# HG changeset patch # User Danesh Dadachanji # Date 1342795486 14400 # Node ID c9d0e375f07cea36ece69b43ba0d6c5ba8a4bb17 # Parent 270a09e38dfb4f89a61332ba14f86df14cf0600d Fix RH838417, Fix RH838559: Disambiguate signed applet security prompt from certificate warning. diff -r 270a09e38dfb -r c9d0e375f07c ChangeLog --- a/ChangeLog Wed Jul 11 16:19:27 2012 +0200 +++ b/ChangeLog Fri Jul 20 10:44:46 2012 -0400 @@ -1,3 +1,14 @@ +2012-07-18 Danesh Dadachanji + + Fix RH838417, Fix RH838559: Disambiguate signed applet security prompt + from certificate warning. + * NEWS: Added entries for RH838417 and RH838559. + * netx/net/sourceforge/jnlp/resources/Messages.properties: + Added SWarnFullPermissionsIgnorePolicy and updated SHttpsUnverified. + * netx/net/sourceforge/jnlp/security/CertWarningPane.java: Display + SWarnFullPermissionsIgnorePolicy if the cert is from a jar and is either + unverified or has a signing error. Also added warning.png to HTTPS dialogs. + 2012-07-11 Jiri Vanek try to close browser before kill it diff -r 270a09e38dfb -r c9d0e375f07c NEWS --- a/NEWS Wed Jul 11 16:19:27 2012 +0200 +++ b/NEWS Fri Jul 20 10:44:46 2012 -0400 @@ -23,6 +23,8 @@ - PR1011: Folders treated as jar files in archive tag * Common - PR918: java applet windows uses a low resulution black/white icon + - RH838417: Disambiguate signed applet security prompt from certificate warning + - RH838559: Disambiguate signed applet security prompt from certificate warning New in release 1.2 (2011-XX-XX): * Security updates: diff -r 270a09e38dfb -r c9d0e375f07c netx/net/sourceforge/jnlp/resources/Messages.properties --- a/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Jul 11 16:19:27 2012 +0200 +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Fri Jul 20 10:44:46 2012 -0400 @@ -205,6 +205,7 @@ SSigVerified=The application's digital signature has been verified. Do you want to run the application? SSignatureError=The application's digital signature has an error. Do you want to run the application? SUntrustedSource=The digital signature could not be verified by a trusted source. Only run if you trust the origin of the application. +SWarnFullPermissionsIgnorePolicy=The code executed will be given full permissions, ignoring any java policies you may have. STrustedSource=The digital signature has been validated by a trusted source. SClipboardReadAccess=The application has requested read-only access to the system clipboard. Do you want to allow this action? SClipboardWriteAccess=The application has requested write-only access to the system clipboard. Do you want to allow this action? @@ -213,7 +214,7 @@ SNoAssociatedCertificate= SUnverified=(unverified) SAlwaysTrustPublisher=Always trust content from this publisher -SHttpsUnverified=The website's certificate cannot be verified. +SHttpsUnverified=The website's HTTPS certificate cannot be verified. SNotAllSignedSummary=Only parts of this application code are signed. SNotAllSignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control. SNotAllSignedQuestion=Do you wish to proceed and run this application anyway? diff -r 270a09e38dfb -r c9d0e375f07c netx/net/sourceforge/jnlp/security/CertWarningPane.java --- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java Wed Jul 11 16:19:27 2012 +0200 +++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java Fri Jul 20 10:44:46 2012 -0400 @@ -1,5 +1,5 @@ /* CertWarningPane.java - Copyright (C) 2008 Red Hat, Inc. + Copyright (C) 2012 Red Hat, Inc. This file is part of IcedTea. @@ -132,15 +132,19 @@ } catch (Exception e) { } - //Top label + // Labels String topLabelText = ""; + String bottomLabelText = parent.getCertVerifier().getRootInCacerts() ? + R("STrustedSource") : R("SUntrustedSource"); String propertyName = ""; String iconLocation = "net/sourceforge/jnlp/resources/"; boolean alwaysTrustSelected = false; if (certVerifier instanceof HttpsCertVerifier) { - topLabelText = R("SHttpsUnverified") + " " + - R("Continue"); + // HTTPS certs that are verified do not prompt for a dialog. + // @see VariableX509TrustManager#checkServerTrusted + topLabelText = R("SHttpsUnverified") + " " + R("Continue"); propertyName = "OptionPane.warningIcon"; + iconLocation += "warning.png"; } else switch (type) { case VERIFIED: @@ -153,11 +157,13 @@ topLabelText = R("SSigUnverified"); propertyName = "OptionPane.warningIcon"; iconLocation += "warning.png"; + bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy"); break; case SIGNING_ERROR: topLabelText = R("SSignatureError"); propertyName = "OptionPane.warningIcon"; iconLocation += "warning.png"; + bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy"); break; } @@ -218,20 +224,15 @@ add(infoPanel); add(buttonPanel); - JLabel bottomLabel; + JLabel bottomLabel = new JLabel(htmlWrap(bottomLabelText));; JButton moreInfo = new JButton(R("ButMoreInformation")); moreInfo.addActionListener(new MoreInfoButtonListener()); - if (parent.getCertVerifier().getRootInCacerts()) - bottomLabel = new JLabel(htmlWrap(R("STrustedSource"))); - else - bottomLabel = new JLabel(htmlWrap(R("SUntrustedSource"))); - JPanel bottomPanel = new JPanel(); bottomPanel.setLayout(new BoxLayout(bottomPanel, BoxLayout.X_AXIS)); bottomPanel.add(bottomLabel); bottomPanel.add(moreInfo); - bottomPanel.setPreferredSize(new Dimension(500, 100)); + bottomPanel.setPreferredSize(new Dimension(600, 100)); bottomPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10)); add(bottomPanel);