Android 将当前包的签名与 debug.keystore 进行比较 [英] Android compare signature of current package with debug.keystore

问题描述

正如我们所做的那样，当它处于开发模式(构建)时，我有由 debug.keystore(默认情况下)签名的应用程序.当它投入生产时，我们用我们的私钥对其进行签名.有没有办法在运行时确定当前包是用 debug.keystore 签名(处于开发模式)还是用我们的私钥签名(处于生产模式).

As all we do I have application which is signed by debug.keystore (by default) when it is in development mode (build). When it goes production we sign it with our private key. Is there any way to determine at runtime that current package is signed with debug.keystore (is in development mode) or is signed with our private key (is in production mode).

我尝试过类似的东西

    PackageManager packageManager = getPackageManager();
    try {
        Signature[] signs = packageManager.getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES).signatures;
        for (Signature signature : signs) {
            Log.d(TAG, "sign = " + signature.toCharsString());
        }
    } catch (NameNotFoundException e) {
        e.printStackTrace();
    }

我不知道下一步该怎么办?这是正确的做法吗?如何获取可比较的 debug.keystore 签名?

I don't know what to do next? Is this right way of doing this? How to obtain comparable debug.keystore signature?

我知道存在 MD5 指纹 keytool -list -keystore ~/.android/debug.keystore 但在 Signature 类中没有类似md5 指纹"的方法.我想这样做是因为 MapView Key、Logging、LicenseChecker 和类似的东西.

I know that exists MD5 Fingerprint keytool -list -keystore ~/.android/debug.keystore but in Signature class there is not "md5 fingerprint"-like method. I want to do this because of MapView Key, Logging, LicenseChecker and stuff like this.

推荐答案

PackageInfo 中的签名似乎没有很好地命名，因为该字段不包含包签名但包含签名者 X509 证书链.请注意，(大多数情况下)此链似乎仅限于一个自签名证书.

The signature in PackageInfo does not seem to be well named since tha field does not contain the package signature but the signer X509 certificate chain. Note that (most of the time) this chain seems to be limited to one single self-signed certificate.

根据 Android 开发者页面签署您的应用程序 使用此 DN 生成调试签名证书:CN=Android Debug,O=Android,C=US

According to the Android developer page Signing Your Applications the debug signature certificate is generated with this DN: CN=Android Debug,O=Android,C=US

因此很容易测试应用程序是否已在调试模式下签名:

Therefore it is easy to test if the application has been signed in debug mode:

private static final X500Principal DEBUG_DN = new X500Principal("CN=Android Debug,O=Android,C=US");
/* ... */
Signature raw = packageManager.getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES).signatures[0];
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(raw.toByteArray()));
boolean debug = cert.getSubjectX500Principal().equals(DEBUG_DN);

这篇关于Android 将当前包的签名与 debug.keystore 进行比较的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！