changeset in /hg/icedtea: 2008-02-19 Joshua Sumali <jsumali at re...
Joshua Sumali
jsumali at redhat.com
Tue Feb 19 08:31:42 PST 2008
changeset 2d4b136a3bad in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=2d4b136a3bad
description:
2008-02-19 Joshua Sumali <jsumali at redhat.com>
* tools/netx/jnlp/resources/Messages.properties: Added new messages for
trusted and untrusted certificates.
* tools/netx/jnlp/runtime/JNLPClassloader.java: Fixed code for showing
proper warning dialogs.
* tools/netx/jnlp/security/CertsInfoPane.java: Added SHA-1 and MD5
certificate fingerprints.
* tools/netx/jnlp/security/MoreInfoPane.java
(actionPerformed(e)): Changed getCerts() to getJarSigner()
* tools/netx/jnlp/security/SecurityWarningDialog.java
(DialogType): Added a new type of warning.
(certs): Removed this field and
(details): this field in favor of ...
(jarSigner): this new field.
(showAccessWarningDialog(accessType, file): Rewritten to show new warning
type.
(showMoreInfoDialog): Changed method signature to above field change.
(showCertInfoDialog): Likewise.
(getJarSigner): New Method.
(updateUI): Added extra case for new warning type.
* tools/netx/jnlp/services/ServiceUtil.java: Added extra parameter to
method call for changes in SecurityWarningDialog.
* tools/netx/jnlp/tools/JarSigner.java
(allVerified): Field refactored to ...
(alreadyTrustPublisher): This.
(rootInCacerts): New Field.
(certPath): Likewise.
(noSigningIssues): Likewise.
(getAlreadyTrustPublisher): New method.
(getRootInCacerts): Likewise.
(getCertPath): Likewise.
(allVerified): Method refactored to ...
(noSigningIssues): This.
(checkTrustedCerts): New method.
(getPublisher): Likewise.
(getRoot): Likewise.
* tools/netx/jnlp/security/AccessWarningPane.java: New file.
* tools/netx/jnlp/security/CertWarningPane.java: New file.
* tools/netx/jnlp/tools/KeyTool.java: New file.
* tools/netx/jnlp/security/SecurityWarningOptionPane.java: Removed since
this class was split into AccessWarningPane and CertWarningPane.
diffstat:
12 files changed, 1264 insertions(+), 341 deletions(-)
ChangeLog | 43 +
tools/netx/jnlp/resources/Messages.properties | 5
tools/netx/jnlp/runtime/JNLPClassLoader.java | 48 -
tools/netx/jnlp/security/AccessWarningPane.java | 199 +++++
tools/netx/jnlp/security/CertWarningPane.java | 223 ++++++
tools/netx/jnlp/security/CertsInfoPane.java | 40 +
tools/netx/jnlp/security/MoreInfoPane.java | 6
tools/netx/jnlp/security/SecurityWarningDialog.java | 139 ++-
tools/netx/jnlp/security/SecurityWarningOptionPane.java | 237 ------
tools/netx/jnlp/services/ServiceUtil.java | 2
tools/netx/jnlp/tools/JarSigner.java | 126 ++-
tools/netx/jnlp/tools/KeyTool.java | 537 +++++++++++++++
diffs (truncated from 1942 to 500 lines):
diff -r fe270b555f38 -r 2d4b136a3bad ChangeLog
--- a/ChangeLog Tue Feb 19 05:05:28 2008 -0500
+++ b/ChangeLog Tue Feb 19 11:31:22 2008 -0500
@@ -1,3 +1,46 @@ 2008-02-19 Gary Benson <gbenson at redhat
+2008-02-19 Joshua Sumali <jsumali at redhat.com>
+
+ * tools/netx/jnlp/resources/Messages.properties: Added new messages for
+ trusted and untrusted certificates.
+ * tools/netx/jnlp/runtime/JNLPClassloader.java: Fixed code for showing
+ proper warning dialogs.
+ * tools/netx/jnlp/security/CertsInfoPane.java: Added SHA-1 and MD5
+ certificate fingerprints.
+ * tools/netx/jnlp/security/MoreInfoPane.java
+ (actionPerformed(e)): Changed getCerts() to getJarSigner()
+ * tools/netx/jnlp/security/SecurityWarningDialog.java
+ (DialogType): Added a new type of warning.
+ (certs): Removed this field and
+ (details): this field in favor of ...
+ (jarSigner): this new field.
+ (showAccessWarningDialog(accessType, file): Rewritten to show new warning
+ type.
+ (showMoreInfoDialog): Changed method signature to above field change.
+ (showCertInfoDialog): Likewise.
+ (getJarSigner): New Method.
+ (updateUI): Added extra case for new warning type.
+ * tools/netx/jnlp/services/ServiceUtil.java: Added extra parameter to
+ method call for changes in SecurityWarningDialog.
+ * tools/netx/jnlp/tools/JarSigner.java
+ (allVerified): Field refactored to ...
+ (alreadyTrustPublisher): This.
+ (rootInCacerts): New Field.
+ (certPath): Likewise.
+ (noSigningIssues): Likewise.
+ (getAlreadyTrustPublisher): New method.
+ (getRootInCacerts): Likewise.
+ (getCertPath): Likewise.
+ (allVerified): Method refactored to ...
+ (noSigningIssues): This.
+ (checkTrustedCerts): New method.
+ (getPublisher): Likewise.
+ (getRoot): Likewise.
+ * tools/netx/jnlp/security/AccessWarningPane.java: New file.
+ * tools/netx/jnlp/security/CertWarningPane.java: New file.
+ * tools/netx/jnlp/tools/KeyTool.java: New file.
+ * tools/netx/jnlp/security/SecurityWarningOptionPane.java: Removed since
+ this class was split into AccessWarningPane and CertWarningPane.
+
2008-02-19 Gary Benson <gbenson at redhat.com>
* patches/icedtea-zero.patch: Pass LIBFFI_CFLAGS.
diff -r fe270b555f38 -r 2d4b136a3bad tools/netx/jnlp/resources/Messages.properties
--- a/tools/netx/jnlp/resources/Messages.properties Tue Feb 19 05:05:28 2008 -0500
+++ b/tools/netx/jnlp/resources/Messages.properties Tue Feb 19 11:31:22 2008 -0500
@@ -135,6 +135,7 @@ SFileWriteAccess=The application has req
SFileWriteAccess=The application has requested write access to a file on the machine. Do you want to allow this action?
SSigUnverified=The application's digital signature cannot be verified. Do you want to run the application?
SSigVerified=The application's digital signature has been verified. Do you want to run the application?
+SSignatureError=The application's digital signature has an error. Do you want to run the application?
SUntrustedSource=The digital signature could not be verified by a trusted source. Only run if you trust the origin of the application.
STrustedSource=The digital signature has been validated by a trusted source.
SClipboardReadAccess=The application has requested read-only access to the system clipboard. Do you want to allow this action?
@@ -149,6 +150,8 @@ SHasExpiredCert=The digital signature ha
SHasExpiredCert=The digital signature has expired.
SHasExpiringCert=Resources contain entries whose signer certificate will expire within six months.
SNotYetValidCert=Resources contain entries whose signer certificate is not yet valid.
+SUntrustedCertificate=The digital signature was generated with an untrusted certificate.
+STrustedCertificate=The digital signature was generated with a trusted certificate.
SRunWithoutRestrictions=This application will be run without the security restrictions normally provided by java.
-SRunWithUntrustedCertificate=The digital signature was generated with an untrusted certificate.
+
diff -r fe270b555f38 -r 2d4b136a3bad tools/netx/jnlp/runtime/JNLPClassLoader.java
--- a/tools/netx/jnlp/runtime/JNLPClassLoader.java Tue Feb 19 05:05:28 2008 -0500
+++ b/tools/netx/jnlp/runtime/JNLPClassLoader.java Tue Feb 19 11:31:22 2008 -0500
@@ -25,10 +25,12 @@ import java.lang.reflect.*;
import java.lang.reflect.*;
import javax.jnlp.*;
import javax.swing.JOptionPane;
+import java.security.cert.Certificate;
import netx.jnlp.cache.*;
import netx.jnlp.*;
import netx.jnlp.tools.JarSigner;
+import netx.jnlp.tools.KeyTool;
import netx.jnlp.services.*;
import netx.jnlp.security.*;
@@ -233,7 +235,6 @@ public class JNLPClassLoader extends URL
if (strict)
fillInPartJars(initialJars); // add in each initial part's lazy jars
- //Verify jars if the -verify option is passed.
if (JNLPRuntime.isVerifying()) {
JarSigner js;
@@ -243,6 +244,8 @@ public class JNLPClassLoader extends URL
js = verifyJars(initialJars);
} catch (Exception e) {
//we caught an Exception from the JarSigner class.
+ //Note: one of these exceptions could be from not being able
+ //to read the cacerts or trusted.certs files.
e.printStackTrace();
throw new LaunchException(null, null, R("LSFatal"),
R("LCInit"), R("LFatalVerification"), R("LFatalVerificationInfo"));
@@ -251,25 +254,32 @@ public class JNLPClassLoader extends URL
//Case when at least one jar has some signing
if (js.anyJarsSigned()){
signing = true;
- //if there was some problem with the signing...
- if (!js.allVerified()) {
-
- boolean b = SecurityWarningDialog.showWarningDialog(
- SecurityWarningDialog.AccessType.UNVERIFIED, file,
- js.getCerts(), js.getDetails());
- if (!b)
- throw new LaunchException(null, null, R("LSFatal"),
- R("LCLaunching"), R("LNotVerified"), "");
+
+ //user does not trust this publisher
+ if (!js.getAlreadyTrustPublisher()) {
+ if (!js.getRootInCacerts()) { //root cert is not in cacerts
+ boolean b = SecurityWarningDialog.showCertWarningDialog(
+ SecurityWarningDialog.AccessType.UNVERIFIED, file, js);
+ if (!b)
+ throw new LaunchException(null, null, R("LSFatal"),
+ R("LCLaunching"), R("LNotVerified"), "");
+ } else if (js.getRootInCacerts()) { //root cert is in cacerts
+ boolean b = false;
+ if (js.noSigningIssues())
+ b = SecurityWarningDialog.showCertWarningDialog(
+ SecurityWarningDialog.AccessType.VERIFIED, file, js);
+ else if (!js.noSigningIssues())
+ b = SecurityWarningDialog.showCertWarningDialog(
+ SecurityWarningDialog.AccessType.SIGNING_ERROR, file, js);
+ if (!b)
+ throw new LaunchException(null, null, R("LSFatal"),
+ R("LCLaunching"), R("LCancelOnUserRequest"), "");
+ }
} else {
- //jar is completely verified, but we still need to show
- //a dialog
-
- boolean b = SecurityWarningDialog.showWarningDialog(
- SecurityWarningDialog.AccessType.VERIFIED, file,
- js.getCerts(), js.getDetails());
- if (!b)
- throw new LaunchException(null, null, R("LSFatal"),
- R("LCLaunching"), R("LCancelOnUserRequest"), "");
+ /**
+ * If the user trusts this publisher (i.e. the publisher's certificate
+ * is in the user's trusted.certs file), we do not show any dialogs.
+ */
}
} else {
diff -r fe270b555f38 -r 2d4b136a3bad tools/netx/jnlp/security/AccessWarningPane.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/netx/jnlp/security/AccessWarningPane.java Tue Feb 19 11:31:22 2008 -0500
@@ -0,0 +1,199 @@
+/* AccessWarningPane.java
+ Copyright (C) 2008 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+*/
+
+package netx.jnlp.security;
+
+import java.awt.*;
+import javax.swing.*;
+import javax.swing.border.Border;
+import javax.swing.plaf.OptionPaneUI;
+import java.beans.PropertyChangeListener;
+import java.beans.PropertyChangeEvent;
+import java.awt.event.ActionListener;
+import java.awt.event.ActionEvent;
+import java.awt.event.WindowAdapter;
+import java.awt.event.ComponentAdapter;
+import java.util.List;
+import java.security.cert.Certificate;
+import java.security.cert.CertPath;
+import sun.swing.DefaultLookup;
+import netx.jnlp.runtime.JNLPRuntime;
+import netx.jnlp.JNLPFile;
+import netx.jnlp.tools.KeyTool;
+
+/**
+ * Provides the look and feel for a SecurityWarningDialog. These dialogs are
+ * used to warn the user when either signed code (with or without signing
+ * issues) is going to be run, or when service permission (file, clipboard,
+ * printer, etc) is needed with unsigned code.
+ *
+ * @author <a href="mailto:jsumali at redhat.com">Joshua Sumali</a>
+ */
+public class AccessWarningPane extends SecurityDialogUI {
+
+ JCheckBox alwaysAllow;
+
+ public AccessWarningPane(JComponent x) {
+ super(x);
+ }
+
+ /**
+ * Creates the actual GUI components, and adds it to <code>optionPane</code>
+ */
+ protected void installComponents() {
+ SecurityWarningDialog.AccessType type =
+ ((SecurityWarningDialog)optionPane).getType();
+ JNLPFile file =
+ ((SecurityWarningDialog)optionPane).getFile();
+
+ String name = "";
+ String publisher = "";
+ String from = "";
+
+ //We don't worry about exceptions when trying to fill in
+ //these strings -- we just want to fill in as many as possible.
+ try {
+ name = file.getInformation().getTitle();
+ } catch (Exception e) {
+ }
+
+ try {
+ publisher = file.getInformation().getVendor();
+ } catch (Exception e) {
+ }
+
+ try {
+ from = file.getInformation().getHomepage().toString();
+ } catch (Exception e) {
+ }
+
+ //Top label
+ String topLabelText = "";
+ String propertyName = "";
+ switch (type) {
+ case READ_FILE:
+ topLabelText = R("SFileReadAccess");
+ propertyName = "OptionPane.warningIcon";
+ break;
+ case WRITE_FILE:
+ topLabelText = R("SFileWriteAccess");
+ propertyName = "OptionPane.warningIcon";
+ break;
+ case CLIPBOARD_READ:
+ topLabelText = R("SClipboardReadAccess");
+ propertyName = "OptionPane.warningIcon";
+ break;
+ case CLIPBOARD_WRITE:
+ topLabelText = R("SClipboardWriteAccess");
+ propertyName = "OptionPane.warningIcon";
+ break;
+ case PRINTER:
+ topLabelText = R("SPrinterAccess");
+ propertyName = "OptionPane.warningIcon";
+ break;
+ }
+
+ //TODO: Get system icons and add them to our dialogs.
+ //Icon icon = (Icon)DefaultLookup.get(optionPane,this,propertyName);
+ JLabel topLabel = new JLabel(htmlWrap(topLabelText));
+ topLabel.setFont(new Font(topLabel.getFont().toString(),
+ Font.BOLD, 12));
+ JPanel topPanel = new JPanel(new BorderLayout());
+ topPanel.setBackground(Color.WHITE);
+ topPanel.add(topLabel, BorderLayout.CENTER);
+ topPanel.setPreferredSize(new Dimension(400,60));
+ topPanel.setBorder(BorderFactory.createEmptyBorder(10,10,10,10));
+
+ //application info
+ JLabel nameLabel = new JLabel("Name: " + name);
+ nameLabel.setBorder(BorderFactory.createEmptyBorder(5,5,5,5));
+ JLabel publisherLabel = new JLabel("Publisher: " + publisher);
+ publisherLabel.setBorder(BorderFactory.createEmptyBorder(5,5,5,5));
+ JLabel fromLabel = new JLabel("From: " + from);
+ fromLabel.setBorder(BorderFactory.createEmptyBorder(5,5,5,5));
+
+ alwaysAllow = new JCheckBox("Always allow this action");
+ alwaysAllow.setEnabled(false);
+
+ JPanel infoPanel = new JPanel(new GridLayout(4,1));
+ infoPanel.add(nameLabel);
+ infoPanel.add(publisherLabel);
+ infoPanel.add(fromLabel);
+ infoPanel.add(alwaysAllow);
+ infoPanel.setBorder(BorderFactory.createEmptyBorder(25,25,25,25));
+
+ //run and cancel buttons
+ JPanel buttonPanel = new JPanel(new FlowLayout(FlowLayout.RIGHT));
+
+ JButton run = new JButton("Allow");
+ JButton cancel = new JButton("Cancel");
+ run.addActionListener(createButtonActionListener(0));
+ run.addActionListener(new CheckBoxListener());
+ cancel.addActionListener(createButtonActionListener(1));
+ initialFocusComponent = cancel;
+ buttonPanel.add(run);
+ buttonPanel.add(cancel);
+ buttonPanel.setBorder(BorderFactory.createEmptyBorder(10,10,10,10));
+
+ //all of the above
+ JPanel main = new JPanel();
+ main.setLayout(new BoxLayout(main, BoxLayout.Y_AXIS));
+ main.add(topPanel);
+ main.add(infoPanel);
+ main.add(buttonPanel);
+
+ optionPane.add(main, BorderLayout.CENTER);
+ }
+
+ private static String R(String key) {
+ return JNLPRuntime.getMessage(key);
+ }
+
+ protected String htmlWrap (String s) {
+ return "<html>"+s+"</html>";
+ }
+
+ private class CheckBoxListener implements ActionListener {
+ public void actionPerformed(ActionEvent e) {
+ if (alwaysAllow != null && alwaysAllow.isSelected()) {
+ // TODO: somehow tell the ApplicationInstance
+ // to stop asking for permission
+ }
+ }
+ }
+
+}
diff -r fe270b555f38 -r 2d4b136a3bad tools/netx/jnlp/security/CertWarningPane.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/netx/jnlp/security/CertWarningPane.java Tue Feb 19 11:31:22 2008 -0500
@@ -0,0 +1,223 @@
+/* CertWarningPane.java
+ Copyright (C) 2008 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+*/
+
+package netx.jnlp.security;
+
+import java.awt.*;
+import javax.swing.*;
+import java.awt.event.ActionListener;
+import java.awt.event.ActionEvent;
+import java.security.cert.Certificate;
+import netx.jnlp.runtime.JNLPRuntime;
+import netx.jnlp.JNLPFile;
+import netx.jnlp.tools.KeyTool;
+
+/**
+ * Provides the look and feel for a SecurityWarningDialog. These dialogs are
+ * used to warn the user when either signed code (with or without signing
+ * issues) is going to be run, or when service permission (file, clipboard,
+ * printer, etc) is needed with unsigned code.
+ *
+ * @author <a href="mailto:jsumali at redhat.com">Joshua Sumali</a>
+ */
+public class CertWarningPane extends SecurityDialogUI {
+
+ JCheckBox alwaysTrust;
+
+ public CertWarningPane(JComponent x) {
+ super(x);
+ }
+
+ /**
+ * Creates the actual GUI components, and adds it to <code>optionPane</code>
+ */
+ protected void installComponents() {
+ SecurityWarningDialog.AccessType type =
+ ((SecurityWarningDialog)optionPane).getType();
+ JNLPFile file =
+ ((SecurityWarningDialog)optionPane).getFile();
+
+ String name = "";
+ String publisher = "";
+ String from = "";
+
+ //We don't worry about exceptions when trying to fill in
+ //these strings -- we just want to fill in as many as possible.
+ try {
+ name = file.getInformation().getTitle();
+ } catch (Exception e) {
+ }
+
+ try {
+ publisher = file.getInformation().getVendor();
+ } catch (Exception e) {
+ }
+
+ try {
+ from = file.getInformation().getHomepage().toString();
+ } catch (Exception e) {
+ }
+
+ //Top label
+ String topLabelText = "";
+ String propertyName = "";
+ switch (type) {
+ case VERIFIED:
+ topLabelText = R("SSigVerified");
+ propertyName = "OptionPane.informationIcon";
+ break;
+ case UNVERIFIED:
+ topLabelText = R("SSigUnverified");
+ propertyName = "OptionPane.warningIcon";
+ break;
+ case SIGNING_ERROR:
+ topLabelText = R("SSignatureError");
+ propertyName = "OptionPane.warningIcon";
+ break;
+ }
+ //TODO: Get system icons and add them to our dialogs.
+ //Icon icon = (Icon)DefaultLookup.get(optionPane,this,propertyName);
+ JLabel topLabel = new JLabel(htmlWrap(topLabelText));
+ topLabel.setFont(new Font(topLabel.getFont().toString(),
+ Font.BOLD, 12));
+ JPanel topPanel = new JPanel(new BorderLayout());
+ topPanel.setBackground(Color.WHITE);
+ topPanel.add(topLabel, BorderLayout.CENTER);
+ topPanel.setPreferredSize(new Dimension(400,60));
+ topPanel.setBorder(BorderFactory.createEmptyBorder(10,10,10,10));
+
+ //application info
+ JLabel nameLabel = new JLabel("Name: " + name);
+ nameLabel.setBorder(BorderFactory.createEmptyBorder(5,5,5,5));
+ JLabel publisherLabel = new JLabel("Publisher: " + publisher);
+ publisherLabel.setBorder(BorderFactory.createEmptyBorder(5,5,5,5));
+ JLabel fromLabel = new JLabel("From: " + from);
+ fromLabel.setBorder(BorderFactory.createEmptyBorder(5,5,5,5));
+
+ alwaysTrust = new JCheckBox(
+ "Always trust content from this publisher");
+ alwaysTrust.setEnabled(true);
+
+ JPanel infoPanel = new JPanel(new GridLayout(4,1));
+ infoPanel.add(nameLabel);
+ infoPanel.add(publisherLabel);
+ infoPanel.add(fromLabel);
More information about the distro-pkg-dev
mailing list