Java 如何从代码中获取密钥库指纹
我目前正在努力为我正在开发的Unity3d应用程序提供一些安全保护,我想验证apk文件是否被某些修补程序篡改。我知道如何从构建的应用程序(如keytool)中获取密钥库指纹,但我很难弄清楚如何在运行时从我的应用程序代码中获取指纹,以检查它是否相同。到目前为止,我已经经历了很多其他的线程,但都没有成功(比如:)Java 如何从代码中获取密钥库指纹,java,c#,android,unity3d,unity5,Java,C#,Android,Unity3d,Unity5,我目前正在努力为我正在开发的Unity3d应用程序提供一些安全保护,我想验证apk文件是否被某些修补程序篡改。我知道如何从构建的应用程序(如keytool)中获取密钥库指纹,但我很难弄清楚如何在运行时从我的应用程序代码中获取指纹,以检查它是否相同。到目前为止,我已经经历了很多其他的线程,但都没有成功(比如:) 是否有人找到了解决方法,或者提示我应该从哪里开始寻找?提前谢谢 修改链接中的getCertificateSHA1Fingerprint函数,将Android上下文作为参数。从Unity获取
是否有人找到了解决方法,或者提示我应该从哪里开始寻找?提前谢谢 修改链接中的
getCertificateSHA1Fingerprint
函数,将Android上下文作为参数。从Unity获取上下文
,并将其发送到此函数,然后标记为静态
Java:
public final class CertificateSHA1Fingerprint
{
private static String getCertificateSHA1Fingerprint(Context mContext)
{
PackageManager pm = mContext.getPackageManager();
String packageName = mContext.getPackageName();
int flags = PackageManager.GET_SIGNATURES;
PackageInfo packageInfo = null;
try {
packageInfo = pm.getPackageInfo(packageName, flags);
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
Signature[] signatures = packageInfo.signatures;
byte[] cert = signatures[0].toByteArray();
InputStream input = new ByteArrayInputStream(cert);
CertificateFactory cf = null;
try {
cf = CertificateFactory.getInstance("X509");
} catch (CertificateException e) {
e.printStackTrace();
}
X509Certificate c = null;
try {
c = (X509Certificate) cf.generateCertificate(input);
} catch (CertificateException e) {
e.printStackTrace();
}
String hexString = null;
try {
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] publicKey = md.digest(c.getEncoded());
hexString = byte2HexFormatted(publicKey);
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
} catch (CertificateEncodingException e) {
e.printStackTrace();
}
return hexString;
}
public static String byte2HexFormatted(byte[] arr)
{
StringBuilder str = new StringBuilder(arr.length * 2);
for (int i = 0; i < arr.length; i++)
{
String h = Integer.toHexString(arr[i]);
int l = h.length();
if (l == 1) h = "0" + h;
if (l > 2) h = h.substring(l - 2, l);
str.append(h.toUpperCase());
if (i < (arr.length - 1)) str.append(':');
}
return str.toString();
}
}
公共最终课程证书
{
私有静态字符串getCertificateSHA1Fingerprint(上下文mContext)
{
PackageManager pm=mContext.getPackageManager();
字符串packageName=mContext.getPackageName();
int flags=PackageManager.GET_签名;
PackageInfo-PackageInfo=null;
试一试{
packageInfo=pm.getPackageInfo(packageName,flags);
}捕获(PackageManager.NameNotFounde异常){
e、 printStackTrace();
}
签名[]签名=packageInfo.signatures;
字节[]证书=签名[0]。toByteArray();
InputStream输入=新的ByteArrayInputStream(证书);
CertificateFactory cf=null;
试一试{
cf=CertificateFactory.getInstance(“X509”);
}捕获(证书例外e){
e、 printStackTrace();
}
X509证书c=null;
试一试{
c=(X509Certificate)cf.generateCertificate(输入);
}捕获(证书例外e){
e、 printStackTrace();
}
字符串hexString=null;
试一试{
MessageDigest md=MessageDigest.getInstance(“SHA1”);
byte[]publicKey=md.digest(c.getEncoded());
hexString=字节2HexFormatted(公钥);
}捕获(无算法异常e1){
e1.printStackTrace();
}捕获(证书编码异常e){
e、 printStackTrace();
}
返回十六进制字符串;
}
公共静态字符串字节2HEXFORMATED(字节[]arr)
{
StringBuilder str=新的StringBuilder(arr.length*2);
对于(int i=0;i2)h=h.子串(l-2,l);
str.append(h.toUpperCase());
如果(i<(arr.length-1))str.append(':');
}
return str.toString();
}
}
C#:
AndroidJavaClass unityClass;
AndroidJavaObject unityActivity;
AndroidJavaObject unityContext;
AndroidJavaClass customClass;
public string getCertificateSHA1Fingerprint()
{
//Replace with your full package name
string packageName = "com.example.CertificateSHA1Fingerprint";
unityClass = new AndroidJavaClass("com.unity3d.player.UnityPlayer");
unityActivity = unityClass.GetStatic<AndroidJavaObject>("currentActivity");
unityContext = unityActivity.Call<AndroidJavaObject>("getApplicationContext");
customClass = new AndroidJavaClass(packageName);
string result = customClass.CallStatic<string>("getCertificateSHA1Fingerprint", unityContext);
return result;
}
AndroidJavaClass单元类;
AndroidJavaObject unityActivity;
AndroidJavaObject unityContext;
AndroidJavaClass自定义类;
公共字符串getCertificateSHA1Fingerprint()
{
//替换为您的完整软件包名称
字符串packageName=“com.example.CertificateSHA1Fingerprint”;
unityClass=新的AndroidJavaClass(“com.unity3d.player.UnityPlayer”);
unityActivity=unityClass.GetStatic(“currentActivity”);
unityContext=unityActivity.Call(“getApplicationContext”);
customClass=新的AndroidJavaClass(packageName);
字符串结果=customClass.CallStatic(“getCertificateSHA1Fingerprint”,unityContext);
返回结果;
}
您只需使用Android Studio构建Java函数并将其转换为Jar或.AAR文件,然后将其放入Assets\Plugins\Android
文件夹中即可。C#代码将能够与它进行通信。这就像一种魅力,只需要让我的大脑思考如何在Android Studio中构建aar/jar文件。伟大的手册!非常感谢。我没有测试它,但它应该。很高兴我能帮忙。构建.aar和.jar对于新用户来说很难,但一旦你做了一次,你就会习惯了。不客气!