有没有一种方法来检查,如果一个应用程序签名调试或发布? [英] Is there a way to check if an app signature is debug or published?
问题描述
我目前正在开发的RPC服务,供开发者使用,但想确保我可以在另一个应用程序的调试键和他们的公钥进行区分。有没有一种方法来检查另一个应用程序的关键,并告诉它是否是一个关键的调试和NOT发布的应用程序键?
I am currently developing RPC services for developers to use, but would like to make sure that I can distinguish between another app's debug key and their public key. Is there a way to check another app's key and tell whether it is a debug key and NOT a published app key?
这样做的目的是为了能够告诉当他们的应用程序正在开发或释放的状态,我需要能够告诉他们是否应该访问我的dev的服务器或我的生产服务器。
The purpose of this is to be able to tell when their app is in development or release status, as I need to be able to tell whether they should be accessing my dev server or my production server.
推荐答案
在默认情况下使用Eclipse中androiddebugkey(例如)有一个 notAfter 日期和放大器;时间最多为1年的未来 - 这么短的值不接受Android电子市场 - 你可以用它来区分与开发商签订建立?或者......你可以只检查该应用程序使用公钥 - 让他们签署的RPC请求与他们的应用程序的android.content.pm.Signature
By default the androiddebugkey used by Eclipse (for instance) has a notAfter date & time that is at most 1 year in the future - such a short value is not accepted by the Android Market - you could use that to differentiate between developer signed builds? Or .. you could just check the publickey that the app uses - have them sign the RPC requests with the android.content.pm.Signature of their app?
PackageInfo pkgInfo = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES);
for (Signature appSignature : pkgInfo.signatures) {
// javax.security - NOT java.security!
X509Certificate appCertificate = X509Certificate.getInstance(appSignature.toByteArray());
// appCertificate.getNotAfter() can give you the date & time the cert expires
// appCertificate.getPublicKey() can give you the public key you sign the RPC requests with.
// appCertificate.getSubjectDN() will give you a Principal named "CN=Android Debug,O=Android,C=US" for any debug certificate that hasn't been handcrafted by the developer.
}
这篇关于有没有一种方法来检查,如果一个应用程序签名调试或发布?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
