android apk签名原理

//这个md5跟腾讯的对应
public Signature getPackageSignature( ){

Context context=getContext();
String packageName="com.jtys114.ddl";
PackageManager pm = context.getPackageManager();
List<PackageInfo> apps = pm.getInstalledPackages(PackageManager.GET_SIGNATURES);
Iterator<PackageInfo> it = apps.iterator();
while(it.hasNext()){
PackageInfo info = it.next();
if(info.packageName.equals(packageName)){
Signature s= info.signatures[0];
String cString= s.toCharsString();
String md5=MD5.getMessageDigest(s.toByteArray());
return s;
}
}
return null;
}

public void getSingInfo() {
try {

PackageInfo packageInfo = this.getContext().getPackageManager().getPackageInfo("com.jtys114.ddl", PackageManager.GET_SIGNATURES);
Signature[] signs = packageInfo.signatures;
Signature sign = signs[0];
parseSignature(sign.toByteArray());
} catch (Exception e) {
e.printStackTrace();
}
}
private void parseSignature(byte[] signature) {
try {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(signature));
String pubKey = cert.getPublicKey().toString();
String signNumber = cert.getSerialNumber().toString();
String signName=cert.getSigAlgName();
String subjectDN=cert.getSubjectDN().toString();

Log.d("T", "signName:" + signName);
Log.d("T","pubKey:" + pubKey);
Log.d("T","signNumber:" + signNumber);
Log.d("T","subjectDN:"+subjectDN);

} catch (CertificateException e) {
e.printStackTrace();
}
}
//==================
public String showUninstallAPKSignatures() {
String apkPath="com.jtys114.ddl";
String PATH_PackageParser = "android.content.pm.PackageParser";
try {
// apk包的文件路径
// 这是一个Package 解释器, 是隐藏的
// 构造函数的参数只有一个, apk文件的路径
// PackageParser packageParser = new PackageParser(apkPath);
Class pkgParserCls = Class.forName(PATH_PackageParser);
Class[] typeArgs = new Class[1];
typeArgs[0] = String.class;
Constructor pkgParserCt = pkgParserCls.getConstructor(typeArgs);
Object[] valueArgs = new Object[1];
valueArgs[0] = apkPath;
Object pkgParser = pkgParserCt.newInstance(valueArgs);

// 这个是与显示有关的, 里面涉及到一些像素显示等等, 我们使用默认的情况
DisplayMetrics metrics = new DisplayMetrics();
metrics.setToDefaults();
// PackageParser.Package mPkgInfo = packageParser.parsePackage(new
// File(apkPath), apkPath,
// metrics, 0);
typeArgs = new Class[4];
typeArgs[0] = File.class;
typeArgs[1] = String.class;
typeArgs[2] = DisplayMetrics.class;
typeArgs[3] = Integer.TYPE;
Method pkgParser_parsePackageMtd = pkgParserCls.getDeclaredMethod("parsePackage",
typeArgs);
valueArgs = new Object[4];
valueArgs[0] = new File(apkPath);
valueArgs[1] = apkPath;
valueArgs[2] = metrics;
valueArgs[3] = PackageManager.GET_SIGNATURES;
Object pkgParserPkg = pkgParser_parsePackageMtd.invoke(pkgParser, valueArgs);

typeArgs = new Class[2];
typeArgs[0] = pkgParserPkg.getClass();
typeArgs[1] = Integer.TYPE;
Method pkgParser_collectCertificatesMtd = pkgParserCls.getDeclaredMethod("collectCertificates",
typeArgs);
valueArgs = new Object[2];
valueArgs[0] = pkgParserPkg;
valueArgs[1] = PackageManager.GET_SIGNATURES;
pkgParser_collectCertificatesMtd.invoke(pkgParser, valueArgs);
// 应用程序信息包, 这个公开的, 不过有些函数, 变量没公开
Field packageInfoFld = pkgParserPkg.getClass().getDeclaredField("mSignatures");
Signature[] info = (Signature[]) packageInfoFld.get(pkgParserPkg);

String r= info[0].toCharsString();
return r;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}

View Code
每个apk，会带一份X509Certificate，（里面只包括公匙), 默认生成的对应的是私匙在debug.keystore 中

对证书的byte[]数据做md5就是对应的md5签名了，参考上面代码的第一个函数