Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ease-dev] [EASE] Sign and Verify Script
Hi Varun,



On 05/22/2016 08:28 PM, Varun Raval wrote:
In this case, my suggestion is,
  • At the time of signing script, we will take the certificate corresponding to the private key
Correct

  • We will attach this certificate with script. This will make file unreadable since certificates are in binary format
We should attach the signature, but not render the file unreadable. I am thinking of something like this:

bla bla
some script code
bla bla
last line of script code
// ---- SIGNATURE-BEGIN -----
// <base64 encoded signature data>
// ----- SIGNATURE-END

  • At side of verifier, we can separate script, signature and certificate and perform verification
exact
  • We can store signature and result of verification using setPersistentProperty() of IFile
we do not have a an IFile instance for remote scripts. IFile instances do exist for local files only. You may store the verification result temporary during runtime as a script property. We should re-evaluate them from time to time to make sure the certifikate was not revoked.
Does not work, we do not always have a file instance, as astated above

Are we having any sample scripts that are using scripts placed online? I want to study the behaviour and see how they are executed. Can you give an example on how online scripts are executed?
try this from a file or the shell:
include("http://git.eclipse.org/c/ease/org.eclipse.ease.scripts.git/plain/_javascript_%20Beginner%20Tutorial/01%20Hello%20world/01%20Hello%20world.js")


And, after execution, what happens of that file? Is it stored in workspace?
No, execution simply fetches the text content from an input stream and passes it to the script interpreter. Data might come from workspace files (IFile), file system files (java.io.File), sockets (eg http streams) or any other input stream you might think of.

Christian

Back to the top