[rfc][icedtea-web] Mixed-signing applet permissions (PR1592)

[Andrew Azores]

Hi,

This patch allows signed JARs within mixed-signing applets to be granted 
full permissions, while unsigned JARs in the same applets retain sandbox 
permissions only. The user is warned/prompted for the okay to proceed 
when this occurs.

I was not able to create a working reproducer test for this due to the 
following error:

java.lang.SecurityException: class "MixedSigningApplet"'s signer 
information does not match signer information of other classes in the 
same package

I'd need to have two different packages in use to get around this, but 
AFAIK we don't have a way to support this with our reproducer system. 
Also, even if I had that working, the 
SecurityDialogs.showNotAllSignedWarningDialog still doesn't really 
respect the Extended Applet Security settings and will appear to prompt 
the user even if security is set to lowest. This would break the 
automation of the reproducer test and make it fairly useless anyway.

The patch is split in two. The first one does the actual work. The 
second patch just removes an old unused local variable and an associated 
enclosing try/catch. This indentation change creates hard to read diff 
output, so I included this separately for ease of review. They need to 
be applied in order.

Changelog:
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: 
(initializeResources) grant full permissions to signed JARs of 
mixed-signing applets

Thanks,

-- 
Andrew A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PR1592-1.patch
Type: text/x-patch
Size: 2681 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20131104/7201d2b9/PR1592-1.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PR1592-2.patch
Type: text/x-patch
Size: 5686 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20131104/7201d2b9/PR1592-2.patch