Not sure what you are needing to do but I have some example code which gets the certificate from a package and prints the details. It uses PackageManager.GET_SIGNATURES as already mentioned by someone. I put it up in case it helps: http://thomascannon.net/misc/android_apk_certificate/
-- Thomas. On Tue, Sep 6, 2011 at 6:01 PM, palj <[email protected]> wrote: > BGraversen <brian <at> digital-identity.dk> writes: > > > > > Hi. > > > > My goal is to access the certificate that was used to sign the apk > > package; and ordinarily, I would do that from inside the program like > > this > > > > Certificates[] signingCertificates = > > getClass().getProtectionDomain().getCodeSource().getCertificates(); > > > > Unfortunatly it appers that getProtectionDomain() returns null on > > android - according to the specs > > > > > > http://developer.android.com/reference/java/lang/Class.html#getProtectionDomain% > 28%29 > > > > this method might return null (to converse space?), but only for > > system classes. Since I'm calling this from one of my own classes, I > > would expect to get a non-null value, but unfortunatly not :( > > > > I have tried from the emulator, and from an application deployed on my > > phone using adb through a USB cable. I'm using the latest SDK (2.2) > > and targetting android 1.6. > > > > So I guess I have two questions, the first being: why does > > getProtectionDomain return null, and have anyone had any success using > > this method from inside an android application. > > > > And the second: Is there some other way to access the certificate that > > a given apk package was signed with (I can live with the restriction > > that only a given package can know its own certificate). > > > > Kind regards > > Brian Graversen > > > > Have you found the answer? I am doing something like following and getting > null > from getCertificates: > Vector<JarEntry> entriesVec = new Vector<JarEntry>(); > > > // Ensure all the entries' signatures verify correctly > byte[] buffer = new byte[8192]; > Enumeration entries = jarFile.entries(); > > while (entries.hasMoreElements()) { > JarEntry je = (JarEntry) entries.nextElement(); > > // Skip directories. > if (je.isDirectory()) continue; > entriesVec.addElement(je); > InputStream is = jarFile.getInputStream(je); > > // Read in each jar entry. A security exception will > // be thrown if a signature/digest check fails. > int n; > while ((n = is.read(buffer, 0, buffer.length)) != -1) { > // Don't care > } > is.close(); > } > > // Get the list of signer certificates > Enumeration e = entriesVec.elements(); > > while (e.hasMoreElements()) { > JarEntry je = (JarEntry) e.nextElement(); > > // Every file must be signed except files in META-INF. > Certificate[] certs = (Certificate[]) je.getCertificates(); > if ((certs == null) || (certs.length == 0)) { > if (!je.getName().startsWith("META-INF")) > throw new SecurityException("The provider " + > "has unsigned " + > "class files."); > } else { > // Check whether the file is signed by the expected > // signer. The jar may be signed by multiple signers. > // See if one of the signers is 'targetCert'. > int startIndex = 0; > X509Certificate[] certChain; > boolean signedAsExpected = false; > > while ((certChain = getAChain(certs, startIndex)) != > null) { > if (certChain[0].equals(targetCert)) { > // Stop since one trusted signer is found. > signedAsExpected = true; > break; > } > // Proceed to the next chain. > startIndex += certChain.length; > } > > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
