Java ME Developer Guide

Chapter 8 - MIDP 2.0 Security Model

and validated.

ture verification.

Table 17 Actions performed of signer certificate verification

8.19 Verifying the MIDlet Suite JAR

The following are the steps taken to verify the MIDlet suite JAR:

1.Get the public key from the verified signer certificate.

2.Get the MIDlet-JAR-RSA-SHA1 attribute from the JAD.

3.Decode the attribute value from base64 yielding a PKCS #1 signature, and refer to RFC 2437 for more detail.

4.Use the signer's public key, signature, and SHA-1 digest of JAR to verify the signature. If the signature verification fails, reject the JAD and MIDlet suite. The MIDlet suite will not be installed or allow MIDlets from the MIDlet suite to be invoked as shown in Table 17

5.Once the certificate, signature, and JAR have been verified, the MIDlet suite is known to be trusted and will be installed (authentication process will be performed during installation).

Table 18 is a summary of MIDlet suite verification including dialog prompts:

Initial State

Verification Result

JAD not present, JAR

Authentication can not be performed, will install JAR.

downloaded

MIDlet suite is treated as untrusted. The following error

 

prompt will be shown, "Application installed, but may

 

have limited functionality."

JAD present, but JAR is un-

Authentication can not be performed, will install JAR.

signed

MIDlet suite is treated as untrusted. The following error

 

prompt will be shown, "Application installed, but may

 

have limited functionality."

JAR signed but no root cer-

Authentication can not be performed. JAR installation

tificate present in the key-

will not be allowed. The following error prompt will be

store to validate the certi-

shown, "Root certificate missing. Application not in-

ficate chain

stalled."

JAR signed, a certificate on

Authentication can not be completed. JAR installation

the path is expired

will not be allowed. The following error prompt will be

 

shown, "Expired Certificate. Application not installed."

JAR signed, a certificate re-

JAD rejected, JAR installation will not be allowed. The

jected for reasons other

following error prompt will be shown, "Authentication

than expiration

Error. Application not installed."

JAR signed, certificate path

JAD rejected, JAR installation will not be allowed. The

validated but signature

following error prompt will be shown, "Authentication

DRAFT - Subject to Change [62/201]

Page 62
Image 62
Motorola maxx V6 manual Verifying the MIDlet Suite JAR, Draft Subject to Change 62/201, Initial State Verification Result