Add temp solution to get certs for pc_instance cert providers (#1833)

Summary: Pull Request resolved: #1833 This is just an intermediary solution for allow us to test tls data distribution from stage service to onedocker containers. After we build data transmission from PC Service via PC Instance repo, we will replace the implementation here with actually getting the certificates from pc_instance. Reviewed By: danbunnell Differential Revision: D40656809 fbshipit-source-id: dfa56dfb48516b48a748d23034708e1a7ab412ae
facebookresearch · Oct 27, 2022 · f30e59f · f30e59f
1 parent 35a2529
commit f30e59f
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 2 deletions.
diff --git a/fbpcs/infra/certificate/pc_instance_ca_certificate_provider.py b/fbpcs/infra/certificate/pc_instance_ca_certificate_provider.py
@@ -9,6 +9,7 @@
 from typing import Optional
 
 from fbpcs.infra.certificate.certificate_provider import CertificateProvider
+from fbpcs.infra.certificate.sample_tls_certificates import SAMPLE_CA_CERTIFICATE
 from fbpcs.private_computation.entity.private_computation_instance import (
     PrivateComputationInstance,
 )
@@ -26,4 +27,4 @@ def __init__(self, pc_instance: PrivateComputationInstance) -> None:
     def get_certificate(self) -> Optional[str]:
         # TODO: implement this by retrieving ca certificate
         # from pc instance repo.
-        raise NotImplementedError
+        return SAMPLE_CA_CERTIFICATE
diff --git a/fbpcs/infra/certificate/pc_instance_server_certificate.py b/fbpcs/infra/certificate/pc_instance_server_certificate.py
@@ -9,6 +9,7 @@
 from typing import Optional
 
 from fbpcs.infra.certificate.certificate_provider import CertificateProvider
+from fbpcs.infra.certificate.sample_tls_certificates import SAMPLE_SERVER_CERTIFICATE
 from fbpcs.private_computation.entity.private_computation_instance import (
     PrivateComputationInstance,
 )
@@ -29,4 +30,8 @@ def get_certificate(self) -> Optional[str]:
         """
         # TODO: implement this by retrieving server certificate
         # from pc instance repo.
-        raise NotImplementedError
+
+        # This is a intermediate stage for us to do testing and
+        # there is no security risk of returning a sample
+        # static certificate
+        return SAMPLE_SERVER_CERTIFICATE
diff --git a/fbpcs/infra/certificate/sample_tls_certificates.py b/fbpcs/infra/certificate/sample_tls_certificates.py
@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+# Copyright (c) Meta Platforms, Inc. and affiliates.
+#
+# This source code is licensed under the MIT license found in the
+# LICENSE file in the root directory of this source tree.
+
+# pyre-strict
+
+# This is sample certificates generated with host study123.pci.facebook.com
+
+SAMPLE_CA_CERTIFICATE = """-----BEGIN CERTIFICATE-----
+MIID4jCCAsoCCQDmSibtviQ+hzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEzARBgNVBAcMCk1lbmxvIFBhcmsxFzAV
+BgNVBAoMDk1ldGEgUGxhdGZvcm1zMRwwGgYDVQQLDBNQcml2YXRlIENvbXB1dGF0
+aW9uMSIwIAYDVQQDDBlzdHVkeTEyMy5wY2kuZmFjZWJvb2suY29tMR0wGwYJKoZI
+hvcNAQkBFg55aWdlemh1QGZiLmNvbTAgFw0yMjEwMDUyMTA5NTZaGA8yMDUwMDIy
+MDIxMDk1NlowgbExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMw
+EQYDVQQHDApNZW5sbyBQYXJrMRcwFQYDVQQKDA5NZXRhIFBsYXRmb3JtczEcMBoG
+A1UECwwTUHJpdmF0ZSBDb21wdXRhdGlvbjEiMCAGA1UEAwwZc3R1ZHkxMjMucGNp
+LmZhY2Vib29rLmNvbTEdMBsGCSqGSIb3DQEJARYOeWlnZXpodUBmYi5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJzBRGXEaEjz4zNhbq/BLMP2BG
+V/e2YwJme9UKapxuPIYR64Zau5wGfvArGU3wz6lcbtu6lNS1Sfbh1l4YFTqq8mcJ
+o7luJRpY9z4GYzHoJcX43x5aWAtIqNzJprXhpvQmdadiTn2ct9FhhOdWlb5p71KF
+ShoREB3dIISjhIAM73eWJjN10uswsgG6CVsAYoRoKNqewCagHWKX0OTB/eBeTeDD
+w8yYc+YkHXSJFNCt9+f4w5gGvkzivTo7aph9OnG69E3nd1jGnju7mbf6YH+lj87Q
+j5WXT5VcvZy7eZn0eTgxF+iaEK8bKc+KL8tzhxGr+NzD8D99qx76K6hmydkvAgMB
+AAEwDQYJKoZIhvcNAQELBQADggEBADJo/3a7PnSbjKesqiMBS29fh4QgfjqXqbUX
+U5HnmEplYeibi2WjJuZpWCZFbV/suBNc719GXxdOFdLMdC74Wf+fm6GwD9GATwTP
+JVfHx8Gz0ABBMI58qTb3KYNsoiCCovOZwxUuWnqF4X+2Zs7F8cb7zufLrDVuKhtj
+shjgHWmZo7sI/2PZlgRwckgWf9icMFii+rIjhQeE7MStHXRIayicjp6DDNVOSHEL
+bHfA83ga0g5IjuMpXbmIdIe5SsdyHdSVG6+5KiHhjAy9xR6hv/lgq2NeQqBeKOlZ
+tn8iAHD3/Hhp+ElXK+/VC1SZ8SbjzXF8xoyE4w9IxGherzaL2iI=
+-----END CERTIFICATE-----"""
+
+SAMPLE_SERVER_CERTIFICATE = """-----BEGIN CERTIFICATE-----
+MIID4DCCAsgCCQDP5CuDurCKyzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEzARBgNVBAcMCk1lbmxvIFBhcmsxFzAV
+BgNVBAoMDk1ldGEgUGxhdGZvcm1zMRwwGgYDVQQLDBNQcml2YXRlIENvbXB1dGF0
+aW9uMSIwIAYDVQQDDBlzdHVkeTEyMy5wY2kuZmFjZWJvb2suY29tMR0wGwYJKoZI
+hvcNAQkBFg55aWdlemh1QGZiLmNvbTAeFw0yMjEwMTQyMDIyNTVaFw0yMzEwMTQy
+MDIyNTVaMIGxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTETMBEG
+A1UEBwwKTWVubG8gUGFyazEXMBUGA1UECgwOTWV0YSBQbGF0Zm9ybXMxHDAaBgNV
+BAsME1ByaXZhdGUgQ29tcHV0YXRpb24xIjAgBgNVBAMMGXN0dWR5MTIzLnBjaS5m
+YWNlYm9vay5jb20xHTAbBgkqhkiG9w0BCQEWDnlpZ2V6aHVAZmIuY29tMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylhVpV6hY0A+t9EYMlKCoOzkmj87
+sA/Bs6glfuMoH3ph8TS54Az6Zy1bkWHCaVmNthwqus7jIckYkFauijt0JNYjg/gg
+XQHKV9oXZSJxRdoEqOSo0G4c2AAeF88diDLXKY/g+4ZRj3CZg8GnkCtywuxjWYvB
+/7ur0Vkw0gvUp1/7p7vOCEW2bvJhN6rU/fbuGqeRR7SBpmNR8lABr9Q6UktpEB5y
+n+YZNph9g0CXxyqCsSk6hp7e9N2WIkVhUQfSq6udUltaAE2ZV7nuCPQGpjVH3pRb
+W10iaxd36YVsRhipi9mBUaoHErAya5MZekwKxg+1NF+Z0eTrs1wI3XFdEwIDAQAB
+MA0GCSqGSIb3DQEBCwUAA4IBAQBylg7yZeteX6U7P9q7ted6EShBmCvudIuhDsLh
+oMJh5iFHRbqjjDBuNikGWFLDMIhfER15asE7QTGrnLSQ5AHGjzlkDfE5EdkKwqlH
+v76auYCNkz9VsURf6n5h6WBlLOGDNMW5N103/zxoBxcwCaAf047nZlDzlsPgU+r2
+sQbS8xe9Br2M+ODqATYFSWjxogDWOMotK/Xr7lQRFWRfBxOBpp6f6RUSHoBgpvs5
+tdXBvd63H/Ojq9k5/VcI2sM1UIo5g29SBkVxkSGzBhN6FhkNmR4V2308jPb3mYLh
+U8pJLuU61GEPZiJWSLDjyZZ5VKftlG5nkhuXzN2rpW/bG1dW
+-----END CERTIFICATE-----"""