EHSx Java User Guide V07 (13.02.2015)
EHSx Java User Guide V07 (13.02.2015)
Users Guide
Version: 07
DocId: ehsx_java_usersguide_v07
Products: Cinterion® EHS5, Cinterion® EHS6, Cinterion® EHS6-A, Cinterion® EHS8
M2M.GEMALTO.COM
Java User’s Guide Page 2 of 107
GENERAL NOTE
THE USE OF THE PRODUCT INCLUDING THE SOFTWARE AND DOCUMENTATION (THE "PROD-
UCT") IS SUBJECT TO THE RELEASE NOTE PROVIDED TOGETHER WITH PRODUCT. IN ANY
EVENT THE PROVISIONS OF THE RELEASE NOTE SHALL PREVAIL. THIS DOCUMENT CONTAINS
INFORMATION ON GEMALTO M2M PRODUCTS. THE SPECIFICATIONS IN THIS DOCUMENT ARE
SUBJECT TO CHANGE AT GEMALTO M2M'S DISCRETION. GEMALTO M2M GMBH GRANTS A NON-
EXCLUSIVE RIGHT TO USE THE PRODUCT. THE RECIPIENT SHALL NOT TRANSFER, COPY,
MODIFY, TRANSLATE, REVERSE ENGINEER, CREATE DERIVATIVE WORKS; DISASSEMBLE OR
DECOMPILE THE PRODUCT OR OTHERWISE USE THE PRODUCT EXCEPT AS SPECIFICALLY
AUTHORIZED. THE PRODUCT AND THIS DOCUMENT ARE PROVIDED ON AN "AS IS" BASIS ONLY
AND MAY CONTAIN DEFICIENCIES OR INADEQUACIES. TO THE MAXIMUM EXTENT PERMITTED
BY APPLICABLE LAW, GEMALTO M2M GMBH DISCLAIMS ALL WARRANTIES AND LIABILITIES.
THE RECIPIENT UNDERTAKES FOR AN UNLIMITED PERIOD OF TIME TO OBSERVE SECRECY
REGARDING ANY INFORMATION AND DATA PROVIDED TO HIM IN THE CONTEXT OF THE DELIV-
ERY OF THE PRODUCT. THIS GENERAL NOTE SHALL BE GOVERNED AND CONSTRUED
ACCORDING TO GERMAN LAW.
Copyright
Transmittal, reproduction, dissemination and/or editing of this document as well as utilization of its con-
tents and communication thereof to others without express authorization are prohibited. Offenders will be
held liable for payment of damages. All rights created by patent grant or registration of a utility model or
design patent are reserved.
Trademark Notice
Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain
countries. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corpora-
tion in the United States and/or other countries. All other registered trademarks or trademarks mentioned
in this document are property of their respective owners.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 3 of 107
Content
107
Content
1 Preface ....................................................................................................................... 10
1.1 Document History ............................................................................................ 10
2 Overview .................................................................................................................... 12
2.1 Related Documents ......................................................................................... 12
2.2 Terms and Abbreviations ................................................................................. 12
3 Installation ................................................................................................................. 14
3.1 System Requirements...................................................................................... 14
3.2 Installation CD Content .................................................................................... 14
3.3 Cinterion Mobility Toolkit Installation................................................................ 15
3.3.1 Installation Prerequisites..................................................................... 15
3.3.2 Installing CMTK................................................................................... 16
3.4 CMTK Uninstall ................................................................................................ 20
3.5 Upgrades ......................................................................................................... 20
5 Maintenance .............................................................................................................. 27
5.1 IP Service......................................................................................................... 27
5.2 Power Saving................................................................................................... 28
5.3 Airplane Mode.................................................................................................. 29
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 4 of 107
Content
107
5.4 Alarm................................................................................................................ 29
5.5 Shutdown ......................................................................................................... 30
5.5.1 Automatic Shutdown ........................................................................... 30
5.5.2 Manual Shutdown ............................................................................... 30
5.5.3 Restart after Switch Off....................................................................... 30
5.5.4 Watchdog............................................................................................ 30
5.6 Special AT Command Set for Java Applications ............................................. 31
5.6.1 Switching from Data Mode to Command Mode .................................. 31
5.6.2 Mode Indication after MIDlet Startup .................................................. 31
5.6.3 Long Responses ................................................................................. 31
5.6.4 Configuration of Serial Interface (ASC0, ASC1) ................................. 31
5.6.5 Java Commands ................................................................................. 32
5.7 System Out ...................................................................................................... 32
5.7.1 Serial interfaces .................................................................................. 32
5.7.2 File ...................................................................................................... 32
5.8 Restrictions ...................................................................................................... 33
5.8.1 Flash File System ............................................................................... 33
5.8.2 Memory ............................................................................................... 33
5.8.3 JAD File Size ...................................................................................... 33
5.8.4 AT Command API ............................................................................... 33
5.8.5 FileConnection API ............................................................................. 34
5.9 System Time .................................................................................................... 34
5.10 GPS Services................................................................................................... 34
6 MIDlets ....................................................................................................................... 35
6.1 MIDlet Documentation ..................................................................................... 35
6.2 MIDlet Life Cycle.............................................................................................. 35
6.3 Multiple MIDlets ............................................................................................... 36
6.4 Hello World MIDlet ........................................................................................... 37
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 5 of 107
Content
107
8.6 Procedures....................................................................................................... 45
8.6.1 Install/Update ...................................................................................... 45
8.6.2 Delete.................................................................................................. 46
8.7 Time Out Values and Result Codes................................................................. 47
8.8 Tips and Tricks for OTAP................................................................................. 47
8.9 OTAP Tracer.................................................................................................... 48
8.10 Security ............................................................................................................ 48
8.11 How To............................................................................................................. 48
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 6 of 107
Content
107
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 7 of 107
Tables
107
Tables
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 8 of 107
Figures
107
Figures
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 9 of 107
Figures
107
Figure 50: Mode 1 - Customer Root certificate does not exist ........................................ 86
Figure 51: Mode 2 - Server certificate and certificate into module are identical.............. 87
Figure 52: Mode 2 - Server certificate and self signed root certificate in module form
a chain ........................................................................................................... 88
Figure 53: Insert customer ME keystore ......................................................................... 90
Figure 54: Prepare MIDlet for secured mode .................................................................. 91
Figure 55: Structure of Java Security commands ........................................................... 92
Figure 56: Build Java Security command........................................................................ 95
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 10 of 107
1 Preface
11
1 Preface
This document covers the following IMP-NG Java products from Gemalto M2M:
1. Cinterion® EHS5 Module (as of Release 2)
2. Cinterion® EHS6 Module
3. Cinterion® EHS6-A Module
4. Cinterion® EHS8 Module
Where applicable differences between the products are noted in the particular chapters.
Throughout the document, all supported products are referred to as ME (Mobile Equipment).
For use in file, directory or path names, the string “<productname>” represents the actual
name of a product, for example EHS5. Screenshots are provided as examples and, unless oth-
erwise stated, apply to all supported products.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 11 of 107
1.1 Document History
11
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 12 of 107
2 Overview
13
2 Overview
Java technology and several peripheral interfaces on the module allow you to easily integrate
your application.
This document explains how to work with the ME, the installation CD and the tools provided on
the installation CD.
Figure 1: Overview
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 13 of 107
2.2 Terms and Abbreviations
13
Abbreviation Description
DCD Data Carrier Detect
DSR Data Set Ready
FFS Flash File System
GPIO General Purpose I/O
GPRS General Packet Radio Service
HTTP Hypertext Transfer Protocol
I/O Input/Output
IDE Integrated Development Environment
IMC Inter-MIDlet Communication (com.sun.midp.io.pipe.PipeConnection)
IMP-NG Information Module Profile - Next Generation
IP Internet Protocol
Java ME™ Java Micro Edition (also known as J2ME)
™
Java SE Java Standard Edition
JAD Java Application Description
JAR Java Archive
JDK Java Development Kit
JSR Java Specification Request
JRC Java Remote Control
JVM Java Virtual Machine
LED Light Emitting Diode
ME Mobile Equipment
MES Module Exchange Suite
MIDP Mobile Information Device Protocol
ODD On Device Debugging
OTA Over The Air
OTAP Over The Air Provisioning of Java Applications
PDP Packet Data Protocol
PDU Protocol Data Unit
SDK Software Development Kit
SMS Short Message Service
TCP Transfer Control Protocol
TLS Transport Layer Security, formerly SSL (Secure Socket Layer)
URC Unsolicited Result Code
URL Universal Resource Locator
VBS Visual Basic Script
WTK Wireless Toolkit
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 14 of 107
3 Installation
20
3 Installation
If a Java IDE such as NetBeans (as of 6.7 or higher) or Eclipse (as of 4.2.0 - Juno or higher) is
installed, the CMTK environment can be integrated into it during installation of the CMTK. To
install one of the IDEs follow the installation instructions in Section 3.3.1.
If you wish to access the module via USB ensure that the USB cable is plugged between the
module’s USB interface and the PC.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 15 of 107
3.3 Cinterion Mobility Toolkit Installation
20
This section covers the installation and removal of the CMTK including the installation of the
prerequisite JDK and supported IDEs.
Apart from the JDK installation it is recommended to install a Java Development Environment
(IDE):
• The Eclipse as well as the NetBeans IDE are distributed as part of the installation CD under
"Contribution\eclipse-mobile-juno-SR2-win32.zip" resp. "Contribution\eclipse-mobile-juno-
SR2-win32_64.zip" (for 64-bit systems with only a 64 bit version of the JDK installed) or
"Contribution\netbeans-7.2-ml-javase-windows.exe". To install NetBeans call the contribu-
tion setup file. To install Eclipse unzip the appropriate contribution archive to the desired
destination directory. An Eclipse IDE may also be installed as part of the CMTK installation
process described in Section 3.3.2.
Note that the Eclipse IDE provided on the installation CD is a specially adapted "Eclipse for
Mobile Developers package" with a pre-integrated MTJ plugin that is necessary for J2ME
development. If employing any other Eclipse IDE variant or the NetBeans IDE also provided
on the installation CD, it is therefore required to install additional plugins containing mobile
resp. mobility tools. Please refer to Chapter 10 for more information on how to install these
plugins for Eclipse and NetBeans.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 16 of 107
3.3 Cinterion Mobility Toolkit Installation
20
1. Insert the installation CD and start Setup.exe. When the dialog box appears press the Next
button to start the CMTK installation.
Figure 2: CMTK - InstallShield Wizard
2. Read the CMTK license agreement. If you accept the agreement, press "Yes" to continue
with the installation.
3. Read the information about the installation and the use of the CMTK. Press "Next" to con-
tinue.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 17 of 107
3.3 Cinterion Mobility Toolkit Installation
20
4. Install the Module Exchange Suite (MES) as part of the CMTK installation. MES provides
tools to access the Flash file system on the module from the development environment over
a serial interface. File transfers between PC and module are greatly facilitated by this suite.
MES is installed to "Program Files\Cinterion\Module Exchange Suite".
Figure 3: Module Exchange Suite - InstallShield Wizard
5. Read the MES license agreement. If you accept the agreement, press "Yes" to continue
with the installation.
6. Click Finish to conclude the MES installation as part of the CMTK installation (a computer
restart is required at some later point to complete the MES installation).
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 18 of 107
3.3 Cinterion Mobility Toolkit Installation
20
Figure 4: IMP Debug Connection - InstallShield Wizard
8. Continue with installation by installing the corresponding Gemalto M2M device software,
i.e., modem driver.
Note that this dialog appears only as of Windows Vista and only if the checkbox "Always trust
software from "Gemalto M2M GmbH" was not selected during previous Gemalto M2M device
software installations. Otherwise the necessary drivers are installed automatically.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 19 of 107
3.3 Cinterion Mobility Toolkit Installation
20
9. Scan COM ports for available Java module. The scan may be skipped and can be repeated
later as part of a repair installation. This is done by selecting the "Gemalto IMP Debug Con-
nection for EHSx" from Control Panel and clicking "Change".
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 20 of 107
3.4 CMTK Uninstall
20
12. If the above scan did not deliver any supported Java IDE, it is possible to install the Eclipse
IDE provided on the installation CD.
Figure 8: Query to install Eclipse IDE as part of CMTK installation
The Module Exchange Suite (MES) is not uninstalled automatically with the CMTK. To uninstall
MES as well, please run the MES uninstall facility. To run the uninstall program, open the Con-
trol Panel, select Add/Remove Programs, select "Gemalto Module Exchange Suite (MES)" and
follow the instructions. MES might still be used by other CMTK versions and should in this case
not be uninstalled.
Please keep in mind that standard modem (or USB modem) and dial-up network connection
are required for a proper working of the CMTK on-device debugging.
3.5 Upgrades
The CMTK can be modified, repaired or removed by running the setup program on the Instal-
lation CD.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 21 of 107
4 Software Platform
26
4 Software Platform
In this chapter, we discuss the software architecture of the CMTK and the interfaces to it.
IMC
Java User Application
Gemalto Application
(optional)
IMC IMC
Third Party Application
(optional)
Java API
CLDC 1.1 HI
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 22 of 107
4.2 Hardware Interfaces
26
Basically, GPIO pins can alternatively be used as SPI, PWM/DAC, ASC1 or DAI interface. For
details see [1]. USB, I2C and ADC interfaces do not share pins.
4.2.4 ADC
Accessible by a Java API. See [1] and [2] for details.
4.2.5 PWM/DAC
Accessible by a Java API. See [1] and [2] for details.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 23 of 107
4.3 Other Interfaces
26
4.2.7 I2C
Accessible by a Java API. See [1] and [2] for details.
4.2.8 SPI
Accessible by a Java API. See [1] and [2] for details.
4.2.9 USB
Accessed by Java RS-232 API as a serial emulation. The USB interface comprises an USB
modem and available USB ports. The available ports provide an AT command interface to the
module (i.e., ports 3, 4 and 5). USB modem and ports may be employed as regular USB inter-
faces, including usage as System.out and for on-device debugging (ODD) during the applica-
tion development phase.
4.3.1 IP Networking
Because the used network connection (GPRS) is fully transparent to the Java interface, the
GPRS parameters must be defined separately either by the AT command AT^SJNET [1] or by
parameters given to the Connector.open() method, see [3].
4.3.2 Media
The playTone method and the tone sequence player are supported.
4.3.3 Others
Neither the PushRegistry interfaces and mechanisms nor any URL schemes for the Platform-
Request method are supported. See [3].
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 24 of 107
4.4 Data Flow of a Java Application Running on the Module
26
AT Parser
system.out ASC0/1, USB
Flash File
JVM
System
AT Command
File I/O API
API
ASC0/ASC1/
GPIO I2C/SPI DAC/ADC
USB
The diagram shows the data flow of a Java application running on the module. The data flow
of a Java application running in the debug environment can be found in Figure 18.
The compiled Java applications are stored as JAR files in the Flash File System of the module.
When the application is started, the JVM interprets the JAR file and calls the interfaces to the
module environment.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 25 of 107
4.5 Handling Interfaces and Data Service Resources
26
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 26 of 107
4.5 Handling Interfaces and Data Service Resources
26
AT parser AT parser
AT parser AT parser
AT parser
AT parser
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 27 of 107
5 Maintenance
34
5 Maintenance
The basic maintenance features of the ME are described below. Explicit details of these func-
tions and modes can be found in [1] and [2].
5.1 IP Service
Java supports more than one PDP context via several connections. A connection is defined by
means of:
• Optional additional parameters for the Connector.Open() method of the used connection
• The default parameter set configured with AT^SJNET
Every access to a network resource tries to open/use a PDP context (with or without PDP con-
text parameters) and the following steps are executed in the given order:
1. Debugger default connection is checked: If the debugger connection is set to default (via
AT^SCFG), this connection is used.
2. In case a PDP context with an identical name (APN) is already open, the established con-
nection (with its additional parameters) is used. It is not possible to run different connections
with the same APN name.
3. If an APN is set, this APN is used. Should this not be possible because too many contexts
are already open, connection setup will fail.
4. If no APN is set, it is checked whether a default context (see AT^SJNET for details on how
to set dialup network access parameters) is configured and open. The context is used if
already open or opened if configured and not yet open.
5. If no APN is set and no default context is available (via AT^SJNET), find any open context
and use it.
6. If no APN is set, no default context is available (via AT^SJNET) and no open context is
available as well, then try to open a new context with empty parameters.
• As for the Java connector, IP services also use contexts identified by their APN, with the
same rules as described above to open a context. Any possible sharing of contexts is pos-
sible (Java uses contexts from IP services and vice versa).
• The connection profile is deactivated once all applications are finished: Java may setup its
networking idle time for every connection. For the Internet Services an inactivity timeout
referred to as parameter <inactTO> is available (configurable by AT^SICS and AT^SCFG).
So that means that Java networking and AT Internet Services can be used in parallel but
care has to be taken about configuring and activation of the connection profile. It is recom-
mended to set the parameters to the same values as the Java networking parameters. This
way it does not matter if a connection is activated by the Internet Services or Java.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 28 of 107
5.2 Power Saving
34
There are some aspects that have to be kept in mind for all IP Services (Java and AT com-
mand):
• When an open TCP connection is disrupted (e.g. the other side dies/is switched off) it takes
a complete re-transmission timeout during which re-transmissions are sent, until the situa-
tion is detected as an error (in Java an exception is thrown). The re-transmission timeout
may set via IP service commands (for IP services) or the netExtension class for regular
Java network access.
• The number of IP services used in parallel should be kept low. An active IP service uses up
resources and may deteriorate the overall performance.
• If a user rapidly closes and opens TCP/IP connections (e.g. SocketConnection, HTTPCon-
nection), a ConnectionNotFoundException reading "No buffer space available" may be
thrown, explaining that all TCP/IP socket resources are exhausted. In the worst case, open-
ing further TCP/IP connections is locked for up to 60 seconds.
• For information about the bearer state, use the specific IP service command AT^SICI and,
in addition, the general network commands AT+COPS and/or AT+CREG, or the Bearer-
Control / BearerControlListener Java classes.
• When trying to start the bearer when it is still in the process of shutting down, e.g. right after
a "network idle timeout" an IOException is thrown. Either use a delay or wait for bearer state
to actually say "down". Use the BearerControl class. This class provides bearer state infor-
mation and methods to hang up.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 29 of 107
5.3 Airplane Mode
34
Since the RF interface is switched off all classes related to networking connections, e.g. Sock-
etConnection, UDPDatagramConnection, SocketServerConnection, HTTPConnection, will
throw an exception when accessed.
5.4 Alarm
The ALARM can be set with the AT+CALA command. Please refer to the AT Command Set [1]
and Hardware Interface Description [2] for more information. It is possible to set an alarm,
switch off the module with AT^SMSO, and have the module restart at the time set with AT+CA-
LA. When the alarm triggers the module restarts and with it any Java application.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 30 of 107
5.5 Shutdown
34
5.5 Shutdown
If an unexpected shutdown occurs, data scheduled to be written will get lost due to a buffered
write access to the flash file system. The best and safest approach to powering down the mod-
ule is to issue the AT^SMSO command. This procedure lets the module log off from the network
and allows the software to enter a secure state and save all data. Further details can be found
in [2].
Appropriate warning messages transmitted by the ME to the host application are implemented
as URCs. To activate the URCs for temperature conditions use the AT^SCTM command.
For further detail refer to the command AT^SCTM described in the AT Command Set [1]. In
addition, a description of the shutdown procedure can be found in [2].
5.5.4 Watchdog
The Watchdog class allows to access the HW watchdog of the system from application level.
Depending on the setting (AT^SCFG) the userware watchdog can do nothing, switch-off or re-
boot the system.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 31 of 107
5.6 Special AT Command Set for Java Applications
34
Existing workarounds:
• Instead of listing the whole phone book, read the entries one by one
• Instead of listing the entire short message memory, again list message after message
• Similarly, read the provider list piecewise
If Java is running, the firmware will ignore any settings from these commands. Responses to
the read, write or test commands will be invalid or deliver „ERROR“.
Note: When a Java application is running, all settings of the serial interface are done with the
class CommConnection. This is fully independent of any AT commands relating to a serial in-
terface. However, the following restrictions apply in configuring the serial interface: Baudrate:
Only 1200, 2400, 4800, 9600, 14400, 19200, 28800, 38400, 57600, 115200, 230400, 460800
and 921600 are supported; Stopbits: "1" and "2"is supported; Parity: Parity: "even", "odd",
"none" are all supported. Character framing: 7bit and 8bit are both supported.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 32 of 107
5.7 System Out
34
Using System.out and CommConnection on the same serial interface may be done if a device
connected to the serial port is only transmitting data to the module. It is recommended to en-
sure already in the HW design that output from the module cannot be transferred to a connect-
ed device.
5.7.2 File
The System.out print can be redirected into log files within the module’s flash file system. The
output will be written alternatingly into two files which can be concatenated afterwards to have
a single log file.
Writing the output to a file will slow down the virtual machine. To reduce the impact of logging
the output may be written first to a buffer before it is written to the file (buffered mode). The buff-
ered output is written either if the buffer is filled or after 200 ms. If the buffer is not used (secure
mode) the output is written directly to the file. Because excessive writing to the module’s flash
file system decreases the life time of the flash memory, we recommend using the System.out
to file redirection only during development phases.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 33 of 107
5.8 Restrictions
34
5.8 Restrictions
The maximum number of directories is limited to 100, the maximum number of files is limited
to 1100. Please note that the actual amount of files and directories may be lower, because
some of them are used internally by the java application manager.
Avoid using any blank in the names of JAR or JAD files. Otherwise the file explorer might not
recognize the names. If the OTAP server adds a blank into the filenames, problems with OTAP
will occur.
Please note that the file system will have major performance drops, if small data blocks are ap-
pended to large files (>1MByte), or if there are already a lot of directories and files on the file
system, or if the file system is nearly full. It is recommended to write blocks of at least 4 KByte
to large files, and to avoid having more than 300 directory and file entities on the file system.
Please also note that writing continuously large data blocks to the file system can slow down
execution of all other java tasks. To avoid this a Thread.sleep(100) should be added to a writ-
ing loop.
5.8.2 Memory
The CLDC 1.1 HI features a just-in-time compiler. This means that parts of the Java byte code
which are frequently executed are translated into machine code to improve efficiency. This fea-
ture uses up RAM space. There is always a trade off between code translation to speed up ex-
ecution and RAM space available for the application.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 34 of 107
5.9 System Time
34
This means that a Java application can open multiple file connections to simultaneously access
a single file on the file system by using the JRS75 FileConenction API. The application layer is
in this case responsible for the control of the resource conflict management, e.g., to prevent
multiple connections to access a single file, thus ensuring the correct application logic.
The GPS antenna's working mode can be set to either passive or active antenna mode. By de-
fault, passive antenna mode is enabled, i.e., usage of a passive GPS antenna:
• Active antenna mode:
- Configure GPIO12 to activate the active antenna power supply line ANT_GPS_PWR by
executing AT^SCFG="Gpio/mode/GPSANT","std" , then reboot module for the activation
to take effect. For more information on GPSANT please refer to [1].
- The active antenna mode can then be specified by executing AT^SGPSC="Mode/
Antenna","1", and then rebooting the module for the mode to take effect.
• Passive antenna mode:
- The passive antenna mode can be configured again by entering AT^SGPSC="Mode/
Antenna","0", and then rebooting the module for the default mode to take effect.
A-GPS functionality is available for EHS8. Before using it however, the SUPL server informa-
tion and GPRS access must be configured:
• AT^SGPSC="Assist/Address" should be used to configure the SUPL server. For details on
this AT command please refer to [1].
• AT^SJNET should be used to configure GPRS access. For details on this AT command
please refer to [1].
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 35 of 107
6 MIDlets
37
6 MIDlets
Java applications in Java METM are called MIDlets. The MIDlet code structure is very similar to
applet code. There is no main method and MIDlets always extend the MIDlet class. The MIDlet
class in the MIDlet package provides methods to manage a MIDlet's life cycle.
State changes are controlled by the MIDlet interface, which supports the following methods:
• pauseApp() – the MIDlet should release any temporary resources and become passive.
• startApp() – the MIDlet starts its execution, needed resources can be acquired here or in
the MIDlet constructor.
Note: Take care that the startApp() method is always properly terminated before calling the
destroyApp() method. For example, avoid that threads launched by startApp() enter a
closed loop, and be sure that all code was entirely executed. This is especially important
for OTAP, which needs to call destroyApp().
• destroyApp() – the MIDlet should save any state and release all resources
Note: To destroy only the Java application without switching off the module, the destroy-
App() method can be called explicitly. To destroy the Java application and switch off the
module at the same time, it is sufficient to send the AT^SMSO command from somewhere
in your code, because this procedure implies calling the destroyApp() method. Likewise,
resetting the module with AT+CFUN=x,1 also implies calling the destroyApp() method.
Note that AT+CFUN=x,1 will restart the module – to restart Java afterwards either use the
autostart mode configured with AT^SCFG or restart Java with AT^SJAM or AT^SJRA.
From this you can see that the commands AT^SMSO and AT+CFUN=x,1 should never be
sent within the destroyApp() method. It is good practice to always call the notifyDestroyed()
method at the end of your destroyApp() method. And use the destroyApp() method as sin-
gle exit point of your MIDlet.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 36 of 107
6.3 Multiple MIDlets
37
• notifyDestroyed() – the MIDlet notifies the application management software that it has
cleaned up and is done.
Note: the only way to terminate a MIDlet is to call notifyDestroyed(), but destroyApp() is not
automatically called by notifyDestroyed(). You must not terminate your MIDlet (i.e. having
no threads left) and not calling notifyDestroyed() before.
• notifyPaused() – the MIDlet notifies the application management software that it has
paused
• resumeRequest() – the MIDlet asks application management software to be started again.
The maximum number of MIDlets running simultaneously is eight while in normal operation and
seven while doing on-device debugging. When the maximum number of MIDlets is reached a
further MIDlet will still start (“startApp” method is called) but it will then terminate immediately
with an error message on System.out.
It is recommended to keep the total number of MIDlets low in real world applications.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 37 of 107
6.4 Hello World MIDlet
37
/**
* HelloWorld.java
*/
package example.helloworld;
import javax.microedition.midlet.*;
import java.io.*;
/**
* HelloWorld - default constructor
*/
public HelloWorld() {
System.out.println("HelloWorld: Constructor");
}
/**
* startApp()
*/
public void startApp() throws MIDletStateChangeException {
System.out.println("HelloWorld: startApp()");
System.out.println("\nHello World!\n");
destroyApp();
}
/**
* pauseApp()
*/
public void pauseApp() {
System.out.println("HelloWorld: pauseApp()");
}
/**
* destroyApp()
*/
public void destroyApp(boolean cond) {
System.out.println("HelloWorld: destroyApp(" + cond + ")");
notifyDestroyed();
}
}
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 38 of 107
7 File Transfer to Module
39
While running the module with the Module Exchange Suite, subdirectories and files can be add-
ed to the flash file system of module. Keep in mind that a maximum of 200 flash objects (files
and subdirectories) per directory in the flash file system of the module is recommended.
Note: If the module is turned on and one of the module's serial interfaces (ASC0 or ASC1) is
connected to the COM port that the Module Exchange Suite is configured to, the character
framing and parity format used for receiving and transmitting data via UART must be "8bits, no
parity,1 stop bit". If you use AT command (eg, "AT+ICF") to change the character framing and
parity format (eg, to "8 bits, no parity, 2 stop bits" or other format) for some reason, please re-
store it to "8bits, no parity,1 stop bit" before you use Module Exchange Suite.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 39 of 107
7.3 Security Issues
39
The copy protection rules for Java applications prevent opening, reading, copying, moving or
renaming of JAR files. It is not recommended that the name of a Java application (for example
<name>.jar) be used for a directory, since the copy protection will refuse access to open, copy
or rename such directories.
7.3.2 OTAP
• A password should be used to update with OTA (SMS Authentication)
• Parameters should be set to fixed values (AT^SJOTAP) whenever possible so that they
cannot be changed over the air.
• The HTTP server should be secure (e.g. access control via basic authentication).
• Ensure that the OTAP server does not add a blank to the names of JAR and JAD files,
because this will cause problems with OTAP.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 40 of 107
8 Over The Air Provisioning (OTAP)
49
The OTAP mechanism described in this document does not require any physical user interac-
tion with the device; it can be fully controlled over the air interface. Therefore it is suitable for
Java devices that are designed not to require any manual interaction such as vending ma-
chines or electricity meters.
d
id $ 7
s1, P
Clas
SMS
OTAP Controller
(SMS Sender)
The Java Application Server (HTTP(S) Server) contains the .jar and the .jad file to be loaded
on the device. Access to these files can be protected by HTTP basic authentication.
The OTAP Controller (SMS Sender) controls the OTAP operations. It sends SMs, with or with-
out additional parameters, to the devices that are to be operated. These devices then try to con-
tact the HTTP server and download new application data from it. The OTAP Controller will not
get any response about the result of the operation. Optionally the module can send a result re-
sponse over HTTP if supported by the server.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 41 of 107
8.3 OTAP Parameters
49
Parameters that are set by AT command cannot be overwritten by SM. Parameter that were
not configured by AT command can be configured via SMS - however, the SMS configuration
will not be saved. For security reasons these parameters should therefore also be configured
by AT command before the first OTAP is triggered by SM. After a firmware update, it is recom-
mended to configure the OTAP parameters by AT command again, because the previously
saved configuration (with the previous firmware) may be out-of-date.
• JAD File URL: The location of the JAD file is used to install or update procedures. The JAD
file needs to be located on the net (e.g. http://someserver.net/somefile.jad or http://
192.168.1.2/somefile.jad ). A URL parameter set via SMS will be appended to the URL set
by AT command, regardless of whether the URL configured by AT command is the com-
plete JAD file path or not. This can be used to handle different Java applications on the
same server. If you would like to encrypt the data transmission use HTTPS, e.g. https://
someserver.net/somefile.jad.
• HTTP User: A username used for authentication with the HTTP server.
• HTTP Password: A password used for authentication with the HTTP server.
• Bearer: The network bearer used to open the HTTP/TCP/IP connection.
• APN: Depending on the selected network bearer this is an access point name for GPRS.
• Net User: A username used for authentication with the network.
• Net Password: A password used for authentication with the network.
• DNS: A Domain Name Server’s IP address used to query hostnames.
• NotifyURL: The URL to which results are posted. This parameter is only used when the
MIDlet-Install-Notify attribute or MIDlet-Delete-Notify attribute is not present in descriptor. If
the NotifyURL parameter is specified, Bearer and APN parameters are both mandatory.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 42 of 107
8.4 Short Message Format
49
The length of the string parameters in the AT command is limited (see Table 2), the length in
the SM is only limited by the maximum SM length.
The minimum set of required parameters depends on the intended operation (see Table 2).
“optional/P” indicates that this parameter is only necessary when a POST result is desired.
Install operation:
First SM:
OTAP_IMPNG
PWD:secret
JADURL:http://www.greatcompany.com/coolapps/mega.jad
HTTPUSER:user
HTTPPWD:anothersecret
Second SM:
OTAP_IMPNG
PWD:secret
BEARER:gprs
APNORNUM:access.to-thenet.net
NETUSER:nobody
NETPWD:nothing
DNS:192.168.1.2
START:install
Delete operation:
OTAP_IMPNG
PWD:secret
JADURL:http://www.greatcompany.com/coolapps/mega.jad
START:delete
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 43 of 107
8.5 Java File Format
49
The first line is required: it is used to identify an OTAP SM. All other lines are optional and their
order is insignificant, each line is terminated with an LF: '\n' including the last one. The key-
words, in capital letters, are case sensitive. A colon separates the keywords from their values.
The values of BEARER and START are used internally and must be lower case. The password
(PWD) is case sensitive. The case sensitivity of the other parameter values depends on the
server application or the network. It is likely that not all parameters can be sent in one SM. They
can be distributed over several SMs. Every SM needs to contain the identifying first line
(OTAP_IMPNG) and the PWD parameter if a mandatory password has been enabled. OTAP
is started when the keyword START, possibly with a parameter, is contained in the SM and the
parameter set is valid for the requested operation. It always ends with a reboot, either when the
operation is completed, an error occurred, or the safety timer expired. This also means that all
parameters previously set by SM are gone.
Apart from the first and the last line in this example, these are the parameters described in the
previous section. Possible parameters for the START keyword are: “install”, “delete” or nothing.
In the last case, an install operation is done by default.
The network does not guarantee the order of SMs. So when using multiple SMs to start an
OTAP operation their order on the receiving side might be different from the order in which they
were sent. This could lead to trouble because the OTAP operation might start before all param-
eters are received. If you discover such problems, try waiting a few seconds between each SM.
OTAP is implemented as a special SM listener in the system, i.e., the OTAP SMS handling ac-
knowledges and then removes OTAP SMs from system. So, OTAP SMs are not subject to the
normal SM processing in the module. The customer application does not need to take care of
OTAP SMs - they will not fill up any SM storage.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 44 of 107
8.5 Java File Format
49
Example:
MIDlet-Name: MyTest
MIDlet-Version: 1.0.1
MIDlet-Vendor: TLR Inc.
MIDlet-Jar-URL: MyTest.jar
MIDlet-Description: My very important test
MIDlet-1: MyTest, , example.mytest.MyTest
MIDlet-Jar-Size: 1442
MicroEdition-Profile: IMP-NG
MicroEdition-Configuration: CLDC-1.1
A suitable Manifest file for the JAD file above might look like:
Manifest-Version: 1.0
MIDlet-Name: MyTest
MIDlet-Version: 1.0.1
MIDlet-Vendor: TLR Inc.
MIDlet-1: MyTest, , example.mytest.MyTest
MicroEdition-Profile: IMP-NG
MicroEdition-Configuration: CLDC-1.1
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 45 of 107
8.6 Procedures
49
8.6 Procedures
8.6.1 Install/Update
Closedown
Timeout
Start install/update procedure
HTTP request for .jad file
Safety Timeout
reboot
HTTP request for .jar file
Reboot
Figure 16: OTAP: Install/Update Information Flow (messages in brackets are optional)
When an SM with keyword START:install is received and there is a valid parameter set for the
operation, the module always reboots either when the operation completed, an error occurred
or the safety timer expired. If there is any error during an update operation the old application
is kept untouched.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 46 of 107
8.6 Procedures
49
8.6.2 Delete
Closedown
Timeout
Start delete procedure
Safety Timeout
Delete application dir
(HTTP Post Result)
reboot
Reboot
Figure 17: OTAP: Delete Information Flow (messages in brackets are optional)
When an SM with keyword START: delete is received and there is a valid parameter set for this
operation, the module reboots either when the operation completed, an error occurred or the
safety timer expired. If there is any error the application is kept untouched.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 47 of 107
8.7 Time Out Values and Result Codes
49
Result Codes: Supported status codes in body of the HTTP POST request:
• 900 Success
• 901 Insufficient memory in filesystem
• 902 User cancelled, i.e. HTTP authentication failed
• 903 - not supported-
• 904 JAR size mismatch, given size in JAD file does not match real size of jar file
• 905 Attribute mismatch, one of the mandatory attributes MIDlet-name, MIDlet-version, MID-
let-Vendor in the JAD file does not match those given in the JAR manifest
• 906 Invalid descriptor, something is wrong with the format of the .jad file
• 907 invalid JAR, the JAR file was not available under MIDlet-Jar-URL, files could not be
extracted from JAR archive, or something else is wrong with the format of the file.
• 908 incompatible configuration or profile
• 909 application authentication failure, signature did not match certificate
• 910 application authorization failure, tried to replace signed with unsigned version
• 911 -not supported-
• 912 Delete Notification
All HTTP packets (GET, POST) sent by the module contain the IMEI number in the User-Agent
field, e.g.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 48 of 107
8.9 OTAP Tracer
49
The serial interface on which you issue this command is then exclusively used for the OTAP
tracer. All other functionality which is normally present (AT commands or CommConnection
and System.out in Java) is not available when the tracer is on.
This feature is intended to be used during development phase and not in deployed devices.
8.10 Security
Java Security as described in Chapter 11 also has consequences for OTAP. If the module is in
secured mode the MIDlet signature is also relevant to the OTAP procedure. This means:
• If the application is an unsigned version of an installed signed version of the same applica-
tion then status code 910 is returned.
• If the applications signature does not match the module’s certificate then status code 909
is returned.
For security reason the reception of OTAP SMSs is disabled until the AT^SJOTAP write com-
mand has been issued at least once. This saves non Java users from using an open module
unintentionally.
8.11 How To
This chapter is a step-by-step guide for using OTAP.
1. Do you need OTAP? Is there any chance that it might be necessary to update the Java
application, install a new one or delete it? It could be that device is in the field and you can-
not or do not want to update it over the serial line. If the answer is “yes” then read through
the following steps, if the answer is “no” then consider simply setting the OTAP SMS pass-
word to protect your system. Then you are finished with OTAP.
2. Take a look at the parameters (Section 8.3), which control OTAP. You need to decide which
of them you want to allow to be changed over the air (by SMS) and which you do not. This
is mainly a question of security and what can fit into a short message. Then set the
“unchangeable” parameters with the AT command (AT^SJOTAP).
3. Prepare the HTTP server. The server must be accessible from your device over TCP/IP.
That means there is a route from your device over the air interface to the HTTP server and
back. When in doubt, write a small Java application using the HTTP Connection Interface
to test it. If you desire to use encrypted file transfer make sure that your HTTP server is set
up correctly for HTTPS.
4. Prepare the JAR and JAD files which are to be loaded over the air. Make sure that these
files conform to the requirements listed in Section 8.5 and that they represent a valid appli-
cation which can be started by AT^SJRA.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 49 of 107
8.11 How To
49
5. Put the files (JAR and JAD) on the HTTP Server. The files can either be publicly available
or protected through basic authentication. When in doubt try to download the files from the
server by using a common Web browser on a PC, which can reach your HTTP server over
TCP/IP. The HTTP server must be set up to handle the correct MIME types for the .jar and
.jad files. For jad files, the MIME type should be set to text/vnd.sun.j2me.app-descriptor. For
jar files, the MIME type should be set to application/java-archive jar.
6. Prepare the SM sender. The sender must be able to send SMs, which conform to Section
8.4, to your device. When in doubt try to send “normal” SMs to your device which can than
be read out from the AT command interface.
7. Test with a local device. Send a suitable short message to your device, which completes
the necessary parameter, sets and starts the operation. The operation is finished when the
device reboots. You can now check the device if the operation completed as desired.
8. Analyze errors. If the above test failed, looking at your device’s behavior and your HTTP
servers access log can give you a hint as to what went wrong:
- f the device did not terminate the running Java applications and did not reboot, not even
after the safety timeout, either your SM was not understood (probably in the wrong for-
mat) or it did not properly authenticate (probably used the wrong password) or your
parameter set is incomplete for the requested operation.
- If the device terminated the running Java applications, but did not access your HTTP
server, and rebooted after the safety timeout, there were most likely some problems
when opening the network connection. Check your network parameters.
- If the device downloaded the jad and possibly even the jar file but then rebooted without
saving them in the file system, most likely one of the errors outlined in Section 8.5
occurred. These are also the only errors which will return a response. They are posted to
the HTTP server if the jad file contains the required URL.
9. Start update of remote devices. If you were able to successfully update your local device,
which is hopefully a mirror of all your remote devices, you can start the update of all other
devices.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 50 of 107
9 Compile and Run a Program without a Java IDE
53
This chapter explains how to compile and run a Java application without a Java IDE.
In addition to class and resource files, a JAR file contains a manifest file, which describes the
contents of the JAR. The manifest has the name manifest.mf and is automatically stored in the
JAR file itself. An IMP manifest file for:
package example.mytest;
public class MyTest extends MIDlet
includes at least:
Manifest-Version: 1.0
MIDlet-Name: MyTest
MIDlet-Version: 1.0.1
MIDlet-Vendor: Test Inc.
MIDlet-1: MyTest, example.mytest.MyTest
MicroEdition-Profile: IMP-NG
MicroEdition-Configuration: CLDC-1.1
A JAD file must be written by the developer and must include at least:
MIDlet-Name: MyTest
MIDlet-Version: 1.0.1
MIDlet-Vendor: Test Inc.
MIDlet-1: MyTest, example.mytest.MyTest
MIDlet-Jar-URL: http://192.168.1.3/datafiles/MyTest.jar
MIDlet-Jar-Size: 1408
MicroEdition-Profile: IMP-NG
MicroEdition-Configuration: CLDC-1.1
Please note that the property "MIDlet-Jar-Size" must contain the correct size of the JAR file.
Otherwise the MIDlet cannot be started. The tools "SetJadProp.exe" and "GetJadProp.exe" un-
der the WTK bin directory provid convenient access to jad file properties via command line.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 51 of 107
9.2 Compile
53
The batch files for building the provided examples are using these tools to set the property
"MIDlet-Jar-Size" automatically during the build process.
Note that the ATCommand class is provided as an external library "cwmlib_1.0.jar" located in
the WTK subfolder "resources". So the content of this library must be added to each MIDlet us-
ing the ATCommand class. The batch files for building the provided WTK command line exam-
ples can be used as reference.
9.2 Compile
• Launch a Command Prompt. This can be done from the Programs menu or by typing "cmd"
at the Run... prompt in the Start menu.
• Change to the directory where the code to be compiled is kept.
Compile the program with the SDK. Examples of build batch files can be found in each sam-
ple program found in the samples directory "Documents and Settings\All Users\Cinterion\
EHS5 WTK Examples\WTKSamples" under Windows XP or "Users\Public\Cinterion\EHS5
WTK Examples\WTKSamples" under Windows Vista and above. The samples directory
can be opened directly via the WTK start menu entry.
• If the compile was successful the program can be transferred to the module and executed
as described in the following chapters.
The batch files for compiling the samples are using the system environment variables
EHS5_JAVA_HOME and EHS5_WTK_HOME and EHS5_CLASSPATH. The first one points
to the root directory of the installed JDK, the second one to the root directory of the Cinterion-
CMTK-EHS5-IMPNG installation and the last one contains the class path including all used
Java libraries. The installation process sets these environment variables. A modification is usu-
ally not necessary.
Example:
In your terminal program enter AT^SJAM=0,"a:/helloworld.jad","" to install and then
AT^SJAM=1,"a:/helloworld.jad","" to start the application.
Depending on which file you specify the java application manager tries to find the correspond-
ing file in the same directory. This search is not done by name, but by comparing the contained
attributes. The first file which contains the same values for MIDlet-Name, MIDlet-Version and
MIDlet-Vendor is used.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 52 of 107
9.4 Run on the Module with Autostart
53
After an automatic MIDlet start or restart, the following information is written to standard output:
"MIDlet:" followed by the MIDlet class name and the action performed.
Example:
"MIDlet:com.cinterion.jrc.JRC_Midlet autostart"
These AT command are preferable issued over one of the AT commands channels on USB.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 53 of 107
9.4 Run on the Module with Autostart
53
If the module is rebooted after that, or if the module runs longer than 20s in between reboots,
the whole autostart fail-safe mechanism starts over again from zero.
A further autostart fail-safe mechanism is based on the JRC MIDlet delivered with the module
by Gemalto M2M. If this MIDlet is not started, for example because autostart is disabled, a URC
^SYSINFO: 200 is generated after 40 seconds.
The startup of this JRC MIDlet is monitored via timer. If the timer times out - the timer runtime
depends on the JRC MIDlet version, but will as a rule be 30 seconds - a URC ^SYSINFO: 201
is generated, and the module restarts after another 5 seconds.
The number of restarts, initiated by unsuccessful startups from the JRC MIDlet, is monitored.
If this number exceeds 8, the startup of the JRC MIDlet is disabled, a URC ^SYSINFO: 202 is
generated, and a shutdown timer of 10 minutes is started. After this timeout, the module switch-
es off.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 54 of 107
10 Compile and Run a Program with a Java IDE
83
Flash File
JVM
System
Module
PC
Com Port
Module
Emulator
IDE/Debug
environment
In the debug environment the module is connected to a PC via a serial interface. This can be
a USB or RS232 line. The application can then be edited, built, debugged or run within an IDE
on the PC. When running or debugging the MIDlet under IDE control it is executed on the mod-
ule (on-device execution) and not on the PC. This can be either debugging mode, where the
MIDlet execution can still be controlled from the IDE (on-device debugging) or normal mode,
where the MIDlet is copied to the module and started normally. This ensures that all interfaces
behave the same whether debugging mode is used or not.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 55 of 107
10.1 Debug Environment
83
10.1.2 Emulator
The ME emulator is part of the CMTK and is used as the controlling entity for on-device debug-
ging (ODD). Some values can be configured in the file "wtk/bin/WM_Debug_config.ini". The
emulator runs fine without changes in WM_Debug_config.ini file and should not be modified
under normal circumstances.
Debugging information between the debugger (IDE) and the JVM is transferred over an IP con-
nection. In order to establish this IP connection between the PC and the module the emulator
needs a special dial-up network (DUN):
• ISP name: "IP connection for remote debugging of EHSx"
• Modems: "Cinterion EHSx Java Debug Modem USB" for USB serial modem and "Cinterion
EHSx Java Debug Modem Ser"
• Phone number: *88#
• Disable the Redial if line dropped option.
• Enable Connect automatically
This dial-up network (DUN) connection is installed automatically together with the required mo-
dem device during installation of the CMTK. The emulator always uses the serial port config-
ured for this DUN connection.
To successfully setup the DUN connection for ODD over the serial interface, the three lines
DCD0, DTR0 and DSR0 should be configured using the following AT commands:
• AT^SCFG="GPIO/mode/DCD0","std" (enables DCD0 line for ASC0)
• AT^SCFG="GPIO/mode/DTR0","std" (enables DTR0 line for ASC0)
• AT^SCFG="GPIO/mode/DSR0","std" (enables DSR0 line for ASC0)
It is possible to use any of the three serial interfaces (USB, ASC0, ASC1) to connect with the
module, but then functionality normally available over the interface will be lost. Also, the DUN
under Windows needs the DCD line of the serial interface. The ASC1 interface of the EHSx
modules does not have this DCD line and the line will therefore have to be electrically set to
high for debugging over ASC1 - something that cannot be done by AT command. In addition,
the missing DTR input on ASC1 may prevent the module from detecting the termination of the
DUN, so in some cases the module has to be reset manually after the debug session was ter-
minated. Because of the above mentioned issues for ASC1 and for general performance rea-
sons it is recommended to use the USB interface for debugging (see also Section 10.1.3).
If using the USB interface in a debugging session, please note that it is recommended to wait
some seconds before starting a debugging session once again after the end of a previous de-
bugging session, because the Windows operation system needs some seconds to enable the
USB port once again after the "IP connection for remote debugging of EHSx" is closed.
If necessary, the IP addresses used for the debug connection can be changed. This is done in
the file "WM_Debug_config.ini". For details, see also the AT^SCFG command and its "User-
ware/DebugInterface" parameters described in [1]. Please keep in mind that the IP address
range 10.x.x.x is not supported for in device debugging!
During installation of CMTK some new programs are installed for handling the debugging ses-
sion in conjunction with the IDE. The installation routine of the CMTK does not change any con-
figuration of an existing firewall on your PC. In case a firewall is installed on your PC and the
local configured and used IP connection (DUN connection for debugging) is blocked or dis-
turbed by this firewall, please configure the firewall or the DUN connection manually to accept
the new installed programs and the port or to use another port or contact your local PC admin-
istrator for help.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 56 of 107
10.1 Debug Environment
83
If a serial COM port is employed however, the configured baud rate might not work reliably, de-
pending on the quality of the used serial cable and COM port hardware. In these cases it might
become necessary to change the baud rate of the debug connection manually. This has to be
done as follows:
• First, the baud rate of the modem device "Cinterion EHSx Java Debug Modem Ser" has to
be set to the required maximum port speed. The modem properties are available via the
Windows device manager or the phone and modem options (see Figure 19).
• Then the baud rate used by the debug connection "IP connection for remote debugging of
EHSx" must be set to exactly the same value. The properties of the debug connection are
available via the Windows network connection settings (see Figure 20 and Figure 21).
Please note that on device debugging does not work, if the maximum baud rates specified for
modem device and debug connection are not identical. In such a case the emulator aborts de-
bugging with an appropriate error message.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 57 of 107
10.1 Debug Environment
83
Figure 21: Specify baud rate for debug connection
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 58 of 107
10.2 Using Eclipse for Java Development
83
In case there is no usable IDE found on the target computer the setup process offers the auto-
matic installation of an adapted Eclipse Juno for Mobile Developers package. This platform is
pre-configured for mobile development and contains already the required MTJ plugin so that
there are no further steps required. Please note that the Eclipse installation is not done via the
Windows installer and therefore the installed files must be removed manually for a deinstalla-
tion. The setup process offers the possibility to enter the target path for the eclipse installation
which is by default the all users profile.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 59 of 107
10.2 Using Eclipse for Java Development
83
If there is already an appropriate Eclipse installation on the target computer the required MTJ
plugin provided on the installation medium can be installed manually for usage of the Cinterion
WTK. To install the plugin select the menu item "Help" -> "Install New Software…". Then simply
drag the file "Contribution\org.eclipse.mtj.update-site.zip" into the opened window. The table in
the Window will then show the content of the provided plugin archive. Select the complete con-
tent, click "Next" and follow the required steps.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 60 of 107
10.2 Using Eclipse for Java Development
83
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 61 of 107
10.2 Using Eclipse for Java Development
83
In the following window select the Browse… button, navigate to the root directory of the Cin-
terion EHSx WTK or enter the path "Program Files\Cinterion\CMTK\EHS5\WTK" directly. After
the path has been entered it is scanned for usable CLDC device configurations and the found
Cinterion WTK is added to the list. Please note that during WTK integration the connected de-
vices are queried. For this reason the module must be connected, switched on and the debug
connection must be configured properly during the integration process. In case of Windows fire-
wall notification all connection requests must be granted. If there were firewall notifications it is
possible that the WTK detection fails and must be repeated after the connections have been
allowed.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 62 of 107
10.2 Using Eclipse for Java Development
83
Now the Cinterion WTK is available in the list of installed Java ME SDKs. Select the device
"IMP_NG_EHS5_REMOTE1" and select "Set as default". To have the Cinterion WTK Java
documentation directly available in your MIDlet projects the following additional steps are nec-
essary. Select the new installed IMP_NG_EHS5 device and click the Edit… button.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 63 of 107
10.2 Using Eclipse for Java Development
83
In the following window select the Libraries tab and click into the Javadoc column for each jar
library where the corresponding documentation was not added automatically. Once the table
field is activated, a small button with ellipsis appears that allows browsing to the WTK docu-
mentation folder.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 64 of 107
10.2 Using Eclipse for Java Development
83
Figure 28: Import the provided WTK Samples - Select
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 65 of 107
10.2 Using Eclipse for Java Development
83
Once the root directory of the samples has been entered the existing projects are added to the
list and can be separately selected for import. Checking or unchecking the checkbox "Copy
projects into workspace" controls whether the samples are copied into the current Eclipse
workspace or kept where they are. After clicking the Finish button the selected samples are
available for editing and debugging.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 66 of 107
10.2 Using Eclipse for Java Development
83
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 67 of 107
10.2 Using Eclipse for Java Development
83
After clicking the Next button a wizard for MIDlet creation appears. Specify the appropriate op-
tions as required for the new project. Ensure that only the "IMP_NG_EHS5" configuration is se-
lected in the configuration list as active.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 68 of 107
10.2 Using Eclipse for Java Development
83
After clicking the Next button a window for configuring the MIDlet project content opens. Ensure
that the "Microedition Configuration" is set to "Connected Limited Device Configuration (1.1)"
and the "Microedition Profile" is set to "Information Module Profile (NG)". After all necessary
modifications have been done the project can be created by clicking the Finish button.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 69 of 107
10.2 Using Eclipse for Java Development
83
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 70 of 107
10.2 Using Eclipse for Java Development
83
To ensure the correct Java compiler setting right-click on the newly created project in the pack-
age tree explorer on the left side of the Eclipse window and select "Properties". In the opened
project properties window select the item "Java Compiler" in the list on the left side. Ensure that
the check box "Enable project specific settings" is selected and the "Compiler compliance level"
is set to 1.3 or 1.4.
If the ATCommand class is to be used the corresponding library must be added to the project.
Right click into the project tree and select "Build Path -> Add External Archives…". Then nav-
igate to the folder "Program Files\Cinterion\CMTK\EHS5\WTK\resources" and select the library
file "cwmlib_1.0.jar". If the Eclipse integration has been done by the EHS5 setup process a
classpath variable was created named "EHS5_WTK_CWMLIB" pointing to that external ar-
chive for convenience. In that case the archive can be added by right-clicking into the project
tree and selecting "Build Path -> Configure Build Path…". In the following dialog select the
property tab "Libraries", click on the button "Add Variable…" and select the variable
"EHS5_WTK_CWMLIB" in the following window. The provided example "AtCmdDemo" uses
this class path variable.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 71 of 107
10.2 Using Eclipse for Java Development
83
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 72 of 107
10.2 Using Eclipse for Java Development
83
To include the content of the cwmlib to the project package in the build path configuration the
cwmlib_1.0.jar or alternatively the variable "EHS5_WTK_CWMLIB" must be selected on the
property tab "Order and Export".
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 73 of 107
10.2 Using Eclipse for Java Development
83
To create the frame for a MIDlet program right-click into the project tree and select New-->"Ja-
va ME MIDlet". In the following wizard enter the name for the MIDlet and click the Finish button.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 74 of 107
10.2 Using Eclipse for Java Development
83
Now, a corresponding Java file with the source of the basic MIDlet interface is created inside
the source tree of the project. The only thing that remains to be done is to add a call of "noti-
fyDestroyed()" to the "destroyApp()" method.
Finally, the actual functionality can be implemented and the project can be started and de-
bugged inside the module as with other Eclipse projects. Please note that you must allow
Eclipse and the debug agent to pass the firewall and configure the debug IP connection as a
home network to be able to execute and debug MIDlets inside the device.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 75 of 107
10.2 Using Eclipse for Java Development
83
If Eclipse is installed via the Cinterion WTK setup a default workspace is created automatically
with all required settings. But because Eclipse stores all settings inside the workspaces a new
workspace which has been created via Eclipse it doesn't contain the necessary settings for us-
ing the Cinterion WTK. In this case the required settings can be added manually as described
in Section 10.2.2. Alternatively the Cinterion WTK setup can be executed in maintenance
mode. After scanning for supported IDEs the required settings will be added to all available
workspaces of a found Eclipse installation automatically.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 76 of 107
10.3 Using NetBeans for Java Development
83
For usage of the Cinterion WTK inside NetBeans the "Mobility" plugin must be installed. Refer
to Section 10.3.1 for information on how to install this plugin.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 77 of 107
10.3 Using NetBeans for Java Development
83
Please note that the EHSx modules are supporting on device profiling. This feature provides
the possibility to log and analyze the consumed CPU time on a per function base. For using
this feature the plugin "Java ME SDK Tools" from the category "Java ME SDK Tools" must be
installed as well. On NetBeans versions different to 7.2 the "Java ME SDK Tools" might not be
available via the NetBeans plugin manager. In this case the " Java ME SDK 3.2 " must be
downloaded from the following URL and installed manually:
http://www.oracle.com/technetwork/java/javame/javamobile/download/sdk/default-303768.html
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 78 of 107
10.3 Using NetBeans for Java Development
83
In the following dialog choose the platform type "Java ME MIDP Platform Emulator" or "Java
ME CLDC Platform Emulator" and click the Next button.
In the file dialog browse to the root folder of the Cinterion WTK directory "Program Files\Cin-
terion\CMTK\EHS5\WTK". Now the Cinterion WTK is listed in the platform dialog. Please note
that during WTK integration the connected devices are queried. For this reason the module
must be connected, switched on and the debug connection must be configured properly during
the integration process. In case of Windows firewall notification all connection requests must
be granted. If there were firewall notifications it is possible that the WTK detection fails and
must be repeated after the connections have been allowed.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 79 of 107
10.3 Using NetBeans for Java Development
83
After clicking the Next button the WTK interface is queried, the available emulator data dis-
played and the integration can be finished with the Finish button.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 80 of 107
10.3 Using NetBeans for Java Development
83
Figure 44: Integrating Cinterion WTK manually - Finish
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 81 of 107
10.3 Using NetBeans for Java Development
83
After clicking the Next button the project name and location can be entered. Depending on the
employed NetBeans version please unselect the option "Create Hello MIDlet" if available, be-
cause the provided MIDlet template does not fit the IMP profile very well. If the option "Create
Default Package and Main Executable Class" is available, it may remain selected causing the
frame of an empty MIDlet being created automatically.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 82 of 107
10.3 Using NetBeans for Java Development
83
In the next dialog it must be ensured that the correct emulator platform "IMP-NG EHS5 Wire-
less Toolkit by Cinterion", the correct device "IMP_NG_EHS5_REMOTE1", the correct device
configuration "CLDC-1.1" and the correct device profile "IMP-NG" are selected.
Figure 47: Creating a new MIDlet - Configure platform
After clicking the Finish button a newly created MIDlet project is available under the NetBeans
project tree. If not already completed the frame of an empty MIDlet program can be created by
right-clicking into the project tree and selecting "New" --> "MIDlet…". In the following wizard en-
ter the name for the MIDlet and the MIDlet class and click the Finish button.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 83 of 107
10.3 Using NetBeans for Java Development
83
Now, a corresponding Java file with the source of the basic MIDlet interface is created inside
the source tree of the project. The only things that remains to be done is to add a call of "noti-
fyDestroyed()" to the "destroyApp()" method and if required a class constructor.
When the ATCommand class is to be used the corresponding library must be added to the proj-
ect resources. Right-click on the "Resources" item in the "Projects" binder and select "Add Jar/
Zip…" from the popup menu. Then navigate to the folder "Program Files\Cinterion\CMTK\
EHS5\WTK\resources" and select the library file "cwmlib_1.0.jar". The provided example "AtC-
mdDemo" uses a local copy of this library. This is also possible.
Finally, the actual functionality can be implemented and the project can be started and de-
bugged inside the module as other NetBeans projects. Please note that you must allow Net-
Beans and the debug agent to pass the firewall and configure the debug IP connection as a
home network to be able to execute and debug MIDlets inside the device.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 84 of 107
11 Java Security
105
11 Java Security
The Java Security model follows the specification of MIDP 2.0 and conforms to IMP-NG. It in-
tegrates only a simple protection domain concept since protection domains are not required for
module use cases.
Restrictions:
• The module does not supply user independent date/time base. Therefore no examination
of the validity of the expiration date/time of the certificate takes place.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 85 of 107
11.1 Secure Data Transfer
105
HTTPSConnection, SecureConnection
• HTTP / SecureConnection over SSL version 3.0 and TLS versions 1.0, 1.1 and 1.2.
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_NULL_SHA
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_3DES_EDE_CBC_SHA
ECC cipher suites:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Static ECDH cipher suites:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
CyaSSL extension - eSTREAM cipher suites:
TLS_RSA_WITH_HC_128_CBC_MD5
TLS_RSA_WITH_HC_128_CBC_SHA
TLS_RSA_WITH_RABBIT_CBC_SHA
SHA-256 cipher suites:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256
AES-GCM cipher suites:
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 86 of 107
11.1 Secure Data Transfer
105
Mode 1:
• No examination of the server certificate takes place when setting up the connection. The
authenticity of the server certificate is not verified. See Figure 50.
Server
certificate
(X.509)
Public key from
Private key owner of the
from owner of certificate
the certificate
No check of
the certificate
by the module
TCP/IP connection
HTTPS server Module
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 87 of 107
11.1 Secure Data Transfer
105
CA Root
certificate
(X.509)
self signed
TCP/IP connection
HTTPS server Module
Test whether
certificates
are identical
Figure 51: Mode 2 - Server certificate and certificate into module are identical
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 88 of 107
11.1 Secure Data Transfer
105
Chain of certificates
Server CA Root
Certificate certificate
(X.509) (X.509)
CA s self signed
igne
signature of d the
serv
the CA er ce
rtific
Private key ate
public key from Public key from Private key
from owner of from owner of
owner of the owner of the
the server the CA
certificate certificate (CA)
certificate certificate
As
ja
va
se
cu
r
ity
ce
rti
icf
at
e
TCP/IP connection
HTTPS server Module
Test whether Create certificate chain and check these
certificates
are identical
Server CA root
certificate certificate
Figure 52: Mode 2 - Server certificate and self signed root certificate in module form a chain
The SSL protocol requires the client to create a digital signature by creating a one-way hash
from data generated randomly during the handshake and known only to the client and server.
The data hash is then encrypted with the private key that corresponds to the public key in the
certificate being presented to the server.
To use this process, it is possible to deposit a client certificate (with public key) and a client
private key on the module (for configuration command see Section 11.5.8 ).
The client certificate file and the client private key file must be in the file format "*.pem".
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 89 of 107
11.2 Execution Control
105
Unsecured mode:
• The device starts all Java applications (MIDlets).
• Java Security Commands that will be accepted in this mode:
Set Customer Keystore
Switch on/off Certificate Verification of the HTTPS Connections, Untrusted
Add Certificate for Verification of the HTTPS Connections, Untrusted
Del Certificate for Verification of the HTTPS Connections, Untrusted
Del all Certificates for Verification of the HTTPS Connections, Untrusted
Add Client Certificate for Client-Verification of the HTTPS Connections, Untrusted
Del Client Certificate for Client-Verification of the HTTPS Connections, Untrusted
Secured mode:
• A condition for the secured mode of the device is the existence of a customer ME keystore
with one certificate for the protection domain "operator" inside of the module.
• The customer can activate the secured mode of the device. To do so, the customer sends
an ME keystore to the device (over an AT interface). The device changes from unsecured
mode to secured mode. Now, the module will only start Java applications with a valid sig-
nature. In addition, the device will only accept special commands from the customer as long
as they are marked with a signature. The device examines each command with the public
key of the "operator" certificate from customer ME keystore.
• Java Security Commands that will be accepted in this mode:
Del Customer Keystore
Switch on/off Certificate Verification of the HTTPS Connections
Switch on/off OBEX Functionality
Add Certificate for Verification of the HTTPS Connections
Del Certificate for Verification of the HTTPS Connections
Del all Certificates for Verification of the HTTPS Connections
Add Client Certificate for Client-Verification of the HTTPS Connections
Del Client Certificate for Client-Verification of the HTTPS Connections
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 90 of 107
11.2 Execution Control
105
Generate ME keystore
SE keystore
(private key
public key)
ME keystore
(public key)
Module
Computer Send to module
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 91 of 107
11.2 Execution Control
105
Java-MIDlet
JAR-File
Generate HASH
JAR-File HASH (SHA1)
Encoding with private key
SE-Keystore
(private key)
Customer Environment
Java-MIDlet
JAD-File
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 92 of 107
11.3 Application and Data Protection
105
Each Java Security command is module specific. It contains the IMEI of the module. Before the
command is executed, the IMEI is checked.
General structure
total len cmd param num parameter unit ... signature unit
total len = all bytes of the command structure (including size of "total len")
param len = all bytes of the parameter structure (including size of "param len")
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 93 of 107
11.4 Structure and Description of the Java Security Commands
105
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 94 of 107
11.4 Structure and Description of the Java Security Commands
105
Add Certificate
Total len 0x0007 0x0004 Param unit IMEI Param unit file name Param unit bin data Param unit signature
Del Certificate
Total len 0x0008 0x0003 Param unit IMEI Param unit file name Param unit signature
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 95 of 107
11.4 Structure and Description of the Java Security Commands
105
generate HASH
HASH (SHA1)
Customer Environment
signature
build total command
cmd len + cmd param num parameter unit ... + signature unit
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 96 of 107
11.4 Structure and Description of the Java Security Commands
105
For the direct commands you can use the jseccmd tool (see Section 11.5.8). The output of
this tool can be used for the <data> parameter of the AT^SJMSEC command.
Example:
AT^SJMSEC="cmd","230103000300140003003030343430313038303832313538360005000
20000040104007D140282B3BF73AA6F542C6F93B1FAE94783F23B57241EFE57DFD7B0E7B96
F0B934AA6C33B8BBD873746FE9BBEF5E238DEC1549C0E7B5FC6BE1001D6F361B8077FF7333
07C06C297A26CE411C182E6757DD7181D20DF097044B38F9D22F19A503F719A67F00E0E244
DABC90DA2782E96E85A8B5DFFE6128138629087D443A97D19E010393CC9EFB64D58D139084
31C52DD17E44150ECC4D5B58179263EEA3C288269E52C9BCB3DF21BEB9753E847AE4BB09BA
EFC48A90ECB853CF34CF6AC8486E5F92F3715509160EDFFEC40380018122F9B26AE6E385AA
ABE42A9DE094164A6132286EF9E0848DE1169E4EEA830D96873023E524723E03A4D45D7021
81DA079"
For the indirect commands you can also use the jseccmd tool (see Section 11.5.8). The out-
put of this tool is a binary stream. You can save the stream to a file.
This file is copied into the file system of the module (root). MES is used for it. Then the AT com-
mand will be executed.
Example:
AT^SJMSEC="file","SetCustomerKeystore.bin"
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 97 of 107
11.4 Structure and Description of the Java Security Commands
105
AT^SJMSEC=?
Response(s)
^SJMSEC: <list of supported <CmdMode>s),(max. string length of <CmdData>)
OK
AT^SJMSEC?
Response(s)
^SJMSEC: <keystore state>,<https state>,<obex state>,<https client cert>
OK
ERROR
+CME ERROR: 21
Response(s)
[^SJMSEC: <err code>,<str>]
OK
ERROR
+CME ERROR: 21
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 98 of 107
11.4 Structure and Description of the Java Security Commands
105
Parameter description
<CmdMode>(str)
“cmd“ Direct command mode, i.e., the subsequent <CmdData> contains the
Java Security command.
<CmdData>(str)
<keystore state>(str)
<https state>(str)
<obex state>(str)
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 99 of 107
11.4 Structure and Description of the Java Security Commands
105
<err code>(str)
<str>(str)
Please note that the module must be reset after each command.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 100 of 107
11.5 Create a Java Security Environment Step by Step
105
The SE keystore contains the key pairs for signing data. For producing the key store with keys
the tool "keytool.exe" can be used. The program is in the Java Development Kit (JDK). For a
description see http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.
Example:
Example:
Example:
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 101 of 107
11.5 Create a Java Security Environment Step by Step
105
Example:
Example::
Example:
Example:
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 102 of 107
11.5 Create a Java Security Environment Step by Step
105
Command to switch OFF certificate verification for HTTPS connections (secured mode)
Command to switch OFF certificate verification for HTTPS connections (unsecured mode)
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 103 of 107
11.5 Create a Java Security Environment Step by Step
105
Command to ADD certificate for verification for HTTPS connections using the HTTPS server’s
certificate file in DER format (secured mode)
Command to ADD certificate for verification for HTTPS connections using the HTTPS server’s
certificate file in DER format (unsecured mode)
Command to DELETE certificate for verification for HTTPS connections (secured mode)
Command to DELETE certificate for verification for HTTPS connections (unsecured mode)
Command to DELETE ALL certificates for verification for HTTPS connections (secured mode)
Command to DELETE ALL certificates for verification for HTTPS connections (unsecured
mode)
Command to ADD client certificate for verification for HTTPS connections using the client cer-
tificate file and the private key file in PEM format (secured mode)
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 104 of 107
11.5 Create a Java Security Environment Step by Step
105
Command to ADD client certificate for verification for HTTPS connections using the client cer-
tificate file and the private key file in PEM format (Unsecured mode)
Command to DELETE client certificate for verification for HTTPS connections (secured mode)
Command to DELETE client certificate for verification for HTTPS connections (unsecured
mode)
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 105 of 107
11.6 Attention
105
jadtool -addcert
-inputjad ./helloworld.jad
-outputjad ./helloworld.jad
-alias operator -storepass keystorepass
-keypass keypass -keystore ./se_customer.ks
11.6 Attention
The central element of Java Security is the private key. If Java Security is activated and you
lose the private key, then the module is useless. You have no chance of deactivating Java Se-
curity, downloading of a new Midlet or starting any other operation concerning Java Security.
To prevent problems you are strongly advised to secure the private key.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
Java User’s Guide Page 106 of 107
12 Differences to EGS5/TC65i
106
12 Differences to EGS5/TC65i
This chapter gives a short overview of the main differences in the Java implementation be-
tween established Gemalto M2M products like TC65i or EGS5 and the newer product EHSx.
• The structure of the wtk/sdk has been changed slightly. Most notably classes.zip has been
split up in multiple .jar files, so called stubs. The HTML documentation has also been split
up into different packages. There is one core package (html_impng) containing CLDC, IMP-
NG and all Cinterion APIs and there are additional packages for further JSRs.
• A view hardware interface functions share the same hardware pins. Therefore some hard-
ware interfaces need to be enabled by AT command before they can be used via the Java
API.
• MIDlet installation, start, stop and de-installation is controlled by the AT command
AT^SJAM. The AT command AT^SJRA is deprecated. After installation the MIDlet is stored
in an internal section of the flash file system. This section also holds the MIDlets’ "Record-
Store". This means MIDlets and their record stores are not visible in the flash file system.
• In order to fit to the improved MIDlet installation mechanisms and also to handle multiple
MIDlets the OTAP mechanism has been adapted. The "Application directory" parameter
does no longer exist. The "JAD file URL" parameter can now also be a partial URL (e.g. to
a specific server), omitting the file name itself.
• The Java security AT command AT^SJSEC has been replaced by AT^SJMSEC offering
extended functionality.
• The mechanism to start MIDlets automatically at system startup does require an AT com-
mand setting as well as certain properties in the descriptor of MIDlet.
• The Java file access API (FileConnection) is now a certified JSR75 implementation and is
therefore no longer in the Cinterion package.
• The Watchdog class has been replaced by the Watchdog2 class. The Watchdog class is
now deprecated.
• The class NetExtension has been added to offer improved network functionality and error
reporting.
• The class FileExtension has been added to offer improved error reporting.
• The BearerControl class has been extended to handle multiple bearer (multiple PDP con-
texts) in parallel.
• Java standard APIs have been added: JSR280 (XML), JSR177 CRYPTO, JSR179 LOCA-
TION (only for EHS8)
• System.currentTimeMilis() always returns the time of the RTC that can be set with
AT+CCLK. This also affects the Calendar class.
• The AT^SJNET parameter <timeout> has been changed in its meaning.
ehsx_java_usersguide_v07 2015-02-13
Confidential / Released
107
About Gemalto
Gemalto (Euronext NL0000400653 GTO) is the world leader in digital security with 2011 annual
revenues of €2 billion and more than 10,000 employees operating out of 74 offices and 14 Research
& Development centers, located in 43 countries.
We are at the heart of the rapidly evolving digital society. Billions of people worldwide increasingly
want the freedom to communicate, travel, shop, bank, entertain and work - anytime, everywhere
- in ways that are enjoyable and safe. Gemalto delivers on their expanding needs for personal
mobile services, payment security, authenticated cloud access, identity and privacy protection,
eHealthcare and eGovernment efficiency, convenient ticketing and dependable machine-to-
machine (M2M) applications.
Gemalto develops secure embedded software and secure products which we design and
personalize. Our platforms and services manage these secure products, the confidential data they
contain and the trusted end-user services they enable. Our innovations enable our clients to offer
trusted and convenient digital services to billions of individuals.
© Gemalto 2015. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. April 2013
Gemalto thrives with the growing number of people using its solutions to interact with the digital
and wireless world.
M2M.GEMALTO.COM