我们如何在服务器端验证Windows 8应用内结算收据? [英] How do we verify Windows 8 in-app billing receipt on the server side?

问题描述

我目前正在为Windows 8工作的应用中实现应用内购买.

I am currently implementing in-app purchases in an app that I am working for Windows 8.

阅读文档:

1. 请求该应用程序的许可证信息: msdn.microsoft.com/zh-CN/library/windows/apps/windows.applicationmodel.store.licenseinformation.aspx

1. Request the license Information for the app: msdn.microsoft.com/en-us/library/windows/apps/windows.applicationmodel.store.licenseinformation.aspx

这会告诉您该应用是否为试用版，以及使用应用内购买的产品列表.

This tells you if the app is trial or not, and the list of products bought using in-app.

1. 要执行购买，您需要使用以下对象:

CurrentApp:在实时环境中.仅在商店中批准了该应用程序后，此功能才起作用，因此您需要在包装之前进行此更改以提交到商店.

CurrentApp: In live environment. This will only work when the app is APPROVED in the store, so you need to make this change before packaging to submit to the store.

CurrentAppSimulator:调试和测试.

CurrentAppSimulator: Debug and testing.

2.a.如果您在试用模式下运行应用程序，则需要购买该应用程序，并调用: CurrentApp.RequestAppPurchaseAsync(true)

2.a. If you are running an app in trial mode, you purchase the app calling: CurrentApp.RequestAppPurchaseAsync (true)

该参数正在请求获取包含XML的字符串，该XML代表应用程序的所有收据和任何应用程序内购买.如果includeReceipt设置为false，则此字符串为空.

The parameter is requesting to get a string that contains XML that represents all receipts for the app and any in-app purchases. If includeReceipt is set to false, this string is empty.

2.b.从您的服务器验证购买.

2.b. Validate a purchase from your servers. Reference

我们要验证从服务器2.a获得的收据是真实的.要验证收据的真实性，您可以使用公共证书检查收据的签名.要获得此证书，请使用以下URL: go.microsoft.com/fwlink/?LinkId=246509&cid=收据的CertificateId在哪里.

We want to verify that the receipt that we got from server 2.a is genuine. To verify a receipt's authenticity, you can check the receipt's signature using the public certificate. To get this certificate, use the following URL: go.microsoft.com/fwlink/?LinkId=246509&cid= where is the CertificateId of the receipt.

这是CurrentAppSimulator的真实收据:

This is a real Receipt from the CurrentAppSimulator:

<?xml version="1.0" encoding="utf-8"?>
    <Receipt Version="1.0" ReceiptDate="2012-08-23T14:21:40Z" CertificateId="" ReceiptDeviceId="9d6b1f28-cab8-421f-8f8d-23df2dc3abbe">
    <ProductReceipt Id="d9437a12-4f91-4ef0-b0bf-527ab9da2ec9" AppId="Zolmo.JamiesRecipes_40cj6885yhw56" ProductId="JMPK_0004" PurchaseDate="2012-08-23T14:21:40Z" ProductType="Durable" />
</Receipt>

没有CertificateId，如何实现服务器端验证?在商店中没有应用程序的情况下，如何测试所有这些内容?

No CertificateId, how could I implement the server side validation? how can I test all this without having an app in the Store?

谢谢， 佩德罗

推荐答案

没有沙盒环境可以对Windows Store进行这种端到端测试.不过，这应该可以帮助您更进一步:

There is no sandbox environment to do this kind of end-to-end testing for the Windows Store. This should help get you a bit further though:

Store当前正在使用的CertificateId是b809e47cd0110a4db043b3f73e83acd917fe1336(这可能会随着时间而变化，因此您的代码应从已签名的收据中以编程方式获取此信息)

The CertificateId being used by the Store currently is b809e47cd0110a4db043b3f73e83acd917fe1336 (this can change over time so your code should get this programmatically from the signed receipts)

证书下载URL变为: https://go.microsoft.com/fwlink/?LinkId=246509&cid=b809e47cd0110a4db043b3f73e83acd917fe1336

The cert download URL becomes this: https://go.microsoft.com/fwlink/?LinkId=246509&cid=b809e47cd0110a4db043b3f73e83acd917fe1336

这是一个示例收据，您可以测试解析上面的URL中使用的CertificateId值的代码，并使用上面的URL返回的证书来验证签名是否有效的代码:

Here's a sample receipt you can test your code that parses the CertificateId value to use in the URL above and for the code that verifies the signature is valid using the cert returned by the URL above:

<Receipt Version="1.0" ReceiptDate="2012-08-28T22:11:33Z" CertificateId="b809e47cd0110a4db043b3f73e83acd917fe1336" ReceiptDeviceId="4e362949-acc3-fe3a-e71b-89893eb4f528">
<AppReceipt Id="8ffa256d-eca8-712a-7cf8-cbf5522df24b" AppId="55428GreenlakeApps.CurrentAppSimulatorEventTest_z7q3q7z11crfr" PurchaseDate="2012-06-04T23:07:24Z" LicenseType="Full" />
<ProductReceipt Id="2559fa9a-9f86-0525-e655-536a6c96fac6" ProductId="Product1" PurchaseDate="2012-06-04T23:07:50Z" ExpirationDate="2012-06-07T23:07:49Z" ProductType="Durable" AppId="55428GreenlakeApps.CurrentAppSimulatorEventTest_z7q3q7z11crfr" />
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
        <Reference URI="">
            <Transforms>
                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
            <DigestValue>npmBq7pdtq9FkfILSsHuVyD+QWiZg6J/klBKsyWhrw8=</DigestValue>
        </Reference>
    </SignedInfo>
    <SignatureValue>LKZSHmk6XjLaEHoJPFBB1GxVsFf2eilOXeyf2RvYtVvqjU4EIdOUfNM46sVifq3MyeE4N2s77iJmvdzgxmOM9tCimebiL7jsdpWakO0A9daImHESMPIrwZNham6jPCWaBUEOFT6PNy1v5MS+cdX25Wenk702L0wVQ6R8oGPlk5Im6Q62K69cvAFA3q/kiLHOyTZWHoIGw5lvFvAYI/aZhVoFQLv1FjK0Syg5nbMA19UrzwZ39jnJjcfuw/VX51uSv5Ze2x36HDXTpiw8wHoTzauGYzt9MXd4+qbiJ4AQys22AgO+cfAbDrTuH5duZ6DMeuFeEv8nu2p9PiVyBEOlZw==</SignatureValue>
</Signature>

这篇关于我们如何在服务器端验证Windows 8应用内结算收据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！