Cap*_*mmo 5 security android certificate android-intent
我想将包含敏感信息的意图发送到系统上的另一个应用程序,我也写过.在此之前,我需要验证我发送给他们的应用程序是否由我签名,而不仅仅是具有相同包名和类的流氓版本.我该如何以编程方式执行此操作?
我想使用通过startService()和startActivity()调度的显式意图来做到这一点,因此不存在广播意图的问题.也就是说,在我确认我指定的软件包名称是由作者安装和签名之前,我不想发送任何内容(我自己在这种特定情况下).
包管理器将为您提供任何已安装包的签名证书。
final PackageManager packageManager = context.getPackageManager();
final List<PackageInfo> packageList = packageManager.getInstalledPackages(PackageManager.GET_SIGNATURES);
CertificateFactory certFactory = null;
try {
certFactory = CertificateFactory.getInstance("X509");
}
catch (CertificateException e) {
// e.printStackTrace();
}
for (PackageInfo p : packageList) {
String strName = p.applicationInfo.loadLabel(packageManager).toString();
String strVendor = p.packageName;
sb.append("<br>" + strName + " / " + strVendor + "<br>");
Signature[] arrSignatures = p.signatures;
for (Signature sig : arrSignatures) {
/*
* Get the X.509 certificate.
*/
byte[] rawCert = sig.toByteArray();
InputStream certStream = new ByteArrayInputStream(rawCert);
X509Certificate x509Cert = null;
try {
x509Cert = (X509Certificate) certFactory.generateCertificate(certStream);
}
catch (CertificateException e) {
// e.printStackTrace();
}
sb.append("Certificate subject: " + x509Cert.getSubjectDN() + "<br>");
sb.append("Certificate issuer: " + x509Cert.getIssuerDN() + "<br>");
sb.append("Certificate serial number: " + x509Cert.getSerialNumber() + "<br>");
sb.append("<br>");
}
}