From 10545725b870c7c01a93889344dfe6cf1d58e1ed Mon Sep 17 00:00:00 2001
From: Vladimir Fadeev <88741707+vovaaxeapolla@users.noreply.github.com>
Date: Fri, 22 Nov 2024 09:32:58 +0500
Subject: [PATCH] feat(condo): DOMA-10690 use pfx cert for sber id (#5498)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat(condo): DOMA-10690 use pfx cert for sber id

* feat(condo): DOMA-10690 sberId health check for both

* feat(condo): DOMA-10690 use pfx cert

* feat(condo): DOMA-10690 update envs

* feat(condo): DOMA-10690 update envs

* feat(condo): DOMA-10690 update envs

* feat(condo): DOMA-10690 update envs

* feat(condo): DOMA-10690 update envs

* feat(condo): DOMA-10690 update envs

* feat(condo): DOMA-10690 update envs

* fix(condo): removed console.log

* fix(condo): set .helm to main

---------

Co-authored-by: Владимир <vladimir@vfadeev.local>
Co-authored-by: Dmitry Kovyazin <dkoviazin@gmail.com>
---
 .../user/integration/sberid/SberIdIdentityIntegration.js | 9 ++++-----
 apps/condo/index.js                                      | 9 ++++-----
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/apps/condo/domains/user/integration/sberid/SberIdIdentityIntegration.js b/apps/condo/domains/user/integration/sberid/SberIdIdentityIntegration.js
index 133e815c181..0e732c860eb 100644
--- a/apps/condo/domains/user/integration/sberid/SberIdIdentityIntegration.js
+++ b/apps/condo/domains/user/integration/sberid/SberIdIdentityIntegration.js
@@ -22,19 +22,18 @@ const {
     clientId,
     clientSecret,
     redirectUri,
-    cert,
-    key,
+    certificate = '',
+    passphrase,
     verifyServerSsl,
 } = SBER_ID_CONFIG
 const callbackPath = '/api/sber_id/auth/callback'
 const callbackUri = redirectUri || `${conf.SERVER_URL}${callbackPath}`
 const axiosTimeout = 10000
-
 // instantiate httpsAgent in order to support mTLS communication with sber id servers
 const httpsAgent = new https.Agent({
     rejectUnauthorized: verifyServerSsl,
-    cert,
-    key,
+    pfx: Buffer.from(certificate, 'base64'),
+    passphrase,
 })
 
 // instantiate request id generator
diff --git a/apps/condo/index.js b/apps/condo/index.js
index a63df75cc43..d98e8fc5005 100644
--- a/apps/condo/index.js
+++ b/apps/condo/index.js
@@ -14,7 +14,6 @@ const {
     HealthCheck,
     getRedisHealthCheck,
     getPostgresHealthCheck,
-    getCertificateHealthCheck,
     getPfxCertificateHealthCheck,
 } = require('@open-condo/keystone/healthCheck')
 const { prepareKeystone } = require('@open-condo/keystone/KSv5v6/v5/prepareKeystone')
@@ -98,11 +97,11 @@ if (!IS_BUILD_PHASE && SENTRY_CONFIG['server']) {
 const checks = [
     getRedisHealthCheck(),
     getPostgresHealthCheck(),
-    getCertificateHealthCheck({
+    getPfxCertificateHealthCheck({
         certificateName: 'sber_id_client',
-        getCertificate: () => {
-            const SBER_ID_CONFIG = conf['SBER_ID_CONFIG'] && JSON.parse(conf['SBER_ID_CONFIG']) || {}
-            return SBER_ID_CONFIG.cert
+        getPfxParams: () => {
+            const { certificate, passphrase } = conf['SBER_ID_CONFIG'] && JSON.parse(conf['SBER_ID_CONFIG']) || {}
+            return { pfx: certificate, passphrase }
         },
     }),
     getPfxCertificateHealthCheck({