| Exit Print View | |
Java Platform Micro Edition Software Development Kit Version 3.0 |
|
Viewing and Editing Project Properties
Running Projects in the Emulator
Searching the WURFL Device Database
Finding Files in the Multiple User Environment
CLDC Emulation on a Windows Mobile Device
Installing CLDC Emulation on a Windows Mobile Emulator
JSR 82: Bluetooth and OBEX Support
JSR 135: Mobile Media API Support
JSR 177: Smart Card Security (SATSA)
Java Card Platform Simulator (cref)
JSRs 184, 226, and 239: Graphics Capabilities
JSR 205: Wireless Messaging API (WMA) Support
JSR 211: Content Handler API (CHAPI)
JSR 238: Mobile Internationalization API (MIA)
Application permissions are defined in access control file (acf) records. The record format is as follows:
acf AID fnumbers separated by blanks {
ace {
root CA name
...
apdu {
eight numbers separated by blanks
...
}
...
jcrmi {
classes {
classname
...
}
hashModifier string
methods {
method name and signatiure
...
}
}
...
pin_apdu {
id number
verify | change | disable | enable | unblock
four hexadecimal numbers
...
}
...
pin_jcrmi {
id number
verify | change | disable | enable | unblock
method name and signature
...
}
...
}
...
}
The acf record is an Access Control File. The AID after acf identifies the application. A missing AID indicates that the entry applies to all applications. The acf record can contain ace records. If there are no ace records, access to an application is restricted by this acf.
The ace record is an Access Control Entry. It can contain root, apdu, jcrmi, pin_apdu, and pin_jcrmi records.
The root record contains one CA name. If the MIDlet suite was authorized using a certificate issued by this CA, this ace grants access to this MIDlet. A missing root field indicates that the ace applies to all identified parties. One principal is described by one line. This line must contain only the word root and the principal name, for example:
root CN=thehost;OU=JCT;O=dummy CA;L=Santa Clara;ST=CA;C=USThe apdu or jcrmi record describes an APDU or Java Card RMI permission. A missing permission record indicates that all operations are allowed.
An APDU permission contains one or more sequences of eight hexadecimal values, separated by blanks. The first four bytes describe the APDU command and the other four bytes are the mask, for example:
apdu {
0 20 0 82 0 20 0 82
80 20 0 0 ff ff 0 0
}
The Java Card RMI permission contains information about the hash modifier (optional), class list, and method list (optional). If the list of methods is empty, an application is allowed to invoke all the remote methods of interfaces in the list of classes, for example:
jcrmi {
classes {
com.sun.javacard.samples.RMIDemo.Purse
}
hashModifier zzz
methods {
debit(S)V
setAccountNumber([B)V
getAccountNumber()[B
}
}
All the numbers are hexadecimal. Tabulation, blank, CR, and LF symbols are used as separators. Separators can be omitted before and after symbols { and }.
The pin_apdu and pin_jcrmi records contain information necessary for PIN entry methods, which is the PIN identifier and APDU command headers, or remote method names.
|