[icedtea-web] "Not All Signed" dialog and low-security setting
Jiri Vanek
jvanek at redhat.com
Wed Dec 4 08:32:17 PST 2013
On 12/03/2013 10:36 PM, Andrew Azores wrote:
> On 12/03/2013 11:04 AM, Jiri Vanek wrote:
>>
Wou!
Thanx for quick and elegant patch!
First - one clarification - as is "not all signed" pushed now, it rquires both "not all signed" and
"unsigned application wonts run" dialogs needs to be approved. You mentioned yesterday on IRC (sorry
if I do not remeber it correctly or misunderstood)
After this patch, only one dialogue needs to be agreed.
one "before review" conclusion - this will need to be split into two aptch - refactoring of current,
and new dialogue built on top of it.
Please try to add as much unittests as possible during both refractoring, and new dialogue
implemntation. Also thre seems to be more then one refactoring - the class abstraction and changed
constructo from (file) to (void)
hmm - do you know that your test applets run via jnlp do not close properly? Please fix...
General thoughts now, few comments in-line later:
What I like - reused dialogue code, shared "database" with unsigned, different icons, "diffferent"
text (so really elegant :)
What I'm not sure (but tbh I.m not sure why I'm not sure) - reused database with unsigned - it is
sightly different thing, but on the otherisde why reimplemnt wheel? On third side, why not to have
specific config file? on thirrd side, why yes?. Dialogues are to similar... (yes, really nitpick :)
.... the icon is probably enough.. but... The "new" dialogue need to show signature informations (as
signed app dialogue do)
one serious bug - jnlp app with mixed permissions do not ask for permissions (no matter on
-Xtrustall) - both with old dialogue and new dialogue (am I missing something?)
>> This seems to be included in current version of "Re: [rfc][icedtea-web] Mixed-signing applet
>> permissions (PR1592)" however seems to be not working.
>>
>> As you suggested - the "not signed app is running" dialogue should not be showing - but is.
>> However - this still needs some tweaking:
>> the "only part of application is signed" dialogue is really dummy - information of
>> codebases/page pase (both for signed and unsigned part), signature details... run, run in sandbox,
>> not run, remember decsission and so on are missing. Those information are critical for user to be
>> able to decide.
>> After "Re: [rfc][icedtea-web] Mixed-signing applet permissions (PR1592)" is in (as I'm going to
>> aprove it now) this dialogue tweeking will be blocker of 1.5 release, as it needs to be done right.
>>
>> J.
>
> This patch doesn't yet take into account the "run in sandbox" action button, but it does give a
> dedicated "Partially Signed" dialog, as opposed to stacking the "Unsigned" confirmation with the
> "not all signed" warning. The "not all signed" warning is no longer displayed when JARs with partial
> signing are discovered. Instead, the new "Partially Signed" dialog should appear in the same manner
> the "Unsigned" dialog does. The "not all signed" warning is still displayed when an applet's JARs
> are all signed but its main-class is external.
>
> The major change here is that the UnsignedAppletTrustWarningPanel became the AppletTrustWarningPanel
> and was made abstract. Two new concrete implementations extend it - UnsignedAppletTrustWarningPanel,
> and PartiallySignedAppletTrustWarningPanel. The two dialogs are mostly identical, the differences
> just being in the text they contain and the icons they display. The Unsigned variant is identical in
> appearance and function to how it was before the patch.
>
> Other than this, the changes are generally minor additions to support this addition elsewhere in the
> codebase, ie mirroring how the Extended Applet Security stuff deals with the Unsigned variant.
>
the codebase regexes and y,Y,n, N and so are honored, yes?
- as above. On one side I agree, on second, it si partially confusing. But as longer I look into
it, more I like it.
> This new dialog also doesn't obey the Extended Applet Security setting, so it will appear even if
> you have security set to Low. So those plugin applet tests from PR1592 can't be enabled yet.
yes this is important.
>
> ChangeLog:
> Introduce new Partially Signed security confirmation dialog.
> * netx/net/sourceforge/jnlp/resources/Messages.properties: (SPartiallySignedDetail) new message
> * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: (createInstance) invoke
> PartiallySignedAppletTrustWarning when appropriate. (initializeResources) do not show old "Not All
> Signed" warning for partially signed applets. (checkNotAllSignedWithUser) removed unneeded param
> * netx/net/sourceforge/jnlp/security/SecurityDialog.java: (initDialog, installPanel) handle new
> PARTIALLY_SIGNED_WARNING DialogType
> * netx/net/sourceforge/jnlp/security/SecurityDialogs.java: (DialogType) added
> PARTIALLY_SIGNED_WARNING. (UnsignedWarningAction) renamed to TrustWarningAction.
> (showPartiallySignedWarningDialog) new method
> * netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningDialog.java: use TrustWarningAction
> * netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java: mostly moved into new
> AppletTrustWarningPanel class, which it now extends.
> * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:
> new class
> * netx/net/sourceforge/jnlp/security/AppletTrustWarningPanel.java: new abstract parent class for
> UnsignedAppletTrustWarningPanel and PartiallySignedAppletTrustWarningPanel.
> * netx/net/sourceforge/jnlp/security/PartiallySignedAppletTrustWarningDialog.java: new class
> * netx/net/sourceforge/jnlp/security/PartiallySignedAppletTrustWarningPanel.java: new class
>
> Thanks,
>
> --
> Andrew A
>
>
> partially-signed-dialog.patch
>
>
> diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties b/netx/net/sourceforge/jnlp/resources/Messages.properties
> --- a/netx/net/sourceforge/jnlp/resources/Messages.properties
> +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties
> @@ -247,6 +247,7 @@
> SUnsignedQuestion=Allow the applet to run?
> SNotAllSignedSummary=Only parts of this application code are signed.
> SNotAllSignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
> +SPartiallySignedDetail=An application from the following location wants to run:<br> <u>{0}</u><br>The page which made the request was:<br> <u>{1}</u><br><br><b>This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
> SNotAllSignedQuestion=Do you wish to proceed and run this application anyway?
> SAuthenticationPrompt=The {0} server at {1} is requesting authentication. It says "{2}"
> SJNLPFileIsNotSigned=This application contains a digital signature in which the launching JNLP file is not signed.
> diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> @@ -387,8 +387,13 @@
> // If security level is 'high' or greater, we must check if the user allows unsigned applets
> // when the JNLPClassLoader is created. We do so here, because doing so in the constructor
> // causes unwanted side-effects for some applets
> - if (!loader.getSigning() && file instanceof PluginBridge) {
> - UnsignedAppletTrustConfirmation.checkUnsignedWithUserIfRequired((PluginBridge)file);
> + if (file instanceof PluginBridge) {
> + PluginBridge pluginFile = (PluginBridge) file;
> + if (loader.getSigningState() == SigningState.NONE) {
> + UnsignedAppletTrustConfirmation.checkUnsignedWithUserIfRequired(pluginFile);
> + } else if (loader.getSigningState() == SigningState.PARTIAL) {
> + UnsignedAppletTrustConfirmation.checkPartiallySignedWithUserIfRequired(pluginFile);
> + }
This do not seem ok - you are asking all applets to checkUnsignedWithUserIfRequired and all other
checkPartiallySignedWithUserIfRequired - You should checkPartiallySignedWithUserIfRequired for both,
when partial signing detected. And applet for checkUnsignedWithUserIfRequired if no signature detected.
> }
>
> // New loader init may have caused extentions to create a
> @@ -699,7 +704,7 @@
> && (available == null || available.size() == 0));
>
> if (!jcv.allJarsSigned() || externalMainClass) {
> - checkNotAllSignedWithUser(file);
> + checkNotAllSignedWithUser();
> signing = SigningState.PARTIAL;
> }
>
> @@ -779,7 +784,6 @@
> }
>
> if (containsSignedJar && containsUnsignedJar) {
> - checkNotAllSignedWithUser(file);
> signing = SigningState.PARTIAL;
> }
>
> @@ -1084,7 +1088,7 @@
> * @param file the JNLPFile or PluginBridge describing the applet/application to be launched
> * @throws LaunchException if the user does not approve the prompt
> */
> - private void checkNotAllSignedWithUser(JNLPFile file) throws LaunchException {
> + private void checkNotAllSignedWithUser() throws LaunchException {
> boolean promptUser = true;
>
> if (JNLPRuntime.isTrustAll()) {
> @@ -1095,6 +1099,7 @@
> throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
> }
> }
> +
> /**
> * Add applet's codebase URL. This allows compatibility with
> * applets that load resources from their codebase instead of
> @@ -1899,6 +1904,10 @@
> return signing == SigningState.FULL;
> }
>
> + public SigningState getSigningState() {
> + return signing;
> + }
> +
> protected SecurityDesc getSecurity() {
> return security;
> }
> diff --git a/netx/net/sourceforge/jnlp/security/AppletTrustWarningPanel.java b/netx/net/sourceforge/jnlp/security/AppletTrustWarningPanel.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/security/AppletTrustWarningPanel.java
> @@ -0,0 +1,309 @@
> +/* Copyright (C) 2013 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +package net.sourceforge.jnlp.security;
> +
> +import static net.sourceforge.jnlp.runtime.Translator.R;
> +
> +import java.awt.BorderLayout;
> +import java.awt.Color;
> +import java.awt.Dimension;
> +import java.awt.FlowLayout;
> +import java.awt.Font;
> +import java.awt.GridLayout;
> +import java.awt.event.ActionEvent;
> +import java.awt.event.ActionListener;
> +
> +import javax.swing.BorderFactory;
> +import javax.swing.BoxLayout;
> +import javax.swing.ButtonGroup;
> +import javax.swing.ImageIcon;
> +import javax.swing.JButton;
> +import javax.swing.JCheckBox;
> +import javax.swing.JDialog;
> +import javax.swing.JLabel;
> +import javax.swing.JPanel;
> +import javax.swing.JRadioButton;
> +import javax.swing.SwingConstants;
> +
> +import net.sourceforge.jnlp.PluginBridge;
> +import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
> +import net.sourceforge.jnlp.security.appletextendedsecurity.ExtendedAppletSecurityHelp;
> +import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletTrustConfirmation;
> +import net.sourceforge.jnlp.util.ScreenFinder;
> +
> +public abstract class AppletTrustWarningPanel extends JPanel {
As not all signed is shared also for jnlp, so better naame perhaps?
Maybe we can slowly migrate more dialogues to this style.
But even now, I'm already thinking about "show more" refactoring. (yes hlpcrypto;s motivation :) )
Also need of javadoc rised:(
> +
> + /*
> + * Details of decided action.
> + */
> + public static class TrustWarningAction {
> + private ExecuteUnsignedApplet action;
> + private boolean applyToCodeBase;
> +
> + public TrustWarningAction(ExecuteUnsignedApplet action,
> + boolean applyToCodeBase) {
> + this.action = action;
> + this.applyToCodeBase = applyToCodeBase;
> + }
> +
> + public ExecuteUnsignedApplet getAction() {
> + return action;
> + }
> + public boolean rememberForCodeBase() {
> + return applyToCodeBase;
> + }
> + }
> +
> + /*
> + * Callback for when action is decided.
> + */
> + public static interface ActionChoiceListener {
> + void actionChosen(TrustWarningAction action);
> + }
> +
> + private final int PANE_WIDTH = 500;
> +
> + private final int TOP_PANEL_HEIGHT = 60;
> + private final int INFO_PANEL_HEIGHT = 140;
> + private final int INFO_PANEL_HINT_HEIGHT = 25;
> + private final int QUESTION_PANEL_HEIGHT = 35;
> +
> + private JButton allowButton;
> + private JButton rejectButton;
> + private JButton helpButton;
> + private JCheckBox permanencyCheckBox;
> + private JRadioButton applyToAppletButton;
> + private JRadioButton applyToCodeBaseButton;
> +
> + private PluginBridge file;
> +
> + private ActionChoiceListener actionChoiceListener;
> +
> + public AppletTrustWarningPanel(PluginBridge file, ActionChoiceListener actionChoiceListener) {
> +
> + this.file = file;
> + this.actionChoiceListener = actionChoiceListener;
> +
> + addComponents();
> + }
> +
> + public JButton getAllowButton() {
> + return allowButton;
> + }
> +
> + public JButton getRejectButton() {
> + return rejectButton;
> + }
> +
> + private String htmlWrap(String text) {
> + return "<html>" + text + "</html>";
> + }
> +
> + protected abstract String getInfoImageLocation();
> +
> + private ImageIcon infoImage() {
> + final ClassLoader appLoader = new sun.misc.Launcher().getClassLoader();
> + return new ImageIcon(appLoader.getResource(getInfoImageLocation()));
> + }
> +
This was in original class? Pelase fix. No need to create new classlaoder...
> + protected abstract String getTopLabelTextKey();
> +
> + private void setupTopPanel() {
> + final String topLabelText = R(getTopLabelTextKey());
> +
> + JLabel topLabel = new JLabel(htmlWrap(topLabelText), infoImage(),
> + SwingConstants.LEFT);
> + topLabel.setFont(new Font(topLabel.getFont().toString(), Font.BOLD, 12));
> +
> + JPanel topPanel = new JPanel(new BorderLayout());
> + topPanel.setBackground(Color.WHITE);
> + topPanel.add(topLabel, BorderLayout.CENTER);
> + topPanel.setPreferredSize(new Dimension(PANE_WIDTH, TOP_PANEL_HEIGHT));
> + topPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
> +
> + add(topPanel);
> + }
> +
pls gather abstract methods together
> + protected abstract String getInfoLabelTextKey();
> +
> + private void setupInfoPanel() {
> + String infoLabelText = R(getInfoLabelTextKey(), file.getCodeBase(), file.getSourceLocation());
> + ExecuteUnsignedApplet rememberedAction = UnsignedAppletTrustConfirmation.getStoredAction(file);
> + int panelHeight = INFO_PANEL_HEIGHT;
> + if (rememberedAction == ExecuteUnsignedApplet.YES) {
> + infoLabelText += "<br>" + R("SUnsignedAllowedBefore");
> + panelHeight += INFO_PANEL_HINT_HEIGHT;
> + } else if (rememberedAction == ExecuteUnsignedApplet.NO) {
> + infoLabelText += "<br>" + R("SUnsignedRejectedBefore");
> + panelHeight += INFO_PANEL_HINT_HEIGHT;
> + }
> +
> + JLabel infoLabel = new JLabel(htmlWrap(infoLabelText));
> + JPanel infoPanel = new JPanel(new BorderLayout());
> + infoPanel.add(infoLabel, BorderLayout.CENTER);
> + infoPanel.setPreferredSize(new Dimension(PANE_WIDTH, panelHeight));
> + infoPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
> +
> + add(infoPanel);
> + }
> +
> + protected abstract String getQuestionPanelKey();
> +
> + private void setupQuestionsPanel() {
> + JPanel questionPanel = new JPanel(new BorderLayout());
> +
> + questionPanel.add(new JLabel(htmlWrap(R(getQuestionPanelKey()))), BorderLayout.EAST);
> +
> + questionPanel.setPreferredSize(new Dimension(PANE_WIDTH, QUESTION_PANEL_HEIGHT));
> + questionPanel.setBorder(BorderFactory.createEmptyBorder(0, 10, 0, 10));
> +
> + add(questionPanel);
> + }
> +
> + private JPanel createMatchOptionsPanel() {
> + JPanel matchOptionsPanel = new JPanel(new FlowLayout(FlowLayout.RIGHT));
> +
> + ButtonGroup group = new ButtonGroup();
> + applyToAppletButton = new JRadioButton(R("SRememberAppletOnly"));
> + applyToAppletButton.setSelected(true);
> + applyToAppletButton.setEnabled(false); // Start disabled until 'Remember this option' is selected
> +
> + applyToCodeBaseButton = new JRadioButton(htmlWrap(R("SRememberCodebase", file.getCodeBase())));
> + applyToCodeBaseButton.setEnabled(false);
> +
> + group.add(applyToAppletButton);
> + group.add(applyToCodeBaseButton);
> +
> + matchOptionsPanel.add(applyToAppletButton);
> + matchOptionsPanel.add(applyToCodeBaseButton);
> +
> + return matchOptionsPanel;
> + }
> +
> + private JPanel createCheckBoxPanel() {
> + JPanel checkBoxPanel = new JPanel(new FlowLayout(FlowLayout.LEFT));
> +
> + permanencyCheckBox = new JCheckBox(htmlWrap(R("SRememberOption")));
> + permanencyCheckBox.addActionListener(permanencyListener());
> + checkBoxPanel.add(permanencyCheckBox);
> +
> + return checkBoxPanel;
> + }
> +
> + private JPanel createButtonPanel() {
> + JPanel buttonPanel = new JPanel(new FlowLayout(FlowLayout.RIGHT));
> +
> + allowButton = new JButton(R("ButProceed"));
> + rejectButton = new JButton(R("ButCancel"));
> + helpButton = new JButton(R("APPEXTSECguiPanelHelpButton"));
> +
> + allowButton.addActionListener(chosenActionSetter(true));
> + rejectButton.addActionListener(chosenActionSetter(false));
> +
> + helpButton.addActionListener(new ActionListener() {
> +
> + public void actionPerformed(ActionEvent e) {
> + JDialog d = new ExtendedAppletSecurityHelp(null, false,"dialogue");
> + ScreenFinder.centerWindowsToCurrentScreen(d);
> + d.setVisible(true);
> + }
> + });
> +
> + buttonPanel.add(allowButton);
> + buttonPanel.add(rejectButton);
> + buttonPanel.add(helpButton);
> +
> + buttonPanel.setBorder(BorderFactory.createEmptyBorder(0, 10, 10, 10));
> +
> + return buttonPanel;
> + }
> +
> + // Set up 'Remember Option' checkbox & Proceed/Cancel buttons
> + private void setupButtonAndCheckBoxPanel() {
> + JPanel outerPanel = new JPanel(new BorderLayout());
> + JPanel rememberPanel = new JPanel(new GridLayout(2 /*rows*/, 1 /*column*/));
> + rememberPanel.add(createCheckBoxPanel());
> + rememberPanel.add(createMatchOptionsPanel());
> + rememberPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
> +
> + outerPanel.add(rememberPanel, BorderLayout.WEST);
> + outerPanel.add(createButtonPanel(), BorderLayout.EAST);
> +
> + add(outerPanel);
> + }
> +
> + /**
> + * Creates the actual GUI components, and adds it to this panel
> + */
> + private void addComponents() {
> + setLayout(new BoxLayout(this, BoxLayout.Y_AXIS));
> +
> + setupTopPanel();
> + setupInfoPanel();
> + setupQuestionsPanel();
> + setupButtonAndCheckBoxPanel();
> + }
> +
> + // Toggles whether 'match applet' or 'match codebase' options are greyed out
> + private ActionListener permanencyListener() {
> + return new ActionListener() {
> + @Override
> + public void actionPerformed(ActionEvent e) {
> + applyToAppletButton.setEnabled(permanencyCheckBox.isSelected());
> + applyToCodeBaseButton.setEnabled(permanencyCheckBox.isSelected());
> + }
> + };
> + }
> + // Sets action depending on allowApplet + checkbox state
> + private ActionListener chosenActionSetter(final boolean allowApplet) {
> + return new ActionListener() {
> + @Override
> + public void actionPerformed(ActionEvent e) {
> + ExecuteUnsignedApplet action;
> +
> + if (allowApplet) {
> + action = permanencyCheckBox.isSelected() ? ExecuteUnsignedApplet.ALWAYS : ExecuteUnsignedApplet.YES;
> + } else {
> + action = permanencyCheckBox.isSelected() ? ExecuteUnsignedApplet.NEVER : ExecuteUnsignedApplet.NO;
> + }
> +
> + boolean applyToCodeBase = applyToCodeBaseButton.isSelected();
> + actionChoiceListener.actionChosen(new TrustWarningAction(action, applyToCodeBase));
> + }
> + };
> + }
> +}
> \ No newline at end of file
> diff --git a/netx/net/sourceforge/jnlp/security/PartiallySignedAppletTrustWarningDialog.java b/netx/net/sourceforge/jnlp/security/PartiallySignedAppletTrustWarningDialog.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/security/PartiallySignedAppletTrustWarningDialog.java
> @@ -0,0 +1,63 @@
> +/* Copyright (C) 2013 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +package net.sourceforge.jnlp.security;
> +
> +import net.sourceforge.jnlp.PluginBridge;
> +import net.sourceforge.jnlp.security.AppletTrustWarningPanel.ActionChoiceListener;
> +import net.sourceforge.jnlp.security.AppletTrustWarningPanel.TrustWarningAction;
> +
> +/**
> + * A panel that confirms that the user is OK with partially signed code running.
> + *
> + */
> +public class PartiallySignedAppletTrustWarningDialog extends SecurityDialogPanel {
> +
> + public PartiallySignedAppletTrustWarningDialog(SecurityDialog x, PluginBridge file) {
> + super(x);
x? :)
> +
> + add(new PartiallySignedAppletTrustWarningPanel(file,
> + new ActionChoiceListener() {
> + @Override
> + public void actionChosen(TrustWarningAction action) {
> + parent.setValue(action);
> + parent.dispose();
> + }
> + })
> + );
> + }
> +
> +}
> diff --git a/netx/net/sourceforge/jnlp/security/PartiallySignedAppletTrustWarningPanel.java b/netx/net/sourceforge/jnlp/security/PartiallySignedAppletTrustWarningPanel.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/security/PartiallySignedAppletTrustWarningPanel.java
> @@ -0,0 +1,63 @@
> +/* Copyright (C) 2013 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +package net.sourceforge.jnlp.security;
> +
> +import net.sourceforge.jnlp.PluginBridge;
> +
> +public class PartiallySignedAppletTrustWarningPanel extends AppletTrustWarningPanel {
> +
please Override annotations!!
> + public PartiallySignedAppletTrustWarningPanel(PluginBridge file, ActionChoiceListener actionChoiceListener) {
> + super(file, actionChoiceListener);
> + }
> +
> + protected String getInfoImageLocation() {
> + return "net/sourceforge/jnlp/resources/warning.png";
> + }
> +
> + protected String getTopLabelTextKey() {
> + return "SNotAllSignedSummary";
> + }
> +
> + protected String getInfoLabelTextKey() {
> + return "SPartiallySignedDetail";
> + }
> +
> + protected String getQuestionPanelKey() {
> + return "SNotAllSignedQuestion";
> + }
> +
> +}
> \ No newline at end of file
> diff --git a/netx/net/sourceforge/jnlp/security/SecurityDialog.java b/netx/net/sourceforge/jnlp/security/SecurityDialog.java
> --- a/netx/net/sourceforge/jnlp/security/SecurityDialog.java
> +++ b/netx/net/sourceforge/jnlp/security/SecurityDialog.java
> @@ -234,6 +234,8 @@
> dialogTitle = "Applet Warning";
> else if (dialogType == DialogType.NOTALLSIGNED_WARNING)
> dialogTitle = "Security Warning";
> + else if (dialogType == DialogType.PARTIALLY_SIGNED_WARNING)
> + dialogTitle = "Security Warning";
> else if (dialogType == DialogType.AUTHENTICATION)
> dialogTitle = "Authentication Required";
>
> @@ -309,6 +311,8 @@
> panel = new NotAllSignedWarningPane(this);
> else if (dialogType == DialogType.UNSIGNED_WARNING) // Only necessary for applets on 'high security' or above
> panel = new UnsignedAppletTrustWarningDialog(this, (PluginBridge)file);
> + else if (dialogType == DialogType.PARTIALLY_SIGNED_WARNING)
> + panel = new PartiallySignedAppletTrustWarningDialog(this, (PluginBridge) file);
> else if (dialogType == DialogType.AUTHENTICATION)
> panel = new PasswordAuthenticationPane(this, extras);
>
> diff --git a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
> --- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
> +++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
> @@ -37,9 +37,6 @@
>
> package net.sourceforge.jnlp.security;
>
> -import net.sourceforge.jnlp.security.UnsignedAppletTrustWarningPanel.UnsignedWarningAction;
> -import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
> -
> import java.awt.Dialog.ModalityType;
> import java.awt.event.WindowAdapter;
> import java.awt.event.WindowEvent;
> @@ -54,6 +51,8 @@
> import net.sourceforge.jnlp.JNLPFile;
> import net.sourceforge.jnlp.config.DeploymentConfiguration;
> import net.sourceforge.jnlp.runtime.JNLPRuntime;
> +import net.sourceforge.jnlp.security.AppletTrustWarningPanel.TrustWarningAction;
> +import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
>
> /**
> * A factory for showing many possible types of security warning to the user.<p>
> @@ -74,6 +73,7 @@
> ACCESS_WARNING,
> NOTALLSIGNED_WARNING,
> UNSIGNED_WARNING, /* requires confirmation with 'high-security' setting */
> + PARTIALLY_SIGNED_WARNING,
this was not used with old dialogue? how come?
> APPLET_WARNING,
> AUTHENTICATION,
> }
> @@ -164,10 +164,10 @@
> *
> * @return true if permission was granted by the user, false otherwise.
> */
> - public static UnsignedWarningAction showUnsignedWarningDialog(JNLPFile file) {
> + public static TrustWarningAction showUnsignedWarningDialog(JNLPFile file) {
>
> if (!shouldPromptUser()) {
> - return new UnsignedWarningAction(ExecuteUnsignedApplet.NO, false);
> + return new TrustWarningAction(ExecuteUnsignedApplet.NO, false);
> }
>
> final SecurityDialogMessage message = new SecurityDialogMessage();
> @@ -175,7 +175,26 @@
> message.accessType = AccessType.UNSIGNED;
> message.file = file;
>
> - return (UnsignedWarningAction)getUserResponse(message);
> + return (TrustWarningAction)getUserResponse(message);
> + }
> +
> + /**
> + * Shows a warning dialog for when a plugin applet is partially signed.
> + *
> + * @return true if permission was granted by the user, false otherwise.
> + */
> + public static TrustWarningAction showPartiallySignedWarningDialog(JNLPFile file) {
> +
> + if (!shouldPromptUser()) {
> + return new TrustWarningAction(ExecuteUnsignedApplet.NO, false);
> + }
> +
> + final SecurityDialogMessage message = new SecurityDialogMessage();
> + message.dialogType = DialogType.PARTIALLY_SIGNED_WARNING;
> + message.accessType = AccessType.NOTALLSIGNED;
> + message.file = file;
> +
> + return (TrustWarningAction) getUserResponse(message);
> }
>
> /**
> diff --git a/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningDialog.java b/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningDialog.java
> --- a/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningDialog.java
> +++ b/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningDialog.java
> @@ -37,8 +37,8 @@
> package net.sourceforge.jnlp.security;
>
> import net.sourceforge.jnlp.PluginBridge;
> -import net.sourceforge.jnlp.security.UnsignedAppletTrustWarningPanel.UnsignedWarningAction;
> -import net.sourceforge.jnlp.security.UnsignedAppletTrustWarningPanel.ActionChoiceListener;
> +import net.sourceforge.jnlp.security.AppletTrustWarningPanel.ActionChoiceListener;
> +import net.sourceforge.jnlp.security.AppletTrustWarningPanel.TrustWarningAction;
>
> /**
> * A panel that confirms that the user is OK with unsigned code running.
> @@ -52,7 +52,7 @@
> add(new UnsignedAppletTrustWarningPanel(file,
> new ActionChoiceListener() {
> @Override
> - public void actionChosen(UnsignedWarningAction action) {
> + public void actionChosen(TrustWarningAction action) {
> parent.setValue(action);
> parent.dispose();
> }
> diff --git a/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java b/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java
> --- a/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java
> +++ b/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java
> @@ -65,238 +65,25 @@
> import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletTrustConfirmation;
> import net.sourceforge.jnlp.util.ScreenFinder;
>
> -public class UnsignedAppletTrustWarningPanel extends JPanel {
> +public class UnsignedAppletTrustWarningPanel extends AppletTrustWarningPanel {
>
> - /*
> - * Details of decided action.
> - */
> - public static class UnsignedWarningAction {
> - private ExecuteUnsignedApplet action;
> - private boolean applyToCodeBase;
> -
> - public UnsignedWarningAction(ExecuteUnsignedApplet action,
> - boolean applyToCodeBase) {
> - this.action = action;
> - this.applyToCodeBase = applyToCodeBase;
> - }
> -
> - public ExecuteUnsignedApplet getAction() {
> - return action;
> - }
> - public boolean rememberForCodeBase() {
> - return applyToCodeBase;
> - }
> + public UnsignedAppletTrustWarningPanel(PluginBridge file, ActionChoiceListener actionChoiceListener) {
> + super(file, actionChoiceListener);
> }
>
> - /*
> - * Callback for when action is decided.
> - */
> - public static interface ActionChoiceListener {
> - void actionChosen(UnsignedWarningAction action);
> + protected String getInfoImageLocation() {
> + return "net/sourceforge/jnlp/resources/info-small.png";
> }
>
> - private final int PANE_WIDTH = 500;
> -
> - private final int TOP_PANEL_HEIGHT = 60;
> - private final int INFO_PANEL_HEIGHT = 140;
> - private final int INFO_PANEL_HINT_HEIGHT = 25;
> - private final int QUESTION_PANEL_HEIGHT = 35;
> -
> - private JButton allowButton;
> - private JButton rejectButton;
> - private JButton helpButton;
> - private JCheckBox permanencyCheckBox;
> - private JRadioButton applyToAppletButton;
> - private JRadioButton applyToCodeBaseButton;
> -
> - private PluginBridge file;
> -
> - private ActionChoiceListener actionChoiceListener;
> -
> - public UnsignedAppletTrustWarningPanel(PluginBridge file, ActionChoiceListener actionChoiceListener) {
> -
> - this.file = file;
> - this.actionChoiceListener = actionChoiceListener;
> -
> - addComponents();
> - }
> -
> - public JButton getAllowButton() {
> - return allowButton;
> + protected String getTopLabelTextKey() {
> + return "SUnsignedSummary";
> }
>
> - public JButton getRejectButton() {
> - return rejectButton;
> + protected String getInfoLabelTextKey() {
> + return "SUnsignedDetail";
> }
>
> - private String htmlWrap(String text) {
> - return "<html>" + text + "</html>";
> - }
> -
> - private ImageIcon infoImage() {
> - final String location = "net/sourceforge/jnlp/resources/info-small.png";
> - final ClassLoader appLoader = new sun.misc.Launcher().getClassLoader();
> - return new ImageIcon(appLoader.getResource(location));
> - }
yah it was ;(
> -
> - private void setupTopPanel() {
> - final String topLabelText = R("SUnsignedSummary");
> -
> - JLabel topLabel = new JLabel(htmlWrap(topLabelText), infoImage(),
> - SwingConstants.LEFT);
> - topLabel.setFont(new Font(topLabel.getFont().toString(), Font.BOLD, 12));
> -
> - JPanel topPanel = new JPanel(new BorderLayout());
> - topPanel.setBackground(Color.WHITE);
> - topPanel.add(topLabel, BorderLayout.CENTER);
> - topPanel.setPreferredSize(new Dimension(PANE_WIDTH, TOP_PANEL_HEIGHT));
> - topPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
> -
> - add(topPanel);
> - }
> -
> - private void setupInfoPanel() {
> - String infoLabelText = R("SUnsignedDetail", file.getCodeBase(), file.getSourceLocation());
> - ExecuteUnsignedApplet rememberedAction = UnsignedAppletTrustConfirmation.getStoredAction(file);
> - int panelHeight = INFO_PANEL_HEIGHT;
> - if (rememberedAction == ExecuteUnsignedApplet.YES) {
> - infoLabelText += "<br>" + R("SUnsignedAllowedBefore");
> - panelHeight += INFO_PANEL_HINT_HEIGHT;
> - } else if (rememberedAction == ExecuteUnsignedApplet.NO) {
> - infoLabelText += "<br>" + R("SUnsignedRejectedBefore");
> - panelHeight += INFO_PANEL_HINT_HEIGHT;
> - }
> -
> - JLabel infoLabel = new JLabel(htmlWrap(infoLabelText));
> - JPanel infoPanel = new JPanel(new BorderLayout());
> - infoPanel.add(infoLabel, BorderLayout.CENTER);
> - infoPanel.setPreferredSize(new Dimension(PANE_WIDTH, panelHeight));
> - infoPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
> -
> - add(infoPanel);
> - }
> -
> - private void setupQuestionsPanel() {
> - JPanel questionPanel = new JPanel(new BorderLayout());
> -
> - questionPanel.add(new JLabel(htmlWrap(R("SUnsignedQuestion"))), BorderLayout.EAST);
> -
> - questionPanel.setPreferredSize(new Dimension(PANE_WIDTH, QUESTION_PANEL_HEIGHT));
> - questionPanel.setBorder(BorderFactory.createEmptyBorder(0, 10, 0, 10));
> -
> - add(questionPanel);
> - }
> -
> - private JPanel createMatchOptionsPanel() {
> - JPanel matchOptionsPanel = new JPanel(new FlowLayout(FlowLayout.RIGHT));
> -
> - ButtonGroup group = new ButtonGroup();
> - applyToAppletButton = new JRadioButton(R("SRememberAppletOnly"));
> - applyToAppletButton.setSelected(true);
> - applyToAppletButton.setEnabled(false); // Start disabled until 'Remember this option' is selected
> -
> - applyToCodeBaseButton = new JRadioButton(htmlWrap(R("SRememberCodebase", file.getCodeBase())));
> - applyToCodeBaseButton.setEnabled(false);
> -
> - group.add(applyToAppletButton);
> - group.add(applyToCodeBaseButton);
> -
> - matchOptionsPanel.add(applyToAppletButton);
> - matchOptionsPanel.add(applyToCodeBaseButton);
> -
> - return matchOptionsPanel;
> - }
> -
> - private JPanel createCheckBoxPanel() {
> - JPanel checkBoxPanel = new JPanel(new FlowLayout(FlowLayout.LEFT));
> -
> - permanencyCheckBox = new JCheckBox(htmlWrap(R("SRememberOption")));
> - permanencyCheckBox.addActionListener(permanencyListener());
> - checkBoxPanel.add(permanencyCheckBox);
> -
> - return checkBoxPanel;
> - }
> -
> - private JPanel createButtonPanel() {
> - JPanel buttonPanel = new JPanel(new FlowLayout(FlowLayout.RIGHT));
> -
> - allowButton = new JButton(R("ButProceed"));
> - rejectButton = new JButton(R("ButCancel"));
> - helpButton = new JButton(R("APPEXTSECguiPanelHelpButton"));
> -
> - allowButton.addActionListener(chosenActionSetter(true));
> - rejectButton.addActionListener(chosenActionSetter(false));
> -
> - helpButton.addActionListener(new ActionListener() {
> -
> - public void actionPerformed(ActionEvent e) {
> - JDialog d = new ExtendedAppletSecurityHelp(null, false,"dialogue");
> - ScreenFinder.centerWindowsToCurrentScreen(d);
> - d.setVisible(true);
> - }
> - });
> -
> - buttonPanel.add(allowButton);
> - buttonPanel.add(rejectButton);
> - buttonPanel.add(helpButton);
> -
> - buttonPanel.setBorder(BorderFactory.createEmptyBorder(0, 10, 10, 10));
> -
> - return buttonPanel;
> - }
> -
> - // Set up 'Remember Option' checkbox & Proceed/Cancel buttons
> - private void setupButtonAndCheckBoxPanel() {
> - JPanel outerPanel = new JPanel(new BorderLayout());
> - JPanel rememberPanel = new JPanel(new GridLayout(2 /*rows*/, 1 /*column*/));
> - rememberPanel.add(createCheckBoxPanel());
> - rememberPanel.add(createMatchOptionsPanel());
> - rememberPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
> -
> - outerPanel.add(rememberPanel, BorderLayout.WEST);
> - outerPanel.add(createButtonPanel(), BorderLayout.EAST);
> -
> - add(outerPanel);
> - }
> -
> - /**
> - * Creates the actual GUI components, and adds it to this panel
> - */
> - private void addComponents() {
> - setLayout(new BoxLayout(this, BoxLayout.Y_AXIS));
> -
> - setupTopPanel();
> - setupInfoPanel();
> - setupQuestionsPanel();
> - setupButtonAndCheckBoxPanel();
> - }
> -
> - // Toggles whether 'match applet' or 'match codebase' options are greyed out
> - private ActionListener permanencyListener() {
> - return new ActionListener() {
> - @Override
> - public void actionPerformed(ActionEvent e) {
> - applyToAppletButton.setEnabled(permanencyCheckBox.isSelected());
> - applyToCodeBaseButton.setEnabled(permanencyCheckBox.isSelected());
> - }
> - };
> - }
> - // Sets action depending on allowApplet + checkbox state
> - private ActionListener chosenActionSetter(final boolean allowApplet) {
> - return new ActionListener() {
> - @Override
> - public void actionPerformed(ActionEvent e) {
> - ExecuteUnsignedApplet action;
> -
> - if (allowApplet) {
> - action = permanencyCheckBox.isSelected() ? ExecuteUnsignedApplet.ALWAYS : ExecuteUnsignedApplet.YES;
> - } else {
> - action = permanencyCheckBox.isSelected() ? ExecuteUnsignedApplet.NEVER : ExecuteUnsignedApplet.NO;
> - }
> -
> - boolean applyToCodeBase = applyToCodeBaseButton.isSelected();
> - actionChoiceListener.actionChosen(new UnsignedWarningAction(action, applyToCodeBase));
> - }
> - };
> + protected String getQuestionPanelKey() {
> + return "SUnsignedQuestion";
> }
> }
> \ No newline at end of file
> diff --git a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java
> --- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java
> +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java
> @@ -38,20 +38,16 @@
>
> import static net.sourceforge.jnlp.runtime.Translator.R;
>
> -import java.io.IOException;
> -import java.net.URISyntaxException;
> import java.net.URL;
> import java.util.ArrayList;
> import java.util.Date;
> import java.util.List;
>
> -
> -import net.sourceforge.jnlp.util.UrlUtils;
> import net.sourceforge.jnlp.LaunchException;
> import net.sourceforge.jnlp.PluginBridge;
> -import net.sourceforge.jnlp.cache.ResourceTracker;
> +import net.sourceforge.jnlp.security.AppletTrustWarningPanel.TrustWarningAction;
> import net.sourceforge.jnlp.security.SecurityDialogs;
> -import net.sourceforge.jnlp.security.UnsignedAppletTrustWarningPanel.UnsignedWarningAction;
> +import net.sourceforge.jnlp.util.UrlUtils;
> import net.sourceforge.jnlp.util.logging.OutputController;
>
> public class UnsignedAppletTrustConfirmation {
> @@ -182,7 +178,7 @@
> appletOK = false;
> } else {
> // No remembered decision, prompt the user
> - UnsignedWarningAction warningResponse = SecurityDialogs.showUnsignedWarningDialog(file);
> + TrustWarningAction warningResponse = SecurityDialogs.showUnsignedWarningDialog(file);
> ExecuteUnsignedApplet executeAction = warningResponse.getAction();
>
> appletOK = (executeAction == ExecuteUnsignedApplet.YES || executeAction == ExecuteUnsignedApplet.ALWAYS);
> @@ -199,4 +195,34 @@
> }
>
> }
> +
> + public static void checkPartiallySignedWithUserIfRequired(PluginBridge file) throws LaunchException {
> + ExecuteUnsignedApplet storedAction = getStoredAction(file);
> + OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Stored action for partially signed applet at " + file.getCodeBase() + " was " + storedAction);
> +
> + boolean appletOK;
> +
> + if (storedAction == ExecuteUnsignedApplet.ALWAYS) {
> + appletOK = true;
> + } else if (storedAction == ExecuteUnsignedApplet.NEVER) {
> + appletOK = false;
> + } else {
> + // No remembered decision, prompt the user
> + TrustWarningAction warningResponse = SecurityDialogs.showPartiallySignedWarningDialog(file);
> + ExecuteUnsignedApplet executeAction = warningResponse.getAction();
> +
> + appletOK = (executeAction == ExecuteUnsignedApplet.YES || executeAction == ExecuteUnsignedApplet.ALWAYS);
> +
> + if (executeAction != null) {
> + updateAppletAction(file, executeAction, warningResponse.rememberForCodeBase());
> + }
> +
> + OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Decided action for partially signed applet at " + file.getCodeBase() + " was " + executeAction);
> + }
> +
> + if (!appletOK) {
> + throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedApplet"), R("LUnsignedAppletUserDenied"));
> + }
> +
> + }
> }
> \ No newline at end of file
>
More information about the distro-pkg-dev
mailing list