android获取APK签名信息及MD5指纹
Posted wulianghuan
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了android获取APK签名信息及MD5指纹相关的知识,希望对你有一定的参考价值。
1.获取APK的签名信息
private String showUninstallAPKSignatures(String apkPath)
String PATH_PackageParser = "android.content.pm.PackageParser";
try
// apk包的文件路径
// 这是一个Package 解释器, 是隐藏的
// 构造函数的参数只有一个, apk文件的路径
// PackageParser packageParser = new PackageParser(apkPath);
Class pkgParserCls = Class.forName(PATH_PackageParser);
Class[] typeArgs = new Class[1];
typeArgs[0] = String.class;
Constructor pkgParserCt = pkgParserCls.getConstructor(typeArgs);
Object[] valueArgs = new Object[1];
valueArgs[0] = apkPath;
Object pkgParser = pkgParserCt.newInstance(valueArgs);
MediaApplication.logD(DownloadApk.class, "pkgParser:" + pkgParser.toString());
// 这个是与显示有关的, 里面涉及到一些像素显示等等, 我们使用默认的情况
DisplayMetrics metrics = new DisplayMetrics();
metrics.setToDefaults();
// PackageParser.Package mPkgInfo = packageParser.parsePackage(new
// File(apkPath), apkPath,
// metrics, 0);
typeArgs = new Class[4];
typeArgs[0] = File.class;
typeArgs[1] = String.class;
typeArgs[2] = DisplayMetrics.class;
typeArgs[3] = Integer.TYPE;
Method pkgParser_parsePackageMtd = pkgParserCls.getDeclaredMethod("parsePackage",
typeArgs);
valueArgs = new Object[4];
valueArgs[0] = new File(apkPath);
valueArgs[1] = apkPath;
valueArgs[2] = metrics;
valueArgs[3] = PackageManager.GET_SIGNATURES;
Object pkgParserPkg = pkgParser_parsePackageMtd.invoke(pkgParser, valueArgs);
typeArgs = new Class[2];
typeArgs[0] = pkgParserPkg.getClass();
typeArgs[1] = Integer.TYPE;
Method pkgParser_collectCertificatesMtd = pkgParserCls.getDeclaredMethod("collectCertificates",
typeArgs);
valueArgs = new Object[2];
valueArgs[0] = pkgParserPkg;
valueArgs[1] = PackageManager.GET_SIGNATURES;
pkgParser_collectCertificatesMtd.invoke(pkgParser, valueArgs);
// 应用程序信息包, 这个公开的, 不过有些函数, 变量没公开
Field packageInfoFld = pkgParserPkg.getClass().getDeclaredField("mSignatures");
Signature[] info = (Signature[]) packageInfoFld.get(pkgParserPkg);
MediaApplication.logD(DownloadApk.class, "size:"+info.length);
MediaApplication.logD(DownloadApk.class, info[0].toCharsString());
return info[0].toCharsString();
catch (Exception e)
e.printStackTrace();
return null;
获取程序自身的签名:
private String getSign(Context context)
PackageManager pm = context.getPackageManager();
List<PackageInfo> apps = pm.getInstalledPackages(PackageManager.GET_SIGNATURES);
Iterator<PackageInfo> iter = apps.iterator();
while(iter.hasNext())
PackageInfo packageinfo = iter.next();
String packageName = packageinfo.packageName;
if (packageName.equals(instance.getPackageName()))
MediaApplication.logD(DownloadApk.class, packageinfo.signatures[0].toCharsString());
return packageinfo.signatures[0].toCharsString();
return null;
对比2个方法的返回值来判断APK升级包的签名是否一致,一致就提示可以安装。
2.获取指定已安装完整签名信息,包括MD5指纹:
public void getSingInfo()
try
PackageInfo packageInfo = getPackageManager().getPackageInfo("com.sina,weibo", PackageManager.GET_SIGNATURES);
Signature[] signs = packageInfo.signatures;
Signature sign = signs[0];
parseSignature(sign.toByteArray());
catch (Exception e)
e.printStackTrace();
public void parseSignature(byte[] signature)
try
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(signature));
String pubKey = cert.getPublicKey().toString();
String signNumber = cert.getSerialNumber().toString();
System.out.println("signName:" + cert.getSigAlgName());
System.out.println("pubKey:" + pubKey);
System.out.println("signNumber:" + signNumber);
System.out.println("subjectDN:"+cert.getSubjectDN().toString());
catch (CertificateException e)
e.printStackTrace();
3.如何查看指定证书的指纹
D:>keytool -list -alias 在导出时程序的别名(-alias 这个命令,好像不用也行,没有试,反正我一直都在使用) -keystore tangshan.keystore(导出时使用的证书名称) -storepass 123456-keypass 123456 出的结果为: 在导出时程序的别名, 2011-7-29, PrivateKeyEntry, 认证指纹 (MD5): 90:13:AF:46:0A:DC:5C:6C:77:0E:AA:AF:DA:8A:AB:72
以上是关于android获取APK签名信息及MD5指纹的主要内容,如果未能解决你的问题,请参考以下文章
Android 如何查看apk签名信息的MD5(SHA1和SHA256也可以)