android获取APK签名信息及MD5指纹

1.获取APK的签名信息

01 private String showUninstallAPKSignatures(String apkPath) {
02          String PATH_PackageParser = "android.content.pm.PackageParser";
03          try {
04              // apk包的文件路径
05              // 这是一个Package 解释器, 是隐藏的
06              // 构造函数的参数只有一个, apk文件的路径
07              // PackageParser packageParser = new PackageParser(apkPath);
08              Class pkgParserCls = Class.forName(PATH_PackageParser);
09              Class[] typeArgs = new Class[1];
10              typeArgs[0] = String.class;
11              Constructor pkgParserCt = pkgParserCls.getConstructor(typeArgs);
12              Object[] valueArgs = new Object[1];
13              valueArgs[0] = apkPath;
14              Object pkgParser = pkgParserCt.newInstance(valueArgs);
15              MediaApplication.logD(DownloadApk.class"pkgParser:" + pkgParser.toString());
16              // 这个是与显示有关的, 里面涉及到一些像素显示等等, 我们使用默认的情况
17              DisplayMetrics metrics = new DisplayMetrics();
18              metrics.setToDefaults();
19              // PackageParser.Package mPkgInfo = packageParser.parsePackage(new
20              // File(apkPath), apkPath,
21              // metrics, 0);
22              typeArgs = new Class[4];
23              typeArgs[0] = File.class;
24              typeArgs[1] = String.class;
25              typeArgs[2] = DisplayMetrics.class;
26              typeArgs[3] = Integer.TYPE;
27              Method pkgParser_parsePackageMtd = pkgParserCls.getDeclaredMethod("parsePackage",
28                      typeArgs);
29              valueArgs = new Object[4];
30              valueArgs[0] = new File(apkPath);
31              valueArgs[1] = apkPath;
32              valueArgs[2] = metrics;
33              valueArgs[3] = PackageManager.GET_SIGNATURES;
34              Object pkgParserPkg = pkgParser_parsePackageMtd.invoke(pkgParser, valueArgs);
35               
36              typeArgs = new Class[2];
37              typeArgs[0] = pkgParserPkg.getClass();
38              typeArgs[1] = Integer.TYPE;
39              Method pkgParser_collectCertificatesMtd = pkgParserCls.getDeclaredMethod("collectCertificates",
40                      typeArgs);
41              valueArgs = new Object[2];
42              valueArgs[0] = pkgParserPkg;
43              valueArgs[1] = PackageManager.GET_SIGNATURES;
44              pkgParser_collectCertificatesMtd.invoke(pkgParser, valueArgs);
45              // 应用程序信息包, 这个公开的, 不过有些函数, 变量没公开
46              Field packageInfoFld = pkgParserPkg.getClass().getDeclaredField("mSignatures");
47              Signature[] info = (Signature[]) packageInfoFld.get(pkgParserPkg);
48              MediaApplication.logD(DownloadApk.class"size:"+info.length);
49              MediaApplication.logD(DownloadApk.class, info[0].toCharsString());
50              return info[0].toCharsString();
51          catch (Exception e) {
52              e.printStackTrace();
53          }
54          return null;
55      }

获取程序自身的签名:

01 private String getSign(Context context) {
02     PackageManager pm = context.getPackageManager();
03     List apps = pm.getInstalledPackages(PackageManager.GET_SIGNATURES);
04     Iterator iter = apps.iterator();
05     while(iter.hasNext()) {
06          PackageInfo packageinfo = iter.next();
07          String packageName = packageinfo.packageName;
08          if (packageName.equals(instance.getPackageName())) {
09             MediaApplication.logD(DownloadApk.class, packageinfo.signatures[0].toCharsString());
10             return packageinfo.signatures[0].toCharsString();
11          }
12  }
13     return null;
14 }

对比2个方法的返回值来判断APK升级包的签名是否一致,一致就提示可以安装。

2.获取指定已安装完整签名信息,包括MD5指纹:

01 public void getSingInfo() {
02     try {
03         PackageInfo packageInfo = getPackageManager().getPackageInfo("com.sina,weibo", PackageManager.GET_SIGNATURES);
04         Signature[] signs = packageInfo.signatures;
05         Signature sign = signs[0];
06         parseSignature(sign.toByteArray());
07     catch (Exception e) {
08         e.printStackTrace();
09     }
10 }
11 public void parseSignature(byte[] signature) {
12     try {
13         CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
14         X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(signature));
15         String pubKey = cert.getPublicKey().toString();
16         String signNumber = cert.getSerialNumber().toString();
17         System.out.println("signName:" + cert.getSigAlgName());
18         System.out.println("pubKey:" + pubKey);
19         System.out.println("signNumber:" + signNumber);
20         System.out.println("subjectDN:"+cert.getSubjectDN().toString());
21     catch (CertificateException e) {
22         e.printStackTrace();
23     }
24 }

3.如何查看指定证书的指纹

1 D:>keytool  -list -alias 在导出时程序的别名(-alias 这个命令,好像不用也行,没有试,反正我一直都在使用) -keystore  tangshan.keystore(导出时使用的证书名称) -storepass 123456-keypass 123456
2  
3 出的结果为:
4  
5 在导出时程序的别名, 2011-7-29, PrivateKeyEntry,
6  
7 认证指纹 (MD5): 90:13:AF:46:0A:DC:5C:6C:77:0E:AA:AF:DA:8A:AB:72


http://www.g78.net/android-apk-signatures

你可能感兴趣的:(android)