android|Android NDK JNI 入门笔记-day05-NDK应用签名校验 jni|ndk

Android NDK JNI 入门笔记目录
开头 NDK 实践-应用签名校验。
应用签名 Android 应用签名是应用打包过程的重要步骤之一，Google 要求所有的应用必须被签名才可以安装到 Android 操作系统中。
应用签名不能保证 APK 不被篡改，只是为了能够校验出 APK 是否被篡改。在系统安装过程中，如果发现 APK 被篡改，安装就会失败。
NDK 应用签名校验为了相对安全，一些敏感操作往往会使用 Native 的方式来实现。但是别人可以通过 APK 文件获取到我们的 .so 文件，进而使用我们的 .so。
但是应用签名的证书只有我们持有，我们可以通过 Native 校验签名来判断是否是我们自己的应用，如果不是可以返回错误或直接退出应用。
动手实践像之前一样创建一个 Native C++ 模板项目
项目准备
文章图片

查看证书指纹：新建的 Android 项目，默认的签名证书在用户根目录的 .android 目录中 ~/.android/debug.keystore

文章图片

$ keytool -list -v -keystore debug.keystore 输入密钥库口令: android

【android|Android NDK JNI 入门笔记-day05-NDK应用签名校验】

文章图片

Java 获取证书指纹

public class SignatureUtil {public static String getSignatureStr(Context context) { Signature signature = getSignature(context); byte[] cert = signature.toByteArray(); try { MessageDigest md5 = MessageDigest.getInstance("MD5"); MessageDigest sha1 = MessageDigest.getInstance("SHA1"); MessageDigest sha256 = MessageDigest.getInstance("SHA256"); byte[] md5Key = md5.digest(cert); byte[] sha1Key = sha1.digest(cert); byte[] sha256Key = sha256.digest(cert); return String.format("MD5: %s\n\nSHA1: %s\n\nSHA-256: %s", byteArrayToString(md5Key), byteArrayToString(sha1Key), byteArrayToString(sha256Key) ); } catch (Exception e) { return ""; } }public static Signature getSignature(Context argContext) { Signature signature = null; try { String packageName = argContext.getPackageName(); PackageManager packageManager = argContext.getPackageManager(); PackageInfo packageInfo = packageManager.getPackageInfo(packageName, GET_SIGNATURES); Signature[] signatures = packageInfo.signatures; signature = signatures[0]; } catch (NameNotFoundException e) { e.printStackTrace(); } return signature; }private static String byteArrayToString(byte[] array) { StringBuilder hexString = new StringBuilder(); for (int i = 0; i < array.length; i++) { String appendString = Integer.toHexString(0xFF & array[i]).toUpperCase(); if (appendString.length() == 1) hexString.append("0"); hexString.append(appendString); if(i < array.length - 1) hexString.append(":"); } return hexString.toString(); } }

Native 获取证书指纹这里用到了 HASH 算法，Android NDK JNI 入门笔记-day04-NDK实现Hash算法

jbyteArray getSignatureByte(JNIEnv *env, jobject context); void hashByteArray(HASH type, const void* data, size_t numBytes, char* resultData); void formatSignature(char* data, char* resultData); extern "C" JNIEXPORT jstring JNICALL Java_com_ihubin_ndkjni_NativeUtil_getSignature(JNIEnv *env, jclass clazz, jobject context) { jbyteArray cert_byteArray = getSignatureByte(env, context); jsize size = env->GetArrayLength(cert_byteArray); jbyte* jbyteArray = new jbyte[size]; env->GetByteArrayRegion(cert_byteArray, 0, size, jbyteArray); char certMD5[128] = {0}; hashByteArray(HASH_MD5, jbyteArray, size, certMD5); char certSHA1[128] = {0}; hashByteArray(HASH_SHA1, jbyteArray, size, certSHA1); char certSHA256[128] = {0}; hashByteArray(HASH_SHA256, jbyteArray, size, certSHA256); LOGD("MD5: %s", certMD5); LOGD("SHA1: %s", certSHA1); LOGD("SHA256: %s", certSHA256); char resultStr[1000] = {0}; strcat(resultStr, "MD5: "); strcat(resultStr, certMD5); strcat(resultStr, "\n\nSHA1: "); strcat(resultStr, certSHA1); strcat(resultStr, "\n\nSHA256: "); strcat(resultStr, certSHA256); return env->NewStringUTF(resultStr); }// Native 从 Context 中获取签名 jbyteArray getSignatureByte(JNIEnv *env, jobject context) { // Context 的类 jclass context_clazz = env->GetObjectClass(context); // 得到 getPackageManager 方法的 ID jmethodID methodID_getPackageManager = env->GetMethodID(context_clazz, "getPackageManager", "()Landroid/content/pm/PackageManager; "); // 获得 PackageManager 对象 jobject packageManager = env->CallObjectMethod(context, methodID_getPackageManager); // 获得 PackageManager 类 jclass packageManager_clazz=env->GetObjectClass(packageManager); // 得到 getPackageInfo 方法的 ID jmethodID methodID_getPackageInfo=env->GetMethodID(packageManager_clazz,"getPackageInfo", "(Ljava/lang/String; I)Landroid/content/pm/PackageInfo; "); // 得到 getPackageName 方法的 ID jmethodID methodID_getPackageName = env->GetMethodID(context_clazz,"getPackageName", "()Ljava/lang/String; "); // 获得当前应用的包名 jobject application_package_obj = env->CallObjectMethod(context, methodID_getPackageName); jstring application_package = static_cast(application_package_obj); const char* package_name = env->GetStringUTFChars(application_package, 0); LOGD("packageName: %s", package_name); // 获得 PackageInfo jobject packageInfo = env->CallObjectMethod(packageManager, methodID_getPackageInfo, application_package, 64); jclass packageinfo_clazz = env->GetObjectClass(packageInfo); // 获取签名 jfieldID fieldID_signatures = env->GetFieldID(packageinfo_clazz, "signatures", "[Landroid/content/pm/Signature; "); jobjectArray signature_arr = (jobjectArray)env->GetObjectField(packageInfo, fieldID_signatures); // Signature 数组中取出第一个元素 jobject signature = env->GetObjectArrayElement(signature_arr, 0); // 读 signature 的 ByteArray jclass signature_clazz = env->GetObjectClass(signature); jmethodID methodID_byteArray = env->GetMethodID(signature_clazz, "toByteArray", "()[B"); jobject cert_obj = env->CallObjectMethod(signature, methodID_byteArray); jbyteArray cert_byteArray = static_cast(cert_obj); return cert_byteArray; }// 获得签名的 MD5 SHA1 SHA256 void hashByteArray(HASH type, const void* data, size_t numBytes, char* resultData){ if(type == HASH_MD5) { MD5 md5; std::string md5String = md5(data, numBytes); int len = md5String.length()+1; char * tabStr = new char [md5String.length()+1]; strcpy(tabStr, md5String.c_str()); formatSignature(tabStr, resultData); } else if(type == HASH_SHA1) { SHA1 sha1; std::string sha1String = sha1(data, numBytes); char * tabStr = new char [sha1String.length()+1]; strcpy(tabStr, sha1String.c_str()); formatSignature(tabStr, resultData); } else if(type == HASH_SHA256) { SHA256 sha256; std::string sha256String = sha256(data, numBytes); char * tabStr = new char [sha256String.length()+1]; strcpy(tabStr, sha256String.c_str()); formatSignature(tabStr, resultData); } }// 格式化输出 void formatSignature(char* data, char* resultData) { int resultIndex = 0; int length = strlen(data); for(int i = 0; i < length; i++) { resultData[resultIndex] = static_cast(toupper(data[i])); if(i % 2 == 1 && i != length -1) { resultData[resultIndex+1] = ':'; resultIndex+=2; } else { resultIndex++; } } }

最终效果