Mercurial > hg > release > icedtea-web-1.2

--- a/ChangeLog	Tue Jul 03 13:51:29 2012 +0200
+++ b/ChangeLog	Fri Jul 20 11:02:23 2012 -0400
@@ -1,3 +1,14 @@
+2012-07-18  Danesh Dadachanji  <ddadacha@redhat.com>
+
+	Fix RH838417, Fix RH838559: Disambiguate signed applet security prompt
+	from certificate warning.
+	* NEWS: Added entries for RH838417 and RH838559.
+	* netx/net/sourceforge/jnlp/resources/Messages.properties:
+	Added SWarnFullPermissionsIgnorePolicy and updated SHttpsUnverified.
+	* netx/net/sourceforge/jnlp/security/CertWarningPane.java: Display
+	SWarnFullPermissionsIgnorePolicy if the cert is from a jar and is either
+	unverified or has a signing error. Also added warning.png to HTTPS dialogs.
+
 2012-07-23  Jiri Vanek  <jvanek@redhat.com>

 	Last hope for not downloaded resources to be verified
--- a/NEWS	Tue Jul 03 13:51:29 2012 +0200
+++ b/NEWS	Fri Jul 20 11:02:23 2012 -0400
@@ -17,6 +17,9 @@
   - PR863: Error passing strings to applet methods in Chromium
   - PR895: IcedTea-Web searches for missing classes on each loadClass or findClass
   - PR518: NPString.utf8characters not guaranteed to be nul-terminated
+* Common
+  - RH838417: Disambiguate signed applet security prompt from certificate warning
+  - RH838559: Disambiguate signed applet security prompt from certificate warning

 New in release 1.2 (2012-03-05):
 * Security updates:
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties	Tue Jul 03 13:51:29 2012 +0200
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties	Fri Jul 20 11:02:23 2012 -0400
@@ -208,6 +208,7 @@
 SSigVerified=The application's digital signature has been verified. Do you want to run the application?
 SSignatureError=The application's digital signature has an error. Do you want to run the application?
 SUntrustedSource=The digital signature could not be verified by a trusted source. Only run if you trust the origin of the application.
+SWarnFullPermissionsIgnorePolicy=The code executed will be given full permissions, ignoring any java policies you may have.
 STrustedSource=The digital signature has been validated by a trusted source.
 SClipboardReadAccess=The application has requested read-only access to the system clipboard. Do you want to allow this action?
 SClipboardWriteAccess=The application has requested write-only access to the system clipboard. Do you want to allow this action?
@@ -216,7 +217,7 @@
 SNoAssociatedCertificate=<no associated certificate>
 SUnverified=(unverified)
 SAlwaysTrustPublisher=Always trust content from this publisher
-SHttpsUnverified=The website's certificate cannot be verified.
+SHttpsUnverified=The website's HTTPS certificate cannot be verified.
 SNotAllSignedSummary=Only parts of this application code are signed.
 SNotAllSignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
 SNotAllSignedQuestion=Do you wish to proceed and run this application anyway?
--- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java	Tue Jul 03 13:51:29 2012 +0200
+++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java	Fri Jul 20 11:02:23 2012 -0400
@@ -1,5 +1,5 @@
 /* CertWarningPane.java
-   Copyright (C) 2008 Red Hat, Inc.
+   Copyright (C) 2012 Red Hat, Inc.

 This file is part of IcedTea.

@@ -132,15 +132,19 @@
         } catch (Exception e) {
         }

-        //Top label
+        // Labels
         String topLabelText = "";
+        String bottomLabelText = parent.getJarSigner().getRootInCacerts() ?
+                                 R("STrustedSource") : R("SUntrustedSource");
         String propertyName = "";
         String iconLocation = "net/sourceforge/jnlp/resources/";
         boolean alwaysTrustSelected = false;
         if (certVerifier instanceof HttpsCertVerifier) {
-            topLabelText = R("SHttpsUnverified") + " " +
-                                 R("Continue");
+            // HTTPS certs that are verified do not prompt for a dialog.
+            // @see VariableX509TrustManager#checkServerTrusted
+            topLabelText = R("SHttpsUnverified") + " " + R("Continue");
             propertyName = "OptionPane.warningIcon";
+            iconLocation += "warning.png";
         } else
             switch (type) {
                 case VERIFIED:
@@ -153,11 +157,13 @@
                     topLabelText = R("SSigUnverified");
                     propertyName = "OptionPane.warningIcon";
                     iconLocation += "warning.png";
+                    bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy");
                     break;
                 case SIGNING_ERROR:
                     topLabelText = R("SSignatureError");
                     propertyName = "OptionPane.warningIcon";
                     iconLocation += "warning.png";
+                    bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy");
                     break;
             }

@@ -218,20 +224,15 @@
         add(infoPanel);
         add(buttonPanel);

-        JLabel bottomLabel;
+        JLabel bottomLabel = new JLabel(htmlWrap(bottomLabelText));;
         JButton moreInfo = new JButton(R("ButMoreInformation"));
         moreInfo.addActionListener(new MoreInfoButtonListener());

-        if (parent.getJarSigner().getRootInCacerts())
-            bottomLabel = new JLabel(htmlWrap(R("STrustedSource")));
-        else
-            bottomLabel = new JLabel(htmlWrap(R("SUntrustedSource")));
-
         JPanel bottomPanel = new JPanel();
         bottomPanel.setLayout(new BoxLayout(bottomPanel, BoxLayout.X_AXIS));
         bottomPanel.add(bottomLabel);
         bottomPanel.add(moreInfo);
-        bottomPanel.setPreferredSize(new Dimension(500, 100));
+        bottomPanel.setPreferredSize(new Dimension(600, 100));
         bottomPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
         add(bottomPanel);