ios支付签名认证
一、解析json中参数的含义
private Long id; @ApiModelProperty(value = "创建时间") private Date gmtCreate; @ApiModelProperty(value = "修改时间") private Date gmtModified; @ApiModelProperty(value = "用户编号") private Long userNo; @ApiModelProperty(value = "订单号") private Long orderNo; @ApiModelProperty(value = "唯一标识符") private String uniqueIdentifier; @ApiModelProperty(value = "原始交易ID") private Long originalTransactionId; @ApiModelProperty(value = "交易的标识") private Long transactionId; @ApiModelProperty(value = "数量") private BigDecimal quantity; @ApiModelProperty(value = "开发商交易ID") private String uniqueVendorIdentifier; @ApiModelProperty(value = "App Store用来标识程序的字符串") private Long itemId; @ApiModelProperty(value = "识别购买时使用的App版本,为任意数字") private String versionExternalIdentifier; @ApiModelProperty(value = "iPhone程序的bundle标识") private String bid; @ApiModelProperty(value = "商品的标识 ") private String productId; @ApiModelProperty(value = "校验状态码") private Integer status;
二、定义解析工具类
package com.roncoo.education.common.core.tools; import com.alibaba.fastjson.JSONObject; import javax.net.ssl.*; import java.io.BufferedOutputStream; import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; import java.math.BigDecimal; import java.net.URL; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Locale; /** * @author ZhangRF */ public class IosVerifyUtil { private static class TrustAnyTrustManager implements X509TrustManager { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[] {}; } } private static class TrustAnyHostnameVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession session) { return true; } } private static final String url_sandbox = "https://sandbox.itunes.apple.com/verifyReceipt"; private static final String url_verify = "https://buy.itunes.apple.com/verifyReceipt"; /** * 苹果服务器验证 * * @param receipt * 账单 * @url 要验证的地址 * @return null 或返回结果 沙盒 https://sandbox.itunes.apple.com/verifyReceipt * */ public static String buyAppVerify(String receipt,int type) { //环境判断 线上/开发环境用不同的请求链接 String url = ""; if(type==0){ url = url_sandbox; //沙盒测试 }else{ url = url_verify; //线上测试 } try { SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom()); URL console = new URL(url); HttpsURLConnection conn = (HttpsURLConnection) console.openConnection(); conn.setSSLSocketFactory(sc.getSocketFactory()); conn.setHostnameVerifier(new TrustAnyHostnameVerifier()); conn.setRequestMethod("POST"); conn.setRequestProperty("content-type", "text/json"); conn.setRequestProperty("Proxy-Connection", "Keep-Alive"); conn.setDoInput(true); conn.setDoOutput(true); BufferedOutputStream hurlBufOus = new BufferedOutputStream(conn.getOutputStream()); String str = String.format(Locale.CHINA, "{\"receipt-data\":\"" + receipt + "\"}");//拼成固定的格式传给平台 hurlBufOus.write(str.getBytes()); hurlBufOus.flush(); InputStream is = conn.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(is)); String line = null; StringBuffer sb = new StringBuffer(); while ((line = reader.readLine()) != null) { sb.append(line); } return sb.toString(); } catch (Exception ex) { System.out.println("苹果服务器异常"); ex.printStackTrace(); } return null; } /** * 用BASE64加密 * * @param str * @return */ public static String getBASE64(String str) { byte[] b = str.getBytes(); String s = null; if (b != null) { s = new sun.misc.BASE64Encoder().encode(b); } return s; } public static void main(String[] args) { String a = "拿到的苹果签名"; String buyAppVerify = buyAppVerify(a, 0); System.out.println(buyAppVerify); JSONObject appleReturn = JSONObject.parseObject(buyAppVerify); String status = appleReturn.getString("status"); a = appleReturn.getString("receipt"); JSONObject returnJson = JSONObject.parseObject(a); String uniqueIdentifier = returnJson.getString("unique_identifier"); Long originalTransactionId = returnJson.getLong("original_transaction_id"); Long transactionId = returnJson.getLong("transaction_id"); BigDecimal quantity = returnJson.getBigDecimal("quantity"); String uniqueVendorIdentifier = returnJson.getString("unique_vendor_identifier"); Long itemId = returnJson.getLong("item_id"); String versionExternalIdentifier = returnJson.getString("version_external_identifier"); String bid = returnJson.getString("bid"); String productId = returnJson.getString("product_id"); System.out.println(uniqueIdentifier+"======originalTransactionId"+originalTransactionId+"==transactionId=="+transactionId+ "====uniqueVendorIdentifier"+uniqueVendorIdentifier+"=====quantity"+quantity+"========"+itemId +"versionExternalIdentifier"+versionExternalIdentifier+"====bid"+bid+"===productId"+productId+"status"+status); } }
三、解析使用,数据存入数据库
package com.roncoo.education.course.service.api.auth.biz; import com.alibaba.fastjson.JSONObject; import com.roncoo.education.common.core.base.Base; import com.roncoo.education.common.core.base.Result; import com.roncoo.education.common.core.tools.IosVerifyUtil; import com.roncoo.education.course.service.dao.IosVerifyDao; import com.roncoo.education.course.service.dao.impl.mapper.entity.IosVerify; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import java.math.BigDecimal; /** * @author ZhangRF */ @Component public class AuthApiIosVerifyBiz extends Base { @Autowired private IosVerifyDao dao; /** * 解析IOS支付结果 * * @param receipt * @return */ public Result<Integer> buyAppVerify(String receipt, Long userNo, Long orderNo) { String verifyResult = IosVerifyUtil.buyAppVerify(receipt, 1); if (verifyResult == null) { return Result.error("苹果验证失败,返回数据为空"); } else { logger.info("线上,苹果平台返回JSON:" + verifyResult); JSONObject appleReturn = JSONObject.parseObject(verifyResult); String status = appleReturn.getString("status"); //无数据则沙箱环境验证 if ("21007".equals(status)) { verifyResult = IosVerifyUtil.buyAppVerify(receipt, 0); logger.info("沙盒环境,苹果平台返回JSON:" + verifyResult); appleReturn = JSONObject.parseObject(verifyResult); status = appleReturn.getString("status"); } logger.info("苹果平台返回值:appleReturn" + appleReturn); // 前端所提供的收据是有效的 验证成功 if (status.equals("0")) { receipt = appleReturn.getString("receipt"); JSONObject returnJson = JSONObject.parseObject(receipt); String uniqueIdentifier = returnJson.getString("unique_identifier"); Long originalTransactionId = returnJson.getLong("original_transaction_id"); Long transactionId = returnJson.getLong("transaction_id"); BigDecimal quantity = returnJson.getBigDecimal("quantity"); String uniqueVendorIdentifier = returnJson.getString("unique_vendor_identifier"); Long itemId = returnJson.getLong("item_id"); String versionExternalIdentifier = returnJson.getString("version_external_identifier"); String bid = returnJson.getString("bid"); String productId = returnJson.getString("product_id"); IosVerify iosVerify = new IosVerify(); iosVerify.setUniqueIdentifier(uniqueIdentifier); iosVerify.setOriginalTransactionId(originalTransactionId); iosVerify.setTransactionId(transactionId); iosVerify.setQuantity(quantity); iosVerify.setUniqueVendorIdentifier(uniqueVendorIdentifier); iosVerify.setItemId(itemId); iosVerify.setVersionExternalIdentifier(versionExternalIdentifier); iosVerify.setBid(bid); iosVerify.setProductId(productId); iosVerify.setStatus(Integer.valueOf(status)); iosVerify.setUserNo(userNo); iosVerify.setOrderNo(orderNo); return Result.success(dao.save(iosVerify)); } else { return Result.error("支付失败,错误码:" + status); } } } }