If you are using Internet Explorer, please remove blackberry.com from your compatibility view settings.

Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
ingvar_e
Posts: 551
Registered: ‎10-31-2009
My Device: Torch 9800, Bold 9700
My Carrier: Movistar, Telenor
Accepted Solution

Two questions on signing code using restricted API:s

First question

 

I have a library that contains classes that requires signing in order to use restricted API:s. One of the functions in the library uses "Persistent Storage". My application accesses this library module by  an import of  the library and then instanciates and calls the function I need.

 

Is it sufficient to have the library signed or does the application calling the library need signing too?

 

Second question

 

Is it possible to set the simulator so it actually tests that the modules using restricted API:s are signed correctly?

 

If everything seems to be under control, you're just not driving fast enough
-Mario Andretti-
Please use plain text.
Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: Two questions on signing code using restricted API:s

Check the simulator setting "Enable device security". When this setting is enabled, the simulator checks signatures almost like an actual handheld would. For your purposes, that should be good enough. If your module is missing a required signature, the simulated handheld will complain same as a normal handheld would.

Please use plain text.
Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: Two questions on signing code using restricted API:s

Regarding the need for signing of an application that only accesses non-restriced APIs from a library, I don't think you need to sign the application. You should still check whether the application has enough signatures to perform its other functions, such as showing something on the screen.

 

P.S. You can restrict access to your library's APIs using code signing too.

Please use plain text.
Developer
ingvar_e
Posts: 551
Registered: ‎10-31-2009
My Device: Torch 9800, Bold 9700
My Carrier: Movistar, Telenor

Re: Two questions on signing code using restricted API:s

hi klyubin,

 

Not sure what you mean by

 

>Regarding the need for signing of an application that only accesses non-restriced APIs from a library, I >don't think you need to sign the application. You should still check whether the application has enough >signatures to perform its other functions, such as showing something on the screen.

 

The functions in the library do access restricted API:s. The application uses these functions by importing and instanciating these functions from the library. So my question was if the need for signing is propagated upwards to the application or if it is enough to have the library signed. The actual "use" of the restricted API is in the application.

 

Since I can test this with the simulator I can possibly answer it by testing.

If everything seems to be under control, you're just not driving fast enough
-Mario Andretti-
Please use plain text.
Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: Two questions on signing code using restricted API:s

What is meant is that you can restrict access (using code signing) to the APIs exported by your library.

 

Also, I'm not 100% sure, but I believe some RIM methods check whether all code on the call stack (as opposed to just the calling method) is signed with a certain RIM key.

Please use plain text.
Developer
ingvar_e
Posts: 551
Registered: ‎10-31-2009
My Device: Torch 9800, Bold 9700
My Carrier: Movistar, Telenor

Re: Two questions on signing code using restricted API:s

OK.

I will test it using the simulator. Will report back if it works

If everything seems to be under control, you're just not driving fast enough
-Mario Andretti-
Please use plain text.