Receipt verification fix: if no receiptCreationDate found in the rece…

…ipt, requestDate will be used instead
readdle · Aug 23, 2023 · 60cdd38 · 60cdd38
1 parent 1718623
commit 60cdd38
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 7 deletions.
diff --git a/composer.json b/composer.json
@@ -23,7 +23,7 @@
     "php"
   ],
   "homepage": "https://github.com/readdle/app-store-receipt-verification",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "autoload": {
     "psr-4": {
       "Readdle\\AppStoreReceiptVerification\\": "src/"

diff --git a/src/ReceiptContainerVerifier.php b/src/ReceiptContainerVerifier.php
@@ -34,10 +34,26 @@ public function verify(string $trustedAppleRootCertificate): bool
 
     private function verifyCertificatesChain(): bool
     {
+        $signedAt = $this->receiptContainer
+            ->getReceipt()
+            ->getFieldByType(AppReceiptField::TYPE__RECEIPT_CREATION_DATE)
+            ->getValue()
+        ;
+
+        if (empty($signedAt)) {
+            $signedAt = $this->receiptContainer
+                ->getReceipt()
+                ->getFieldByType(AppReceiptField::TYPE__REQUEST_DATE)
+                ->getValue()
+            ;
+        }
+
+        if (empty($signedAt)) {
+            return false;
+        }
+
         try {
-            $receiptCreationDateTime = new DateTimeImmutable($this->receiptContainer->getReceipt()->getFieldByType(
-                AppReceiptField::TYPE__RECEIPT_CREATION_DATE
-            )->getValue());
+            $signDateTime = new DateTimeImmutable($signedAt);
         } catch (Exception $e) {
             return false;
         }
@@ -52,8 +68,8 @@ private function verifyCertificatesChain(): bool
             $validity = $signedCertificate->getCertificate()->getValidity();
 
             if (
-                $receiptCreationDateTime < $validity->getNotBefore()
-                || $receiptCreationDateTime > $validity->getNotAfter()
+                $signDateTime < $validity->getNotBefore()
+                || $signDateTime > $validity->getNotAfter()
             ) {
                 return false;
             }

diff --git a/tests/Functional/AppStoreReceiptVerificationTest.php b/tests/Functional/AppStoreReceiptVerificationTest.php
@@ -34,7 +34,7 @@ public function test(): void
                 );
             } catch (Exception $e) {
                 ob_end_clean();
-                continue;
+                $this->fail("[$filename]: {$e->getMessage()}");
             }
 
             file_put_contents($pathToSamples . DIRECTORY_SEPARATOR . "receipt{$m[1]}.json", ob_get_clean());