def get_ca_cert(fb, gid): # Make a Facebook query call to fetch data results = fb.fql.query('SELECT data FROM SecureGridNet.ipopdata \ WHERE _id IN (SELECT obj_id FROM SecureGridNet.certificate \ WHERE gid = ' + gid + ')') # Get the last result, there should be only one for result in results: data = result['data'] # Return if certificate is not found if(data == ''): return -1 # Certificate is base64 encoded, so it needs to be decoded cert = common.fb_decode(data) # Save certificate to floppy image common.write_file('/mnt/fd/cacert.pem', cert) # Set certificate directory rdir = "/etc/racoon/certs" # Prepare ca key for racoon os.system("cp -f /mnt/fd/cacert.pem " + rdir + "/.") os.system("ln -sf " + rdir + "/cacert.pem " + rdir + "/`openssl x509 -noout \ -hash -in " + rdir + "/cacert.pem`.0") return 0
def get_cert_req(fb, unsigned_req_ids): # Create list of request ids req_list = '' for item in unsigned_req_ids: req_list += str(item) + ',' req_list = req_list.rstrip(',') # Download unsigned requests from Facebook results = fb.fql.query('SELECT _id, id, data from SecureGridNet.ipopdata \ WHERE _id IN (' + req_list + ')') # Sign each certificate and store on fb for result in results: req_id = result['_id'] req = common.fb_decode(result['data']) # Sign certificate and encode for fb signed_cert = sign_cert_req(req) data = common.fb_encode(signed_cert) # Update list of signed ids os.system('echo ' + str(req_id) + ' >> signed_cert_ids.txt') # Store on Facebook with association to req common.fb_put_data(fb, req_id, data, 'certificate') return 0
def check_cert(fb): # Get object id from file os.system obj_id = common.read_file('fb_req_obj_id.txt') # Check Facebook for certificate results = fb.fql.query('SELECT id, data FROM SecureGridNet.ipopdata \ WHERE _id IN (SELECT obj_id FROM SecureGridNet.certificate \ WHERE gid = ' + obj_id + ')') # Get result from Facebook database id = '' data = '' for result in results: id = result['id'] data = result['data'] # Return if certificate is not found if(data == ''): return -1 # Check to see if the certificate is for the current user if(id != obj_id): return -1 # Decode data to cert cert = common.fb_decode(data) # Write certificate to file common.write_file('/etc/racoon/certs/host-cert.pem', cert) return 0