承接上文,http://www.buildapp.net/post/188.htm,对iap防破解做一些流程说明。
1)流程说明
手机端会把用户通过apple store购买产品的收据信息提交到中继服务器,中继服务器再转发给游戏服务器,游戏服务器把收到的收据信息再通过apple store的收据验证接口进行有效性检查,并把结果返回给中继服务器。
2)apple store接口说明
a.提交给apple服务器的数据为一段携带收据信息的JSON格式的字符串,中继服务器会把完整的串提交给游戏服务器。
b.测试模式和正常模式的接口地址不同,测试模式的接口地址为https://sandbox.itunes.apple.com/verifyReceipt;正常模式的接口地址为https://buy.itunes.apple.com/verifyReceipt。中继服务器提交单据信息时会同时携带此信息,以便游戏服务器选择apple验证接口地址。
c.apple单据验证结果会以JSON的形式返回,返回的详细信息见上面的参考地址。
d.游戏服务器除了需要验证单据合法性之外,还需防止及处理同一单据重复提交等情况,如下。
1)确定是否是游戏产生的单据,返回结果中的"bid":"oye.games.xiaoqiankuaipao"(需要在游戏服务器配置此信息),则是应用程序标识,用此来验证。
2)确定购买的是游戏内的道具,道具列表是在apple store里面设置好的(比如100元宝$0.99,200元宝$1.99),返回结果中的"product_id":"oye.games.xiaoqiankuaipao.hpplus1",是内设置的产品标识(游戏服务器需要维护此配置,并跟apple store同步),根据此标示来确定给玩家充值多少金额的元宝。
3)"transaction_id":"1000000026678252",为单据的流水号,验证成功后游戏服务器需要记录此信息,以防止玩家刷卡(重复提交某一合法单据信息)。
3)数据示例
==================提交给Apple store的JSON串==================
{"receipt-data":"ewoJInNpZ25hdHVyZSIgPSAiQWh0dWJkTWJ3ZUJ2UjA1V2paNTVaUWczcWxOOUFLNUhHNWNjSjJHdWFOOG9BZ1pxc2FwMTllSlRsZmRYKzh4SHFMSTJKSjRFditYWWZBemZvN1pPczVobTh4bVVhNXAxZ2FnWSsvaXJEU1QwdUcyYWo5VjdvYksvczk0L0Q4dGk1dThIZ3dKcHJMU1E2dG5YT2JNRXVkUi9FVjU1WThMSzI5REYzeVV0MDJEMEFBQURWekNDQTFNd2dnSTdvQU1DQVFJQ0NHVVVrVTNaV0FTMU1BMEdDU3FHU0liM0RRRUJCUVVBTUg4eEN6QUpCZ05WQkFZVEFsVlRNUk13RVFZRFZRUUtEQXBCY0hCc1pTQkpibU11TVNZd0pBWURWUVFMREIxQmNIQnNaU0JEWlhKMGFXWnBZMkYwYVc5dUlFRjFkR2h2Y21sMGVURXpNREVHQTFVRUF3d3FRWEJ3YkdVZ2FWUjFibVZ6SUZOMGIzSmxJRU5sY25ScFptbGpZWFJwYjI0Z1FYVjBhRzl5YVhSNU1CNFhEVEE1TURZeE5USXlNRFUxTmxvWERURTBNRFl4TkRJeU1EVTFObG93WkRFak1DRUdBMVVFQXd3YVVIVnlZMmhoYzJWU1pXTmxhWEIwUTJWeWRHbG1hV05oZEdVeEd6QVpCZ05WQkFzTUVrRndjR3hsSUdsVWRXNWxjeUJUZEc5eVpURVRNQkVHQTFVRUNnd0tRWEJ3YkdVZ1NXNWpMakVMTUFrR0ExVUVCaE1DVlZNd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFNclJqRjJjdDRJclNkaVRDaGFJMGc4cHd2L2NtSHM4cC9Sd1YvcnQvOTFYS1ZoTmw0WElCaW1LalFRTmZnSHNEczZ5anUrK0RyS0pFN3VLc3BoTWRkS1lmRkU1ckdYc0FkQkVqQndSSXhleFRldngzSExFRkdBdDFtb0t4NTA5ZGh4dGlJZERnSnYyWWFWczQ5QjB1SnZOZHk2U01xTk5MSHNETHpEUzlvWkhBZ01CQUFHamNqQndNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVVOaDNvNHAyQzBnRVl0VEpyRHRkREM1RllRem93RGdZRFZSMFBBUUgvQkFRREFnZUFNQjBHQTFVZERnUVdCQlNwZzRQeUdVakZQaEpYQ0JUTXphTittVjhrOVRBUUJnb3Foa2lHOTJOa0JnVUJCQUlGQURBTkJna3Foa2lHOXcwQkFRVUZBQU9DQVFFQUVhU2JQanRtTjRDL0lCM1FFcEszMlJ4YWNDRFhkVlhBZVZSZVM1RmFaeGMrdDg4cFFQOTNCaUF4dmRXLzNlVFNNR1k1RmJlQVlMM2V0cVA1Z204d3JGb2pYMGlreVZSU3RRKy9BUTBLRWp0cUIwN2tMczlRVWU4Y3pSOFVHZmRNMUV1bVYvVWd2RGQ0TndOWXhMUU1nNFdUUWZna1FRVnk4R1had1ZIZ2JFL1VDNlk3MDUzcEdYQms1MU5QTTN3b3hoZDNnU1JMdlhqK2xvSHNTdGNURXFlOXBCRHBtRzUrc2s0dHcrR0szR01lRU41LytlMVFUOW5wL0tsMW5qK2FCdzdDMHhzeTBiRm5hQWQxY1NTNnhkb3J5L0NVdk02Z3RLc21uT09kcVRlc2JwMGJzOHNuNldxczBDOWRnY3hSSHVPTVoydG04bnBMVW03YXJnT1N6UT09IjsKCSJwdXJjaGFzZS1pbmZvIiA9ICJld29KSW05eWFXZHBibUZzTFhCMWNtTm9ZWE5sTFdSaGRHVXRjSE4wSWlBOUlDSXlNREV5TFRBeUxURXpJREU1T2pJME9qVXlJRUZ0WlhKcFkyRXZURzl6WDBGdVoyVnNaWE1pT3dvSkltOXlhV2RwYm1Gc0xYUnlZVzV6WVdOMGFXOXVMV2xrSWlBOUlDSXhNREF3TURBd01ESTJOamM0TWpVeUlqc0tDU0ppZG5KeklpQTlJQ0l4TGpBaU93b0pJblJ5WVc1ellXTjBhVzl1TFdsa0lpQTlJQ0l4TURBd01EQXdNREkyTmpjNE1qVXlJanNLQ1NKeGRXRnVkR2wwZVNJZ1BTQWlNU0k3Q2draWIzSnBaMmx1WVd3dGNIVnlZMmhoYzJVdFpHRjBaUzF0Y3lJZ1BTQWlNVE15T1RFNE9UZzVNakU1TVNJN0Nna2ljSEp2WkhWamRDMXBaQ0lnUFNBaWIzbGxMbWRoYldWekxuaHBZVzl4YVdGdWEzVmhhWEJoYnk1b2NIQnNkWE14SWpzS0NTSnBkR1Z0TFdsa0lpQTlJQ0kxTURJME1qa3dPVGNpT3dvSkltSnBaQ0lnUFNBaWIzbGxMbWRoYldWekxuaHBZVzl4YVdGdWEzVmhhWEJoYnlJN0Nna2ljSFZ5WTJoaGMyVXRaR0YwWlMxdGN5SWdQU0FpTVRNeU9URTRPVGc1TWpFNU1TSTdDZ2tpY0hWeVkyaGhjMlV0WkdGMFpTSWdQU0FpTWpBeE1pMHdNaTB4TkNBd016b3lORG8xTWlCRmRHTXZSMDFVSWpzS0NTSndkWEpqYUdGelpTMWtZWFJsTFhCemRDSWdQU0FpTWpBeE1pMHdNaTB4TXlBeE9Ub3lORG8xTWlCQmJXVnlhV05oTDB4dmMxOUJibWRsYkdWeklqc0tDU0p2Y21sbmFXNWhiQzF3ZFhKamFHRnpaUzFrWVhSbElpQTlJQ0l5TURFeUxUQXlMVEUwSURBek9qSTBPalV5SUVWMFl5OUhUVlFpT3dwOSI7CgkiZW52aXJvbm1lbnQiID0gIlNhbmRib3giOwoJInBvZCIgPSAiMTAwIjsKCSJzaWduaW5nLXN0YXR1cyIgPSAiMCI7Cn0="}
==================Appl store返回的验证结果==================
{"receipt":{"original_purchase_date_pst":"2012-02-13 19:24:52 America/Los_Angeles", "original_transaction_id":"1000000026678252", "original_purchase_date_ms":"1329189892191", "transaction_id":"1000000026678252", "quantity":"1", "product_id":"oye.games.xiaoqiankuaipao.hpplus1", "bvrs":"1.0", "purchase_date_ms":"1329189892191", "purchase_date":"2012-02-14 03:24:52 Etc/GMT", "original_purchase_date":"2012-02-14 03:24:52 Etc/GMT", "purchase_date_pst":"2012-02-13 19:24:52 America/Los_Angeles", "bid":"oye.games.xiaoqiankuaipao", "item_id":"502429097"}, "status":0}
==================Appl store返回的验证结果(无效的单据)==================
{"status":21002, "exception":"java.lang.NullPointerException"}
//status为非0值,则表示收据无效
