1.获取APK的签名信息
01 | private String showUninstallAPKSignatures(String apkPath) { |
02 | String PATH_PackageParser = "android.content.pm.PackageParser"; |
08 | Class pkgParserCls = Class.forName(PATH_PackageParser); |
09 | Class[] typeArgs = new Class[1]; |
10 | typeArgs[0] = String.class; |
11 | Constructor pkgParserCt = pkgParserCls.getConstructor(typeArgs); |
12 | Object[] valueArgs = new Object[1]; |
13 | valueArgs[0] = apkPath; |
14 | Object pkgParser = pkgParserCt.newInstance(valueArgs); |
15 | MediaApplication.logD(DownloadApk.class, "pkgParser:" + pkgParser.toString()); |
17 | DisplayMetrics metrics = new DisplayMetrics(); |
18 | metrics.setToDefaults(); |
22 | typeArgs = new Class[4]; |
23 | typeArgs[0] = File.class; |
24 | typeArgs[1] = String.class; |
25 | typeArgs[2] = DisplayMetrics.class; |
26 | typeArgs[3] = Integer.TYPE; |
27 | Method pkgParser_parsePackageMtd = pkgParserCls.getDeclaredMethod("parsePackage", |
29 | valueArgs = new Object[4]; |
30 | valueArgs[0] = new File(apkPath); |
31 | valueArgs[1] = apkPath; |
32 | valueArgs[2] = metrics; |
33 | valueArgs[3] = PackageManager.GET_SIGNATURES; |
34 | Object pkgParserPkg = pkgParser_parsePackageMtd.invoke(pkgParser, valueArgs); |
36 | typeArgs = new Class[2]; |
37 | typeArgs[0] = pkgParserPkg.getClass(); |
38 | typeArgs[1] = Integer.TYPE; |
39 | Method pkgParser_collectCertificatesMtd = pkgParserCls.getDeclaredMethod("collectCertificates", |
41 | valueArgs = new Object[2]; |
42 | valueArgs[0] = pkgParserPkg; |
43 | valueArgs[1] = PackageManager.GET_SIGNATURES; |
44 | pkgParser_collectCertificatesMtd.invoke(pkgParser, valueArgs); |
46 | Field packageInfoFld = pkgParserPkg.getClass().getDeclaredField("mSignatures"); |
47 | Signature[] info = (Signature[]) packageInfoFld.get(pkgParserPkg); |
48 | MediaApplication.logD(DownloadApk.class, "size:"+info.length); |
49 | MediaApplication.logD(DownloadApk.class, info[0].toCharsString()); |
50 | return info[0].toCharsString(); |
51 | } catch (Exception e) { |
获取程序自身的签名:
01 | private String getSign(Context context) { |
02 | PackageManager pm = context.getPackageManager(); |
03 | List<PackageInfo> apps = pm.getInstalledPackages(PackageManager.GET_SIGNATURES); |
04 | Iterator<PackageInfo> iter = apps.iterator(); |
05 | while(iter.hasNext()) { |
06 | PackageInfo packageinfo = iter.next(); |
07 | String packageName = packageinfo.packageName; |
08 | if (packageName.equals(instance.getPackageName())) { |
09 | MediaApplication.logD(DownloadApk.class, packageinfo.signatures[0].toCharsString()); |
10 | return packageinfo.signatures[0].toCharsString(); |
对比2个方法的返回值来判断APK升级包的签名是否一致,一致就提示可以安装。
2.获取指定已安装完整签名信息,包括MD5指纹:
01 | public void getSingInfo() { |
03 | PackageInfo packageInfo = getPackageManager().getPackageInfo("com.sina,weibo", PackageManager.GET_SIGNATURES); |
04 | Signature[] signs = packageInfo.signatures; |
05 | Signature sign = signs[0]; |
06 | parseSignature(sign.toByteArray()); |
07 | } catch (Exception e) { |
11 | public void parseSignature(byte[] signature) { |
13 | CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); |
14 | X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(signature)); |
15 | String pubKey = cert.getPublicKey().toString(); |
16 | String signNumber = cert.getSerialNumber().toString(); |
17 | System.out.println("signName:" + cert.getSigAlgName()); |
18 | System.out.println("pubKey:" + pubKey); |
19 | System.out.println("signNumber:" + signNumber); |
20 | System.out.println("subjectDN:"+cert.getSubjectDN().toString()); |
21 | } catch (CertificateException e) { |
3.如何查看指定证书的指纹
1 | D:>keytool -list -alias 在导出时程序的别名(-alias 这个命令,好像不用也行,没有试,反正我一直都在使用) -keystore tangshan.keystore(导出时使用的证书名称) -storepass 123456-keypass 123456 |
5 | 在导出时程序的别名, 2011-7-29, PrivateKeyEntry, |
7 | 认证指纹 (MD5): 90:13:AF:46:0A:DC:5C:6C:77:0E:AA:AF:DA:8A:AB:72 |