【Android】一个获取Android应用签名摘要的App工具

将APK发布到应用商店或接入第三方的SDK时,有时需要提供APK的签名摘要信息,可以通过摘要算法MD5或SHA-1来获取签名的摘要,除了获取自己的APK签名,也可以获取手机上其他已安装的APK签名,只需要传入其他APK的包名即可.

private static final char[] HEX_CHAR = {

    '0', '1', '2', '3', '4', '5', '6', '7',

    '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'

};

/** 获取签名的MD5摘要 */

public String[] signatureDigest() {

   pkgInfo = mContext.getPackageManager().getPackageInfo(

               mContext.getPackageName(), PackageManager.GET_SIGNATURES);

    int length = pkgInfo.signatures.length;

    String[] digests = new String[length];

    for (int i = 0; i < length; ++i) {

        Signature sign = mPkgInfo.signatures[i];

        try {

            MessageDigest md5 = MessageDigest.getInstance("MD5");

            byte[] digest = md5.digest(sign.toByteArray()); // get digest with md5 algorithm

            digests[i] = toHexString(digest);

        } catch (NoSuchAlgorithmException e) {

            e.printStackTrace();

            digests[i] = null;

        }

    }

    return digests;

}

/** 将字节数组转化为对应的十六进制字符串 */

private String toHexString(byte[] rawByteArray) {

    char[] chars = new char[rawByteArray.length * 2];

    for (int i = 0; i < rawByteArray.length; ++i) {

        byte b = rawByteArray[i];

        chars[i*2] = HEX_CHAR[(b >>> 4 & 0x0F)];

        chars[i*2+1] = HEX_CHAR[(b & 0x0F)];

    }

    return new String(chars);

}

应用示例如下，输入手机上已安装的Apk包名（自动提示会列出匹配的所有包名），显示该Apk的签名MD5摘要：

完整代码可以从github上获取，Apk包可以在这里获取。

How to get app signature?|StackOverFlow 这篇文章提供了获取APK签名和证书的示例代码.

获取指定包名的APK签名，并输出签名的hash值：

Signature[] sigs = context.getPackageManager().getPackageInfo(

    context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;

for (Signature sig : sigs){    

    Log.i("MyApp", "Signature hashcode : " + sig.hashCode());

}

获取已安装的APK的签名,并从签名中生成X.509证书信息.

final PackageManager packageManager = context.getPackageManager();

final List packageList = packageManager.getInstalledPackages(PackageManager.GET_SIGNATURES);

for (PackageInfo p : packageList) {

    final String strName = p.applicationInfo.loadLabel(packageManager).toString();

    final String strVendor = p.packageName;

    sb.append("
" + strName + " / " + strVendor + "
");

    final Signature[] arrSignatures = p.signatures;

    for (final Signature sig : arrSignatures) {

        /*

        * Get the X.509 certificate.

        */

        final byte[] rawCert = sig.toByteArray();

        InputStream certStream = new ByteArrayInputStream(rawCert);

        final CertificateFactory certFactory;

        final X509Certificate x509Cert;

        try {

            certFactory = CertificateFactory.getInstance("X509");

            x509Cert = (X509Certificate) certFactory.generateCertificate(certStream);

            sb.append("Certificate subject: " + x509Cert.getSubjectDN() + "
");

            sb.append("Certificate issuer: " + x509Cert.getIssuerDN() + "
");

            sb.append("Certificate serial number: " + x509Cert.getSerialNumber() + "
");

            sb.append("
");

        }

        catch (CertificateException e) {

            // e.printStackTrace();

        }

    }

}