I am studying Caja and having some trouble understanding how it works:
function Brand() {
var flag = false, payload = null;
return caja.freeze({
seal: function(payloadToSeal) {
function box() {
flag = true;
payload = payloadToSeal;
}
box.toString = function() {
return "(box)";
};
unseal: function(box) {
flag = false;
payload = null;
try {
box();
if (!flag) { throw ...; }
return payload;
} finally {
flag = false;
payload = null;
}
}
});
}
This has a caption that reads:
Fig. 10: Rights amplification. Each brand has a seal and unseal function, acting like a matched encryption and decryption key. Sealing an object returns a sealed box that can only be unsealed by the corresponding unseal function. The implementation technique shown here is due to M. Stiegler.
Is this pseudocode? I'm confused at what's happening, such as at box() and throw ...; . I appreciate any tips or advice.
The throw bit is pseudocode. The real code is available via svn.
Marc Stiegler describes the sealer/unsealer pattern and other secure decomposition patterns at http://www.youtube.com/watch?v=eL5o4PFuxTY