ed-george · October 29, 2025 09:47
diff --git a/AppSignatureUtil.kt b/AppSignatureUtil.kt
 /*
 Copyright 2025 Ed Holloway-George • spght.dev

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */

 package dev.spght.example

 import android.content.Context
 import android.content.pm.PackageManager
 import android.content.pm.Signature
 import android.os.Build
 import androidx.annotation.RequiresApi
 import dev.spght.example.AppSignatureUtil.Algorithm.*
 import java.security.MessageDigest
 import java.security.NoSuchAlgorithmException

 /**
 * This class can be used to aid verification of application signatures
 *
 * @author Ed Holloway-George
 */
 @OptIn(ExperimentalStdlibApi::class)
 object AppSignatureUtil {

    enum class Algorithm(private val algorithm: String) {
        SHA1("SHA1"),
        SHA256("SHA256"),
        MD5("MD5"),
    }

    private fun Context.getPackageInfo(permission: Int) =
        packageManager.getPackageInfo(packageName, permission)

    /**
     * Returns the signing certificates used to sign the APK of this application
     *
     * See [SigningInfo documentation](https://developer.android.com/reference/android/content/pm/SigningInfo)
     */
    fun getCertificateSignatures(
        context: Context
    ): List<Signature> {
        return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
            signaturesApi28(context)
        } else {
            signaturesLegacy(context)
        }
    }

    /**
     * Returns formatted fingerprint strings for the signing certificates
     * used to sign the APK of this application
     *
     * See [SigningInfo documentation](https://developer.android.com/reference/android/content/pm/SigningInfo)
     *
     * @param algorithm The associated [Algorithm] to use to fingerprint certificates
     *
     */
    fun getCertificateSignatureStrings(
        context: Context,
        algorithm: Algorithm
    ): List<String> {
        val signatures = getCertificateSignatures(context)
        return signatures.map(Signature::toByteArray)
            .mapNotNull { bytes ->
                when (algorithm) {
                    SHA1 -> bytes.toSHA1String()
                    SHA256 -> bytes.toSHA256String()
                    MD5 -> bytes.toMD5String()
                }
            }
    }

    @RequiresApi(Build.VERSION_CODES.P)
    private fun signaturesApi28(context: Context): List<Signature> {
        val packageInfo = context.getPackageInfo(PackageManager.GET_SIGNING_CERTIFICATES)
        val signingInfo = packageInfo.signingInfo
        return if (signingInfo?.hasMultipleSigners() == true) {
            signingInfo.apkContentsSigners.toList()
        } else {
            signingInfo?.signingCertificateHistory?.toList().orEmpty()
        }
    }

    private fun signaturesLegacy(context: Context): List<Signature> {
        return context
            .getPackageInfo(PackageManager.GET_SIGNATURES)
            ?.signatures
            ?.toList()
            .orEmpty()
    }

    private fun ByteArray.toSHA1String(): String? = toAlgorithmString("SHA1")
    private fun ByteArray.toSHA256String(): String? = toAlgorithmString("SHA256")
    private fun ByteArray.toMD5String(): String? = toAlgorithmString("MD5")

    private fun ByteArray.toAlgorithmString(algorithm: String): String? = try {
        val digest = MessageDigest.getInstance(algorithm).apply { update(this@toAlgorithmString) }
        digest.digest().toHexString(hexFormat)
    } catch (exception: NoSuchAlgorithmException) {
        exception.printStackTrace()
        null
    }

    // Note: This is a experimental API and may change in future
    //       You can replace this with your own hex to string method if needed
    private val hexFormat = HexFormat {
        upperCase = true
        bytes {
            byteSeparator = ":" // One space
            bytePrefix = ""
        }
    }

 }
	/*
	Copyright 2025 Ed Holloway-George • spght.dev

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	*/

	package dev.spght.example

	import android.content.Context
	import android.content.pm.PackageManager
	import android.content.pm.Signature
	import android.os.Build
	import androidx.annotation.RequiresApi
	import dev.spght.example.AppSignatureUtil.Algorithm.*
	import java.security.MessageDigest
	import java.security.NoSuchAlgorithmException

	/**
	* This class can be used to aid verification of application signatures
	*
	* @author Ed Holloway-George
	*/
	@OptIn(ExperimentalStdlibApi::class)
	object AppSignatureUtil {

	enum class Algorithm(private val algorithm: String) {
	SHA1("SHA1"),
	SHA256("SHA256"),
	MD5("MD5"),
	}

	private fun Context.getPackageInfo(permission: Int) =
	packageManager.getPackageInfo(packageName, permission)

	/**
	* Returns the signing certificates used to sign the APK of this application
	*
	* See [SigningInfo documentation](https://developer.android.com/reference/android/content/pm/SigningInfo)
	*/
	fun getCertificateSignatures(
	context: Context
	): List<Signature> {
	return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
	signaturesApi28(context)
	} else {
	signaturesLegacy(context)
	}
	}

	/**
	* Returns formatted fingerprint strings for the signing certificates
	* used to sign the APK of this application
	*
	* See [SigningInfo documentation](https://developer.android.com/reference/android/content/pm/SigningInfo)
	*
	* @param algorithm The associated [Algorithm] to use to fingerprint certificates
	*
	*/
	fun getCertificateSignatureStrings(
	context: Context,
	algorithm: Algorithm
	): List<String> {
	val signatures = getCertificateSignatures(context)
	return signatures.map(Signature::toByteArray)
	.mapNotNull { bytes ->
	when (algorithm) {
	SHA1 -> bytes.toSHA1String()
	SHA256 -> bytes.toSHA256String()
	MD5 -> bytes.toMD5String()
	}
	}
	}

	@RequiresApi(Build.VERSION_CODES.P)
	private fun signaturesApi28(context: Context): List<Signature> {
	val packageInfo = context.getPackageInfo(PackageManager.GET_SIGNING_CERTIFICATES)
	val signingInfo = packageInfo.signingInfo
	return if (signingInfo?.hasMultipleSigners() == true) {
	signingInfo.apkContentsSigners.toList()
	} else {
	signingInfo?.signingCertificateHistory?.toList().orEmpty()
	}
	}

	private fun signaturesLegacy(context: Context): List<Signature> {
	return context
	.getPackageInfo(PackageManager.GET_SIGNATURES)
	?.signatures
	?.toList()
	.orEmpty()
	}

	private fun ByteArray.toSHA1String(): String? = toAlgorithmString("SHA1")
	private fun ByteArray.toSHA256String(): String? = toAlgorithmString("SHA256")
	private fun ByteArray.toMD5String(): String? = toAlgorithmString("MD5")

	private fun ByteArray.toAlgorithmString(algorithm: String): String? = try {
	val digest = MessageDigest.getInstance(algorithm).apply { update(this@toAlgorithmString) }
	digest.digest().toHexString(hexFormat)
	} catch (exception: NoSuchAlgorithmException) {
	exception.printStackTrace()
	null
	}

	// Note: This is a experimental API and may change in future
	// You can replace this with your own hex to string method if needed
	private val hexFormat = HexFormat {
	upperCase = true
	bytes {
	byteSeparator = ":" // One space
	bytePrefix = ""
	}
	}

	}
No results found