你如何签署Java Midlet? [英] How do you sign a Java Midlet?
本文介绍了你如何签署Java Midlet?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
答案相当复杂的简单问题:
A simple question with a fairly complicated answer:
如何签署Java Midlet以便将其加载到安全提示较少的手机上?
How do you sign a Java Midlet so you can load it onto a mobile phone with less security prompts?
推荐答案
获取所需软件
-
Sun Java SDK(JDK) >(你应该已经有了这个) -
Java无线工具包(WTK)也来自 Sun -
可选择获取并安装 Ant 和天线,让您自动化你的构建(我强烈推荐这些)
- Java SDK (JDK) from Sun (you should already have this)
- Java Wireless Toolkit (WTK) also from Sun
- Optionally get and install Ant and Antenna to allow you to automate your build (I'd strongly recommend these)
导入现有证书(如果有的话)
- 如果您从Verisign(或其他提供商)购买了证书,则需要将证书导入J2SE密钥库。
- 尝试使用以下命令
keytool -import -alias {myalias} -file {mycertificate}
(我自从无法测试我没有合适的证书) - 运行
keytool -list
查看新证书 - 接下来您必须导出证书才能将其导入手机
- 运行
keytool -export -alias {myalias} -file mycertificate.crt
- 将证书导入手机(详见下文)
- If you've purchased a certificate from Verisign (or another provider) you need to import the certificate into your J2SE keystore.
- Try using the following command
keytool -import -alias {myalias} -file {mycertificate}
(I haven't been able to test this since I don't have a proper certificate) - Run
keytool -list
to see your new certificate - Next you must export the certificate so you can import it to your phone
- Run
keytool -export -alias {myalias} -file mycertificate.crt
- Import the certificate into your phone (see below for details)
创建并导入新的(测试)证书
- 您需要使用 keytool (来自JDK)
- I使用以下命令
keytool -genkey -alias {myalias} -keyalg RSA -validity 365
- 这将提示您输入密钥库密码,输入您的密钥库密码(如果您有现有的密钥库)或您要使用的密码(如果还没有密码库)
- 填写有关位置/公司名称等的所有提示。
- 运行
keytool -list
查看新证书 - 接下来必须导出证书,以便您可以将其导入手机
- 运行
keytool -export -alias {myalias} -file mycertificate.crt
- 将证书导入手机(详见下文)
- You need to use keytool (from the JDK)
- I used the following command
keytool -genkey -alias {myalias} -keyalg RSA -validity 365
- This will prompt you for a keystore password, enter your keystore password (if you have an existing keystore) or the one you want to use if you don't have one yet
- Fill in all the prompts about location/company name etc.
- Run
keytool -list
to see your new certificate - Next you must export the certificate so you can import it to your phone
- Run
keytool -export -alias {myalias} -file mycertificate.crt
- Import the certificate into your phone (see below for details)
C:\j2sdk1.4.2_08\bin>keytool -genkey -alias company -keyalg RSA -validity 365
Enter keystore password: password
What is your first and last name? [Unknown]: My Name
What is the name of your organizational unit? [Unknown]: company
What is the name of your organization? [Unknown]: company
What is the name of your City or Locality? [Unknown]: location
What is the name of your State or Province? [Unknown]: location2
What is the two-letter country code for this unit? [Unknown]: GB
Is CN=My Name, OU=company, O=company, L=location, ST=location2, C=GB correct? [no]: yes
Enter key password for (RETURN if same as keystore password):
构建并打包应用程序
- 使用
javac
构建您的MIDlet,特别关注您的classpath和bootclasspath选项(否则预验证将失败)。我还将目标设置为1.1并将源设置为1.3 - 生成JAD文件JAD中的关键属性是
MIDlet-Jar-URL,MIDlet-Jar-Size,MIDlet-权限我们还包括MIDlet-Icon,MicroEdition-Configuration,MicroEdition-Profile,MIDlet-Name,MIDlet-Push-1,MIDlet-Icon,MIDlet-Description和MIDlet-Version - 生成MANIFEST.MF文件基于您的JAD,您必须删除MIDlet-Jar-Size和
MIDlet-Jar-URL
- 这两项任务都可以使用wtkJad天线完成任务
- 使用wtkPackage Antenna任务打包和预验证应用程序必须正确设置classpath和bootclasspath属性,否则预验证将失败
- Use
javac
to build your MIDlet paying special attention to your classpath and bootclasspath options (otherwise preverification will fail). I also set target to 1.1 and source to 1.3 - Generate your JAD file the critical attributes in the JAD are MIDlet-Jar-URL, MIDlet-Jar-Size, MIDlet-Permissions we also included MIDlet-Icon, MicroEdition-Configuration, MicroEdition-Profile, MIDlet-Name, MIDlet-Push-1, MIDlet-Icon, MIDlet-Description and MIDlet-Version
- Generate the MANIFEST.MF file based on your JAD, you must remove MIDlet-Jar-Size and
MIDlet-Jar-URL
- Both these tasks can be completed using the wtkJad Antenna task
- Package and preverify the app using the wtkPackage Antenna Task you must set the classpath and bootclasspath properties correctly otherwise Preverification will fail
签署申请
- 使用
jarsigner
- 运行
jarsigner -keystore {mykeystore} -storepass(mypassword} {myjar} {myalias}
- 现在你有一个签名的jar你需要更新JAD中的
MIDlet-Jar-Size
- 现在使用
JadTool.jar
来自WTK - 运行
java -jar JadTool.jar -addcert -alias {myalias} -storepass {mypassword} -keystore {mykeystore} -inputjad {myinputjad } -outputjad {myoutputjad}
- 现在使用
JadTool.jar
- 运行
java -jar JadTool.jar -addjarsig -alias {myalias} -jarfile {myjar} -storepass {mypassword} -keypass {mypassword} -keystore {mykeystore} -inputjad {myinputjad} -outputjad {myoutputjad}
- Sign the Application using
jarsigner
- Run
jarsigner -keystore {mykeystore} -storepass (mypassword} {myjar} {myalias}
- Now you have a signed jar you need to update the
MIDlet-Jar-Size
in your JAD - Now add the certificate to the JAD using
JadTool.jar
from the WTK - Run
java -jar JadTool.jar -addcert -alias {myalias} -storepass {mypassword} -keystore {mykeystore} -inputjad {myinputjad} -outputjad {myoutputjad}
- Now add the signature to the JAD again using
JadTool.jar
- Run
java -jar JadTool.jar -addjarsig -alias {myalias} -jarfile {myjar} -storepass {mypassword} -keypass {mypassword} -keystore {mykeystore} -inputjad {myinputjad} -outputjad {myoutputjad}
部署
- 将此部署到正确设置MIME类型的Web服务器并将其下载到您的手机,它将成为受信任的第三方应用程序
- 您还可以通过发送JAR& amp;通过蓝牙或红外或电缆JAD到手机,具体取决于您的手机功能。在诺基亚手机上,文件
出现在您的短信收件箱中
在手机上安装证书
- 将证书导入手机,在Windows XP SP2中我可以通过右键单击文件并选择发送来执行
到蓝牙设备,
您应该能够通过有线或红外线(IR)发送文件。注意:I
还没有找到在Series 40手机上导入证书 - 一旦安装了证书,它需要获得
的授权应用程序安装。在我的手机(诺基亚6680)上,这是
工具 - >设置 - >证书管理 - >信任设置,我打开了
所有内容,但我认为应用程序安装就是您所需要的一切
常见问题
- 使用JAD未安装应用程序:只有使用JAD安装应用程序才会信任该应用程序,该应用程序仍将从jar安装,但不会受到信任。
- 未设置应用程序信任设置:安装应用程序后,您需要指定提供它的信任程度(默认情况下不会获得所有权限)。在诺基亚Series 60手机上,可以在App下找到这些手机。经理。
- 手机中缺少根证书:某些手机缺少Java认证证书和/或威瑞信证书,请在工具 - >设置 - >相关证书的证书管理下查看
- 授权失败: - 这里背后有很多可能的原因我遇到的是
- Application not installed using the JAD: The application is only trusted if it is installed using the JAD, the application will still install from the jar but it won't be trusted.
- Application trust settings not set: Once your application is installed you need to specify how much trust to give it (it doesn't get all permissions by default). On a Nokia Series 60 phone these are found under the App. Manager.
- Root certificate missing from phone: The Java Verified certificate and/or Verisign certificates are missing from some phones check under Tools->Settings->Certificate Management for the relevant certificate
- Authorization Failed: - There are a whole host of possible reasons behind this here are the ones I've come across
- 证书遗失电话,仔细检查您的证书已安装并且已在证书管理中标记为受信任的应用程序安装
- 重新启动:完全卸载应用程序然后重新启动手机尝试取出电池和SIM卡,通常情况会变得很糟糕,特别是如果你在没有卸载的情况下重新安装了很多东西
- JAD / JAR不匹配:仔细检查JAD中的应用程序大小,记住它是重要的字节数而不是磁盘上的大小
- 浏览器缓存:如果你是inst无线播放确保在安装前清除浏览器缓存
- 我听说过但未验证
MIDlet-Permissions $ c $中的换行符c>可能会导致问题,但在诺基亚6680/6630 / 6230i上似乎没问题(可能与固件有关吗?)
-
MIDlet-Permissions
属性是导致很多问题的原因(特别是因为文档经常出错或丢失或根据手机的不同而不同),请先尝试将其删除,然后一次添加一个权限。有些手机会抱怨他们不支持的权限,有些会忽略他们
- Certificate missing from phone, double check your certificate is installed and has been marked as trusted for application installs in Certificate Management
- Reboot: Uninstall the application completely then reboot your phone try taking the battery and SIM out too, often things get themselves in a twist, especially if you've been re-installing a lot without uninstalling first
- JAD/JAR mismatch: Double check the application size in the JAD, remember it's the number of bytes that is important NOT the size on disk
- Browser cache: If you're installing over the air make sure you clear your browser cache before installing
- I've heard but not verified that line breaks in the
MIDlet-Permissions
can cause problems but it seems ok to me on Nokia 6680/6630/6230i (could be firmware dependent?) - The
MIDlet-Permissions
attribute is the cause of a lot of problems (especially since the documentation is often wrong/missing or different depending on the phone), try leaving it out first and add permissions in one at a time. Some phones will complain about permissions they don't support, some will ignore them
- 如果我尝试手动使用jadtool,我会遇到问题我有一个证书链,似乎无法使用任何WTK jadtool将第二个证书添加到JAD文件中。但有趣的是,我可以使用一个成功签署midlet ny相同的WTK GUI界面 - 他们正确添加第二个证书。我的步骤:
- "I have issues if I try to use the jadtool manually. I have a certificate chain and can't seem to get the second certificate added to the JAD file using any WTK jadtool. The interesting part however is that I can successfully sign the midlet using any of the same WTK GUI interfaces - they add the second certificate correctly. My steps:
- 使用1.4.2_06 jarsigner.exe签名jar
- 使用WTK(2.2或2.3 beta)jadtool加入addcert certnum 1
- 如果我将jadtool调用addcert和certnum 2,则插入相同的证书作为证书1-2我假设我做错了,因为WTK gui似乎正在工作罚款
信任域
- MIDP2中有4个不同的信任域(制造商,运营商,可信第三方和不受信任)。真实的第三方对我们来说是唯一有用的。它在我的诺基亚6680(沃达丰英国)上提供以下选项:
- 这些设置由运营商和手机制造商定义,因此在手机,制造商和运营商之间有所不同。
网络访问:不允许,每次询问,第一次询问
消息:不允许,每次询问App
自动启动:不允许,每次询问,第一次询问
连接:不允许,每次询问,第一次询问,总是允许
多媒体:不允许,每次询问,第一次询问
读取用户数据:不允许,每次询问,第一次询问,始终允许
编辑用户数据:不允许,每次询问,第一次询问,始终允许
未解决的问题
- 我设法使用J2ME WTK实用程序使用此格式对JAD进行签名,但尝试将其安装在设备上时我收到一条消息应用程序身份验证失败909。
示例JAD
MIDlet-Jar-URL: MyApp.jar
MIDlet-Jar-Size: 201365
MIDlet-Name: MyApp
MIDlet-Vendor: EC1M
MicroEdition-Profile: MIDP-2.0
MicroEdition-Configuration: CLDC-1.1
MIDlet-Icon: logo.png
MIDlet-Push-1: sms://:6553,net.ec1m.MyApp.midp.MyAppMIDlet,*
MIDlet-Description: MyApp MIDlet
MIDlet-Permissions: javax.microedition.io.PushRegistry,javax.microedition.io.Connector.sms...
MIDlet-Version: 1.0.67 MIDlet-1: MyApp, logo.png,net.ec1m.MyApp.midp.MyAppMIDlet
MIDlet-Certificate-1-1: MIICODCCAaECBEKqpfswDQYJKoZIhvcNAQEEBQAwYz...=
MIDlet-Jar-RSA-SHA1: EUsAch/.../hEZOsJsiCjBOhNs/3FSw4=
示例清单
Manifest-Version: 1.0
MIDlet-Name: MyApp
Created-By: 1.4.2_05-b04 (Sun Microsystems Inc.)
MIDlet-Push-1: sms://:6553,net.ec1m.MyApp.midp.MyAppMIDlet,*
MIDlet-1: MyApp, logo.png, net.ec1m.MyApp.midp.MyAppMIDlet
MicroEdition-Configuration: CLDC-1.1
Ant-Version: Apache Ant 1.6.2
MIDlet-Icon: logo.png
MIDlet-Vendor: EC1M
MIDlet-Permissions: javax.microedition...
MIDlet-Version: 1.0.67
MicroEdition-Profile: MIDP-2.0
MIDlet-Description: MyApp MIDlet
示例Ant构建文件
我已经放置了 EC1M <我们的网站上有一个href =http://www.ec1m.net/downloads.htm =noreferrer> ant build file (希望)让这一切变得更加轻松。
其他资源
这诺基亚论坛的常见问题解答值得一读。
Sample Ant Build File I've put our EC1M ant build file up on our website to (hopefully) make all this a little easier for you. Other Resources This FAQ on the Nokia Forum is worth a read.
这篇关于你如何签署Java Midlet?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文