preyearegmi
6 years ago
5 changed files with 106 additions and 7 deletions
-
BIN.idea/caches/build_file_checksums.ser
-
BIN.idea/caches/gradle_models.ser
-
18app/src/main/java/com/gmeremit/online/gmeremittance_native/base/BaseActivity.java
-
26app/src/main/java/com/gmeremit/online/gmeremittance_native/splash_screen/view/SplashScreen.java
-
69app/src/main/java/com/gmeremit/online/gmeremittance_native/utils/security/SignatureCheck.java
@ -0,0 +1,69 @@ |
|||
package com.gmeremit.online.gmeremittance_native.utils.security; |
|||
|
|||
import android.content.Context; |
|||
import android.content.pm.PackageInfo; |
|||
import android.content.pm.PackageManager; |
|||
|
|||
import java.security.MessageDigest; |
|||
import java.security.NoSuchAlgorithmException; |
|||
import java.security.NoSuchProviderException; |
|||
|
|||
import android.content.pm.PackageManager.NameNotFoundException; |
|||
import android.content.pm.Signature; |
|||
import android.util.Log; |
|||
|
|||
|
|||
public class SignatureCheck { |
|||
|
|||
//we store the hash of the signture for a little more protection |
|||
private static final String APP_SIGNATURE = "A4BB8351A51F950F74CF6B42A6C5C90971C2B36A"; |
|||
|
|||
/** |
|||
* Query the signature for this application to detect whether it matches the |
|||
* signature of the real developer. If it doesn't the app must have been |
|||
* resigned, which indicates it may been tampered with. |
|||
* |
|||
* @param context |
|||
* @return true if the app's signature matches the expected signature. |
|||
* @throws NameNotFoundException |
|||
*/ |
|||
public boolean validateAppSignature(Context context) throws Exception { |
|||
|
|||
PackageInfo packageInfo = context.getPackageManager().getPackageInfo( |
|||
context.getPackageName(), PackageManager.GET_SIGNATURES); |
|||
//note sample just checks the first signature |
|||
for (Signature signature : packageInfo.signatures) { |
|||
// SHA1 the signature |
|||
|
|||
String sha1 = getSHA1(signature.toByteArray()); |
|||
// check is matches hardcoded value |
|||
Log.d("SignatureHash","Sha: "+sha1); |
|||
return APP_SIGNATURE.equals(sha1); |
|||
} |
|||
|
|||
return false; |
|||
} |
|||
|
|||
//computed the sha1 hash of the signature |
|||
public static String getSHA1(byte[] sig) throws NoSuchProviderException, NoSuchAlgorithmException { |
|||
MessageDigest digest = MessageDigest.getInstance("SHA1"); |
|||
digest.update(sig); |
|||
byte[] hashtext = digest.digest(); |
|||
return bytesToHex(hashtext); |
|||
} |
|||
|
|||
//util method to convert byte array to hex string |
|||
public static String bytesToHex(byte[] bytes) { |
|||
final char[] hexArray = { '0', '1', '2', '3', '4', '5', '6', '7', '8', |
|||
'9', 'A', 'B', 'C', 'D', 'E', 'F' }; |
|||
char[] hexChars = new char[bytes.length * 2]; |
|||
int v; |
|||
for (int j = 0; j < bytes.length; j++) { |
|||
v = bytes[j] & 0xFF; |
|||
hexChars[j * 2] = hexArray[v >>> 4]; |
|||
hexChars[j * 2 + 1] = hexArray[v & 0x0F]; |
|||
} |
|||
return new String(hexChars); |
|||
} |
|||
|
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue