Skip to main content

X509Certificate Bug

No replies
jseghers
Offline
Joined: 2007-05-30
Points: 0

I wanted to point out the bug that I found in X509Certificate.java that precludes it from ever reading a V3 certificate correctly.

See the answer to http://forums.java.net/jive/thread.jspa?messageID=254293&#254293 that I posted for the solution.

With this I have been successful at signing a MIDlet using Operator Credentials by using a certificate issued by the free service at Ascertia and having the Ascertia Root certificate added as the operator certificate in appdb/_main.ks.

Note that when you run JadTool to add the certificate to the JAD, it inserts the entire 3-Certificate chain including the self-signed Ascertia root certificate. From my reading of the PKI docs, the JAD should not have the root certificate in the chain. Therefore, I pull the third certificate out of the JAD. Since getting that working I have not tried leaving it in to see if it really matters.

BTW: In order to have the certs even checked, you have to build PhoneME Feature with the USE_RESTRICTED_CRYPTO=true and RESTRICTED_CRYPTO_DIR=${MEHOME}/midp set. Otherwise, everything is just assumed to be untrusted.