Some SDK providers need us to provide the package name and signature file (xxxxxx.jks file) MD5 value used when packaging the APK, and then the SDK server should perform a comparison to ensure the legitimacy of the merchant call. Otherwise, the package name alone can be forged. How to obtain the MD5 value of the signature file?
method one:
Originally, the md5 value could be viewed through the command keytool -list -v -keystore test.jks, but it is found that it cannot be viewed now, only SHA1 and SHA256
Method 2: Change to view from androidstudio
Configure your signature file in the app’s build.gradle, how to generate a signature file?
build–>Generate signed bundle\APK–>next –>Create new
android{
signingConfigs {
release {
keyAlias ‘test’
storePassword ‘666666’
keyPassword ‘666666’
storeFile file(‘E:\test.jks’)
}
debug {
keyAlias ‘test’
storePassword ‘666666’
keyPassword ‘666666’
storeFile file(‘E:\test.jks’)
}
}
}
Double-click signingReport in the gradle Tasks on the right to view the MD5 value of the signature file
Get rid of :
Method 3: Obtain from the PackageInfo class
package com.chinapay.umsfacesdkdemo.utils; import android. content. Context; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.content.pm.Signature; import android.util.Log; import java.security.MessageDigest; import java.util.ArrayList; import java.util.HashMap; /** * Get the signature tool class */ public class AppSigning { public final static String MD5 = "MD5"; public final static String SHA1 = "SHA1"; public final static String SHA256 = "SHA256"; private static HashMap<String, ArrayList<String>> mSignMap = new HashMap<>(); /** * Returns a string corresponding to the type of signature * * @param context * @param type * @return Because an installation package can be signed by multiple signature files, so return a list of signature information */ public static ArrayList<String> getSignInfo(Context context, String type) { if (context == null || type == null) { return null; } String packageName = context. getPackageName(); if (packageName == null) { return null; } if (mSignMap. get(type) != null) { return mSignMap. get(type); } ArrayList<String> mList = new ArrayList<String>(); try { Signature[] signs = getSignatures(context, packageName); for (Signature sig : signs) { String tmp = "error!"; if (MD5. equals(type)) { tmp = getSignatureByteString(sig, MD5); } else if (SHA1. equals(type)) { tmp = getSignatureByteString(sig, SHA1); } else if (SHA256. equals(type)) { tmp = getSignatureByteString(sig, SHA256); } mList.add(tmp); } } catch (Exception e) { Log. e("e", e. getMessage()); } mSignMap. put(type, mList); return mList; } /** * Get signature sha1 value * * @param context * @return */ public static String getSha1(Context context) { String res = ""; ArrayList<String> mlist = getSignInfo(context, SHA1); if (mlist != null & amp; & amp; mlist. size() != 0) { res = mlist. get(0); } return res; } /** * Get the signature MD5 value * * @param context * @return */ public static String getMD5(Context context) { String res = ""; ArrayList<String> mlist = getSignInfo(context, MD5); if (mlist != null & amp; & amp; mlist. size() != 0) { res = mlist. get(0); } return res; } /** * Get the signature SHA256 value * * @param context * @return */ public static String getSHA256(Context context) { String res = ""; ArrayList<String> mlist = getSignInfo(context, SHA256); if (mlist != null & amp; & amp; mlist. size() != 0) { res = mlist. get(0); } return res; } /** * Return the signature information of the corresponding package * * @param context * @param packageName * @return */ private static Signature[] getSignatures(Context context, String packageName) { PackageInfo packageInfo = null; try { packageInfo = context.getPackageManager().getPackageInfo(packageName, PackageManager.GET_SIGNATURES); return packageInfo. signatures; } catch (Exception e) { Log.e("e", e.toString()); } return null; } /** * Get the corresponding type of string (convert the signed byte[] information into hexadecimal) * * @param sig * @param type * @return */ private static String getSignatureString(Signature sig, String type) { byte[] hexBytes = sig.toByteArray(); String fingerprint = "error!"; try { MessageDigest digest = MessageDigest. getInstance(type); if (digest != null) { byte[] digestBytes = digest. digest(hexBytes); StringBuilder sb = new StringBuilder(); for (byte digestByte : digestBytes) { sb.append((Integer.toHexString((digestByte & 0xFF) | 0x100)).substring(1, 3)); } fingerprint = sb.toString(); } } catch (Exception e) { Log.e("e", e.toString()); } return fingerprint; } /** * Get the corresponding type of string (convert the signed byte[] information into a string form like 95:F4:D4:FG) * * @param sig * @param type * @return */ private static String getSignatureByteString(Signature sig, String type) { byte[] hexBytes = sig.toByteArray(); String fingerprint = "error!"; try { MessageDigest digest = MessageDigest. getInstance(type); if (digest != null) { byte[] digestBytes = digest. digest(hexBytes); StringBuilder sb = new StringBuilder(); for (byte digestByte : digestBytes) { sb.append(((Integer.toHexString((digestByte & amp; 0xFF) | 0x100)).substring(1, 3)).toUpperCase()); sb.append(":"); } fingerprint = sb.substring(0, sb.length() - 1).toString(); } } catch (Exception e) { Log.e("e", e.toString()); } return fingerprint; } }
Just call the above String md5=AppSigning.getMD5(MainActivity.this)