Jer*_*myK 6 android device-policy-manager
我试图在安装之前从 apk 文件中获取签名,但是我得到的是空的signingInfo 对象。PackageInfo 已正确填充与包相关的所有其他数据。
如果我安装 apk,然后使用 getPackageInfo,则将填充签名信息。不知道为什么它无法从 apk 本身获取它。
我是否遗漏了从 apk 文件获取签名的过程?
// This call works after installing the apk, it is able to pull the signature without issues
@Override
public boolean isPackageSignatureValid(final String packageName)
{
try
{
android.content.pm.PackageManager pm = context.getPackageManager();
PackageInfo packageInfo = pm.getPackageInfo(packageName, android.content.pm.PackageManager.GET_SIGNING_CERTIFICATES);
return validateSignature(packageInfo);
}
catch (android.content.pm.PackageManager.NameNotFoundException notFoundException)
{
return false;
}
}
// Calling this on the apk file prior to install, signingInfo is always null
@Override
public boolean isApkSignatureValid(final String apkFilePath)
{
android.content.pm.PackageManager pm = context.getPackageManager();
PackageInfo packageInfo = pm.getPackageArchiveInfo(apkFilePath, android.content.pm.PackageManager.GET_SIGNING_CERTIFICATES);
return validateSignature(packageInfo);
}
private boolean validateSignature(final PackageInfo packageInfo)
{
Signature[] signatures;
if (packageInfo == null || packageInfo.signingInfo == null)
{
return false;
}
if (packageInfo.signingInfo.hasMultipleSigners())
{
signatures = packageInfo.signingInfo.getApkContentsSigners();
}
else
{
signatures = packageInfo.signingInfo.getSigningCertificateHistory();
}
ArrayList<Integer> packageHashes = new ArrayList<>();
for (Signature sig : signatures)
{
// I know this is not the best way of doing this, please ignore for now as its not the main issue
packageHashes.add(sig.hashCode());
}
return isHashValid(packageHashes);
}
GET_SIGNING_CERTIFICATES从 API 级别 28 开始添加标志。
在此之前您可以使用GET_SIGNATURES.
如果getPackageArchiveInfo()在 API 28+ 中仍然返回 null,则可以返回到已弃用GET_SIGNATURES标志。
从 API 级别 Tiramisu 开始,getPackageArchiveInfo()已弃用,可以使用此版本PackageManager.PackageInfoFlags来代替它接受标志集而不是PackageManager标志。
| 归档时间: |
|
| 查看次数: |
2682 次 |
| 最近记录: |