After looking to Package.java, I found the answer and think that it's
somewhat funny. The collection that is called 'signatures' and is
returned by
pm.getPackageInfo(info.packageName,PackageManager.GET_SIGNATURES).signatures
is actually an array of public X.509 certificates encoded to DER, I've
realized that after looking to Package.java. I think, it's very
confusing. Could you call that 'ceritificates' instead and return
Certificate[] array instead of Signature[] array?
Anyway, for those who is curious, this is how you can get a signer's
identity:
Signature [] signs = pm.getPackageInfo(info.packageName,
PackageManager.GET_SIGNATURES).signatures;
if (signs != null) {
for (Signature sign : signs) {
if (sign != null) {
X509Certificate cert = createCert(sign.toByteArray());
String dn = (cert == null?"<NULL>":cert.getIssuerDN());
}
}
}
public static X509Certificate createCert (byte [] bytes) {
X509Certificate cert = null;
try {
cert = X509Certificate.getInstance(bytes);
}
catch (javax.security.cert.CertificateException e) {
Log.d("...");
}
return cert;
}
I've tested it for 'android' package and got this in emulator:
CN=Android Debug, O=Android, C=US
so it's certificates, indeed, not signatures.
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
