遗忘海岸

江湖程序员 -Feiph(LM战士)

导航

android apk签名原理

//这个md5跟腾讯的对应    
public Signature getPackageSignature( ){
        
        Context context=getContext();
        String packageName="com.jtys114.ddl";
        PackageManager pm = context.getPackageManager();
        List<PackageInfo> apps = pm.getInstalledPackages(PackageManager.GET_SIGNATURES);
        Iterator<PackageInfo> it = apps.iterator();
        while(it.hasNext()){
            PackageInfo info = it.next();
            if(info.packageName.equals(packageName)){
                Signature s= info.signatures[0];
                String cString= s.toCharsString();
                String md5=MD5.getMessageDigest(s.toByteArray());
                return s;
            }
        }
        return null;
    }
    
    
    public void getSingInfo() {
        try {
            
            PackageInfo packageInfo = this.getContext().getPackageManager().getPackageInfo("com.jtys114.ddl", PackageManager.GET_SIGNATURES);
            Signature[] signs = packageInfo.signatures;
            Signature sign = signs[0];
            parseSignature(sign.toByteArray());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
    private void parseSignature(byte[] signature) {
        try {
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
            X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(signature));
            String pubKey = cert.getPublicKey().toString();
            String signNumber = cert.getSerialNumber().toString();
            String signName=cert.getSigAlgName();
            String subjectDN=cert.getSubjectDN().toString();
           
            Log.d("T", "signName:" + signName);
            Log.d("T","pubKey:" + pubKey);
            Log.d("T","signNumber:" + signNumber);
            Log.d("T","subjectDN:"+subjectDN);
           
        } catch (CertificateException e) {
            e.printStackTrace();
        }
    }
    //==================
    public String showUninstallAPKSignatures() {
        String apkPath="com.jtys114.ddl";
        String PATH_PackageParser = "android.content.pm.PackageParser";
        try {
            // apk包的文件路径
            // 这是一个Package 解释器, 是隐藏的
            // 构造函数的参数只有一个, apk文件的路径
            // PackageParser packageParser = new PackageParser(apkPath);
            Class pkgParserCls = Class.forName(PATH_PackageParser);
            Class[] typeArgs = new Class[1];
            typeArgs[0] = String.class;
            Constructor pkgParserCt = pkgParserCls.getConstructor(typeArgs);
            Object[] valueArgs = new Object[1];
            valueArgs[0] = apkPath;
            Object pkgParser = pkgParserCt.newInstance(valueArgs);
          
            // 这个是与显示有关的, 里面涉及到一些像素显示等等, 我们使用默认的情况
            DisplayMetrics metrics = new DisplayMetrics();
            metrics.setToDefaults();
            // PackageParser.Package mPkgInfo = packageParser.parsePackage(new
            // File(apkPath), apkPath,
            // metrics, 0);
            typeArgs = new Class[4];
            typeArgs[0] = File.class;
            typeArgs[1] = String.class;
            typeArgs[2] = DisplayMetrics.class;
            typeArgs[3] = Integer.TYPE;
            Method pkgParser_parsePackageMtd = pkgParserCls.getDeclaredMethod("parsePackage",
                    typeArgs);
            valueArgs = new Object[4];
            valueArgs[0] = new File(apkPath);
            valueArgs[1] = apkPath;
            valueArgs[2] = metrics;
            valueArgs[3] = PackageManager.GET_SIGNATURES;
            Object pkgParserPkg = pkgParser_parsePackageMtd.invoke(pkgParser, valueArgs);

            typeArgs = new Class[2];
            typeArgs[0] = pkgParserPkg.getClass();
            typeArgs[1] = Integer.TYPE;
            Method pkgParser_collectCertificatesMtd = pkgParserCls.getDeclaredMethod("collectCertificates",
                    typeArgs);
            valueArgs = new Object[2];
            valueArgs[0] = pkgParserPkg;
            valueArgs[1] = PackageManager.GET_SIGNATURES;
            pkgParser_collectCertificatesMtd.invoke(pkgParser, valueArgs);
            // 应用程序信息包, 这个公开的, 不过有些函数, 变量没公开
            Field packageInfoFld = pkgParserPkg.getClass().getDeclaredField("mSignatures");
            Signature[] info = (Signature[]) packageInfoFld.get(pkgParserPkg);

            String r= info[0].toCharsString();
            return r;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }
View Code

每个apk,会带一份X509Certificate,(里面只包括公匙), 默认生成的对应的是私匙在debug.keystore 中

对证书的byte[]数据做md5就是对应的md5签名了,参考上面代码的第一个函数

posted on 2015-09-08 15:38  遗忘海岸  阅读(568)  评论(0编辑  收藏  举报