all()) .setServiceAccountPrivateKey(privateKey).build(); AndroidPublisher publisher = new AndroidPublisher.Builder(transport, JacksonFactory.getDefaultInstance(), credential).build(); AndroidPublisher.Purchases.Products products = publisher.purchases().products(); // 參數詳細說明: https://developers.google.com/android-publisher/api-ref/purchases/products/get AndroidPublisher.Purchases.Products.Get product = products.get("{packageName}", "{productId}", "{token}"); // 獲取訂單信息 // 返回信息說明: https://developers.google.com/android-publisher/api-ref/purchases/products // 通過consumptionState, purchaseState可以判斷訂單的狀態 ProductPurchase purchase = product.execute(); } }