08-05-2012, 03:58 PM
BlackBerry Java Development Environment
4280957-BlackBerry-Application-Developer-Guide-Volume-2.pdf (Size: 845.48 KB / Downloads: 58)
BlackBerry controlled APIs
The BlackBerry® APIs described in this guide have controlled access. Applications that use controlled
APIs can be run in the simulator; however, you must obtain code signatures from Research In Motion®
(RIM®) before you can load these applications onto BlackBerry devices. See “Code signatures” on page 6
for more information.
Code signatures
RIM tracks the use of some sensitive APIs in the BlackBerry JDE for security and export reasons. In the
API Reference, a lock icon or the text signed indicates sensitive classes or methods. In the
documentation for a class that contains signed methods, select or clear the SHOW Signed option at the
top of the page to view or hide signed methods.
If you use signed classes or methods in your applications, the .cod files must be digitally signed by RIM
before you can load them onto BlackBerry devices.
Code signing request process
1. The Signature Tool opens an HTTP connection to the signing authority system and sends a request.
The request includes a hash of your code in the .csl and .cso files. Your actual code is not sent to
RIM.
2. The signing authority system verifies that the request is valid and applies a RIM private key to the
hash of each .cod file to create the signatures.
3. The signing authority system returns the signatures to the Signature Tool and closes the HTTP
connection.
4. The Signature Tool appends the signatures to each .cod file.
When the files are signed, the Status column for the .cod file displays Signed.
Optional signatures
You can load applications onto BlackBerry devices without optional .cso signatures. These signatures are
only required if their corresponding methods are invoked during runtime.
When the application calls a method that requires a signature, the VM verifies that the application has
this authorization. If the VM does not find these optional signatures, the application stops.
Signing limitations
There are several situations in which the code signing process does not proceed.
Client parameters
The signing authority administrator can limit your access to signatures by specifying a limit using both
time and frequency parameters. These parameters are defined in your .csi file. Be aware of these possible
limitations when applying for signatures.