feat(condo): DOMA-10690 use pfx cert for sber id (#5498)

* feat(condo): DOMA-10690 use pfx cert for sber id * feat(condo): DOMA-10690 sberId health check for both * feat(condo): DOMA-10690 use pfx cert * feat(condo): DOMA-10690 update envs * feat(condo): DOMA-10690 update envs * feat(condo): DOMA-10690 update envs * feat(condo): DOMA-10690 update envs * feat(condo): DOMA-10690 update envs * feat(condo): DOMA-10690 update envs * feat(condo): DOMA-10690 update envs * fix(condo): removed console.log * fix(condo): set .helm to main --------- Co-authored-by: Владимир <[email protected]> Co-authored-by: Dmitry Kovyazin <[email protected]>
open-condo-software · Nov 22, 2024 · 1054572 · 1054572
1 parent 8348763
commit 1054572
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 10 deletions.
diff --git a/apps/condo/domains/user/integration/sberid/SberIdIdentityIntegration.js b/apps/condo/domains/user/integration/sberid/SberIdIdentityIntegration.js
@@ -22,19 +22,18 @@ const {
     clientId,
     clientSecret,
     redirectUri,
-    cert,
-    key,
+    certificate = '',
+    passphrase,
     verifyServerSsl,
 } = SBER_ID_CONFIG
 const callbackPath = '/api/sber_id/auth/callback'
 const callbackUri = redirectUri || `${conf.SERVER_URL}${callbackPath}`
 const axiosTimeout = 10000
-
 // instantiate httpsAgent in order to support mTLS communication with sber id servers
 const httpsAgent = new https.Agent({
     rejectUnauthorized: verifyServerSsl,
-    cert,
-    key,
+    pfx: Buffer.from(certificate, 'base64'),
+    passphrase,
 })
 
 // instantiate request id generator

diff --git a/apps/condo/index.js b/apps/condo/index.js
@@ -14,7 +14,6 @@ const {
     HealthCheck,
     getRedisHealthCheck,
     getPostgresHealthCheck,
-    getCertificateHealthCheck,
     getPfxCertificateHealthCheck,
 } = require('@open-condo/keystone/healthCheck')
 const { prepareKeystone } = require('@open-condo/keystone/KSv5v6/v5/prepareKeystone')
@@ -98,11 +97,11 @@ if (!IS_BUILD_PHASE && SENTRY_CONFIG['server']) {
 const checks = [
     getRedisHealthCheck(),
     getPostgresHealthCheck(),
-    getCertificateHealthCheck({
+    getPfxCertificateHealthCheck({
         certificateName: 'sber_id_client',
-        getCertificate: () => {
-            const SBER_ID_CONFIG = conf['SBER_ID_CONFIG'] && JSON.parse(conf['SBER_ID_CONFIG']) || {}
-            return SBER_ID_CONFIG.cert
+        getPfxParams: () => {
+            const { certificate, passphrase } = conf['SBER_ID_CONFIG'] && JSON.parse(conf['SBER_ID_CONFIG']) || {}
+            return { pfx: certificate, passphrase }
         },
     }),
     getPfxCertificateHealthCheck({