获取应用签名、MD5、RSA1、RSA256签名的方法

获取应用签名、MD5、RSA1、RSA256签名的方法

获取三方apk的签名信息的方法

解压缩apk，获取META-INF目录下的CERT.RSA文件，然后通过以下命令获取签名信息：

 命令：keytool -printcert -file CERT.RSA
 类似输出如下:
 keytool -printcert -file CERT.RSA
所有者: CN=Unknown, OU="Google, Inc", O="Google, Inc", L=Mountain View, ST=CA, C=US
发布者: CN=Unknown, OU="Google, Inc", O="Google, Inc", L=Mountain View, ST=CA, C=US
序列号: 4934987e
生效时间: Tue Dec 02 10:07:58 CST 2008, 失效时间: Sat Apr 19 10:07:58 CST 2036
证书指纹:
	 SHA1: 24:BB:24:C0:5E:47:E0:AE:FA:68:A5:8A:76:61:79:D9:B6:13:A6:00
	 SHA256: 3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A
签名算法名称: MD5withRSA (disabled)
主体公共密钥算法: 1024 位 RSA 密钥 (弱)
版本: 1

通过AndroidStudio获取开发的apk的签名信息，参考：
https://www.jianshu.com/p/d00e9754df43

app代码中获取某个应用的签名数组

    public void callInterface() {
        String tempMethodName = getCurrentMethodName();
        Log.d("test111", "tempMethodName is:" + tempMethodName);


        int uid = Binder.getCallingUid();
        int pid = Binder.getCallingPid();
        PackageManager packageManager = getPackageManager();
        String packageName = getCallingPackageName();
        Log.d("test111", "callingPackageName is:" + packageName);
        packageName = "com.google.android.apps.photos";
        try {
            PackageInfo packageInfo = packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES);

            Signature[] signatures = packageInfo.signingInfo.getApkContentsSigners();
            int len = signatures != null ? signatures.length : 0;
            if (0 == len) {
                Log.w("test111", "get 0 signatures2!");
                return;
            }

            for (int i = 0; i < len; i++) {
                Signature signature = signatures[i];
                printCharArray(signature.toChars());
                printByteArray(signature.toByteArray());// 这里是获取md3,RSA1,RSA256签名所需要的byte[]数据
                Log.d("test111", "signature.toCharsString():" + signature.toCharsString());
                String md5 = encryptionMD5(signature.toByteArray());
                Log.d("test111", "md5:" + md5);
                parseSignature(signature.toByteArray());
                String shaSignature = getSHA1Signature(signature.toByteArray());
                Log.d("test111", "shaSignature:" + shaSignature);
                String getSHA256Signature = getSHA256Signature(signature.toByteArray());
                Log.d("test111", "getSHA256Signature:" + getSHA256Signature);
            }

        } catch (PackageManager.NameNotFoundException ex) {
            Log.w("test111", "error", ex);
        }

    }

根据签名byte[]数组获取MD5签名

    public static String encryptionMD5(byte[] byteStr) {
        MessageDigest messageDigest = null;
        StringBuffer md5StrBuff = new StringBuffer();
        try {
            messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.reset();
            messageDigest.update(byteStr);
            byte[] byteArray = messageDigest.digest();
            for (int i = 0; i < byteArray.length; i++) {
                if (Integer.toHexString(0xFF & byteArray[i]).length() == 1) {
                    md5StrBuff.append("0").append(Integer.toHexString(0xFF & byteArray[i]));
                } else {
                    md5StrBuff.append(Integer.toHexString(0xFF & byteArray[i]));
                }
            }
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        return md5StrBuff.toString();
    }

根据签名byte[]数组获取SHA1签名

    public String getSHA1Signature(byte[] array) {
        try {
            MessageDigest md = MessageDigest.getInstance("SHA1");
            byte[] publicKey = md.digest(array);
            StringBuilder hexString = new StringBuilder();
            for (int i = 0; i < publicKey.length; i++) {
                String appendString = Integer.toHexString(0xFF & publicKey[i])
                        .toUpperCase(Locale.US);
                if (appendString.length() == 1)
                    hexString.append("0");
                hexString.append(appendString);
                hexString.append(":");
            }
            hexString.deleteCharAt(hexString.length() - 1);
            return hexString.toString();
        } catch (NoSuchAlgorithmException ex) {
            Log.w("test111", "error", ex);
        }
        return null;
    }

根据签名byte[]数组获取SHA256签名

    public String getSHA256Signature(byte[] array) {
        try {
            MessageDigest md = MessageDigest.getInstance("SHA256");
            byte[] publicKey = md.digest(array);
            StringBuilder hexString = new StringBuilder();
            for (int i = 0; i < publicKey.length; i++) {
                String appendString = Integer.toHexString(0xFF & publicKey[i])
                        .toUpperCase(Locale.US);
                if (appendString.length() == 1)
                    hexString.append("0");
                hexString.append(appendString);
                hexString.append(":");
            }
            hexString.deleteCharAt(hexString.length() - 1);
            return hexString.toString();
        } catch (NoSuchAlgorithmException ex) {
            Log.w("test111", "error", ex);
        }
        return null;
    }

通过app代码获取到的签名信息，可以跟keytool工具获取到的信息进行对比校验，是一致的。