最近公司iOS發布了新版本,被拒,原因就是沒有添加內購,並被嚴重警告,為此,不得已要加上iOS內購功能,以下就是我為了iOS內購所寫的后台代碼,首先看下支付的時序圖吧:
簡單說下,時序圖的意思吧:
第一步: 客戶端請求java服務器,在數據創建一個訂單號,返回給客戶端;
第二步: 客戶端請求支付,apple返回結果值receipt-data;
第三步: 客戶端拿着返回的receipt-data給java服務端,java服務端去apple服務器驗證是否正確之類的,最后返回給客戶端驗證結果。
下面是我的java后台代碼:
首先在自己服務器創建一條訂單記錄,這個完全是根據自己這邊的業務需求去寫就好了,不需要說很多,記得把你這邊生成的訂單號返回給前端,不然后面沒有辦法拿到唯一標識,因為蘋果那邊必須要走到最后一步才能拿到流水號,因此,我們這邊需要創建訂單號,當做唯一標識,傳給前端,唉,其實,這樣也是會有問題的,因為有可能會被搞。
下面是我們的服務器拿到前端給的receipt-data去蘋果服務器驗證的代碼:
后端的驗證代碼:
public ResultVO iPayNotify(HttpServletRequest request, String productId, String receipt, String orderNo) {
int userId = JWTUtil.getUserIdFromHeader(request);
String verifyResult = IosVerifyUtil.buyAppVerify(receipt, 1); //1.先線上測試 發送平台驗證
if (verifyResult == null) { // 蘋果服務器沒有返回驗證結果
return ResultVOUtil.error(ResultEnum.ORDER_NOT_EX);
} else { // 蘋果驗證有返回結果
JSONObject job = JSONObject.parseObject(verifyResult);
String states = job.getString("status");
if ("21007".equals(states)) { //是沙盒環境,應沙盒測試,否則執行下面
verifyResult = IosVerifyUtil.buyAppVerify(receipt, 0); //2.再沙盒測試 發送平台驗證
job = JSONObject.parseObject(verifyResult);
states = job.getString("status");
}
if (states.equals("0")) { // 前端所提供的收據是有效的 驗證成功
String r_receipt = job.getString("receipt");
JSONObject returnJson = JSONObject.parseObject(r_receipt);
String in_app = returnJson.getString("in_app");
JSONArray jsonArray = JSONArray.parseArray(in_app);
for (int i = 0; i < jsonArray.size(); i++) {
if (productId.equals(jsonArray.getJSONObject(i).get("product_id") == null ? null : jsonArray.getJSONObject(i).get("product_id").toString())) {
Map<String, Object> paraMap = new HashMap<>();
String transaction_id = jsonArray.getJSONObject(i).get("transaction_id") == null ? null : jsonArray.getJSONObject(i).get("transaction_id").toString();
SysOrder order = sysOrderService.getOrderInfoBySeq(transaction_id);
if (!StringUtils.isEmpty(order) && order.getUserId() != userId) {
return ResultVOUtil.error(ResultEnum.APPID_ALREADY_BINDING_USER);
}
paraMap.put("userId", userId);
paraMap.put("orderNo", orderNo);
SysOrder sysOrder = sysOrderService.getOrderInfoByOrderNo(paraMap);
if (StringUtils.isEmpty(sysOrder)) {
return ResultVOUtil.error(ResultEnum.ORDER_NOT_EX);
}
sysOrder.setPaySeq(transaction_id);
sysOrder.setPayStatus(PayStatusEnum.PAID.getCode());
paraMap.clear();
//更改用戶的優惠券狀態
paraMap.put("userId", sysOrder.getUserId());
paraMap.put("id", sysOrder.getGoodsId());
Goods goods = goodsService.getGoodsInfo(paraMap);
// paraMap.put("userId", userId);
paraMap.put("type", goods.getType());
List<CouponVO> couponList = couponService.getCouponListByGoodsType(paraMap);
if (!couponList.isEmpty()) {
couponService.updateCouponByMap(couponList, sysOrder.getId());
}
sysOrder.setUpdateTime(new Date());
sysOrderService.saveOrUpdate(sysOrder, sysOrder.getId());
//可以做你們自己業務的一些操作吧,這邊就給出偽代碼了
}
}
} else {
return ResultVOUtil.error(ResultEnum.RECEIPT_DATA_ERROR);
}
}
return ResultVOUtil.success();
}其中用到的工具類IosVerifyUtil :
package com.zhima.utils;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Locale;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
/**
* 蘋果IAP內購驗證工具類
* @ClassName: IosVerify
* @Description:Apple Pay
*/
public class IosVerifyUtil {
private static class TrustAnyTrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[] {};
}
}
private static class TrustAnyHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
private static final String url_sandbox = "https://sandbox.itunes.apple.com/verifyReceipt";
private static final String url_verify = "https://buy.itunes.apple.com/verifyReceipt";
/**
* 蘋果服務器驗證
*
* @param receipt
* 賬單
* @url 要驗證的地址
* @return null 或返回結果 沙盒 https://sandbox.itunes.apple.com/verifyReceipt
*
*/
public static String buyAppVerify(String receipt,int type) {
//環境判斷 線上/開發環境用不同的請求鏈接
String url = "";
if(type==0){
url = url_sandbox; //沙盒測試
}else{
url = url_verify; //線上測試
}
//String url = EnvUtils.isOnline() ?url_verify : url_sandbox;
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
URL console = new URL(url);
HttpsURLConnection conn = (HttpsURLConnection) console.openConnection();
conn.setSSLSocketFactory(sc.getSocketFactory());
conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
conn.setRequestMethod("POST");
// conn.setRequestProperty("content-type", "text/json");
conn.setRequestProperty("Content-Type","application/json");
conn.setRequestProperty("Proxy-Connection", "Keep-Alive");
conn.setDoInput(true);
conn.setDoOutput(true);
BufferedOutputStream hurlBufOus = new BufferedOutputStream(conn.getOutputStream());
String str = String.format(Locale.CHINA, "{\"receipt-data\":\"" + receipt + "\"}");//拼成固定的格式傳給平台
hurlBufOus.write(str.getBytes());
hurlBufOus.flush();
InputStream is = conn.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
String line = null;
StringBuffer sb = new StringBuffer();
while ((line = reader.readLine()) != null) {
sb.append(line);
}
return sb.toString();
} catch (Exception ex) {
System.out.println("蘋果服務器異常");
ex.printStackTrace();
}
return null;
}
/**
* 用BASE64加密
*
* @param str
* @return
*/
public static String getBASE64(String str) {
byte[] b = str.getBytes();
String s = null;
if (b != null) {
s = new sun.misc.BASE64Encoder().encode(b);
}
return s;
}
}以上,就是我這次為iOS寫的java后台,其中有考慮不全的地方,如果各位大佬有好的想法或者看法建議,可以留言一起討論一下。