前言
上一篇文章,我们讲到MD5参数加密,这次我们进一步延申,先验证app签名再进行参数加密,一切为了安全
Java层获取签名
PackageInfo packageInfo = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES);
Signature[] signatures = packageInfo.signatures;
return signatures[0].toCharsString();
NDK层其实就是调的Java层API,但是要实现这短短的三行,NDK层要写很多行,废话不多说,上代码
NDK层实现
extern "C"
JNIEXPORT void JNICALL
Java_com_ygq_ndk_signature_NativeLib_signatureVerify(JNIEnv *env, jobject type, jobject context) {
//查看android sdk类方法签名
//javap -classpath D:\programs\Android\Sdk\platforms\android-34\android.jar -s android.content.Context
//getPackageName
jclass j_class = env->GetObjectClass(context);
jmethodID j_mid = env->GetMethodID(j_class, "getPackageName", "()Ljava/lang/String;");
jstring j_package_name = (jstring) env->CallObjectMethod(context, j_mid);
const char *package_name_str = env->GetStringUTFChars(j_package_name, NULL);
if (strcmp(package_name_str, PACKAGE_NAME) != 0) {
LOGE("package name verify fail");
return;
}
//getPackageManager
j_mid = env->GetMethodID(j_class, "getPackageManager", "()Landroid/content/pm/PackageManager;");
jobject pm = env->CallObjectMethod(context, j_mid);
j_class = env->GetObjectClass(pm);
//getPackageInfo PackageManager.GET_SIGNATURES 0x00000040 十进制是64
j_mid = env->GetMethodID(j_class, "getPackageInfo", "(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;");
jobject package_info = env->CallObjectMethod(pm, j_mid, j_package_name, 0x00000040);
env->ReleaseStringUTFChars(j_package_name,package_name_str);
env->DeleteLocalRef(j_package_name);
env->DeleteLocalRef(pm);
//获取变量signatures
j_class = env->GetObjectClass(package_info);
jfieldID j_fid = env->GetFieldID(j_class, "signatures", "[Landroid/content/pm/Signature;");
jobjectArray signatures_array = (jobjectArray) env->GetObjectField(package_info, j_fid);
env->DeleteLocalRef(package_info);
//获取signatures[0]
jobject signature_obj = env->GetObjectArrayElement(signatures_array, 0);
env->DeleteLocalRef(signatures_array);
//调用Signature的toCharsString
j_class = env->GetObjectClass(signature_obj);
j_mid = env->GetMethodID(j_class, "toCharsString", "()Ljava/lang/String;");
env->DeleteLocalRef(j_class);
jstring signature_jstr = (jstring) env->CallObjectMethod(signature_obj, j_mid);
env->DeleteLocalRef(signature_obj);
const char *signature_str = (char *) env->GetStringUTFChars(signature_jstr, NULL);
if (strcmp(signature_str, APP_SIGNATURE) != 0) {
LOGE("app signature fail");
return;
}
env->ReleaseStringUTFChars(signature_jstr,signature_str);
env->DeleteLocalRef(signature_jstr);
is_verify = 1;
LOGI("app signature success");
}
NDK层的代码最需要注意的是内存泄漏,所以手动申请的变量和对象都需要手动删除,毕竟Local Reference数量也是有限的(在Android中默认最大容量是512个),且用且珍惜。
可以参考以下文章,熟悉哪些情况下需要手动释放内存
https://blog.csdn.net/qq_19734597/article/details/101459696
配合MD5校验
extern "C"
JNIEXPORT jstring JNICALL
Java_com_ygq_ndk_signature_NativeLib_signatureParams(JNIEnv *env, jobject type, jstring params_) {
if (is_verify == 0) {
return env->NewStringUTF("error signature");
}
const char *params = env->GetStringUTFChars(params_, NULL);
//添加自定义的字段
string signature_str(params);
signature_str.insert(0, MD5_KEY);
signature_str = signature_str.substr(0, signature_str.length() - 2);
LOGI("signature_str:%s", signature_str.c_str());
//md5加密
MD5_CTX md5_ctx;
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, (unsigned char *) signature_str.c_str(), signature_str.length());
unsigned char dest[16] = {0};
MD5Final(dest, &md5_ctx);
env->ReleaseStringUTFChars(params_, params);
char md5_str[33] = {0};
for (int i = 0; i < 16; i++) {
// 最终生成 32 位 ,不足前面补一位 0
sprintf(md5_str, "%s%02x", md5_str, dest[i]);
}
return env->NewStringUTF(md5_str);
}
