Menu
Im trying to share content to Facebook in my Android app and I need a Key Hash... but I can't view the HashKey on my logcat because GET_SIGNATURES is deprecated... Are there any ways to view my hashkey?
Here is the code
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
printhashkey();
}
public void printhashkey(){
try {
PackageInfo info = getPackageManager().getPackageInfo(
"com.capstone.facebookshare",
PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.d("KeyHash:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
} catch (PackageManager.NameNotFoundException e) {
} catch (NoSuchAlgorithmException e) {
}
}
}
493
Use PackageManager.GET_SIGNING_CERTIFICATES for API 28.
154
Get package signatures:
private static List<String> getSignatures(@NonNull PackageManager pm, @NonNull String packageName) {
try {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES);
if (packageInfo == null
|| packageInfo.signingInfo == null) {
return null;
}
if(packageInfo.signingInfo.hasMultipleSigners()){
return signatureDigest(packageInfo.signingInfo.getApkContentsSigners());
}
else{
return signatureDigest(packageInfo.signingInfo.getSigningCertificateHistory());
}
}
else {
@SuppressLint("PackageManagerGetSignatures")
PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
if (packageInfo == null
|| packageInfo.signatures == null
|| packageInfo.signatures.length == 0
|| packageInfo.signatures[0] == null) {
return null;
}
return signatureDigest(packageInfo.signatures);
}
} catch (PackageManager.NameNotFoundException e) {
return null;
}
}
Convert signatures to list of hex strings:
private static String signatureDigest(Signature sig) {
byte[] signature = sig.toByteArray();
try {
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] digest = md.digest(signature);
return BaseEncoding.base16().lowerCase().encode(digest);
} catch (NoSuchAlgorithmException e) {
return null;
}
}
private static List<String> signatureDigest(Signature[] sigList) {
List<String> signaturesList= new ArrayList<>();
for (Signature signature: sigList) {
if(signature!=null) {
signaturesList.add(signatureDigest(signature));
}
}
return signturesList;
}
Compare package signatures with your whitelist:
private static boolean verifyAppSignature(Context context) {
//you should load approvedSignatures from a secure place not plain text
List<String> approvedSignatures = new ArrayList<>();
approvedSignatures.add("Your whitelist #1");
approvedSignatures.add("Your whitelist #2");
List<String> currentSignatures = getSignatures(context.getPackageManager(), context.getPackageName());
if(currentSignatures!=null && currentSignatures.size()>0) {
//first checking if no unapproved signatures exist
for (String signatureHex : currentSignatures) {
if (!approvedSignatures.contains(signatureHex)) {
return false;
}
}
//now checking if any of approved signatures exist
for (String signatureHex : currentSignatures) {
if (approvedSignatures.contains(signatureHex)) {
return true;
}
}
}
return false;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
