[fyi][icedtea-web] backend and itw-settings for extended applets security
Adam Domurad
adomurad at redhat.com
Thu Feb 28 08:21:16 PST 2013
On 02/25/2013 11:20 AM, Jiri Vanek wrote:
> On 02/21/2013 11:07 PM, Adam Domurad wrote:
>> On 02/20/2013 04:53 PM, Adam Domurad wrote:
>>> Here are some proposed fixes. Thanks.
>>>
>>> - comapre -> compare typo fix
>>> - Never return from a finally block! (Eclipse underlines the whole
>>> finally block as a warning.)
>>> See
>>> http://weblogs.java.net/blog/staufferjames/archive/2007/06/_dont_return_in.html
>>> - Added a null check so we don't compare if a null archive list is
>>> stored.
>>>
>>> - Adam
>>>
>>>
>>
>> Ignore that one, this trumps it.
>>
>> OK. I tried to separate what would be considered changes to Jiri's
>> part out.
>> AppletSecuritySettings.java had to be moved out of sun.applet to make
>> it accessible.
>>
>> First apply Jiris latest patch, then the rest of them with
>> integrated-dialogue2.patch last.
>>
>> Here are the patches. Will make a ChangeLog sometime soon.
>>
>> All the applet security levels should be working in this patch, as
>> well it should honour the global
>> applet settings.
>>
>> Red/green text indicates if you've accepted a patch before.
> red/green was never seen :)
I'm not sure why that could be, TBH
>
>>
>> Further implementation question:
>> - Currently when many applets share a single classloader on a page
>> and one is rejected, it'd be nice
>> if the it did not ask for rejection for all the other applets. It is
>> tricky to get this right.
>> Perhaps rejecting a certain unique key should be permanent for a
>> session ? There should be no harm,
>> as you can always restart your browser if you accidentally hit
>> reject. And indeed there is harm in
>> the other direction, if you reject an applet but accidentally hit OK
>> for one of the other applet
>> dialogues that come up.
>
> I agree that applet which would allow /deny others applets runs should
> really affect already prepared/shown dialogues.
>
> Most easy way to achive this is to monitor the file for y/n/Y/N
> change.... But I agree it is nasty.
>>
>> Let me know of any issues.
>>
>
>
> Most importatant is the url issue we have discussed
> And because it broke integrity of my till-now testing, I will do one
> more review after this is fixed (and my backend support none-mian class)
> Except the uttermost last liens of patch, looks ok.
> minnors inline.
>
>
> diff --git a/netx/net/sourceforge/jnlp/PluginBridge.java
> b/netx/net/sourceforge/jnlp/PluginBridge.java
> --- a/netx/net/sourceforge/jnlp/PluginBridge.java
> +++ b/netx/net/sourceforge/jnlp/PluginBridge.java
> @@ -206,6 +206,10 @@ public class PluginBridge extends JNLPFi
> }
> }
>
> + public List<String> getArchiveJars() {
> + return new ArrayList<String>(jars);
> + }
> +
> public boolean codeBaseLookup() {
> return params.useCodebaseLookup();
> }
> diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties
> b/netx/net/sourceforge/jnlp/resources/Messages.properties
> --- a/netx/net/sourceforge/jnlp/resources/Messages.properties
> +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties
> @@ -80,6 +80,8 @@ LUnsignedJarWithSecurity=Cannot grant pe
> LUnsignedJarWithSecurityInfo=Application requested security
> permissions, but jars are not signed.
> LSignedJNLPAppDifferentCerts=The JNLP application is not fully signed
> by a single cert.
> LSignedJNLPAppDifferentCertsInfo=The JNLP application has its
> components individually signed, however there must be a common signer
> to all entries.
> +LUnsignedApplet=The applet was unsigned.
> +LUnsignedAppletInfo=The applet was unsigned, and the security policy
> prevented it from running.
> LSignedAppJarUsingUnsignedJar=Signed application using unsigned jars.
> LSignedAppJarUsingUnsignedJarInfo=The main application jar is signed,
> but some of the jars it is using aren't.
> LSignedJNLPFileDidNotMatch=The signed JNLP file did not match the
> launching JNLP file.
> @@ -220,6 +222,12 @@ SNoAssociatedCertificate=<no associated
> SUnverified=(unverified)
> SAlwaysTrustPublisher=Always trust content from this publisher
> SHttpsUnverified=The website's HTTPS certificate cannot be verified.
> +SRememberOption=<b>Remember this option?</b>
> +SUnsignedSummary=An unsigned Java application wants to run
> +SUnsignedDetail=An unsigned application from the following location
> wants to run:<br><u>{0}</u><br><br><b>It is recommended you only run
> applications from sites you trust.</b>
> +SUnsignedAllowedBefore=<font color="green">You have accepted this
> applet previously.</font>
> +SUnsignedRejectedBefore=<font color="red">You have rejected this
> applet previously.</font>
> +SUnsignedQuestion=Allow the applet to run?
> SNotAllSignedSummary=Only parts of this application code are signed.
> SNotAllSignedDetail=This application contains both signed and
> unsigned code. While signed code is safe if you trust the provider,
> unsigned code may imply code outside of the trusted provider's control.
> SNotAllSignedQuestion=Do you wish to proceed and run this application
> anyway?
> diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> @@ -63,6 +63,7 @@ import java.util.jar.JarEntry;
> import java.util.jar.JarFile;
> import java.util.jar.Manifest;
>
> +import
> net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletTrustConfirmation;
> import net.sourceforge.jnlp.AppletDesc;
> import net.sourceforge.jnlp.ApplicationDesc;
> import net.sourceforge.jnlp.DownloadOptions;
> @@ -364,6 +365,41 @@ public class JNLPClassLoader extends URL
> }
> }
>
> + private static JNLPClassLoader createInstance(JNLPFile file,
> UpdatePolicy policy, String mainName) throws LaunchException {
> + JNLPClassLoader loader = new JNLPClassLoader(file, policy,
> mainName);
> +
> + String uniqueKey = file.getUniqueKey();
> + JNLPClassLoader baseLoader = uniqueKeyToLoader.get(uniqueKey);
> +
> + // If security level is 'high' or greater, we must check if
> the user allows unsigned applets
> + // when the JNLPClassLoader is created. We do so here,
> because doing so in the constructor
> + // causes unwanted side-effects for some applets
> + if (!loader.getSigning() && file instanceof PluginBridge) {
> +
> UnsignedAppletTrustConfirmation.checkUnsignedWithUserIfRequired((PluginBridge)file);
> + }
> +
> + // New loader init may have caused extensions to create a
> + // loader for this unique key. Check.
> + JNLPClassLoader extLoader = uniqueKeyToLoader.get(uniqueKey);
> +
> + if (extLoader != null && extLoader != loader) {
> + if (loader.signing && !extLoader.signing) {
> + if
> (!SecurityDialogs.showNotAllSignedWarningDialog(file))
> + throw new LaunchException(file, null,
> R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"),
> R("LSignedAppJarUsingUnsignedJarInfo"));
> + }
> + loader.merge(extLoader);
> + extLoader.decrementLoaderUseCount(); // loader urls have
> been merged, ext loader is no longer used
> + }
> +
> + // loader is now current + ext. But we also need to think of
> + // the baseLoader
> + if (baseLoader != null && baseLoader != loader) {
> + loader.merge(baseLoader);
> + }
> +
> + return loader;
> + }
> +
>
> I thought this refactoring was already pushed... was not?
Pushed now, thanks
> /**
> * Returns a JNLP classloader for the specified JNLP file.
> *
> @@ -395,27 +431,7 @@ public class JNLPClassLoader extends URL
> (file.isApplication() &&
> !baseLoader.getJNLPFile().getFileLocation().equals(file.getFileLocation())))
> {
>
> - loader = new JNLPClassLoader(file, policy, mainName);
> -
> - // New loader init may have caused extentions to
> create a
> - // loader for this unique key. Check.
> - JNLPClassLoader extLoader =
> uniqueKeyToLoader.get(uniqueKey);
> -
> - if (extLoader != null && extLoader != loader) {
> - if (loader.signing && !extLoader.signing)
> - if
> (!SecurityDialogs.showNotAllSignedWarningDialog(file))
> - throw new LaunchException(file, null,
> R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"),
> R("LSignedAppJarUsingUnsignedJarInfo"));
> -
> - loader.merge(extLoader);
> - extLoader.decrementLoaderUseCount(); // loader
> urls have been merged, ext loader is no longer used
> - }
> -
> - // loader is now current + ext. But we also need to
> think of
> - // the baseLoader
> - if (baseLoader != null && baseLoader != loader) {
> - loader.merge(baseLoader);
> - }
> -
> + loader = createInstance(file, policy, mainName);
> } else {
> // if key is same and locations match, this is the
> loader we want
> if (!file.isApplication()) {
> @@ -578,11 +594,11 @@ public class JNLPClassLoader extends URL
>
> JARDesc jars[] = resources.getJARs();
>
> - if (jars == null || jars.length == 0) {
> + if (jars.length == 0) {
>
> - boolean allSigned = true;
> + boolean allSigned = (loaders.length > 1) /* has
> extensions */;
> for (int i = 1; i < loaders.length; i++) {
> - if (!loaders[i].getSigning()) {
> + if (!loaders[i].getSigning() ) {
> allSigned = false;
> break;
> }
> @@ -663,7 +679,6 @@ public class JNLPClassLoader extends URL
> !SecurityDialogs.showNotAllSignedWarningDialog(file))
> throw new LaunchException(file, null,
> R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"),
> R("LSignedAppJarUsingUnsignedJarInfo"));
>
> -
> // Check for main class in the downloaded jars, and
> check/verify signed JNLP fill
> checkForMain(initialJars);
>
> @@ -700,9 +715,9 @@ public class JNLPClassLoader extends URL
> }
> } else {
>
> + // Otherwise this jar is simply unsigned -- make sure
> to ask
> + // for permission on certain actions
> signing = false;
> - //otherwise this jar is simply unsigned -- make sure
> to ask
> - //for permission on certain actions
> }
> }
>
> diff --git a/netx/net/sourceforge/jnlp/security/SecurityDialog.java
> b/netx/net/sourceforge/jnlp/security/SecurityDialog.java
> --- a/netx/net/sourceforge/jnlp/security/SecurityDialog.java
> +++ b/netx/net/sourceforge/jnlp/security/SecurityDialog.java
> @@ -38,6 +38,7 @@ exception statement from your version.
> package net.sourceforge.jnlp.security;
>
> import net.sourceforge.jnlp.JNLPFile;
> +import net.sourceforge.jnlp.PluginBridge;
> import net.sourceforge.jnlp.runtime.JNLPRuntime;
> import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
> import net.sourceforge.jnlp.security.SecurityDialogs.DialogType;
> @@ -306,6 +307,8 @@ public class SecurityDialog extends JDia
> panel = new AppletWarningPane(this, this.certVerifier);
> else if (dialogType == DialogType.NOTALLSIGNED_WARNING)
> panel = new NotAllSignedWarningPane(this);
> + else if (dialogType == DialogType.UNSIGNED_WARNING) // Only
> necessary for applets on 'high security' or above
> + panel = new UnsignedAppletTrustWarningDialog(this,
> (PluginBridge)file);
> else if (dialogType == DialogType.AUTHENTICATION)
> panel = new PasswordAuthenticationPane(this, extras);
>
> diff --git a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
> b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
> --- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
> +++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
> @@ -37,6 +37,8 @@ exception statement from your version.
>
> package net.sourceforge.jnlp.security;
>
> +import
> net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
> +
> import java.awt.Dialog.ModalityType;
> import java.awt.event.WindowAdapter;
> import java.awt.event.WindowEvent;
> @@ -70,6 +72,7 @@ public class SecurityDialogs {
> SINGLE_CERT_INFO,
> ACCESS_WARNING,
> NOTALLSIGNED_WARNING,
> + UNSIGNED_WARNING, /* requires confirmation with
> 'high-security' setting */
> APPLET_WARNING,
> AUTHENTICATION,
> }
> @@ -86,6 +89,7 @@ public class SecurityDialogs {
> VERIFIED,
> UNVERIFIED,
> NOTALLSIGNED,
> + UNSIGNED, /* requires confirmation with
> 'high-security' setting */
> SIGNING_ERROR
> }
>
> @@ -173,6 +177,26 @@ public class SecurityDialogs {
> }
>
> /**
> + * Shows a warning dialog for when a plugin applet is unsigned.
> + * This is used with 'high-security' setting.
> + *
> + * @return true if permission was granted by the user, false
> otherwise.
> + */
> + public static ExecuteUnsignedApplet
> showUnsignedWarningDialog(JNLPFile file) {
> +
> + if (!shouldPromptUser()) {
> + return ExecuteUnsignedApplet.NO;
> + }
> +
> + final SecurityDialogMessage message = new
> SecurityDialogMessage();
> + message.dialogType = DialogType.UNSIGNED_WARNING;
> + message.accessType = AccessType.UNSIGNED;
> + message.file = file;
> +
> + return (ExecuteUnsignedApplet)getUserResponse(message);
> + }
> +
> + /**
> * Shows a security warning dialog according to the specified
> type of
> * access. If <code>type</code> is one of AccessType.VERIFIED or
> * AccessType.UNVERIFIED, extra details will be available with
> regards
> diff --git
> a/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningDialog.java
> b/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningDialog.java
>
> new file mode 100644
> --- /dev/null
> +++
> b/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningDialog.java
> @@ -0,0 +1,63 @@
> +/* Copyright (C) 2013 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as
> published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
> Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +package net.sourceforge.jnlp.security;
> +
> +import net.sourceforge.jnlp.PluginBridge;
> +import
> net.sourceforge.jnlp.security.UnsignedAppletTrustWarningPanel.ActionChoiceListener;
> +import
> net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
> +
> +/**
> + * A panel that confirms that the user is OK with unsigned code running.
> + *
> + */
> +public class UnsignedAppletTrustWarningDialog extends
> SecurityDialogPanel {
> +
> + public UnsignedAppletTrustWarningDialog(SecurityDialog x,
> PluginBridge file) {
> + super(x);
> +
> + add(new UnsignedAppletTrustWarningPanel(file,
> + new ActionChoiceListener() {
> + @Override
> + public void actionChosen(ExecuteUnsignedApplet
> action) {
> + parent.setValue(action);
> + parent.dispose();
> + }
> + })
> + );
> + }
> +
> +}
> diff --git
> a/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java
> b/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java
> new file mode 100644
> --- /dev/null
> +++
> b/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java
> @@ -0,0 +1,229 @@
> +/* Copyright (C) 2013 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as
> published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
> Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +package net.sourceforge.jnlp.security;
> +
> +import static net.sourceforge.jnlp.runtime.Translator.R;
> +
> +import java.awt.BorderLayout;
> +import java.awt.Color;
> +import java.awt.Dimension;
> +import java.awt.FlowLayout;
> +import java.awt.Font;
> +import java.awt.event.ActionEvent;
> +import java.awt.event.ActionListener;
> +
> +import javax.swing.BorderFactory;
> +import javax.swing.BoxLayout;
> +import javax.swing.ImageIcon;
> +import javax.swing.JButton;
> +import javax.swing.JCheckBox;
> +import javax.swing.JLabel;
> +import javax.swing.JPanel;
> +import javax.swing.SwingConstants;
> +
> +import net.sourceforge.jnlp.JNLPFile;
> +import net.sourceforge.jnlp.PluginBridge;
> +import
> net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
> +import
> net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletTrustConfirmation;
> +
> +public class UnsignedAppletTrustWarningPanel extends JPanel {
> +
>
> Extending to rember page/code base is palned? //longterm?
Sorry, what do you mean ? Like a reject all/accept all for page ? I'll
see about coming back to it, a bit enough of this patch for now.
> + /*
> + * Callback for when action is decided.
> + */
> + public static interface ActionChoiceListener {
> + void actionChosen(ExecuteUnsignedApplet action);
> + }
> +
> + private final int PANE_WIDTH = 500;
> +
> + private final int TOP_PANEL_HEIGHT = 60;
> + private final int INFO_PANEL_HEIGHT = 100;
> + private final int INFO_PANEL_HINT_HEIGHT = 25;
> + private final int QUESTION_PANEL_HEIGHT = 35;
> +
> + private JButton allowButton;
> + private JButton rejectButton;
> + private JCheckBox checkBox;
>
> what an unhappy name :)
> +
> + private PluginBridge file;
> +
> + private ActionChoiceListener actionChoiceListener;
> +
> + public UnsignedAppletTrustWarningPanel(PluginBridge file,
> ActionChoiceListener actionChoiceListener) {
> +
> + this.file = file;
> + this.actionChoiceListener = actionChoiceListener;
> +
> + addComponents();
> + }
> +
> + public JButton getAllowButton() {
> + return allowButton;
> + }
> +
> + public JButton getRejectButton() {
> + return rejectButton;
> + }
> +
> + private String htmlWrap(String text) {
> + return "<html>" + text + "</html>";
> + }
> +
> + private ImageIcon infoImage() {
> + final String location =
> "net/sourceforge/jnlp/resources/info-small.png";
> + final ClassLoader appLoader = new
> sun.misc.Launcher().getClassLoader();
> + return new ImageIcon(appLoader.getResource(location));
> + }
> +
> + private void setupTopPanel() {
> + final String topLabelText = R("SUnsignedSummary");
> +
> + JLabel topLabel = new JLabel(htmlWrap(topLabelText),
> infoImage(),
> + SwingConstants.LEFT);
> + topLabel.setFont(new Font(topLabel.getFont().toString(),
> Font.BOLD, 12));
> +
> + JPanel topPanel = new JPanel(new BorderLayout());
> + topPanel.setBackground(Color.WHITE);
> + topPanel.add(topLabel, BorderLayout.CENTER);
> + topPanel.setPreferredSize(new Dimension(PANE_WIDTH,
> TOP_PANEL_HEIGHT));
> + topPanel.setBorder(BorderFactory.createEmptyBorder(10, 10,
> 10, 10));
> +
> + add(topPanel);
> + }
> +
> + private void setupInfoPanel() {
> + String infoLabelText = R("SUnsignedDetail", file.getCodeBase());
> + ExecuteUnsignedApplet rememberedAction =
> UnsignedAppletTrustConfirmation.getStoredAction((PluginBridge)file);
> + int panelHeight = INFO_PANEL_HEIGHT;
> + if (rememberedAction == ExecuteUnsignedApplet.YES) {
> + infoLabelText += "<br>" + R("SUnsignedAllowedBefore");
> + panelHeight += INFO_PANEL_HINT_HEIGHT;
> + } else if (rememberedAction == ExecuteUnsignedApplet.NO) {
> + infoLabelText += "<br>" + R("SUnsignedRejectedBefore");
> + panelHeight += INFO_PANEL_HINT_HEIGHT;
> + }
> +
> + JLabel infoLabel = new JLabel(htmlWrap(infoLabelText));
> + JPanel infoPanel = new JPanel(new BorderLayout());
> + infoPanel.add(infoLabel, BorderLayout.CENTER);
> + infoPanel.setPreferredSize(new Dimension(PANE_WIDTH,
> panelHeight));
> + infoPanel.setBorder(BorderFactory.createEmptyBorder(10, 10,
> 10, 10));
> +
> + add(infoPanel);
> + }
> +
> + private void setupQuestionsPanel() {
> + JPanel questionPanel = new JPanel(new BorderLayout());
> +
> + questionPanel.add(new
> JLabel(htmlWrap(R("SUnsignedQuestion"))), BorderLayout.EAST);
> +
> + questionPanel.setPreferredSize(new Dimension(PANE_WIDTH,
> QUESTION_PANEL_HEIGHT));
> + questionPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10,
> 10));
> +
> + add(questionPanel);
> + }
> +
> + private JPanel createCheckBoxPanel() {
> + JPanel checkBoxPanel = new JPanel(new
> FlowLayout(FlowLayout.RIGHT));
> +
> + checkBox = new JCheckBox();
> + checkBoxPanel.add(checkBox);
> + checkBoxPanel.add(new JLabel(htmlWrap(R("SRememberOption"))));
> Chckbox can have caption :))
> It will be then much more user-friendly to be abel to click also to
> caption without need to target just the box :P
Good suggestion, easily done
>
> +
> + checkBoxPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10,
> 10));
> +
> + return checkBoxPanel;
> + }
> +
> + private JPanel createButtonPanel() {
> + JPanel buttonPanel = new JPanel(new
> FlowLayout(FlowLayout.RIGHT));
> +
> + allowButton = new JButton(R("ButProceed"));
> + rejectButton = new JButton(R("ButCancel"));
> +
> + allowButton.addActionListener(chosenActionSetter(true));
> + rejectButton.addActionListener(chosenActionSetter(false));
> +
> + buttonPanel.add(allowButton);
> + buttonPanel.add(rejectButton);
> +
> + buttonPanel.setBorder(BorderFactory.createEmptyBorder(10, 10,
> 10, 10));
> +
> + return buttonPanel;
> + }
> +
> + // Set up 'Remember Option' checkbox & Proceed/Cancel buttons
> + private void setupButtonAndCheckBoxPanel() {
> + JPanel outerPanel = new JPanel(new BorderLayout());
> +
> + outerPanel.add(createCheckBoxPanel(), BorderLayout.WEST);
> + outerPanel.add(createButtonPanel(), BorderLayout.EAST);
> +
> + add(outerPanel);
> + }
> +
> + /**
> + * Creates the actual GUI components, and adds it to this panel
> + */
> + private void addComponents() {
> + setLayout(new BoxLayout(this, BoxLayout.Y_AXIS));
> +
> + setupTopPanel();
> + setupInfoPanel();
> + setupQuestionsPanel();
> + setupButtonAndCheckBoxPanel();
> + }
> +
> + // Sets action depending on allowApplet + checkbox state
> + private ActionListener chosenActionSetter(final boolean
> allowApplet) {
> + return new ActionListener() {
> + @Override
> + public void actionPerformed(ActionEvent e) {
> + ExecuteUnsignedApplet action;
> +
> + if (allowApplet) {
> + action = checkBox.isSelected() ?
> ExecuteUnsignedApplet.ALWAYS : ExecuteUnsignedApplet.YES;
> + } else {
> + action = checkBox.isSelected() ?
> ExecuteUnsignedApplet.NEVER : ExecuteUnsignedApplet.NO;
> + }
> +
> + actionChoiceListener.actionChosen(action);
> + }
> + };
> + }
> +}
> \ No newline at end of file
> diff --git
> a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java
> b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java
>
> ---
> a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java
> +++
> b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletActionStorage.java
> @@ -19,7 +19,6 @@ package net.sourceforge.jnlp.security.ap
>
> import java.util.List;
>
> -
> /**
> * This is abstract access to white/blacklist created from some
> permanent storage.
> *
> @@ -35,9 +34,9 @@ public interface UnsignedAppletActionSto
>
> /**
> * This methods iterates through records in
> - * DeploymentConfiguration.getAppletTrustSettingsPath(), and is
> mathing
> - * regexes saved here against params. so parameters here are NOR
> tegexes,
> - * but are matched against saved regexes
> + * DeploymentConfiguration.getAppletTrustSettingsPath(), and is
> matching
> + * regexes saved here against params. So parameters here are NOT
> regexes,
> + * but are matched against saved regexes.
>
> unrelated?
Patch was pushed with the typos, so I'm keeping it so it doesn't get
lost :-)
>
> *
> * Null or empty values are dangerously ignored, user, be aware
> of it. eg:
> * match only codeBase will be null someCodeBase null null match
> only
> @@ -104,4 +103,14 @@ public interface UnsignedAppletActionSto
> * @param item
> */
> public void update(final UnsignedAppletActionEntry item);
> +
> + /**
> + * Lock the storage, if necessary. If no ownership issues arise,
> can be a no-op.
> + */
> + public void lock();
> +
> + /**
> + * Unlock the storage, if necessary. If no ownership issues
> arise, can be a no-op.
> + */
> + public void unlock();
> }
> unrelated?
>
> but oook.
Unrelated ? It was necessary to ensure updating the applet action was
atomic.
>
> diff --git
> a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java
> b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java
>
> new file mode 100644
> --- /dev/null
> +++
> b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java
> @@ -0,0 +1,130 @@
> +package net.sourceforge.jnlp.security.appletextendedsecurity;
> +
> +import static net.sourceforge.jnlp.runtime.Translator.R;
> +
> +import java.util.Date;
> +import java.util.Map;
> +import java.util.WeakHashMap;
> +
> +import net.sourceforge.jnlp.LaunchException;
> +import net.sourceforge.jnlp.PluginBridge;
> +import net.sourceforge.jnlp.security.SecurityDialogs;
> +
> +public class UnsignedAppletTrustConfirmation {
> +
> + private static final AppletStartupSecuritySettings
> securitySettings = AppletStartupSecuritySettings.getInstance();
> +
> + private static boolean unsignedConfirmationIsRequired() {
> + // If we are using the 'high' security setting or higher, we
> must confirm
> + // if the user wishes to run unsigned applets (not applicable
> to JNLP-launched apps)
> + return !(AppletSecurityLevel.ALLOW_UNSIGNED ==
> securitySettings.getSecurityLevel());
> + }
> +
> + private static boolean unsignedAppletsAreForbidden() {
> + // If we are using the 'very high' security setting or
> higher, we do not
> + // run unsigned applets
> + return AppletSecurityLevel.DENY_UNSIGNED ==
> securitySettings.getSecurityLevel()
> + || AppletSecurityLevel.DENY_ALL ==
> securitySettings.getSecurityLevel();
> + }
> +
> + /**
> + * Gets the remembered decision, first checking the user policy
> for an ALWAYS/NEVER,
> + * and then the global policy.
> + *
> + * @param file the plugin file
> + * @return the remembered decision
> + */
> + public static ExecuteUnsignedApplet getStoredAction(PluginBridge
> file) {
> + UnsignedAppletActionStorage userActionStorage =
> securitySettings.getUnsignedAppletActionCustomStorage();
> + UnsignedAppletActionStorage globalActionStorage =
> securitySettings.getUnsignedAppletActionGlobalStorage();
> +
> + UnsignedAppletActionEntry globalEntry =
> getMatchingItem(globalActionStorage, file);
> + UnsignedAppletActionEntry userEntry =
> getMatchingItem(userActionStorage, file);
> +
> + ExecuteUnsignedApplet globalAction = globalEntry == null ?
> null : globalEntry.getUnsignedAppletAction();
> + ExecuteUnsignedApplet userAction = userEntry == null ? null :
> userEntry.getUnsignedAppletAction();
> +
>
> This does not appear to be correct to me:
> check users - if A/N then proceed
> check global if A/N then proceed
> print out users a/y if exists
> print out gloabl a/y if exists
Thats how it was, but code made easier to follow.
>
> hmm?
> + if (globalAction == null || userAction ==
> ExecuteUnsignedApplet.ALWAYS || userAction ==
> ExecuteUnsignedApplet.NEVER) {
> + return userAction;
> + } else {
> + return globalAction;
> + }
> + }
> +
> + private static UnsignedAppletActionEntry
> getMatchingItem(UnsignedAppletActionStorage actionStorage,
> PluginBridge file) {
> + return actionStorage.getMatchingItem(
> + file.getSourceLocation().toString(),
> + file.getCodeBase().toString(),
> + null,
> + file.getArchiveJars());
> + }
> +
> + private static void updateAppletAction(PluginBridge file,
> ExecuteUnsignedApplet behaviour) {
> +
> + UnsignedAppletActionStorage userActionStorage =
> securitySettings.getUnsignedAppletActionCustomStorage();
> +
> + userActionStorage.lock(); // We should ensure this operation
> is atomic
> + try {
> + UnsignedAppletActionEntry oldEntry =
> getMatchingItem(userActionStorage, file);
> +
> + /* Update, if entry exists */
> + if (oldEntry != null) {
> + oldEntry.setUnsignedAppletAction(behaviour);
> + oldEntry.setTimeStamp(new Date());
> + userActionStorage.update(oldEntry);
> + return;
> + }
> +
> + /* Else, create a new entry */
> + UrlRegEx codebaseRegex = new UrlRegEx("\\Q" +
> file.getCodeBase() + "\\E");
> + UrlRegEx documentbaseRegex = new UrlRegEx("\\Q" +
> file.getSourceLocation() + "\\E");
> +
> + UnsignedAppletActionEntry entry = new
> UnsignedAppletActionEntry(
> + behaviour,
> + new Date(),
> + documentbaseRegex,
> + codebaseRegex,
> + null,
> + file.getArchiveJars());
> +
> + userActionStorage.add(entry);
> + } finally {
> + userActionStorage.unlock();
> + }
> + }
> +
> + public static void checkUnsignedWithUserIfRequired(PluginBridge
> file) throws LaunchException {
> +
> + if (unsignedAppletsAreForbidden()) {
> + throw new LaunchException(file, null, R("LSFatal"),
> R("LCClient"), R("LUnsignedApplet"), R("LUnsignedAppletInfo"));
> + }
> +
> + if (!unsignedConfirmationIsRequired()) {
> + return;
> + }
> +
> + ExecuteUnsignedApplet storedAction = getStoredAction(file);
> +
> + boolean appletOK;
> +
> + if (storedAction == ExecuteUnsignedApplet.ALWAYS) {
> + appletOK = true;
> + } else if (storedAction == ExecuteUnsignedApplet.NEVER) {
> + appletOK = false;
> + } else {
> + // No remembered decision, prompt the user
> + ExecuteUnsignedApplet decidedAction =
> SecurityDialogs.showUnsignedWarningDialog(file);
> +
> + appletOK = (decidedAction == ExecuteUnsignedApplet.YES ||
> decidedAction == ExecuteUnsignedApplet.ALWAYS);
> +
> + if (decidedAction != null) {
> + updateAppletAction(file, decidedAction);
> + }
> + }
> +
> + if (!appletOK) {
> + throw new LaunchException(file, null, R("LSFatal"),
> R("LCClient"), R("LUnsignedApplet"), R("LUnsignedAppletInfo"));
> + }
Added the extra message you recommended in the backport review.
> +
> + }
> +}
> \ No newline at end of file
> diff --git a/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
> b/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
> --- a/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
> +++ b/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
> @@ -106,6 +106,9 @@ import javax.swing.SwingUtilities;
> import net.sourceforge.jnlp.NetxPanel;
> import net.sourceforge.jnlp.PluginParameters;
> import net.sourceforge.jnlp.runtime.JNLPClassLoader;
> +import
> net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
> +import
> net.sourceforge.jnlp.security.appletextendedsecurity.AppletStartupSecuritySettings;
> +import
> net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
> import net.sourceforge.jnlp.splashscreen.SplashController;
> import net.sourceforge.jnlp.splashscreen.SplashPanel;
> import net.sourceforge.jnlp.splashscreen.SplashUtils;
> @@ -408,6 +411,11 @@ public class PluginAppletViewer extends
>
> private static void handleInitializationMessage(int identifier,
> String message) throws IOException {
>
> + /* The user has specified via a global setting that applets
> should not be run.*/
> + if
> (AppletStartupSecuritySettings.getInstance().getSecurityLevel() ==
> AppletSecurityLevel.DENY_ALL) {
> + return;
> + }
>
>
> I would like to see error spalsh after this - so imho throwing of
> LaunchError is better.
Disagree, but Omair broke tie, so OK. Implemented.
> This is imho the only fatal issue, otherwise it looks liek working.
> +
> // If there is a key for this status, it means it
> // was either initialized before, or destroy has been
> // processed. Stop moving further.
New version attached.
-Adam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: integrated-dialogue3.patch
Type: text/x-patch
Size: 31502 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20130228/6e1b05a8/integrated-dialogue3.patch
More information about the distro-pkg-dev
mailing list