release--苹果支付修复解析BUG

luoo_user/src/main/java/com/luoo/user/controller/ApplePayController.java

@@ -5,10 +5,12 @@ import cn.hutool.json.JSONObject;
 import cn.hutool.json.JSONUtil;
 import com.luoo.user.pojo.AppleOrder;
 import com.luoo.user.pojo.AppleResponse;
+import com.luoo.user.util.IosVerifyUtil;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -37,6 +39,11 @@ public class ApplePayController {
 
     @Value("${applePay.certificate}")
     private String certificateUrl;
+
+    @Autowired
+    private IosVerifyUtil iosVerifyUtil;
+
+
 //    private static final String certificateUrl = "https://buy.itunes.apple.com/verifyReceipt";
     //测试的购买凭证验证地址
 //    private static final String certificateUrlTest = "https://sandbox.itunes.apple.com/verifyReceipt";
@@ -60,7 +67,7 @@ public class ApplePayController {
      *
      * @param userId    用户ID
      * @param receipt   前端支付成功后：苹果给前端的一长串字符串
-     * @param chooseEnv false代表苹果沙箱环境，true代表真实支付环境
+     *
      */
     @PostMapping("/setIapCertificate")
     @ApiImplicitParams({@ApiImplicitParam(name = "userId", value = "用户Id"), @ApiImplicitParam(name = "receipt", value = "苹果传递前端支付成功的值")})
@@ -96,36 +103,40 @@ public class ApplePayController {
             return "调用传参错误！";
         }
         String line = null;
+
+       String result =  iosVerifyUtil.buyAppVerify(receipt, 1);
+
+        System.out.println(result+"");
         // todo 理论应该锁UserId，因为后台只能允许一个线程执行给玩家发送道具！
         try {
-            // 设置SSLContext
-            SSLContext ssl = SSLContext.getInstance("SSL");
-            ssl.init(null, new TrustManager[]{myX509TrustManager}, null);
-            // 打开连接
-            HttpsURLConnection conn = (HttpsURLConnection) new URL(url).openConnection();
-            // 设置套接工厂
-            conn.setSSLSocketFactory(ssl.getSocketFactory());
-            // 加入数据
-            conn.setRequestMethod("POST");
-            conn.setDoOutput(true);
-            conn.setRequestProperty("Content-type", "application/json");
-            // JSONObject obj = new JSONObject();
-            JSONObject obj = new JSONObject();
-            obj.set("receipt-data", receipt);
-            // 发送请求
-            BufferedOutputStream buffOutStr = new BufferedOutputStream(conn.getOutputStream());
-            buffOutStr.write(obj.toString().getBytes());
-            buffOutStr.flush();
-            buffOutStr.close();
-            // 获取接收响应的对象reader
-            BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
-            // 转换苹果响应的所有结果！
-            StringBuffer sb = new StringBuffer();
-            while ((line = reader.readLine()) != null) {
-                sb.append(line);
-            }
+//            // 设置SSLContext
+//            SSLContext ssl = SSLContext.getInstance("SSL");
+//            ssl.init(null, new TrustManager[]{myX509TrustManager}, null);
+//            // 打开连接
+//            HttpsURLConnection conn = (HttpsURLConnection) new URL(url).openConnection();
+//            // 设置套接工厂
+//            conn.setSSLSocketFactory(ssl.getSocketFactory());
+//            // 加入数据
+//            conn.setRequestMethod("POST");
+//            conn.setDoOutput(true);
+//            conn.setRequestProperty("Content-type", "application/json");
+//            // JSONObject obj = new JSONObject();
+//            JSONObject obj = new JSONObject();
+//            obj.set("receipt-data", receipt);
+//            // 发送请求
+//            BufferedOutputStream buffOutStr = new BufferedOutputStream(conn.getOutputStream());
+//            buffOutStr.write(obj.toString().getBytes());
+//            buffOutStr.flush();
+//            buffOutStr.close();
+//            // 获取接收响应的对象reader
+//            BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
+//            // 转换苹果响应的所有结果！
+//            StringBuffer sb = new StringBuffer();
+//            while ((line = reader.readLine()) != null) {
+//                sb.append(line);
+//            }
             // 处理苹果响应的结果
-            AppleResponse appleResponse = JSONUtil.toBean(sb.toString(), AppleResponse.class);
+            AppleResponse appleResponse = JSONUtil.toBean(result, AppleResponse.class);
             log.info("用户Id{},回调获取到了{}", userId, appleResponse.toString());
             // 苹果说了，只有订单状态是0才算成功，其他均是错误，可查：https://developer.apple.com/documentation/appstorereceipts/status
             if (StringUtils.equalsAny(appleResponse.getStatus(), "0")) {

luoo_user/src/main/java/com/luoo/user/util/IosVerifyUtil.java

@@ -0,0 +1,103 @@
+package com.luoo.user.util;
+
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import javax.net.ssl.*;
+import java.io.BufferedOutputStream;
+import java.io.BufferedReader;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.URL;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Locale;
+@Component
+public class IosVerifyUtil {
+
+
+    private static class TrustAnyTrustManager implements X509TrustManager {
+
+
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+            return new X509Certificate[]{};
+        }
+    }
+
+    private static class TrustAnyHostnameVerifier implements HostnameVerifier {
+        @Override
+        public boolean verify(String hostname, SSLSession session) {
+            return true;
+        }
+    }
+
+    @Value("${applePay.certificate}")
+    private  String url_apple_pay;
+
+    @Value("${applePay.certificate}")
+    private  String test_url_apple_pay;
+
+
+    /**
+     * 苹果服务器验证
+     *
+     * @param receipt 账单
+     * @return null 或返回结果 沙盒 https://sandbox.itunes.apple.com/verifyReceipt
+     * @url 要验证的地址
+     */
+    public  String buyAppVerify(String receipt,int type) {
+        //环境判断 线上/开发环境用不同的请求链接
+        try {
+            String url=null;
+            if (type==0){
+                url=test_url_apple_pay; //沙盒环境,测试
+            }else {
+                //生成
+                url=url_apple_pay;
+            }
+            SSLContext sc = SSLContext.getInstance("SSL");
+            sc.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());
+            URL console = new URL(url);
+            HttpsURLConnection conn = (HttpsURLConnection) console.openConnection();
+            conn.setSSLSocketFactory(sc.getSocketFactory());
+            conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
+            conn.setRequestMethod("POST");
+            conn.setRequestProperty("content-type", "text/json");
+            conn.setRequestProperty("Proxy-Connection", "Keep-Alive");
+            conn.setDoInput(true);
+            conn.setDoOutput(true);
+            conn.setConnectTimeout(3000);
+            BufferedOutputStream hurlBufOus = new BufferedOutputStream(conn.getOutputStream());
+            //拼成固定的格式传给平台
+            String str = String.format(Locale.CHINA, "{\"receipt-data\":\"" + receipt + "\"}");
+            // 直接将receipt当参数发到苹果验证就行，不用拼格
+            // String str = String.format(Locale.CHINA, receipt);
+            hurlBufOus.write(str.getBytes());
+            hurlBufOus.flush();
+
+            InputStream is = conn.getInputStream();
+            BufferedReader reader = new BufferedReader(new InputStreamReader(is));
+            String line = null;
+            StringBuilder sb = new StringBuilder();
+            while ((line = reader.readLine()) != null) {
+                sb.append(line);
+            }
+            return sb.toString();
+        } catch (Exception ex) {
+            System.out.println("苹果服务器异常");
+            ex.printStackTrace();
+        }
+        return null;
+
+    }
+}