What’s New In MIDP 3.0 ? Part 43: Multiply Signed MIDlet Suites

A MIDlet Suite may be signed using multiple distinct private keys.

This makes it posssible both

• for the same entity to sign a MIDlet Suite multiple times, and

• for different entities to sign the same MIDlet Suite

The first case means it is possible for a MIDlet Suite develper to obtain signing certificates from different sources, for example, network operators, and then sign a MIDlet Suite using the private key associated with each issued signing certificate. This in turn makes it possible to use the same signed MIDlet Suite on different operator networks, rather than having to re-package the MIDlet Suite for each network.

The second case makes it possible for a MIDlet Suite developer to sign a MIDlet Suite once, or multiple times as above, and then submit it to a third-party responsible for auditing or verifying its behaviour who can then sign it themselves.

The MIDlet-Jar-RSA-SHA1-<n> Attribute

A signature of a MIDlet Suite is specified using the

    MIDlet-Jar-RSA-SHA1-<n>

attribute.

The value of the attribute should be the Base-64 encoded signature of the MIDlet Suite JAR.

The canonical rules for ordinal based attributes apply. The first ordinal must be one (1). Any attribute after the first gap in the sequence is ignored.

For each signature there should be an associated certificate chain specified using one or more

    MIDlet-Certificate-<n>-<m>

attributes with the value of n in the certificate chain attributes corresponding to the value of n in the signature attribute.

The number of certificate chains must equal the number of signatures or the installation of the MIDlet Suite will fail.

Multiply Signing MIDP 2.x MIDlet Suites

Existing MIDP 2.x MIDlet Suites can also be multiply signed. If the

    Microedition-Profile

attribute specifies either

• MIDP-2.0, or

• MIDP-2.1

then MIDlet-Jar-RSA-SHA1-<n> attributes take precedence over the MIDlet-Jar-RSA-SHA1 attribute. If only the latter attribute is present then it it processed using the legacy MIDP 2.x authentication and verification algorithm.

---

Copyright (c) 2009 By Simon Lewis. All Rights Reserved

What’s New In MIDP 3.0 ? Part 42: MIDlet Suite Attribute Miscellany

1. MIDlet-Minimum-Canvas-Size And MIDlet-Maximum-Canvas-Size

The minimum size, in pixels, of a full-screen Canvas that the MIDlet(s) in a MIDlet Suite are intended to support can be specified at installation time using the

    MIDlet-Minimum-Canvas-Size

attribute.

The maximum size, in pixels, of a full-screen Canvas that the MIDlet(s) in a MIDlet Suite are intended to support can be specified at installation time using the

    MIDlet-Maximum-Canvas-Size

attribute.

Installation of the MIDlet Suite will fail if the specified constraints are not met by the primary Display of the device.

If both attributes are specified then it is an error if the minimum size is not less than or equal to the maximum size and installation of the MIDlet Suite will fail.

Note

• The documentation for these attributes does not specify their format, nor can I find a definition of it anywhere else in the documentation.
  However, the early draft review did contain an example of a JAD containing the following

  MIDlet-Minimum-Canvas-Size: 120, 120

  so possibly that is the intended format ?

2. MIDlet-Required-IP-Version

The IP version required by a MIDlet Suite can be specified by using the

    MIDlet-Required-IP-Version

attribute.

The value of the attribute must be one of

• ipv4
• ipv6
• any

If the required version is not supported by the device then installation of the MIDlet Suite will fail.

3. MIDlet-Profile-Request

The

    MIDlet-Profile-Request

attribute is used to specify that the MIDlet Suite JAD download request must be accompanied by the UAProf headers necessary to detemine the capabilities of the device.

The specification requires that this is done for all JAD downloads, however, it is possible that the JAD was downloaded in some another manner and then passed to the MIDP 3.0 implementation. In these circumstances if the MIDlet-Profile-Request attribute is present and has the value true then the JAD download must be repeated with the download request being accompanied by the necessary UAProf headers.

4. MIDlet-Upate-URL

The

    MIDlet-Update-URL

can be used to specify an RFC 3986 conformant absolute URL to be used for automatic updates of the MIDlet Suite

Note

• It is not clear from the specification what the automatic update of a MIDlet Suite actually involves.

  The attribute documentation says

  If the value contains a valid URL, the automatic update of the MIDlet suite MUST be requested from this URL. Note that this overrides the priority rules used to decide which URL is used in updating. In this case other URLs MUST NOT be used, and other rules related to the update MUST remain in effect.

  If the URL is empty, user MUST NOT be able to activate the automatic update feature of the AMS.

  Searching the Provisioning section of the specification turns up this

  If the provisioned MIDlet suite has the MIDlet-Update-URL attribute in the JAD file or the JAR manifest, the implementation MUST use it to configure the automatic update feature. The value of this attribute MUST either be empty or contain a valid URL. For details, see the description of the MIDlet-Update-URL attribute in Application Attributes.

  which simply refers to the attribute documentation quoted above, and that is the only occurence of the word automatic anywhere in the Provisioning section.

---

Copyright (c) 2009 By Simon Lewis. All Rights Reserved

What’s New In MIDP 3.0 ? Part 41: Preventing Users From Upgrading Or Uninstalling MIDlet Suites

A user can be prevented from upgrading and/or uninstalling a MIDlet Suite by using the

    MIDlet-UserDenied

attribute.

The value of the attribute is a comma separated list of the actions the user is not allowed to perform.

The actions are

• delete
• update

meaning that the user cannot

• uninstall
• upgrade

the MIDlet Suite respectively.

To use this attribute the MIDlet Suite must be granted the ActionsDeniedPermission. The default MIDP 3.0 security policy does not grant this permission to MIDlet Suites bound to the Identified Third Party, or Unidentifed Third Party protection domains. By default therefore this feature is only available to manufacturers and operators.

---

Copyright (c) 2009 By Simon Lewis. All Rights Reserved

What’s New In MIDP 3.0 ? Part 40: MIDlet Suite Scalable Icons

Like MIDlets a MIDlet Suite can have a scalable icon.

This can be specified at installation time using the

    MIDlet-Scalable-Icon

attribute.

The value of the attribute should be the path of a file within the MIDlet Suite JAR which contains scalable image data in the SVG Tiny 1.1 format.

A locale specific version of the MIDlet Suite icon can be specified using the

    MIDlet-Scalable-Icon-<locale>

attribute.

See Localizable Attributes for the semantics of localized attributes.

---

Copyright (c) 2009 By Simon Lewis. All Rights Reserved

What’s New In MIDP 3.0 ? Part 39: Localizable MIDlet Suite Attributes

See Localizable Attributes for a description of the semantics of localizable attributes.

Attribute	Locale Specific Attribute
MIDlet-Name	MIDlet-Name-<locale>
MIDlet-Icon	MIDlet-Icon-<locale>
MIDlet-Description	MIDlet-Description-<locale>
MIDlet-Delete-Confirm	MIDlet-Delete-Confirm-<locale>

Note

• There is one new MIDlet Suite Attribute MIDlet-Scalable-Icon which is also localizable. This is described separately.

---

Copyright (c) 2009 By Simon Lewis. All Rights Reserved