通过创建coardov 插件的方式获取自身APK的sha值 上传到服务器与程序发布时的sha值进行对比,已完成完整性校验
插件源码如下:
package cordova.plugin.getApksSha;
import javafx.scene.control.Alert;
import org.apache.cordova.CordovaPlugin;
import org.apache.cordova.CallbackContext;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import android.content.Context;
import java.io.File;
import java.io.FileInputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
/**
* This class echoes a string called from JavaScript.
*/
public class getApksSha extends CordovaPlugin {
@Override
public boolean execute(String action, JSONArray args, CallbackContext callbackContext) throws JSONException {
if (action.equals("coolMethod")) {
String message = args.getString(0);
this.coolMethod(message, callbackContext);
return true;
}else if(action.equals("apkShaCheck")){
this.apkShaCheck(callbackContext);
return true;
}
return false;
}
private void coolMethod(String message, CallbackContext callbackContext) {
if (message != null && message.length() > 0) {
callbackContext.success(message);
} else {
callbackContext.error("Expected one non-empty string argument.");
}
}
private void apkShaCheck(CallbackContext callbackContext) {
MessageDigest msgDigest = null;
try {
msgDigest = MessageDigest.getInstance("SHA-1");
byte[] bytes = new byte[1024];
int byteCount;
String apkPath = this.cordova.getActivity().getApplicationContext().getPackageCodePath();
FileInputStream fis = new FileInputStream(new File(apkPath));
while ((byteCount = fis.read(bytes)) > 0) {
msgDigest.update(bytes, 0, byteCount);
}
BigInteger bi = new BigInteger(1, msgDigest.digest());
String sha = bi.toString(16);
fis.close();
// 这里添加从服务器中获取哈希值然后进行对比校验
callbackContext.success(sha);
} catch (Exception e) {
e.printStackTrace();
}
}
}
ionic 调用插件如下:
先安装插件 》 安装命令 cordova plugin add 插件本地真实地址\getApksSha
业务类进行调用插件》
declare let cordova: any;
cordova.plugins.getApksSha.apkShaCheck(0,result => {
if (result != '' && result != null && result != undefined) {
alert(result);
}
});
服务器端对获取到的值进行验证,根据个人情况在服务端完成。