package com.demo.controller.web.app; import java.io.BufferedOutputStream; import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; import java.net.URL; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Locale; import java.util.Map; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import sun.misc.BASE64Decoder; import com.demo.common.Result; import com.demo.common.util.StringUtils; import com.demo.constant.Constant; import com.demo.constant.Enums; import com.demo.service.AppEspOrderService; import com.demo.service.AppEspProductService; import com.demo.service.AppUserInfoService; import com.demo.service.AppVersionService; import com.demo.service.UserService; import com.demo.service.eshop.EspOrderLogService; import com.demo.vo.AppEspOrder; import com.demo.vo.AppEspProduct; import com.demo.vo.AppUserInfo; import com.demo.vo.AppVersion; import com.demo.vo.EspOrderLog; import com.demo.vo.User; import net.sf.json.JSONObject; @Controller @RequestMapping("/app/*") public class AstroCalendarIOSVerifyController { private Logger log = Logger.getLogger(AstroCalendarIOSVerifyController.class); @Autowired private UserService userService; @Autowired private AppEspOrderService appEspOrderService; @Autowired private AppVersionService appVersionService; @Autowired private AppEspProductService appEspProductService; @Autowired private AppUserInfoService appUserInfoService; @Autowired private EspOrderLogService espOrderLogService; private static class TrustAnyTrustManager implements X509TrustManager { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[] {}; } } private static class TrustAnyHostnameVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession session) { return true; } } private static final String url_sandbox = "https://sandbox.itunes.apple.com/verifyReceipt"; private static final String url_verify = "https://buy.itunes.apple.com/verifyReceipt"; /** * * @param receipt 账单 * @url 要验证的地址 * @return null 或返回结果 沙盒 https://sandbox.itunes.apple.com/verifyReceipt * */ public String buyAppVerify(String receipt,String url,Map<String, String> map) { try { SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, new TrustManager[] { new TrustAnyTrustManager() },new java.security.SecureRandom()); URL console = new URL(url); HttpsURLConnection conn = (HttpsURLConnection) console.openConnection(); conn.setSSLSocketFactory(sc.getSocketFactory()); conn.setHostnameVerifier(new TrustAnyHostnameVerifier()); conn.setRequestMethod("POST"); conn.setRequestProperty("content-type", "text/json"); conn.setRequestProperty("Proxy-Connection", "Keep-Alive"); conn.setDoInput(true); conn.setDoOutput(true); conn.setConnectTimeout(30*1000);//设置连接超时30秒 BufferedOutputStream hurlBufOus = new BufferedOutputStream(conn.getOutputStream()); String str = String.format(Locale.CHINA, "{\"receipt-data\":\""+ receipt + "\"}"); System.out.println("str:" + str); hurlBufOus.write(str.getBytes()); hurlBufOus.flush(); InputStream is = conn.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(is)); String line = null; StringBuffer sb = new StringBuffer(); while ((line = reader.readLine()) != null) { sb.append(line); } System.out.println(sb.toString()); return sb.toString(); } catch (Exception ex) { log.error("系统异常"+ex); map.put("orderStatus", "D"); // ex.printStackTrace(); } return null; } @RequestMapping("/app/validateOrder" + Constant.JSON) @ResponseBody public Map<String, String> validateOrder(HttpServletRequest request) { long start = System.currentTimeMillis(); Map<String, String> map = new HashMap<String, String>(); User user = checkUserLogin(request); AppUserInfo appUser = null; if(user!=null){ appUser = new AppUserInfo(); appUser.setUserId(user.getUserId()); appUser = appUserInfoService.findByPk(appUser); } //判断app用户表里是否存在此用户 if(appUser == null){ map.put("loginStatus", "-1"); }else{ map.put("loginStatus", "0"); try { String receipt = request.getParameter("receipt"); String orderMonths = request.getParameter("orderMonths"); String versionCode = request.getParameter("versionCode"); String appId = request.getParameter("appId"); String price = request.getParameter("price"); if(StringUtils.isBlank(appId) || StringUtils.isBlank(versionCode)){ map.put("orderStatus", "D"); return map; } Integer vCode = Integer.parseInt(versionCode); Integer appID = Integer.parseInt(appId); AppEspOrder aeo = new AppEspOrder(); aeo.setReceipt(receipt); List<AppEspOrder> list = appEspOrderService.freeFindAll(aeo); if(list.size()==0){ //添加新订单 AppUserInfo aui = new AppUserInfo(); aui.setUserId(user.getUserId()); aui = appUserInfoService.findByPk(aui); SimpleDateFormat osf = new SimpleDateFormat("yyMMddHH"); String orderId = Enums.OrderPrefix.NA + osf.format(new Date())+ StringUtils.getRandomSixNUM(); if(aui != null){ AppVersion version = new AppVersion(); version.setVersionCode(vCode); int count = appVersionService.countFreeFind(version); AppEspProduct aep = new AppEspProduct(); aep.setAppId(appID); aep = appEspProductService.findByPK(aep); //检查appID,versionId是否合法 if(aep == null || count<0){ map.put("orderStatus", "C"); return map; } aeo.setAppId(aep.getAppId()); aeo.setAppName(aep.getAppName()); aeo.setVersionCode(vCode); aeo.setUserId(aui.getUserId()); aeo.setNickName(aui.getNickName()); aeo.setEmail(aui.getEmail()); aeo.setOrderId(orderId); aeo.setOrderMonths(orderMonths); aeo.setSubtotal(new Long(price)); aeo.setIsFree("N"); aeo.setOrderStatus("A");//新订单 aeo.setCreateBy("system"); aeo.setCreateDt(new Date()); aeo.setPaidDate(new Date()); appEspOrderService.insert(aeo); //订单日志 EspOrderLog log = new EspOrderLog(); log.setRemark("生成新订单,已支付,等待验证..."); log.setChangeTime(new Date()); log.setChangeUser("system"); log.setIsMem("N"); log.setType("A"); log.setOrderId(orderId); espOrderLogService.addOrderLog(log); } //向苹果服务器发起验证 Result result = validateAppleServler(map, receipt, url_verify, aeo, orderId); if(result.isSuccess()==true){ validateAppleServler(map, receipt, url_sandbox, aeo, orderId); } }else{//如果该收据已经存在,判断收据的订单状态,再判断是用户及月份是否相同,防止盗用receipt AppEspOrder order = list.get(0); if("A".equals(order.getOrderStatus()) || "D".equals(order.getOrderStatus())){//新订单已经添加尚未验证或验证超时连接错误,需重新请求验证 Result result = validateAppleServler(map, order.getReceipt(), url_verify, order, order.getOrderId()); if(result.isSuccess()==true){ validateAppleServler(map, order.getReceipt(), url_sandbox, order, order.getOrderId()); } }else if("B".equals(order.getOrderStatus())){ if(receipt.equals(order.getReceipt())&&user.getUserId().equals(order.getUserId())&&orderMonths.equals(order.getOrderMonths())){ map.put("orderStatus", "B"); }else{ map.put("orderStatus", "C");//验证失败 } }else{ map.put("orderStatus", "C");//验证失败 } } } catch (Exception e) { map.put("orderStatus", "D"); log.error("系统异常"+e); e.printStackTrace(); } } long end = System.currentTimeMillis(); System.out.println("验证收据信息耗时:"+(end-start)+"毫秒"); return map; } //向苹果服务器发送验证请求 private Result validateAppleServler(Map<String, String> map, String receipt, String url, AppEspOrder aeo, String orderId) { Result result = new Result().setSuccess(false); String verifyResult = buyAppVerify(receipt,url,map); if (verifyResult != null) { JSONObject job = JSONObject.fromObject(verifyResult); String status = job.getString("status"); if ("0".equals(status)){// 验证成功 aeo.setOrderStatus("B"); String r_receipt=job.getString("receipt"); System.out.println(r_receipt); System.out.println("-------------------------------"); JSONObject returnJson = JSONObject.fromObject(r_receipt); String product_id = returnJson.getString("product_id"); //产品ID String quantity = returnJson.getString("quantity"); //数量 String transactionId = returnJson.getString("transaction_id");//交易id System.out.println("产品id:"+product_id+"\t"+"数量"+quantity+"\t"+"交易id"+transactionId); aeo.setProductId(product_id); int total = 0; if(!StringUtils.isBlank(quantity)) total = Integer.parseInt(quantity); aeo.setQuantity(total); aeo.setTransactionId(transactionId); appEspOrderService.update(aeo); EspOrderLog log2 = new EspOrderLog(); log2.setRemark("向苹果服务器发送验证成功..."); log2.setChangeTime(new Date()); log2.setChangeUser("system"); log2.setIsMem("N"); log2.setType("B"); log2.setOrderId(orderId); espOrderLogService.addOrderLog(log2); map.put("orderStatus", "B"); }else if("21007".equals(status)){//重新验证,更改路径为正式环境的路径 EspOrderLog log1 = new EspOrderLog(); log1.setRemark("向苹果正式服务器发送验证失败,得到状态值为21007."); log1.setChangeTime(new Date()); log1.setChangeUser("system"); log1.setIsMem("N"); log1.setType("A"); log1.setOrderId(orderId); espOrderLogService.addOrderLog(log1); result.setSuccess(true); }else{//验证失败 aeo.setOrderStatus("C"); appEspOrderService.update(aeo); EspOrderLog log1 = new EspOrderLog(); log1.setRemark("向苹果服务器发送验证失败..."); log1.setChangeTime(new Date()); log1.setChangeUser("system"); log1.setIsMem("N"); log1.setType("A"); log1.setOrderId(orderId); espOrderLogService.addOrderLog(log1); map.put("orderStatus", "C"); } } return result; } private User checkUserLogin(HttpServletRequest request) { String username = request.getParameter("username"); String password = request.getParameter("password"); if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) { return null; } User user = new User(); try { user.setEmail(username); user.setPassword(password); user = userService.userLogin(user); } catch (Exception e) { log.error("登录失败,用户名或密码错误!" + e); } return user; } }
努力生活,珍惜一切,知足最快乐!young joy..