Fix RH838417, Fix RH838559: Disambiguate signed applet security prompt from certificate warning.

author: Danesh Dadachanji <[email protected]> 2012-07-20 10:38:07 -0400
committer: Danesh Dadachanji <[email protected]> 2012-07-20 10:38:07 -0400
commit: f1f572f1e0fd95ffd92fcc6333d9b6a0534a8838 (patch)
tree: 7efa45926a22cc75106a64937abbc5b3bcb5ee12 /netx
parent: 098c59976e03f2eee43b907bb223ed552ef080a8 (diff)
2 files changed, 14 insertions, 12 deletions
diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties b/netx/net/sourceforge/jnlp/resources/Messages.properties
index 1095782..cd72cf7 100644
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties
@@ -205,6 +205,7 @@ SSigUnverified=The application's digital signature cannot be verified. Do you wa
 SSigVerified=The application's digital signature has been verified. Do you want to run the application?
 SSignatureError=The application's digital signature has an error. Do you want to run the application?
 SUntrustedSource=The digital signature could not be verified by a trusted source. Only run if you trust the origin of the application.
+SWarnFullPermissionsIgnorePolicy=The code executed will be given full permissions, ignoring any java policies you may have.
 STrustedSource=The digital signature has been validated by a trusted source.
 SClipboardReadAccess=The application has requested read-only access to the system clipboard. Do you want to allow this action?
 SClipboardWriteAccess=The application has requested write-only access to the system clipboard. Do you want to allow this action?
@@ -213,7 +214,7 @@ SNetworkAccess=The application has requested permission to establish connections
 SNoAssociatedCertificate=<no associated certificate>
 SUnverified=(unverified)
 SAlwaysTrustPublisher=Always trust content from this publisher
-SHttpsUnverified=The website's certificate cannot be verified.
+SHttpsUnverified=The website's HTTPS certificate cannot be verified.
 SNotAllSignedSummary=Only parts of this application code are signed.
 SNotAllSignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
 SNotAllSignedQuestion=Do you wish to proceed and run this application anyway?
diff --git a/netx/net/sourceforge/jnlp/security/CertWarningPane.java b/netx/net/sourceforge/jnlp/security/CertWarningPane.java
index c095212..eedd86e 100644
--- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java
+++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java
@@ -1,5 +1,5 @@
 /* CertWarningPane.java
-   Copyright (C) 2008 Red Hat, Inc.
+   Copyright (C) 2012 Red Hat, Inc.
 
 This file is part of IcedTea.
 
@@ -132,15 +132,19 @@ public class CertWarningPane extends SecurityDialogPanel {
         } catch (Exception e) {
         }
 
-        //Top label
+        // Labels
         String topLabelText = "";
+        String bottomLabelText = parent.getCertVerifier().getRootInCacerts() ?
+                                 R("STrustedSource") : R("SUntrustedSource");
         String propertyName = "";
         String iconLocation = "net/sourceforge/jnlp/resources/";
         boolean alwaysTrustSelected = false;
         if (certVerifier instanceof HttpsCertVerifier) {
-            topLabelText = R("SHttpsUnverified") + " " +
-                                 R("Continue");
+            // HTTPS certs that are verified do not prompt for a dialog.
+            // @see VariableX509TrustManager#checkServerTrusted
+            topLabelText = R("SHttpsUnverified") + " " + R("Continue");
             propertyName = "OptionPane.warningIcon";
+            iconLocation += "warning.png";
         } else
             switch (type) {
                 case VERIFIED:
@@ -153,11 +157,13 @@ public class CertWarningPane extends SecurityDialogPanel {
                     topLabelText = R("SSigUnverified");
                     propertyName = "OptionPane.warningIcon";
                     iconLocation += "warning.png";
+                    bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy");
                     break;
                 case SIGNING_ERROR:
                     topLabelText = R("SSignatureError");
                     propertyName = "OptionPane.warningIcon";
                     iconLocation += "warning.png";
+                    bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy");
                     break;
             }
 
@@ -218,20 +224,15 @@ public class CertWarningPane extends SecurityDialogPanel {
         add(infoPanel);
         add(buttonPanel);
 
-        JLabel bottomLabel;
+        JLabel bottomLabel = new JLabel(htmlWrap(bottomLabelText));;
         JButton moreInfo = new JButton(R("ButMoreInformation"));
         moreInfo.addActionListener(new MoreInfoButtonListener());
 
-        if (parent.getCertVerifier().getRootInCacerts())
-            bottomLabel = new JLabel(htmlWrap(R("STrustedSource")));
-        else
-            bottomLabel = new JLabel(htmlWrap(R("SUntrustedSource")));
-
         JPanel bottomPanel = new JPanel();
         bottomPanel.setLayout(new BoxLayout(bottomPanel, BoxLayout.X_AXIS));
         bottomPanel.add(bottomLabel);
         bottomPanel.add(moreInfo);
-        bottomPanel.setPreferredSize(new Dimension(500, 100));
+        bottomPanel.setPreferredSize(new Dimension(600, 100));
         bottomPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
         add(bottomPanel);
author	Danesh Dadachanji <[email protected]>	2012-07-20 10:38:07 -0400
committer	Danesh Dadachanji <[email protected]>	2012-07-20 10:38:07 -0400
commit	f1f572f1e0fd95ffd92fcc6333d9b6a0534a8838 (patch)
tree	7efa45926a22cc75106a64937abbc5b3bcb5ee12 /netx
parent	098c59976e03f2eee43b907bb223ed552ef080a8 (diff)