Motorola maxx V6 사용자 설명서
When a MIDlet suite is downloaded, the handset will check the JAD attribute MIDlet-
Jar-RSA-SHA1. If this attribute is present, the JAR will be authenticated by verifying
the signer certificates and JAR signature as described. MIDlet suites with application
descriptors that do not have the attributes previously stated will be installed and in-
voked as untrusted. For additional information, refer to the MIDP 2.0 specification.
8.18 Verifying the Signer Certificate
The signer certificate will be found in the application descriptor of the MIDlet suite.
The process for verifying a Signer Certificate is outlined in the steps below:
1.
Get the certification path for the signer certificate from the JAD
attributes MIDlet-Certificate-1<m>, where <m> starts at 1 and is
incremented by 1 until there is no attribute with this name. The value of
each attribute is a base64 encoded certificate that will need to be
decoded and parsed.
attributes MIDlet-Certificate-1<m>, where <m> starts at 1 and is
incremented by 1 until there is no attribute with this name. The value of
each attribute is a base64 encoded certificate that will need to be
decoded and parsed.
2.
Validate the certification path using the basic validation process as
described in RFC2459 using the protection domains as the source of the
protection domain root certificates.
described in RFC2459 using the protection domains as the source of the
protection domain root certificates.
3.
Bind the MIDlet suite to the corresponding protection domain that
contains the protection domain root certificate that validated the first
chain from signer to root.
contains the protection domain root certificate that validated the first
chain from signer to root.
4.
Begin installation of MIDlet suite.
5.
If attribute MIDlet-Certificate-<n>-<m> with <n> is greater than 1 are
present and full certification path could not be established after verifying
MIDlet-Certificate-<1>-<m> certificates, then repeat step 1 through 3
for the value <n> greater by 1 than the previous value.
present and full certification path could not be established after verifying
MIDlet-Certificate-<1>-<m> certificates, then repeat step 1 through 3
for the value <n> greater by 1 than the previous value.
Table 17 describes actions performed upon completion of signer certificate verifica-
tion:
Result
Action
Attempted to validate <n> paths. No
public keys of the issuer for the certific-
ate can be found, or none of the certific-
ate paths can be validated.
public keys of the issuer for the certific-
ate can be found, or none of the certific-
ate paths can be validated.
Authentication fails, JAR installation is not
allowed.
allowed.
More than one full certification path is es-
tablished and validated.
tablished and validated.
Implementation proceeds with the signa-
ture verification using the first success-
fully verified certificate path for authen-
tication and authorization.
ture verification using the first success-
fully verified certificate path for authen-
tication and authorization.
Only one certification path established
implementation proceeds with the signa-
Java ME Developer Guide
Chapter 8 - MIDP 2.0 Security Model
Chapter 8 - MIDP 2.0 Security Model
[61/201]
DRAFT - Subject to Change