1.获取APK的签名信息
01 |
private String showUninstallAPKSignatures(String apkPath) { |
02 |
String PATH_PackageParser = "android.content.pm.PackageParser" ; |
05 |
// 这是一个Package 解释器, 是隐藏的 |
06 |
// 构造函数的参数只有一个, apk文件的路径 |
07 |
// PackageParser packageParser = new PackageParser(apkPath); |
08 |
Class pkgParserCls = Class.forName(PATH_PackageParser); |
09 |
Class[] typeArgs = new Class[ 1 ]; |
10 |
typeArgs[ 0 ] = String. class ; |
11 |
Constructor pkgParserCt = pkgParserCls.getConstructor(typeArgs); |
12 |
Object[] valueArgs = new Object[ 1 ]; |
13 |
valueArgs[ 0 ] = apkPath; |
14 |
Object pkgParser = pkgParserCt.newInstance(valueArgs); |
15 |
MediaApplication.logD(DownloadApk. class , "pkgParser:" + pkgParser.toString()); |
16 |
// 这个是与显示有关的, 里面涉及到一些像素显示等等, 我们使用默认的情况 |
17 |
DisplayMetrics metrics = new DisplayMetrics(); |
18 |
metrics.setToDefaults(); |
19 |
// PackageParser.Package mPkgInfo = packageParser.parsePackage(new |
20 |
// File(apkPath), apkPath, |
22 |
typeArgs = new Class[ 4 ]; |
23 |
typeArgs[ 0 ] = File. class ; |
24 |
typeArgs[ 1 ] = String. class ; |
25 |
typeArgs[ 2 ] = DisplayMetrics. class ; |
26 |
typeArgs[ 3 ] = Integer.TYPE; |
27 |
Method pkgParser_parsePackageMtd = pkgParserCls.getDeclaredMethod( "parsePackage" , |
29 |
valueArgs = new Object[ 4 ]; |
30 |
valueArgs[ 0 ] = new File(apkPath); |
31 |
valueArgs[ 1 ] = apkPath; |
32 |
valueArgs[ 2 ] = metrics; |
33 |
valueArgs[ 3 ] = PackageManager.GET_SIGNATURES; |
34 |
Object pkgParserPkg = pkgParser_parsePackageMtd.invoke(pkgParser, valueArgs); |
36 |
typeArgs = new Class[ 2 ]; |
37 |
typeArgs[ 0 ] = pkgParserPkg.getClass(); |
38 |
typeArgs[ 1 ] = Integer.TYPE; |
39 |
Method pkgParser_collectCertificatesMtd = pkgParserCls.getDeclaredMethod( "collectCertificates" , |
41 |
valueArgs = new Object[ 2 ]; |
42 |
valueArgs[ 0 ] = pkgParserPkg; |
43 |
valueArgs[ 1 ] = PackageManager.GET_SIGNATURES; |
44 |
pkgParser_collectCertificatesMtd.invoke(pkgParser, valueArgs); |
45 |
// 应用程序信息包, 这个公开的, 不过有些函数, 变量没公开 |
46 |
Field packageInfoFld = pkgParserPkg.getClass().getDeclaredField( "mSignatures" ); |
47 |
Signature[] info = (Signature[]) packageInfoFld.get(pkgParserPkg); |
48 |
MediaApplication.logD(DownloadApk. class , "size:" +info.length); |
49 |
MediaApplication.logD(DownloadApk. class , info[ 0 ].toCharsString()); |
50 |
return info[ 0 ].toCharsString(); |
51 |
} catch (Exception e) { |
获取程序自身的签名:
01 |
private String getSign(Context context) { |
02 |
PackageManager pm = context.getPackageManager(); |
03 |
List<PackageInfo> apps = pm.getInstalledPackages(PackageManager.GET_SIGNATURES); |
04 |
Iterator<PackageInfo> iter = apps.iterator(); |
05 |
while (iter.hasNext()) { |
06 |
PackageInfo packageinfo = iter.next(); |
07 |
String packageName = packageinfo.packageName; |
08 |
if (packageName.equals(instance.getPackageName())) { |
09 |
MediaApplication.logD(DownloadApk. class , packageinfo.signatures[ 0 ].toCharsString()); |
10 |
return packageinfo.signatures[ 0 ].toCharsString(); |
对比2个方法的返回值来判断APK升级包的签名是否一致,一致就提示可以安装。
2.获取指定已安装完整签名信息,包括MD5指纹:
01 |
public void getSingInfo() { |
03 |
PackageInfo packageInfo = getPackageManager().getPackageInfo( "com.sina,weibo" , PackageManager.GET_SIGNATURES); |
04 |
Signature[] signs = packageInfo.signatures; |
05 |
Signature sign = signs[ 0 ]; |
06 |
parseSignature(sign.toByteArray()); |
07 |
} catch (Exception e) { |
11 |
public void parseSignature( byte [] signature) { |
13 |
CertificateFactory certFactory = CertificateFactory.getInstance( "X.509" ); |
14 |
X509Certificate cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(signature)); |
15 |
String pubKey = cert.getPublicKey().toString(); |
16 |
String signNumber = cert.getSerialNumber().toString(); |
17 |
System.out.println( "signName:" + cert.getSigAlgName()); |
18 |
System.out.println( "pubKey:" + pubKey); |
19 |
System.out.println( "signNumber:" + signNumber); |
20 |
System.out.println( "subjectDN:" +cert.getSubjectDN().toString()); |
21 |
} catch (CertificateException e) { |
3.如何查看指定证书的指纹
1 |
D:>keytool -list - alias 在导出时程序的别名(- alias 这个命令,好像不用也行,没有试,反正我一直都在使用) -keystore tangshan.keystore(导出时使用的证书名称) -storepass 123456-keypass 123456 |
5 |
在导出时程序的别名, 2011-7-29, PrivateKeyEntry, |
7 |
认证指纹 (MD5): 90:13:AF:46:0A:DC:5C:6C:77:0E:AA:AF:DA:8A:AB:72 |