Proj-2015-2016-Extensions IPOPO/SRS

=1.  Introduction=

1.1 Purpose of the requirements document
This Software Requirements Specification (SRS) identifies the requirements for project StartAir Safe. In case of a open source project, we must present the requirement to others potential contributors. This document is a guideline about the functionalities offered and the problems that the system solves.

1.2 Scope of the product
The goal of the project is to add to IPOPO an encrypted remote shell without using external modules as much as possible. Adding this shell would allow the use of sensitive data, such as passwords, from a client to an IPOPO application.

1.3 Definitions, acronyms and abbreviations

 * IPOPO : A Python-based Service-Oriented Component Model Documentation officielle
 * Shell : A shell is a user interface for access to an operating system's services. It is accessed through a command-line interface (CLI)
 * CLI (Command Line Interface) : A means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines)
 * IPOPO internal shell : IPOPO component allowing the management of a running IPOPO application.
 * IPOPO Remote shell : IPOPO component allowing a remote access to an IPOPO internal shell.
 * PKI (Public Key Infrastructure) : a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates[1] and manage public-key encryption

1.4 References
The main page of the project: IPOPO Projects

1.5 Overview of the remainder of the document
The next chapter, the Overall Description section, of this document gives an overview of the functionality of the product. It describes the informal requirements and is used to establish a context for the technical requirements specification in the next chapter. The third chapter, Requirements Specification section, of this document is written primarily for the developers and describes in technical terms the details of the functionality of the product. Both sections of the document describe the same software product in its entirety, but are intended for different audiences and thus use different language.

=2.  General description=

2.1 Product perspective
The goal of this project to create two IPOPO extensions :
 * An encrypted version of the IPOPO remote shell
 * The creation of a PKI

The first extension will use the PKI to handle a set of users using certificates.

2.2 Product functions
Using these two extensions, an ipopo application administrator will be able to manage users and their secured access to the IPOPO remote shell.

2.3 User characteristics
The users of these two extensions are any IPOPO users.

2.4 General constraints

 * Developed in python
 * Compatible with python2 and python3
 * Without external dependencies
 * Compatible Linux and Windows

2.5 Assumptions and dependencies
If necessary, the compatibility with Windows can be ignored at first.

=3. Specific requirements, covering functional, non-functional and interface requirements=

3.1 Requirement 1 : An encrypted remote shell server
Description: Service allowing a client to connect with an encrypted connexion to an IPOPO remote shell. The client and the server are mutually authenticated.

Inputs:
 * Server Key
 * Server Certificate
 * Chain of certification

Source:

Outputs:
 * A secured remote shell connection is created for every client providing an accepted certificated

Destination: IPOPO application administrator

Action:
 * Creation of a TCP server
 * SSL wrapping of every new connection
 * Verification of client certificates
 * Reception/Emission of encrypted messages to client

Non functional requirements:
 * The Server Key, certificates and chain of certification must exist

Pre-condition:

Post-condition:

Side-effects:

3.2 Requirement 2 : An encrypted remote shell client
Description: Client using a secured connection to an encrypted IPOPO remote shell server. The client and the server are mutually authenticated.

Inputs:
 * Client Key
 * Client Key
 * Chain of certification

Source:

Outputs:
 * A secured remote shell connection

Destination: Any IPOPO user

Action:
 * Creation of a TCP socket
 * SSL wrapping of the socket
 * Verification of server's certificates
 * Reception/Emission of encrypted messages

Non functional requirements:

Pre-condition:
 * The Server Key, certificates and chain of certification must exist

Post-condition:

Side-effects:

3.3 Requirement 3 : Creation of a Root Certificate Authority
Description: The administrator of an iPOPO application can create a root certification authority that will allow him to generate intermediate certificate authority.

Inputs:
 * Name of the root authority to be created

Source:

Outputs:
 * A root certificate authority

Destination: An iPOPO application

Action:
 * Creation of the root certification chain process

Non functional requirements:

Pre-condition:

Post-condition:
 * A root Certificate Authority does exists on the server

Side-effects:

3.4 Requirement 4 : Creation of an Intermediate Certificate Authority
Description: The administrator of an iPOPO application have to create both Server's key and certificate to secure and recognize the remote shell and will allow him to generate client certificates.

Inputs:
 * Name of the intermediate authority to be created
 * Parent Certificate to sign the Intermediate Certificate Authority with

Source:

Outputs:
 * An intermediate certificate authority

Destination: An iPOPO application

Action:
 * Creation of a certificate chain with a root certificate

Non functional requirements:

Pre-condition:
 * A root certificate exists on the server

Post-condition:
 * A new Intermediate Certificate Authority exists on the server

Side-effects:

3.5 Requirement 5 : Creation of a Client's Key and Certificate
Description: The administrator of an iPOPO application can create a client's certificate using an intermediate certification authority.

Inputs:
 * Key : type and length
 * Certificate : the issuer, the subject, the public key of the subject, not after date and not before date

Source:

Outputs:
 * A new client's certificate

Destination: An iPOPO application

Action:
 * Creation of a new client's certificate

Non functional requirements:

Pre-condition:
 * The intermediate certification authority does exists
 * The client CSR signed with his private key

Post-condition:
 * New client's certificate created

Side-effects:

3.6 Requirement 6 : Revocation of a Client's Certificate
Description: The administrator of an iPOPO application can revoke a client's certificate to block access to the secured remote shell from it.

Inputs:
 * Id of the certificate to revoke

Source:

Outputs:

Destination: An iPOPO application

Action:
 * Revokation of a client's certificate

Non functional requirements:

Pre-condition:
 * The client's certificate exists and is not already revoked

Post-condition:
 * The client's certificate is now revoked

Side-effects:

=4. Product evolution=

=5. Appendices=

5.1. SRS structure
The document is based on template of the Software Requirements Specification (SRS) inspired of the IEEE/ANSI 830-1998 Standard.

References:
 * http://www.cs.st-andrews.ac.uk/~ifs/Books/SE9/Presentations/PPTX/Ch4.pptx
 * http://en.wikipedia.org/wiki/Software_requirements_specification
 * IEEE Recommended Practice for Software Requirements Specifications IEEE Std 830-1998

=6. Index=