the vote receipt is signed by the server

[magwas]

Behaviour: Vote/Cast vote;the vote receipt is signed by the server

@tested_feature("Vote")

@tested_operation("Cast vote")

@tested_behaviour("the vote receipt is signed by the server")

A testable aspect of function: a set of pre- and postconditions.

Deviation in model

[colorimeter]

What kind if signature is meant here? Should we create an asymmetric keypair and sign with that? Or do we already have publicly available official keys/certificates, of which created signatures can be verified by any user?

[magwas]

Use X.509 (a.k.a. SSL) certificate from a keystore. The location of the keystore eventually should be configureable from the web application server (e.g. an Environment element in server.xml ). (see https://tomcat.apache.org/tomcat-7.0-doc/config/globalresources.html#Environment_Entries And the variable should be readable through something like this: InitialContext context = new InitialContext(); Context xmlNode = (Context) context.lookup("java:comp/env"); String companyName = (String) xmlNode.lookup("maxExemptions");

But deciding on who is responsible for which of those three lines need careful consideration. ) This involves changing the build process, as there is no keystore in the build yet. Creating a (self-signed) certificate, and storing it in a newly created keystore using command line tools should be part of the build preparation. This issue is not marked as "up for grab" because of the complexities above, and because implementing crypto correctly is usually nontrivial. If you want it, let's talk about how much testcases should we count for the CI part.

[colorimeter]

colorimeter

OK. Things to discuss:

• which attributes of CastVote should be included in the signed content (all, also random ids?)
• location of the keystore (eg. $HOME/keystore/)
• is it possible to test the application server settings in unittest or in case of missing environment context we can fall back to assume a default keystore location

[magwas]

Everything that is stored as vote result should be signed. The keystore location should eventually be configureable from the web application server. See above. The basic functionality should use a keypair, and in the unit test you should obtain the keypair from a keystore in the test resource folder. Part of the task is to create this keystore from a keypair in PEM before running maven. Obtaining the keystore location and loading the key in the initialization phase from the keystore will be the responsibility of an integration test.

[szirbucz]

It's done