[rfc][icedtea-web] New PartiallySigned Dialog

Jiri Vanek jvanek at redhat.com
Thu Mar 6 16:19:06 UTC 2014

On 03/04/2014 11:07 PM, Andrew Azores wrote:
> Hi,
> This patch introduces a new PartiallySigned dialog to replace the NotAllSigned prompt. This new dialog uses the same abstracted parent class that was pulled out of the Unsigned dialog, so it uses the same remembered action storage and has the same general look and feel. This dialog also has a Sandbox button, just like CertWarningPane recently gained for fully signed applets, which allows partially signed ones to also be run with only sandbox permissions. Some more security info is also present on the dialog, eg the applet's publisher and codebase. Not yet included is a new Help text for this dialog, but this can be written up separately IMO. Right now it will just display the same Help as the Unsigned dialog.
> ChangeLog:
> Added new PartiallySigned Dialog to replace NotAllSignedWarningPane.
> Also includes a Sandbox button.
> * netx/net/sourceforge/jnlp/resources/Messages.properties:
> (APPEXTSecunsignedAppletActionSandbox, LPartiallySignedApplet,
> LPartiallySignedAppletUserDenied) new messages
> * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
> Logic added for displaying new PartiallySigned dialog.
> (showNotAllSignedDialog) removed. (getSigningState) new method.
> (promptUserOnPartialSigning, userPromptedForPartialSigning) new methods for
> SecurityDelegate.
> * netx/net/sourceforge/jnlp/security/AppTrustWarningDialog.java:
> (partiallySigned) new method
> * netx/net/sourceforge/jnlp/security/AppTrustWarningPanel.java:
> (chosenActionSetter) refactored to allow Sandbox action. (setupInfoPanel) applet
> title made overrideable by subclasses
> * netx/net/sourceforge/jnlp/security/SecurityDialog.java: (NOTALLSIGNED_WARNING)
> renamed PARTIALLYSIGNED_WARNING, display new dialog rather than old
> * netx/net/sourceforge/jnlp/security/SecurityDialogs.java: (NOTALLSIGNED_WARNING)
> renamed PARTIALLYSIGNED_WARNING. (showNotAllSignedWarningDialog) removed.
> (showPartiallySignedWarningDialog) new method
> * netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExecuteAppletAction.java:
> Added Sandbox action
> * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:
> (checkPartiallySignedWithUserIfRequired) new method
> * tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java:
> test now passes since dialog will not appear if applet security is set to Low.
> KnownToFail removed.
> * tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java:
> same
> * netx/net/sourceforge/jnlp/security/PartiallySignedAppTrustWarningPanel.java:
> new class
> * netx/net/sourceforge/jnlp/security/NotAllSignedWarningPane.java: deleted
> in favour of PartiallySignedAppTrustWarningPanel
> Thanks,
Ouch - "legacy" dialogs packages? :) Please dont forget to adapt changelog. For patch I think there will be more rounds. Also pls move your new dialogue to proper pacage.package

General thoughts:

SANDBOX_ALWAYS is not (going to be) supported? If so, the checbox and radiobuttons should be disabled (I have not noted it but I could overlook). But I' +1 to support SANDBOX_ALWAYS
  - if this will be supported, then there is going to be fun with the sandbox+custom policies saving :)

The removal of NotAllSignedWarningPane is not compelte. Please check also used Trasnlator.R keys. If they are dangling, please rmeove them from all Messages*.properties

You have removed:
-    @KnownToFail
-        assertTrue("NotAllSigned dialog will appear if this test runs. Remove this exception and KnownToFail "
-                + "when a proper replacement is in place", false);

How come? I think partialy signed dialogue should appear always, no matter of EAS level.
Or not?

+    protected String getAppletTitle() {
+        return R("SAppletTitle", file.getTitle());
+    }

(And few more methods about title) Wasn't this handled in previous push?

Can we have some testing main method as I added recently for unsigned warnng dialogue?

hmmm . . . I ahve just spotted usage of
type = AccessType.SIGNING_ERROR;
In this case this dialogue have sense also for JNLP files.
Then ~/icedtea-web-image/bin/javaws -allowredirect  http://java.net/projects/electric/downloads/download/WebStartFiles/electricAnt.jnlp would be an example... But it is something for think about for future work.

+    private String getSigningInfo() {
+        CertInformation info = jcv.getCertInformation(jcv.getCertPath(null));
+        AccessType type;
+        if (info != null && info.isRootInCacerts() && !info.hasSigningIssues()) {
+            type = AccessType.VERIFIED;
+        } else if (info != null && info.isRootInCacerts()) {
+            type = AccessType.SIGNING_ERROR;
+        } else {
+            type = AccessType.UNVERIFIED;
+        }
+        String mainText = "";
+        switch (type) {
+            case VERIFIED:
+                mainText = R("SSigVerified");
+                break;
+            case UNVERIFIED:
+                mainText = R("SSigUnverified");
+                break;
+            case SIGNING_ERROR:
+                mainText = R("SSignatureError");
+                break;
+        }
+        return mainText;
+    }

ouh thats looong way to return one of three strings :)

Good work otherwise,

More information about the distro-pkg-dev mailing list