Skip to main content

Signing midlet

14 replies [Last post]
jagtapyb
Offline
Joined: 2007-05-23

I have created small example using JSR 75 file access API.

I am trying to execute that application with phoneME feature.

Each time when application tries to access file system, it is showing me warning.

How can I eliminate those warning?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
hgpimac
Offline
Joined: 2005-06-16

The Sun Java Wireless Toolkit includes four protection domains:
â–  untrusted - Provides a high level of security for applications whose origins and
authenticity cannot be determined. The user is prompted frequently when the
application attempts a sensitive operation.
â–  trusted - All permissions are granted to MIDlets in this domain.
â–  minimum - All permissions are denied to MIDlets in this domain.
â–  maximum - All permissions are granted to MIDlets in this domain (equivalent to
trusted.).
When you press the Run button to run your application in the emulator, your code
runs in the untrusted protection domain by default.

To choose the security policy you want the emulator to use, select Edit > Preferences
and select Security in the Category list. From the Security Policy combo box, choose
either MSA or JTWI. Select one of the available security policies.

jagtapyb
Offline
Joined: 2007-05-23

Please note I dont want to do this on WTK emulator.

alexey_z
Offline
Joined: 2006-10-18

Everything seems to be correct...
What command do you use to install the midlet?
Please try:
./installMidlet http://172.18.5.120:8080/axis/Jsr75FileAccess_New1.jad

If it still doesn't work, please ensure that the key was successfully imported into _main.ks:

java -jar ./bin/i386/MEKeyTool.jar -list -MEkeystore ./appdb/_main.ks

jagtapyb
Offline
Joined: 2007-05-23

Yes, I have verified it, entry is added in _main.ks but still it is giving me security warnings.

Is their any alternative to avoid security warnings other than this?

alexey_z
Offline
Joined: 2006-10-18

"-inputjad Jsr75FileAccess.jad -outputjad Jsr75FileAccess_New.jad" options in the following commands are incorrect:

java -jar ./bin/i386/JadTool.jar -addcert -alias operator -keystore keystore.sks -storepass password -inputjad Jsr75FileAccess.jad -outputjad Jsr75FileAccess_New.jad

java -jar ./bin/i386/JadTool.jar -addjarsig -alias operator -keystore keystore.sks -storepass password -keypass password -inputjad Jsr75FileAccess.jad -outputjad Jsr75FileAccess_New.jad

The first command generates a new jad file (Jsr75FileAccess_New.jad) and the second overwrites it! The last command should be:

java -jar ./bin/i386/JadTool.jar -addjarsig -alias operator -keystore keystore.sks -storepass password -keypass password -inputjad Jsr75FileAccess_New.jad -outputjad Jsr75FileAccess_New1.jad

Then Jsr75FileAccess_New1.jad should be used during the installation.

Actually, the name of the output jad may be the same as the name of the input jad but this may cause loss of the original jad file in case of any error.

jagtapyb
Offline
Joined: 2007-05-23

Did the same.....
but still getting warnings...

I am installing midlet using install midlet utility....

while installing it is showing me warning that its untrusted midlet. And while executing it is showing me warnings.
Here are detailed steps.
Let me know if I am wrong somewhere

keytool -genkey -alias operator -keyalg RSA -storepass password -keypass password -keystore keystore.sks
What is your first and last name?
[Unknown]: manufacturer
What is the name of your organizational unit?
[Unknown]: Development
What is the name of your organization?
[Unknown]: XYZ
What is the name of your City or Locality?
[Unknown]: Pune
What is the name of your State or Province?
[Unknown]: MH
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=manufacturer, OU=Development, O=XYZ, L=Pune, ST=MH, C=IN correct?
[no]: yes

[sbox-X86-DEV-GLIBC: ~/Testing/Outputi386/midp] > java -jar ./bin/i386/MEKeyTool.jar -import -alias operator -keystore keystore.sks -storepass password -domain manufacturer
[sbox-X86-DEV-GLIBC: ~/Testing/Outputi386/midp] > java -jar ./bin/i386/JadTool.jar -addcert -alias operator -keystore keystore.sks -storepass password -inputjad Jsr75FileAccess.jad -outputjad Jsr75FileAccess_New.jad
[sbox-X86-DEV-GLIBC: ~/Testing/Outputi386/midp] > java -jar ./bin/i386/JadTool.jar -addjarsig -alias operator -keystore keystore.sks -storepass password -keypass password -inputjad Jsr75FileAccess_New.jad -outputjad Jsr75FileAccess_New1.jad

After doing above changes. Contents of Jsr75FileAccess_New1.jad are as follows

MIDlet-1: Jsr75FileAccess, Jsr75FileAccess.png, DisplayScreen
MIDlet-Jar-Size: 26323
MIDlet-Jar-URL: http://172.18.5.120:8080/axis/Jsr75FileAccess.jar
MIDlet-Name: Jsr75FileAccess
MIDlet-Permissions: javax.microedition.io.Connector.file.read,javax.microedition.io.Connector.file.write,javax.microedition.io.Connector.comm,javax.microedition.io.Connector.http,javax.microedition.io.Connector.https,javax.microedition.pim.ContactList.read,javax.microedition.pim.ContactList.write,javax.microedition.pim.EventList.read,javax.microedition.pim.EventList.write,javax.microedition.pim.ToDoList.read,javax.microedition.pim.ToDoList.write,javax.microedition.io.Connector.sms,javax.microedition.io.Connector.cbs,javax.microedition.io.Connector.mms,javax.microedition.io.Connector.ssl,javax.microedition.io.Connector.datagram,javax.microedition.io.Connector.serversocket,javax.microedition.io.Connector.datagramreceiver,javax.microedition.io.Connector.obex.client.tcp,javax.microedition.io.Connector.obex.server.tcp,javax.microedition.io.Connector.bluetooth.client,javax.microedition.io.Connector.bluetooth.server,javax.microedition.io.Connector.socket
MIDlet-Permissions-Opt: javax.wireless.messaging.sms.receive,javax.wireless.messaging.sms.send,javax.wireless.messaging.cbs.receive,javax.wireless.messaging.mms.receive,javax.wireless.messaging.mms.send
MIDlet-Vendor: XYZ
MIDlet-Version: 1.0
MicroEdition-Configuration: CLDC-1.0
MicroEdition-Profile: MIDP-2.0
MIDlet-Certificate-1-1: MIICRDCCAa0CBEa2vKMwDQYJKoZIhvcNAQEEBQAwaTELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAk1IMQ0wCwYDVQQHEwRQdW5lMREwDwYDVQQKEwhDZWx1bml0ZTEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFTATBgNVBAMTDG1hbnVmYWN0dXJlcjAeFw0wNzA4MDYwNjE2MDNaFw0wNzExMDQwNjE2MDNaMGkxCzAJBgNVBAYTAklOMQswCQYDVQQIEwJNSDENMAsGA1UEBxMEUHVuZTERMA8GA1UEChMIQ2VsdW5pdGUxFDASBgNVBAsTC0RldmVsb3BtZW50MRUwEwYDVQQDEwxtYW51ZmFjdHVyZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALpQA+F0bUJ/TagdzG0LE3Ka3eIe75IHEZOvEV+Mq7fPRvbivyjifTF+7YHL0sPFE7A0zfPwcjrSFmtMLy9ZnsPfGuOr8QLMyYg+xBomLkONx+ChQA/tJZ8YApRugPqH6e+sIgPdmCVqgndR9fidcyVhax6YfGq52r62lM4GoVR1AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEArzBzUqj/Ng/cBbhSQwPcDJN5NkGJlaqSRCLGx12kpyDXgbbNGsGoxO//9BYIAJ5ehbhESS3ra/05r2ZGLS32PbIESNZenyUkuj95cYWFhAnyWdn+4otKPq0COc6BkiYEQaPmLLcG/YKKaFEqZhlzlpHUeCfDw6x2PMMfG1Cc98w=
MIDlet-Jar-RSA-SHA1: pLReVeIJMT9WuVACzQQNMeL7DValFeVnz3wZQ/LTL0rnekmnKLi6y637auTmrt80phRvgMdESdl3ANz5T6Wxge+zFvtG4YI38VjO8DwM93iZtJedcu/KoK8AA85b+aEJDwmY8a1y1BfK35XkU7IRWe1npbA4JHff5UGodqXVgRA=

alexey_z
Offline
Joined: 2006-10-18

Please make sure that Jsr75FileAccess.jad contains the following line:
MIDlet-Jar-URL: http://172.18.5.120:8080/axis/Jsr75FileAccess.jar
(but "MIDlet-Jar-URL: Jsr75FileAccess.jar" will not work!).

"-inputjad" and "-outputjad" options need a path to the local file, not "http://something". So the proper command would be:

java -jar ./bin/i386/JadTool.jar -addjarsig -alias operator -keystore keystore.sks -storepass password -keypass password -inputjad Jsr75FileAccess_New.jad -outputjad jsr75FileAccess_New1.jad

jagtapyb
Offline
Joined: 2007-05-23

Thanks for quick reply,

Now, I successfully, added signature to the jad file. I did the following steps

Added MidletURL in jad file.

keytool -genkey -alias operator -keyalg RSA -storepass password -keypass password -keystore keystore.sks

java -jar ./bin/i386/MEKeyTool.jar -import -alias operator -keystore keystore.sks -storepass password -domain manufacturer

java -jar ./bin/i386/JadTool.jar -addcert -alias operator -keystore keystore.sks -storepass password -inputjad Jsr75FileAccess.jad -outputjad Jsr75FileAccess_New.jad

java -jar ./bin/i386/JadTool.jar -addjarsig -alias operator -keystore keystore.sks -storepass password -keypass password -inputjad Jsr75FileAccess.jad -outputjad Jsr75FileAccess_New.jad

All steps performed succsessfully.
While installing application from server in to the phoneME+xoo emulator, I am getting warning that application is untrusted. And when I invoke that application, I am getting security warning each time. I want to eliminate security warnings.

alexey_z
Offline
Joined: 2006-10-18

Right, the key must be in "appdb/main.ks" - this is the default for -MEkeystore option of MEKeyTool (so you should run MEKeyTool.jar from the directory where appdb/ is located).

"-addjarsig failed: java.net.MalformedURLException: no protocol: Jsr75FileAccess.jar" message means that the "MIDlet-Jar-URL:" attribute in the jad file doesn't specify the protocol scheme to access the jar (i.e., it must me "MIDlet-Jar-URL: http://.../" instead of "MIDlet-Jar-URL: ").

In order the installed midlet to be treated as trusted, the domain name should be either "identified" or "operator", or "manufacturer".

jagtapyb
Offline
Joined: 2007-05-23

I tried by adding http:// and file name. But now it is giving me following error.

Command I issued is
java -jar ./bin/i386/JadTool.jar -addjarsig -alias operator -keystore keystore.sks -storepass password -keypass password -inputjad Jsr75FileAccess_New.jad -outputjad http://172.18.5.120:8080/axis/Jsr75FileAccess_New1.jad

Error opening output JAD: http://172.18.5.120:8080/axis/Jsr75FileAccess_New1.jad

I have checked, their are read write permissions on that folder

alexey_z
Offline
Joined: 2006-10-18

Hi,

To import a new certificate, you can use the following command:

java -jar
/MEKeyTool.jar -import -alias -keystore /keystore.sks -storepass
-domain

To sign a midlet suite:

java -jar
/JadTool.jar -addcert -alias -keystore /keystore.sks -storepass
-inputjad -outputjad

java -jar
/JadTool.jar -addjarsig -alias -keystore /keystore.sks -storepass
-keypass
-inputjad -outputjad

Regards,
Alexey

jagtapyb
Offline
Joined: 2007-05-23

Hi Alexey,

Thanks for the reply,

I issued following commands,

keytool -genkey -alias TestCA -keyalg RSA -keystore test

java -jar /home/yogesh/Testing/Outputi386/midp/bin/i386/MEKeyTool.jar -import -alias TestCA -keystore test -storepass changeit -domain XYZ

java -jar /home/yogesh/Testing/Outputi386/midp/bin/i386/JadTool.jar -addcert -alias TestCA -storepass changeit -keystore test -inputjad Jsr75FileAccess.jad -outputjad Jsr75FileAccess_New.jad

java -jar /home/yogesh/Testing/Outputi386/midp/bin/i386/JadTool.jar -addjarsig -alias TestCA -keystore test -storepass changeit -keypass changeit -inputjad Jsr75FileAccess.jad -outputjad Jsr75FileAccess_New.jad

I am getting following exception when I issued fourth command

-addjarsig failed: java.net.MalformedURLException: no protocol: Jsr75FileAccess.jar

jagtapyb
Offline
Joined: 2007-05-23

I guess phoneME uses _main.ks key store file. But by these commands we are not communicating with _main.ks

jagtapyb
Offline
Joined: 2007-05-23

Forgot to mention, I have specified all permissions

MIDlet-Permissions: javax.microedition.io.Connector.file.read,javax.microedition.io.Connector.file.write,javax.microedition.io.Connector.comm,javax.microedition.io.Connector.http,javax.microedition.io.Connector.https,javax.microedition.pim.ContactList.read,javax.microedition.pim.ContactList.write,javax.microedition.pim.EventList.read,javax.microedition.pim.EventList.write,javax.microedition.pim.ToDoList.read,javax.microedition.pim.ToDoList.write,javax.microedition.io.Connector.sms,javax.microedition.io.Connector.cbs,javax.microedition.io.Connector.mms,javax.microedition.io.Connector.ssl,javax.microedition.io.Connector.datagram,javax.microedition.io.Connector.serversocket,javax.microedition.io.Connector.datagramreceiver,javax.microedition.io.Connector.obex.client.tcp,javax.microedition.io.Connector.obex.server.tcp,javax.microedition.io.Connector.bluetooth.client,javax.microedition.io.Connector.bluetooth.server,javax.microedition.io.Connector.socket
MIDlet-Permissions-Opt: javax.wireless.messaging.sms.receive,javax.wireless.messaging.sms.send,javax.wireless.messaging.cbs.receive,javax.wireless.messaging.mms.receive,javax.wireless.messaging.mms.send

To be more presized, I have read it some where that you need to make that application as trusted application, using WTK emulator, I made that application as trusted application. And installed that application. But when I am invoking my application then still it is giving me warning.

After that, I tried to generate a self signed certificate. But now I dont know how to install new root certificate in phoneME.

Currently I am using phoneME with xoo emulator.

Message was edited by: jagtapyb