Handle StoreKitTest Certificate

tikhop · Aug 5, 2020 · 827fa17 · 827fa17
1 parent 3ad5f84
commit 827fa17
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 5 deletions.
diff --git a/Package.swift b/Package.swift
@@ -19,7 +19,7 @@ let package = Package(
 			dependencies: ["ASN1Swift"],
 			path: "Sources",
 			exclude: ["Bundle+Extension.swift"],
-			resources: [.process("AppleIncRootCertificate.cer")]
+			resources: [.process("AppleIncRootCertificate.cer"), .process("StoreKitTestCertificate.cer")]
 		),
 		.testTarget(
 			name: "TPInAppReceiptTests",

diff --git a/Sources/InAppReceipt.swift b/Sources/InAppReceipt.swift
@@ -65,7 +65,14 @@ public class InAppReceipt
 
 		self.receipt = pkcs7
 		self.rawData = receiptData
-		self.rootCertificatePath = rootCertPath ?? Bundle.lookUp(forResource: "AppleIncRootCertificate", ofType: "cer")
+
+		#if DEBUG
+		let certificateName = "StoreKitTestCertificate"
+		#else
+		let certificateName = "AppleIncRootCertificate"
+		#endif
+
+		self.rootCertificatePath = rootCertPath ?? Bundle.lookUp(forResource: certificateName, ofType: "cer")
     }
 }
 

diff --git a/Sources/StoreKitTestCertificate.cer b/Sources/StoreKitTestCertificate.cer
diff --git a/Sources/Validation.swift b/Sources/Validation.swift
@@ -89,8 +89,12 @@ public extension InAppReceipt
         // only check certificate chain of trust and signature validity after these version
         if #available(OSX 10.12, iOS 10.0, tvOS 10.0, watchOS 5.0, *)
 		{
-            try checkChainOfTrust()
-            try checkSignatureValidity()
+			#if DEBUG
+			try checkSignatureValidity()
+			#else
+			try checkChainOfTrust()
+			try checkSignatureValidity()
+			#endif
         }
     }
 
@@ -156,7 +160,7 @@ public extension InAppReceipt
         }
 
         // verify iTunes cert in the receipt is signed by worldwide developer cert, which is signed by Apple Root Cert
-        let iTunesCertVerifystatus = SecTrustCreateWithCertificates([iTunesCertSec, worldwideDevCertSec ,rootCertSec] as AnyObject,
+        let iTunesCertVerifystatus = SecTrustCreateWithCertificates([iTunesCertSec, worldwideDevCertSec, rootCertSec] as AnyObject,
                                                                     policy,
                                                                     &iTunesTrust)
 
@@ -199,6 +203,11 @@ public extension InAppReceipt
             throw IARError.validationFailed(reason: .signatureValidation(.signatureNotFound))
         }
 
+		guard let path = rootCertificatePath, let rootCertData = try? Data(contentsOf: URL(fileURLWithPath: path)) else
+		{
+			throw IARError.validationFailed(reason: .signatureValidation(.unableToLoadAppleIncRootCertificate))
+		}
+
         guard let iTunesPublicKeyContainer = receipt.iTunesPublicKeyData else {
             throw IARError.validationFailed(reason: .signatureValidation(.unableToLoadiTunesPublicKey))
         }