During the WWDC-2020, a new functionality has been added to Xcode to enable testing receipt validation locally. Refer to the Apple documentation for an in-depth introduction on StoreKit testing in Xcode.
When StoreKit testing is enabled, a test certificate is generated to sign the generated receipt. The receipt validation code must use this particular certifcate in order to validate succesfully test receipts.
NOTE: This feature is only available when generating the code on the command line.
Getting the certificate
To obtain the StoreKit test certificate required for local validation, follow these steps:
- In Xcode project navigator, click the StoreKit configuration file.
- In the menu, choose Editor > Save Public Certificate.
- Choose a location in your project to save the file.
Using the certificate
The the StoreKit test certificate is stored in DER format. In order to use it with Receigen, it needs to be converted to PEM format.
Here is an example of Shell script to use the StoreKit test certificate when generating the validation code. The script:
- converts the StoreKit test certificate to PEM format
- keeps the Base64 content so it can passed to the command line
- invoke Receigen on the command line by passing both the signer OID and the certificate content.
#!/bin/bash
# Convert certificate from DER to PEM
CA_CER="$PROJECT_DIR/$PROJECT/StoreKitTestCertificate.cer"
CA_PEM="`openssl x509 -inform DER -in "$CA_CER"`"
# Only keep the Base64 part
CA_PEM_CONTENT=`echo $CA_PEM | grep -v "\-" | tr -d '\n'`
CA_OID=2.5.29.37
# Receigen binary
RECEIGEN="/Applications/Receigen.app/Contents/MacOS/Receigen"
# Set generation parameters
PREFIX=...
BUNDLE_ID=...
BUNDLE_VERSION=...
HEADER_FILE=...
# Generate receipt validation code
"$RECEIGEN" --identifier "$BUNDLE_ID" --version "$BUNDLE_VERSION" --prefix "$PREFIX" --signer-oid $CA_OID --root-ca-content $CA_PEM_CONTENT > "$HEADER"
When the generation is over, you should see these lines at the top of the generated code:
// Certificate Name : StoreKit
// Certificate Fingerprint : 8CBBBA29231E75FC9A93DDE1DB933A2156481D24
// Signer Certificate OID : 2.5.29.37
A more complete script example is listed in the Xcode Integration guide.