你如何签署Java Midlet? [英] How do you sign a Java Midlet?

查看:191
本文介绍了你如何签署Java Midlet?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

答案相当复杂的简单问题:

A simple question with a fairly complicated answer:

如何签署Java Midlet以便将其加载到安全提示较少的手机上?

How do you sign a Java Midlet so you can load it onto a mobile phone with less security prompts?

推荐答案

获取所需软件



  1. Sun Java SDK(JDK) >(你应该已经有了这个)


  2. Java无线工具包(WTK)也来自 Sun


  3. 可选择获取并安装 Ant 天线,让您自动化你的构建(我强烈推荐这些)

  1. Java SDK (JDK) from Sun (you should already have this)
  2. Java Wireless Toolkit (WTK) also from Sun
  3. Optionally get and install Ant and Antenna to allow you to automate your build (I'd strongly recommend these)

导入现有证书(如果有的话)


  1. 如果您从Verisign(或其他提供商)购买了证书,则需要将证书导入J2SE密钥库。

  2. 尝试使用以下命令 keytool -import -alias {myalias} -file {mycertificate} (我自从无法测试我没有合适的证书)

  3. 运行 keytool -list 查看新证书

  4. 接下来您必须导出证书才能将其导入手机

  5. 运行 keytool -export -alias {myalias} -file mycertificate.crt

  6. 将证书导入手机(详见下文)

  1. If you've purchased a certificate from Verisign (or another provider) you need to import the certificate into your J2SE keystore.
  2. Try using the following command keytool -import -alias {myalias} -file {mycertificate} (I haven't been able to test this since I don't have a proper certificate)
  3. Run keytool -list to see your new certificate
  4. Next you must export the certificate so you can import it to your phone
  5. Run keytool -export -alias {myalias} -file mycertificate.crt
  6. Import the certificate into your phone (see below for details)

创建并导入新的(测试)证书


  1. 您需要使用 keytool (来自JDK)

  2. I使用以下命令 keytool -genkey -alias {myalias} -keyalg RSA -validity 365

  3. 这将提示您输入密钥库密码,输入您的密钥库密码(如果您有现有的密钥库)或您要使用的密码(如果还没有密码库)

  4. 填写有关位置/公司名称等的所有提示。

  5. 运行 keytool -list 查看新证书

  6. 接下来必须导出证书,以便您可以将其导入手机

  7. 运行 keytool -export -alias {myalias} -file mycertificate.crt

  8. 将证书导入手机(详见下文)

  1. You need to use keytool (from the JDK)
  2. I used the following command keytool -genkey -alias {myalias} -keyalg RSA -validity 365
  3. This will prompt you for a keystore password, enter your keystore password (if you have an existing keystore) or the one you want to use if you don't have one yet
  4. Fill in all the prompts about location/company name etc.
  5. Run keytool -list to see your new certificate
  6. Next you must export the certificate so you can import it to your phone
  7. Run keytool -export -alias {myalias} -file mycertificate.crt
  8. Import the certificate into your phone (see below for details)



C:\j2sdk1.4.2_08\bin>keytool -genkey -alias company -keyalg RSA -validity 365
Enter keystore password: password
What is your first and last name? [Unknown]: My Name
What is the name of your organizational unit? [Unknown]: company
What is the name of your organization? [Unknown]: company
What is the name of your City or Locality? [Unknown]: location
What is the name of your State or Province? [Unknown]: location2
What is the two-letter country code for this unit? [Unknown]: GB
Is CN=My Name, OU=company, O=company, L=location, ST=location2, C=GB correct? [no]: yes
Enter key password for (RETURN if same as keystore password):

构建并打包应用程序


  1. 使用 javac 构建您的MIDlet,特别关注您的classpath和bootclasspath选项(否则预验证将失败)。我还将目标设置为1.1并将源设置为1.3

  2. 生成JAD文件JAD中的关键属性是
    MIDlet-Jar-URL,MIDlet-Jar-Size,MIDlet-权限我们还包括MIDlet-Icon,MicroEdition-Configuration,MicroEdition-Profile,MIDlet-Name,MIDlet-Push-1,MIDlet-Icon,MIDlet-Description和MIDlet-Version

  3. 生成MANIFEST.MF文件基于您的JAD,您必须删除MIDlet-Jar-Size和 MIDlet-Jar-URL

  4. 这两项任务都可以使用wtkJad天线完成任务

  5. 使用wtkPackage Antenna任务打包和预验证应用程序必须正确设置classpath和bootclasspath属性,否则预验证将失败

  1. Use javac to build your MIDlet paying special attention to your classpath and bootclasspath options (otherwise preverification will fail). I also set target to 1.1 and source to 1.3
  2. Generate your JAD file the critical attributes in the JAD are MIDlet-Jar-URL, MIDlet-Jar-Size, MIDlet-Permissions we also included MIDlet-Icon, MicroEdition-Configuration, MicroEdition-Profile, MIDlet-Name, MIDlet-Push-1, MIDlet-Icon, MIDlet-Description and MIDlet-Version
  3. Generate the MANIFEST.MF file based on your JAD, you must remove MIDlet-Jar-Size and MIDlet-Jar-URL
  4. Both these tasks can be completed using the wtkJad Antenna task
  5. Package and preverify the app using the wtkPackage Antenna Task you must set the classpath and bootclasspath properties correctly otherwise Preverification will fail

签署申请


  1. 使用 jarsigner

  2. 运行 jarsigner -keystore {mykeystore} -storepass(mypassword} {myjar} {myalias}

  3. 现在你有一个签名的jar你需要更新JAD中的 MIDlet-Jar-Size

  4. 现在使用 JadTool.jar 来自WTK

  5. 运行 java -jar JadTool.jar -addcert -alias {myalias} -storepass {mypassword} -keystore {mykeystore} -inputjad {myinputjad } -outputjad {myoutputjad}

  6. 现在使用 JadTool.jar

  7. 运行 java -jar JadTool.jar -addjarsig -alias {myalias} -jarfile {myjar} -storepass {mypassword} -keypass {mypassword} -keystore {mykeystore} -inputjad {myinputjad} -outputjad {myoutputjad}

  1. Sign the Application using jarsigner
  2. Run jarsigner -keystore {mykeystore} -storepass (mypassword} {myjar} {myalias}
  3. Now you have a signed jar you need to update the MIDlet-Jar-Size in your JAD
  4. Now add the certificate to the JAD using JadTool.jar from the WTK
  5. Run java -jar JadTool.jar -addcert -alias {myalias} -storepass {mypassword} -keystore {mykeystore} -inputjad {myinputjad} -outputjad {myoutputjad}
  6. Now add the signature to the JAD again using JadTool.jar
  7. Run java -jar JadTool.jar -addjarsig -alias {myalias} -jarfile {myjar} -storepass {mypassword} -keypass {mypassword} -keystore {mykeystore} -inputjad {myinputjad} -outputjad {myoutputjad}

部署


  1. 将此部署到正确设置MIME类型的Web服务器并将其下载到您的手机,它将成为受信任的第三方应用程序

  2. 您还可以通过发送JAR& amp;通过蓝牙或红外或电缆JAD到手机,具体取决于您的手机功能。在诺基亚手机上,文件
    出现在您的短信收件箱中

在手机上安装证书


  1. 将证书导入手机,在Windows XP SP2中我可以通过右键单击文件并选择发送来执行
    到蓝牙设备,
    您应该能够通过有线或红外线(IR)发送文件。注意:I
    还没有找到在Series 40手机上导入证书

  2. 一旦安装了证书,它需要获得
    的授权应用程序安装。在我的手机(诺基亚6680)上,这是
    工具 - >设置 - >证书管理 - >信任设置,我打开了
    所有内容,但我认为应用程序安装就是您所需要的一切

常见问题


  1. 使用JAD未安装应用程序:只有使用JAD安装应用程序才会信任该应用程序,该应用程序仍将从jar安装,但不会受到信任。

  2. 未设置应用程序信任设置:安装应用程序后,您需要指定提供它的信任程度(默认情况下不会获得所有权限)。在诺基亚Series 60手机上,可以在App下找到这些手机。经理。

  3. 手机中缺少根证书:某些手机缺少Java认证证书和/或威瑞信证书,请在工具 - >设置 - >相关证书的证书管理下查看

  4. 授权失败: - 这里背后有很多可能的原因我遇到的是
  1. Application not installed using the JAD: The application is only trusted if it is installed using the JAD, the application will still install from the jar but it won't be trusted.
  2. Application trust settings not set: Once your application is installed you need to specify how much trust to give it (it doesn't get all permissions by default). On a Nokia Series 60 phone these are found under the App. Manager.
  3. Root certificate missing from phone: The Java Verified certificate and/or Verisign certificates are missing from some phones check under Tools->Settings->Certificate Management for the relevant certificate
  4. Authorization Failed: - There are a whole host of possible reasons behind this here are the ones I've come across

  1. 证书遗失电话,仔细检查您的证书已安装并且已在证书管理中标记为受信任的应用程序安装

  2. 重新启动:完全卸载应用程序然后重新启动手机尝试取出电池和SIM卡,通常情况会变得很糟糕,特别是如果你在没有卸载的情况下重新安装了很多东西

  3. JAD / JAR不匹配:仔细检查JAD中的应用程序大小,记住它是重要的字节数而不是磁盘上的大小

  4. 浏览器缓存:如果你是inst无线播放确保在安装前清除浏览器缓存

  5. 我听说过但未验证 MIDlet-Permissions 可能会导致问题,但在诺基亚6680/6630 / 6230i上似乎没问题(可能与固件有关吗?)

  6. MIDlet-Permissions 属性是导致很多问题的原因(特别是因为文档经常出错或丢失或根据手机的不同而不同),请先尝试将其删除,然后一次添加一个权限。有些手机会抱怨他们不支持的权限,有些会忽略他们

  1. Certificate missing from phone, double check your certificate is installed and has been marked as trusted for application installs in Certificate Management
  2. Reboot: Uninstall the application completely then reboot your phone try taking the battery and SIM out too, often things get themselves in a twist, especially if you've been re-installing a lot without uninstalling first
  3. JAD/JAR mismatch: Double check the application size in the JAD, remember it's the number of bytes that is important NOT the size on disk
  4. Browser cache: If you're installing over the air make sure you clear your browser cache before installing
  5. I've heard but not verified that line breaks in the MIDlet-Permissions can cause problems but it seems ok to me on Nokia 6680/6630/6230i (could be firmware dependent?)
  6. The MIDlet-Permissions attribute is the cause of a lot of problems (especially since the documentation is often wrong/missing or different depending on the phone), try leaving it out first and add permissions in one at a time. Some phones will complain about permissions they don't support, some will ignore them



  • 有些手机早期存在漏洞诺基亚6600固件停止安装受信任的MIDlet

  • 证书尚未生效:如果您自己生成证书,它可能具有明天的开始有效日期,如果您的PC和电话日期是不同的你可能在证书有效期之外

  • 在40系列手机上没有证书管理,你可以安装签名的应用程序,但自签名证书的行为很奇怪

  • JadTool问题:我没有遇到任何这些问题,但很多其他人都有

  • There is a bug in some early Nokia 6600 firmwares that stop the install of trusted MIDlets
  • Certificate not valid yet: If you generated the certificate yourself it may have a start validity date of tomorrow, also if your PC and phone dates are different you may be outside the period of validity of the certificate
  • No certificate management on Series 40 phones, you can install a signed application but behavior is strange with self signed certificates
  • JadTool problems: I haven't experienced any of these issues but lots of other people have


    1. 如果我尝试手动使用jadtool,我会遇到问题我有一个证书链,似乎无法使用任何WTK jadtool将第二个证书添加到JAD文件中。但有趣的是,我可以使用一个成功签署midlet ny相同的WTK GUI界面 - 他们正确添加第二个证书。我的步骤:
    1. "I have issues if I try to use the jadtool manually. I have a certificate chain and can't seem to get the second certificate added to the JAD file using any WTK jadtool. The interesting part however is that I can successfully sign the midlet using any of the same WTK GUI interfaces - they add the second certificate correctly. My steps:

    1. 使用1.4.2_06 jarsigner.exe签名jar

    2. 使用WTK(2.2或2.3 beta)jadtool加入addcert certnum 1

    3. 如果我将jadtool调用addcert和certnum 2,则插入相同的证书作为证书1-2我假设我做错了,因为WTK gui似乎正在工作罚款



  • 我在KVM新闻组上收到一篇关于该主题的帖子,其中说明了jadtool和作者声称已提交错误报告并发布补丁: http://archives.java.sun.com/cgi-bin/wa?A2=ind0508&L=kvm-interest&F=&S =& P = 9858 还发布了一个有趣的注释:证书JAD参数是静态的,所以一旦你从WTK正确地获取它们,你就可以将它们静态地放在ant脚本中。

  • 我正在尝试签署一个MIdle t适用于诺基亚6620设备。我使用的Verisign代码签名证书实际上包含两个证书(用户和中间CA)。我正在使用WTK 2.2签名工具。你知道这个工具在签名时是否支持两个证书吗?签名随两个证书一起添加到JAD文件中,但我在安装时遇到安全性错误。我已经检查了设备,并且为Verisign安装了不同的根证书,但它仍然失败!

  • 如果需要,可以下载sprintpcs开发人员套件,因为它支持双证书(< a href =http://developer.sprintpcs.com =noreferrer> http://developer.sprintpcs.com 。但是,我从未获得过诺基亚证书(6620 / cingular)手机,虽然它可以在短距离手机上运行(启用了开发者root)。最终,我只是通过创建本博客中描述的证书并在手机上安装证书来完成工作。奇怪的是,即使是根证书我的经典签名证书*在6620手机上是*,它仍然永远不会像你认为的那样安装我的MIDlet。

  • "I received a post on the KVM news group on the topic that states there is a bug in the jadtool and the author claims to have filed a bug report and posted a patch: http://archives.java.sun.com/cgi-bin/wa?A2=ind0508&L=kvm-interest&F=&S=&P=9858 One interesting note that was also posted was that the cert JAD params are static so once you get them from the WTK correctly you can put them statically in the ant script."
  • "I am trying to sign a MIdlet for Nokia 6620 device. I am using a Verisign Code Signing certificate that actually contains two certificates (User and Intermediate CA). I am using the WTK 2.2 signing tool. Do you know if this tool support two certificates when signing ? The signature is added to the JAD file with two certificates but I have been getting security error when installing. I have checked on the device and there are different root certificates installed for Verisign but it still fails !
  • "If you want, you can download the sprintpcs developer kit as it supports dual certs (http://developer.sprintpcs.com). However, I never got that cert to work on the Nokia (6620/cingular) phone, although it does work on sprint phones (with developer root enabled). Ultimately, I only got things to work by creating the cert as described in this blog and installing that on the phone. Bizarrely, even though the root cert for my versign-signed cert *was* on the 6620 phone, it still would never install my MIDlet as you would think it should."



  • 旧手机(6230 / i,6682)不支持x509证书,WPKI已被建议作为可能的解决方案,但我没有调查过这个

  • 套接字连接可以有问题( http://discussion.forum.nokia.com/forum/showthread.php?t=68306 )可能是由于WAP基础设施和运营商提供的服务。 HTTP是一个更安全的协议使用

  • 上线并检查应用程序有效性:是/否。如果我点击手机上的是按钮,我会收到以下错误:此应用程序的证书被撤销,安装失败。要纠正这个问题,请转到工具 - >经理 - >菜单 - >设置 - >在线证书检查[开/关/必需]还有一个默认地址设置。如果需要在线控制设置,则检查将失败,如果没有默认地址。请参阅 http://discussion.forum.nokia.com/forum/showthread。 php?t = 71071

  • Old phones (6230/i, 6682) don't support x509 certificates, WPKI has been suggested as a possible solution but I haven't investigated this
  • Socket connections can be problematic (http://discussion.forum.nokia.com/forum/showthread.php?t=68306 ) possibly due to the WAP infrastructure and the services provided by an operator. HTTP is a much safer protocol to use
  • "Go online and check application validity": Yes/No. If I click on yes button the phone I get the following error: "Certificate revoked for this application" and the installation fails. To rectify this go to Tools -> Manager -> Menu -> Settings -> Online Certif Check [ On / Off / Required] There is also a Default address setting. If the online control setting is required, the check will fail, if there is no default address. see http://discussion.forum.nokia.com/forum/showthread.php?t=71071

    • 信任域


    1. MIDP2中有4个不同的信任域(制造商,运营商,可信第三方和不受信任)。真实的第三方对我们来说是唯一有用的。它在我的诺基亚6680(沃达丰英国)上提供以下选项:


      2. 网络访问:不允许,每次询问,第一次询问
      消息:不允许,每次询问App
      自动启动:不允许,每次询问,第一次询问
      连接:不允许,每次询问,第一次询问,总是允许
      多媒体:不允许,每次询问,第一次询问
      读取用户数据:不允许,每次询问,第一次询问,始终允许
      编辑用户数据:不允许,每次询问,第一次询问,始终允许

    2. 这些设置由运营商和手机制造商定义,因此在手机,制造商和运营商之间有所不同。

    未解决的问题


    1. 我设法使用J2ME WTK实用程序使用此格式对JAD进行签名,但尝试将其安装在设备上时我收到一条消息应用程序身份验证失败909。

    示例JAD 

    MIDlet-Jar-URL: MyApp.jar
MIDlet-Jar-Size: 201365
MIDlet-Name: MyApp
MIDlet-Vendor: EC1M
MicroEdition-Profile: MIDP-2.0
MicroEdition-Configuration: CLDC-1.1
MIDlet-Icon: logo.png
MIDlet-Push-1: sms://:6553,net.ec1m.MyApp.midp.MyAppMIDlet,*
MIDlet-Description: MyApp MIDlet
MIDlet-Permissions: javax.microedition.io.PushRegistry,javax.microedition.io.Connector.sms...
MIDlet-Version: 1.0.67 MIDlet-1: MyApp, logo.png,net.ec1m.MyApp.midp.MyAppMIDlet
MIDlet-Certificate-1-1: MIICODCCAaECBEKqpfswDQYJKoZIhvcNAQEEBQAwYz...=
MIDlet-Jar-RSA-SHA1: EUsAch/.../hEZOsJsiCjBOhNs/3FSw4=

    示例清单 

    Manifest-Version: 1.0
MIDlet-Name: MyApp  
Created-By: 1.4.2_05-b04 (Sun Microsystems Inc.)
MIDlet-Push-1: sms://:6553,net.ec1m.MyApp.midp.MyAppMIDlet,*
MIDlet-1: MyApp, logo.png, net.ec1m.MyApp.midp.MyAppMIDlet
MicroEdition-Configuration: CLDC-1.1
Ant-Version: Apache Ant 1.6.2
MIDlet-Icon: logo.png
MIDlet-Vendor: EC1M
MIDlet-Permissions: javax.microedition...
MIDlet-Version: 1.0.67
MicroEdition-Profile: MIDP-2.0
MIDlet-Description: MyApp MIDlet

    示例Ant构建文件
    我已经放置了 EC1M <我们的网站上有一个href =http://www.ec1m.net/downloads.htm =noreferrer> ant build file (希望)让这一切变得更加轻松。
    其他资源
    诺基亚论坛的常见问题解答值得一读。

    Sample Ant Build File I've put our EC1M ant build file up on our website to (hopefully) make all this a little easier for you. Other Resources This FAQ on the Nokia Forum is worth a read.

    这篇关于你如何签署Java Midlet?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

    查看全文
    相关文章
    Java开发最新文章
    热门教程
    热门工具
    登录 关闭
    扫码关注1秒登录
    发送“验证码”获取 | 15天全站免登陆