Android的对比目前的封装debug.keystore签名 [英] Android compare signature of current package with debug.keystore

问题描述

由于我们所做的一切我有被debug.keystore（默认）签名的应用程序时，它处于开发模式（构建）。当它进入生产，我们与我们的私钥签名。 有什么方法来确定，当前的包装与debug.keystore签（在开发模式下），或者与我们的专用密钥（处于生产模式）签署运行。

As all we do I have application which is signed by debug.keystore (by default) when it is in development mode (build). When it goes production we sign it with our private key. Is there any way to determine at runtime that current package is signed with debug.keystore (is in development mode) or is signed with our private key (is in production mode).

我想是这样

    PackageManager packageManager = getPackageManager();
    try {
        Signature[] signs = packageManager.getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES).signatures;
        for (Signature signature : signs) {
            Log.d(TAG, "sign = " + signature.toCharsString());
        }
    } catch (NameNotFoundException e) {
        e.printStackTrace();
    }

我不知道下一步该怎么做？是这样做的这个正确的方式？如何获得可比较debug.keystore签名？

I don't know what to do next? Is this right way of doing this? How to obtain comparable debug.keystore signature?

我知道，存在MD5指纹的keytool -list -keystore〜/ .android / debug.keystore 但在Signature类没有MD5指纹般的方式。 我想这样做，因为MapView的重点，日志记录，LicenseChecker和这样的东西的。

I know that exists MD5 Fingerprint keytool -list -keystore ~/.android/debug.keystore but in Signature class there is not "md5 fingerprint"-like method. I want to do this because of MapView Key, Logging, LicenseChecker and stuff like this.

推荐答案

在签名 PackageInfo 似乎并没有得到很好的命名，因为塔字段不包含包签名但签名者X509证书链。需要注意的是（大部分时间）将该链似乎仅限于一个单一的自签名的证书。

The signature in PackageInfo does not seem to be well named since tha field does not contain the package signature but the signer X509 certificate chain. Note that (most of the time) this chain seems to be limited to one single self-signed certificate.

据Android开发的网页。的签名您的应用程序的的调试签名证书与此DN生成的： CN = Android的调试，O =的Andr​​oid，C = US

According to the Android developer page Signing Your Applications the debug signature certificate is generated with this DN: CN=Android Debug,O=Android,C=US

因此​​，这是容易测试，如果应用程序已在调试模式下已经签署：

Therefore it is easy to test if the application has been signed in debug mode:

private static final X500Principal DEBUG_DN = new X500Principal("CN=Android Debug,O=Android,C=US");
/* ... */
Signature raw = packageManager.getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES).signatures[0];
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(raw.toByteArray()));
boolean debug = cert.getSubjectX500Principal().equals(DEBUG_DN);

这篇关于Android的对比目前的封装debug.keystore签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！