PackageManager.getPackageArchiveInfo GET_SIGNING_CERTIFICATES 返回空签名信息
PackageManager.getPackageArchiveInfo with GET_SIGNING_CERTIFICATES returning null signing info
我试图在安装之前从 apk 文件中获取签名,但是我得到的是 null signingInfo 对象。 PackageInfo 已正确填充与包相关的所有其他数据。
如果我安装 apk,然后使用 getPackageInfo,将填充 signingInfo。不知道为什么它无法从 apk 本身获取它。
我是否遗漏了从 apk 文件获取签名的内容?
// This call works after installing the apk, it is able to pull the signature without issues
@Override
public boolean isPackageSignatureValid(final String packageName)
{
try
{
android.content.pm.PackageManager pm = context.getPackageManager();
PackageInfo packageInfo = pm.getPackageInfo(packageName, android.content.pm.PackageManager.GET_SIGNING_CERTIFICATES);
return validateSignature(packageInfo);
}
catch (android.content.pm.PackageManager.NameNotFoundException notFoundException)
{
return false;
}
}
// Calling this on the apk file prior to install, signingInfo is always null
@Override
public boolean isApkSignatureValid(final String apkFilePath)
{
android.content.pm.PackageManager pm = context.getPackageManager();
PackageInfo packageInfo = pm.getPackageArchiveInfo(apkFilePath, android.content.pm.PackageManager.GET_SIGNING_CERTIFICATES);
return validateSignature(packageInfo);
}
private boolean validateSignature(final PackageInfo packageInfo)
{
Signature[] signatures;
if (packageInfo == null || packageInfo.signingInfo == null)
{
return false;
}
if (packageInfo.signingInfo.hasMultipleSigners())
{
signatures = packageInfo.signingInfo.getApkContentsSigners();
}
else
{
signatures = packageInfo.signingInfo.getSigningCertificateHistory();
}
ArrayList<Integer> packageHashes = new ArrayList<>();
for (Signature sig : signatures)
{
// I know this is not the best way of doing this, please ignore for now as its not the main issue
packageHashes.add(sig.hashCode());
}
return isHashValid(packageHashes);
}
GET_SIGNING_CERTIFICATES 标记从 API 级别 28 开始添加。
在此之前你可以使用 GET_SIGNATURES.
如果 getPackageArchiveInfo() 在 API 28+ 中仍然 returns null,您可以返回到已弃用的 GET_SIGNATURES 标志。
从 API 级 Tiramisu 开始,getPackageArchiveInfo() 已弃用,可以使用 this version 来代替接受 PackageManager.PackageInfoFlags 标志集而不是 PackageManager 标志.
我试图在安装之前从 apk 文件中获取签名,但是我得到的是 null signingInfo 对象。 PackageInfo 已正确填充与包相关的所有其他数据。
如果我安装 apk,然后使用 getPackageInfo,将填充 signingInfo。不知道为什么它无法从 apk 本身获取它。
我是否遗漏了从 apk 文件获取签名的内容?
// This call works after installing the apk, it is able to pull the signature without issues
@Override
public boolean isPackageSignatureValid(final String packageName)
{
try
{
android.content.pm.PackageManager pm = context.getPackageManager();
PackageInfo packageInfo = pm.getPackageInfo(packageName, android.content.pm.PackageManager.GET_SIGNING_CERTIFICATES);
return validateSignature(packageInfo);
}
catch (android.content.pm.PackageManager.NameNotFoundException notFoundException)
{
return false;
}
}
// Calling this on the apk file prior to install, signingInfo is always null
@Override
public boolean isApkSignatureValid(final String apkFilePath)
{
android.content.pm.PackageManager pm = context.getPackageManager();
PackageInfo packageInfo = pm.getPackageArchiveInfo(apkFilePath, android.content.pm.PackageManager.GET_SIGNING_CERTIFICATES);
return validateSignature(packageInfo);
}
private boolean validateSignature(final PackageInfo packageInfo)
{
Signature[] signatures;
if (packageInfo == null || packageInfo.signingInfo == null)
{
return false;
}
if (packageInfo.signingInfo.hasMultipleSigners())
{
signatures = packageInfo.signingInfo.getApkContentsSigners();
}
else
{
signatures = packageInfo.signingInfo.getSigningCertificateHistory();
}
ArrayList<Integer> packageHashes = new ArrayList<>();
for (Signature sig : signatures)
{
// I know this is not the best way of doing this, please ignore for now as its not the main issue
packageHashes.add(sig.hashCode());
}
return isHashValid(packageHashes);
}
GET_SIGNING_CERTIFICATES 标记从 API 级别 28 开始添加。
在此之前你可以使用 GET_SIGNATURES.
如果 getPackageArchiveInfo() 在 API 28+ 中仍然 returns null,您可以返回到已弃用的 GET_SIGNATURES 标志。
从 API 级 Tiramisu 开始,getPackageArchiveInfo() 已弃用,可以使用 this version 来代替接受 PackageManager.PackageInfoFlags 标志集而不是 PackageManager 标志.