Mac App Store的收据验证code? [英] Mac App Store Receipt Validation Code?
问题描述
想知道如果任何人有新的Mac应用程序商店的收货验证的教程或工作code?现在唯一的参考,我能找到到目前为止是苹果对话题和编译,但并没有很多行内注释,所以很难理解,除非你是一个加密高手,一个开源项目恒星文档
Wondering if anyone has a tutorial or working code for the new Mac App Store's receipt validation? About the only references I've been able to find so far are Apple's stellar documentation on the topic and one open source project which compiles but doesn't have a lot of inline comments so it's hard to understand unless you are a crypto whiz.
苹果文档的注册开发者只:
Apple docs for registered devs only:
<一个href=\"https://developer.apple.com/devcenter/mac/documents/validating.html\">https://developer.apple.com/devcenter/mac/documents/validating.html
Roddi的ValidateStoreReceipt(看起来很有希望,但人口稀少记录):
Roddi's ValidateStoreReceipt (looks promising, but sparsely documented):
<一个href=\"https://github.com/roddi/ValidateStoreReceipt\">https://github.com/roddi/ValidateStoreReceipt
也想知道为什么苹果不只是提供工作code进行验证?
Also wondering why Apple does not just provide working code for validation?
任何其他很好的参考了吗?
Any other good references out there?
-Rei
推荐答案
这是很难为Mac App Store的收据验证一个通用的解决方案,主要是因为这是code的一个非常敏感的一块必须是很难旁路(参见苹果文档)。
It is hard to provide a generic solution for Mac App Store receipt validation, mainly because this is a very sensitive piece of code that must be hard to bypass (cf. Apple documentation).
这些项目的GitHub的都是很好的出发点,以了解必须确认收货进行哪些步骤:
These GitHub projects are very good starting points to learn about what steps must be performed in receipt validation:
- NPReceiptVerification
- ValidateStoreReceipt
- AppReceiptParser
一旦你明白什么是必须做的,这里有一些建议:
Once you have understood what must be done, here is some advice:
- 请不要使用Objective-C类或方法。 Objective-C的承载了很多的元数据,并且其动态性暴露它运行时注入。
- 只能使用C函数调用。即使您需要code多行与框架的CoreFoundation,可以完美地做基础框架可以做(的NSString,NSArray的,NSDictionary的,...)。
- 请不要动态与的OpenSSL库的,因为它已经在Mac OS X狮子pcated德$ P $链接。如果你想要去 OpenSSL的,挂靠静态,以确保拥有最新版本。
- 为使用加密系统功能。 Mac OS X中附带自10.5同等功能。例如,要计算SHA-1散列,你可以使用CC_SHA1功能
- 请不要将字符串以明文在code。恩code它们或将它们加密。如果你不这样做,你给你的code位置的提示。
- 请不要在code使用数字常量。在运行时计算它们,用一些简单的运算(+, - ,/或*)。同样,如果你不这样做,你给你的code位置的提示。
- 通过嵌入您的测试,并调用<一个避免进行验证的简单测试href=\"http://developer.apple.com/library/mac/documentation/Cocoa/Reference/ApplicationKit/Miscellaneous/AppKit_Functions/Reference/reference.html#//apple_ref/doc/uid/20000695-SW12\">NSApplicationMain到一个复杂的循环。
- 避免直接调用NSApplicationMain。使用函数指针隐藏调用。如果你不这样做,你给你的code位置的提示。
- 对于应用程序的每一个版本,稍微修改审定code所以它是绝不相同。
- Don't use Objective-C classes or methods. Objective-C carries a lot of metadata, and its dynamic nature exposes it to runtime injection.
- Only use C function calls. Even if you need more lines of code with the CoreFoundation framework, you can perfectly do what the Foundation framework can do (NSString, NSArray, NSDictionary, ...).
- Don't link dynamically with the OpenSSL library as it has been deprecated in Mac OS X Lion. If you want to go with OpenSSL, link it statically to be sure to have the latest release.
- Use system functions for cryptography. Mac OS X ships with equivalent functions since 10.5. For example, to compute a SHA-1 hash, you can use the CC_SHA1 function.
- Don't put strings in plaintext in your code. Encode them or encrypt them. If you fail to do so, you give a hint about the location of your code.
- Don't use numeric constants in your code. Compute them at runtime, with some simple operations (+, -, / or *). Again, if you fail to do so, you give a hint about the location of your code.
- Avoid simple tests for validation by embedding your tests and the call to NSApplicationMain into a complex loop.
- Avoid calling NSApplicationMain directly. Use a function pointer to hide the invocation. If you fail to do so, you give a hint about the location of your code.
- For each release of your application, slightly modify the validation code so it is never the same.
记住,收到的验证是必要的,并不简单,因为它似乎。它会占用大量的时间,你可以更好地在你的应用程序花费。
Remember that receipt validation is necessary and is not simple as it seems. It can consume a lot of time that you may better spend on your application.
所以,我建议你看看这个应用程序: Receigen (免责声明:我是这个应用程序的开发者)
So I suggest you to take a look at this application: Receigen (Disclaimer: I am the developer of this application).
这篇关于Mac App Store的收据验证code?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
