Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Creating a Java or Python Project

You can select to create a Java or Python project when creating a secure computing application. Related code samples are available for download.

Due to its simplicity, cross-platform interoperability, and portability, in addition to its support for big data and microservices, the Java language has been chosen to develop a broad range of applications. To help port Java applications to the TEE, the confidential OS provides an environment for running Java applications.

Prerequisites

  • You have logged in to the Kunpeng DevKit.
  • The Development Assistant has been installed. You are advised to install the Compiler and Debugger and add a target server before creating a project for future compilation and debugging.

Procedure

  1. Click in the shortcut menu bar on the left pane or click next to Development Assistant. The Kunpeng Application Projects page is displayed. See Figure 1.
    Figure 1 Kunpeng Application Projects
  2. Click Secure Computing Application. The Secure Computing Application page is displayed. See Figure 2.
    Figure 2 Secure Computing Application
  3. Click Java/Python Application. On the left pane of the displayed page, select Project creation for Task Type, select Java or Python for Project Type, select the required sample project, and configure other parameters as required. See Figure 3 and Figure 4.
    Figure 3 Creating a Java project
    Figure 4 Creating a Python project
    Table 1 Parameter settings (1)

    Parameter

    Description

    Task Type

    Task type, which can be:

    • Project creation
    • Java/Python application reconstruction

    Project Type

    The options are:

    • Java
    • Python

    Sample Project

    Provided sample project, which can be:

    • The Hello World sample project is available when you select Java for Project Type. It is a reference implementation of Java "Hello World" that is developed by using the high-level languages in Kunpeng BoostKit for Confidential Computing.
    • The Titanic sample project is available when you select Python for Project Type. It is a reference implementation of Titanic survival data prediction using the Python machine learning library.

    Project Name

    Name of the project to be created. The default project name is xxx_ProjectN, which can be modified as required.

    NOTE:
    • N is an integer starting from 1 in ascending order.
    • The project name can contain 1 to 64 characters, including only letters, digits, periods (.), hyphens (-), plus signs (+), parentheses (), and underscores (_). It cannot start with a period (.).

    Project Location

    Storage path of the project to be created. The default project location is C:\Users\username\KunpengProject, which can be modified as required.

    (Optional) Signature Private Key

    Import the signature private key.

    (Optional) Signature Certificate

    Import the signature certificate.
  4. Click Next to configure the target node. You can use an existing server or add a new server. To add a server, enter the IP address, SSH port, user name, password, and storage directory. If you select Configure later, no SDKs will be deployed by default. See Figure 5.
    Figure 5 Configuring the target node
    Table 2 Parameter settings (2)

    Parameter

    Description

    Deploy Server
    • Existing
    • New
    • Configure later
    NOTE:

    The new server will be added to the target server management.

    IP Address

    IP address of the target node for subsequent operations.

    SSH Port

    SSH port number of the target node.

    User Name

    Account of the target node for subsequent operations.

    Password

    Password of the target node user.

    Remember password

    If you select this option, the password of the current server user will be remembered.

    Storage Directory

    Storage directory on the target node.

    NOTE:

    The tool reads and writes the content in the storage directory. To avoid data loss, you are advised to use an empty directory.

    Deploy SDK When Creating Project

    Yes: deploys the SDK.

    No: does not deploy the SDK.

    Deploy SDK

    Select an SDK deployment method.

    • Online deployment
      • kunpeng-sc
      • kunpeng-sc-devel
    • Offline deployment
      • kunpeng-sc
      • kunpeng-sc-devel
    NOTE:
    • If you select Online deployment, the server must be connected to the Internet. In an isolated network environment, you need to use a proxy to access the Internet. For details, see Configuring a Proxy.
    • If you select Offline deployment, the SDK is imported from the local host. Download the SDK to the local host and upload it.

    When configuring the new target node, ensure that the node is running on a physical machine and runs openEuler 20.03 LTS SP1 or Kylin V10 in the Arm architecture, and that you have administrator permissions for the node.

  5. Determine whether to deploy the SDK. If you select Yes, select Online deployment, Offline deployment, or Configure later. See Figure 6. Click Create.
    Figure 6 Deploying the SDK

    If the secure computing SDK fails to be deployed, rectify the fault by following instructions in Failed to Deploy the Secure Computing Application SDK.

  6. Click Create. A dialog box is displayed, asking you to confirm whether TrustZone has been enabled. If it is enabled, select Enabled and click OK. See Figure 7.
    Figure 7 TrustZone dialog box
    Configurations are verified during project creation. See Figure 8 and Figure 9.
    Figure 8 Successful Java or Python project creation
    Figure 9 Failed to create a Java or Python project

    To create a Python project, you need to install a third-party dependency library.

  7. After the SDK deployment, deploy the Java or Python runtime environment.
    • Deploying the Java runtime environment
      1. Decompress the file. 
        1
        		 
        tar -zxvf /usr/local/kunpeng-sc/java/bisheng-jdk-8u372-tee-aarch64.tar.gz
      2. Copy the directory. 
        1
        		 
        cp -r /usr/local/kunpeng-sc/java/bisheng-jdk-8u372-tee-aarch64/jdk /usr/local/kunpeng-sc-devel/utils/pack-App
      3. Save the obtained certificate and its private key to the /usr/local/kunpeng-sc-devel/utils/pack-App/pack_tools directory and name them ta_cert.der and private_key.pem, respectively.
      4. Go to the pack-App directory and run the following command to generate the jdk.sec file: 
        1
2
        		 
        cd /usr/local/kunpeng-sc-devel/utils/pack-App
python3 pack.py jdk
      5. Install the Java environment in the TEE. 
        1
        		 
        tee_teleport -s jdk.sec -t java
    • Deploying the Python runtime environment
      1. Decompress the file. 
        1
        		 
        tar -zxvf /usr/local/kunpeng-sc/python/Python-3.6.15-tee-aarch64.tar.gz
      2. Copy the directory. 
        1
        		 
        cp -r /usr/local/kunpeng-sc/python/Python-3.6.15-tee-aarch64/python /usr/local/kunpeng-sc-devel/utils/pack-App
      3. Save the obtained certificate and its private key to the /usr/local/kunpeng-sc-devel/utils/pack-App/pack_tools directory and name them ta_cert.der and private_key.pem, respectively.
      4. Go to the pack-App directory and run the following command to generate the python.sec file: 
        1
2
        		 
        cd /usr/local/kunpeng-sc-devel/utils/pack-App
python3 pack.py python
      5. Install the Python environment in the TEE. 
        1
        		 
        tee_teleport -s python.sec -t python

      You can run the tee_teleport command to install a third-party Java or Python library. For details about how to use tee_teleport, see Table 3.

      Table 3 Parameter description

      Parameter

      Description

      Return Value

      install (-s)

      Installs the Java or Python runtime environment in the TEE.

      If the installation is successful, 0 is returned. If the installation fails, -1 is returned.

      uninstall (-u)

      Uninstalls the Java or Python runtime environment in the TEE. This parameter must be used together with parameter type.

      If the uninstallation is successful, 0 is returned. If the uninstallation fails, -1 is returned.

      type (-t)

      Specifies the type, which is Java, Python, or Py3rd. This parameter must be used together with parameter -s, -u, or -m.

      NOTE:

      If the -t parameter is used, the specified type is lowercase. For example, the command for installing Java is tee_teleport -s jre.sec -t java.

      -

      import (-m)

      Installs the Java or Python third-party library in the TEE.

      If the installation is successful, 0 is returned. If the installation fails, -1 is returned.

      create (-c)

      Creates an application running directory and session ID in the TEE.

      If the creation is successful, 0 is returned. If the creation fails, -1 is returned.

      id (-i)

      Session ID. This parameter must be specified when run, input, output, or destroy is used.

      -

      run (-r)

      Run the application. This parameter must be used together with parameter sessionID.

      If the operation is successful, 0 is returned. If the operation fails, -1 is returned.

      input (-n)

      Inputs data to the TEE. This parameter can be used together with parameter -d (a relative path is required).

      If the operation is successful, 0 is returned. If the operation fails, -1 is returned.

      output (-o)

      Outputs data from the TEE to the REE. This parameter can be used together with parameter -v.

      If the operation is successful, 0 is returned. If the operation fails, -1 is returned.

      destroy (-e)

      Destroys the data, directory, and session ID of a Java or Python application. This parameter must be used together with parameter sessionID.

      If the operation is successful, 0 is returned. If the operation fails, -1 is returned.

      delete (-d)

      Deletes a subfile or subdirectory of the application in the TEE.

      If the operation is successful, 0 is returned. If the operation fails, -1 is returned.

      query (-q)

      Checks whether a subfile or subdirectory of the application exists in the TEE.

      If the queried file or directory exists, 0 is returned. If it does not exist, 1 is returned. If the check fails, -1 is returned.

      parameter (-p)

      Parameters required for running the application.

      -

      rename (-a)

      Path to the input file.

      -

      save (-v)

      Path to the output file.

      -

      help (-h)

      Obtains help information.

      -

      Example:

       1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
      		 
      tee_teleport -s jre.sec -t java   # Installs Java.
tee_teleport -s python.sec -t python   # Installs Python.
tee_teleport -u -t java   # Uninstalls Java.
tee_teleport -u -t python   # Uninstalls Python.
tee_teleport -m third.sec -t python   # Installs a third-party library.
tee_teleport -c test.sec   # Installs an application. A sessionID.txt file is generated in the current directory.
tee_teleport -r TeeJava.class -i sessionID.txt   # Runs an application.
tee_teleport -n data_dir -i sessionID.txt   # Inputs a file.
tee_teleport -o data_dir -i sessionID.txt   # Outputs a file.
tee_teleport -e -i sessionID.txt   # Uninstalls an application.
tee_teleport -d output/tee.log -i sessionID.txt   # Deletes a file.
tee_teleport -q output/tee.log -i sessionID.txt   # Queries a file.
tee_teleport -c test.sec -r TeeJava.class -n data_dir -o output/tee.log -e   # Performs installation, file input, execution, and uninstallation.
  8. After the runtime environment is deployed and the Java or Python project is created, click Open Project to open it in the current window.
    Figure 10 Viewing the Java or Python Project

    If a project folder or file is added, deleted, modified, or renamed, you can synchronize the change to the remote server. For details, see Synchronizing Code to a Remote Server.

Parent topic: Java or Python Projects