JAVA 認證心得 -- SCMAD (3)
Security (both CLDC and MIDP)
##CONTINUE##
- The following APIs are accessible to untrusted MIDlets, without explicit user confirmation.
- The following APIs are accessible to untrusted MIDlets, with explicit user confirmation.
- User permission can have one of three values.
Ø “oneshot” means the permission has to be defined by user for every invocation of the API.
Ø “blanket” means once the permission is defined by user, it remains that way for the life of the MIDlet application (from install to uninstall) till explicitly changed.
Ø “session” means once the permission is defined by user, it remains that way for that run of the application (from start of MIDlet suite to stop).
- Attributes defined within the manifest of the JAR are protected by the signature whereas attributes defined within the application descriptor are not secured.
- The MIDlet.getAppProperty method returns the attribute value from the manifest if it is present. If not, the value from the application descriptor (if any) is returned
- When an attribute appears in the manifest, it should not be overridden by a different value from the application descriptor. For trusted MIDlet suites, the value in the application descriptor must be equal to the value of the corresponding attribute in the manifest. Otherwise, the MIDlet suite would not be installed.
- 1. Creating the signing certificate
2. Insert Certificates into the application descriptor
3. Creating the RSA-SHA-1 signature of the JAR
4. Verify Signer Certificate
5. Verify the MIDlet Suite JAR
- The Base64 algorithm is used for encoding the signature of the JAR during a MIDlet Suite signing process.
- Insert Certificates into the application descriptor
Ø The certificate path includes the signer certificate and any necessary certificates but omitting the root certificate. The root certificate will be found on the device.
Ø Each certificate in the path is encoded (using base64 but without line breaks) and inserted into the application descriptor as:
MIDlet-Certificate-
- : := a number equal to 1 for first certification path in the descriptor or 1 greater than the previous number for additional certification paths. This defines the sequence in which the certificates are tested to see if the corresponding root certificate is on the device. := a number equal to 1 for the signer’s certificate in a certification path or 1 greater than the previous number for any subsequent intermediate certificates. - Creating the RSA-SHA-1 signature of the JAR
Ø The signature of the JAR is created with the signers private key according to the EMSA-PKCS1-v1_5 encoding method of PKCS #1 version 2.0 standard[RFC2437].
Ø The signature is base64 encoded, formatted as a single MIDlet-Jar-RSA-SHA1 attribute without line breaks and inserted in the application descriptor.
MIDlet-Jar-RSA-SHA1:
- If the MIDlet-Jar-RSA-SHA1 attribute is present in the application descriptor the JAR will be authenticated by verifying the signer certificates and JAR signature. If not, then treat as untrusted MIDlet suites.
- Only trusted MIDlet suites can request permissions explicitly in the Jar manifest or application descriptor
- An untrusted MIDlet suite is a MIDlet suite whose origin or JAR file integrity cannot be verified.
- Trusted MIDlet suite installation
- If any of the requested permissions are not present in the Protection Domain(Allowed or User) permission sets and the requested permission was marked as critical then the MIDlet suite does not have sufficient authorization and it will not be installed or invoked.
- Permissions are the means to protect access to APIs or functions, which require explicit authorization before being invoked.
- Protection Domain defines the permissions that may be granted to a MIDlet suite in that domain.
- A protection domain defines a set of permissions and related interaction modes. A protection domain consist of
Ø A set of permissions that should be allowed(Allowed)
Ø A set of permissions that user may authorize(User); each with its user interaction mode
No comments:
Post a Comment