During the WWDC-2020, a new functionality has been added to Xcode to enable testing receipt validation locally. Refer to the Apple documentation for an in-depth introduction on StoreKit testing in Xcode.

When StoreKit testing is enabled, a test certificate is generated to sign the generated receipt. The receipt validation code must use this particular certifcate in order to validate succesfully test receipts.

NOTE: This feature is only available when generating the code on the command line.

Getting the certificate

To obtain the StoreKit test certificate required for local validation, follow these steps:

Using the certificate

The the StoreKit test certificate is stored in DER format. In order to use it with Receigen, it needs to be converted to PEM format.

Here is an example of Shell script to use the StoreKit test certificate when generating the validation code. The script:

#!/bin/bash

# Convert certificate from DER to PEM
CA_CER="$PROJECT_DIR/$PROJECT/StoreKitTestCertificate.cer"
CA_PEM="`openssl x509 -inform DER -in "$CA_CER"`"
# Only keep the Base64 part
CA_PEM_CONTENT=`echo $CA_PEM | grep -v "\-" | tr -d '\n'`
CA_OID=2.5.29.37

# Receigen binary
RECEIGEN="/Applications/Receigen.app/Contents/MacOS/Receigen"

# Set generation parameters
PREFIX=...
BUNDLE_ID=...
BUNDLE_VERSION=...
HEADER_FILE=...

# Generate receipt validation code
"$RECEIGEN" --identifier "$BUNDLE_ID" --version "$BUNDLE_VERSION" --prefix "$PREFIX" --signer-oid $CA_OID --root-ca-content $CA_PEM_CONTENT > "$HEADER"

When the generation is over, you should see these lines at the top of the generated code:

// Certificate Name             : StoreKit
// Certificate Fingerprint      : 8CBBBA29231E75FC9A93DDE1DB933A2156481D24
// Signer Certificate OID       : 2.5.29.37

A more complete script example is listed in the Xcode Integration guide.