From f30e59f4635decd3659ea3d325a0eaf981786c38 Mon Sep 17 00:00:00 2001 From: Yige Zhu Date: Wed, 26 Oct 2022 17:31:45 -0700 Subject: [PATCH] Add temp solution to get certs for pc_instance cert providers (#1833) Summary: Pull Request resolved: https://github.com/facebookresearch/fbpcs/pull/1833 This is just an intermediary solution for allow us to test tls data distribution from stage service to onedocker containers. After we build data transmission from PC Service via PC Instance repo, we will replace the implementation here with actually getting the certificates from pc_instance. Reviewed By: danbunnell Differential Revision: D40656809 fbshipit-source-id: dfa56dfb48516b48a748d23034708e1a7ab412ae --- .../pc_instance_ca_certificate_provider.py | 3 +- .../pc_instance_server_certificate.py | 7 ++- .../certificate/sample_tls_certificates.py | 57 +++++++++++++++++++ 3 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 fbpcs/infra/certificate/sample_tls_certificates.py diff --git a/fbpcs/infra/certificate/pc_instance_ca_certificate_provider.py b/fbpcs/infra/certificate/pc_instance_ca_certificate_provider.py index 74a6a1ca3..d20a9f995 100644 --- a/fbpcs/infra/certificate/pc_instance_ca_certificate_provider.py +++ b/fbpcs/infra/certificate/pc_instance_ca_certificate_provider.py @@ -9,6 +9,7 @@ from typing import Optional from fbpcs.infra.certificate.certificate_provider import CertificateProvider +from fbpcs.infra.certificate.sample_tls_certificates import SAMPLE_CA_CERTIFICATE from fbpcs.private_computation.entity.private_computation_instance import ( PrivateComputationInstance, ) @@ -26,4 +27,4 @@ def __init__(self, pc_instance: PrivateComputationInstance) -> None: def get_certificate(self) -> Optional[str]: # TODO: implement this by retrieving ca certificate # from pc instance repo. - raise NotImplementedError + return SAMPLE_CA_CERTIFICATE diff --git a/fbpcs/infra/certificate/pc_instance_server_certificate.py b/fbpcs/infra/certificate/pc_instance_server_certificate.py index e57470fca..376a6970f 100644 --- a/fbpcs/infra/certificate/pc_instance_server_certificate.py +++ b/fbpcs/infra/certificate/pc_instance_server_certificate.py @@ -9,6 +9,7 @@ from typing import Optional from fbpcs.infra.certificate.certificate_provider import CertificateProvider +from fbpcs.infra.certificate.sample_tls_certificates import SAMPLE_SERVER_CERTIFICATE from fbpcs.private_computation.entity.private_computation_instance import ( PrivateComputationInstance, ) @@ -29,4 +30,8 @@ def get_certificate(self) -> Optional[str]: """ # TODO: implement this by retrieving server certificate # from pc instance repo. - raise NotImplementedError + + # This is a intermediate stage for us to do testing and + # there is no security risk of returning a sample + # static certificate + return SAMPLE_SERVER_CERTIFICATE diff --git a/fbpcs/infra/certificate/sample_tls_certificates.py b/fbpcs/infra/certificate/sample_tls_certificates.py new file mode 100644 index 000000000..f5225d9ba --- /dev/null +++ b/fbpcs/infra/certificate/sample_tls_certificates.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python3 +# Copyright (c) Meta Platforms, Inc. and affiliates. +# +# This source code is licensed under the MIT license found in the +# LICENSE file in the root directory of this source tree. + +# pyre-strict + +# This is sample certificates generated with host study123.pci.facebook.com + +SAMPLE_CA_CERTIFICATE = """-----BEGIN CERTIFICATE----- +MIID4jCCAsoCCQDmSibtviQ+hzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEzARBgNVBAcMCk1lbmxvIFBhcmsxFzAV +BgNVBAoMDk1ldGEgUGxhdGZvcm1zMRwwGgYDVQQLDBNQcml2YXRlIENvbXB1dGF0 +aW9uMSIwIAYDVQQDDBlzdHVkeTEyMy5wY2kuZmFjZWJvb2suY29tMR0wGwYJKoZI +hvcNAQkBFg55aWdlemh1QGZiLmNvbTAgFw0yMjEwMDUyMTA5NTZaGA8yMDUwMDIy +MDIxMDk1NlowgbExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMw +EQYDVQQHDApNZW5sbyBQYXJrMRcwFQYDVQQKDA5NZXRhIFBsYXRmb3JtczEcMBoG +A1UECwwTUHJpdmF0ZSBDb21wdXRhdGlvbjEiMCAGA1UEAwwZc3R1ZHkxMjMucGNp +LmZhY2Vib29rLmNvbTEdMBsGCSqGSIb3DQEJARYOeWlnZXpodUBmYi5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJzBRGXEaEjz4zNhbq/BLMP2BG +V/e2YwJme9UKapxuPIYR64Zau5wGfvArGU3wz6lcbtu6lNS1Sfbh1l4YFTqq8mcJ +o7luJRpY9z4GYzHoJcX43x5aWAtIqNzJprXhpvQmdadiTn2ct9FhhOdWlb5p71KF +ShoREB3dIISjhIAM73eWJjN10uswsgG6CVsAYoRoKNqewCagHWKX0OTB/eBeTeDD +w8yYc+YkHXSJFNCt9+f4w5gGvkzivTo7aph9OnG69E3nd1jGnju7mbf6YH+lj87Q +j5WXT5VcvZy7eZn0eTgxF+iaEK8bKc+KL8tzhxGr+NzD8D99qx76K6hmydkvAgMB +AAEwDQYJKoZIhvcNAQELBQADggEBADJo/3a7PnSbjKesqiMBS29fh4QgfjqXqbUX +U5HnmEplYeibi2WjJuZpWCZFbV/suBNc719GXxdOFdLMdC74Wf+fm6GwD9GATwTP +JVfHx8Gz0ABBMI58qTb3KYNsoiCCovOZwxUuWnqF4X+2Zs7F8cb7zufLrDVuKhtj +shjgHWmZo7sI/2PZlgRwckgWf9icMFii+rIjhQeE7MStHXRIayicjp6DDNVOSHEL +bHfA83ga0g5IjuMpXbmIdIe5SsdyHdSVG6+5KiHhjAy9xR6hv/lgq2NeQqBeKOlZ +tn8iAHD3/Hhp+ElXK+/VC1SZ8SbjzXF8xoyE4w9IxGherzaL2iI= +-----END CERTIFICATE-----""" + +SAMPLE_SERVER_CERTIFICATE = """-----BEGIN CERTIFICATE----- +MIID4DCCAsgCCQDP5CuDurCKyzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEzARBgNVBAcMCk1lbmxvIFBhcmsxFzAV +BgNVBAoMDk1ldGEgUGxhdGZvcm1zMRwwGgYDVQQLDBNQcml2YXRlIENvbXB1dGF0 +aW9uMSIwIAYDVQQDDBlzdHVkeTEyMy5wY2kuZmFjZWJvb2suY29tMR0wGwYJKoZI +hvcNAQkBFg55aWdlemh1QGZiLmNvbTAeFw0yMjEwMTQyMDIyNTVaFw0yMzEwMTQy +MDIyNTVaMIGxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTETMBEG +A1UEBwwKTWVubG8gUGFyazEXMBUGA1UECgwOTWV0YSBQbGF0Zm9ybXMxHDAaBgNV +BAsME1ByaXZhdGUgQ29tcHV0YXRpb24xIjAgBgNVBAMMGXN0dWR5MTIzLnBjaS5m +YWNlYm9vay5jb20xHTAbBgkqhkiG9w0BCQEWDnlpZ2V6aHVAZmIuY29tMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylhVpV6hY0A+t9EYMlKCoOzkmj87 +sA/Bs6glfuMoH3ph8TS54Az6Zy1bkWHCaVmNthwqus7jIckYkFauijt0JNYjg/gg +XQHKV9oXZSJxRdoEqOSo0G4c2AAeF88diDLXKY/g+4ZRj3CZg8GnkCtywuxjWYvB +/7ur0Vkw0gvUp1/7p7vOCEW2bvJhN6rU/fbuGqeRR7SBpmNR8lABr9Q6UktpEB5y +n+YZNph9g0CXxyqCsSk6hp7e9N2WIkVhUQfSq6udUltaAE2ZV7nuCPQGpjVH3pRb +W10iaxd36YVsRhipi9mBUaoHErAya5MZekwKxg+1NF+Z0eTrs1wI3XFdEwIDAQAB +MA0GCSqGSIb3DQEBCwUAA4IBAQBylg7yZeteX6U7P9q7ted6EShBmCvudIuhDsLh +oMJh5iFHRbqjjDBuNikGWFLDMIhfER15asE7QTGrnLSQ5AHGjzlkDfE5EdkKwqlH +v76auYCNkz9VsURf6n5h6WBlLOGDNMW5N103/zxoBxcwCaAf047nZlDzlsPgU+r2 +sQbS8xe9Br2M+ODqATYFSWjxogDWOMotK/Xr7lQRFWRfBxOBpp6f6RUSHoBgpvs5 +tdXBvd63H/Ojq9k5/VcI2sM1UIo5g29SBkVxkSGzBhN6FhkNmR4V2308jPb3mYLh +U8pJLuU61GEPZiJWSLDjyZZ5VKftlG5nkhuXzN2rpW/bG1dW +-----END CERTIFICATE-----"""