Some SDK providers need us to provide the package name and signature file (xxxxxx.jks file) MD5 value used when packaging the APK, and then the SDK server should perform a comparison to ensure the legitimacy of the merchant call. Otherwise, the package name alone can be forged. How to obtain the MD5 value of the signature file?
method one:
Originally, the md5 value could be viewed through the command keytool -list -v -keystore test.jks, but it is found that it cannot be viewed now, only SHA1 and SHA256
Method 2: Change to view from androidstudio
Configure your signature file in the app’s build.gradle, how to generate a signature file?
build–>Generate signed bundle\APK–>next –>Create new
android{
signingConfigs {
release {
keyAlias ‘test’
storePassword ‘666666’
keyPassword ‘666666’
storeFile file(‘E:\test.jks’)
}
debug {
keyAlias ‘test’
storePassword ‘666666’
keyPassword ‘666666’
storeFile file(‘E:\test.jks’)
}
}
}
Double-click signingReport in the gradle Tasks on the right to view the MD5 value of the signature file
Get rid of :
Method 3: Obtain from the PackageInfo class
package com.chinapay.umsfacesdkdemo.utils;
import android. content. Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Log;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.HashMap;
/**
* Get the signature tool class
*/
public class AppSigning {
public final static String MD5 = "MD5";
public final static String SHA1 = "SHA1";
public final static String SHA256 = "SHA256";
private static HashMap<String, ArrayList<String>> mSignMap = new HashMap<>();
/**
* Returns a string corresponding to the type of signature
*
* @param context
* @param type
* @return Because an installation package can be signed by multiple signature files, so return a list of signature information
*/
public static ArrayList<String> getSignInfo(Context context, String type) {
if (context == null || type == null) {
return null;
}
String packageName = context. getPackageName();
if (packageName == null) {
return null;
}
if (mSignMap. get(type) != null) {
return mSignMap. get(type);
}
ArrayList<String> mList = new ArrayList<String>();
try {
Signature[] signs = getSignatures(context, packageName);
for (Signature sig : signs) {
String tmp = "error!";
if (MD5. equals(type)) {
tmp = getSignatureByteString(sig, MD5);
} else if (SHA1. equals(type)) {
tmp = getSignatureByteString(sig, SHA1);
} else if (SHA256. equals(type)) {
tmp = getSignatureByteString(sig, SHA256);
}
mList.add(tmp);
}
} catch (Exception e) {
Log. e("e", e. getMessage());
}
mSignMap. put(type, mList);
return mList;
}
/**
* Get signature sha1 value
*
* @param context
* @return
*/
public static String getSha1(Context context) {
String res = "";
ArrayList<String> mlist = getSignInfo(context, SHA1);
if (mlist != null & amp; & amp; mlist. size() != 0) {
res = mlist. get(0);
}
return res;
}
/**
* Get the signature MD5 value
*
* @param context
* @return
*/
public static String getMD5(Context context) {
String res = "";
ArrayList<String> mlist = getSignInfo(context, MD5);
if (mlist != null & amp; & amp; mlist. size() != 0) {
res = mlist. get(0);
}
return res;
}
/**
* Get the signature SHA256 value
*
* @param context
* @return
*/
public static String getSHA256(Context context) {
String res = "";
ArrayList<String> mlist = getSignInfo(context, SHA256);
if (mlist != null & amp; & amp; mlist. size() != 0) {
res = mlist. get(0);
}
return res;
}
/**
* Return the signature information of the corresponding package
*
* @param context
* @param packageName
* @return
*/
private static Signature[] getSignatures(Context context, String packageName) {
PackageInfo packageInfo = null;
try {
packageInfo = context.getPackageManager().getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
return packageInfo. signatures;
} catch (Exception e) {
Log.e("e", e.toString());
}
return null;
}
/**
* Get the corresponding type of string (convert the signed byte[] information into hexadecimal)
*
* @param sig
* @param type
* @return
*/
private static String getSignatureString(Signature sig, String type) {
byte[] hexBytes = sig.toByteArray();
String fingerprint = "error!";
try {
MessageDigest digest = MessageDigest. getInstance(type);
if (digest != null) {
byte[] digestBytes = digest. digest(hexBytes);
StringBuilder sb = new StringBuilder();
for (byte digestByte : digestBytes) {
sb.append((Integer.toHexString((digestByte & 0xFF) | 0x100)).substring(1, 3));
}
fingerprint = sb.toString();
}
} catch (Exception e) {
Log.e("e", e.toString());
}
return fingerprint;
}
/**
* Get the corresponding type of string (convert the signed byte[] information into a string form like 95:F4:D4:FG)
*
* @param sig
* @param type
* @return
*/
private static String getSignatureByteString(Signature sig, String type) {
byte[] hexBytes = sig.toByteArray();
String fingerprint = "error!";
try {
MessageDigest digest = MessageDigest. getInstance(type);
if (digest != null) {
byte[] digestBytes = digest. digest(hexBytes);
StringBuilder sb = new StringBuilder();
for (byte digestByte : digestBytes) {
sb.append(((Integer.toHexString((digestByte & amp; 0xFF) | 0x100)).substring(1, 3)).toUpperCase());
sb.append(":");
}
fingerprint = sb.substring(0, sb.length() - 1).toString();
}
} catch (Exception e) {
Log.e("e", e.toString());
}
return fingerprint;
}
}
Just call the above String md5=AppSigning.getMD5(MainActivity.this)