Motorola maxx V6 Verifying the Signer Certificate, Draft Subject to Change 61/201, Result Action

Java ME Developer Guide

Chapter 8 - MIDP 2.0 Security Model

When a MIDlet suite is downloaded, the handset will check the JAD attribute MIDlet- Jar-RSA-SHA1. If this attribute is present, the JAR will be authenticated by verifying the signer certificates and JAR signature as described. MIDlet suites with application descriptors that do not have the attributes previously stated will be installed and in- voked as untrusted. For additional information, refer to the MIDP 2.0 specification.

8.18 Verifying the Signer Certificate

The signer certificate will be found in the application descriptor of the MIDlet suite. The process for verifying a Signer Certificate is outlined in the steps below:

1.Get the certification path for the signer certificate from the JAD attributes MIDlet-Certificate-1<m>, where <m> starts at 1 and is incremented by 1 until there is no attribute with this name. The value of each attribute is a base64 encoded certificate that will need to be decoded and parsed.

2.Validate the certification path using the basic validation process as described in RFC2459 using the protection domains as the source of the protection domain root certificates.

3.Bind the MIDlet suite to the corresponding protection domain that contains the protection domain root certificate that validated the first chain from signer to root.

4.Begin installation of MIDlet suite.

5.If attribute MIDlet-Certificate-<n>-<m> with <n> is greater than 1 are present and full certification path could not be established after verifying MIDlet-Certificate-<1>-<m> certificates, then repeat step 1 through 3 for the value <n> greater by 1 than the previous value.

Table 17 describes actions performed upon completion of signer certificate verifica- tion:

DRAFT - Subject to Change [61/201]