diff options
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/resources/Messages.properties | 3 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/security/CertWarningPane.java | 23 |
4 files changed, 27 insertions, 12 deletions
@@ -1,3 +1,14 @@ +2012-07-18 Danesh Dadachanji <ddadacha@redhat.com> + + Fix RH838417, Fix RH838559: Disambiguate signed applet security prompt + from certificate warning. + * NEWS: Added entries for RH838417 and RH838559. + * netx/net/sourceforge/jnlp/resources/Messages.properties: + Added SWarnFullPermissionsIgnorePolicy and updated SHttpsUnverified. + * netx/net/sourceforge/jnlp/security/CertWarningPane.java: Display + SWarnFullPermissionsIgnorePolicy if the cert is from a jar and is either + unverified or has a signing error. Also added warning.png to HTTPS dialogs. + 2012-07-18 Thomas Meyer <thomas@m3y3r.de> * plugin/icedteanp/java/sun/applet/PluginAppletViewer.java (handleMessage): @@ -23,6 +23,8 @@ New in release 1.3 (2012-XX-XX): - PR1011: Folders treated as jar files in archive tag * Common - PR918: java applet windows uses a low resulution black/white icon + - RH838417: Disambiguate signed applet security prompt from certificate warning + - RH838559: Disambiguate signed applet security prompt from certificate warning New in release 1.2 (2011-XX-XX): * Security updates: diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties b/netx/net/sourceforge/jnlp/resources/Messages.properties index 1095782..cd72cf7 100644 --- a/netx/net/sourceforge/jnlp/resources/Messages.properties +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties @@ -205,6 +205,7 @@ SSigUnverified=The application's digital signature cannot be verified. Do you wa SSigVerified=The application's digital signature has been verified. Do you want to run the application?
SSignatureError=The application's digital signature has an error. Do you want to run the application?
SUntrustedSource=The digital signature could not be verified by a trusted source. Only run if you trust the origin of the application.
+SWarnFullPermissionsIgnorePolicy=The code executed will be given full permissions, ignoring any java policies you may have.
STrustedSource=The digital signature has been validated by a trusted source.
SClipboardReadAccess=The application has requested read-only access to the system clipboard. Do you want to allow this action?
SClipboardWriteAccess=The application has requested write-only access to the system clipboard. Do you want to allow this action?
@@ -213,7 +214,7 @@ SNetworkAccess=The application has requested permission to establish connections SNoAssociatedCertificate=<no associated certificate>
SUnverified=(unverified)
SAlwaysTrustPublisher=Always trust content from this publisher
-SHttpsUnverified=The website's certificate cannot be verified.
+SHttpsUnverified=The website's HTTPS certificate cannot be verified.
SNotAllSignedSummary=Only parts of this application code are signed.
SNotAllSignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
SNotAllSignedQuestion=Do you wish to proceed and run this application anyway?
diff --git a/netx/net/sourceforge/jnlp/security/CertWarningPane.java b/netx/net/sourceforge/jnlp/security/CertWarningPane.java index c095212..eedd86e 100644 --- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java +++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java @@ -1,5 +1,5 @@ /* CertWarningPane.java - Copyright (C) 2008 Red Hat, Inc. + Copyright (C) 2012 Red Hat, Inc. This file is part of IcedTea. @@ -132,15 +132,19 @@ public class CertWarningPane extends SecurityDialogPanel { } catch (Exception e) { } - //Top label + // Labels String topLabelText = ""; + String bottomLabelText = parent.getCertVerifier().getRootInCacerts() ? + R("STrustedSource") : R("SUntrustedSource"); String propertyName = ""; String iconLocation = "net/sourceforge/jnlp/resources/"; boolean alwaysTrustSelected = false; if (certVerifier instanceof HttpsCertVerifier) { - topLabelText = R("SHttpsUnverified") + " " + - R("Continue"); + // HTTPS certs that are verified do not prompt for a dialog. + // @see VariableX509TrustManager#checkServerTrusted + topLabelText = R("SHttpsUnverified") + " " + R("Continue"); propertyName = "OptionPane.warningIcon"; + iconLocation += "warning.png"; } else switch (type) { case VERIFIED: @@ -153,11 +157,13 @@ public class CertWarningPane extends SecurityDialogPanel { topLabelText = R("SSigUnverified"); propertyName = "OptionPane.warningIcon"; iconLocation += "warning.png"; + bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy"); break; case SIGNING_ERROR: topLabelText = R("SSignatureError"); propertyName = "OptionPane.warningIcon"; iconLocation += "warning.png"; + bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy"); break; } @@ -218,20 +224,15 @@ public class CertWarningPane extends SecurityDialogPanel { add(infoPanel); add(buttonPanel); - JLabel bottomLabel; + JLabel bottomLabel = new JLabel(htmlWrap(bottomLabelText));; JButton moreInfo = new JButton(R("ButMoreInformation")); moreInfo.addActionListener(new MoreInfoButtonListener()); - if (parent.getCertVerifier().getRootInCacerts()) - bottomLabel = new JLabel(htmlWrap(R("STrustedSource"))); - else - bottomLabel = new JLabel(htmlWrap(R("SUntrustedSource"))); - JPanel bottomPanel = new JPanel(); bottomPanel.setLayout(new BoxLayout(bottomPanel, BoxLayout.X_AXIS)); bottomPanel.add(bottomLabel); bottomPanel.add(moreInfo); - bottomPanel.setPreferredSize(new Dimension(500, 100)); + bottomPanel.setPreferredSize(new Dimension(600, 100)); bottomPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10)); add(bottomPanel); |