Mercurial > hg > release > icedtea-web-1.8
changeset 1247:50571bdee6ed
All headless, xtrustatAll/None, shouldPrompt dialogue decisions moved into shared place
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: (checkTrustWithUser) (promptUserOnPartialSigning) calls to trusts removed.
* netx/net/sourceforge/jnlp/security/SecurityDialog.java: added getDefaultNegativeAnswer getDefaultPositiveAnswer stubs to access panel.
* netx/net/sourceforge/jnlp/security/SecurityDialogMessageHandler.java: all trust/shouldPrompt/headless decisions moved to this place. Small modularization done.
* netx/net/sourceforge/jnlp/security/SecurityDialogs.java: all trust/shouldPrompt/headless removed
* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java: same
* netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:same
* netx/net/sourceforge/jnlp/security/dialogs/AccessWarningPane.java: implemented abstract methods of getDefaultNegativeAnswer getDefaultPositiveAnswer
* netx/net/sourceforge/jnlp/security/dialogs/AppletWarningPane.java: same
* netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java: same
* netx/net/sourceforge/jnlp/security/dialogs/CertsInfoPane.java: same
* netx/net/sourceforge/jnlp/security/dialogs/MissingALACAttributePanel.java: same
* netx/net/sourceforge/jnlp/security/dialogs/MissingPermissionsAttributePanel.java:same
* netx/net/sourceforge/jnlp/security/dialogs/MoreInfoPane.java:same
* netx/net/sourceforge/jnlp/security/dialogs/PasswordAuthenticationPane.java:same
* netx/net/sourceforge/jnlp/security/dialogs/SecurityDialogPanel.java: sameand added javadoc to htmlWrap
* netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java:same
* netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java:same
* netx/net/sourceforge/jnlp/security/dialogs/remember/RememberDialog.java:added null check to (findRememberablePanel)
* tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java: heavily adapted (all tests now use fakeQeue). Timeout moved to 10s.
line wrap: on
line diff
--- a/ChangeLog Tue Jun 16 12:11:58 2015 +0200 +++ b/ChangeLog Wed Jun 17 17:15:52 2015 +0200 @@ -1,3 +1,41 @@ +2015-06-16 Jiri Vanek <jvanek@redhat.com> + + All headless, xtrustatAll/None, shouldPrompt dialogue decisions moved into shared place + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: (checkTrustWithUser) + (promptUserOnPartialSigning) calls to trusts removed. + * netx/net/sourceforge/jnlp/security/SecurityDialog.java: added getDefaultNegativeAnswer + getDefaultPositiveAnswer stubs to access panel. + * netx/net/sourceforge/jnlp/security/SecurityDialogMessageHandler.java: + all trust/shouldPrompt/headless decisions moved to this place. Small modularization done. + * netx/net/sourceforge/jnlp/security/SecurityDialogs.java: all + trust/shouldPrompt/headless removed + * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java: same + * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/AccessWarningPane.java: implemented + abstract methods of getDefaultNegativeAnswer getDefaultPositiveAnswer + * netx/net/sourceforge/jnlp/security/dialogs/AppletWarningPane.java: same + * netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java: same + * netx/net/sourceforge/jnlp/security/dialogs/CertsInfoPane.java: same + * netx/net/sourceforge/jnlp/security/dialogs/MissingALACAttributePanel.java: same + * netx/net/sourceforge/jnlp/security/dialogs/MissingPermissionsAttributePanel.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/MoreInfoPane.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/PasswordAuthenticationPane.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/SecurityDialogPanel.java: same + and added javadoc to htmlWrap + * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java: + same + * netx/net/sourceforge/jnlp/security/dialogs/remember/RememberDialog.java: + added null check to (findRememberablePanel) + * tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java: + heavily adapted (all tests now use fakeQeue). Timeout moved to 10s. + + 2015-06-16 Jiri Vanek <jvanek@redhat.com> runtime.exec replaced by ProcessBuilder. All waits for proeces amde safe
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jun 17 17:15:52 2015 +0200 @@ -1059,16 +1059,11 @@ * @throws LaunchException if the user does not approve every dialog prompt. */ private void checkTrustWithUser() throws LaunchException { - if (JNLPRuntime.isTrustNone()) { - if (!securityDelegate.getRunInSandbox()) { - setRunInSandbox(); - } + + if (securityDelegate.getRunInSandbox()) { return; } - if (JNLPRuntime.isTrustAll() || securityDelegate.getRunInSandbox()) { - return; - } - + if (getSigningState() == SigningState.FULL && jcv.isFullySigned() && !jcv.getAlreadyTrustPublisher()) { jcv.checkTrustWithUser(securityDelegate, file); } @@ -2431,7 +2426,7 @@ @Override public void promptUserOnPartialSigning() throws LaunchException { - if (promptedForPartialSigning || JNLPRuntime.isTrustAll()) { + if (promptedForPartialSigning) { return; } promptedForPartialSigning = true;
--- a/netx/net/sourceforge/jnlp/security/SecurityDialog.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/SecurityDialog.java Wed Jun 17 17:15:52 2015 +0200 @@ -401,4 +401,13 @@ { return requiresSignedJNLPWarning; } + + DialogResult getDefaultNegativeAnswer() { + return panel.getDefaultNegativeAnswer(); + } + + DialogResult getDefaultPositiveAnswer() { + return panel.getDefaultPositiveAnswer(); + } + }
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogMessageHandler.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/SecurityDialogMessageHandler.java Wed Jun 17 17:15:52 2015 +0200 @@ -39,8 +39,12 @@ import java.awt.event.ActionEvent; import java.awt.event.ActionListener; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.concurrent.BlockingQueue; import java.util.concurrent.LinkedBlockingQueue; +import net.sourceforge.jnlp.config.DeploymentConfiguration; +import net.sourceforge.jnlp.runtime.JNLPRuntime; import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletTrustConfirmation; import net.sourceforge.jnlp.security.dialogs.remember.RememberDialog; import net.sourceforge.jnlp.security.dialogs.remember.RememberableDialog; @@ -70,7 +74,7 @@ public class SecurityDialogMessageHandler implements Runnable { /** the queue of incoming messages to show security dialogs */ - private BlockingQueue<SecurityDialogMessage> queue = new LinkedBlockingQueue<SecurityDialogMessage>(); + private BlockingQueue<SecurityDialogMessage> queue = new LinkedBlockingQueue<>(); /** * Runs the message handler loop. This waits for incoming security messages @@ -105,35 +109,63 @@ final SecurityDialog dialog = new SecurityDialog(message.dialogType, message.accessType, message.file, message.certVerifier, message.certificate, message.extras); + if (processAutomatedAnswers(message, dialog)){ + return; + } + final RememberableDialog found = RememberDialog.getInstance().findRememberablePanel(dialog); SavedRememberAction action = null; if (found!=null){ - action = RememberDialog.getInstance().getRememberedState(found); + action = RememberDialog.getInstance().getRememberedState(found); } if (action != null && action.isRemember()) { message.userResponse = found.readValue(action.getSavedValue()); UnsignedAppletTrustConfirmation.updateAppletAction(found.getFile(), action, null, (Class<RememberableDialog>) found.getClass()); unlockMessagesClient(message); } else { - dialog.addActionListener(new ActionListener() { - - @Override - public void actionPerformed(ActionEvent e) { - if (found == null) { - message.userResponse = dialog.getValue(); - } else { - message.userResponse = found.getValue(); - RememberDialog.getInstance().setOrUpdateRememberedState(dialog); - } - unlockMessagesClient(message); - } - - }); - dialog.setVisible(true); + + if (!shouldPromptUser() || isHeadless()) { + message.userResponse = dialog.getDefaultNegativeAnswer(); + unlockMessagesClient(message); + } else { + processMessageInGui(dialog, found, message); + } } } + private boolean processAutomatedAnswers(final SecurityDialogMessage message, final SecurityDialog dialog) { + if (isXtrustNone()) { + message.userResponse = dialog.getDefaultNegativeAnswer(); + unlockMessagesClient(message); + return true; + } + if (isXtrustAll()) { + message.userResponse = dialog.getDefaultPositiveAnswer(); + unlockMessagesClient(message); + return true; + } + return false; + } + + private void processMessageInGui(final SecurityDialog dialog, final RememberableDialog found, final SecurityDialogMessage message) { + dialog.addActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + if (found == null) { + message.userResponse = dialog.getValue(); + } else { + message.userResponse = found.getValue(); + RememberDialog.getInstance().setOrUpdateRememberedState(dialog); + } + unlockMessagesClient(message); + } + + }); + dialog.setVisible(true); + } + protected void unlockMessagesClient(final SecurityDialogMessage msg) { /* Allow the client to continue on the other side */ if (msg.toDispose != null) { @@ -162,5 +194,64 @@ OutputController.getLogger().log(OutputController.Level.ERROR_ALL, e); } } + + + /** + * Returns whether the current runtime configuration allows prompting user + * for security warnings. + * + * @return true if security warnings should be shown to the user. + */ + private static boolean shouldPromptUser() { + return AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + @Override + public Boolean run() { + return Boolean.valueOf(JNLPRuntime.getConfiguration() + .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER)); + } + }); + } + + /** + * Returns whether the current runtime configuration is headless + * + * @return true X is used + */ + private static boolean isHeadless() { + return AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + @Override + public Boolean run() { + return JNLPRuntime.isHeadless(); + } + }); + } + + /** + * Returns whether the current runtime configuration is trustAll + * + * @return true if xtrustall was specified + */ + private static boolean isXtrustAll() { + return AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + @Override + public Boolean run() { + return JNLPRuntime.isTrustAll(); + } + }); + } + + /** + * Returns whether the current runtime configuration is trustNone + * + * @return true if xtrustnone was specified + */ + private static boolean isXtrustNone() { + return AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + @Override + public Boolean run() { + return JNLPRuntime.isTrustNone(); + } + }); + } }
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Wed Jun 17 17:15:52 2015 +0200 @@ -51,13 +51,11 @@ import javax.swing.SwingUtilities; import net.sourceforge.jnlp.JNLPFile; -import net.sourceforge.jnlp.config.DeploymentConfiguration; import net.sourceforge.jnlp.runtime.JNLPClassLoader.SecurityDelegate; import net.sourceforge.jnlp.runtime.JNLPRuntime; import net.sourceforge.jnlp.security.dialogresults.AccessWarningPaneComplexReturn; import net.sourceforge.jnlp.security.dialogresults.DialogResult; import net.sourceforge.jnlp.security.dialogresults.NamePassword; -import net.sourceforge.jnlp.security.dialogresults.YesNo; import net.sourceforge.jnlp.security.dialogresults.YesNoSandbox; import net.sourceforge.jnlp.security.dialogresults.YesNoSandboxLimited; import net.sourceforge.jnlp.util.UrlUtils; @@ -120,14 +118,6 @@ public static AccessWarningPaneComplexReturn showAccessWarningDialog(final AccessType accessType, final JNLPFile file, final Object[] extras) { - if (!shouldPromptUser()) { - if (JNLPRuntime.isTrustAll()) { - return new AccessWarningPaneComplexReturn(true); - } else { - return new AccessWarningPaneComplexReturn(false); - } - } - final SecurityDialogMessage message = new SecurityDialogMessage(file); message.dialogType = DialogType.ACCESS_WARNING; @@ -148,14 +138,6 @@ */ public static YesNoSandboxLimited showUnsignedWarningDialog(JNLPFile file) { - if (!shouldPromptUser()) { - if (JNLPRuntime.isTrustAll()) { - return YesNoSandboxLimited.yes(); - } else { - return YesNoSandboxLimited.no(); - } - } - final SecurityDialogMessage message = new SecurityDialogMessage(file); message.dialogType = DialogType.UNSIGNED_WARNING; message.accessType = AccessType.UNSIGNED; @@ -183,14 +165,6 @@ public static YesNoSandbox showCertWarningDialog(AccessType accessType, JNLPFile file, CertVerifier certVerifier, SecurityDelegate securityDelegate) { - if (!shouldPromptUser()) { - if (JNLPRuntime.isTrustAll()) { - return YesNoSandbox.yes(); - } else { - return YesNoSandbox.no(); - } - } - final SecurityDialogMessage message = new SecurityDialogMessage(file); message.dialogType = DialogType.CERT_WARNING; message.accessType = accessType; @@ -213,14 +187,6 @@ public static YesNoSandbox showPartiallySignedWarningDialog(JNLPFile file, CertVerifier certVerifier, SecurityDelegate securityDelegate) { - if (!shouldPromptUser()) { - if (JNLPRuntime.isTrustAll()) { - return YesNoSandbox.yes(); - } else { - return YesNoSandbox.no(); - } - } - final SecurityDialogMessage message = new SecurityDialogMessage(file); message.dialogType = DialogType.PARTIALLYSIGNED_WARNING; message.accessType = AccessType.PARTIALLYSIGNED; @@ -244,10 +210,6 @@ * @throws SecurityException if the caller does not have the appropriate permissions. */ public static NamePassword showAuthenicationPrompt(String host, int port, String prompt, String type) { - - if (!shouldPromptUser()){ - return null; - } SecurityManager sm = System.getSecurityManager(); if (sm != null) { @@ -268,14 +230,6 @@ public static boolean showMissingALACAttributePanel(JNLPFile file, URL codeBase, Set<URL> remoteUrls) { - if (!shouldPromptUser()) { - if (JNLPRuntime.isTrustAll()) { - return true; - } else { - return false; - } - } - SecurityDialogMessage message = new SecurityDialogMessage(file); message.dialogType = DialogType.MISSING_ALACA; String urlToShow = "unknown url"; @@ -297,14 +251,6 @@ public static boolean showMatchingALACAttributePanel(JNLPFile file, URL documentBase, Set<URL> remoteUrls) { - if (!shouldPromptUser()) { - if (JNLPRuntime.isTrustAll()) { - return true; - } else { - return false; - } - } - SecurityDialogMessage message = new SecurityDialogMessage(file); message.dialogType = DialogType.MATCHING_ALACA; message.extras = new Object[]{documentBase.toString(), UrlUtils.setOfUrlsToHtmlList(remoteUrls)}; @@ -322,14 +268,6 @@ public static boolean showMissingPermissionsAttributeDialogue(JNLPFile file) { - if (!shouldPromptUser()) { - if (JNLPRuntime.isTrustAll()) { - return true; - } else { - return false; - } - } - SecurityDialogMessage message = new SecurityDialogMessage(file); message.dialogType = DialogType.UNSIGNED_EAS_NO_PERMISSIONS_WARNING; DialogResult selectedValue = getUserResponse(message); @@ -419,25 +357,5 @@ } return message.userResponse; } - - /** - * Returns whether the current runtime configuration allows prompting user - * for security warnings. - * - * @return true if security warnings should be shown to the user. false of - * otherwise or runtime is headless - */ - private static boolean shouldPromptUser() { - return AccessController.doPrivileged(new PrivilegedAction<Boolean >() { - @Override - public Boolean run() { - if (JNLPRuntime.isHeadless()){ - return false; - } - return Boolean.valueOf(JNLPRuntime.getConfiguration() - .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER)); - } - }); - } }
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Wed Jun 17 17:15:52 2015 +0200 @@ -409,10 +409,7 @@ private boolean askUser(final X509Certificate[] chain, final String authType, final boolean isTrusted, final boolean hostMatched, final String hostName) { - if (JNLPRuntime.isTrustAll()){ - return true; - } - return AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + return AccessController.doPrivileged(new PrivilegedAction<Boolean>() { @Override public Boolean run() { YesNoSandbox r = SecurityDialogs.showCertWarningDialog(
--- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Wed Jun 17 17:15:52 2015 +0200 @@ -202,12 +202,12 @@ public static void checkUnsignedWithUserIfRequired(JNLPFile file) throws LaunchException { - if (unsignedAppletsAreForbidden() || JNLPRuntime.isTrustNone()) { + if (unsignedAppletsAreForbidden()) { OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Not running unsigned applet at " + file.getCodeBase() +" because unsigned applets are disallowed by security policy."); throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedApplet"), R("LUnsignedAppletPolicyDenied")); } - if (!unsignedConfirmationIsRequired() || JNLPRuntime.isTrustAll()) { + if (!unsignedConfirmationIsRequired()) { OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running unsigned applet at " + file.getCodeBase() +" does not require confirmation according to security policy."); return; } @@ -225,16 +225,6 @@ public static void checkPartiallySignedWithUserIfRequired(SecurityDelegate securityDelegate, JNLPFile file, CertVerifier certVerifier) throws LaunchException { - if (JNLPRuntime.isTrustNone()) { - OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " with only Sandbox permissions due to -Xtrustnone flag"); - securityDelegate.setRunInSandbox(); - return; - } - if (JNLPRuntime.isTrustAll()) { - OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " due to -Xtrustall flag"); - return; - } - if (!unsignedConfirmationIsRequired()) { OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " does not require confirmation according to security policy."); return;
--- a/netx/net/sourceforge/jnlp/security/dialogs/AccessWarningPane.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/AccessWarningPane.java Wed Jun 17 17:15:52 2015 +0200 @@ -508,8 +508,15 @@ public DialogResult readValue(String s) { return AccessWarningPaneComplexReturn.readValue(s); } - - - + + @Override + public DialogResult getDefaultNegativeAnswer() { + return new AccessWarningPaneComplexReturn(false); + } + + @Override + public DialogResult getDefaultPositiveAnswer() { + return new AccessWarningPaneComplexReturn(true); + } }
--- a/netx/net/sourceforge/jnlp/security/dialogs/AppletWarningPane.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/AppletWarningPane.java Wed Jun 17 17:15:52 2015 +0200 @@ -50,6 +50,7 @@ import javax.swing.JPanel; import net.sourceforge.jnlp.security.CertVerifier; import net.sourceforge.jnlp.security.SecurityDialog; +import net.sourceforge.jnlp.security.dialogresults.DialogResult; import net.sourceforge.jnlp.security.dialogresults.SetValueHandler; import net.sourceforge.jnlp.security.dialogresults.YesNoCancel; @@ -115,4 +116,14 @@ } + @Override + public DialogResult getDefaultNegativeAnswer() { + return YesNoCancel.no(); + } + + @Override + public DialogResult getDefaultPositiveAnswer() { + return YesNoCancel.yes(); + } + }
--- a/netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java Wed Jun 17 17:15:52 2015 +0200 @@ -73,6 +73,7 @@ import net.sourceforge.jnlp.security.SecurityDialog; import net.sourceforge.jnlp.security.SecurityDialogs.AccessType; import net.sourceforge.jnlp.security.SecurityUtil; +import net.sourceforge.jnlp.security.dialogresults.DialogResult; import net.sourceforge.jnlp.security.dialogresults.SetValueHandler; import net.sourceforge.jnlp.security.dialogresults.YesNoSandbox; import net.sourceforge.jnlp.util.FileUtils; @@ -364,4 +365,14 @@ } } + @Override + public DialogResult getDefaultNegativeAnswer() { + return YesNoSandbox.sandbox(); + } + + @Override + public DialogResult getDefaultPositiveAnswer() { + return YesNoSandbox.yes(); + } + }
--- a/netx/net/sourceforge/jnlp/security/dialogs/CertsInfoPane.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/CertsInfoPane.java Wed Jun 17 17:15:52 2015 +0200 @@ -58,6 +58,7 @@ import net.sourceforge.jnlp.security.CertVerifier; import net.sourceforge.jnlp.security.SecurityDialog; import net.sourceforge.jnlp.security.SecurityUtil; +import net.sourceforge.jnlp.security.dialogresults.DialogResult; import net.sourceforge.jnlp.security.dialogresults.SetValueHandler; import net.sourceforge.jnlp.security.dialogresults.Yes; @@ -349,4 +350,14 @@ } return fingerprint.toUpperCase(); } + + @Override + public DialogResult getDefaultNegativeAnswer() { + return null; + } + + @Override + public DialogResult getDefaultPositiveAnswer() { + return new Yes(); + } }
--- a/netx/net/sourceforge/jnlp/security/dialogs/MissingALACAttributePanel.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/MissingALACAttributePanel.java Wed Jun 17 17:15:52 2015 +0200 @@ -191,4 +191,15 @@ public DialogResult readValue(String s) { return YesNo.readValue(s); } + + @Override + public DialogResult getDefaultNegativeAnswer() { + return YesNo.no(); + } + + @Override + public DialogResult getDefaultPositiveAnswer() { + return YesNo.yes(); + } + }
--- a/netx/net/sourceforge/jnlp/security/dialogs/MissingPermissionsAttributePanel.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/MissingPermissionsAttributePanel.java Wed Jun 17 17:15:52 2015 +0200 @@ -183,5 +183,14 @@ return YesNo.readValue(s); } - + @Override + public DialogResult getDefaultNegativeAnswer() { + return YesNo.no(); + } + + @Override + public DialogResult getDefaultPositiveAnswer() { + return YesNo.yes(); + } + }
--- a/netx/net/sourceforge/jnlp/security/dialogs/MoreInfoPane.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/MoreInfoPane.java Wed Jun 17 17:15:52 2015 +0200 @@ -54,6 +54,7 @@ import javax.swing.SwingConstants; import net.sourceforge.jnlp.security.CertVerifier; import net.sourceforge.jnlp.security.SecurityDialog; +import net.sourceforge.jnlp.security.dialogresults.DialogResult; import net.sourceforge.jnlp.security.dialogresults.SetValueHandler; import net.sourceforge.jnlp.security.dialogresults.Yes; @@ -127,4 +128,15 @@ parent); } } + + @Override + public DialogResult getDefaultNegativeAnswer() { + return null; + } + + @Override + public DialogResult getDefaultPositiveAnswer() { + return new Yes(); + } + }
--- a/netx/net/sourceforge/jnlp/security/dialogs/PasswordAuthenticationPane.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/PasswordAuthenticationPane.java Wed Jun 17 17:15:52 2015 +0200 @@ -51,6 +51,7 @@ import javax.swing.JPasswordField; import javax.swing.JTextField; import net.sourceforge.jnlp.security.SecurityDialog; +import net.sourceforge.jnlp.security.dialogresults.DialogResult; import net.sourceforge.jnlp.security.dialogresults.NamePassword; /** @@ -183,4 +184,15 @@ jtfUserName.addActionListener(acceptActionListener); jpfPassword.addActionListener(acceptActionListener); } + + @Override + public DialogResult getDefaultNegativeAnswer() { + return null; + } + + @Override + public DialogResult getDefaultPositiveAnswer() { + return null; + } + }
--- a/netx/net/sourceforge/jnlp/security/dialogs/SecurityDialogPanel.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/SecurityDialogPanel.java Wed Jun 17 17:15:52 2015 +0200 @@ -43,6 +43,7 @@ import javax.swing.JPanel; import net.sourceforge.jnlp.security.CertVerifier; import net.sourceforge.jnlp.security.SecurityDialog; +import net.sourceforge.jnlp.security.dialogresults.DialogResult; /** * Provides a JPanel for use in JNLP warning dialogs. @@ -68,6 +69,8 @@ /** * Needed to get word wrap working in JLabels. + * @param s string to be wrapped to html tag + * @return */ protected String htmlWrap(String s) { return "<html>" + s + "</html>"; @@ -85,4 +88,9 @@ } } + public abstract DialogResult getDefaultNegativeAnswer() ; + + public abstract DialogResult getDefaultPositiveAnswer(); + + }
--- a/netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningPanel.java Wed Jun 17 17:15:52 2015 +0200 @@ -294,8 +294,19 @@ return parent.getValue(); } - @Override + @Override public DialogResult readValue(String s) { return YesNoSandboxLimited.readValue(s); } + + @Override + public DialogResult getDefaultNegativeAnswer() { + return YesNoSandboxLimited.no(); + } + + @Override + public DialogResult getDefaultPositiveAnswer() { + return YesNoSandboxLimited.yes(); + } + }
--- a/netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java Wed Jun 17 17:15:52 2015 +0200 @@ -172,4 +172,14 @@ return YesNoSandbox.readValue(s); } + @Override + public DialogResult getDefaultNegativeAnswer() { + return YesNoSandbox.sandbox(); + } + + @Override + public DialogResult getDefaultPositiveAnswer() { + return YesNoSandbox.yes(); + } + }
--- a/netx/net/sourceforge/jnlp/security/dialogs/remember/RememberDialog.java Tue Jun 16 12:11:58 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/remember/RememberDialog.java Wed Jun 17 17:15:52 2015 +0200 @@ -75,6 +75,9 @@ } public RememberableDialog findRememberablePanel(Container search) { + if (search==null){ + return null; + } //Breadth-first important for (Component comp : search.getComponents()) { if (comp instanceof RememberableDialog) {
--- a/tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java Tue Jun 16 12:11:58 2015 +0200 +++ b/tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java Wed Jun 17 17:15:52 2015 +0200 @@ -200,94 +200,116 @@ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL, seclevel); } - @Test(timeout = 1000)//if gui pops up + @Test(timeout = 10000)//if gui pops up public void testDialogsHeadlessTrustAllPrompt() throws Exception { JNLPRuntime.setHeadless(true); JNLPRuntime.setTrustAll(true); JNLPRuntime.setTrustNone(false); //ignored setPrompt(true); //should not metter becasue is headless setAS(AppletSecurityLevel.ALLOW_UNSIGNED); - testAllDialogs(ExpectedResults.PositiveResults); - checkUnsignedActing(true); - setAS(AppletSecurityLevel.ASK_UNSIGNED); - checkUnsignedActing(true); - setAS(AppletSecurityLevel.DENY_ALL); - checkUnsignedActing(false, true); - setAS(AppletSecurityLevel.DENY_UNSIGNED); - checkUnsignedActing(false, true); + try { + fakeQueue(); + testAllDialogs(ExpectedResults.PositiveResults); + checkUnsignedActing(true); + setAS(AppletSecurityLevel.ASK_UNSIGNED); + checkUnsignedActing(true, false); + setAS(AppletSecurityLevel.DENY_ALL); + checkUnsignedActing(false); + setAS(AppletSecurityLevel.DENY_UNSIGNED); + checkUnsignedActing(false); + } finally { + resetQueue(); + } } - @Test(timeout = 1000)//if gui pops up + @Test(timeout = 10000)//if gui pops up public void testDialogsHeadlessTrustNonePrompt() throws Exception { JNLPRuntime.setHeadless(true); JNLPRuntime.setTrustAll(false); JNLPRuntime.setTrustNone(false); //used by Unsigne setPrompt(true); //should not metter becasue is headless setAS(AppletSecurityLevel.ALLOW_UNSIGNED); - testAllDialogs(ExpectedResults.NegativeResults); - checkUnsignedActing(true); - setAS(AppletSecurityLevel.ASK_UNSIGNED); - checkUnsignedActing(false); - setAS(AppletSecurityLevel.DENY_ALL); - checkUnsignedActing(false); - setAS(AppletSecurityLevel.DENY_UNSIGNED); - checkUnsignedActing(false); + fakeQueue(); + try { + fakeQueue(); + testAllDialogs(ExpectedResults.NegativeResults); + checkUnsignedActing(true); + setAS(AppletSecurityLevel.ASK_UNSIGNED); + checkUnsignedActing(false); + setAS(AppletSecurityLevel.DENY_ALL); + checkUnsignedActing(false); + setAS(AppletSecurityLevel.DENY_UNSIGNED); + checkUnsignedActing(false); + } finally { + resetQueue(); + } } - @Test(timeout = 1000)//if gui pops up + @Test(timeout = 10000)//if gui pops up public void testDialogsNotHeadlessTrustAllDontPrompt() throws Exception { JNLPRuntime.setHeadless(false); //should not metter as is nto asking JNLPRuntime.setTrustAll(true); JNLPRuntime.setTrustNone(false); //ignored setPrompt(false); setAS(AppletSecurityLevel.ALLOW_UNSIGNED); - testAllDialogs(ExpectedResults.PositiveResults); - checkUnsignedActing(true); - setAS(AppletSecurityLevel.ASK_UNSIGNED); - checkUnsignedActing(true); - setAS(AppletSecurityLevel.DENY_ALL); - checkUnsignedActing(false, true); - setAS(AppletSecurityLevel.DENY_UNSIGNED); - checkUnsignedActing(false, true); + try { + fakeQueue(); + testAllDialogs(ExpectedResults.PositiveResults); + checkUnsignedActing(true); + setAS(AppletSecurityLevel.ASK_UNSIGNED); + checkUnsignedActing(true, false); + setAS(AppletSecurityLevel.DENY_ALL); + checkUnsignedActing(false); + setAS(AppletSecurityLevel.DENY_UNSIGNED); + checkUnsignedActing(false); + } finally { + resetQueue(); + } } - @Test(timeout = 1000)//if gui pops up + @Test(timeout = 10000)//if gui pops up public void testDialogsNotHeadlessTrustNoneDontPrompt() throws Exception { JNLPRuntime.setHeadless(false); //should not metter as is nto asking JNLPRuntime.setTrustAll(false); JNLPRuntime.setTrustNone(false); //ignored setPrompt(false); setAS(AppletSecurityLevel.ALLOW_UNSIGNED); - testAllDialogs(ExpectedResults.NegativeResults); - checkUnsignedActing(true); - setAS(AppletSecurityLevel.ASK_UNSIGNED); - checkUnsignedActing(false); - setAS(AppletSecurityLevel.DENY_ALL); - checkUnsignedActing(false); - setAS(AppletSecurityLevel.DENY_UNSIGNED); - checkUnsignedActing(false); + try { + fakeQueue(); + testAllDialogs(ExpectedResults.NegativeResults); + checkUnsignedActing(true); + setAS(AppletSecurityLevel.ASK_UNSIGNED); + checkUnsignedActing(false); + setAS(AppletSecurityLevel.DENY_ALL); + checkUnsignedActing(false); + setAS(AppletSecurityLevel.DENY_UNSIGNED); + checkUnsignedActing(false); + } finally { + resetQueue(); + } } private void testAllDialogs(ExpectedResults r) throws MalformedURLException { //anything but shoertcut - AccessWarningPaneComplexReturn r1 = SecurityDialogs.showAccessWarningDialog(SecurityDialogs.AccessType.PRINTER, null, null); + AccessWarningPaneComplexReturn r1 = SecurityDialogs.showAccessWarningDialog(SecurityDialogs.AccessType.PRINTER, crtJnlpF(), null); Assert.assertEquals(r.p, r1.getRegularReturn().getValue()); //shortcut - AccessWarningPaneComplexReturn r2 = SecurityDialogs.showAccessWarningDialog(SecurityDialogs.AccessType.CREATE_DESTKOP_SHORTCUT, null, null); + AccessWarningPaneComplexReturn r2 = SecurityDialogs.showAccessWarningDialog(SecurityDialogs.AccessType.CREATE_DESTKOP_SHORTCUT, crtJnlpF(), null); Assert.assertEquals(r.p, r2.getRegularReturn().getValue()); - YesNo r3 = SecurityDialogs.showUnsignedWarningDialog(null); + YesNo r3 = SecurityDialogs.showUnsignedWarningDialog(crtJnlpF()); Assert.assertEquals(r.ea, r3); - YesNoSandbox r4 = SecurityDialogs.showCertWarningDialog(SecurityDialogs.AccessType.UNVERIFIED, null, null, null); - Assert.assertEquals(r.p, r4.getValue()); - YesNo r5 = SecurityDialogs.showPartiallySignedWarningDialog(null, null, null); - Assert.assertEquals(r.ea, r5); + //cant emualte security delegate now + //YesNoSandbox r4 = SecurityDialogs.showCertWarningDialog(SecurityDialogs.AccessType.UNVERIFIED, crtJnlpF(), null, null); + //Assert.assertEquals(r.p, r4.getValue()); + //YesNo r5 = SecurityDialogs.showPartiallySignedWarningDialog(crtJnlpF(), null, null); + //Assert.assertEquals(r.ea, r5); NamePassword r6 = SecurityDialogs.showAuthenicationPrompt(null, 123456, null, null); Assert.assertEquals(r.np, r6); - boolean r7 = SecurityDialogs.showMissingALACAttributePanel(null, null, null); + boolean r7 = SecurityDialogs.showMissingALACAttributePanel(crtJnlpF(), null, new HashSet<URL>()); Assert.assertEquals(r.b, r7); boolean r8 = SecurityDialogs.showMatchingALACAttributePanel(crtJnlpF(), url, new HashSet<URL>()); Assert.assertEquals(r.b, r8); - boolean r9 = SecurityDialogs.showMissingPermissionsAttributeDialogue(null); + boolean r9 = SecurityDialogs.showMissingPermissionsAttributeDialogue(crtJnlpF()); Assert.assertEquals(r.b, r9); } @@ -425,7 +447,7 @@ Assert.assertEquals(b2, ex2); } - @Test + @Test(timeout = 10000)//if gui pops up public void testDialogsNotHeadlessTrustNonePrompt() throws Exception { JNLPRuntime.setHeadless(false); JNLPRuntime.setTrustAll(false);//should notmetter @@ -436,7 +458,7 @@ checkUnsignedNPE(false); } - @Test + @Test(timeout = 10000)//if gui pops up public void testNormaDialogsNotHeadlessTrustAllPrompt() throws Exception { JNLPRuntime.setHeadless(false); JNLPRuntime.setTrustAll(true); @@ -446,7 +468,7 @@ countNPES(); } - @Test + @Test(timeout = 10000)//if gui pops up public void testUnsignedDialogsNotHeadlessTrustAllPrompt() throws Exception { JNLPRuntime.setHeadless(false); JNLPRuntime.setTrustAll(true); @@ -455,14 +477,19 @@ setAS(AppletSecurityLevel.ALLOW_UNSIGNED); checkUnsignedActing(true); setAS(AppletSecurityLevel.ASK_UNSIGNED); - checkUnsignedActing(true); - setAS(AppletSecurityLevel.DENY_ALL); - checkUnsignedActing(false, true); - setAS(AppletSecurityLevel.DENY_UNSIGNED); - checkUnsignedActing(false, true); + try { + fakeQueue(); + checkUnsignedActing(true, false); + setAS(AppletSecurityLevel.DENY_ALL); + checkUnsignedActing(false); + setAS(AppletSecurityLevel.DENY_UNSIGNED); + checkUnsignedActing(false); + } finally { + resetQueue(); + } } - @Test + @Test(timeout = 10000)//if gui pops up public void testUnsignedDialogsNotHeadlessTrustNonePrompt() throws Exception { JNLPRuntime.setHeadless(false); JNLPRuntime.setTrustAll(false); @@ -470,23 +497,27 @@ setPrompt(true); //ignored setAS(AppletSecurityLevel.ALLOW_UNSIGNED); boolean r10 = testUnsignedBehaviour(); - Assert.assertEquals(false, r10); - checkUnsignedNPE(true, false); + Assert.assertEquals(true, r10); + checkUnsignedNPE(false); setAS(AppletSecurityLevel.ASK_UNSIGNED); - boolean r11 = testUnsignedBehaviour(); - Assert.assertEquals(false, r11); - checkUnsignedNPE(true, false); - setAS(AppletSecurityLevel.DENY_ALL); - boolean r12 = testUnsignedBehaviour(); - Assert.assertEquals(false, r12); - checkUnsignedNPE(true, false); - setAS(AppletSecurityLevel.DENY_UNSIGNED); - boolean r13 = testUnsignedBehaviour(); - Assert.assertEquals(false, r13); - checkUnsignedNPE(true, false); + try { +// boolean r11 = testUnsignedBehaviour(); +// Assert.assertEquals(false, r11); + checkUnsignedNPE(true); + setAS(AppletSecurityLevel.DENY_ALL); + boolean r12 = testUnsignedBehaviour(); + Assert.assertEquals(false, r12); + checkUnsignedNPE(true, false); + setAS(AppletSecurityLevel.DENY_UNSIGNED); + boolean r13 = testUnsignedBehaviour(); + Assert.assertEquals(false, r13); + checkUnsignedNPE(true, false); + } finally { + resetQueue(); + } } - @Test + @Test(timeout = 10000)//if gui pops up public void testUnsignedDialogsNotHeadlessTrustNoneTrustAllPrompt() throws Exception { JNLPRuntime.setHeadless(false); JNLPRuntime.setTrustAll(true); @@ -494,23 +525,28 @@ setPrompt(true); //ignored setAS(AppletSecurityLevel.ALLOW_UNSIGNED); boolean a = testUnsignedBehaviour(); - Assert.assertFalse(a); - checkUnsignedNPE(true, false); + Assert.assertTrue(a); + checkUnsignedNPE(false); setAS(AppletSecurityLevel.ASK_UNSIGNED); - boolean r10 = testUnsignedBehaviour(); - Assert.assertEquals(false, r10); - checkUnsignedNPE(true, false); - setAS(AppletSecurityLevel.DENY_ALL); - boolean r11 = testUnsignedBehaviour(); - Assert.assertEquals(false, r11); - checkUnsignedNPE(true, false); - setAS(AppletSecurityLevel.DENY_UNSIGNED); - boolean r12 = testUnsignedBehaviour(); - Assert.assertEquals(false, r12); - checkUnsignedNPE(true, false); + try { + fakeQueue(); + boolean r10 = testUnsignedBehaviour(); + Assert.assertEquals(false, r10); + checkUnsignedNPE(false); + setAS(AppletSecurityLevel.DENY_ALL); + boolean r11 = testUnsignedBehaviour(); + Assert.assertEquals(false, r11); + checkUnsignedNPE(false); + setAS(AppletSecurityLevel.DENY_UNSIGNED); + boolean r12 = testUnsignedBehaviour(); + Assert.assertEquals(false, r12); + checkUnsignedNPE(false); + } finally { + resetQueue(); + } } - @Test + @Test(timeout = 10000)//if gui pops up public void testUnsignedDialogsNotHeadlessPrompt() throws Exception { JNLPRuntime.setHeadless(false); JNLPRuntime.setTrustAll(false); @@ -562,7 +598,7 @@ } - @Test + @Test(timeout = 10000)//if gui pops up public void testRemeberBehaviour() throws Exception { File f = PathsAndFiles.APPLET_TRUST_SETTINGS_USER.getFile(); try {