SHA-256 Updates in plugin.apple.iap for receiptDecrypted method

[fahadmirzamobizion]

Shift SHA-1 to SHA-256 in receiptDecrypted method

Apple has announced that starting January 24, 2025, the SHA-1 intermediate certificate used for signing App Store receipts will expire. As part of this transition, Apple is moving to SHA-256 for certificate validation and cryptographic purposes.
We need to update the receiptDecrypted method in plugin.apple.iap to shift the certificate validation process from SHA-1 to SHA-256 for receipt validation.

Target platform and where build was made:

• Device: [All iPhones, iPads]
• OS: [All iOS]

[sekodev]

Announcement from Apple @Shchvova is that a quick fix?

[Shchvova]

Setup is a pain. But in the nutshell idea is to update this file
https://github.com/coronalabs/com.coronalabs-plugin.apple.iap/blob/master/src/shared/IAPCryptoHelper.m

According to the doc https://developer.apple.com/documentation/technotes/tn3138-handling-app-store-receipt-signing-certificate-changes

I think only initialization has to change.
I'll do it this week.

[Shchvova]

Also, may be just throw it out and just use new StoreKit provided functions ¯_(ツ)_/¯
Because the old method relies on antiquated openssl plugin QQ

[alanflickgames]

So that I better understand what this means for us:
When we currently get a transaction object (which includes a transaction.receipt) in a purchase callback, has this already been through the SHA-1 decryption? Or does this change only affect devs who handle receipts some other way?

[Shchvova]

This only changes verification if you are using helper through store.receiptDecrypted(). I hope to update plugin tonight