How best to store Apple Root Certificates for receipt validation

青春壹個敷衍的年華 提交于 2019-12-25 07:31:46

问题


When validating a StoreKit receipts (I'm using ReceiptKit). You need the Apple Root Certificate.

Is it ok just to include this in the App bundle or should I be downloading a fresh copy every time?

They both seem to have their risks?


回答1:


All reference I have found recommend downloading and storing the certificate in your bundle. I would not suggest downloading it on the fly.

The repository you refer to recommends it:

I scoured the Apple Docs, tutorials and many sample repositories while working out my own solution and never considered downloading it on device. It seems an obvious point of attack. The idea is that you can be positive that the certificate is valid at the point of shipping, if you download on the fly you cannot be 100% sure where it came from.




回答2:


Apple Root Certificate is preinstalled on computer. However, in case user will install fake root certificate, fake receipts can be validated. However, from the other side, when root certificate will be changed or expired, you would not be able to validate receipts with your locally stored certificate, frustrating the users.



来源:https://stackoverflow.com/questions/23592682/how-best-to-store-apple-root-certificates-for-receipt-validation

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!