基于android-11.0.0_r39，系统应用的手动签名方法和过程

片头

• 基于android-11.0.0_r39
• 这个版本签名工具的路径和之前android 9 的相比，有变化，操作过程及记录如下

1. 签名的命令

szhou@Android:~/aosp_works/aosp$ java -jar -Djava.library.path="/home/szhou/aosp_works/aosp/out/host/linux-x86/lib64/"  out/soong/host/linux-x86/framework/signapk.jar  myapk/platform.x509.pem myapk/platform.pk8 myapk/app-debug.apk myapk/app-debug-signed.apk

.

2. 签名的过程及错误

2.1 no conscrypt_openjdk_jni-linux-x86_64

szhou@Android:~/aosp_works/aosp$ java -jar -Djava.library.path="/home/szhou/aosp_works/aosp/out/host/linux-x86/lib64/"  out/soong/host/linux-x86/framework/signapk.jar  myapk/platform.x509.pem myapk/platform.pk8 myapk/app-debug.apk myapk/app-debug-signed.apk
Exception in thread "main" java.lang.UnsatisfiedLinkError: no conscrypt_openjdk_jni-linux-x86_64 in java.library.path: [/home/szhou/aosp_works/aosp/out/host/linux-x86/lib64/]
        at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2660)
        at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:829)
        at java.base/java.lang.System.loadLibrary(System.java:1867)
        at org.conscrypt.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:54)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.conscrypt.NativeLibraryLoader$1.run(NativeLibraryLoader.java:297)
        at org.conscrypt.NativeLibraryLoader$1.run(NativeLibraryLoader.java:289)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at org.conscrypt.NativeLibraryLoader.loadLibraryFromHelperClassloader(NativeLibraryLoader.java:289)
        at org.conscrypt.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:262)
        at org.conscrypt.NativeLibraryLoader.load(NativeLibraryLoader.java:162)
        at org.co

szhou@Android:~/aosp_works/aosp$ cp prebuilts/sdk/tools/linux/lib64/libconscrypt_openjdk_jni.so /home/szhou/aosp_works/aosp/out/host/linux-x86/lib64/
szhou@Android:~/aosp_works/aosp$ 

.

2.2 RegisterNatives failed for ‘org/conscrypt/NativeCrypto’

• aosp源码下有好几个libconscrypt_openjdk_jni.so
• 若复制的SO不正确，就会出现此错误，这个时候只需要查找aosp目录下的libconscrypt_openjdk_jni.so，即可找到正确的

szhou@Android:~/aosp_works/aosp$ cp prebuilts/sdk/tools/linux/lib64/libconscrypt_openjdk_jni.so /home/szhou/aosp_works/aosp/out/host/linux-x86/lib64/
szhou@Android:~/aosp_works/aosp$ java -jar -Djava.library.path="/home/szhou/aosp_works/aosp/out/host/linux-x86/lib64/"  out/soong/host/linux-x86/framework/signapk.jar  myapk/platform.x509.pem myapk/platform.pk8 myapk/app-debug.apk myapk/app-debug-signed.apk
FATAL ERROR in native method: RegisterNatives failed for 'org/conscrypt/NativeCrypto'; aborting...
        at java.lang.ClassLoader$NativeLibrary.load0([email protected]/Native Method)
        at java.lang.ClassLoader$NativeLibrary.load([email protected]/ClassLoader.java:2430)
        at java.lang.ClassLoader$NativeLibrary.loadLibrary([email protected]/ClassLoader.java:2487)
        - locked <0x0000000455c07640> (a java.util.HashSet)
        at java.lang.ClassLoader.loadLibrary0([email protected]/ClassLoader.java:2684)
        at java.lang.ClassLoader.loadLibrary([email protected]/ClassLoader.java:2649)
        at java.lang.Runtime.loadLibrary0([email protected]/Runtime.java:829)
        - locked <0x0000000455c07aa0> (a java.lang.Runtime)
        at java.lang.System.loadLibrary([email protected]/System.java:1867)
        at org.conscrypt.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:54)
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0([email protected]/Native Method)
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke([email protected]/NativeMethodAccessorImpl.java:62)
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke([email protected]/DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke([email protected]/Method.java:566)
        at org.conscrypt.NativeLibraryLoader$1.run(NativeLibraryLoader.java:297)
        at org.conscrypt.NativeLibraryLoader$1.run(NativeLibraryLoader.java:289)
        at java.security.AccessController.doPrivileged([email protected]/Native Method)
        at org.conscrypt.NativeLibraryLoader.loadLibraryFromHelperClassloader(NativeLibraryLoader.java:289)
        at org.conscrypt.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:262)
        at org.conscrypt.NativeLibraryLoader.load(NativeLibraryLoader.java:162)
        at org.conscrypt.NativeLibraryLoader.loadFirstAvailable(NativeLibraryLoader.java:106)
        at org.conscrypt.NativeCryptoJni.init(NativeCryptoJni.java:50)
        at org.conscrypt.NativeCrypto.<clinit>(NativeCrypto.java:63)
        at org.conscrypt.OpenSSLProvider.<init>(OpenSSLProvider.java:58)
        at org.conscrypt.OpenSSLProvider.<init>(OpenSSLProvider.java:51)
        at org.conscrypt.OpenSSLProvider.<init>(OpenSSLProvider.java:47)
        at com.android.signapk.SignApk.main(SignApk.java:1038)
已放弃 (核心已转储)
szhou@Android:~/aosp_works/aosp$

2.3 查找正确的libconscrypt_openjdk_jni.so

• 从之前经验，必须使用编译时生成的，也就是soong下的这个
• 若有不确定，逐个复制到out/host/linux-x86/lib64/目录下测试即可

szhou@Android:~/aosp_works/aosp/out$ find . -name libconscrypt_openjdk_jni.so
./soong/.intermediates/external/conscrypt/libconscrypt_openjdk_jni/linux_glibc_x86_64_shared/libconscrypt_openjdk_jni.so
./soong/host/linux-x86/lib64/libconscrypt_openjdk_jni.so
./host/linux-x86/lib64/libconscrypt_openjdk_jni.so
szhou@Android:~/aosp_works/aosp/out$ cp ./soong/.intermediates/external/conscrypt/libconscrypt_openjdk_jni/linux_glibc_x86_64_shared/libconscrypt_openjdk_jni.so^C
szhou@Android:~/aosp_works/aosp/out$ cd .. 
szhou@Android:~/aosp_works/aosp$ cp ./soong/.intermediates/external/conscrypt/libconscrypt_openjdk_jni/linux_glibc_x86_64_shared/libconscrypt_openjdk_jni.so /home/szhou/aosp_works/aosp/out/host/linux-x86/lib64/
cp: 无法获取'./soong/.intermediates/external/conscrypt/libconscrypt_openjdk_jni/linux_glibc_x86_64_shared/libconscrypt_openjdk_jni.so' 的文件状态(stat): 没有那个文件或目录
szhou@Android:~/aosp_works/aosp$ cp ./out/soong/.intermediates/external/conscrypt/libconscrypt_openjdk_jni/linux_glibc_x86_64_shared/libconscrypt_openjdk_jni.so /home/szhou/aosp_works/aosp/out/host/linux-x86/lib64/
szhou@Android:~/aosp_works/aosp$ java -jar -Djava.library.path="/home/szhou/aosp_works/aosp/out/host/linux-x86/lib64/"  out/soong/host/linux-x86/framework/signapk.jar  myapk/platform.x509.pem myapk/platform.pk8 myapk/app-debug.apk myapk/app-debug-signed.apk

3. 查看APK的签名

szhou@Android:~/aosp_works/aosp$ keytool 
密钥和证书管理工具

命令:

 -certreq            生成证书请求
 -changealias        更改条目的别名
 -delete             删除条目
 -exportcert         导出证书
 -genkeypair         生成密钥对
 -genseckey          生成密钥
 -gencert            根据证书请求生成证书
 -importcert         导入证书或证书链
 -importpass         导入口令
 -importkeystore     从其他密钥库导入一个或所有条目
 -keypasswd          更改条目的密钥口令
 -list               列出密钥库中的条目
 -printcert          打印证书内容
 -printcertreq       打印证书请求的内容
 -printcrl           打印 CRL 文件的内容
 -storepasswd        更改密钥库的存储口令

使用 "keytool -?, -h, or --help" 可输出此帮助消息
使用 "keytool -command_name --help" 可获取 command_name 的用法。
使用 -conf <url> 选项可指定预配置的选项文件。
szhou@Android:~/aosp_works/aosp$ keytool  -printcert -jarfile myapk/app-debug-signed.apk 
签名者 #1:

签名:

所有者: EMAILADDRESS=[email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
发布者: EMAILADDRESS=[email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
序列号: ff0641323cf95512
生效时间: Tue Dec 23 14:43:41 CST 2014, 失效时间: Sat May 10 14:43:41 CST 2042
证书指纹:
         SHA1: 41:79:1C:9B:8F:AF:15:XX:AC:D5:AA:F5:92:10:XX:42:46:7D:82:77
         SHA256: 2D:37:0C:21:XX:DF:D5:53:D2:A7:96:31:4B:XX:92:5F:B3:8A:DE:EF:XX:86:4C:92:0B:BB:BB:12:88:7D:XX:XX
签名算法名称: SHA256withRSA
主体公共密钥算法: 2048 位 RSA 密钥
版本: 3

扩展: 

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 22 XX B8 1B XX 57 D6 4A   85 82 6D 0F 8D 54 31 78  "....W.J..m..T1x
0010: 64 A4 CF 0A                                        d...
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 22 F8 B8 1B C8 XX D6 4A   85 82 6D 0F 8D XX 31 78  "....W.J..m..T1x
0010: 64 A4 CF 0A                                        d...
]
]


szhou@Android:~/aosp_works/aosp$ java -jar -Djava.library.path="/home/szhou/aosp_works/aosp/out/host/linux-x86/lib64/"  out/soong/host/linux-x86/framework/signapk.jar  myapk/platform.x509.pem myapk/platform.pk8 myapk/app-debug.apk myapk/app-debug-signed.apk

.

4. 结束语

走过路过，有用到的，记得给点个赞哈~