ios - How-to check the UID hash of an Apple AppReceipt server side in PHP? -

ios - How-to check the UID hash of an Apple AppReceipt server side in PHP? -

i'm asking question in order share solution code.

context: apple introduced appreceipt in ios 7. nowadays os x iap. receipt pkcs#7 container (asn.1) payload asn.1 structured. documentation apple instructs how command validity of receipt on-device , parse check has been issued current device. there instructions validate receipt through application server contacting apple server. in latter case though, returned json info apple not include info identifying originating device. previous iap protocol model transactionreceipt included identifierforvendor uid in json.

question: how parse binary receipt on server, using php, check uid hash, ensure receipt belongs device? may done before or after sending receipt apple server.

this script check hash , not whole receipt signature validity. work left apple sending them receipt documented.

the hash check straight adapted apple documented illustration code in c. tricky task here beingness find right pieces of info out of binary receipt.

this code using an asn1 parser kris bailey, link in source code.

you need alter 1 comment in parser script code: comment line #189 , uncomment #190. lastly function in parser script unused , can deleted.

<?php //$vendid should binary string. if have vendorid ascii string, convert // $vendid = hex2bin(str_replace('-', '', $vendid_string)); //php 5.4+ $vendid = hextobin(str_replace('-', '', $vendid_string)); //php 5.3- function below require_once 'ans1.php'; //donwnload http://www.phpkode.com/source/s/mistpark-server/library/asn1.php $asn_parser = new asn_base; //parse receipt binary string $pkcs7 = $asn_parser->parseasnstring($receipt->bin); // $asn_parser->printasn($pkcs7); //uncomment line print , inspect pkcs7 container //target payload object within container $payload_sequence = $pkcs7[0]->asndata[1]->asndata[0]->asndata[2]->asndata; //control oid of payload if ($payload_sequence[0]->asndata != '1.2.840.113549.1.7.1') { echo "invalide payload oid"; exit; } //the payload octet_string asn1 structure. parse it. $payload = $asn_parser->parseasnstring($payload_sequence[1]->asndata[0]->asndata); // $asn_parser->printasn($payload); //uncomment line print , inspect payload asn construction $payload_attributes = $payload[0]->asndata; //array of asn_sequence foreach ($payload_attributes $attr) { $type = $attr->asndata[0]->asndata; switch ($type) { case 2: $bundle_id = $attr->asndata[2]->asndata; break; // case 3: // $bundle_version = $attr->asndata[2]->asndata; // break; case 4: $opaque = $attr->asndata[2]->asndata; break; case 5: $hash = $attr->asndata[2]->asndata; break; default: break; } } //compute hash $hash_loc = sha1($vendid . $opaque . $bundle_id, true); //control hash equality if ($hash_loc == $hash) { echo "ok\n"; } else { echo "ko\n"; } echo "</pre>\n"; //******************************************************* function hextobin($hexstr) { $n = strlen($hexstr); $sbin = ''; ($i = 0; $i < $n; $i += 2) $sbin .= pack("h*", substr($hexstr,$i,2)); homecoming $sbin; } ?>

php ios in-app-purchase asn.1