Motorola E680 Technical Manual - Page 98

Verifying the Signer Certificate, Verifying the MIDlet Suite JAR

Get Motorola E680 - Smartphone - GSM PDF manuals and user guides View all Motorola E680 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 98 highlights

Verifying the Signer Certificate The signer certificate will be found in the application descriptor of the MIDlet suite. The process for verifying a Signer Certificate is outlined in the steps below: 1. Get the certification path for the signer certificate from the JAD attributes MIDletCertificate-1, where starts a 1 and is incremented by 1 until there is no attribute with this name. The value of each attribute is abase64 encoded certificate that will need to be decoded and parsed. 2. Validate the certification path using the basic validation process as described in RFC2459 using the protection domains as the source of the protection domain root certificates. 3. Bind the MIDlet suite to the corresponding protection domain that contains the protection domain root certificate that validated the first chain from signer to root. 4. Begin installation of MIDlet suite. 5. If attribute MIDlet-Certificate-- with being greater than 1 are present and full certification path could not be established after verifying MIDletCertificate-- certificates, then repeat step 1 through 3 for the value greater by 1 than the previous value. The following table describes actions performed upon completion of signer certificate verification: Result Action Attempted to validate paths. No public keys of the Authentication fails, JAR installation is not issuer for the certificate can be found, or none of the allowed. certificate paths can be validated. More than one full certification path is established and validated. Implementation proceeds with the signature verification using the first successfully verified certificate path for authentication and authorization. Only one certification path established and validated. Implementation proceeds with the signature verification. Verifying the MIDlet Suite JAR The following are the steps taken to verify the MIDlet suite JAR: 1. Get the public key from the verified signer certificate. 2. Get the MIDlet-JAR-RSA-SHA1 attribute from the JAD. 3. Decode the attribute value from base64 yielding a PKCS #1 signature, and refer to RFC 2437 for more detail. 98

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
98
Verifying the Signer Certificate
The signer certificate will be found in the application descriptor of the MIDlet suite. The
process for verifying a Signer Certificate is outlined in the steps below:
1.
Get the certification path for the signer certificate from the JAD attributes MIDlet-
Certificate-1<m>, where <m> starts a 1 and is incremented by 1 until there is no
attribute with this name. The value of each attribute is abase64 encoded
certificate that will need to be decoded and parsed.
2.
Validate the certification path using the basic validation process as described in
RFC2459 using the protection domains as the source of the protection domain
root certificates.
3.
Bind the MIDlet suite to the corresponding protection domain that contains the
protection domain root certificate that validated the first chain from signer to root.
4.
Begin installation of MIDlet suite.
5.
If attribute MIDlet-Certificate-<n>-<m> with <n> being greater than 1 are present
and full certification path could not be established after verifying MIDlet-
Certificate-<1>-<m> certificates, then repeat step 1 through 3 for the value <n>
greater by 1 than the previous value.
The following table describes actions performed upon completion of signer certificate
verification:
Result
Action
Attempted to validate <n> paths. No public keys of the
issuer for the certificate can be found, or none of the
certificate paths can be validated.
Authentication fails, JAR installation is not
allowed.
More than one full certification path is established and
validated.
Implementation proceeds with the signature
verification using the first successfully verified
certificate path for authentication and
authorization.
Only one certification path established and validated.
Implementation proceeds with the signature
verification.
Verifying the MIDlet Suite JAR
The following are the steps taken to verify the MIDlet suite JAR:
1.
Get the public key from the verified signer certificate.
2.
Get the MIDlet-JAR-RSA-SHA1 attribute from the JAD.
3.
Decode the attribute value from base64 yielding a PKCS #1 signature, and refer
to RFC 2437 for more detail.