Proj-2015-2016-Extensions IPOPO

From air
Jump to: navigation, search

Subject: Services étendus pour le modèle de composants iPOPO pour Python (in French)

Supervisors:

  • Thomas CALMANT
  • Didier DONSEZ

Students:

  • Abdelaziz FOUNAS (RICM4)
  • Rémi GATTAZ (RICM4)
  • Marwan HALLAL (RICM4)


Week 1 (Janvier 11th - January 17th)

Objectives

  • Meet with supervisors
  • Decide which suggested extension of IPOPO we will work on
  • Understand the subject

Work done

Problems faced

Week 2 (Janvier 18th - January 24th)

Objectives

  • Create the project's SRS
  • Lean python
  • Learn how to use IPOPO (basic usage)

Work done

  • Studied the code of iPOPO
  • Prepared meeting with Thomas CALMANT

Problems faced

Week 3 (Janvier 25th - January 31th)

Objectives

  • Work on the design of our extension
  • Start designing the extension
    • Find where our extension will be located in the existing code
    • Creation of UML Diagrams
    • Find python modules that we could use

Weekly meeting

During this week's meeting, the following points were discussed and agreed upon :

  • The creation and revocation of client's certificates will be done inside iPOPO. It implies that iPOPO will have to handle a keystore.
  • To connect to the IPOPO secured remote shell, we will create a simple python client
  • Extending the RemoteConsole class seems to be a good approach for what we are trying to do.

Work done

Problems faced

Week 4 (February 1st - February 7th)

Objectives

  • Search of a python2 and python3 compatible cryptology module (must be able to handle keystores)
  • Choose our workflow
  • Continue designing the extension
    • Read the IPOPO documentation to improve our understanding of the IPOPO project
    • Decide where to implant it.

Work done

Possible python extensions
name pros cons comments
pyOpenssl
  • Compatible python2 and python3
  • Downloaded several thousands time every day
  • Can work with pkcs12 files (openssl compatible keystores)
  • Add a dependency to this module in IPOPO.
ssl
  • Compatible python2 and python3
  • Already exists in any python installation
  • Doesn't handle keystores

If used with pyjks, the two modules can have everything required. pyjks is however still in alpha and seems to only support python3

Weekly meeting

During this week's meeting, the following points were discussed and agreed upon :

  • We will create a package pelix.crypto in iPOPO.
  • To handle certificates, we will create in IPOPO a module keystore
  • For a first version, we will use the python module ssl in order to not add a new dependency. We will however try to make it easy to create a new keystore module with pyOpenssl

Problems faced

We didn't have specific problems during the week.


Week 5 (February 8st - February 14th)

Objectives

  • Write a simple client/server application using AES encryption
  • Start to write the TLS versions of classes handling the remote connections in IPOPO
  • Write the keystore service interface

Work done

  • Draft of keystore interface
  • Implementation of TLS version classes
  • Client/Server application using AES encryption

Weekly meeting

  • The problem we had was discussed and a solution found

Problems faced

  • The current implementation of remote shell forced to rewrite a lot of code. A solution was found that however requires to slightly modify the current iPOPO remote shell module.


Week 6 (February 15st - February 21th)

Objectives

  • Add mutual authentication to the simple client/server python application written the previous week
  • Complete and test the TLS version of IPOPO remote shell classes

Work done

  • Mutual authentication was added to the client/server python application written the previous week
  • Tests of the TLS remote shell with the client of the simple application
  • Creation of two issues on Ipopo's Github repository Issue #52 Issue #53

Weekly meeting

Problems faced

  • The client written for the simple client/server application can not connect to the TLS remote shell. The problem has not been identified yet.


Week 7 (February 29th - March 6th)

Objectives

  • Find the issue in the TLS RemoteShell and fix it
  • Design a module PKI (Public Key Infrastructure) and the submodules it needs.

Work done

  • The problem in our implementation of the tls remote shell was found and corrected.
  • First Draft of the PKI's modules

Weekly meeting

Problems faced

  • While designing the PKI modules, we were looking how to use it with the current implementation of the TLS-RemoteShell. We found that the wrapping of the socket can only be done using files. Thus, we will most likely have to create temporary files to wrap sockets with using certificates.


Week 8 (March 7th - March 13th)

Objectives

  • Finish design of the PKI modules and put it on the Air wiki
  • Creation of a Gantt diagram to plan the last 3 weeks of the project
  • Start the implementation of the PKI

Work done

  • Creation of a class diagram of the PKI's modules. It is available here
  • The Ganntt was created and presented to Thomas CALMANT

Weekly meeting

During this week's meeting, we discussed what we still had to do and presented a Gantt to show what was our goal.

Problems faced

We didn't have specific problems during the week.

Week 9 (March 14th - March 20th)

Objectives

  • Make small modifications to the TLS Remote Shell for upcoming merge with the second branch of our project
  • Start the implementation of the dependencies of the PKI module

Work done

  • Define constants in the remote shell module used in the TLS Keystore modules
  • Started implementation of the module Keystore and BasicKeystore
  • Creation of a function main in the module tlsremoteshell to start it easily

Problems faced

We didn't have specific problems during the week.

Week 10 (March 21th - March 27th)

Objectives

  • Implementation of the module PKI
  • Creation of tests for the module BasicKeystore

Work done

  • Creation of the module PKI
  • Creation of Travis tests of the module BasicKeystore

Problems faced

  • We didn't know how to test properly our travis tests before commiting them to the project repository. We thus created a lot of meaningless commits.

Week 11 (March 28th - April 3rd)

Objectives

  • Creation of Travis tests of the module PKI
  • Have a bettter coverage on the module KeyStore

Work done

  • Creation of automatic tests of the PKI

Problems faced

  • The continuous integration server Travis was not running well. Every tests requiring networking was failing. Even previously working tests could not be completed.

Week 12 (April 4th - April 10th)

Objectives

  • Modify the PKI. Have PKI the name of an interface and make the current PKI a subclass of PKI name BasicPKI
  • Make BasicPKI a ipopo component

Work done

Weekly meeting

Problems faced

  • Travis.yml is still not working properly. It worked on Monday morning for some time but started to fail again at the end of the morning.