FreieWahl.Security.md

FreieWahl.Security

Contents

• IJwtAuthentication
  • CheckToken(token)
  • Initialize(certUrl,issuer,audience)
• ISignatureHandler
  • GetSignedContent(signedData)
• ISignatureProvider
  • IsSignatureValid(data,signature)
  • SignData(data)
• ITimestampService
  • CheckTokenContent(token,data)
  • GetToken(data,checkCertificate)
• IUserHandler
  • MapUser(result)
• IVotingKeyStore
  • GetKeyPair(votingId,index)
  • StoreKeyPairs(votingId,keys)
• PkiStatus
  • Granted
  • GrantedWithMods
  • Rejection
  • RevocationNotification
  • RevocationWarning
  • Waiting

IJwtAuthentication type

Namespace

FreieWahl.Security.Authentication

Summary

Interface for checking JWT authorization tokens, this is essential for the authentication process.

CheckToken(token) method

Summary

checks if a given jwt token is valid (see prerequisites above)

Returns

the validation result

Parameters

Name	Type	Description
token	System.String	a token

Initialize(certUrl,issuer,audience) method

Summary

Initializes an instance of the token checker

Returns

the future of this operation

Parameters

Name	Type	Description
certUrl	System.String	url of the public keys used to sign the JWT tokens (e.g. https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys) - only tokens signed with one of the corresponding private keys are accepted
issuer	System.String	issuer of the jwt token (e.g. https://session.firebase.google.com/freiewahl-application ) - only tokens with this issuer are accepted
audience	System.String	valid audience for jwt tokens (e.g. freiewahl-application) - only tokens published for this audience will be accepted

ISignatureHandler type

Namespace

FreieWahl.Security.Signing.Buergerkarte

Summary

gets the data, signee and certificate that was used to create the given signed data

GetSignedContent(signedData) method

Summary

gets the data, signee and certificate that was used to create the given signed data

Returns

the decoded data from the CMS message, i.e. the signee id, signee name, signature certificate and the original data

Parameters

Name	Type	Description
signedData	System.String	CMS signed data

ISignatureProvider type

Namespace

FreieWahl.Security.Signing.Common

Summary

signature provider, supports signing data - in the default implementation, SHA256withRSA is used for signing

IsSignatureValid(data,signature) method

Summary

only used in test code - checks if a signature is valid

Returns

true, if the signature is a valid signature for this data

Parameters

Name	Type	Description
data	System.Byte[]	some data
signature	System.Byte[]	the signature for this data

SignData(data) method

Summary

signs some data (typically using SHA256withRSA or something similar)

Returns

signature for this data

Parameters

Name	Type	Description
data	System.Byte[]	some data

ITimestampService type

Namespace

FreieWahl.Security.TimeStamps

Summary

Service for processing time stamp requests according to RFC 3161.

CheckTokenContent(token,data) method

Summary

only used for testing purposes - checks if a timestamp is valid

Returns

checks if the timestamp is actually valid

Parameters

Name	Type	Description
token	Org.BouncyCastle.Tsp.TimeStampToken	a timestamp token for some data
data	System.Byte[]	some data

GetToken(data,checkCertificate) method

Summary

A hash is calculated for the given data, a time stamp token with a timestamp from a trusted time stamp authority is returned.

Returns

a time stamp token issued by a time stamp authority

Parameters

Name	Type	Description
data	System.Byte[]	the data for which a time stamp should be created
checkCertificate	System.Boolean	flag whether the certficate used to create the time stamp should be verified, too

IUserHandler type

Namespace

FreieWahl.Security.UserHandling

Summary

Maps user information from a JWT auth token to user information including user name, id and mail address

MapUser(result) method

Summary

Maps user information from a JWT auth token to user information including user name, id and mail address

Returns

the extracted user information (user name, id and mail address)

Parameters

Name	Type	Description
result	System.Security.Claims.ClaimsPrincipal	user claims from a JWT auth token

IVotingKeyStore type

Namespace

FreieWahl.Security.Signing.VotingTokens

Summary

The voting key store stores the key pairs required for signing blinded voting tokens

GetKeyPair(votingId,index) method

Summary

gets the key pair for the given voting id and question index

Returns

the key pair for the given voting id and question index

Parameters

Name	Type	Description
votingId	System.String	a voting id
index	System.Int32	the question index

StoreKeyPairs(votingId,keys) method

Summary

Stores a list of private/public key pairs

Returns

the future of this operation

Parameters

Name	Type	Description
votingId	System.String	the voting id the list of key pairs belongs to
keys	System.Collections.Generic.Dictionary{System.Int32,Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair}	a list of keys - the key is the question index for a key pair, the value is the key pair that is stored

PkiStatus type

Namespace

FreieWahl.Security.TimeStamps

Summary

PKI statuses according to RFC 3161

Granted constants

Summary

When the PKIStatus contains the value zero a TimeStampToken, as requested, is present.

GrantedWithMods constants

Summary

When the PKIStatus contains the value one a TimeStampToken, with modifications, is present.

Rejection constants

Summary

When the PKIStatus contains the value two a TimeStamp request was rejected.

RevocationNotification constants

Summary

Revocation has occurred.

RevocationWarning constants

Summary

A warning that a revocation is imminent.

Waiting constants

Summary

The request body part has not yet been processed, expect to hear more later.