zoukankan      html  css  js  c++  java
  • APP获取证书签名指纹

    Android:

        public static String getSignatureSHA1(Context context) {
            String sign = null;
            try {
                // 通过包管理器获得指定包名包含签名的包信息
                @SuppressLint("PackageManagerGetSignatures")
                PackageInfo packageInfo = context.getPackageManager()
                        .getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES);
                // 通过返回的包信息获得签名数组
                Signature[] signatures = packageInfo.signatures;
                sign = getSHA1FromSignature(signatures[0].toByteArray());
            } catch (PackageManager.NameNotFoundException e) {
                e.printStackTrace();
            }
    
            return sign;
        }

    iOS:

    + (NSString *)bundleSeedID {
        NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys:
                               (__bridge id)kSecClassGenericPassword, (__bridge id)kSecClass,
                               @"bundleSeedID", (__bridge id)kSecAttrAccount,
                               @"", (__bridge id)kSecAttrService,
                               (id)kCFBooleanTrue, (__bridge id)kSecReturnAttributes,
                               nil];
        CFDictionaryRef result = nil;
        OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
        if (status == errSecItemNotFound)
            status = SecItemAdd((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
        if (status != errSecSuccess)
            return nil;
        NSString *accessGroup = [(__bridge NSDictionary *)result objectForKey:(__bridge id)kSecAttrAccessGroup];
        NSArray *components = [accessGroup componentsSeparatedByString:@"."];
        NSString *bundleSeedID = [[components objectEnumerator] nextObject];
        CFRelease(result);
        return bundleSeedID;
    }

     关于bundleSeedID,即App ID Prefixes,通俗点是 app id 前缀。可以作为证书的指纹使用,详细请看官方文档:

    https://developer.apple.com/library/archive/technotes/tn2311/_index.html

    服务器通过记录该客服端的值,能够知晓当前app用的是什么证书签名。一定程度上可以避免原始包被改后,使用其它签名运行,至于具体的策略还是要结合多种其它手段。(譬如 bundle id 或是包名的校验,包体加密混淆,防hook的一些策略等)

  • 相关阅读:
    数据库mysql基础语言--各模式的含义
    Linux下判断磁盘是SSD还是HDD的几种方法
    linux解压大全
    RedHat Linux RHEL6配置本地YUM源
    利用ssh传输文件-服务器之间传输文件
    深入理解asp.net里的HttpModule机制
    WPF(一)
    JS中caller和callee
    Vue-Methods中使用Filter
    c#值类型与引用类型区别
  • 原文地址:https://www.cnblogs.com/qiyer/p/10679153.html
Copyright © 2011-2022 走看看