/hg/icedtea-web: New PartiallySigned Dialog
aazores at icedtea.classpath.org
aazores at icedtea.classpath.org
Fri Mar 14 14:50:38 UTC 2014
changeset 15bbdf43c1e7 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=15bbdf43c1e7
author: Andrew Azores <aazores at redhat.com>
date: Fri Mar 14 10:50:15 2014 -0400
New PartiallySigned Dialog
Added new PartiallySigned Dialog to replace NotAllSignedWarningPane.
Also includes a Sandbox button.
* netx/net/sourceforge/jnlp/resources/Messages.properties:
(APPEXTSecunsignedAppletActionSandbox, LPartiallySignedApplet,
LPartiallySignedAppletUserDenied) new messages. (SNotAllSignedSummary,
SNotAllSignedDetail, SNotAllSignedQuestion) keys renamed to SPartially*
* netx/net/sourceforge/jnlp/resources/Messages_cs.properties: (SNotAllSignedSummary,
SNotAllSignedDetail, SNotAllSignedQuestion) keys renamed to SPartially*
* netx/net/sourceforge/jnlp/resources/Messages_de.properties: same
* netx/net/sourceforge/jnlp/resources/Messages_pl.properties: same
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
Logic added for displaying new PartiallySigned dialog.
(showNotAllSignedDialog) removed. (getSigningState) new method.
(promptUserOnPartialSigning, userPromptedForPartialSigning) new methods for
SecurityDelegate.
* netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java:
(partiallySigned) new method
* netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java:
(chosenActionSetter) refactored to allow Sandbox action. (setupInfoPanel) applet
title made overrideable by subclasses
* netx/net/sourceforge/jnlp/security/SecurityDialog.java: (NOTALLSIGNED_WARNING)
renamed PARTIALLYSIGNED_WARNING, display new dialog rather than old
* netx/net/sourceforge/jnlp/security/SecurityDialogs.java: (NOTALLSIGNED_WARNING)
renamed PARTIALLYSIGNED_WARNING. (showNotAllSignedWarningDialog) removed.
(showPartiallySignedWarningDialog) new method
* netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java:
Added Sandbox action
* netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:
(checkPartiallySignedWithUserIfRequired) new method
* tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java:
test now passes since dialog will not appear if applet security is set to Low.
KnownToFail removed.
* tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java:
same
* netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java:
new class
* netx/net/sourceforge/jnlp/security/dialogs/NotAllSignedWarningPane.java: deleted
in favour of PartiallySignedAppTrustWarningPanel
diffstat:
ChangeLog | 41 ++
netx/net/sourceforge/jnlp/resources/Messages.properties | 9 +-
netx/net/sourceforge/jnlp/resources/Messages_cs.properties | 6 +-
netx/net/sourceforge/jnlp/resources/Messages_de.properties | 6 +-
netx/net/sourceforge/jnlp/resources/Messages_pl.properties | 6 +-
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 53 ++-
netx/net/sourceforge/jnlp/security/SecurityDialog.java | 55 +--
netx/net/sourceforge/jnlp/security/SecurityDialogs.java | 43 +-
netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java | 8 +-
netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java | 50 +++
netx/net/sourceforge/jnlp/security/dialogs/NotAllSignedWarningPane.java | 115 --------
netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java | 6 +
netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java | 27 +-
netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java | 140 ++++++++++
tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java | 3 -
tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java | 3 -
16 files changed, 350 insertions(+), 221 deletions(-)
diffs (truncated from 919 to 500 lines):
diff -r fdff61a60cc1 -r 15bbdf43c1e7 ChangeLog
--- a/ChangeLog Fri Mar 14 09:39:56 2014 -0400
+++ b/ChangeLog Fri Mar 14 10:50:15 2014 -0400
@@ -1,3 +1,44 @@
+2014-03-14 Andrew Azores <aazores at redhat.com>
+
+ Added new PartiallySigned Dialog to replace NotAllSignedWarningPane.
+ Also includes a Sandbox button.
+ * netx/net/sourceforge/jnlp/resources/Messages.properties:
+ (APPEXTSecunsignedAppletActionSandbox, LPartiallySignedApplet,
+ LPartiallySignedAppletUserDenied) new messages. (SNotAllSignedSummary,
+ SNotAllSignedDetail, SNotAllSignedQuestion) keys renamed to SPartially*
+ * netx/net/sourceforge/jnlp/resources/Messages_cs.properties: (SNotAllSignedSummary,
+ SNotAllSignedDetail, SNotAllSignedQuestion) keys renamed to SPartially*
+ * netx/net/sourceforge/jnlp/resources/Messages_de.properties: same
+ * netx/net/sourceforge/jnlp/resources/Messages_pl.properties: same
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
+ Logic added for displaying new PartiallySigned dialog.
+ (showNotAllSignedDialog) removed. (getSigningState) new method.
+ (promptUserOnPartialSigning, userPromptedForPartialSigning) new methods for
+ SecurityDelegate.
+ * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java:
+ (partiallySigned) new method
+ * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java:
+ (chosenActionSetter) refactored to allow Sandbox action. (setupInfoPanel) applet
+ title made overrideable by subclasses
+ * netx/net/sourceforge/jnlp/security/SecurityDialog.java: (NOTALLSIGNED_WARNING)
+ renamed PARTIALLYSIGNED_WARNING, display new dialog rather than old
+ * netx/net/sourceforge/jnlp/security/SecurityDialogs.java: (NOTALLSIGNED_WARNING)
+ renamed PARTIALLYSIGNED_WARNING. (showNotAllSignedWarningDialog) removed.
+ (showPartiallySignedWarningDialog) new method
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java:
+ Added Sandbox action
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:
+ (checkPartiallySignedWithUserIfRequired) new method
+ * tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java:
+ test now passes since dialog will not appear if applet security is set to Low.
+ KnownToFail removed.
+ * tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java:
+ same
+ * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java:
+ new class
+ * netx/net/sourceforge/jnlp/security/dialogs/NotAllSignedWarningPane.java: deleted
+ in favour of PartiallySignedAppTrustWarningPanel
+
2014-03-14 Andrew Azores <aazores at redhat.com>
* netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditor.java:
diff -r fdff61a60cc1 -r 15bbdf43c1e7 netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Fri Mar 14 10:50:15 2014 -0400
@@ -127,6 +127,8 @@
LUnsignedApplet=The applet was unsigned.
LUnsignedAppletPolicyDenied=The applet was unsigned, and the security policy prevented it from running.
LUnsignedAppletUserDenied=The applet was unsigned, and was not trusted.
+LPartiallySignedApplet=The applet was partially signed.
+LPartiallySignedAppletUserDenied=The applet was partially signed, and the user did not trust it.
LSignedAppJarUsingUnsignedJar=Signed application using unsigned jars.
LSignedAppJarUsingUnsignedJarInfo=The main application jar is signed, but some of the jars it is using aren't.
LRunInSandboxError=Run in Sandbox call performed too late.
@@ -291,9 +293,9 @@
SUnsignedAllowedBefore=<font color="green">You have accepted this applet previously.</font>
SUnsignedRejectedBefore=<font color="red">You have rejected this applet previously.</font>
SUnsignedQuestion=Allow the applet to run?
-SNotAllSignedSummary=Only parts of this application code are signed.
-SNotAllSignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
-SNotAllSignedQuestion=Do you wish to proceed and run this application anyway?
+SPartiallySignedSummary=Only parts of this application code are signed.
+SPartiallySignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
+SPartiallySignedQuestion=Do you wish to proceed and run this application anyway?
SAuthenticationPrompt=The {0} server at {1} is requesting authentication. It says "{2}"
SJNLPFileIsNotSigned=This application contains a digital signature in which the launching JNLP file is not signed.
SAppletTitle=Applet title: {0}
@@ -755,6 +757,7 @@
APPEXTSECunsignedAppletActionAlways=Always trust this (matching) applet(s)
APPEXTSECunsignedAppletActionNever=Never trust this (matching) applet(s)
APPEXTSECunsignedAppletActionYes=This applet was visited and allowed
+APPEXTSecunsignedAppletActionSandbox=This applet was visited and allowed to run with restricted privileges
APPEXTSECunsignedAppletActionNo=This applet was visited and denied
APPEXTSECControlPanelExtendedAppletSecurityTitle=Extended applet security
APPEXTSECguiTableModelTableColumnAction=Action
diff -r fdff61a60cc1 -r 15bbdf43c1e7 netx/net/sourceforge/jnlp/resources/Messages_cs.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages_cs.properties Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages_cs.properties Fri Mar 14 10:50:15 2014 -0400
@@ -232,9 +232,9 @@
SUnsignedAllowedBefore=<font color="green">Tento applet jste ji\u017e d\u0159\u00edve povolili.</font>
SUnsignedRejectedBefore=<font color="red">Tento applet jste ji\u017e d\u0159\u00edve odm\u00edtli.</font>
SUnsignedQuestion=Povolit spu\u0161t\u011bn\u00ed appletu?
-SNotAllSignedSummary=Podeps\u00e1ny jsou jen \u010d\u00e1sti k\u00f3du t\u00e9to aplikace.
-SNotAllSignedDetail=Tato aplikace obsahuje podepsan\u00fd i nepodepsan\u00fd k\u00f3d. Podepsan\u00fd k\u00f3d je bezpe\u010dn\u00fd, pokud d\u016fv\u011b\u0159ujete poskytovateli tohoto k\u00f3du. Nepodepsan\u00e9 \u010d\u00e1sti mohou obsahovat k\u00f3d, kter\u00fd nen\u00ed pod kontrolou d\u016fv\u011bryhodn\u00e9ho poskytovatele.
-SNotAllSignedQuestion=Chcete p\u0159esto pokra\u010dovat a spustit aplikaci?
+SPartiallySignedSummary=Podeps\u00e1ny jsou jen \u010d\u00e1sti k\u00f3du t\u00e9to aplikace.
+SPartiallySignedDetail=Tato aplikace obsahuje podepsan\u00fd i nepodepsan\u00fd k\u00f3d. Podepsan\u00fd k\u00f3d je bezpe\u010dn\u00fd, pokud d\u016fv\u011b\u0159ujete poskytovateli tohoto k\u00f3du. Nepodepsan\u00e9 \u010d\u00e1sti mohou obsahovat k\u00f3d, kter\u00fd nen\u00ed pod kontrolou d\u016fv\u011bryhodn\u00e9ho poskytovatele.
+SPartiallySignedQuestion=Chcete p\u0159esto pokra\u010dovat a spustit aplikaci?
SAuthenticationPrompt=Server {0} na adrese {1} vy\u017eaduje ov\u011b\u0159en\u00ed. Zpr\u00e1va: \u201e{2}\u201c
SJNLPFileIsNotSigned=Tato aplikace obsahuje digit\u00e1ln\u00ed podpis, v r\u00e1mci kter\u00e9ho v\u0161ak nen\u00ed podeps\u00e1n spou\u0161t\u011bn\u00fd soubor JNLP.
diff -r fdff61a60cc1 -r 15bbdf43c1e7 netx/net/sourceforge/jnlp/resources/Messages_de.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages_de.properties Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages_de.properties Fri Mar 14 10:50:15 2014 -0400
@@ -244,9 +244,9 @@
SUnsignedAllowedBefore=<font color="green">Dieses Applet wurde bereits akzeptiert.</font>
SUnsignedRejectedBefore=<font color="red">Dieses Applet wurde bereits abgelehnt.</font>
SUnsignedQuestion=Soll dem Applet die Ausf\u00fchrung erlaubt werden?
-SNotAllSignedSummary=Nur Teile des Anwendungscodes sind signiert.
-SNotAllSignedDetail=Diese Anwendung enth\u00e4lt sowohl signierten als auch nicht signierten Code. W\u00e4hrend signierter Code sicher ist, wenn Sie dem Anbieter vertrauen, kann nicht signierter Code sich \u00fcber Code erstrecken, der sich der Kontrolle des Anbieters entzieht.
-SNotAllSignedQuestion=Soll fortgefahren und diese Anwendung dennoch zur Ausf\u00fchrung gebracht werden?
+SPartiallySignedSummary=Nur Teile des Anwendungscodes sind signiert.
+SPartiallySignedDetail=Diese Anwendung enth\u00e4lt sowohl signierten als auch nicht signierten Code. W\u00e4hrend signierter Code sicher ist, wenn Sie dem Anbieter vertrauen, kann nicht signierter Code sich \u00fcber Code erstrecken, der sich der Kontrolle des Anbieters entzieht.
+SPartiallySignedQuestion=Soll fortgefahren und diese Anwendung dennoch zur Ausf\u00fchrung gebracht werden?
SAuthenticationPrompt=Der Server {0} von {1} fordert Authentifizierung an. Er sagt: \u201e{2}\u201c
SJNLPFileIsNotSigned=Die Anwendung enth\u00e4lt eine digitale Signatur in der, die startende JNLP-Datei nicht signiert ist.
diff -r fdff61a60cc1 -r 15bbdf43c1e7 netx/net/sourceforge/jnlp/resources/Messages_pl.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages_pl.properties Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages_pl.properties Fri Mar 14 10:50:15 2014 -0400
@@ -244,9 +244,9 @@
SUnsignedAllowedBefore=<font color="green">Zaakceptowa\u0142e\u015b ten applet poprzednio.</font>
SUnsignedRejectedBefore=<font color="red">Odrzuci\u0142e\u015b ten applet poprzednio.</font>
SUnsignedQuestion=Czy chcesz zezwoli\u0107 temu applet-owi na uruchomienie?
-SNotAllSignedSummary=Zaledwie cz\u0119\u015bci kodu tej aplikacji s\u0105 podpisane.
-SNotAllSignedDetail=Ta aplikacja zawiera zar\u00f3wno podpisany jak i niepodpisany kod. Cho\u0107 kod, kt\u00f3ry jest podpisany przez zaufanego dostawc\u0119 jest bezpieczny, niepodpisany kod mo\u017ce poci\u0105ga\u0107 za sob\u0105 kod, kt\u00f3ry jest poza kontrolnym zasi\u0119giem zaufanego dostawcy.
-SNotAllSignedQuestion=Czy chcesz kontynuowa\u0107 i mimo to uruchomi\u0107 t\u0105 aplikacj\u0119?
+SPartiallySignedSummary=Zaledwie cz\u0119\u015bci kodu tej aplikacji s\u0105 podpisane.
+SPartiallySignedDetail=Ta aplikacja zawiera zar\u00f3wno podpisany jak i niepodpisany kod. Cho\u0107 kod, kt\u00f3ry jest podpisany przez zaufanego dostawc\u0119 jest bezpieczny, niepodpisany kod mo\u017ce poci\u0105ga\u0107 za sob\u0105 kod, kt\u00f3ry jest poza kontrolnym zasi\u0119giem zaufanego dostawcy.
+SPartiallySignedQuestion=Czy chcesz kontynuowa\u0107 i mimo to uruchomi\u0107 t\u0105 aplikacj\u0119?
SAuthenticationPrompt=Serwer {0} w \u201e{1}\u201d \u017c\u0105da uwierzytelnienia. Podaje komunikat: \u201e{2}\u201d
SJNLPFileIsNotSigned=Ta aplikacja zawiera podpis cyfrowy, jednak startowany plik JNLP jest bez podpisu.
diff -r fdff61a60cc1 -r 15bbdf43c1e7 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Fri Mar 14 10:50:15 2014 -0400
@@ -15,7 +15,6 @@
package net.sourceforge.jnlp.runtime;
-import net.sourceforge.jnlp.JNLPFile.ManifestBoolean;
import static net.sourceforge.jnlp.runtime.Translator.R;
import java.io.File;
@@ -65,6 +64,7 @@
import net.sourceforge.jnlp.ExtensionDesc;
import net.sourceforge.jnlp.JARDesc;
import net.sourceforge.jnlp.JNLPFile;
+import net.sourceforge.jnlp.JNLPFile.ManifestBoolean;
import net.sourceforge.jnlp.JNLPMatcher;
import net.sourceforge.jnlp.JNLPMatcherException;
import net.sourceforge.jnlp.LaunchDesc;
@@ -365,7 +365,9 @@
// the user was already shown a CertWarning dialog and has chosen to run the applet sandboxed.
// This means they've already agreed to running the applet and have specified with which
// permission level to do it!
- if (!loader.getSigning() && !loader.securityDelegate.userPromptedForSandbox() && file instanceof PluginBridge) {
+ if (loader.getSigningState() == SigningState.PARTIAL) {
+ loader.securityDelegate.promptUserOnPartialSigning();
+ } else if (!loader.getSigning() && !loader.securityDelegate.userPromptedForSandbox() && file instanceof PluginBridge) {
UnsignedAppletTrustConfirmation.checkUnsignedWithUserIfRequired((PluginBridge)file);
}
@@ -374,10 +376,9 @@
JNLPClassLoader extLoader = uniqueKeyToLoader.get(uniqueKey);
if (extLoader != null && extLoader != loader) {
- if (loader.getSigning() && !extLoader.getSigning())
- if (!SecurityDialogs.showNotAllSignedWarningDialog(file))
- throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
-
+ if (loader.getSigning() != extLoader.getSigning()) {
+ loader.securityDelegate.promptUserOnPartialSigning();
+ }
loader.merge(extLoader);
extLoader.decrementLoaderUseCount(); // loader urls have been merged, ext loader is no longer used
}
@@ -1055,7 +1056,7 @@
return;
}
- if (jcv.isFullySigned() && !jcv.getAlreadyTrustPublisher()) {
+ if (getSigningState() == SigningState.FULL && jcv.isFullySigned() && !jcv.getAlreadyTrustPublisher()) {
jcv.checkTrustWithUser(securityDelegate, file);
}
}
@@ -1077,21 +1078,6 @@
}
/**
- * Display a dialog prompting the user to proceed on applets with mixed signing.
- * @param file the JNLPFile or PluginBridge describing the applet/application to be launched
- * @throws LaunchException if the user does not approve the prompt
- */
- private void showNotAllSignedDialog(JNLPFile file) throws LaunchException {
- if (JNLPRuntime.isTrustAll()) {
- return;
- }
-
- if (!SecurityDialogs.showNotAllSignedWarningDialog(file)) {
- throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
- }
- }
-
- /**
* Add applet's codebase URL. This allows compatibility with
* applets that load resources from their codebase instead of
* through JARs, but can slow down resource loading. Resources
@@ -1921,7 +1907,7 @@
if (signing == SigningState.FULL && JNLPRuntime.isVerifying()) {
signing = SigningState.PARTIAL;
try {
- showNotAllSignedDialog(this.file);
+ securityDelegate.promptUserOnPartialSigning();
} catch (LaunchException e) {
throw new RuntimeException("The signed applet required loading of unsigned code from the codebase, "
+ "which the user refused", e);
@@ -1929,6 +1915,10 @@
}
}
+ public SigningState getSigningState() {
+ return signing;
+ }
+
protected SecurityDesc getSecurity() {
return security;
}
@@ -2314,6 +2304,8 @@
public static interface SecurityDelegate {
public boolean isPluginApplet();
+ public boolean userPromptedForPartialSigning();
+
public boolean userPromptedForSandbox();
public SecurityDesc getCodebaseSecurityDesc(final JARDesc jarDesc, final String codebaseHost);
@@ -2322,6 +2314,8 @@
public SecurityDesc getJarPermissions(final String codebaseHost);
+ public void promptUserOnPartialSigning() throws LaunchException;
+
public void setRunInSandbox() throws LaunchException;
public boolean getRunInSandbox();
@@ -2424,6 +2418,7 @@
public static class SecurityDelegateImpl implements SecurityDelegate {
private final JNLPClassLoader classLoader;
private boolean runInSandbox;
+ private boolean promptedForPartialSigning;
private boolean promptedForSandbox;
public SecurityDelegateImpl(final JNLPClassLoader classLoader) {
@@ -2530,10 +2525,22 @@
this.runInSandbox = true;
}
+ public void promptUserOnPartialSigning() throws LaunchException {
+ if (promptedForPartialSigning || JNLPRuntime.isTrustAll()) {
+ return;
+ }
+ promptedForPartialSigning = true;
+ UnsignedAppletTrustConfirmation.checkPartiallySignedWithUserIfRequired(this, classLoader.file, classLoader.jcv);
+ }
+
public boolean getRunInSandbox() {
return this.runInSandbox;
}
+ public boolean userPromptedForPartialSigning() {
+ return this.promptedForPartialSigning;
+ }
+
public boolean userPromptedForSandbox() {
return this.promptedForSandbox;
}
diff -r fdff61a60cc1 -r 15bbdf43c1e7 netx/net/sourceforge/jnlp/security/SecurityDialog.java
--- a/netx/net/sourceforge/jnlp/security/SecurityDialog.java Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialog.java Fri Mar 14 10:50:15 2014 -0400
@@ -37,35 +37,34 @@
package net.sourceforge.jnlp.security;
-import net.sourceforge.jnlp.security.dialogs.MissingALACAttributePanel;
-import net.sourceforge.jnlp.security.dialogs.MatchingALACAttributePanel;
-import net.sourceforge.jnlp.security.dialogs.MissingPermissionsAttributePanel;
-import net.sourceforge.jnlp.security.dialogs.AppletWarningPane;
-import net.sourceforge.jnlp.security.dialogs.AccessWarningPane;
-import net.sourceforge.jnlp.security.dialogs.NotAllSignedWarningPane;
-import net.sourceforge.jnlp.security.dialogs.apptrustwarningpanel.UnsignedAppletTrustWarningDialog;
-import net.sourceforge.jnlp.security.dialogs.PasswordAuthenticationPane;
-import net.sourceforge.jnlp.security.dialogs.SecurityDialogPanel;
-import net.sourceforge.jnlp.security.dialogs.CertWarningPane;
-import net.sourceforge.jnlp.security.dialogs.SingleCertInfoPane;
-import net.sourceforge.jnlp.security.dialogs.CertsInfoPane;
-import net.sourceforge.jnlp.security.dialogs.MoreInfoPane;
+import java.awt.BorderLayout;
+import java.awt.event.ActionListener;
+import java.awt.event.WindowAdapter;
+import java.awt.event.WindowEvent;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.concurrent.CopyOnWriteArrayList;
+
+import javax.swing.JDialog;
+
import net.sourceforge.jnlp.JNLPFile;
import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
import net.sourceforge.jnlp.security.SecurityDialogs.DialogType;
+import net.sourceforge.jnlp.security.dialogs.AccessWarningPane;
+import net.sourceforge.jnlp.security.dialogs.AppletWarningPane;
+import net.sourceforge.jnlp.security.dialogs.CertWarningPane;
+import net.sourceforge.jnlp.security.dialogs.CertsInfoPane;
+import net.sourceforge.jnlp.security.dialogs.MatchingALACAttributePanel;
+import net.sourceforge.jnlp.security.dialogs.MissingALACAttributePanel;
+import net.sourceforge.jnlp.security.dialogs.MissingPermissionsAttributePanel;
+import net.sourceforge.jnlp.security.dialogs.MoreInfoPane;
+import net.sourceforge.jnlp.security.dialogs.PasswordAuthenticationPane;
+import net.sourceforge.jnlp.security.dialogs.SecurityDialogPanel;
+import net.sourceforge.jnlp.security.dialogs.SingleCertInfoPane;
+import net.sourceforge.jnlp.security.dialogs.apptrustwarningpanel.AppTrustWarningDialog;
import net.sourceforge.jnlp.util.ImageResources;
-
-import java.awt.*;
-
-import javax.swing.*;
-
-import java.awt.event.*;
-import java.security.cert.X509Certificate;
-import java.util.concurrent.CopyOnWriteArrayList;
-
-import java.util.List;
+import net.sourceforge.jnlp.util.ScreenFinder;
import net.sourceforge.jnlp.util.logging.OutputController;
-import net.sourceforge.jnlp.util.ScreenFinder;
/**
* Provides methods for showing security warning dialogs for a wide range of
@@ -241,7 +240,7 @@
dialogTitle = "Security Warning";
else if (dialogType == DialogType.APPLET_WARNING)
dialogTitle = "Applet Warning";
- else if (dialogType == DialogType.NOTALLSIGNED_WARNING)
+ else if (dialogType == DialogType.PARTIALLYSIGNED_WARNING)
dialogTitle = "Security Warning";
else if (dialogType == DialogType.AUTHENTICATION)
dialogTitle = "Authentication Required";
@@ -314,10 +313,10 @@
panel = new AccessWarningPane(this, extras, this.certVerifier);
else if (dialogType == DialogType.APPLET_WARNING)
panel = new AppletWarningPane(this, this.certVerifier);
- else if (dialogType == DialogType.NOTALLSIGNED_WARNING)
- panel = new NotAllSignedWarningPane(this);
+ else if (dialogType == DialogType.PARTIALLYSIGNED_WARNING)
+ panel = AppTrustWarningDialog.partiallySigned(this, file);
else if (dialogType == DialogType.UNSIGNED_WARNING) // Only necessary for applets on 'high security' or above
- panel = new UnsignedAppletTrustWarningDialog(this, file);
+ panel = AppTrustWarningDialog.unsigned(this, file);
else if (dialogType == DialogType.AUTHENTICATION)
panel = new PasswordAuthenticationPane(this, extras);
else if (dialogType == DialogType.UNSIGNED_EAS_NO_PERMISSIONS_WARNING)
diff -r fdff61a60cc1 -r 15bbdf43c1e7 netx/net/sourceforge/jnlp/security/SecurityDialogs.java
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Fri Mar 14 10:50:15 2014 -0400
@@ -78,7 +78,7 @@
CERT_INFO,
SINGLE_CERT_INFO,
ACCESS_WARNING,
- NOTALLSIGNED_WARNING,
+ PARTIALLYSIGNED_WARNING,
UNSIGNED_WARNING, /* requires confirmation with 'high-security' setting */
APPLET_WARNING,
AUTHENTICATION,
@@ -98,7 +98,7 @@
NETWORK,
VERIFIED,
UNVERIFIED,
- NOTALLSIGNED,
+ PARTIALLYSIGNED,
UNSIGNED, /* requires confirmation with 'high-security' setting */
SIGNING_ERROR
}
@@ -163,29 +163,6 @@
}
/**
- * Shows a warning dialog for when the main application jars are signed,
- * but extensions aren't
- *
- * @return true if permission was granted by the user, false otherwise.
- */
- public static boolean showNotAllSignedWarningDialog(JNLPFile file) {
-
- if (!shouldPromptUser()) {
- return false;
- }
-
- final SecurityDialogMessage message = new SecurityDialogMessage();
- message.dialogType = DialogType.NOTALLSIGNED_WARNING;
- message.accessType = AccessType.NOTALLSIGNED;
- message.file = file;
- message.extras = new Object[0];
-
- Object selectedValue = getUserResponse(message);
-
- return getIntegerResponseAsBoolean(selectedValue);
- }
-
- /**
* Shows a warning dialog for when a plugin applet is unsigned.
* This is used with 'high-security' setting.
*
@@ -238,6 +215,22 @@
}
/**
+ * Shows a warning dialog for when an applet or application is partially signed.
+ *
+ * @return true if permission was granted by the user, false otherwise.
+ */
+ public static AppSigningWarningAction showPartiallySignedWarningDialog(JNLPFile file, CertVerifier certVerifier) {
+
+ final SecurityDialogMessage message = new SecurityDialogMessage();
+ message.dialogType = DialogType.PARTIALLYSIGNED_WARNING;
+ message.accessType = AccessType.PARTIALLYSIGNED;
+ message.file = file;
+ message.certVerifier = certVerifier;
+
+ return (AppSigningWarningAction) getUserResponse(message);
+ }
+
+ /**
* Present a dialog to the user asking them for authentication information,
* and returns the user's response. The caller must have
* NetPermission("requestPasswordAuthentication") for this to work.
diff -r fdff61a60cc1 -r 15bbdf43c1e7 netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java
--- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java Fri Mar 14 10:50:15 2014 -0400
@@ -39,7 +39,7 @@
public enum ExecuteAppletAction {
- ALWAYS, NEVER, YES, NO;
+ ALWAYS, NEVER, YES, SANDBOX, NO;
public String toChar() {
switch (this) {
@@ -49,6 +49,8 @@
return "N";
case YES:
return "y";
+ case SANDBOX:
+ return "s";
case NO:
return "n";
}
@@ -63,6 +65,8 @@
return Translator.R("APPEXTSECunsignedAppletActionNever");
case YES:
return Translator.R("APPEXTSECunsignedAppletActionYes");
+ case SANDBOX:
+ return Translator.R("APPEXTSECunsignedAppletActionSandbox");
case NO:
return Translator.R("APPEXTSECunsignedAppletActionNo");
}
@@ -76,6 +80,8 @@
return ExecuteAppletAction.NEVER;
} else if (s.startsWith("y")) {
return ExecuteAppletAction.YES;
+ } else if (s.startsWith("s")) {
+ return ExecuteAppletAction.SANDBOX;
} else if (s.startsWith("n")) {
return ExecuteAppletAction.NO;
} else {
diff -r fdff61a60cc1 -r 15bbdf43c1e7 netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java
--- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Fri Mar 14 10:50:15 2014 -0400
@@ -48,6 +48,8 @@
import net.sourceforge.jnlp.JNLPFile;
import net.sourceforge.jnlp.LaunchException;
import net.sourceforge.jnlp.PluginBridge;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import net.sourceforge.jnlp.runtime.JNLPClassLoader.SecurityDelegate;
import net.sourceforge.jnlp.security.dialogs.apptrustwarningpanel.AppTrustWarningPanel.AppSigningWarningAction;
import net.sourceforge.jnlp.security.CertVerifier;
import net.sourceforge.jnlp.security.SecurityDialogs;
@@ -212,4 +214,52 @@
}
+ public static void checkPartiallySignedWithUserIfRequired(SecurityDelegate securityDelegate, JNLPFile file,
+ CertVerifier certVerifier) throws LaunchException {
+
+ if (JNLPRuntime.isTrustNone()) {
+ OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " with only Sandbox permissions due to -Xtrustnone flag");
+ securityDelegate.setRunInSandbox();
+ return;
+ }
+
+ if (!unsignedConfirmationIsRequired()) {
+ OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " does not require confirmation according to security policy.");
+ return;
+ }
More information about the distro-pkg-dev
mailing list