×

Discussion Board

Page 1 of 2 12 LastLast
Results 1 to 15 of 23
  1. #1
    Registered User
    Join Date
    Jan 2006
    Posts
    27

    JSR-75 MIDP permissions + signing on N95 not playing nicely?

    Hi All

    I'm trying to write a fairly simple MIDP 2.0 app to run on my N95. I want it to listen for JSR-179 location events, then write some information about the locations to a file on the phone.

    In the emulator, I have everything working fine. My app starts up, requests location permissions, requests read permissions, then requests write permissions, and off it goes. Everything behaves as I'd expect.

    For the phone, I've used the sun WTK 2.5.1 to build the jar. In the project settings, I've ensured that the location, local read and local write are all set to required, and ensured that those correct permissions end up in the jad.

    When I send over an un-signed jad + jar and install, it gives a security warning about untrused application, then installs fine. I run the midlet, it requests location, requests read, then throws a security exception. It never requests write permissions. I tried using a couple of different directories, but that didn't help. (On that subject, does anyone know where is the page that tells you where an un-signed jar can write to using JSR-75 on a s60 3rd ed phone? I can't find that info anywhere)

    Next up, I generated a key+certificate pair. I send the certificate over to the phone, and installed it (picking both Internet and Online Cert Checking, which were the only two options). I then used this cert to sign my jar, un-installed the old jar, then sent over the jar+jad. When I installed it, it got 80% of the way through, then gave the un-helpful error "Certificate Error. Contact the Application Supplier".

    Then, I imported my symbian signed developer certificate into the WTK keystore. With that, I signed the jar, and sent that+jar over to the phone. Again, it got 80% of the way through the install, and gave the same error. It also doesn't seem to matter if I install the jar, or the jad (with the jar in the same place), I get the same error.


    The phone I'm using is N95, without any network branding or locking. It's on the latested v11 firmware, if that happens to make a difference.

    Can anyone tell me how I can get my app to be able to write to somewhere on the phone via the JSR-75 calls, either un-signed, or with a certificate I generate myself? (I don't have a verisign code certificate, and as I'm not inclined to buy one just to run my own code on my own phone...)

    Thanks
    Nick

  2. #2
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    First of all it is not possible to use a self-installed (root authority) certificate for Java MIDlet (code) signing. Second, I have no experience with your device and API used, so you might have found a bug. Anyway to verify this, we have to go through some questions which you might have checked already:
    – Is this phone from an operator and which one (name + country)?
    – Have you checked the permissions for your MIDlet?
    Nokia > Menu > Tools > Application manager > Your MIDlet (blue; at the lower end) > Suite settings or Open > Edit user data > Ask every time (should be default and no better option should be available).
    Last edited by traud; 2007-06-19 at 13:42.

  3. #3
    Registered User
    Join Date
    Jan 2006
    Posts
    27

    Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    After more testing, I discovered I was able to write to bits of the E: disk. If I tried to write to the same point on the C: disk, it just throws a security exception without asking me for permission, which sucks. I still can't find any documentation from Nokia which lists where I can and can't write to from a midlet using JSR-75.

    (For anyone else trying, E:\Data is OK, C:\Data will break if you either try to write to it, or even check if a directory under it exists or not!)

    The phone was bought (at vast expense...) direct from a Nokia reseller, without any networks getting involved, so it runs the official Nokia firmware. It seems crazy that I can't install a new java app signing CA on the phone, given that it hasn't been nobbled by any networks (which seems to be the usual issue with these things). I can install new app CAs on my 6630, so I might try opening a support request with Nokia and see where I get to.

    Nick

  4. #4
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    This code-signing issue is a MIDP JSR decision (it is stated in the spec) and has nothing to do with Nokia. Nokia had a bug in S60 2nd Edition which got fixed. Personally, I think they should have kept that bug. Anyway, when you want to see a change in that regard you should comment to the JSR team…

  5. #5
    Registered User
    Join Date
    Jan 2006
    Posts
    27

    Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    That's bad. I'm emailing them now.

    For anyone else interested in lodging a complaint with the working group on MIDP 3.0 (JSR-271), download their early release draft, and scroll down to page 69. There you will find the following gem:

    Any Authority Certificates obtained after device manufacture MUST NOT be used for authentication of MIDlet suites. This does NOT prevent obtaining Identified Third Party Authority Certificates from the specified location in the SIM, USIM or WIM.

    You'll want to tell them that this isn't on, and that the user should be able to add new CAs to their device, and have them used for authenticating midlets.

    (There's also the same thing on page 498 of maintenace release 2.1 of JSR 118, which covers MIDP 2.1. You can have words with the MIDP 2.1 team too if you want)

    Nick
    Last edited by gagravarr; 2007-05-15 at 10:52.

  6. #6
    Regular Contributor
    Join Date
    Mar 2003
    Location
    Norway
    Posts
    63

    Thumbs down Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    Try changing permissions to non-optional in the Jad
    Last edited by skjolber; 2007-05-30 at 14:06.

  7. #7
    Registered User
    Join Date
    Jun 2007
    Posts
    4

    Question Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    Hello, gagravarr.

    Could you tell me if you have found a solution to the "Certificate Error. Contact the Application Supplier" error? I'm having the same problem with j2me midlet signing, and my application needs to be signed to avoid continuous confirmations (gprs, bluetooth, sms, files...).

    I've been looking for a solution but I haven't found anything, except for advice like "don't sign the midlet, it will work"...

    Thank you very much,

    Enrique

  8. #8
    Nokia Developer Expert
    Join Date
    Jun 2005
    Posts
    923

    Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    What certificate are you signing your midlet with?

    Daniel

  9. #9
    Registered User
    Join Date
    Jun 2007
    Posts
    4

    Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    I've created a certificate using keytool. That certificate only works for development, but I'm not going to buy a certificate until the application works.

    I have used this self certificate to sign my application in another mobile phones, like nokia N70 and N90, and it works perfectly, but the nokia N95 gives me the problem I've said.

    Enrique

  10. #10
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    quique_fs, there is no solution to your problem as this ‘bug’ of Nokia S60 2nd Edition (Nokia N70, Nokia N90) was fixed with 3rd Edition (Nokia N95) devices. You have to go for a known root authority like VeriSign or thawte.

    As you can sign unlimited of MIDlets with such a certificate, you can go for it already or you stick with the emulator where you can adjust the security domain, permissions and (might) even use your current certificate (depends on emulator used). For further question to this special topic, please have a search in Forum Nokia.

  11. #11
    Registered User
    Join Date
    Jul 2007
    Posts
    3

    Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    I am not as far along as you, but have questions. I have a file connection application that shows the roots(C:/ main memory and E:/ memory card). I get a security error when I try to list whats on these drives. I am testing on a Nokia 6126 phone and am using NetBeans 6.0 fro development.

    My simple application does ask permissions or signing. Can you give any pointers?

  12. #12
    Registered User
    Join Date
    Jun 2007
    Posts
    4

    Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    kenh1, i see two possibilities:

    1) your midlet is unsigned. in that case, the mobile phone will request you for confirmation when reading files, but the writing permission will be put to "always denied", so if you open the directories with read and write, that will fail unless you sign it.

    2) if your midlet is signed but you haven't set the permissions in the jad or manifest, it will fail too.

    This are errors that you may see if you are working with fileconnection api, that's why I've told you. However, if your error is of security, it's probably because j2me doesn't have unlimited access to the directories hierarchy. Instead of listing C:/, try listing the directory where the mobile saves photos and images (in nokia N70 it is C:/Nokia/Images/Pictures ), maybe your program could access this location.

  13. #13
    Registered User
    Join Date
    Aug 2007
    Posts
    7

    Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    I am developing a tool to list root dir and its subfolder ,but open path denied on N70. what certificate keytool do you use?
    can you email it to me to test?
    qeekeye@126.com thanks.

  14. #14
    Super Contributor
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,191

    Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    fireinwind,

    Note that the devices do not have full access to the file system and signing does not grant you any wider access to the file system. The difference is that you will see less confirmations.

    Even unsigned MIDlets have access to the file system (check the API access rights / Suite Settings through the application manager) so if you cannot access some directory, then that directory is out of reach also for signed MIDlets.

    Or did I misunderstand your problem?

    Hartti
    Last edited by hartti; 2007-08-31 at 19:47.

  15. #15
    Registered User
    Join Date
    Jun 2007
    Posts
    4

    Re: JSR-75 MIDP permissions + signing on N95 not playing nicely?

    hartti, i don't agree with you. It's true that there are many directories which cannot be accessed even with signed applications, because of the limitations of java in this kind of devices. however, there are other directories which can be accessed only by signed applications, not by unsigned.

    fireinwind
    you have to see the default permissions of your device (searching for internet). for instance, i've been programming nokia N70 and N95, and they have different permissions for java applications. N70 requires signing to access files, because the default permission is "always denied", and when you sign a midlet, the default permission is "ask always". In N95, on the other hand, the default permission is "ask always" so you only need to sign it if you want to remove the confirmations.

    the default permissions usually depend on the S60 version (N70 is second and N95 is third), so if your mobile is one of these, then you know the default permissions in files.

    as i say, you aren't able to access the root folder. try with the directory Images/Pictures

    Quique

Similar Threads

  1. Signing Midlet & Permissions problems!
    By Wijnbo in forum Mobile Java Networking & Messaging & Security
    Replies: 7
    Last Post: 2007-05-14, 21:49
  2. MIDlet Permissions & Signing
    By msilvest@confsystem.com in forum Mobile Java Networking & Messaging & Security
    Replies: 1
    Last Post: 2005-09-17, 14:01
  3. Series 60 Concept Emulator (SDK Beta 0.2 Linux) not working
    By mattbee in forum Mobile Java Tools & SDKs
    Replies: 1
    Last Post: 2003-06-10, 11:43
  4. Series 60Series 60 MIDP Concept SDK Beta 0.2 Linux bug?
    By kauppi in forum Mobile Java Tools & SDKs
    Replies: 3
    Last Post: 2003-04-07, 09:05
  5. Http connection problem in 6310i
    By teahola in forum Mobile Java General
    Replies: 1
    Last Post: 2002-10-03, 18:46

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×