Signer of midlet suites, Midlet attributes used in signing midlet suites, Creating the signing certificate – Motorola HANDSET C381P User Manual
Page 118
31
MIDP 2.0 Security Model
118
operator, or certificate authority. Only root certificates stored on the handset will be
supported by the Motorola C381p handset.
Signer of MIDlet Suites
The signer of a MIDlet suite can be the developer or an outside party that is responsible
for distributing, supporting, or the billing of the MIDlet suite. The signer will have a public
key infrastructure and the certificate will be validated to one of the protection domain root
certificates on the handset. The public key is used to verify the signature of JAR on the
MIDlet suite, while the public key is provided as a x.509 certificate included in the
application descriptor (JAD).
MIDlet Attributes Used in Signing MIDlet Suites
Attributes defined within the manifest of the JAR are protected by the signature. Attributes
defined within the JAD are not protected or secured. Attributes that appear in the manifest
(JAR file) will not be overridden by a different value in the JAD for all trusted MIDlets. If a
MIDlet suite is to be trusted, the value in the JAD will equal the value of the corresponding
attribute in the manifest (JAR file), if not, the MIDlet suite will not be installed.
The attributes MIDlet-Permissions (-Opt) are ignored for unsigned MIDlet suites. The
untrusted domain policy is consistently applied to the untrusted applications. It is legal for
these attributes to exist only in JAD, only in the manifest, or in both locations. If these
attributes are in both the JAD and the manifest, they will be identical. If the permissions
requested in the JAD are different than those requested in the manifest, the installation
must be rejected.
Methods:
1. MIDlet.getAppProperty will return the attribute value from the manifest (JAR) if
one id defined. If an attribute value is not defined, the attribute value will return
from the application descriptor (JAD) if present.
Creating the Signing Certificate
The signer of the certificate will be made aware of the authorization policy for the handset and contact the
appropriate certificate authority. The signer can then send its distinguished name (DN) and public key in the
form of a certificate request to the certificate authority used by the handset. The CA will create a x.509
(version 3) certificate and return to the signer. If multiple CAs are used, all signer certificates in the JAD will
have the same public key.