Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
jaschroe
Posts: 32
Registered: ‎08-26-2008
My Device: Not Specified

Validate SSL certificates?

I am connecting to a server via (HttpsConnection)Connector.open("https://hostname;deviceside=false", Connector.READ_WRITE) (MDS route).

 

Say, for example, that "hostname" has an invalid certificate (untrusted chain). How can I validate that, in my code? The closest I see is HttpsConnection.getSecurityInfo().getCertificate(), which returns a javax.microedition.pki.Certificate with a lot of long/String accessors. I don't see a way to validate the trust chain. I see the X509Certificate class, but no way to get from a javax.microedition.pki.Certificate to an X509Certificate object.

 

Developing using BlackBerry JDE 4.0.2, testing on JDE 4.2.1.89 BB 8800 simulator using MDS sim 4.1.4. Developing using MDS route, but expected to support BIS-B as well.

Developer
rihan007
Posts: 455
Registered: ‎01-14-2009
My Device: Apple iPhone 3GS 16GB

Re: Validate SSL certificates?

anyone? 

Developer
i68040
Posts: 59
Registered: ‎02-05-2012
My Device: Q10

Re: Validate SSL certificates?

I would like to know the same thing: Looks ilke X509Certificate has the method I need (getPublicKey()), but there is no way to do the conversion.

 

Has anyone come up with a good solution?

Developer
rihan007
Posts: 455
Registered: ‎01-14-2009
My Device: Apple iPhone 3GS 16GB

Re: Validate SSL certificates?

Impossible to do with the current RIM APIs. You can use BouncyCastle Library to read the certificate information. It should provide you all the info you need from certificate including the chain of certificates.

Developer
i68040
Posts: 59
Registered: ‎02-05-2012
My Device: Q10

Re: Validate SSL certificates?

Thanks for the reply! Do you have any suggestions on how I can go about using Bouncy Castle? I've seen it mentioned on other forum posts without any details on how I'm supposed to use it.

 

I have downloaded the J2ME from their downloads page and am looking for some API help.

Developer
i68040
Posts: 59
Registered: ‎02-05-2012
My Device: Q10

Re: Validate SSL certificates?

Ok, I have everything compiling correctly using the BouncyCastle 'Certificate' object- but when I start the app I get this error:

 

Error starting ApplicationName: 'ApplicationName' may not contain classes in com.rim, net.rim, net.blackberry, java or javax packages

 

I'm guessing this has to do with me not doing any obfuscation (As mentioned in Q#3 of the Bouncy castle FAQ). Does anyone have any guidance on setting up obfuscation using the Blackberry plugin for Eclipse?

Developer
rihan007
Posts: 455
Registered: ‎01-14-2009
My Device: Apple iPhone 3GS 16GB

Re: Validate SSL certificates?

You can rename the com.java packages to org.bouncycastle.java packages. RIM doesnt allow to have classes with com.rim, net.rim, net.blackberry, java or javax packages

Developer
i68040
Posts: 59
Registered: ‎02-05-2012
My Device: Q10

Re: Validate SSL certificates?

Wow, that worked great! And it helps avoid an obfuscation step.

Thank you!
New Contributor
rikhil
Posts: 2
Registered: ‎05-03-2011
My Device: Torch

Re: Validate SSL certificates?

Hi i68040 can you please provide the sample code or code snippet that how you have used bouncyCastle, for validating SSL certificates.

Thanks!