Mercurial > hg > release > icedtea-web-1.5

changeset 937:15bbdf43c1e7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
New PartiallySigned Dialog Added new PartiallySigned Dialog to replace NotAllSignedWarningPane. Also includes a Sandbox button. * netx/net/sourceforge/jnlp/resources/Messages.properties: (APPEXTSecunsignedAppletActionSandbox, LPartiallySignedApplet, LPartiallySignedAppletUserDenied) new messages. (SNotAllSignedSummary, SNotAllSignedDetail, SNotAllSignedQuestion) keys renamed to SPartially* * netx/net/sourceforge/jnlp/resources/Messages_cs.properties: (SNotAllSignedSummary, SNotAllSignedDetail, SNotAllSignedQuestion) keys renamed to SPartially* * netx/net/sourceforge/jnlp/resources/Messages_de.properties: same * netx/net/sourceforge/jnlp/resources/Messages_pl.properties: same * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: Logic added for displaying new PartiallySigned dialog. (showNotAllSignedDialog) removed. (getSigningState) new method. (promptUserOnPartialSigning, userPromptedForPartialSigning) new methods for SecurityDelegate. * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java: (partiallySigned) new method * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java: (chosenActionSetter) refactored to allow Sandbox action. (setupInfoPanel) applet title made overrideable by subclasses * netx/net/sourceforge/jnlp/security/SecurityDialog.java: (NOTALLSIGNED_WARNING) renamed PARTIALLYSIGNED_WARNING, display new dialog rather than old * netx/net/sourceforge/jnlp/security/SecurityDialogs.java: (NOTALLSIGNED_WARNING) renamed PARTIALLYSIGNED_WARNING. (showNotAllSignedWarningDialog) removed. (showPartiallySignedWarningDialog) new method * netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java: Added Sandbox action * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java: (checkPartiallySignedWithUserIfRequired) new method * tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java: test now passes since dialog will not appear if applet security is set to Low. KnownToFail removed. * tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java: same * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java: new class * netx/net/sourceforge/jnlp/security/dialogs/NotAllSignedWarningPane.java: deleted in favour of PartiallySignedAppTrustWarningPanel
author Andrew Azores <aazores@redhat.com>
date Fri, 14 Mar 2014 10:50:15 -0400
parents fdff61a60cc1
children d133c4ebfe24
files ChangeLog netx/net/sourceforge/jnlp/resources/Messages.properties netx/net/sourceforge/jnlp/resources/Messages_cs.properties netx/net/sourceforge/jnlp/resources/Messages_de.properties netx/net/sourceforge/jnlp/resources/Messages_pl.properties netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java netx/net/sourceforge/jnlp/security/SecurityDialog.java netx/net/sourceforge/jnlp/security/SecurityDialogs.java netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java netx/net/sourceforge/jnlp/security/dialogs/NotAllSignedWarningPane.java netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java
diffstat 16 files changed, 350 insertions(+), 221 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Fri Mar 14 09:39:56 2014 -0400
+++ b/ChangeLog	Fri Mar 14 10:50:15 2014 -0400
@@ -1,3 +1,44 @@
+2014-03-14  Andrew Azores  <aazores@redhat.com>
+
+	Added new PartiallySigned Dialog to replace NotAllSignedWarningPane.
+	Also includes a Sandbox button.
+	* netx/net/sourceforge/jnlp/resources/Messages.properties:
+	(APPEXTSecunsignedAppletActionSandbox, LPartiallySignedApplet,
+	LPartiallySignedAppletUserDenied) new messages. (SNotAllSignedSummary,
+	SNotAllSignedDetail, SNotAllSignedQuestion) keys renamed to SPartially*
+	* netx/net/sourceforge/jnlp/resources/Messages_cs.properties: (SNotAllSignedSummary,
+	SNotAllSignedDetail, SNotAllSignedQuestion) keys renamed to SPartially*
+	* netx/net/sourceforge/jnlp/resources/Messages_de.properties: same
+	* netx/net/sourceforge/jnlp/resources/Messages_pl.properties: same
+	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
+	Logic added for displaying new PartiallySigned dialog.
+	(showNotAllSignedDialog) removed. (getSigningState) new method.
+	(promptUserOnPartialSigning, userPromptedForPartialSigning) new methods for
+	SecurityDelegate.
+	* netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java:
+	(partiallySigned) new method
+	* netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java:
+	(chosenActionSetter) refactored to allow Sandbox action. (setupInfoPanel) applet
+	title made overrideable by subclasses
+	* netx/net/sourceforge/jnlp/security/SecurityDialog.java: (NOTALLSIGNED_WARNING)
+	renamed PARTIALLYSIGNED_WARNING, display new dialog rather than old
+	* netx/net/sourceforge/jnlp/security/SecurityDialogs.java: (NOTALLSIGNED_WARNING)
+	renamed PARTIALLYSIGNED_WARNING. (showNotAllSignedWarningDialog) removed.
+	(showPartiallySignedWarningDialog) new method
+	* netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java:
+	Added Sandbox action
+	* netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:
+	(checkPartiallySignedWithUserIfRequired) new method
+	* tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java:
+	test now passes since dialog will not appear if applet security is set to Low.
+	KnownToFail removed.
+	* tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java:
+	same
+	* netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java:
+	new class
+	* netx/net/sourceforge/jnlp/security/dialogs/NotAllSignedWarningPane.java: deleted
+	in favour of PartiallySignedAppTrustWarningPanel
+
 2014-03-14  Andrew Azores  <aazores@redhat.com>
 
 	* netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditor.java:
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties	Fri Mar 14 10:50:15 2014 -0400
@@ -127,6 +127,8 @@
 LUnsignedApplet=The applet was unsigned.
 LUnsignedAppletPolicyDenied=The applet was unsigned, and the security policy prevented it from running.
 LUnsignedAppletUserDenied=The applet was unsigned, and was not trusted.
+LPartiallySignedApplet=The applet was partially signed.
+LPartiallySignedAppletUserDenied=The applet was partially signed, and the user did not trust it.
 LSignedAppJarUsingUnsignedJar=Signed application using unsigned jars.
 LSignedAppJarUsingUnsignedJarInfo=The main application jar is signed, but some of the jars it is using aren't.
 LRunInSandboxError=Run in Sandbox call performed too late.
@@ -291,9 +293,9 @@
 SUnsignedAllowedBefore=<font color="green">You have accepted this applet previously.</font>
 SUnsignedRejectedBefore=<font color="red">You have rejected this applet previously.</font>
 SUnsignedQuestion=Allow the applet to run?
-SNotAllSignedSummary=Only parts of this application code are signed.
-SNotAllSignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
-SNotAllSignedQuestion=Do you wish to proceed and run this application anyway?
+SPartiallySignedSummary=Only parts of this application code are signed.
+SPartiallySignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
+SPartiallySignedQuestion=Do you wish to proceed and run this application anyway?
 SAuthenticationPrompt=The {0} server at {1} is requesting authentication. It says "{2}"
 SJNLPFileIsNotSigned=This application contains a digital signature in which the launching JNLP file is not signed.
 SAppletTitle=Applet title: {0}
@@ -755,6 +757,7 @@
 APPEXTSECunsignedAppletActionAlways=Always trust this (matching) applet(s)
 APPEXTSECunsignedAppletActionNever=Never trust this (matching) applet(s)
 APPEXTSECunsignedAppletActionYes=This applet was visited and allowed
+APPEXTSecunsignedAppletActionSandbox=This applet was visited and allowed to run with restricted privileges
 APPEXTSECunsignedAppletActionNo=This applet was visited and denied
 APPEXTSECControlPanelExtendedAppletSecurityTitle=Extended applet security
 APPEXTSECguiTableModelTableColumnAction=Action
--- a/netx/net/sourceforge/jnlp/resources/Messages_cs.properties	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages_cs.properties	Fri Mar 14 10:50:15 2014 -0400
@@ -232,9 +232,9 @@
 SUnsignedAllowedBefore=<font color="green">Tento applet jste ji\u017e d\u0159\u00edve povolili.</font>
 SUnsignedRejectedBefore=<font color="red">Tento applet jste ji\u017e d\u0159\u00edve odm\u00edtli.</font>
 SUnsignedQuestion=Povolit spu\u0161t\u011bn\u00ed appletu?
-SNotAllSignedSummary=Podeps\u00e1ny jsou jen \u010d\u00e1sti k\u00f3du t\u00e9to aplikace.
-SNotAllSignedDetail=Tato aplikace obsahuje podepsan\u00fd i nepodepsan\u00fd k\u00f3d. Podepsan\u00fd k\u00f3d je bezpe\u010dn\u00fd, pokud d\u016fv\u011b\u0159ujete poskytovateli tohoto k\u00f3du. Nepodepsan\u00e9 \u010d\u00e1sti mohou obsahovat k\u00f3d, kter\u00fd nen\u00ed pod kontrolou d\u016fv\u011bryhodn\u00e9ho poskytovatele.
-SNotAllSignedQuestion=Chcete p\u0159esto pokra\u010dovat a spustit aplikaci?
+SPartiallySignedSummary=Podeps\u00e1ny jsou jen \u010d\u00e1sti k\u00f3du t\u00e9to aplikace.
+SPartiallySignedDetail=Tato aplikace obsahuje podepsan\u00fd i nepodepsan\u00fd k\u00f3d. Podepsan\u00fd k\u00f3d je bezpe\u010dn\u00fd, pokud d\u016fv\u011b\u0159ujete poskytovateli tohoto k\u00f3du. Nepodepsan\u00e9 \u010d\u00e1sti mohou obsahovat k\u00f3d, kter\u00fd nen\u00ed pod kontrolou d\u016fv\u011bryhodn\u00e9ho poskytovatele.
+SPartiallySignedQuestion=Chcete p\u0159esto pokra\u010dovat a spustit aplikaci?
 SAuthenticationPrompt=Server {0} na adrese {1} vy\u017eaduje ov\u011b\u0159en\u00ed. Zpr\u00e1va: \u201e{2}\u201c
 SJNLPFileIsNotSigned=Tato aplikace obsahuje digit\u00e1ln\u00ed podpis, v r\u00e1mci kter\u00e9ho v\u0161ak nen\u00ed podeps\u00e1n spou\u0161t\u011bn\u00fd soubor JNLP.
 
--- a/netx/net/sourceforge/jnlp/resources/Messages_de.properties	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages_de.properties	Fri Mar 14 10:50:15 2014 -0400
@@ -244,9 +244,9 @@
 SUnsignedAllowedBefore=<font color="green">Dieses Applet wurde bereits akzeptiert.</font>
 SUnsignedRejectedBefore=<font color="red">Dieses Applet wurde bereits abgelehnt.</font>
 SUnsignedQuestion=Soll dem Applet die Ausf\u00fchrung erlaubt werden?
-SNotAllSignedSummary=Nur Teile des Anwendungscodes sind signiert.
-SNotAllSignedDetail=Diese Anwendung enth\u00e4lt sowohl signierten als auch nicht signierten Code. W\u00e4hrend signierter Code sicher ist, wenn Sie dem Anbieter vertrauen, kann nicht signierter Code sich \u00fcber Code erstrecken, der sich der Kontrolle des Anbieters entzieht.
-SNotAllSignedQuestion=Soll fortgefahren und diese Anwendung dennoch zur Ausf\u00fchrung gebracht werden?
+SPartiallySignedSummary=Nur Teile des Anwendungscodes sind signiert.
+SPartiallySignedDetail=Diese Anwendung enth\u00e4lt sowohl signierten als auch nicht signierten Code. W\u00e4hrend signierter Code sicher ist, wenn Sie dem Anbieter vertrauen, kann nicht signierter Code sich \u00fcber Code erstrecken, der sich der Kontrolle des Anbieters entzieht.
+SPartiallySignedQuestion=Soll fortgefahren und diese Anwendung dennoch zur Ausf\u00fchrung gebracht werden?
 SAuthenticationPrompt=Der Server {0} von {1} fordert Authentifizierung an. Er sagt: \u201e{2}\u201c
 SJNLPFileIsNotSigned=Die Anwendung enth\u00e4lt eine digitale Signatur in der, die startende JNLP-Datei nicht signiert ist.
 
--- a/netx/net/sourceforge/jnlp/resources/Messages_pl.properties	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages_pl.properties	Fri Mar 14 10:50:15 2014 -0400
@@ -244,9 +244,9 @@
 SUnsignedAllowedBefore=<font color="green">Zaakceptowa\u0142e\u015b ten applet poprzednio.</font>
 SUnsignedRejectedBefore=<font color="red">Odrzuci\u0142e\u015b ten applet poprzednio.</font>
 SUnsignedQuestion=Czy chcesz zezwoli\u0107 temu applet-owi na uruchomienie?
-SNotAllSignedSummary=Zaledwie cz\u0119\u015bci kodu tej aplikacji s\u0105 podpisane.
-SNotAllSignedDetail=Ta aplikacja zawiera zar\u00f3wno podpisany jak i niepodpisany kod. Cho\u0107 kod, kt\u00f3ry jest podpisany przez zaufanego dostawc\u0119 jest bezpieczny, niepodpisany kod mo\u017ce poci\u0105ga\u0107 za sob\u0105 kod, kt\u00f3ry jest poza kontrolnym zasi\u0119giem zaufanego dostawcy.
-SNotAllSignedQuestion=Czy chcesz kontynuowa\u0107 i mimo to uruchomi\u0107 t\u0105 aplikacj\u0119?
+SPartiallySignedSummary=Zaledwie cz\u0119\u015bci kodu tej aplikacji s\u0105 podpisane.
+SPartiallySignedDetail=Ta aplikacja zawiera zar\u00f3wno podpisany jak i niepodpisany kod. Cho\u0107 kod, kt\u00f3ry jest podpisany przez zaufanego dostawc\u0119 jest bezpieczny, niepodpisany kod mo\u017ce poci\u0105ga\u0107 za sob\u0105 kod, kt\u00f3ry jest poza kontrolnym zasi\u0119giem zaufanego dostawcy.
+SPartiallySignedQuestion=Czy chcesz kontynuowa\u0107 i mimo to uruchomi\u0107 t\u0105 aplikacj\u0119?
 SAuthenticationPrompt=Serwer {0} w \u201e{1}\u201d \u017c\u0105da uwierzytelnienia. Podaje komunikat: \u201e{2}\u201d
 SJNLPFileIsNotSigned=Ta aplikacja zawiera podpis cyfrowy, jednak startowany plik JNLP jest bez podpisu.
 
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Fri Mar 14 10:50:15 2014 -0400
@@ -15,7 +15,6 @@
 
 package net.sourceforge.jnlp.runtime;
 
-import net.sourceforge.jnlp.JNLPFile.ManifestBoolean;
 import static net.sourceforge.jnlp.runtime.Translator.R;
 
 import java.io.File;
@@ -65,6 +64,7 @@
 import net.sourceforge.jnlp.ExtensionDesc;
 import net.sourceforge.jnlp.JARDesc;
 import net.sourceforge.jnlp.JNLPFile;
+import net.sourceforge.jnlp.JNLPFile.ManifestBoolean;
 import net.sourceforge.jnlp.JNLPMatcher;
 import net.sourceforge.jnlp.JNLPMatcherException;
 import net.sourceforge.jnlp.LaunchDesc;
@@ -365,7 +365,9 @@
         // the user was already shown a CertWarning dialog and has chosen to run the applet sandboxed.
         // This means they've already agreed to running the applet and have specified with which
         // permission level to do it!
-        if (!loader.getSigning() && !loader.securityDelegate.userPromptedForSandbox() && file instanceof PluginBridge) {
+        if (loader.getSigningState() == SigningState.PARTIAL) {
+            loader.securityDelegate.promptUserOnPartialSigning();
+        } else if (!loader.getSigning() && !loader.securityDelegate.userPromptedForSandbox() && file instanceof PluginBridge) {
             UnsignedAppletTrustConfirmation.checkUnsignedWithUserIfRequired((PluginBridge)file);
         }
 
@@ -374,10 +376,9 @@
         JNLPClassLoader extLoader = uniqueKeyToLoader.get(uniqueKey);
 
         if (extLoader != null && extLoader != loader) {
-            if (loader.getSigning() && !extLoader.getSigning())
-                if (!SecurityDialogs.showNotAllSignedWarningDialog(file))
-                    throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
-
+            if (loader.getSigning() != extLoader.getSigning()) {
+                loader.securityDelegate.promptUserOnPartialSigning();
+            }
             loader.merge(extLoader);
             extLoader.decrementLoaderUseCount(); // loader urls have been merged, ext loader is no longer used
         }
@@ -1055,7 +1056,7 @@
             return;
         }
 
-        if (jcv.isFullySigned() && !jcv.getAlreadyTrustPublisher()) {
+        if (getSigningState() == SigningState.FULL && jcv.isFullySigned() && !jcv.getAlreadyTrustPublisher()) {
             jcv.checkTrustWithUser(securityDelegate, file);
         }
     }
@@ -1077,21 +1078,6 @@
     }
 
     /**
-     * Display a dialog prompting the user to proceed on applets with mixed signing.
-     * @param file the JNLPFile or PluginBridge describing the applet/application to be launched
-     * @throws LaunchException if the user does not approve the prompt
-     */
-    private void showNotAllSignedDialog(JNLPFile file) throws LaunchException {
-        if (JNLPRuntime.isTrustAll()) {
-            return;
-        }
-
-        if (!SecurityDialogs.showNotAllSignedWarningDialog(file)) {
-            throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
-        }
-    }
-
-    /**
      * Add applet's codebase URL.  This allows compatibility with
      * applets that load resources from their codebase instead of
      * through JARs, but can slow down resource loading.  Resources
@@ -1921,7 +1907,7 @@
         if (signing == SigningState.FULL && JNLPRuntime.isVerifying()) {
             signing = SigningState.PARTIAL;
             try {
-                showNotAllSignedDialog(this.file);
+                securityDelegate.promptUserOnPartialSigning();
             } catch (LaunchException e) {
                 throw new RuntimeException("The signed applet required loading of unsigned code from the codebase, "
                         + "which the user refused", e);
@@ -1929,6 +1915,10 @@
         }
     }
 
+    public SigningState getSigningState() {
+        return signing;
+    }
+
     protected SecurityDesc getSecurity() {
         return security;
     }
@@ -2314,6 +2304,8 @@
     public static interface SecurityDelegate {
         public boolean isPluginApplet();
 
+        public boolean userPromptedForPartialSigning();
+
         public boolean userPromptedForSandbox();
 
         public SecurityDesc getCodebaseSecurityDesc(final JARDesc jarDesc, final String codebaseHost);
@@ -2322,6 +2314,8 @@
 
         public SecurityDesc getJarPermissions(final String codebaseHost);
 
+        public void promptUserOnPartialSigning() throws LaunchException;
+
         public void setRunInSandbox() throws LaunchException;
 
         public boolean getRunInSandbox();
@@ -2424,6 +2418,7 @@
     public static class SecurityDelegateImpl implements SecurityDelegate {
         private final JNLPClassLoader classLoader;
         private boolean runInSandbox;
+        private boolean promptedForPartialSigning;
         private boolean promptedForSandbox;
 
         public SecurityDelegateImpl(final JNLPClassLoader classLoader) {
@@ -2530,10 +2525,22 @@
             this.runInSandbox = true;
         }
 
+        public void promptUserOnPartialSigning() throws LaunchException {
+            if (promptedForPartialSigning || JNLPRuntime.isTrustAll()) {
+                return;
+            }
+            promptedForPartialSigning = true;
+            UnsignedAppletTrustConfirmation.checkPartiallySignedWithUserIfRequired(this, classLoader.file, classLoader.jcv);
+        }
+
         public boolean getRunInSandbox() {
             return this.runInSandbox;
         }
 
+        public boolean userPromptedForPartialSigning() {
+            return this.promptedForPartialSigning;
+        }
+
         public boolean userPromptedForSandbox() {
             return this.promptedForSandbox;
         }
--- a/netx/net/sourceforge/jnlp/security/SecurityDialog.java	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialog.java	Fri Mar 14 10:50:15 2014 -0400
@@ -37,35 +37,34 @@
 
 package net.sourceforge.jnlp.security;
 
-import net.sourceforge.jnlp.security.dialogs.MissingALACAttributePanel;
-import net.sourceforge.jnlp.security.dialogs.MatchingALACAttributePanel;
-import net.sourceforge.jnlp.security.dialogs.MissingPermissionsAttributePanel;
-import net.sourceforge.jnlp.security.dialogs.AppletWarningPane;
-import net.sourceforge.jnlp.security.dialogs.AccessWarningPane;
-import net.sourceforge.jnlp.security.dialogs.NotAllSignedWarningPane;
-import net.sourceforge.jnlp.security.dialogs.apptrustwarningpanel.UnsignedAppletTrustWarningDialog;
-import net.sourceforge.jnlp.security.dialogs.PasswordAuthenticationPane;
-import net.sourceforge.jnlp.security.dialogs.SecurityDialogPanel;
-import net.sourceforge.jnlp.security.dialogs.CertWarningPane;
-import net.sourceforge.jnlp.security.dialogs.SingleCertInfoPane;
-import net.sourceforge.jnlp.security.dialogs.CertsInfoPane;
-import net.sourceforge.jnlp.security.dialogs.MoreInfoPane;
+import java.awt.BorderLayout;
+import java.awt.event.ActionListener;
+import java.awt.event.WindowAdapter;
+import java.awt.event.WindowEvent;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.concurrent.CopyOnWriteArrayList;
+
+import javax.swing.JDialog;
+
 import net.sourceforge.jnlp.JNLPFile;
 import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
 import net.sourceforge.jnlp.security.SecurityDialogs.DialogType;
+import net.sourceforge.jnlp.security.dialogs.AccessWarningPane;
+import net.sourceforge.jnlp.security.dialogs.AppletWarningPane;
+import net.sourceforge.jnlp.security.dialogs.CertWarningPane;
+import net.sourceforge.jnlp.security.dialogs.CertsInfoPane;
+import net.sourceforge.jnlp.security.dialogs.MatchingALACAttributePanel;
+import net.sourceforge.jnlp.security.dialogs.MissingALACAttributePanel;
+import net.sourceforge.jnlp.security.dialogs.MissingPermissionsAttributePanel;
+import net.sourceforge.jnlp.security.dialogs.MoreInfoPane;
+import net.sourceforge.jnlp.security.dialogs.PasswordAuthenticationPane;
+import net.sourceforge.jnlp.security.dialogs.SecurityDialogPanel;
+import net.sourceforge.jnlp.security.dialogs.SingleCertInfoPane;
+import net.sourceforge.jnlp.security.dialogs.apptrustwarningpanel.AppTrustWarningDialog;
 import net.sourceforge.jnlp.util.ImageResources;
-
-import java.awt.*;
-
-import javax.swing.*;
-
-import java.awt.event.*;
-import java.security.cert.X509Certificate;
-import java.util.concurrent.CopyOnWriteArrayList;
-
-import java.util.List;
+import net.sourceforge.jnlp.util.ScreenFinder;
 import net.sourceforge.jnlp.util.logging.OutputController;
-import net.sourceforge.jnlp.util.ScreenFinder;
 
 /**
  * Provides methods for showing security warning dialogs for a wide range of
@@ -241,7 +240,7 @@
             dialogTitle = "Security Warning";
         else if (dialogType == DialogType.APPLET_WARNING)
             dialogTitle = "Applet Warning";
-        else if (dialogType == DialogType.NOTALLSIGNED_WARNING)
+        else if (dialogType == DialogType.PARTIALLYSIGNED_WARNING)
             dialogTitle = "Security Warning";
         else if (dialogType == DialogType.AUTHENTICATION)
             dialogTitle = "Authentication Required";
@@ -314,10 +313,10 @@
             panel = new AccessWarningPane(this, extras, this.certVerifier);
         else if (dialogType == DialogType.APPLET_WARNING)
             panel = new AppletWarningPane(this, this.certVerifier);
-        else if (dialogType == DialogType.NOTALLSIGNED_WARNING)
-            panel = new NotAllSignedWarningPane(this);
+        else if (dialogType == DialogType.PARTIALLYSIGNED_WARNING)
+            panel = AppTrustWarningDialog.partiallySigned(this, file);
         else if (dialogType == DialogType.UNSIGNED_WARNING) // Only necessary for applets on 'high security' or above
-            panel = new UnsignedAppletTrustWarningDialog(this, file);
+            panel = AppTrustWarningDialog.unsigned(this, file);
         else if (dialogType == DialogType.AUTHENTICATION)
             panel = new PasswordAuthenticationPane(this, extras);
         else if (dialogType == DialogType.UNSIGNED_EAS_NO_PERMISSIONS_WARNING)
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java	Fri Mar 14 10:50:15 2014 -0400
@@ -78,7 +78,7 @@
         CERT_INFO,
         SINGLE_CERT_INFO,
         ACCESS_WARNING,
-        NOTALLSIGNED_WARNING,
+        PARTIALLYSIGNED_WARNING,
         UNSIGNED_WARNING,   /* requires confirmation with 'high-security' setting */
         APPLET_WARNING,
         AUTHENTICATION,
@@ -98,7 +98,7 @@
         NETWORK,
         VERIFIED,
         UNVERIFIED,
-        NOTALLSIGNED,
+        PARTIALLYSIGNED,
         UNSIGNED,           /* requires confirmation with 'high-security' setting */
         SIGNING_ERROR
     }
@@ -163,29 +163,6 @@
     }
 
     /**
-     * Shows a warning dialog for when the main application jars are signed,
-     * but extensions aren't
-     *
-     * @return true if permission was granted by the user, false otherwise.
-     */
-    public static boolean showNotAllSignedWarningDialog(JNLPFile file) {
-
-        if (!shouldPromptUser()) {
-            return false;
-        }
-
-        final SecurityDialogMessage message = new SecurityDialogMessage();
-        message.dialogType = DialogType.NOTALLSIGNED_WARNING;
-        message.accessType = AccessType.NOTALLSIGNED;
-        message.file = file;
-        message.extras = new Object[0];
-
-        Object selectedValue = getUserResponse(message);
-
-        return getIntegerResponseAsBoolean(selectedValue);
-    }
-
-    /**
      * Shows a warning dialog for when a plugin applet is unsigned.
      * This is used with 'high-security' setting.
      *
@@ -238,6 +215,22 @@
     }
 
     /**
+     * Shows a warning dialog for when an applet or application is partially signed.
+     *
+     * @return true if permission was granted by the user, false otherwise.
+     */
+    public static AppSigningWarningAction showPartiallySignedWarningDialog(JNLPFile file, CertVerifier certVerifier) {
+
+        final SecurityDialogMessage message = new SecurityDialogMessage();
+        message.dialogType = DialogType.PARTIALLYSIGNED_WARNING;
+        message.accessType = AccessType.PARTIALLYSIGNED;
+        message.file = file;
+        message.certVerifier = certVerifier;
+
+        return (AppSigningWarningAction) getUserResponse(message);
+    }
+
+    /**
      * Present a dialog to the user asking them for authentication information,
      * and returns the user's response. The caller must have
      * NetPermission("requestPasswordAuthentication") for this to work.
--- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java	Fri Mar 14 10:50:15 2014 -0400
@@ -39,7 +39,7 @@
 
 public enum ExecuteAppletAction {
 
-    ALWAYS, NEVER, YES, NO;
+    ALWAYS, NEVER, YES, SANDBOX, NO;
 
     public String toChar() {
         switch (this) {
@@ -49,6 +49,8 @@
                 return "N";
             case YES:
                 return "y";
+            case SANDBOX:
+                return "s";
             case NO:
                 return "n";
         }
@@ -63,6 +65,8 @@
                 return Translator.R("APPEXTSECunsignedAppletActionNever");
             case YES:
                 return Translator.R("APPEXTSECunsignedAppletActionYes");
+            case SANDBOX:
+                return Translator.R("APPEXTSECunsignedAppletActionSandbox");
             case NO:
                 return Translator.R("APPEXTSECunsignedAppletActionNo");
         }
@@ -76,6 +80,8 @@
             return ExecuteAppletAction.NEVER;
         } else if (s.startsWith("y")) {
             return ExecuteAppletAction.YES;
+        } else if (s.startsWith("s")) {
+            return ExecuteAppletAction.SANDBOX;
         } else if (s.startsWith("n")) {
             return ExecuteAppletAction.NO;
         } else {
--- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java	Fri Mar 14 10:50:15 2014 -0400
@@ -48,6 +48,8 @@
 import net.sourceforge.jnlp.JNLPFile;
 import net.sourceforge.jnlp.LaunchException;
 import net.sourceforge.jnlp.PluginBridge;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import net.sourceforge.jnlp.runtime.JNLPClassLoader.SecurityDelegate;
 import net.sourceforge.jnlp.security.dialogs.apptrustwarningpanel.AppTrustWarningPanel.AppSigningWarningAction;
 import net.sourceforge.jnlp.security.CertVerifier;
 import net.sourceforge.jnlp.security.SecurityDialogs;
@@ -212,4 +214,52 @@
 
     }
 
+    public static void checkPartiallySignedWithUserIfRequired(SecurityDelegate securityDelegate, JNLPFile file,
+            CertVerifier certVerifier) throws LaunchException {
+
+        if (JNLPRuntime.isTrustNone()) {
+            OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " with only Sandbox permissions due to -Xtrustnone flag");
+            securityDelegate.setRunInSandbox();
+            return;
+        }
+
+        if (!unsignedConfirmationIsRequired()) {
+            OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " does not require confirmation according to security policy.");
+            return;
+        }
+
+        ExecuteAppletAction storedAction = getStoredAction(file);
+        OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Stored action for partially signed applet at " + file.getCodeBase() + " was " + storedAction);
+
+        boolean appletOK;
+
+        if (storedAction == ExecuteAppletAction.ALWAYS) {
+            appletOK = true;
+        } else if (storedAction == ExecuteAppletAction.NEVER) {
+            appletOK = false;
+        } else {
+            // No remembered decision, prompt the user
+            AppSigningWarningAction warningResponse = SecurityDialogs.showPartiallySignedWarningDialog(file, certVerifier);
+            ExecuteAppletAction executeAction = warningResponse.getAction();
+
+            if (executeAction == ExecuteAppletAction.SANDBOX) {
+                securityDelegate.setRunInSandbox();
+            }
+
+            appletOK = (executeAction == ExecuteAppletAction.YES || executeAction == ExecuteAppletAction.ALWAYS
+                    || executeAction == ExecuteAppletAction.SANDBOX);
+
+            if (executeAction != null) {
+                updateAppletAction(file, executeAction, warningResponse.rememberForCodeBase());
+            }
+
+            OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Decided action for unsigned applet at " + file.getCodeBase() + " was " + executeAction);
+        }
+
+        if (!appletOK) {
+            throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LPartiallySignedApplet"), R("LPartiallySignedAppletUserDenied"));
+        }
+
+    }
+
 }
\ No newline at end of file
--- a/netx/net/sourceforge/jnlp/security/dialogs/NotAllSignedWarningPane.java	Fri Mar 14 09:39:56 2014 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,115 +0,0 @@
-/* NotAllSignedWarningPane.java
-   Copyright (C) 2008 Red Hat, Inc.
-
-This file is part of IcedTea.
-
-IcedTea is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 2.
-
-IcedTea is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with IcedTea; see the file COPYING.  If not, write to
-the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
-
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library.  Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
-
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module.  An independent module is a module which is not derived from
-or based on this library.  If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so.  If you do not wish to do so, delete this
-exception statement from your version.
-*/
-
-package net.sourceforge.jnlp.security.dialogs;
-
-import static net.sourceforge.jnlp.runtime.Translator.R;
-
-import java.awt.BorderLayout;
-import java.awt.Color;
-import java.awt.Dimension;
-import java.awt.FlowLayout;
-import java.awt.Font;
-
-import javax.swing.BorderFactory;
-import javax.swing.BoxLayout;
-import javax.swing.ImageIcon;
-import javax.swing.JButton;
-import javax.swing.JLabel;
-import javax.swing.JPanel;
-import javax.swing.SwingConstants;
-import net.sourceforge.jnlp.security.SecurityDialog;
-
-public class NotAllSignedWarningPane extends SecurityDialogPanel {
-
-    public NotAllSignedWarningPane(SecurityDialog x) {
-        super(x);
-        addComponents();
-    }
-
-    /**
-     * Creates the actual GUI components, and adds it to this panel
-     */
-    private void addComponents() {
-
-        String topLabelText = R("SNotAllSignedSummary");
-        String infoLabelText = R("SNotAllSignedDetail");
-        String questionLabelText = R("SNotAllSignedQuestion");
-
-        ImageIcon icon = new ImageIcon((new sun.misc.Launcher()).getClassLoader().getResource("net/sourceforge/jnlp/resources/warning.png"));
-        JLabel topLabel = new JLabel(htmlWrap(topLabelText), icon, SwingConstants.LEFT);
-        topLabel.setFont(new Font(topLabel.getFont().toString(),
-                        Font.BOLD, 12));
-        JPanel topPanel = new JPanel(new BorderLayout());
-        topPanel.setBackground(Color.WHITE);
-        topPanel.add(topLabel, BorderLayout.CENTER);
-        topPanel.setPreferredSize(new Dimension(500, 80));
-        topPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
-
-        JLabel infoLabel = new JLabel(htmlWrap(infoLabelText));
-        JPanel infoPanel = new JPanel(new BorderLayout());
-        infoPanel.add(infoLabel, BorderLayout.CENTER);
-        infoPanel.setPreferredSize(new Dimension(500, 100));
-        infoPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
-
-        JLabel questionLabel = new JLabel(htmlWrap(questionLabelText));
-        JPanel questionPanel = new JPanel(new BorderLayout());
-        questionPanel.add(questionLabel, BorderLayout.CENTER);
-        questionPanel.setPreferredSize(new Dimension(500, 100));
-        questionPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
-
-        //run and cancel buttons
-        JPanel buttonPanel = new JPanel(new FlowLayout(FlowLayout.RIGHT));
-
-        JButton run = new JButton(R("ButProceed"));
-        JButton cancel = new JButton(R("ButCancel"));
-        run.addActionListener(createSetValueListener(parent, 0));
-        cancel.addActionListener(createSetValueListener(parent, 1));
-        initialFocusComponent = cancel;
-        buttonPanel.add(run);
-        buttonPanel.add(cancel);
-        buttonPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
-
-        //all of the above
-        setLayout(new BoxLayout(this, BoxLayout.Y_AXIS));
-        add(topPanel);
-        add(infoPanel);
-        add(questionPanel);
-        add(buttonPanel);
-
-    }
-}
--- a/netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java	Fri Mar 14 10:50:15 2014 -0400
@@ -57,6 +57,12 @@
         return warningDialog;
     }
 
+    public static AppTrustWarningDialog partiallySigned(final SecurityDialog dialog, final JNLPFile file) {
+        final AppTrustWarningDialog warningDialog = new AppTrustWarningDialog(dialog);
+        warningDialog.add(new PartiallySignedAppTrustWarningPanel(file, warningDialog.getActionChoiceListener(), dialog));
+        return warningDialog;
+    }
+
     private ActionChoiceListener getActionChoiceListener() {
         return new ActionChoiceListener() {
             @Override
--- a/netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java	Fri Mar 14 09:39:56 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java	Fri Mar 14 10:50:15 2014 -0400
@@ -136,8 +136,8 @@
         rejectButton = new JButton(R("ButCancel"));
         helpButton = new JButton(R("APPEXTSECguiPanelHelpButton"));
 
-        allowButton.addActionListener(chosenActionSetter(true));
-        rejectButton.addActionListener(chosenActionSetter(false));
+        allowButton.addActionListener(chosenActionSetter(ExecuteAppletAction.YES));
+        rejectButton.addActionListener(chosenActionSetter(ExecuteAppletAction.NO));
 
         helpButton.addActionListener(getHelpButtonAction());
 
@@ -207,8 +207,12 @@
         add(topPanel);
     }
 
+    protected String getAppletTitle() {
+        return R("SAppletTitle", file.getTitle());
+    }
+
     private void setupInfoPanel() {
-        String titleText = R("SAppletTitle", file.getTitle());
+        String titleText = getAppletTitle();
         JLabel titleLabel = new JLabel(titleText);
         titleLabel.setFont(new Font(titleLabel.getFont().getName(), Font.BOLD, 18));
 
@@ -308,7 +312,7 @@
     }
 
     // Toggles whether 'match applet' or 'match codebase' options are greyed out
-    private ActionListener permanencyListener() {
+    protected ActionListener permanencyListener() {
         return new ActionListener() {
             @Override
             public void actionPerformed(ActionEvent e) {
@@ -318,21 +322,22 @@
         };
     }
 
-    // Sets action depending on allowApplet + checkbox state
-    private ActionListener chosenActionSetter(final boolean allowApplet) {
+    protected ActionListener chosenActionSetter(final ExecuteAppletAction action) {
         return new ActionListener() {
             @Override
             public void actionPerformed(ActionEvent e) {
-                ExecuteAppletAction action;
+                ExecuteAppletAction realAction;
 
-                if (allowApplet) {
-                    action = permanencyCheckBox.isSelected() ? ExecuteAppletAction.ALWAYS : ExecuteAppletAction.YES;
+                if (action == ExecuteAppletAction.YES) {
+                    realAction = permanencyCheckBox.isSelected() ? ExecuteAppletAction.ALWAYS : ExecuteAppletAction.YES;
+                } else if (action == ExecuteAppletAction.NO) {
+                    realAction = permanencyCheckBox.isSelected() ? ExecuteAppletAction.NEVER : ExecuteAppletAction.NO;
                 } else {
-                    action = permanencyCheckBox.isSelected() ? ExecuteAppletAction.NEVER : ExecuteAppletAction.NO;
+                    realAction = action;
                 }
 
                 boolean applyToCodeBase = applyToCodeBaseButton.isSelected();
-                actionChoiceListener.actionChosen(new AppSigningWarningAction(action, applyToCodeBase));
+                actionChoiceListener.actionChosen(new AppSigningWarningAction(realAction, applyToCodeBase));
             }
         };
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java	Fri Mar 14 10:50:15 2014 -0400
@@ -0,0 +1,140 @@
+package net.sourceforge.jnlp.security.dialogs.apptrustwarningpanel;
+
+import static net.sourceforge.jnlp.runtime.Translator.R;
+
+import java.awt.BorderLayout;
+import java.net.URL;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+
+import javax.swing.ImageIcon;
+import javax.swing.JButton;
+import javax.swing.JFrame;
+
+import net.sourceforge.jnlp.JNLPFile;
+import net.sourceforge.jnlp.PluginBridge;
+import net.sourceforge.jnlp.PluginParameters;
+import net.sourceforge.jnlp.security.SecurityDialog;
+import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
+import net.sourceforge.jnlp.security.SecurityDialogs.DialogType;
+import net.sourceforge.jnlp.security.SecurityUtil;
+import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteAppletAction;
+import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletTrustConfirmation;
+import net.sourceforge.jnlp.tools.CertInformation;
+import net.sourceforge.jnlp.tools.JarCertVerifier;
+
+public class PartiallySignedAppTrustWarningPanel extends AppTrustWarningPanel {
+
+    private JarCertVerifier jcv;
+    private JButton sandboxButton;
+
+    public PartiallySignedAppTrustWarningPanel(JNLPFile file, ActionChoiceListener actionChoiceListener,
+            SecurityDialog securityDialog) {
+        super(file, actionChoiceListener);
+        this.jcv = (JarCertVerifier) securityDialog.getCertVerifier();
+        this.INFO_PANEL_HEIGHT = 200;
+
+        sandboxButton = new JButton();
+        sandboxButton.setText(R("ButSandbox"));
+        sandboxButton.addActionListener(chosenActionSetter(ExecuteAppletAction.SANDBOX));
+        buttons.add(1, sandboxButton);
+        addComponents();
+    }
+
+    @Override
+    protected String getAppletTitle() {
+        String title;
+        try {
+            if (file instanceof PluginBridge) {
+                title = file.getTitle();
+            } else {
+                title = file.getInformation().getTitle();
+            }
+        } catch (Exception e) {
+            title = "";
+        }
+        return R("SAppletTitle", title);
+    }
+
+    private String getAppletInfo() {
+        Certificate c = jcv.getPublisher(null);
+
+        String publisher = "";
+        String from = "";
+
+        try {
+            if (c instanceof X509Certificate) {
+                publisher = SecurityUtil.getCN(((X509Certificate) c)
+                        .getSubjectX500Principal().getName());
+            }
+        } catch (Exception e) {
+        }
+
+        try {
+            if (file instanceof PluginBridge) {
+                from = file.getCodeBase().getHost();
+            } else {
+                from = file.getInformation().getHomepage().toString();
+            }
+        } catch (Exception e) {
+        }
+
+        return "<br>" + R("Publisher") + ":  " + publisher
+                + "<br>" + R("From") + ": " + from;
+    }
+
+    private String getSigningInfo() {
+        CertInformation info = jcv.getCertInformation(jcv.getCertPath(null));
+
+        if (info != null && info.isRootInCacerts() && !info.hasSigningIssues()) {
+            return R("SSigVerified");
+        } else if (info != null && info.isRootInCacerts()) {
+            return R("SSigUnverified");
+        } else {
+            return R("SSignatureError");
+        }
+    }
+
+    @Override
+    protected ImageIcon getInfoImage() {
+        final String location = "net/sourceforge/jnlp/resources/warning.png";
+        return new ImageIcon(ClassLoader.getSystemClassLoader().getResource(location));
+    }
+
+    protected static String getTopPanelTextKey() {
+        return "SPartiallySignedSummary";
+    }
+
+    protected static String getInfoPanelTextKey() {
+        return "SPartiallySignedDetail";
+    }
+
+    protected static String getQuestionPanelTextKey() {
+        return "SPartiallySignedQuestion";
+    }
+
+    @Override
+    protected String getTopPanelText() {
+        return htmlWrap(R(getTopPanelTextKey()));
+    }
+
+    @Override
+    protected String getInfoPanelText() {
+        String text = getAppletInfo();
+        text += "<br><br>" + R(getInfoPanelTextKey(), file.getCodeBase(), file.getSourceLocation());
+        text += "<br><br>" + getSigningInfo();
+        ExecuteAppletAction rememberedAction = UnsignedAppletTrustConfirmation.getStoredAction(file);
+        if (rememberedAction == ExecuteAppletAction.YES) {
+            text += "<br>" + R("SUnsignedAllowedBefore");
+        } else if (rememberedAction == ExecuteAppletAction.NO) {
+            text += "<br>" + R("SUnsignedRejectedBefore");
+        }
+        return htmlWrap(text);
+    }
+
+    @Override
+    protected String getQuestionPanelText() {
+        return htmlWrap(R(getQuestionPanelTextKey()));
+    }
+
+}
--- a/tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java	Fri Mar 14 09:39:56 2014 -0400
+++ b/tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java	Fri Mar 14 10:50:15 2014 -0400
@@ -59,14 +59,11 @@
     private static final String RUNNING_STRING = "SignedAppletCodebaseLoading Applet Running";
     private static final String CLOSE_STRING = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING;
 
-    @KnownToFail
     @Bug(id="PR1513")
     @NeedsDisplay
     @Test
     @TestInBrowsers(testIn={Browsers.one})
     public void testCodebaseLoading() throws Exception {
-        assertTrue("NotAllSigned dialog will appear if this test runs. Remove this exception and KnownToFail "
-                + "when a proper replacement is in place", false);
         ProcessResult pr = server.executeBrowser("SignedAppletCodebaseLoading.html", AutoClose.CLOSE_ON_CORRECT_END);
         assertProperStart(pr);
         assertCloseString(pr);
--- a/tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java	Fri Mar 14 09:39:56 2014 -0400
+++ b/tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java	Fri Mar 14 10:50:15 2014 -0400
@@ -55,14 +55,11 @@
     private static final String RUNNING_STRING = "SignedAppletExternalMainClass Applet Running";
     private static final String CLOSE_STRING = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING;
 
-    @KnownToFail
     @Bug(id="PR1513")
     @NeedsDisplay
     @Test
     @TestInBrowsers(testIn={Browsers.one})
     public void testSignedAppletWithExternalMainClassLaunch() throws Exception {
-        assertTrue("NotAllSigned dialog will appear if this test runs. Remove this exception and KnownToFail "
-                + "when a proper replacement is in place", false);
         ProcessResult pr = server.executeBrowser("SignedAppletExternalMainClass.html", AutoClose.CLOSE_ON_CORRECT_END);
         assertProperStart(pr);
         assertCloseString(pr);