Android 获取 APK 签名信息及 MD5 指纹
1.获取APK的签名信息
private String showUninstallAPKSignatures(String apkPath) { String PATH_PackageParser = "android.content.pm.PackageParser"; try { // apk包的文件路径 // 这是一个Package 解释器, 是隐藏的 // 构造函数的参数只有一个, apk文件的路径 // PackageParser packageParser = new PackageParser(apkPath); Class pkgParserCls = Class.forName(PATH_PackageParser); Class[] typeArgs = new Class[1]; typeArgs[0] = String.class; Constructor pkgParserCt = pkgParserCls.getConstructor(typeArgs); Object[] valueArgs = new Object[1]; valueArgs[0] = apkPath; Object pkgParser = pkgParserCt.newInstance(valueArgs); MediaApplication.logD(DownloadApk.class, "pkgParser:" + pkgParser.toString()); // 这个是与显示有关的, 里面涉及到一些像素显示等等, 我们使用默认的情况 DisplayMetrics metrics = new DisplayMetrics(); metrics.setToDefaults(); // PackageParser.Package mPkgInfo = packageParser.parsePackage(new // File(apkPath), apkPath, // metrics, 0); typeArgs = new Class[4]; typeArgs[0] = File.class; typeArgs[1] = String.class; typeArgs[2] = DisplayMetrics.class; typeArgs[3] = Integer.TYPE; Method pkgParser_parsePackageMtd = pkgParserCls.getDeclaredMethod("parsePackage", typeArgs); valueArgs = new Object[4]; valueArgs[0] = new File(apkPath); valueArgs[1] = apkPath; valueArgs[2] = metrics; valueArgs[3] = PackageManager.GET_SIGNATURES; Object pkgParserPkg = pkgParser_parsePackageMtd.invoke(pkgParser, valueArgs); typeArgs = new Class[2]; typeArgs[0] = pkgParserPkg.getClass(); typeArgs[1] = Integer.TYPE; Method pkgParser_collectCertificatesMtd = pkgParserCls.getDeclaredMethod("collectCertificates", typeArgs); valueArgs = new Object[2]; valueArgs[0] = pkgParserPkg; valueArgs[1] = PackageManager.GET_SIGNATURES; pkgParser_collectCertificatesMtd.invoke(pkgParser, valueArgs); // 应用程序信息包, 这个公开的, 不过有些函数, 变量没公开 Field packageInfoFld = pkgParserPkg.getClass().getDeclaredField("mSignatures"); Signature[] info = (Signature[]) packageInfoFld.get(pkgParserPkg); MediaApplication.logD(DownloadApk.class, "size:"+info.length); MediaApplication.logD(DownloadApk.class, info[0].toCharsString()); return info[0].toCharsString(); } catch (Exception e) { e.printStackTrace(); } return null; }
获取程序自身的签名:
private String getSign(Context context) { PackageManager pm = context.getPackageManager(); List<PackageInfo> apps = pm.getInstalledPackages(PackageManager.GET_SIGNATURES); Iterator<PackageInfo> iter = apps.iterator(); while(iter.hasNext()) { PackageInfo packageinfo = iter.next(); String packageName = packageinfo.packageName; if (packageName.equals(instance.getPackageName())) { MediaApplication.logD(DownloadApk.class, packageinfo.signatures[0].toCharsString()); return packageinfo.signatures[0].toCharsString(); } } return null; }
对比2个方法的返回值来判断APK升级包的签名是否一致,一致就提示可以安装。
2.获取指定已安装完整签名信息,包括MD5指纹:
public void getSingInfo() { try { PackageInfo packageInfo = getPackageManager().getPackageInfo("com.sina,weibo", PackageManager.GET_SIGNATURES); Signature[] signs = packageInfo.signatures; Signature sign = signs[0]; parseSignature(sign.toByteArray()); } catch (Exception e) { e.printStackTrace(); } } public void parseSignature(byte[] signature) { try { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(signature)); String pubKey = cert.getPublicKey().toString(); String signNumber = cert.getSerialNumber().toString(); System.out.println("signName:" + cert.getSigAlgName()); System.out.println("pubKey:" + pubKey); System.out.println("signNumber:" + signNumber); System.out.println("subjectDN:"+cert.getSubjectDN().toString()); } catch (CertificateException e) { e.printStackTrace(); } }
3.如何查看指定证书的指纹
D:>keytool -list -alias 在导出时程序的别名(-alias 这个命令,好像不用也行,没有试,反正我一直都在使用) -keystore tangshan.keystore(导出时使用的证书名称) -storepass 123456-keypass 123456 出的结果为: 在导出时程序的别名, 2011-7-29, PrivateKeyEntry, 认证指纹 (MD5): 90:13:AF:46:0A:DC:5C:6C:77:0E:AA:AF:DA:8A:AB:72