`
javastder
  • 浏览: 12020 次
  • 性别: Icon_minigender_1
  • 来自: 北京
最近访客 更多访客>>
文章分类
社区版块
存档分类
最新评论

HOWTO Build, Sign and Install MIDlets

阅读更多

http://browndrf.blogspot.com/2006/06/build-and-install-singed-midlet.html

 

I’m aware that this is a lengthy process and involves several delicate steps. I wish I knew an easier method!! I have only tested this with one handset (nokia 6682). If you have a different handset things can be slightly different. However the basic signed MIDlet security model should be the same. The main problem with several (at least mine) handsets is, they do not allow you to directly install new CA root certificates. The security model is great, but this enforces us to buy a code-signing certificate even just for testing purpose. After reading several articles and email discussions I managed to install a self-signed certificate to my handset. I could also successfully install my test MIDlet signed by that self-signed certificate. My contribution to this process is very little. I just collected bits and pieces from different places and put them together. I hope this might help some developers. If you have any questions or comments you may email me to brown_drf [at] yahoo [dot] com. Good luck!


Disclaimer

The process described here is not guaranteed to work on all handset models.

 
Pre-requisites

I assume the reader knows how to setup a simple website, simple web page programming to upload a file, basic knowledge on how certificates work etc. The processdescribed here also require reasonable understanding of your handset's configuration. I’m also not focusing on how to download tools and how to set them up.

 

Tools required

Sun Wireless Toolkit 2.3 (WTK)
carbide j - 1.0 (just to sign the midlet - I haven't tried other tools) 
OpenSSL - to create and sign certificates

 

 

 
Goal

To to build, sign and install a MIDlet that can access a restricted j2me classes (like network access). In my experiments I was tring to develop a client MIDlet capable of opening a Bluetooth connection to a PC.

 

 

 
Step 1: Build and (try to) test your MIDlet on Emulator 

I started with a sample code came with Sun's WTK. Build your code using KToolbar. Try to run your MIDlet on an emulator. In my case it wasn't working! “for some reason” the emulator was not was not detecting my a bluetooth hardware - anyway. Since I was developing a BT client, I first tested it with standard sockets, just to check whether my handset UI works at least.

 
Tool used: KToolbar (Sun WTK)

 

 
Step 2: Set permissions and create MIDlet package

Once you think your MIDlet is good to go, you should build a package for installation. As you might already know, depending on the classes/packages you are using, you might need to setup MIDlet permissions. You can do that with KToolbar itself. Click "Settings" and pick "Permissions" tab. Click on "Add" to pick the packages/class you are interested in. I had to add only one (javax.microedition.io.Connector.bluetooth.client) because my MIDLet was a simple BT client. Most other fields are automatically filled, but it worth eyeballing around and making sure nothing is obviously wrong. Now you may create the MIDlet package by selecting Menu->Project->Packages->CreatePackage. This will create a MyMIDlet.jar file and a MyMIDlet.jad file under your sample app's bin/ folder. Open the .jad file in a text editor and take a quick visual examination

 

 
Make sure :

  •  You don't see anything unusual - obviously :)
  • The permission(s) you added are present - very important
  • No certificate information present - If present, delete them (we will add them later)
  • Alrite.. , you just created an "unsigned" MIDlet !!

 

 

Step 3: Create a self-signed issuer CA

 The idea is to create fake CA certificate that can be used to issue a code-signing certificate.
(You might require to configure openSSL such as creating a folder called c:\usr\bin under windows and copy the openssl.conf file into that folder)

 
Note: Do these under a clean folder so that you won’t lose these files

 
At the command prompt, run following OpenSSL commands to create an issuer CA 

 

openssl genrsa -des3 -out ca.key 4096

openssl req -new -x509 -days 365 -key ca.key -outform DER -out ca.cer

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

 

This will ask a few questions (like company name, OU etc). Enter some valid inputs.

 
Now you have generated 3 files

  • ca.key is your fake self-signed CA private key
  • ca.crt your CA’s public key (certificate) in PEM format
  • ca.cer your CA’s public key (certificate) in DER format

Note: Make sure you save these files.

Now, test the certificate's validity by installing it on your desktop. If you are on windows, just double click it and windows will say if the cert is invalid.

 
For further reading on certificate creations go to :


 

Step 4: Install the newly created CA certificate on your handset

This is tricky. I did it with the help of a small webserver I had. What you need to do is to create a web page from which a browser can download your ca.cer file. The page can be can be developed in any language. In my case I had a tomcat server serving a jsp page. But I recommend apahe/php, because its easy to setup. The important thing is setting the MIME content type to "application/x-x509-ca-cert".

 

Sample php back-end script will look like this

[code]
$file = path_to_your_CA_CER_FILE

header('Content-Description: File Transfer');

header('Content-Type: application/x-x509-ca-cert');

header('Content-Length: ' . filesize($file));

$bn = basename($file);

header("Content-Disposition: attachement;filename=$bn");

readfile($file);

[/code] 

 

 
Sample JSP back-end java code will look like this

 

[code]
File exportFile = new File(path_to_your_CA_CER_FILE);

response.setContentType("application/x-x509-ca-cert");

response.addHeader("Content-Disposition", "attachment; filename="
exportFile.getName());

OutputStream os = response.getOutputStream();

InputStream is = new FileInputStream(fileName);

 
while (is.available() > 0) {

char c = (char) is.read();

os.write(c);

}

os.flush();

is.close();

[/code]

 
Important! You can install certificates ONLY in DER format so make sure path_to_your_CA_CER_FILE points to ca.cer. 

 

Now, load the cer file to the location specified in the script above and start the webserver.

 
Using your handset's browser, browse (Over The Air) to the new page and try to download the cer file. The handset should ask whether you want to download and install the certificate. Say yes and the handset should download the certificate and install it as a trusted CA. If there is a problem installing the certificate, make sure the certificate is valid as mentioned in step3.

 

 

 
Step5: Configure the installed certificate on the handset

Open-up certificate manager on your handset and adjust the trust status. I set it like this

 
Symbian Installation: No

Internet: Yes

App. Installation: Yes

Online Cert. Check: No

 

 

If you have got this far successfully- 50% of your job is done !! You don't have to do this CA cert installation ever again !!

 

Note: changing certificate trust status can be different on different handset models.

 

 

Step6: Generate a Certificate Signing Request (CSR)

To create a code-signing certificate all CA's require a Certificate Signing Request (CSR). I used carbide.j tool to create CSR. It is simple - Run carbide.j standalone. Select "Create Application Package" view. In "General" tab choose "recreate based on existing package" option. Pick path to your JAD and JAR files. Now change to "Sign Application Package" view. If you have something in "available alias" area, you may delete at the first time. Click "New keypair" and enter your (your comapny's) information and click "Create".

 

Important: Do NOT use two letter state code. (example: use California instead of just CA)

 

Now you should have a new entry in the alias box. Click on "Generate CSR". It will prompt to enter a file name (say code-sign.csr). Enter a valid file name in a known location and click OK. Now you have a Certificate Signing Request (CSR) that you can submit to a CA.!

 

Keep this tool running. We need it later.

 

File created : server.csr

Note: Save this file for future, you can use this later when you decide to buy a real CA cert.

 

 
Step7: Create a code signing certificate

This is the money saving step. You are about to create a code-signing certificate for yourself, that you would buy from a CA otherwise. In Step3 we created a CA and in Step4 we installed that certificate on our handset. In Step5 we created a CSR. Now create a code signing certificate for the CSR you created using the CA we created.

 

Run this OpenSSL command under (make sure all key/crt/csr files are accessible.

 
openssl x509 -req -days 365 -in code-sign.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out code-sign.crt

 

File created: code-sign.crt

info: What you have (code-sign.crt) is a PEM format certificate issued by the CA you created in Step3. ca.crt is the root certificate and code-sign.crt is the leaf certificate. Note that leaf certificate is NOT valid unless you have the root certificate. In next step we will create a file containing both root and leaf certificate. This will be in PKCS#7 format.

 

 

 
Step8: Create certificate package

The idea is to combine ca.crt and code-sign.crt and create a .P7c file. I used Windows’s certificate manager to do it.

  • Open Internet Explorer
  • Open certificate manager (Tools->Internet Options->Content->Certificates)
  • Pick “Trusted Root Certification Authorities” tab and Click “Import”
  • Click “Next” and choose path to your ca.crt file and click “Next”
  • Pick certificate store as “Trusted Root Certification Authorities” and continue until it says imported.
  • Now pick “Intermediate Certification Authorities” tab import code-sign.crt like you did for ca.crt. Once successfully imported, you’ll see the code-sign certificate among intermediate certificates.
  • In “Intermediate Certification Authorities” select your code-sign certificate and click “Export”
  • Succeeding screen will prompt you to choose the format. Pick PKCS#7 (.P7B). and check “include all certificates in the certification path if possible” checkbox (very important)
  • Continue by clicking next and pick a file name (say code-sign)
  • Continue till it says successfully exported and you should see a file by name code-sign.p7b has been created.

 

Important: Pay special attention to step 9, If you do not check "include all certificates..." you will not be able to sign your MIDlet.

 

 

Save this file (code-sign.p7b) as well.

 
Note: You may also use other browsers or OpenSSL command line tool to achieve this.

 
Step9: MIDlet signing

  • Hope you still have carbide.j tool window open from step6.
  • Go to “Sign MIDlet package” view and click “Import Certifiacte”
  • On prompt pick the P7b file created in step8.
  • On success it won’t say anything, but you’ll see the information getting added.
  • Finally – the big click – Click “Sign”
 
It will prompt for the .jad file – pick the jad file you created on step2 (MyMIDlet.jar, jad)

 
Click OK and it should say successfully signed.

 

If you are gotten this far, you’re 99% done !!

 

 
Step10: Verify your jad file

Step9 must have modified your jad file by adding the certificate information into it. So you should see lines like these in your jad file

 
MIDlet-Certificate-1-1: MIID8DCC….

MIDlet-Certificate-1-2: MIIGdzC…..

MIDlet-Jar-RSA-SHA1: SFvS0W…

 

Also make sure MIDlet-Jar-Size: field value matches with the actual size of your jar file.

 

Well, believe it or not, you have a signed MIDlet ready to install !!

 
 
Step11: Install the MIDlet on your handset 

This is what you were waiting for. Cross your fingers :)

 

I did this – again – with the help of my little website. I tried Nokia’s PC suite, but it did not work. I wish I knew an easier way to do this. This is what you should do if you follow what I did.

 

 

Created a simple html file like this

 

[html]

 
[head]

 
[title]MySignedMIDlet[/title]

 
[/head]

 
[body]

 
[a href=http://mywebsite/my_midlet_folder/mymidlet.jad] mymidlet.jad [/a]

 
[/body]

 
[/html]

 

Note: apparently, replace all square brackets with angle brackets

Save this HTML to -say- "mymidlet_installer.html" and mait it available to web.

Copy the MyMIDLet.jar and MyMIDLet.jad files to a web folder as shown in the html script.

Using your handset’s browser browse to http://mywebsite/my_midlet_folder/mymidlet_installer.html

Browser will show the link and click on it.

Handset should prompt whether you want to install the application.

 
Click "yes" and - BOOM!! you installed your MIDlet.

 

 

 
Step12: Relax

 
Good luck :)

分享到:
评论
1 楼 javastder 2010-02-05  
42 Comments:
  guillechan said...
Hi, nicely written tutorial.

I didn't know one could install a root certificate in the phone, so i've followed the fist steps feverishly, i know how to do the rest.

I've tried with 2 devices. When accessed through the browser it received the certificate, and asked me to install it.

Nokia 6230: it downloads the certificate but does not understand that type of files.

SonyEricsson K300: tries to open the certificate but says: "the certificate is not valid"

Did you really were able to install a root cert. on a phone and authenticate signed midlets with it?

regards guillechan@gmail.com
5:48 AM
  Brown D said...
guillechan,
Sorry for replying late. Yes, I was able to install a root cert on my nokia 6682. I wasn't kidding
However this doesn't mean that it will work on ALL devices. Different devices has different restrictions (and bugs).
But, you said your 6230 says it did not understand file file format, were your cert in DER ? If you use PEM(base64) you'll get this error. It is also possible that other devices support different formats. Unfortunately I don't have many other devices to test

good luck
2:40 PM
  Mihai said...
Hi,

I'm using Carbide 1.5 with JBuilder 8.

I have a problem in step 8 : when I Import Certificate (after using "Open" buton), JBuiler freeze.

Do you have any ideeas?

Regards,
Mihai
3:33 AM
  Mihai said...
Hi,

I've succeeded to import the certificate (on another PC), the install is ok.

But when I run the midlet I still have the security request for user approval!

The permissions are present in the .jad:
MIDlet-Permissions: javax.microedition.pim.EventList.read, javax.microedition.pim.ToDoList.read
.

All steps were ok, so I don't understand.

I'm using the midlet on a Nokia N70 (S60 2nd Edition, Feature Pack 3)

Any ideas?

Regards,
Mihai
1:02 AM
  yo31358 said...
I'm follow your instruction but it error in last step (Install MIDlet to handset) I get 'Certificate error, Contact the application supplier'
I use nokia n80

anyone can hekp me? please send mail to me at joe_cmu@hotmail.com

Thanks
1:34 PM
  Brown D said...
All,
Sorry for replaying late. Its been a while since I checked the page.

About the JBuilder freeze problem: frankly, I don't know the answer.. try running carbide.j independently and see.

About the user confirmation: That is the expected behavior. The handset provider has the complete control over this. Cingular (US) for example allow your midlet to bypass the confirmation only if the midlet was signed by their own certificate. So don't get surprised.

About the certificate error: Again I don't know the answer:) Did you check whether your jad file contain ALL certificates ?

Experts at Nokia discussion forum has been very helpful in resolving these kind of issues.


Checkout

http://discussion.forum.nokia.com/forum/
2:47 PM
  Cusco said...
I want put my midlet into HTC P3300 but an error occured "impossible to verify signed".

Here is my jad:

Created-By: 1.5.0_08 (Sun Microsystems Inc.)
MIDlet-1: NrauMobile, NrauMobile.png, pt.ihru.nraumobile.NrauMidlet
MIDlet-Jar-Size: 146184
MIDlet-Jar-URL: ./NrauMobile.jar
MIDlet-Name: NrauMobile
MIDlet-Permissions: javax.microedition.io.Connector.comm,javax.microedition.io.Connector.file.read, javax.microedition.io.Connector.file.write,javax.microedition.io.Connector.http, javax.microedition.io.Connector.https,javax.microedition.media.control.RecordControl, javax.microedition.media.control.VideoControl.getSnapshot
MIDlet-Vendor: Opensoft
MIDlet-Version: 1.0
Manifest-Version: 1.0
MicroEdition-Configuration: CLDC-1.0
MicroEdition-Profile: MIDP-2.0
MIDlet-Certificate-1-1: MIID5jCCAc4CAQEwDQYJKoZIhvcNAQEEBQAwgYgxCzAJBgNVBAYTAnB0MQ8wDQYDVQQIEwZsaXNib24xDzANBgNVBAcTBmxpc2JvbjERMA8GA1UEChMIb3BlbnNvZnQxETAPBgNVBAsTCG9wZW5zb2Z0MQ4wDAYDVQQDEwVDQUNydDEhMB8GCSqGSIb3DQEJARYSZG5ldmVzQG9wZW5zb2Z0QHB0MB4XDTA3MDgwMzA5NDA0NFoXDTA4MDgwMjA5NDA0NFowbTELMAkGA1UEBhMCcHQxDzANBgNVBAgTBmxpc2JvbjEPMA0GA1UEBxMGbGlzYm9uMREwDwYDVQQKEwhvcGVuc29mdDERMA8GA1UECxMIb3BlbnNvZnQxFjAUBgNVBAMTDUtleVBhaXJNb2JpbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJA9Oisx2/7hu+3N5/iTbJxVmpxAr31wOigSIhMdyTkOhauQ1ZgHd1P7rl+4AObDiOeKbYcQGZsxYtRtxR2cRyshvb8/CLCpcZWhwkgSe6ZgjUXn8Ybx11/WMs1piXLB8lO6raI8dIsjeRAL/M2HC0jZWNPfgn3kCMcnf3wT70QPAgMBAAEwDQYJKoZIhvcNAQEEBQADggIBALpsCYpOnMMu97Xu4qOBJarz8Cqz2xmCVoxQifTZY4VlBQf+q5aiZz+wWXk+MahPo5thsDQpDWw5h++IwaxTUXN1N983zjH5Aig6E7RkjIW/58GHAYy6aWTSq+X7eYpP8kZ1XEd/u/txyBtrd2NDspefuC/D7VIkfKq2wENu98e7xyspNK7BOIXf6HUh25tnT4QmZXC5VH+0LucWh1J94VbN31DcicVgAdJLBoFDX8Bn87xJABtziyKsv+a3S1I+iFeHeUIbBp7K21axVF9KjI/wB6jOj9lTk8EUUZUms83+RfdpvMRdDKidU2sqpwVGWhT2sBViLpS+ADDBgWyF2MXK1RMmthy5O4Jlkp3aPsIBrtnyQdvCkofEnBZUYFj/A6uoe5FZwE3petUApUuN0FIDFJDySmEGTX8e07+5bcvlLvGPoh9Nw7wdKZLJWKSBRVvhN5IuTTAb3mLJnPxQxHgQUNbSuml6weP/YlOuWVAL40NSU7x0jT+Tn36W1W1aevC2Oe1CLjDQXWHeQ5EJ3aOFV+0j+khBV45gP0zT5jPV3XSNtgA3XhRcRJlLUzwa+CBihVCwfpWVxUFKCh3escbHqg/35JaJFaW2X9p/5MVlttKDnViJos6vM6Q/Oor8tkCd6cQMDCot32BAezuE50IQB/vgi7viAtrME0buPsgT
MIDlet-Certificate-1-2: MIIGdjCCBF6gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCcHQxDzANBgNVBAgTBmxpc2JvbjEPMA0GA1UEBxMGbGlzYm9uMREwDwYDVQQKEwhvcGVuc29mdDERMA8GA1UECxMIb3BlbnNvZnQxDjAMBgNVBAMTBUNBQ3J0MSEwHwYJKoZIhvcNAQkBFhJkbmV2ZXNAb3BlbnNvZnRAcHQwHhcNMDcwODAzMDkyNDI5WhcNMDgwODAyMDkyNDI5WjCBiDELMAkGA1UEBhMCcHQxDzANBgNVBAgTBmxpc2JvbjEPMA0GA1UEBxMGbGlzYm9uMREwDwYDVQQKEwhvcGVuc29mdDERMA8GA1UECxMIb3BlbnNvZnQxDjAMBgNVBAMTBUNBQ3J0MSEwHwYJKoZIhvcNAQkBFhJkbmV2ZXNAb3BlbnNvZnRAcHQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDWqZdL9+aU8bvneIlxD/dTTJ5oJdVyTSasW4/t56MNM56/OQT6rGnyQma2uAHezzLF6S2tnYWmnKSQ/do0x1yOVnjIJ1tHeUSrA+n8J9X0UE6ZlCQdNRVhSnHRfEIBdsAYbonqVTp+u8vRjW0btbcSxQPUBCsd2L9gesQxYllP+2ENusd2A2S2CN5VZyu0cM6ThxbFMyj6QXjfChEPWl92bB0eoEiU1J14L2p2Qd1E5tsPx63Nk8LvMwMaxy7XuZwZWmchc8AP7FZZ0T/IFYjyWJmoPxLU5V5SeT1W+uiQeD9hIbe2D4KVt/Xm25DlsRDht/lr9lWES4vS9eM2H9guAZimzxFE26gBdLPsNExzae5/xxZ4w9y2XSwpQKsvuIDGdGHTbOvKPcsjiG3S41cj3HDgqOFTuqNuiHrv76XgA4pLM0/rVRU10Z99HQ13r+zvqxaj+PaUTs5p1E8M58Flv4mMdpQxyxkuT1HKaLAg2m+JQ//YBCkgWree9cM+sSTlc1gq569bqsqqANOod1fkoxVJ1K3rjVb4aEHDSXpOVWHowunPGUlJDEt3Hm4xDLWBDNikjBIifspmIpSJaomxs1QYk5EwNIo5YYHcznxZw8Q/qLc3qu8RCmvpnYXckIHv01NUUZuU00t3HEhAbPhMFSvhXgW5o8w8Q+Ljn3TXQwIDAQABo4HoMIHlMB0GA1UdDgQWBBSAnAai1InDsBzDLCYGq/FdsjmfQTCBtQYDVR0jBIGtMIGqgBSAnAai1InDsBzDLCYGq/FdsjmfQaGBjqSBizCBiDELMAkGA1UEBhMCcHQxDzANBgNVBAgTBmxpc2JvbjEPMA0GA1UEBxMGbGlzYm9uMREwDwYDVQQKEwhvcGVuc29mdDERMA8GA1UECxMIb3BlbnNvZnQxDjAMBgNVBAMTBUNBQ3J0MSEwHwYJKoZIhvcNAQkBFhJkbmV2ZXNAb3BlbnNvZnRAcHSCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOCAgEAxkGakn5b66tToyvxASy9s9CMhER6ZI1+K3ey8WcNHBCMFlAhyD/ut+6823ZAzqbln0Dud8NLXO6trjeMSkXCpEUucLRuowTps1NpVpiup4oaTSSVu9+C8lwLnmqhqqtBHdVKCvEm9XSi4vsp9rJtZEd7fy8ylen18XSDv2b4T8Rj7j9qYydlc9UhOA9VPLq7Aj2dpdBVKncL1bJ3z8QY0xnbtmdb0qmoye6S6X44p0Sl29IOflt8R4aKM00DBN8QrmzlXlasbnMKIvmpC0GTxklx1N/LRvElCk5lQOPeMeD60tRvTM6iPsYt4BZ2rfEzLhRHrFdfSbwSNC0z0z+/8D1mGI5Bgq/OS/qeMD3eMETIVJ1fBIK82e2xe2M6jWo0qmkacLnzdEK1/oF51V8ucrwa/9Nz15lZ0i+N2lHHVWfw7Hw4A4CudwDepN4TMEv1htmyysj56F6Xh2pm7HXtj3N/0lLKSZHvmYk3RZT45tXDaY4E14xumDazcw1alYrT1qtWequ8EaXtpJfa2BRFkFGveN8cgPW66aflTOVyXmsyX4D0fEEuSlDoqqdZ0NkN5si2S6JpC5qBoNe6EwLZmkuG388rQ3ySRSuFfjQ5axG+d9IFL9IuwiPe5Hbl0dZmh5dtktV5M8JqfgQn5a72dO6Q24ZFPYiJhK7stW/N1vo=
MIDlet-Jar-RSA-SHA1: Mj0+w51xKhT1t7wwNXfzHwKCrkv29iOKqg5/w/LSjXEkM1VrGHQVb0C65lMZs+vGp6QmNHpGQhEyv0qmcKvzD3serpGDxWlv8FstZ2hzZCdaeKVawUiAeoOEolpxosjPm8jMt2YYKQLLaVeogsrMr6PYvD1VfsJHVGBa7GVInfU=

Do you know what's the problem?

Thanks
3:47 AM
  Brown D said...
Cusco,
It looks like the root CA certificate is not present on your handset.

Are you signing with your self-generated code signing certificate or did you buy from a CA (like verisign) ? In either case make sure that the root CA certifcate is installed on the handset. If you have a self-signed cert take a look at Step 4 of the blog.

Please keep in mind that not all handsets support installing root certificates. SO if you bought a cert froma vendor which is not present on your handset, you cannot install your midlet.
If you have more questions please email me at brown_drf _at_ yahoo _dot_ com
1:32 PM
  suvro said...
Thanks a lot for this amazing blog. It is really nice to know there is an workaround to self sign a midlet and get it to work in the phone (at least in a series 60 2nd ed.).
5:36 AM
  Arcadiy said...
Very usefull tutorial. I made it on my N70 for MIDlet-Permissions-Opt: javax.microedition.pim.ContactList.read, javax.microedition.pim.ContactList.write
2:48 PM
  Manoj Kumar said...
Great work.

we want to just add servlet code which is working.
here is some working code snippet of servlet, u can use for the downloading certificate.
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class certificate extends HttpServlet
{
public void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException,IOException
{
//PrintWriter out = resp.getWriter();
OutputStream os = null;
File exportFile = null;
String fileName = "ca.cer";
ServletContext context = getServletContext();
try
{
File dir = new File(context.getRealPath("/"));
exportFile = new File(dir, "\\WEB-INF\\cert\\ca.cer");
//exportFile = new File("E:/Manoj/apache-tomcat-4.1.36-LE-jdk14/webapps/ROOT/ca.cer"); //path_to_your_CA_CER_FILE);
resp.setContentType("application/x-x509-ca-cert");
resp.addHeader("Content-Disposition", "attachment; filename=" + exportFile.getName());
//OutputStream
os = resp.getOutputStream();
//InputStream

// InputStream is = new FileInputStream(fileName);
InputStream is = new FileInputStream(exportFile);
//byte[] b = new byte[128];
DataInputStream dis = new DataInputStream(is);
byte[] b = new byte[2048];
int cnt = 0;
while (true)
{

cnt = is.read(b);
//out.println(c);
if (-1 == cnt)
break;
os.write(b,0,cnt);
String s = new String("once\n");
os.write(s.getBytes());
}
os.flush();
is.close();
}
catch (Exception e)
{
if (null == os)
{
os = resp.getOutputStream();
}

DataOutputStream dos = new DataOutputStream(os);
dos.writeUTF(exportFile.getName()+e.toString());
dos.flush();
os.flush();
os.close();
//os.writeData("exception : " + e);
//out.println("Exception e : " + e);

}
}
}
7:56 AM
  Manoj Kumar said...
great work.
we used the steps to install certficates.

here is below code of servelt. we have some fight on setting the path of certificate.

File dir = new File(context.getRealPath("/"));
exportFile = new File(dir, "\\WEB-INF\\cert\\ca.cer");
resp.setContentType("application/x-x509-ca-cert");
resp.addHeader("Content-Disposition", "attachment; filename=" + exportFile.getName());
os = resp.getOutputStream();
InputStream is = new FileInputStream(exportFile);
8:01 AM
  Brown-Dwarf said...
Manoj Kumar,
Thank you for posting that servlet code - definitly useful.

~b
5:53 PM
  GuoQing said...
1) Two step5?
2) If we don't have carbide.j (which is not support any more) what should we use?
9:33 AM
  GuoQing said...
I tried the step 4 on my nokia 6085 phone, it givesme "Authority certificate corrupted", what can be wrong?
3:37 PM
  RAVI said...
Hi,

I followed the steps you specified to create self sign certificate and signed the my midlet and i have successfully installed the certificate in my S60 3rd edition emulator and set the permissions too.But when i'm trying to install my self signed midlet, An error happened saying the certificate error ! contact the Application supplier...please help me .It's urgent
10:39 PM
  Brown-Dwarf said...
GuoQing,
For jar signing, there are several other tools available. Search for "jar signing tools". This is one I came across. http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/rsa_signing.html#signing

Please note that the procedure is different for different tools. You might need to play around with it alittle bit.

About the certificate corruption, what method/script/language do you use to develop the server side? You need to makesure the cert is streamed correctly. Did you verify it with a standard browser ? That'd be helpful.
10:42 AM
  Brown-Dwarf said...
Ravi,
I am not sure about this problem on emulator(OTA?). Other people have also reported similar issue.
http://discussion.forum.nokia.com/forum/showthread.php?t=117397
It looks like the problem is not present on real hardware. Sorry that I can't provide much help.

~b
10:55 AM
  GuoQing said...
I have the same problem on my nokia 6085. When I load the ca.cer from mobile phone on my apache2/php server http://www.drhu.org/ssl/ssl.php it gives me "Authority certificate corrupted". I follow the steps http://browndrf.blogspot.com/
Does anyone how to solve this problem?
2:45 PM
  Brown-Dwarf said...
GuoQing,
I tried the url with 6682 and it works fine. Like I mentioned in the blog, installing certificate is not a standard feature. S60 2nd edition has a bug which allos you to install certs. I am not sure what platform has this "feature".

~b
9:33 AM
  GuoQing said...
The "Authority certificate corrupted" problem be solved if I use c:\OpenSSL\bin\openssl genrsa -des -out ca.key

But, now another problem happens after I install the ca.cer. In my Nokia 6085, setting/security/authority certificates/certificate list/options/select use
the App. Signing check box is disbaled, so I can't check it. It maybe AT&T or Nokia disabled this on purpose. Does anyone has the same problem?
9:32 AM
  Brown-Dwarf said...
hmm.. that is interesting..


-des3 just means use 3DES to encrypt the private key. In other words, it is only for symmetric encryption, not for the asymmetric one (RSA). If you don't specify these (-des|-des3|-idea) options, your pvt key will not be encrypted.

I could be wrong, but AFAIK, it shoul dnot affect the public key - which we're installing - which is not encrypted.

take a look at this
http://www.openssl.org/docs/apps/genrsa.html

About the trust settings, I am not very surprised if it is disabled. All these providers has their own policies - differes on different handsets. BTW, did you try to install the application ? - just to try your luck.
11:02 AM
  pramoda said...
nice article
this works only for series 60 mobile.
but you can't control messaging Security Alerts.
4:52 AM
  pramoda said...
you can send this .cer file in bluetooth also.
4:53 AM
  J2ME said...
hi friends,

can you tell me whether we can do sam e process via emulator.....I have got
wtk 2.5.1....If any solution plz let me know....
5:44 AM
  imran munir said...
Sir i am using nokia e51 and when i get download the http://www.corvitoman.com/movies/videoStreaming.php it shows the cryption on page i just copied and paste your given code of php. you can also check it and when i clicked on jad link it not gives any message do you want to save it in phone and it shows the midlet information.
Please help me in this issue i want to get direct download my jar file to any nokia mobile. thank you sir my email id is imranmunirawan@hotmail.com
5:05 AM
  imran munir said...
I am using the e51 nokia after the all process which you told in this blog when i opened the php file www.corvitoman.com/movies/videoStreaming.php
it shows the ca.cer file on browser rather then install it. like that when i click on jad file www.corvitoman.com/movies/videoStreaming.jad it shows the midlet information after download or jar file www.corvitoman.com/movies/videoStreaming.jar shows cryption code rather then install. sir i am totally in trouble will you please help me regarding this issue i will be very thank full for your this kind of act. please tell me solution. thankyou
5:10 AM
  le_top said...
I've followed the procedure and was able to install my ca.cer on a Nokia phone by opening it from the file manager.

However, the certificate can not be used for application install, only for 'internet' and 'online certificate verification'.
Application installation can only be validated by the certificates labeled as 'MIDP2 ...' on my phone (28/08/2008).
1:54 PM
  Brown-Dwarf said...
le_top,
What make/model is your handset? As far as I know, there is no special cefrtificate or cert extensions for MIDP. In step 5, did it give you an option for "App Installation" ? That is the flag it will be using to decide whether to use a certificate to authenticate an incoming application. Please double check that.

~b
9:55 AM
  lolek said...
Hi!nice article!

However i stuck in step 4 as my Samsung SGH-L700 doesn't seem to support any of cert MIME types (as in http://www.mobilemultimedia.be/en/uaprof/index.php) Can you think of any alternative how to install a certificate or other way of getting a trusted app on my device or at least get rid of the annoying security warnings when midlet accesses phone filesystem?

Regards,
Leo
1:21 AM
  Amar Sahu said...
Hi All,
I have a self signed certificate for my applicaiton present on my PC. This application is bound to work on Nokia 6131 NFC phone. I followed browndrf's link http://browndrf.blogspot.com/2006/06/build-and-install-singed-midlet.html. I have followed the document and am slightly confused with step 4. Can anyone of you please lay more emphasis on step 4. It will really help me. Incidently I have tried to make the webpage available on my phone by running my webserver. But the results are not encouraging. when i try to open the application it gives me a security Exception error and a Null pointer Exception error. My main doubt is what is the right procedure to upload the certificate on to the phone. I have been mailing to quiet a few members but have not got any response yet. Please suggest me what i am supposed to do in order to make this application run without any errors. I am trying to implement the TicketingExample application that comes with Nokia 6131 NFC SDK.
Eagerly waiting for your reply.

Regards,
Amar Sahu
9:31 PM
  missmè said...
hi, i readed the article and i have one question for you.
After that i build and installed Signed MIDLet can i access to a property that are accessible only if the midlet is signed? Example i wont get IMSI, but it is possible only of my midlet is signed.
Can you help me please.
Thanks...Regards
8:48 AM
  ANX said...
I did uptil step 3
I start the browser on my phone (nokia 6233) and try to install the certficate. the phone opens the site, downloads the certificate and then says, corrupted certificate.
Can anyone help??
11:41 PM
  eiwai said...
Hi , Sir

Your tutorial is very nice and helpful for us . We follow your way to install Midlets. We are writing j2me prgram to get the cell id, location area code. We used Nokia 5220 XpressMusic to test it. We cannot import certificate to phone. Can you guide us the way ?


with deepest respect,
Ei Wai.
12:20 AM
  小洛 said...
Nice tutorial and thank you so much for sharing.

I tested with Nokia E51 and Nokia 3250 but unable to work.

In the end found an article stated that this can only work on S60 2nd Edition. >"< E51 and 3250 both S60 3rd Edition.

I further tested with Nokia 6680 which S60 2nd Edition, it's working as what this tutorial taught~~~ Proved this tutorial is workable.

Following is the article:
http://wiki.forum.nokia.com/index.php/KIJ000555_-_Signing_certificates_for_MIDlets
3:43 AM
  mhs said...
Hi,
my phone is nokia 5800.
i did anything you write,but instead of downloading the ca.cer file, i copied it in phone memory and installed it.
the certificate installs successfuly but the app. installation choice is not here.
also my midlet doesnt install on the phone.
what should i do?
11:30 PM
  mhs said...
my mail is: mohammad.samadani@gmail.com
11:32 PM
  omar said...
i have an error in step 3
when i try to write
req -new -x509 -days 365 -key ca.key -outform DER -out ca.cer
and the error is unable to load
config info from /usr/local/ssl/openssl.cnf
if any body can help me on that please
1:15 AM
  giancarlo said...
GREAT !
8:49 AM
  kertoja said...
Great! Thanks
2:11 PM
  BRICTON said...
Can somebody tell how can I do in order to get the cer install on the phone:

I have this file index.php

[Descarga de Certificado]
[Bienvenido]
[Para descargar el certificado, por favor siga el siguiente ]enlace]
[href="get_cert.php"]Certificado]

This is get_cert.php



Can somebody help me
4:38 PM
  Shantanu Paul said...
Hi sir,
I am a newbie & could not make out of all that instructions. I would be very grateful if you could provide me a signed version of KD Player by the above method. It will be very grateful.
8:26 AM

相关推荐

    基于网络的MIDlets简介(中文)

    **基于网络的MIDlets简介** MIDlets是Java Micro Edition (J2ME)平台上的应用程序,主要用于移动设备,如手机和嵌入式系统。它们是轻量级的,能够运行在资源有限的设备上,使得开发者可以创建丰富的、交互式的移动...

    基于网络的MIDlets简介

    ### 基于网络的MIDlets知识点概览 #### 1.1 目的与背景 本文档旨在为读者提供关于基于网络的MIDlets(Midlet over the Internet)的基本概念和技术要点。MIDlet是指Java ME平台上的小型应用程序,主要用于移动设备...

    J2ME Tutorial, Part 1 Creating MIDlets

    ### J2ME教程:创建MIDlets(第一部分) #### J2ME简介 Java 2 Micro Edition (J2ME) 是一种专为资源受限设备(如移动电话、PDA和其他小型电子设备)设计的Java技术。它结合了一个资源受限的Java虚拟机(JVM)和一组...

    MIDP 2.0: Tutorial On Signed MIDlets

    ### MIDP 2.0: 教程关于已签名MIDlets #### 一、引言 本教程旨在深入解析MIDP(Mobile Information Device Profile)2.0中关于已签名MIDlets的安全机制及其重要性。随着移动设备功能的日益强大以及应用程序复杂性...

    eclipseme

    EclipseME是一款专门为Java ME(J2ME)开发者设计的Eclipse集成开发环境(IDE)插件。它极大地简化了J2ME应用的开发、测试和调试过程,为专业和业余开发者提供了强大的工具集。这款插件是Java ME开发领域的创新之作...

    MIDP_2_0_Signed_MIDlet_Developers_Guide(2.0版本)

    这份文档主要介绍了MIDP 2.0环境下对MIDlets进行签名的相关技术和实践方法。 ### 关于文档 该文档版本为2.0,发布日期为2006年10月31日,基于早期版本《MIDP 2.0:关于已签名MIDlets的教程》,版本号1.1,并在...

    Mobile Suite:Mobile Suite 是一组具有通用 UI 的 J2ME midlets-开源

    Mobile Suite 是一组具有通用 UI 的 J2ME midlets。 应用程序分为三类: - 游戏(黑白棋,泡泡,...), - 应用程序(安全短信,RSS 阅读器,...) - 编程工具(库,测试套件,...)。

    手机/PDA程序设计入门-整合型开发工具

    - Nokia官方文档《Creating MIDlets with Borland JBuilder or Sun ONE Studio and Nokia Developer’s Suite for J2ME™》(指导如何使用Borland JBuilder或Sun ONE Studio结合Nokia Developer’s Suite for J2ME...

    FlappyPlaneJM:一个演示 Java Midlets 的简单游戏

    #一个简单的 Java ME 游戏 这个游戏是根据我学习中的作业要求创建的。 我最初想在 Java ME 中创建更像 Flappy Bird 的东西,但我无法做到,将其更改为简单的竞速游戏 xD 两个音频文件“gamewin.mp3”和“gameover....

    J2ME Tutorial, Part 4 Multimedia and MIDP 2.0

    这篇教程旨在帮助初学者理解如何在MIDlets(运行在J2ME平台上的应用程序)中集成多媒体特性。MIDP 2.0提供了MMAPI的一个子集,即使设备不支持完整的MMAPI,也能保证音频播放的基本功能。 MMAPI是MIDP 2.0中多媒体...

    最新版Eclipse Ganymede搭建J2ME开发平台的过程

    打开Eclipse后,通过菜单栏选择`Help` &gt; `Software Updates` &gt; `Find and Install`,启动软件更新功能。 4. **添加EclipseME仓库** 在`Software Updates and Add-ons`对话框中,选择`Available Software`选项,...

    EclipseME-V1.7.9

    在本文中,我们将深入探讨EclipseME的核心功能、如何使用它来开发MIDlets,以及它与Java ME和Eclipse平台的相互作用。 1. **EclipseME的主要功能** - **项目管理**:EclipseME提供了一个统一的界面,用于创建、...

    MIDP.Mobile.MultiMIDlet.example.code.rar_java programming

    MIDP是Java ME针对小型设备如手机和智能手表等设计的应用程序框架,它允许开发者创建能够在这些设备上运行的Java应用程序,即MIDlets。本文将深入探讨MIDP中的一个重要概念——MultiMIDlet,以及相关的编程实践。 ...

    J2ME开发资料-来源于Nokia

    ### J2ME应用开发之MIDlets空中下载配置详解 #### 一、引言 随着移动互联网技术的发展,Java在移动设备上的应用越来越广泛。Java 2 Micro Edition (J2ME) 是Sun Microsystems针对资源受限的设备(如手机、PDA等)...

    精通J2me嵌入式开发-环境配置.pdf

    -&gt; Find and Install...`菜单选项,搜索并安装J2ME相关的插件。 #### 三、配置与测试 ##### 1. Eclipse配置 - 在`Window -&gt; Preferences`中进行必要的J2ME环境配置,如添加JWTK的路径、设置默认目标平台等。 ##...

    Introduction_To_The_FileConnection_API_v1_1_zh_ch

    本文档假定读者熟悉Java™编程,并具有移动信息设备描述 (Mobile Information Device Profile, MIDP)编程的基础,MIDP编程基础可参见诺基亚论坛中的文档MIDP 1.0: Introduction to MIDlet Programming [MIDPPROG]。...

    J2ME学习文档(英文版)

    文档作者John Muchow是一位资深的J2ME专家,著有畅销书《Core J2ME Technology and MIDP》,并在无线开发者网站CoreJ2ME上分享了大量的源代码、文章和资源,是该领域的权威人物。 总之,这份文档为想要入门J2ME开发...

    Nokia UI API 扩展在诺基亚3100 游戏外壳中的应用

    本技术文档简要描述了在MIDP(MIDlets)中怎样把诺基亚用户界面 API 扩展应用到诺基亚游戏外壳 中。本文主要讨论诺基亚3100,因为它是第一款能支持新型游戏外壳的诺基亚手机型号。在编写能 够支持游戏外壳的...

    J2ME入门最基础的资料

    它提供了开发和部署小型应用程序,通常称为MIDlets,所需的环境。J2ME的出现使得开发者能够创建跨平台的应用程序,可以在多种不同硬件配置的设备上运行。 J2ME的基础结构由配置(Configurations)、配置文件...

    midp英文doc说明

    7. **Security and Personalization**: Midp包含一套安全机制,如权限管理,以保护设备免受恶意代码的侵害。此外,API还支持用户配置和个性化设置。 8. **Device Services**: Midp API提供了对设备硬件功能的访问,...

Global site tag (gtag.js) - Google Analytics