Difference between revisions of "Proj-2015-2016-Extensions IPOPO/SRS"
| Line 134: | Line 134: | ||
| − | ==3.3 Requirement 3 : Creation of a Certificate Authority == |
+ | ==3.3 Requirement 3 : Creation of a Root Certificate Authority == |
'''Description''': |
'''Description''': |
||
| − | The administrator of an iPOPO application can create a certification authority that will allow to generate |
+ | The administrator of an iPOPO application can create a root certification authority that will allow him to generate intermediate certificate authority. |
'''Inputs''': |
'''Inputs''': |
||
| − | * Name of the authority to be created |
+ | * Name of the root authority to be created |
| + | |||
| + | '''Source''': |
||
| + | |||
| + | '''Outputs''': |
||
* A root certificate authority |
* A root certificate authority |
||
| + | |||
| + | '''Destination''': An iPOPO application |
||
| + | |||
| + | '''Action''': |
||
| + | * Creation of the root certification chain process |
||
| + | |||
| + | '''Non functional requirements''': |
||
| + | |||
| + | '''Pre-condition''': |
||
| + | |||
| + | '''Post-condition''': |
||
| + | * A root Certificate Authority does exists on the server |
||
| + | |||
| + | '''Side-effects''': |
||
| + | |||
| ⚫ | |||
| + | |||
| + | '''Description''': |
||
| + | The administrator of an iPOPO application have to create both Server's key and certificate to secure and recognize the remote shell and will allow him to generate client certificates. |
||
| + | |||
| + | '''Inputs''': |
||
| + | * Name of the intermediate authority to be created |
||
| + | * Parent Certificate to sign the Intermediate Certificate Authority with |
||
'''Source''': |
'''Source''': |
||
| Line 159: | Line 186: | ||
'''Post-condition''': |
'''Post-condition''': |
||
| + | * A new Intermediate Certificate Authority exists on the server |
||
'''Side-effects''': |
'''Side-effects''': |
||
| ⚫ | |||
==3.5 Requirement 5 : Creation of a Client's Key and Certificate == |
==3.5 Requirement 5 : Creation of a Client's Key and Certificate == |
||
| + | |||
| + | '''Description''': |
||
| + | The administrator of an iPOPO application can create a client's certificate using an intermediate certification authority. |
||
| + | |||
| + | '''Inputs''': |
||
| + | * Key : type and length |
||
| + | * Certificate : the issuer, the subject, the public key of the subject, not after date and not before date |
||
| + | |||
| + | '''Source''': |
||
| + | |||
| + | '''Outputs''': |
||
| + | * A new client's certificate |
||
| + | |||
| + | '''Destination''': An iPOPO application |
||
| + | |||
| + | '''Action''': |
||
| + | * Creation of a new client's certificate |
||
| + | |||
| + | '''Non functional requirements''': |
||
| + | |||
| + | '''Pre-condition''': |
||
| + | * The intermediate certification authority does exists |
||
| + | * The client CSR signed with his private key |
||
| + | |||
| + | '''Post-condition''': |
||
| + | * New client's certificate created |
||
| + | |||
| + | '''Side-effects''': |
||
| + | |||
==3.6 Requirement 6 : Revocation of a Client's Certificate == |
==3.6 Requirement 6 : Revocation of a Client's Certificate == |
||
| + | |||
| + | '''Description''': |
||
| + | The administrator of an iPOPO application can revoke a client's certificate to block access to the secured remote shell from it. |
||
| + | |||
| + | '''Inputs''': |
||
| + | * Id of the certificate to revoke |
||
| + | |||
| + | '''Source''': |
||
| + | |||
| + | '''Outputs''': |
||
| + | |||
| + | '''Destination''': An iPOPO application |
||
| + | |||
| + | '''Action''': |
||
| + | * Revokation of a client's certificate |
||
| + | |||
| + | '''Non functional requirements''': |
||
| + | |||
| + | '''Pre-condition''': |
||
| + | * The client's certificate exists and is not already revoked |
||
| + | |||
| + | '''Post-condition''': |
||
| + | * The client's certificate is now revoked |
||
| + | |||
| + | '''Side-effects''': |
||
| + | |||
=4. Product evolution= |
=4. Product evolution= |
||
Latest revision as of 15:21, 4 April 2016
| Version | Date | Authors | Description | Validator | Validation Date | |
|---|---|---|---|---|---|---|
| 0.1.0 | January 18, 2016 | Marwan HALLAL, Rémi GATTAZ, Abdelaziz FOUNAS | Creation of the document | TBC | TBC |
1. Introduction
1.1 Purpose of the requirements document
This Software Requirements Specification (SRS) identifies the requirements for project StartAir Safe. In case of a open source project, we must present the requirement to others potential contributors. This document is a guideline about the functionalities offered and the problems that the system solves.
1.2 Scope of the product
The goal of the project is to add to IPOPO an encrypted remote shell without using external modules as much as possible. Adding this shell would allow the use of sensitive data, such as passwords, from a client to an IPOPO application.
1.3 Definitions, acronyms and abbreviations
- IPOPO : A Python-based Service-Oriented Component Model Documentation officielle
- Shell : A shell is a user interface for access to an operating system's services. It is accessed through a command-line interface (CLI)
- CLI (Command Line Interface) : A means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines)
- IPOPO internal shell : IPOPO component allowing the management of a running IPOPO application.
- IPOPO Remote shell : IPOPO component allowing a remote access to an IPOPO internal shell.
- PKI (Public Key Infrastructure) : a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates[1] and manage public-key encryption
1.4 References
The main page of the project: IPOPO Projects
1.5 Overview of the remainder of the document
The next chapter, the Overall Description section, of this document gives an overview of the functionality of the product. It describes the informal requirements and is used to establish a context for the technical requirements specification in the next chapter. The third chapter, Requirements Specification section, of this document is written primarily for the developers and describes in technical terms the details of the functionality of the product. Both sections of the document describe the same software product in its entirety, but are intended for different audiences and thus use different language.
2. General description
2.1 Product perspective
The goal of this project to create two IPOPO extensions :
- An encrypted version of the IPOPO remote shell
- The creation of a PKI
The first extension will use the PKI to handle a set of users using certificates.
2.2 Product functions
Using these two extensions, an ipopo application administrator will be able to manage users and their secured access to the IPOPO remote shell.
2.3 User characteristics
The users of these two extensions are any IPOPO users.
2.4 General constraints
- Developed in python
- Compatible with python2 and python3
- Without external dependencies
- Compatible Linux and Windows
2.5 Assumptions and dependencies
If necessary, the compatibility with Windows can be ignored at first.
3. Specific requirements, covering functional, non-functional and interface requirements
3.1 Requirement 1 : An encrypted remote shell server
Description: Service allowing a client to connect with an encrypted connexion to an IPOPO remote shell. The client and the server are mutually authenticated.
Inputs:
- Server Key
- Server Certificate
- Chain of certification
Source:
Outputs:
- A secured remote shell connection is created for every client providing an accepted certificated
Destination: IPOPO application administrator
Action:
- Creation of a TCP server
- SSL wrapping of every new connection
- Verification of client certificates
- Reception/Emission of encrypted messages to client
Non functional requirements:
- The Server Key, certificates and chain of certification must exist
Pre-condition:
Post-condition:
Side-effects:
3.2 Requirement 2 : An encrypted remote shell client
Description: Client using a secured connection to an encrypted IPOPO remote shell server. The client and the server are mutually authenticated.
Inputs:
- Client Key
- Client Key
- Chain of certification
Source:
Outputs:
- A secured remote shell connection
Destination: Any IPOPO user
Action:
- Creation of a TCP socket
- SSL wrapping of the socket
- Verification of server's certificates
- Reception/Emission of encrypted messages
Non functional requirements:
Pre-condition:
- The Server Key, certificates and chain of certification must exist
Post-condition:
Side-effects:
3.3 Requirement 3 : Creation of a Root Certificate Authority
Description: The administrator of an iPOPO application can create a root certification authority that will allow him to generate intermediate certificate authority.
Inputs:
- Name of the root authority to be created
Source:
Outputs:
- A root certificate authority
Destination: An iPOPO application
Action:
- Creation of the root certification chain process
Non functional requirements:
Pre-condition:
Post-condition:
- A root Certificate Authority does exists on the server
Side-effects:
3.4 Requirement 4 : Creation of an Intermediate Certificate Authority
Description: The administrator of an iPOPO application have to create both Server's key and certificate to secure and recognize the remote shell and will allow him to generate client certificates.
Inputs:
- Name of the intermediate authority to be created
- Parent Certificate to sign the Intermediate Certificate Authority with
Source:
Outputs:
- An intermediate certificate authority
Destination: An iPOPO application
Action:
- Creation of a certificate chain with a root certificate
Non functional requirements:
Pre-condition:
- A root certificate exists on the server
Post-condition:
- A new Intermediate Certificate Authority exists on the server
Side-effects:
3.5 Requirement 5 : Creation of a Client's Key and Certificate
Description: The administrator of an iPOPO application can create a client's certificate using an intermediate certification authority.
Inputs:
- Key : type and length
- Certificate : the issuer, the subject, the public key of the subject, not after date and not before date
Source:
Outputs:
- A new client's certificate
Destination: An iPOPO application
Action:
- Creation of a new client's certificate
Non functional requirements:
Pre-condition:
- The intermediate certification authority does exists
- The client CSR signed with his private key
Post-condition:
- New client's certificate created
Side-effects:
3.6 Requirement 6 : Revocation of a Client's Certificate
Description: The administrator of an iPOPO application can revoke a client's certificate to block access to the secured remote shell from it.
Inputs:
- Id of the certificate to revoke
Source:
Outputs:
Destination: An iPOPO application
Action:
- Revokation of a client's certificate
Non functional requirements:
Pre-condition:
- The client's certificate exists and is not already revoked
Post-condition:
- The client's certificate is now revoked
Side-effects:
4. Product evolution
5. Appendices
5.1. SRS structure
The document is based on template of the Software Requirements Specification (SRS) inspired of the IEEE/ANSI 830-1998 Standard.
References:
- http://www.cs.st-andrews.ac.uk/~ifs/Books/SE9/Presentations/PPTX/Ch4.pptx
- http://en.wikipedia.org/wiki/Software_requirements_specification
- IEEE Recommended Practice for Software Requirements Specifications IEEE Std 830-1998