Motorola C381P Benutzerhandbuch
31
MIDP 2.0 Security Model
MIDP 2.0 Security Model
120
attribute with this name. The value of each attribute is abase64 encoded
certificate that will need to be decoded and parsed.
certificate that will need to be decoded and parsed.
2. Validate the certification path using the basic validation process as described in
RFC2459 using the protection domains as the source of the protection domain
root certificates.
root certificates.
3. Bind the MIDlet suite to the corresponding protection domain that contains the
protection domain root certificate that validated the first chain from signer to root.
4. Begin installation of MIDlet suite.
5. If attribute MIDlet-Certificate-<n>-<m> with <n> being greater than 1 are present
5. If attribute MIDlet-Certificate-<n>-<m> with <n> being greater than 1 are present
and full certification path could not be established after verifying MIDlet-
Certificate-<1>-<m> certificates, then repeat step 1 through 3 for the value <n>
greater by 1 than the previous value.
Certificate-<1>-<m> certificates, then repeat step 1 through 3 for the value <n>
greater by 1 than the previous value.
The Table 29 describes actions performed upon completion of signer certificate
verification:
verification:
Result
Action
Attempted to validate <n> paths. No public keys of the
issuer for the certificate can be found, or none of the
certificate paths can be validated.
issuer for the certificate can be found, or none of the
certificate paths can be validated.
Authentication fails, JAR installation is not
allowed.
allowed.
More than one full certification path is established and
validated.
validated.
Implementation proceeds with the signature
verification using the first successfully verified
certificate path for authentication and
authorization.
verification using the first successfully verified
certificate path for authentication and
authorization.
Only one certification path established and validated.
Implementation proceeds with the signature
verification.
verification.
Table 29 Actions performed upon completion of signer certificate verification
Verifying the MIDlet Suite JAR
The following are the steps taken to verify the MIDlet suite JAR:
1. Get the public key from the verified signer certificate.
2. Get the MIDlet-JAR-RSA-SHA1 attribute from the JAD.
3. Decode the attribute value from base64 yielding a PKCS #1 signature, and refer
2. Get the MIDlet-JAR-RSA-SHA1 attribute from the JAD.
3. Decode the attribute value from base64 yielding a PKCS #1 signature, and refer
to RFC 2437 for more detail.
4. Use the signer’s public key, signature, and SHA-1 digest of JAR to verify the
signature. If the signature verification fails, reject the JAD and MIDlet suite. The
MIDlet suite will not be installed or allow MIDlets from the MIDlet suite to be
invoked as shown in the Table 30.
MIDlet suite will not be installed or allow MIDlets from the MIDlet suite to be
invoked as shown in the Table 30.
5. Once the certificate, signature, and JAR have been verified, the MIDlet suite is
known to be trusted and will be installed (authentication process will be
performed during installation).
performed during installation).