有没有办法检查应用程序签名是否已调试或已发布?
我目前正在开发 RPC 服务供开发人员使用,但想确保我可以区分另一个应用程序的调试密钥及其公钥。有没有办法检查另一个应用程序的密钥并判断它是否是调试密钥而不是已发布的应用程序密钥?
这样做的目的是能够判断他们的应用程序何时处于开发或发布状态,因为我需要能够判断他们是否应该访问我的开发服务器或我的生产服务器。
I am currently developing RPC services for developers to use, but would like to make sure that I can distinguish between another app's debug key and their public key. Is there a way to check another app's key and tell whether it is a debug key and NOT a published app key?
The purpose of this is to be able to tell when their app is in development or release status, as I need to be able to tell whether they should be accessing my dev server or my production server.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
默认情况下,Eclipse 使用的 androiddebugkey(例如)有一个
notAfter日期和日期。未来最多 1 年的时间 - Android 市场不接受如此短的值 - 您可以使用它来区分开发人员签名的版本吗?或者..您可以只检查应用程序使用的公钥 - 让他们使用其应用程序的 android.content.pm.Signature 签署 RPC 请求?PackageInfo pkgInfo = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES); for (Signature appSignature : pkgInfo.signatures) { // javax.security - NOT java.security! X509Certificate appCertificate = X509Certificate.getInstance(appSignature.toByteArray()); // appCertificate.getNotAfter() can give you the date & time the cert expires // appCertificate.getPublicKey() can give you the public key you sign the RPC requests with. // appCertificate.getSubjectDN() will give you a Principal named "CN=Android Debug,O=Android,C=US" for any debug certificate that hasn't been handcrafted by the developer. }By default the androiddebugkey used by Eclipse (for instance) has a
notAfterdate & time that is at most 1 year in the future - such a short value is not accepted by the Android Market - you could use that to differentiate between developer signed builds? Or .. you could just check the publickey that the app uses - have them sign the RPC requests with the android.content.pm.Signature of their app?PackageInfo pkgInfo = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES); for (Signature appSignature : pkgInfo.signatures) { // javax.security - NOT java.security! X509Certificate appCertificate = X509Certificate.getInstance(appSignature.toByteArray()); // appCertificate.getNotAfter() can give you the date & time the cert expires // appCertificate.getPublicKey() can give you the public key you sign the RPC requests with. // appCertificate.getSubjectDN() will give you a Principal named "CN=Android Debug,O=Android,C=US" for any debug certificate that hasn't been handcrafted by the developer. }第一次使用 debugkey 运行此代码,这将始终返回 false,但您将在 Logcat 中获得编码的密钥。
复制该编码密钥,并替换 DEBUGKEY 的值“ key ”,它将正常工作。
Run this code first time with debugkey, this will alway return false, but you'll get the encoded key in the Logcat.
Copy that encoded key, and replace value " key " of DEBUGKEY, and it will work fine.