Last active
September 28, 2018 04:47
-
-
Save aimore/6685fc3a2485e000a3914bf641bc85f2 to your computer and use it in GitHub Desktop.
Android signature security validation for Xamarin.Android
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public bool ValidateAppSignature(Android.Content.Context context) | |
| { | |
| PackageInfo packageInfo = context.PackageManager.GetPackageInfo(context.PackageName, PackageInfoFlags.Signatures); | |
| //note sample just checks the first signature | |
| foreach (Signature signature in packageInfo.Signatures) { | |
| // SHA1 the signature | |
| String sha1 = GetSHA1(signature.ToByteArray()); | |
| // check is matches hardcoded value | |
| return APP_SIGNATURE.Equals(sha1); | |
| } | |
| //computed the sha1 hash of the signature | |
| public static String GetSHA1(byte[] sig) | |
| { | |
| Java.Security.MessageDigest digest = Java.Security.MessageDigest.GetInstance("SHA1", "BC"); | |
| digest.Update(sig); | |
| byte[] hashtext = digest.Digest(); | |
| return BytesToHex(hashtext); | |
| } | |
| //util method to convert byte array to hex string | |
| public static String BytesToHex(byte[] bytes) | |
| { | |
| char[] hexArray = { '0', '1', '2', '3', '4', '5', '6', '7', '8', | |
| '9', 'A', 'B', 'C', 'D', 'E', 'F' }; | |
| char[] hexChars = new char[bytes.Length * 2]; | |
| int v; | |
| for (int j = 0; j < bytes.Length; j++) | |
| { | |
| v = bytes[j] & 0xFF; | |
| hexChars[j * 2] = hexArray[(int)((uint)v >> 4)]; | |
| hexChars[j * 2 + 1] = hexArray[v & 0x0F]; | |
| } | |
| return new String(hexChars); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment