Tam*_*mas 2 security android certificate
如何检查我的应用程序的签名是否与我用来签名的证书的签名相匹配?
这就是我应该如何获得证书指纹:
public String getCertificateFingerprint() throws NameNotFoundException, CertificateException, NoSuchAlgorithmException {
PackageManager pm = context.getPackageManager();
String packageName =context.getPackageName();
int flags = PackageManager.GET_SIGNATURES;
PackageInfo packageInfo = null;
packageInfo = pm.getPackageInfo(packageName, flags);
Signature[] signatures = packageInfo.signatures;
byte[] cert = signatures[0].toByteArray();
InputStream input = new ByteArrayInputStream(cert);
CertificateFactory cf = null;
cf = CertificateFactory.getInstance("X509");
X509Certificate c = null;
c = (X509Certificate) cf.generateCertificate(input);
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] publicKey = md.digest(c.getPublicKey().getEncoded());
StringBuffer hexString = new StringBuffer();
for (int i = 0; i < publicKey.length; i++) {
String appendString = Integer.toHexString(0xFF & publicKey[i]);
if (appendString.length() == 1)
hexString.append("0");
hexString.append(appendString);
}
return hexString.toString();
}
这就是我应该如何获得证书的指纹:
keytool -v -list -keystore filenameandpath
我的问题是,这两个会给出不同的结果.有人能指出我搞砸了什么吗?
您正在计算错误数据的MD5哈希值.证书的指纹是原始证书的哈希值(MD5,SHA1,SHA256等).即,你应该计算这些字节的哈希值:
byte[] cert = signatures[0].toByteArray();
例如,以下计算SHA1指纹,如果您愿意,只需将SHA1更改为MD5即可.
public String computeFingerPrint(final byte[] certRaw) {
String strResult = "";
MessageDigest md;
try {
md = MessageDigest.getInstance("SHA1");
md.update(certRaw);
for (byte b : md.digest()) {
strAppend = Integer.toString(b & 0xff, 16);
if (strAppend.length() == 1)
strResult += "0";
strResult += strAppend;
}
strResult = strResult.toUpperCase(DATA_LOCALE);
}
catch (NoSuchAlgorithmException ex) {
ex.printStackTrace();
}
return strResult;
}
| 归档时间: |
|
| 查看次数: |
3066 次 |
| 最近记录: |