I'm trying to do some validation of the AppStore receipt, but I'm encountering some problems.
I do get the receipt via…
NSURL *receiptURL = [[NSBundle mainBundle] appStoreReceiptURL];
NSData *receiptData = [NSData dataWithContentsOfURL:receiptURL];I manage to parse the data and get the "opaque value" and the SHA1 hash from the receipt. Now I want to validate the hash, following the docs from Apple...
NSData *opaqueData /* contains the opaque value from the receipt */
NSData *sha1HashData /* contains the SHA1 Hash from the receipt */
NSData *bundleIdData /* contains the bundle ID from the receipt */
NSUUID *uuid = [[UIDevice currentDevice] identifierForVendor];
uuid_t uuidBytes;
[uuid getUUIDBytes:uuidBytes];
NSMutableData *testData = [NSMutableData dataWithBytes:uuidBytes length:sizeof(uuidBytes)];
[testData appendData:opaqueData];
[testData appendData:bundleIdData];
unsigned char result[CC_SHA1_DIGEST_LENGTH];
CC_SHA1(testData.bytes, testData.length, result);
NSData *resultData = [NSData dataWithBytes:result length:CC_SHA1_DIGEST_LENGTH];
BOOL valid = [resultData isEqual:sha1HashData];But the validation always fails. The SHA1 hash calculated on the device is never matching the one from the receipt.
I did also refresh the receipt...
SKReceiptRefreshRequest *request = [[SKReceiptRefreshRequest alloc] initWithReceiptProperties:0];
request.delegate = self;
[request start];and validate the new receipt after the "requestDidFinish:" delegate method was called, but this will also fail.
I did log out of the AppStore, so when refreshing the receipt the iOS will ask for the name/password for my test user.
Am I doing something wrong? Is this supposed to work when testing and debugging directly from within XCode?
BTW: I've inspected the receipt with some third-party ASN.1 parser, to find out if I've parsed the receipt correctly, and the opaque value and sha1 hash which I've extracted from the receipt do look correct.
I'm also interested in finding out when the App was originally purchased, because I want to provide certain InApp purchases for free for users who had purchased the App recently. I do find the information about the original purchase date in the receipt (and I do get it also when I let the Apple Server validate the receipt via https://buy.itunes.apple.com/verifyReceipt), but this information seems to be not documented by Apple (though I think it was mentioned in a WWDC session). Is there any information about how reliable is this information? Is this always present?
And for Apps installed from the AppStore, is the receipt always present and is it always the current one? Or are their any circumstances where the receipt is missing or needs to be manually refreshed?