I'm trying to connect to a server using https and when I do it says that the connection requires a client certificate. If I press yes to continue I'll get a TLSAlertException.
The connection code looks something like:
SecureConnection con = (SecureConnection)Connector.open("ssl://url:443");
I've looked at the certificates on the simulator (and also on a device) and there aren't any client (personal) certificates by default. I've tried generating one through code but I don't know how to make it show up under the personal certificates on the phone.
I found this but none of the options are very desirable to get a personal certificate on the device.
So, is it possible to get a personal certificate on the simulator, ideally through code?
If I am able to get one will the SecureConnection use it automatically when connecting to the server?
If not are there libraries out there that can make this work?
So after doing some more digging I found the Bouncy Castle TLS API. Long story short it seems to be working so far, but I'm going to list the steps I went through because I hit a few snags along the way.
You can download the source as well as the zips of the class files from http://www.bouncycastle.org/latest_releases.html. Under the "Sources and Javadoc" section there are links for J2ME.
First I tried to add the cldc_classes.zip as an external JAR to the build path. Code completion for the bouncy castle code was working in Eclipse now. So I started the simulator but when I tried to start the app it gave me "Error starting app: Module 'cldc_classes.zip' not found." I searched around and discovered the problem was that I needed to check the box on the "Order and Export" tab of the Build Path setup. Oops!
So I checked it and tried to run again but got an "Error: preverifier failed" before the simulator even launched. Some more searching revealed I had to preverify the zip file for it to work which seemed like it would be easy enough.
Using the preverify tool gave lots of errors and warnings that looked like they had something to do with the duplicate creation of classes in the java package. On the Bouncy Castle FAQs they mentioned something like this and suggested obfuscating the code.
I found a java obfuscator and after a bit of fiddling was able to obfuscate the classes. Tried to preverify and it failed again... I didn't want to learn more than I had to about preverifying so I decided to just import the source files.
One of the packages had errors relying on ArrayList, but it didn't seem to be necessary and I just deleted it. Attempting to run it there was an error about "duplicate attribute mismatch: 'MIDlet-name'". There was a .jad file in one of the packages that had this which I deleted to get rid of the error. The test packages could also be deleted without consequence.
Trying to run now I got "Eclipse I/O Error: Cannot run program "jar": CreateProcess error=2". Some searching revealed that I needed to add java jdk bin folder (something like C:\Program Files\Java\jdk\bin) to the PATH environment variable.
Finally I was able to run and I'm able to connect, send and receive data successfully. There is probably a better/easy way to use the bouncy castle jars in a project and I may look into doing that now that I know the code actually works. Below is some sample code for the connection.
SocketConnection con = (SocketConnection)Connector.open("socket://url:443");
TlsProtocolHandler tph = new TlsProtocolHandler(con.openInputStream(), con.openOutputStream());
tph.connect(new AlwaysValidVerifier());
is = tph.getInputStream();
os = tph.getOutputStream();