/hg/icedtea-web: Added backend and settings for extended applet ...
jvanek at icedtea.classpath.org
jvanek at icedtea.classpath.org
Wed Feb 27 08:00:18 PST 2013
changeset 56c94adc52ea in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=56c94adc52ea
author: Jiri Vanek <jvanek at redhat.com>
date: Wed Feb 27 17:00:48 2013 +0100
Added backend and settings for extended applet security
diffstat:
ChangeLog | 53 +
netx/net/sourceforge/jnlp/config/Defaults.java | 7 +
netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java | 15 +
netx/net/sourceforge/jnlp/config/SecurityValueValidator.java | 73 +
netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java | 7 +-
netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java | 205 ++
netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java | 967 ++++++++++
netx/net/sourceforge/jnlp/resources/Messages.properties | 61 +
netx/net/sourceforge/jnlp/security/appletextendedsecurity/AppletSecurityLevel.java | 78 +
netx/net/sourceforge/jnlp/security/appletextendedsecurity/AppletStartupSecuritySettings.java | 97 +
netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteUnsignedApplet.java | 90 +
netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java | 174 +
netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java | 125 +
netx/net/sourceforge/jnlp/security/appletextendedsecurity/UrlRegEx.java | 62 +
netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java | 188 +
netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java | 240 ++
netx/net/sourceforge/jnlp/util/lockingfile/LockedFile.java | 159 +
netx/net/sourceforge/jnlp/util/lockingfile/LockingReaderWriter.java | 200 ++
netx/net/sourceforge/jnlp/util/lockingfile/StorageIoException.java | 58 +
tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java | 114 +
tests/netx/unit/net/sourceforge/jnlp/util/lockingfile/LockingReaderWriterTest.java | 232 ++
21 files changed, 3204 insertions(+), 1 deletions(-)
diffs (truncated from 3351 to 500 lines):
diff -r be2248aa2eee -r 56c94adc52ea ChangeLog
--- a/ChangeLog Mon Feb 25 13:06:12 2013 -0500
+++ b/ChangeLog Wed Feb 27 17:00:48 2013 +0100
@@ -1,3 +1,56 @@
+2013-02-27 Jiri Vanek <jvanek at redhat.com>
+
+ Added backend and settings for extended applet security
+ * netx/net/sourceforge/jnlp/config/Defaults.java: deployment.security.level
+ added to defaults with its validator
+ * netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java: Added
+ deployment.security.level (KEY_SECURITY_LEVEL)key and
+ .appletTrustSettings (APPLET_TRUST_SETTINGS)filename with getters
+ * netx/net/sourceforge/jnlp/config/SecurityValueValidator.java:
+ Simple validator for value of deployment.security.level based on parsing
+ in AppletSecurityLevel.fromString
+ * netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java:
+ Incorporated UnsignedAppletsTrustingListPanel panel
+ * netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java:
+ Backend for main tables in UnsignedAppletsTrustingListPanel
+ * netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java:
+ GUI for manipulate the deployment.security.level values and content of
+ .appletTrustSettings files
+ * netx/net/sourceforge/jnlp/resources/Messages.properties:
+ Added keys and values for new; user visible, strings
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/AppletSecurityLevel.java:
+ Object representation of deployment.security.level value
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/AppletStartupSecuritySettings.java:
+ Entrance singleton for current deployment.security.level policy and records.
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteUnsignedApplet.java:
+ Object representation of action upon record in .appletTrustSettings
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionEntry.java:
+ Object representation of one item in .appletTrustSettings
+ .appletTrustSettings by itw (except settings part)
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java
+ Minimal set of functionality requested for accessing the
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UrlRegEx.java
+ Simple class which should help to distinguish between plain String
+ and String keeping UrlRegex
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageExtendedImpl.java:
+ Extended implementation of UnsignedAppletActionStorageImpl which have
+ additional "for settings" functionality
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java:
+ Object representation of.appletTrustSettings file. It Should be multi-thread/app safe and
+ should be always actual. Based on LockingReaderWriter.
+ * netx/net/sourceforge/jnlp/util/lockingfile/LockedFile.java:
+ Utility class with functionality to lock file in muti-app/thread environment
+ * netx/net/sourceforge/jnlp/util/lockingfile/LockingReaderWriter.java:
+ Utility class with functionality to lock file during reading/writing
+ in muti-app/thread environment
+ * netx/net/sourceforge/jnlp/util/lockingfile/StorageIoException.java:
+ Wrapper for common, but rare IOException extending RuntimeExceptionaround
+ for LockingReaderWriter to avoid numerous declarations.
+ * tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImplTest.java:
+ Tests of main methods in UnsignedAppletActionStorageImplTest focused on matching
+ * tests/netx/unit/net/sourceforge/jnlp/util/lockingfile/LockingReaderWriterTest.java:
+ Tests of multithread read/write to LockingReaderWriter
+
2013-02-25 Adam Domurad <adomurad at redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
diff -r be2248aa2eee -r 56c94adc52ea netx/net/sourceforge/jnlp/config/Defaults.java
--- a/netx/net/sourceforge/jnlp/config/Defaults.java Mon Feb 25 13:06:12 2013 -0500
+++ b/netx/net/sourceforge/jnlp/config/Defaults.java Wed Feb 27 17:00:48 2013 +0100
@@ -42,6 +42,7 @@
import java.io.File;
import java.util.HashMap;
import java.util.Map;
+import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
import net.sourceforge.jnlp.ShortcutDesc;
import net.sourceforge.jnlp.runtime.JNLPProxySelector;
@@ -384,6 +385,12 @@
DeploymentConfiguration.KEY_PLUGIN_JVM_ARGUMENTS,
null,
null
+ },
+ //unsigned applet security level
+ {
+ DeploymentConfiguration.KEY_SECURITY_LEVEL,
+ new SecurityValueValidator(),
+ null
}
};
diff -r be2248aa2eee -r 56c94adc52ea netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
--- a/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java Mon Feb 25 13:06:12 2013 -0500
+++ b/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java Wed Feb 27 17:00:48 2013 +0100
@@ -51,6 +51,7 @@
public static final String DEPLOYMENT_DIR = ".icedtea";
public static final String DEPLOYMENT_CONFIG = "deployment.config";
public static final String DEPLOYMENT_PROPERTIES = "deployment.properties";
+ public static final String APPLET_TRUST_SETTINGS = ".appletTrustSettings";
public static final String DEPLOYMENT_COMMENT = "Netx deployment configuration";
@@ -105,6 +106,9 @@
/** Boolean. Only show security prompts to user if true */
public static final String KEY_SECURITY_PROMPT_USER = "deployment.security.askgrantdialog.show";
+ //enum of AppletSecurityLevel in result
+ public static final String KEY_SECURITY_LEVEL = "deployment.security.level";
+
public static final String KEY_SECURITY_TRUSTED_POLICY = "deployment.security.trusted.policy";
/** Boolean. Only give AWTPermission("showWindowWithoutWarningBanner") if true */
@@ -196,6 +200,17 @@
load(true);
}
+ public static File getAppletTrustUserSettingsPath() {
+ return new File(System.getProperty("user.home") + File.separator + DEPLOYMENT_DIR
+ + File.separator + APPLET_TRUST_SETTINGS);
+ }
+
+ public static File getAppletTrustGlobalSettingsPath() {
+ return new File(File.separator + "etc" + File.separator + ".java" + File.separator
+ + "deployment" + File.separator + APPLET_TRUST_SETTINGS);
+
+ }
+
/**
* Initialize this deployment configuration by reading configuration files.
* Generally, it will try to continue and ignore errors it finds (such as file not found).
diff -r be2248aa2eee -r 56c94adc52ea netx/net/sourceforge/jnlp/config/SecurityValueValidator.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/config/SecurityValueValidator.java Wed Feb 27 17:00:48 2013 +0100
@@ -0,0 +1,73 @@
+/* Copyright (C) 2013 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING. If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library. Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module. An independent module is a module which is not derived from
+ or based on this library. If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so. If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+package net.sourceforge.jnlp.config;
+
+import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
+
+class SecurityValueValidator implements ValueValidator {
+
+ public SecurityValueValidator() {
+ }
+
+ @Override
+ public void validate(Object value) throws IllegalArgumentException {
+ if (value == null) {
+ throw new IllegalArgumentException("Value can't be null");
+ }
+ if (value instanceof AppletSecurityLevel) {
+ //??
+ return;
+ }
+ if (!(value instanceof String)) {
+ throw new IllegalArgumentException("Expected was String, was " + value.getClass());
+ }
+ try {
+ AppletSecurityLevel validated = AppletSecurityLevel.fromString((String) value);
+ if (validated == null) {
+ throw new IllegalArgumentException("Result can't be null, was");
+ }
+ //thrown by fromString
+ } catch (RuntimeException ex) {
+ throw new IllegalArgumentException(ex);
+ }
+ }
+
+ @Override
+ public String getPossibleValues() {
+ return AppletSecurityLevel.allToString();
+ }
+
+}
diff -r be2248aa2eee -r 56c94adc52ea netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java
--- a/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java Mon Feb 25 13:06:12 2013 -0500
+++ b/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java Wed Feb 27 17:00:48 2013 +0100
@@ -41,6 +41,7 @@
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JList;
+import javax.swing.JOptionPane;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
import javax.swing.SwingConstants;
@@ -230,7 +231,10 @@
new SettingsPanel(Translator.R("CPTabNetwork"), createNetworkSettingsPanel()),
// TODO: This is commented out since this is not implemented yet
// new SettingsPanel(Translator.R("CPTabRuntimes"), createRuntimesSettingsPanel()),
- new SettingsPanel(Translator.R("CPTabSecurity"), createSecuritySettingsPanel()), };
+ new SettingsPanel(Translator.R("CPTabSecurity"), createSecuritySettingsPanel()),
+ //todo refactor to work with tmp file and apply as asu designed it
+ new SettingsPanel(Translator.R("APPEXTSECControlPanelExtendedAppletSecurityTitle"), new UnsignedAppletsTrustingListPanel(DeploymentConfiguration.getAppletTrustGlobalSettingsPath(),DeploymentConfiguration.getAppletTrustUserSettingsPath(), this.config) )
+ };
// Add panels.
final JPanel settingsPanel = new JPanel(new CardLayout());
@@ -360,6 +364,7 @@
config.save();
} catch (IOException e) {
e.printStackTrace();
+ JOptionPane.showMessageDialog(this, e);
}
}
diff -r be2248aa2eee -r 56c94adc52ea netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletActionTableModel.java Wed Feb 27 17:00:48 2013 +0100
@@ -0,0 +1,205 @@
+/* Copyright (C) 2013 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING. If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library. Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module. An independent module is a module which is not derived from
+ or based on this library. If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so. If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+package net.sourceforge.jnlp.controlpanel;
+
+import java.util.Date;
+import javax.swing.event.TableModelEvent;
+import javax.swing.table.AbstractTableModel;
+import net.sourceforge.jnlp.runtime.Translator;
+import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
+import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletActionEntry;
+import net.sourceforge.jnlp.security.appletextendedsecurity.UrlRegEx;
+import net.sourceforge.jnlp.security.appletextendedsecurity.impl.UnsignedAppletActionStorageExtendedImpl;
+
+public class UnsignedAppletActionTableModel extends AbstractTableModel {
+
+ final UnsignedAppletActionStorageExtendedImpl back;
+ private final String[] columns = new String[]{Translator.R("APPEXTSECguiTableModelTableColumnAction"),
+ Translator.R("APPEXTSECguiTableModelTableColumnDateOfAction"),
+ Translator.R("APPEXTSECguiTableModelTableColumnDocumentBase"),
+ Translator.R("APPEXTSECguiTableModelTableColumnCodeBase"),
+ Translator.R("APPEXTSECguiTableModelTableColumnArchives")};
+
+ public UnsignedAppletActionTableModel(UnsignedAppletActionStorageExtendedImpl back) {
+ this.back = back;
+ }
+
+ @Override
+ public int getRowCount() {
+ return back.toArray().length;
+ }
+
+ @Override
+ public int getColumnCount() {
+ return columns.length;
+ }
+
+ @Override
+ public String getColumnName(int columnIndex) {
+ return columns[columnIndex];
+ }
+
+ @Override
+ public Class<?> getColumnClass(int columnIndex) {
+ if (columnIndex == 0) {
+ return ExecuteUnsignedApplet.class;
+ }
+ if (columnIndex == 1) {
+ return Date.class;
+ }
+ if (columnIndex == 2) {
+ return UrlRegEx.class;
+ }
+ if (columnIndex == 3) {
+ return UrlRegEx.class;
+ }
+ if (columnIndex == 4) {
+ return String.class;
+ }
+ if (columnIndex == 5) {
+ return String.class;
+ }
+ return Object.class;
+ }
+
+ @Override
+ public boolean isCellEditable(int rowIndex, int columnIndex) {
+ if (back.isReadOnly()) {
+ return false;
+ }
+ if (columnIndex == 1) {
+ return false;
+ }
+ if (columnIndex == 0) {
+ return true;
+ }
+ if (getValueAt(rowIndex, columnIndex - 1) == null || getValueAt(rowIndex, columnIndex - 1).toString().trim().isEmpty()) {
+ return false;
+ }
+ return true;
+ }
+
+ @Override
+ public Object getValueAt(int rowIndex, int columnIndex) {
+
+ UnsignedAppletActionEntry source = back.toArray()[rowIndex];
+ if (columnIndex == 0) {
+ return source.getUnsignedAppletAction();
+ }
+ if (columnIndex == 1) {
+ return source.getTimeStamp();
+ }
+ if (columnIndex == 2) {
+ return source.getDocumentBase();
+ }
+ if (columnIndex == 3) {
+ return source.getCodeBase();
+ }
+ if (columnIndex == 4) {
+ return UnsignedAppletActionEntry.createArchivesString(source.getArchives());
+ }
+ return null;
+ }
+
+ @Override
+ public void setValueAt(final Object aValue, final int rowIndex, final int columnIndex) {
+ final UnsignedAppletActionEntry source = back.toArray()[rowIndex];
+ back.modify(source, columnIndex, aValue);
+
+ }
+
+ public void addRow() {
+ int i = getRowCount()-1;
+ String s = "\\Qhttp://localhost:80/\\E.*";
+ back.add(new UnsignedAppletActionEntry(
+ ExecuteUnsignedApplet.NEVER,
+ new Date(),
+ new UrlRegEx(s),
+ new UrlRegEx(s),
+ null));
+ fireTableRowsInserted(i+1, i+1);
+ }
+
+ public void removeRow(int i) {
+ int ii = getRowCount()-1;
+ if (ii<0){
+ return;
+ }
+ if (i<0){
+ return;
+ }
+ back.remove(i);
+ fireTableRowsDeleted(i, i);
+ }
+
+ public void clear() {
+ int i = getRowCount()-1;
+ if (i<0){
+ return;
+ }
+ back.clear();
+ fireTableRowsDeleted(0, i);
+ }
+
+ void removeByBehaviour(ExecuteUnsignedApplet unsignedAppletAction) {
+ int i = getRowCount()-1;
+ if (i<0){
+ return;
+ }
+ back.removeByBehaviour(unsignedAppletAction);
+ fireTableRowsDeleted(0, i);
+ }
+
+ int moveUp(int selectedRow) {
+ int i = getRowCount()-1;
+ if (i<0){
+ return selectedRow;
+ }
+ int x = back.moveUp(selectedRow);
+ fireTableChanged(new TableModelEvent(this, 0, i));
+ return x;
+ }
+
+ int moveDown(int selectedRow) {
+ int i = getRowCount()-1;
+ if (i<0){
+ return selectedRow;
+ }
+ int x = back.moveDown(selectedRow);
+ fireTableChanged(new TableModelEvent(this, 0, i));
+ return x;
+ }
+}
diff -r be2248aa2eee -r 56c94adc52ea netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java Wed Feb 27 17:00:48 2013 +0100
@@ -0,0 +1,967 @@
+/* Copyright (C) 2013 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING. If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library. Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module. An independent module is a module which is not derived from
+ or based on this library. If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so. If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+package net.sourceforge.jnlp.controlpanel;
+
+import java.awt.BorderLayout;
+import java.awt.Component;
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
+import java.awt.event.KeyAdapter;
+import java.awt.event.KeyEvent;
+import java.awt.event.KeyListener;
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.OutputStreamWriter;
+import java.text.DateFormat;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+import java.util.regex.Pattern;
+import javax.swing.DefaultCellEditor;
+import javax.swing.JComboBox;
More information about the distro-pkg-dev
mailing list