/hg/icedtea-web: Fix RH838417, Fix RH838559: Disambiguate signed...
ddadacha at icedtea.classpath.org
ddadacha at icedtea.classpath.org
Fri Jul 20 07:38:43 PDT 2012
changeset be423d1f265d in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=be423d1f265d
author: Danesh Dadachanji <ddadacha at redhat.com>
date: Fri Jul 20 10:38:07 2012 -0400
Fix RH838417, Fix RH838559: Disambiguate signed applet security prompt from certificate warning.
diffstat:
ChangeLog | 11 ++++++++
NEWS | 2 +
netx/net/sourceforge/jnlp/resources/Messages.properties | 3 +-
netx/net/sourceforge/jnlp/security/CertWarningPane.java | 23 ++++++++--------
4 files changed, 27 insertions(+), 12 deletions(-)
diffs (120 lines):
diff -r d6e1139ec7d9 -r be423d1f265d ChangeLog
--- a/ChangeLog Thu Jul 19 18:44:51 2012 +0200
+++ b/ChangeLog Fri Jul 20 10:38:07 2012 -0400
@@ -1,3 +1,14 @@
+2012-07-18 Danesh Dadachanji <ddadacha at redhat.com>
+
+ Fix RH838417, Fix RH838559: Disambiguate signed applet security prompt
+ from certificate warning.
+ * NEWS: Added entries for RH838417 and RH838559.
+ * netx/net/sourceforge/jnlp/resources/Messages.properties:
+ Added SWarnFullPermissionsIgnorePolicy and updated SHttpsUnverified.
+ * netx/net/sourceforge/jnlp/security/CertWarningPane.java: Display
+ SWarnFullPermissionsIgnorePolicy if the cert is from a jar and is either
+ unverified or has a signing error. Also added warning.png to HTTPS dialogs.
+
2012-07-18 Thomas Meyer <thomas at m3y3r.de>
* plugin/icedteanp/java/sun/applet/PluginAppletViewer.java (handleMessage):
diff -r d6e1139ec7d9 -r be423d1f265d NEWS
--- a/NEWS Thu Jul 19 18:44:51 2012 +0200
+++ b/NEWS Fri Jul 20 10:38:07 2012 -0400
@@ -23,6 +23,8 @@
- PR1011: Folders treated as jar files in archive tag
* Common
- PR918: java applet windows uses a low resulution black/white icon
+ - RH838417: Disambiguate signed applet security prompt from certificate warning
+ - RH838559: Disambiguate signed applet security prompt from certificate warning
New in release 1.2 (2011-XX-XX):
* Security updates:
diff -r d6e1139ec7d9 -r be423d1f265d netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Thu Jul 19 18:44:51 2012 +0200
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Fri Jul 20 10:38:07 2012 -0400
@@ -205,6 +205,7 @@
SSigVerified=The application's digital signature has been verified. Do you want to run the application?
SSignatureError=The application's digital signature has an error. Do you want to run the application?
SUntrustedSource=The digital signature could not be verified by a trusted source. Only run if you trust the origin of the application.
+SWarnFullPermissionsIgnorePolicy=The code executed will be given full permissions, ignoring any java policies you may have.
STrustedSource=The digital signature has been validated by a trusted source.
SClipboardReadAccess=The application has requested read-only access to the system clipboard. Do you want to allow this action?
SClipboardWriteAccess=The application has requested write-only access to the system clipboard. Do you want to allow this action?
@@ -213,7 +214,7 @@
SNoAssociatedCertificate=<no associated certificate>
SUnverified=(unverified)
SAlwaysTrustPublisher=Always trust content from this publisher
-SHttpsUnverified=The website's certificate cannot be verified.
+SHttpsUnverified=The website's HTTPS certificate cannot be verified.
SNotAllSignedSummary=Only parts of this application code are signed.
SNotAllSignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
SNotAllSignedQuestion=Do you wish to proceed and run this application anyway?
diff -r d6e1139ec7d9 -r be423d1f265d netx/net/sourceforge/jnlp/security/CertWarningPane.java
--- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java Thu Jul 19 18:44:51 2012 +0200
+++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java Fri Jul 20 10:38:07 2012 -0400
@@ -1,5 +1,5 @@
/* CertWarningPane.java
- Copyright (C) 2008 Red Hat, Inc.
+ Copyright (C) 2012 Red Hat, Inc.
This file is part of IcedTea.
@@ -132,15 +132,19 @@
} catch (Exception e) {
}
- //Top label
+ // Labels
String topLabelText = "";
+ String bottomLabelText = parent.getCertVerifier().getRootInCacerts() ?
+ R("STrustedSource") : R("SUntrustedSource");
String propertyName = "";
String iconLocation = "net/sourceforge/jnlp/resources/";
boolean alwaysTrustSelected = false;
if (certVerifier instanceof HttpsCertVerifier) {
- topLabelText = R("SHttpsUnverified") + " " +
- R("Continue");
+ // HTTPS certs that are verified do not prompt for a dialog.
+ // @see VariableX509TrustManager#checkServerTrusted
+ topLabelText = R("SHttpsUnverified") + " " + R("Continue");
propertyName = "OptionPane.warningIcon";
+ iconLocation += "warning.png";
} else
switch (type) {
case VERIFIED:
@@ -153,11 +157,13 @@
topLabelText = R("SSigUnverified");
propertyName = "OptionPane.warningIcon";
iconLocation += "warning.png";
+ bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy");
break;
case SIGNING_ERROR:
topLabelText = R("SSignatureError");
propertyName = "OptionPane.warningIcon";
iconLocation += "warning.png";
+ bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy");
break;
}
@@ -218,20 +224,15 @@
add(infoPanel);
add(buttonPanel);
- JLabel bottomLabel;
+ JLabel bottomLabel = new JLabel(htmlWrap(bottomLabelText));;
JButton moreInfo = new JButton(R("ButMoreInformation"));
moreInfo.addActionListener(new MoreInfoButtonListener());
- if (parent.getCertVerifier().getRootInCacerts())
- bottomLabel = new JLabel(htmlWrap(R("STrustedSource")));
- else
- bottomLabel = new JLabel(htmlWrap(R("SUntrustedSource")));
-
JPanel bottomPanel = new JPanel();
bottomPanel.setLayout(new BoxLayout(bottomPanel, BoxLayout.X_AXIS));
bottomPanel.add(bottomLabel);
bottomPanel.add(moreInfo);
- bottomPanel.setPreferredSize(new Dimension(500, 100));
+ bottomPanel.setPreferredSize(new Dimension(600, 100));
bottomPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
add(bottomPanel);
More information about the distro-pkg-dev
mailing list