3
我下載AppleRootCertificate.cer,現在我試着檢查我的應用內收據證書是否有效(與蘋果一樣)。蘋果證書與PKCS7_verify無效
我喜歡在他的WWDS視頻中呈現蘋果。
BIO *b_receipt = BIO_new_mem_buf((void *)[receipt bytes], (long)[receipt length]);
BIO *b_x509 = BIO_new_mem_buf((void *)[certificateData bytes], (long)[certificateData length]);
// Convert receipt data to PKCS #7 Representation
PKCS7 * p7 = d2i_PKCS7_bio(b_receipt, NULL);
// Create the certificate store for matching white Apple cerif.
X509_STORE * store = X509_STORE_new();
X509 * appleRootCA = d2i_X509_bio(b_x509, NULL);
X509_STORE_add_cert(store, appleRootCA);
// Verify the Signature
BIO * b_receiptPayload = BIO_new(BIO_s_mem());
int result = PKCS7_verify(p7, NULL, store, NULL, b_receiptPayload, 0);
NSLog(@"Result == %i", result);
,但結果始終是0而不是1
我該怎麼辦錯了嗎?
接下來你從'ERR_print_errors_fp得到( )'或'ERR_get_error()'?你打算讓我們猜測;)文檔位於['ERR_print_errors(3)'](https://www.openssl.org/docs/crypto/ERR_print_errors.html)和['ERR_get_error(3)']( https://www.openssl.org/docs/crypto/ERR_get_error.html)。 – jww
'x509_verify'可能對您有所幫助。請參閱[檢查文件是證書還是密鑰](http://stackoverflow.com/questions/22398477/check-that-a-file-is-certificate-or-a-key)以獲取關於驗證密鑰和證書的建議。 – jww
蘋果在http://www.apple.com/certificateauthority/上提供了兩個可供下載的根目錄:AppleIncRootCertificate.cer和AppleComputerRootCertificate.cer。它是其中之一,還是與衆不同? – jww