如何從此應用程序內部獲取應用程序證書的指紋? 我想檢查應用程序是否與我自己的證書一起燒錄,或者是否被重新打包/黑客入侵。從Android應用程序獲取證書指紋
我在這裏找到了解決方案的一部分:Get Certificate from Android Application。所以現在的問題是:如何檢查證書的指紋。
如何從此應用程序內部獲取應用程序證書的指紋? 我想檢查應用程序是否與我自己的證書一起燒錄,或者是否被重新打包/黑客入侵。從Android應用程序獲取證書指紋
我在這裏找到了解決方案的一部分:Get Certificate from Android Application。所以現在的問題是:如何檢查證書的指紋。
我把它放在這裏 - 功能給出了與keytool相同的結果。
private String getCertificateSHA1Fingerprint() {
PackageManager pm = mContext.getPackageManager();
String packageName = mContext.getPackageName();
int flags = PackageManager.GET_SIGNATURES;
PackageInfo packageInfo = null;
try {
packageInfo = pm.getPackageInfo(packageName, flags);
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
Signature[] signatures = packageInfo.signatures;
byte[] cert = signatures[0].toByteArray();
InputStream input = new ByteArrayInputStream(cert);
CertificateFactory cf = null;
try {
cf = CertificateFactory.getInstance("X509");
} catch (CertificateException e) {
e.printStackTrace();
}
X509Certificate c = null;
try {
c = (X509Certificate) cf.generateCertificate(input);
} catch (CertificateException e) {
e.printStackTrace();
}
String hexString = null;
try {
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] publicKey = md.digest(c.getEncoded());
hexString = byte2HexFormatted(publicKey);
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
} catch (CertificateEncodingException e) {
e.printStackTrace();
}
return hexString;
}
public static String byte2HexFormatted(byte[] arr) {
StringBuilder str = new StringBuilder(arr.length * 2);
for (int i = 0; i < arr.length; i++) {
String h = Integer.toHexString(arr[i]);
int l = h.length();
if (l == 1) h = "0" + h;
if (l > 2) h = h.substring(l - 2, l);
str.append(h.toUpperCase());
if (i < (arr.length - 1)) str.append(':');
}
return str.toString();
}
對不起,我的解決方案速度更快,謝謝你的時間;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import android.app.Activity;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.Signature;
import android.os.Bundle;
import android.util.Log;
public class MainActivity extends Activity {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
PackageManager pm = this.getPackageManager();
String packageName = this.getPackageName();
int flags = PackageManager.GET_SIGNATURES;
PackageInfo packageInfo = null;
try {
packageInfo = pm.getPackageInfo(packageName, flags);
} catch (NameNotFoundException e) {
e.printStackTrace();
}
Signature[] signatures = packageInfo.signatures;
byte[] cert = signatures[0].toByteArray();
InputStream input = new ByteArrayInputStream(cert);
CertificateFactory cf = null;
try {
cf = CertificateFactory.getInstance("X509");
} catch (CertificateException e) {
e.printStackTrace();
}
X509Certificate c = null;
try {
c = (X509Certificate) cf.generateCertificate(input);
} catch (CertificateException e) {
e.printStackTrace();
}
try {
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] publicKey = md.digest(c.getPublicKey().getEncoded());
StringBuffer hexString = new StringBuffer();
for (int i=0;i<publicKey.length;i++) {
String appendString = Integer.toHexString(0xFF & publicKey[i]);
if(appendString.length()==1)hexString.append("0");
hexString.append(appendString);
}
Log.d("Example", "Cer: "+ hexString.toString());
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
}
}
}
您可能想查看[應用程序許可](http://developer.android.com/guide/publishing/licensing.html)。請注意,它只適用於您的應用程序支付。 – Felix 2012-02-15 13:44:14
我的應用沒有支付。我聽說過有關廣告軟件的應用程序重新包裝,修改(更改廣告發布者ID)併發送到市場。 – piotrpo 2012-02-15 13:52:34
是簽名指紋還是簽名?它與'keytool -printcert -file sign.rsa'生成的不同# – Zennichimaro 2014-07-14 02:30:00
好作品................ – 2015-08-31 16:34:47
嗨,它與調試kestore一起工作。但在使用簽名的apk時出現此錯誤 java.lang.NoSuchMethodError:沒有靜態方法setTimeout(Le/a/b/c/d; J)類Lorg/apache/http/conn/params/ConnManagerParams中的V;或其超類('org.apache.http.conn.params.ConnManagerParams'的聲明出現在/system/framework/ext.jar中) – arjunkn 2016-03-19 11:00:03
我不認爲這個錯誤與密鑰庫有關。應用程序中的另一段代碼可能會導致此異常。用你的密鑰庫檢查一個空項目中的函數 - 這應該起作用。 – matreshkin 2016-03-20 13:00:19