android apk签名原理
//这个md5跟腾讯的对应 public Signature getPackageSignature( ){ Context context=getContext(); String packageName="com.jtys114.ddl"; PackageManager pm = context.getPackageManager(); List<PackageInfo> apps = pm.getInstalledPackages(PackageManager.GET_SIGNATURES); Iterator<PackageInfo> it = apps.iterator(); while(it.hasNext()){ PackageInfo info = it.next(); if(info.packageName.equals(packageName)){ Signature s= info.signatures[0]; String cString= s.toCharsString(); String md5=MD5.getMessageDigest(s.toByteArray()); return s; } } return null; } public void getSingInfo() { try { PackageInfo packageInfo = this.getContext().getPackageManager().getPackageInfo("com.jtys114.ddl", PackageManager.GET_SIGNATURES); Signature[] signs = packageInfo.signatures; Signature sign = signs[0]; parseSignature(sign.toByteArray()); } catch (Exception e) { e.printStackTrace(); } } private void parseSignature(byte[] signature) { try { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(signature)); String pubKey = cert.getPublicKey().toString(); String signNumber = cert.getSerialNumber().toString(); String signName=cert.getSigAlgName(); String subjectDN=cert.getSubjectDN().toString(); Log.d("T", "signName:" + signName); Log.d("T","pubKey:" + pubKey); Log.d("T","signNumber:" + signNumber); Log.d("T","subjectDN:"+subjectDN); } catch (CertificateException e) { e.printStackTrace(); } } //================== public String showUninstallAPKSignatures() { String apkPath="com.jtys114.ddl"; String PATH_PackageParser = "android.content.pm.PackageParser"; try { // apk包的文件路径 // 这是一个Package 解释器, 是隐藏的 // 构造函数的参数只有一个, apk文件的路径 // PackageParser packageParser = new PackageParser(apkPath); Class pkgParserCls = Class.forName(PATH_PackageParser); Class[] typeArgs = new Class[1]; typeArgs[0] = String.class; Constructor pkgParserCt = pkgParserCls.getConstructor(typeArgs); Object[] valueArgs = new Object[1]; valueArgs[0] = apkPath; Object pkgParser = pkgParserCt.newInstance(valueArgs); // 这个是与显示有关的, 里面涉及到一些像素显示等等, 我们使用默认的情况 DisplayMetrics metrics = new DisplayMetrics(); metrics.setToDefaults(); // PackageParser.Package mPkgInfo = packageParser.parsePackage(new // File(apkPath), apkPath, // metrics, 0); typeArgs = new Class[4]; typeArgs[0] = File.class; typeArgs[1] = String.class; typeArgs[2] = DisplayMetrics.class; typeArgs[3] = Integer.TYPE; Method pkgParser_parsePackageMtd = pkgParserCls.getDeclaredMethod("parsePackage", typeArgs); valueArgs = new Object[4]; valueArgs[0] = new File(apkPath); valueArgs[1] = apkPath; valueArgs[2] = metrics; valueArgs[3] = PackageManager.GET_SIGNATURES; Object pkgParserPkg = pkgParser_parsePackageMtd.invoke(pkgParser, valueArgs); typeArgs = new Class[2]; typeArgs[0] = pkgParserPkg.getClass(); typeArgs[1] = Integer.TYPE; Method pkgParser_collectCertificatesMtd = pkgParserCls.getDeclaredMethod("collectCertificates", typeArgs); valueArgs = new Object[2]; valueArgs[0] = pkgParserPkg; valueArgs[1] = PackageManager.GET_SIGNATURES; pkgParser_collectCertificatesMtd.invoke(pkgParser, valueArgs); // 应用程序信息包, 这个公开的, 不过有些函数, 变量没公开 Field packageInfoFld = pkgParserPkg.getClass().getDeclaredField("mSignatures"); Signature[] info = (Signature[]) packageInfoFld.get(pkgParserPkg); String r= info[0].toCharsString(); return r; } catch (Exception e) { e.printStackTrace(); } return null; }
每个apk,会带一份X509Certificate,(里面只包括公匙), 默认生成的对应的是私匙在debug.keystore 中
对证书的byte[]数据做md5就是对应的md5签名了,参考上面代码的第一个函数
