Question

我正在尝试使用名为RMStore的收据验证的热门库中的代码验证收据是否适用于此特定设备：

NSUUID * uuid = [[UIDevice currentDevice] identifierForVendor];
uuid_t uuidBytes;
[uuid getUUIDBytes:uuidBytes];

NSMutableData * data = [[NSMutableData alloc] init];
[data appendBytes:uuidBytes length:sizeof(uuidBytes)];
[data appendData:_parsedReceipt.opaqueValue];
[data appendData:_parsedReceipt.bundleIdentifierData];

NSMutableData * computedHash = [NSMutableData dataWithLength:SHA_DIGEST_LENGTH];
SHA1(data.bytes, data.length, computedHash.mutableBytes);

return [computedHash isEqualToData:_parsedReceipt.hash];

但这两个哈希并不相等。代码有问题吗？

修改

    SKReceiptRefreshRequest * request = [[SKReceiptRefreshRequest alloc] initWithReceiptProperties:@{SKReceiptPropertyIsRevoked: @YES}];
    [request setDelegate:self];
    [request start];

在我重新获取一次收据后，哈希开始匹配。这是我见过的最离奇的行为。有谁知道为什么会发生这种情况？

Answer 1

如您从中获取该代码的答案所示，Apple建议在验证失败时刷新收据。这是RMStore验证收据/交易的作用：

RMAppReceipt *receipt = [RMAppReceipt bundleReceipt];
const BOOL verified = [self verifyTransaction:transaction inReceipt:receipt success:successBlock failure:nil]; // failureBlock is nil intentionally. See below.
if (verified) return;

// Apple recommends to refresh the receipt if validation fails on iOS
[[RMStore defaultStore] refreshReceiptOnSuccess:^{
    RMAppReceipt *receipt = [RMAppReceipt bundleReceipt];
    [self verifyTransaction:transaction inReceipt:receipt success:successBlock failure:failureBlock];
} failure:^(NSError *error) {
    [self failWithBlock:failureBlock error:error];
}];

Answer 2

我将在这里添加一件事-花了我一段时间才弄清楚为什么我的哈希值不匹配...

接收bundleId示例： ASN1 OCTET STRING（27个字节）0C19636F6D2E706177656C6B6C61707563682E536B696E4578616D

实际上由标识符（0C），长度（19）和值（63..6D）组成。

用于比较app.bundleId == receive.bundleId->仅使用值
为了生成哈希->使用整个ASN1缓冲区
（否则SHA1会产生不同的值）

Apple Receipt设备哈希验证

2 个答案: