Using the NetBeans Keystore for Signing MIDlets

hundredhonkΛογισμικό & κατασκευή λογ/κού

15 Αυγ 2012 (πριν από 4 χρόνια και 8 μήνες)

1.172 εμφανίσεις

1
of
6

Using the NetBeans Keystore for Signing MIDlets
Version
: 1.3
Date
: August 3, 2010
Author
: Matt Brenner
Create a keystore outside NetBeans
1.
Create a directory:
mkdir
c:\signing
2.
Generate keystore and Private Key
keytool -genkey -keyalg RSA -alias unme2 -keystore mykeystore.ks
password:
first and last name:
organizational unit:
organization name:
City:
State:
Country:
Verify:
Enter key password:
3.
Verify Keyentry:
keytool -list -Keystore mykeystore.ks
4.
Generate Certificate Signing Request (CSR) from Keyentry
keytool -certreq -Keystore mykeystore.ks -alias unme2 -file unme2.csr
(provide password)
5.
Go to Thawte's site and buy a “code signing” certificate. You will need the contents of the

unme2.csr file.
6.
Download the certificate:
When the certificate is issued, Thawte will send an e-mail with a url.
Go to the url and log in (account name:
mbrenner@unme2.com
, password: Pa..x....) and

“fetch” the certificate. A screen will appear with the certificate (100+ lines of ASCII text.

Copy the certificate from the screen and paste it into a new file:
c:\signing\unme2.crt
2
of
6

7.
Import the new certificate into the your Keystore:
keytool -import -trustcacerts -file unme2.crt -alias unme2 -keystore mykeystore.ks
Import New Keystore into NetBeans
8.
Start NetBeans:
]Bongo (Project)[ → [Properties] → [Signing] → [Sign Distribution] →
[Open Keystores Manager] → [Add Keystore] → [Add Existing Keystore] →
[Browse]
navigate to:
c:\active\signing\mykeystore.ks
[mykeystore.ks]

[Open] → [OK]
[mykeystore.ks] → [Unlock Keystore] → <enter password> → [OK]
“Keys” field will show:
unme2
[unme2] → [Unlock] → <password> → [OK] → [Show Details] → [Close]
Check:
Sign Distribution
Set:
Keystore:
mykeystore.ks
Alias:
unme2
[Export Key into Java ME SDK/Platform/Emulator] → ???
(I haven't gotten this to work. I get an error: “Error while loading keys”
9.
Done!
3
of
6

Signing a MIDlet
There are only a few steps required to
effectively
sign a midlet. Some are performed in NetBeans, and

some on the phone after the MIDlet has been installed.
Why Sign?
Why bother signing a MIDlet at all?
Well, Nokia and many other distributors of MIDlets will not distribute unsigned MIDets. Signing a

MIDlet serves three purposes:
1.
It certifies the identity of the MIDlet manufacturer
2.
It certifies that the MIDlet has not been tampered with after it was signed
3.
It allows the MIDlet to request access to Java APIs and then use those APIs easily (for the user)
Point 3 merits additional explanation. MIDlets that make web connections, access persistent storage on

the phone, communicate using Bluetooth could create mischief on a phone. Therefore, when an

unsigned MIDlet tries to do any of those (among other) things the phone interrupts the program and

asks the user to grant permission for the access the program desires. This can be a minor nuisance (e.g.

a single “Allow Bluetooth connection” message), or such a bother that the program is not useful (e.g.

trying to search the entire file system will produce one “Allow Data Access” message for every

directory and file it tries to access).
If a MIDlet is signed, after it gets installed on the phone the user can use the phone's Application

Manager to grant rights to the MIDlet such that the program will not be interrupted with permission

requests.
How to Sign a MIDlet Using NetBeans
You must first obtain a
code signing certificate
and import your certificate and key into the NetBeans

keystore as described in the first part of this document. This example uses the specific information for

Bongo.
Set Application Descriptor
Set Bongo's attributes. Start NetBeans:
]Bongo[ → [Properties] → [application Descriptor] → [Attributes]
Set these attributes,
MIDlet-Name
Bongo
MIDlet-Vendor
UnME2, Inc.
4
of
6

MIDlet-Version
2.10.1
MIDlet-Description
Multi-player Game
MIDlet-Icon
bongo.png
MIDlet-Info-URL
www.unme2.com
and these,
]Bongo[ → [Properties] → [application Descriptor] → [MIDlets]
Name
Bongo
Class
Bongo
Icon
bongo.png
Set desired permissions:
]Bongo[ → [Properties] → [application Descriptor] → [API Permissions]
javax.microedition.io.Connector.bluetooth.client
javax.microedition.io.Connector.bluetooth.server
javax.microedition.io.Connector.file.read
javax.microedition.io.Connector.file.write
Configure NetBeans to Sign Bongo
Specify the digital signature with which to sign:
]Bongo[ → [Properties] → [Signing] → [Open Keystores Manager] →
[mykeystore.ks] → [Show Details] → [Close]
[Sign Distribution] and set,
Keystore:
mykeystore.ks
the “Alias” will be set:
Alias:
unme2
[OK]
Now, when NetBeans builds Bongo it signs Bongo too.
5
of
6

Configuring S40 and S60 Phones for Signed MIDlets
After a signed MIDlet is downloaded onto a phone the phone's Application Manager (AM) can be

configured to optimize the user experience.
Using Bongo as an example:
Bongo acts sometimes as a Bluetooth client and sometimes as a Bluetooth server. Bongo also stores a

file on the phone's file system. These permissions are required for Bongo to use Bluetooth and the file

system:
javax.microedition.io.Connector.bluetooth.client
javax.microedition.io.Connector.bluetooth.server
javax.microedition.io.Connector.file.read
javax.microedition.io.Connector.file.write
All of these permissions were specified in the signing process. I don't want the AM to ask me for

permission to use Bluetooth or to access the file system.
For S60 Phone
Set Bluetooth. From Menu,
[Tools] → [App. manager] → [Bongo] → [Open] → [Connectivity]
Choose from:
Not allowed
Ask first time
Always allowed
I chose “Always allowed.”
[OK]
Set file system access:
[Tools] → [App. manager] → [Bongo] → [Open] → [Read User Data]
Choose from:
Not allowed
Ask ever time
Ask first time
Always allowed
6
of
6

I chose “Always allowed.”
[OK]
[Edit user data]
Choose from:
Not allowed
Ask ever time
Ask first time
Always allowed
I chose “Always allowed.”
[OK]
For S40 Phones
Select “Applications” and find Bongo. For Bluetooth:
[Options] → [Application Access] → [Communication] → [Connectivity]
Choose from:
Ask every time
Ask first time only
Always allowed
Not allowed
I chose “Always allowed.”
[Yes]
For file system access (read and write):
[Application Access] → [Data access] → [Read user data] → [Always allowed] → [Yes]
[Application Access] → [Data access] → [Add and edit data] → [Always allowed] → [Yes]