Re: [ease-dev] [EASE] Sign and Verify Script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ease-dev] [EASE] Sign and Verify Script

From: <Christian.Pontesegger@xxxxxxxxxxxx>
Date: Tue, 5 Jul 2016 07:40:58 +0000
Accept-language: de-DE, en-US
Delivered-to: ease-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/ease-dev>
List-help: <mailto:ease-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/ease-dev>, <mailto:ease-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/ease-dev>, <mailto:ease-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHR1Ws0hTiyDldboU2wI1FwOrgGdqAJc/QQ
Thread-topic: [ease-dev] [EASE] Sign and Verify Script

Hi Varun,

your commit is accepted, so we can start working on integration of signing and verification.

Regarding the context menu, check out answers on stack overflow [1] [2]. I like the idea of adding it to the editor context menu. Typically we will have the file opened in an editor. A future enhancement would be to have a default editor save action ‘add/update signature’, but that’s for another GSoC assignment.

To get through with our topics we need to speed up committing so I would ask you to start working on multiple topics in parallel. As the basic libraries are in place we have 3 topics that are mostly independent of each other:

· Display signature state as a decorator in script explorer
Here we do not care how we get the signature block into the file. You can do this by hand and see if the decorator displays the state correctly

· Verify signature before execution
Add a preference setting “[x] execute signed scripts only”, then check/ignore signatures whenever script code gets executed

· Add/update signature
this is the context menu topic you are working on

If we do these topics sequentially, we will likely not finish in time. Please also think about unit testing. We do need them as part of the assignment!

cheers

Christian

[1] http://stackoverflow.com/questions/23977822/visiblewhen-in-eclipse-menu-want-menu-to-only-appear-for-particular-file-exte

[2] http://stackoverflow.com/questions/5592028/visiblewhen-for-command-to-appear-in-context-menu

From: ease-dev-bounces@xxxxxxxxxxx [mailto:ease-dev-bounces@xxxxxxxxxxx] On Behalf Of Varun Raval
Sent: Sunday, July 03, 2016 10:41 PM
To: ease developer discussions
Subject: [ease-dev] [EASE] Sign and Verify Script

Hi,

This week I worked on certificate verification and pushed that on gerrit. See [1].

Specifically, I worked on validating certificate chain and how to check revocation status of certificates in certificate chain. The code that I submitted, performs two types of revocation status checks.

CRL (Certification Revocation List)
OCSP (Open Certificate Status Protocol)

Revocation status checks are used to know whether certificate is revoked after getting signed by root CA. Both are necessary to check and are recommended by Oracle. If any one of the links are not available with certificate, certificate would be considered invalid or not trusted. For the list of trusted certificates, I am using truststore provided with JAVA as default truststore.
For a try, I made a CSR (Certificate Signing Request), made it signed using Thawte Trial Certificate and played with VerifySignature class using this signed cerificate.

I am also working on context menu and UI for performing signature.

Option for performing signature will be there in context menu of Package Explorer. I wanted to know how to provide option for performing signature only for Script files. We can use visibleWhen clause of command tag, but what should be the parameters? I have done following which simply shows Perform Signature as context menu on any file.

   <extension
         point="org.eclipse.ui.menus">
      <menuContribution
            allPopups="false"
            locationURI="popup:org.eclipse.ui.popup.any">
         <command
               commandId="com.varun.ease.sign.ContextMenu"
               label="Perform Signature"
               style="push">

                  <visibleWhen
                     checkEnabled="false">
                     <with
                           variable="activeMenuSelection">
                           <iterate ifEmpty="false">
                           <adapt
                                 type="org.eclipse.core.resources.IFile">
                           </adapt>
                           </iterate>
                     </with>
                  </visibleWhen>
         </command>
      </menuContribution>
   </extension>

[1]: https://git.eclipse.org/r/#/c/75831/

Thanks for the help,

Varun Raval

Attachment: smime.p7s
Description: S/MIME cryptographic signature

References:
- [ease-dev] [EASE] Sign and Verify Script
  - From: Varun Raval

Prev by Date: [ease-dev] [EASE] Sign and Verify Script
Next by Date: [ease-dev] Target platform change to Neon
Previous by thread: [ease-dev] [EASE] Sign and Verify Script
Next by thread: [ease-dev] GSoC Script Signing meetup
Index(es):
- Date
- Thread

Breadcrumbs