Package com.apple.itunes.storekit.verification

Class SignedDataVerifier

java.lang.Object

com.apple.itunes.storekit.verification.SignedDataVerifier

public class SignedDataVerifier
extends Object

A verifier and decoder class designed to decode signed data from the App Store.

Constructor Summary

Constructors

Constructor	Description
SignedDataVerifier(Set<InputStream> rootCertificates, String bundleId, Long appAppleId, Environment environment, boolean enableOnlineChecks)

Method Summary

Modifier and Type	Method	Description
protected <T extends DecodedSignedData> T	decodeSignedObject(String signedObject, Class<T> clazz)
protected <T extends DecodedSignedData> T	parseJWTPayload(Class<T> clazz, com.auth0.jwt.interfaces.DecodedJWT jwt)
AppTransaction	verifyAndDecodeAppTransaction(String signedAppTransaction)	Verifies and decodes a signed AppTransaction
ResponseBodyV2DecodedPayload	verifyAndDecodeNotification(String signedPayload)	Verifies and decodes an App Store Server Notification signedPayload
JWSRenewalInfoDecodedPayload	verifyAndDecodeRenewalInfo(String signedRenewalInfo)	Verifies and decodes a signedRenewalInfo obtained from the App Store Server API, an App Store Server Notification, or from a device
JWSTransactionDecodedPayload	verifyAndDecodeTransaction(String signedTransaction)	Verifies and decodes a signedTransaction obtained from the App Store Server API, an App Store Server Notification, or from a device
protected void	verifyNotification(String bundleId, Long appAppleId, Environment notificationEnv)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SignedDataVerifier

public SignedDataVerifier(Set<InputStream> rootCertificates,
 String bundleId,
 Long appAppleId,
 Environment environment,
 boolean enableOnlineChecks)

Parameters:

rootCertificates - The set of Apple Root certificate authority certificates, as found on Apple PKI

bundleId - The bundle identifier of the app.

appAppleId - The unique identifier of the app in the App Store.

environment - The server environment, either sandbox or production.

enableOnlineChecks - Whether to enable revocation checking and check expiration using the current date

Method Details

verifyAndDecodeTransaction

public JWSTransactionDecodedPayload verifyAndDecodeTransaction(String signedTransaction)
                                                        throws VerificationException

Verifies and decodes a signedTransaction obtained from the App Store Server API, an App Store Server Notification, or from a device

Parameters:

signedTransaction - The signedTransaction field

Returns:

The decoded transaction info after verification

Throws:

VerificationException - Thrown if the data could not be verified

See Also:

• JWSTransaction

verifyAndDecodeRenewalInfo

public JWSRenewalInfoDecodedPayload verifyAndDecodeRenewalInfo(String signedRenewalInfo)
                                                        throws VerificationException

Verifies and decodes a signedRenewalInfo obtained from the App Store Server API, an App Store Server Notification, or from a device

Parameters:

signedRenewalInfo - The signedRenewalInfo field

Returns:

The decoded renewal info after verification

Throws:

VerificationException - Thrown if the data could not be verified

See Also:

• JWSRenewalInfo

verifyAndDecodeNotification

public ResponseBodyV2DecodedPayload verifyAndDecodeNotification(String signedPayload)
                                                         throws VerificationException

Verifies and decodes an App Store Server Notification signedPayload

Parameters:

signedPayload - The payload received by your server

Returns:

The decoded payload after verification

Throws:

VerificationException - Thrown if the data could not be verified

See Also:

• signedPayload

verifyNotification

protected void verifyNotification(String bundleId,
 Long appAppleId,
 Environment notificationEnv)
                           throws VerificationException

Throws:

VerificationException

verifyAndDecodeAppTransaction

public AppTransaction verifyAndDecodeAppTransaction(String signedAppTransaction)
                                             throws VerificationException

Verifies and decodes a signed AppTransaction

Parameters:

signedAppTransaction - The signed AppTransaction

Returns:

The decoded AppTransaction after validation

Throws:

VerificationException - Thrown if the data could not be verified

See Also:

• AppTransaction

decodeSignedObject

protected <T extends DecodedSignedData> T decodeSignedObject(String signedObject,
 Class<T> clazz)
                                                      throws VerificationException

Throws:

VerificationException

parseJWTPayload

protected <T extends DecodedSignedData> T parseJWTPayload(Class<T> clazz,
 com.auth0.jwt.interfaces.DecodedJWT jwt)
                                                   throws VerificationException

Throws:

VerificationException