iOS内购--java后台

    最近公司iOS发布了新版本,被拒,原因就是没有添加内购,并被严重警告,为此,不得已要加上iOS内购功能,以下就是我为了iOS内购所写的后台代码,首先看下支付的时序图吧:

iOS内购--java后台

 

   简单说下,时序图的意思吧:

   第一步: 客户端请求java服务器,在数据创建一个订单号,返回给客户端;

   第二步: 客户端请求支付,apple返回结果值receipt-data;

   第三步: 客户端拿着返回的receipt-data给java服务端,java服务端去apple服务器验证是否正确之类的,最后返回给客户端验证结果。

 下面是我的java后台代码:

      首先在自己服务器创建一条订单记录,这个完全是根据自己这边的业务需求去写就好了,不需要说很多,记得把你这边生成的订单号返回给前端,不然后面没有办法拿到唯一标识,因为苹果那边必须要走到最后一步才能拿到流水号,因此,我们这边需要创建订单号,当做唯一标识,传给前端,唉,其实,这样也是会有问题的,因为有可能会被搞。

   下面是我们的服务器拿到前端给的receipt-data去苹果服务器验证的代码:

    后端的验证代码:

   public ResultVO iPayNotify(HttpServletRequest request, String productId, String receipt, String orderNo) {
        int userId = JWTUtil.getUserIdFromHeader(request);

        String verifyResult = IosVerifyUtil.buyAppVerify(receipt, 1);            //1.先线上测试    发送平台验证
        if (verifyResult == null) {                                            // 苹果服务器没有返回验证结果
            return ResultVOUtil.error(ResultEnum.ORDER_NOT_EX);
        } else {                                                                // 苹果验证有返回结果
            JSONObject job = JSONObject.parseObject(verifyResult);
            String states = job.getString("status");

            if ("21007".equals(states)) {                                            //是沙盒环境,应沙盒测试,否则执行下面
                verifyResult = IosVerifyUtil.buyAppVerify(receipt, 0);            //2.再沙盒测试  发送平台验证
                job = JSONObject.parseObject(verifyResult);
                states = job.getString("status");
            }
            if (states.equals("0")) { // 前端所提供的收据是有效的    验证成功
                String r_receipt = job.getString("receipt");
                JSONObject returnJson = JSONObject.parseObject(r_receipt);
                String in_app = returnJson.getString("in_app");

                JSONArray jsonArray = JSONArray.parseArray(in_app);

                for (int i = 0; i < jsonArray.size(); i++) {
                    if (productId.equals(jsonArray.getJSONObject(i).get("product_id") == null ? null : jsonArray.getJSONObject(i).get("product_id").toString())) {
                        Map<String, Object> paraMap = new HashMap<>();
                        String transaction_id = jsonArray.getJSONObject(i).get("transaction_id") == null ? null : jsonArray.getJSONObject(i).get("transaction_id").toString();

                        SysOrder order = sysOrderService.getOrderInfoBySeq(transaction_id);
                        if (!StringUtils.isEmpty(order) && order.getUserId() != userId) {
                            return ResultVOUtil.error(ResultEnum.APPID_ALREADY_BINDING_USER);
                        }

                        paraMap.put("userId", userId);
                        paraMap.put("orderNo", orderNo);

                        SysOrder sysOrder = sysOrderService.getOrderInfoByOrderNo(paraMap);

                        if (StringUtils.isEmpty(sysOrder)) {
                            return ResultVOUtil.error(ResultEnum.ORDER_NOT_EX);
                        }

                        sysOrder.setPaySeq(transaction_id);
                        sysOrder.setPayStatus(PayStatusEnum.PAID.getCode());

                        paraMap.clear();

                        //更改用户的优惠券状态
                        paraMap.put("userId", sysOrder.getUserId());
                        paraMap.put("id", sysOrder.getGoodsId());
                        Goods goods = goodsService.getGoodsInfo(paraMap);
                        // paraMap.put("userId", userId);
                        paraMap.put("type", goods.getType());
                        List<CouponVO> couponList = couponService.getCouponListByGoodsType(paraMap);

                        if (!couponList.isEmpty()) {
                            couponService.updateCouponByMap(couponList, sysOrder.getId());
                        }

                        sysOrder.setUpdateTime(new Date());
                        sysOrderService.saveOrUpdate(sysOrder, sysOrder.getId());
                      //可以做你们自己业务的一些操作吧,这边就给出伪代码了

                    }

                }
            } else {
                return ResultVOUtil.error(ResultEnum.RECEIPT_DATA_ERROR);
            }
        }
        return ResultVOUtil.success();
    }

其中用到的工具类IosVerifyUtil :

package com.zhima.utils;

import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Locale;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
* 苹果IAP内购验证工具类
* @ClassName: IosVerify
* @Description:Apple Pay
*/
public class IosVerifyUtil {

    private static class TrustAnyTrustManager implements X509TrustManager {

        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[] {};
        }
    }

    private static class TrustAnyHostnameVerifier implements HostnameVerifier {
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }
    }

    private static final String url_sandbox = "https://sandbox.itunes.apple.com/verifyReceipt";
    private static final String url_verify = "https://buy.itunes.apple.com/verifyReceipt";

    /**
     * 苹果服务器验证
     *
     * @param receipt
     *            账单
     * @url 要验证的地址
     * @return null 或返回结果 沙盒 https://sandbox.itunes.apple.com/verifyReceipt
     *
     */
    public static String buyAppVerify(String receipt,int type) {
        //环境判断 线上/开发环境用不同的请求链接
        String url = "";
        if(type==0){
            url = url_sandbox; //沙盒测试
        }else{
            url = url_verify; //线上测试
        }
        //String url = EnvUtils.isOnline() ?url_verify : url_sandbox;

        try {
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
            URL console = new URL(url);
            HttpsURLConnection conn = (HttpsURLConnection) console.openConnection();
            conn.setSSLSocketFactory(sc.getSocketFactory());
            conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
            conn.setRequestMethod("POST");
           // conn.setRequestProperty("content-type", "text/json");
            conn.setRequestProperty("Content-Type","application/json");
            conn.setRequestProperty("Proxy-Connection", "Keep-Alive");
            conn.setDoInput(true);
            conn.setDoOutput(true);
            BufferedOutputStream hurlBufOus = new BufferedOutputStream(conn.getOutputStream());

            String str = String.format(Locale.CHINA, "{\"receipt-data\":\"" + receipt + "\"}");//拼成固定的格式传给平台
            hurlBufOus.write(str.getBytes());
            hurlBufOus.flush();

            InputStream is = conn.getInputStream();
            BufferedReader reader = new BufferedReader(new InputStreamReader(is));
            String line = null;
            StringBuffer sb = new StringBuffer();
            while ((line = reader.readLine()) != null) {
                sb.append(line);
            }

            return sb.toString();
        } catch (Exception ex) {
            System.out.println("苹果服务器异常");
            ex.printStackTrace();
        }
        return null;
    }

    /**
     * 用BASE64加密
     *
     * @param str
     * @return
     */
    public static String getBASE64(String str) {
        byte[] b = str.getBytes();
        String s = null;
        if (b != null) {
            s = new sun.misc.BASE64Encoder().encode(b);
        }
        return s;
    }

}

    以上,就是我这次为iOS写的java后台,其中有考虑不全的地方,如果各位大佬有好的想法或者看法建议,可以留言一起讨论一下。

iOS内购--java后台

上一篇:CentOS 7 挂载NTFS格式USB移动硬盘


下一篇:小米开源数据库简介