nevis
/
adn-post-iam-tknxchng-inv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
mamo 2024-11-11 08:45:46 +00:00
parent aabe4abaff
commit 2b202d39c9
8 changed files with 8 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-439a003dc0e69fca081bd27a8677edfc5c86894b"
tag: "r-5f259caba96570900bab1987bc090f30fb591632"
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
credentials: "git-credentials"
keystores:

19
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/keys/own/new-pem-key-store/cert.pem
View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDAzCCAesCFFJeJMyjfQq6To7dqRpfc5oDX//oMA0GCSqGSIb3DQEBCwUAMD4x
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
DAYDVQQDDAVjb3NzYTAeFw0yNDExMDcxMzA3NTJaFw0yNTExMDcxMzA3NTJaMD4x
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
DAYDVQQDDAVjb3NzYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWq
kbFj7UAPDlzgqua7/ws43sIswHuhA400R3jKkHcvTC/QduDuDWoTeYkiQdv8lo7k
PVQA7tP//Pe+2O2wS0spNMrlw0Jv0MWeGlN1Jv5PH9TuOnL1nrd6w2OCKClnR7t3
xWZUEd3t4AtM/69VKNwSvVADt5yU6tifj1vCiE4uPoDkI8TNbT92aL2aDnq+VVRL
Eki5SpQ6ZGUlZGFGhMMOoA9efnTGqrJBsP3m50SAEUqTUpo1aH6IaJXorf8+zzEE
zWD4A13b0kvz75A9qh1rReYZgr1sQIfWwzoP76HQwpdEQsjnAteJi1SV7rSK/ekQ
+iuJ9ql2Mjpve8vsWrsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAE4GJgtYJRI3r
hAWb4ptd6ngPfvW6pNb8Q9do/k0yVmAzckibRVSgmCoTeFnArn56NB2nrZlpnncG
IYB5uVI7jiEHCTZRXG7JbI/MHiwkq5P+Mf+OlvJWgiWkKFteJS46GBVo6JFVAIbv
H/UEflHbeTbaSYsoH0Xv54S9IvIuv/IA7KooFRmuzRb10hBBV0EUdrGfdBHmSpQf
CiSMPOTqu3nzcms4O4DLHnW2kVRyrd/G0Lkg/FUGsN4ZHyYGSC36gUOFqubGy9GV
HJqM6758pE0Myk7LMFGd8MrlnYTeWgBnRlAmfzMVMWZaAaRGGZ5SwQrZmenVB1ne
Ix41vfiHmA==
-----END CERTIFICATE-----

30
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/keys/own/new-pem-key-store/key.pem
View File

@ -1,30 +0,0 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU1w+0ZNamq3X91Bur
d/pQZH7Yq+wCAggAMB0GCWCGSAFlAwQBKgQQ+NvXoFb05UDnOc75yNr/DQSCBNBD
m3o2GoHnMupzBuc4G7KdllLa2iaP0zkbK5SrJ2QlBWzei3K9PfyWsCSiGDoEL1fG
X8sjFmWDXiKg8z2KjZ8SAIVliMusz318hIjSkv7MOtcEKZ7uZ3C9e/AHl2CY55O7
OroDbvQfiexVyKS49vd8lex9DFZQ6nrhK7sQoygDeo469NoCJKu4s1Q657L8aeoQ
RSYBgtO3tThXIHqrW7FhuYGy8GSi8nI5axGTE7tfo3NqQo4Ap44a9W+vP8NsWUm+
WAyoErFTWxiuzXDU8LV2ziN4IZLsMZ0dgJjElIY6lAopr9YtjmKV+3IofYcy9BDa
q1WDfwqBBdoKdbMGLvXs8MBTPWbTinbiLGjNfRehtTdQ6zoVBYdxbPQBbw39vH2q
k2eLYsWuJmWQHfd3vCEc1B5kAgdAIiPSKvY5wRqb2cg1V/MjQRVZy7wHUBcYVx14
aXPqOgvkSLXYN3nt+X3PsubU5l/aOM9KCI2gT8j4AtvBjgVWzKglyVe5l0T8FGQ4
KMykvMwFQ2x6g63GyF+xfIM9XMVo8EJ7XNafz18CJ2s7HZ7Zv6twM2D2+xTaa9iq
CTcShTPVOLmnLfz6/3I7KKFMKOtm05rZTW7P3dOwcO8symm8qsfz5Kb4FC0H1Kmj
MAPO3vAhCIkHOsvrQiFP5RiIk2C+Ea1ygmSl5L3VC2eVA7Hy5FCDiZg7qJAWZqCH
ik/cttmzTKy44x2BvrPIKy5l37uGHFcRG/AgIY8hXo+1LUjeKpjjE9hs6MXSqyZh
zTkWFOXUkWFeBHrZqR45WO+ByVx7qD55pQmo2YMQ1q7fzM3VCzpO1OD1HAdhGWRu
3cin9Asj3+0X4SUknf/ZrVPGOdyj5Lj09ymL05hwYsiuAtWX3hH4I4ZYB6miJ3+F
rOnIPed/exXuCsq/H0+WWLilwDxO7VOamO3ggDKm0LebwTx+N8HQaKVXl7HYh5F8
Jmpp/bQrFswa42874GaZMJimyQx66SDsPTULjlk+0Ydc2gbWqvIbzBzerxlIm9nR
vWsx+V4+3Zvoom5Vwuo3P7Su3DAY142pn6cmqn77TSaMapWLK23tk24D7wUt6ROY
xRPfVuSgQ+u3xxDKmKLfFvdFbVx2YNmd174fQJFvr5cpwpMg/uqvnXdw6YwJugmd
hGtsodhd3aoX/BjTxkur2Aw4GFpXQYCdeioVFaOIPZDsmOokNcdVw45qC8xRn2Bx
VcZ24opYyGtnfl5DxOd2tl1dsKKxoVR4nWphHED//08ZfcUWaudeyIMfNJm790s7
8+0smUkQpd2f1Xc3YNBKwLN+U6hUme9DvSBoF6bQn/LEBGOSrE546W/Refytg907
SdHN1Qv5uDpFH7iIr44o/uIbwg0S1l/uLGNUR2o+ORt5SXh4fY6spjgCZc+UleUU
hjiGE8Nqh5fSvpnud7p2KPSUhuKcybQbKmn/mTBbP2GNaL2nHHXGRHO7MXGhZpHB
njmd8DyE+SOBtQTB+aLYlPGkRTNbFkJdyzc9gMCUJCEQs9CNrj/VGy4ZM41Khi3z
ZG2hJNjINqaZ5mzDJCdAHuNiwsvdhNqYJVVgPXl3ZkjcBbarZuAzxSih7FlEGDRs
43vyCSLp33X5o2gLVf9FsFRZgQxwZnJvaWl86OUWeA==
-----END ENCRYPTED PRIVATE KEY-----

2
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/keys/own/new-pem-key-store/keypass
View File

@ -1,2 +0,0 @@
#!/bin/bash
echo '09I1B4lsP4+KQB8dB3AeEyU4RawLttIo55+0EWPPh0I='

BIN
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/keys/own/new-pem-key-store/keystore.jks
View File

Binary file not shown.

BIN
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/keys/own/new-pem-key-store/keystore.p12
View File

Binary file not shown.

50
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/keys/own/new-pem-key-store/keystore.pem
View File

@ -1,50 +0,0 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU1w+0ZNamq3X91Bur
d/pQZH7Yq+wCAggAMB0GCWCGSAFlAwQBKgQQ+NvXoFb05UDnOc75yNr/DQSCBNBD
m3o2GoHnMupzBuc4G7KdllLa2iaP0zkbK5SrJ2QlBWzei3K9PfyWsCSiGDoEL1fG
X8sjFmWDXiKg8z2KjZ8SAIVliMusz318hIjSkv7MOtcEKZ7uZ3C9e/AHl2CY55O7
OroDbvQfiexVyKS49vd8lex9DFZQ6nrhK7sQoygDeo469NoCJKu4s1Q657L8aeoQ
RSYBgtO3tThXIHqrW7FhuYGy8GSi8nI5axGTE7tfo3NqQo4Ap44a9W+vP8NsWUm+
WAyoErFTWxiuzXDU8LV2ziN4IZLsMZ0dgJjElIY6lAopr9YtjmKV+3IofYcy9BDa
q1WDfwqBBdoKdbMGLvXs8MBTPWbTinbiLGjNfRehtTdQ6zoVBYdxbPQBbw39vH2q
k2eLYsWuJmWQHfd3vCEc1B5kAgdAIiPSKvY5wRqb2cg1V/MjQRVZy7wHUBcYVx14
aXPqOgvkSLXYN3nt+X3PsubU5l/aOM9KCI2gT8j4AtvBjgVWzKglyVe5l0T8FGQ4
KMykvMwFQ2x6g63GyF+xfIM9XMVo8EJ7XNafz18CJ2s7HZ7Zv6twM2D2+xTaa9iq
CTcShTPVOLmnLfz6/3I7KKFMKOtm05rZTW7P3dOwcO8symm8qsfz5Kb4FC0H1Kmj
MAPO3vAhCIkHOsvrQiFP5RiIk2C+Ea1ygmSl5L3VC2eVA7Hy5FCDiZg7qJAWZqCH
ik/cttmzTKy44x2BvrPIKy5l37uGHFcRG/AgIY8hXo+1LUjeKpjjE9hs6MXSqyZh
zTkWFOXUkWFeBHrZqR45WO+ByVx7qD55pQmo2YMQ1q7fzM3VCzpO1OD1HAdhGWRu
3cin9Asj3+0X4SUknf/ZrVPGOdyj5Lj09ymL05hwYsiuAtWX3hH4I4ZYB6miJ3+F
rOnIPed/exXuCsq/H0+WWLilwDxO7VOamO3ggDKm0LebwTx+N8HQaKVXl7HYh5F8
Jmpp/bQrFswa42874GaZMJimyQx66SDsPTULjlk+0Ydc2gbWqvIbzBzerxlIm9nR
vWsx+V4+3Zvoom5Vwuo3P7Su3DAY142pn6cmqn77TSaMapWLK23tk24D7wUt6ROY
xRPfVuSgQ+u3xxDKmKLfFvdFbVx2YNmd174fQJFvr5cpwpMg/uqvnXdw6YwJugmd
hGtsodhd3aoX/BjTxkur2Aw4GFpXQYCdeioVFaOIPZDsmOokNcdVw45qC8xRn2Bx
VcZ24opYyGtnfl5DxOd2tl1dsKKxoVR4nWphHED//08ZfcUWaudeyIMfNJm790s7
8+0smUkQpd2f1Xc3YNBKwLN+U6hUme9DvSBoF6bQn/LEBGOSrE546W/Refytg907
SdHN1Qv5uDpFH7iIr44o/uIbwg0S1l/uLGNUR2o+ORt5SXh4fY6spjgCZc+UleUU
hjiGE8Nqh5fSvpnud7p2KPSUhuKcybQbKmn/mTBbP2GNaL2nHHXGRHO7MXGhZpHB
njmd8DyE+SOBtQTB+aLYlPGkRTNbFkJdyzc9gMCUJCEQs9CNrj/VGy4ZM41Khi3z
ZG2hJNjINqaZ5mzDJCdAHuNiwsvdhNqYJVVgPXl3ZkjcBbarZuAzxSih7FlEGDRs
43vyCSLp33X5o2gLVf9FsFRZgQxwZnJvaWl86OUWeA==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDAzCCAesCFFJeJMyjfQq6To7dqRpfc5oDX//oMA0GCSqGSIb3DQEBCwUAMD4x
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
DAYDVQQDDAVjb3NzYTAeFw0yNDExMDcxMzA3NTJaFw0yNTExMDcxMzA3NTJaMD4x
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
DAYDVQQDDAVjb3NzYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWq
kbFj7UAPDlzgqua7/ws43sIswHuhA400R3jKkHcvTC/QduDuDWoTeYkiQdv8lo7k
PVQA7tP//Pe+2O2wS0spNMrlw0Jv0MWeGlN1Jv5PH9TuOnL1nrd6w2OCKClnR7t3
xWZUEd3t4AtM/69VKNwSvVADt5yU6tifj1vCiE4uPoDkI8TNbT92aL2aDnq+VVRL
Eki5SpQ6ZGUlZGFGhMMOoA9efnTGqrJBsP3m50SAEUqTUpo1aH6IaJXorf8+zzEE
zWD4A13b0kvz75A9qh1rReYZgr1sQIfWwzoP76HQwpdEQsjnAteJi1SV7rSK/ekQ
+iuJ9ql2Mjpve8vsWrsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAE4GJgtYJRI3r
hAWb4ptd6ngPfvW6pNb8Q9do/k0yVmAzckibRVSgmCoTeFnArn56NB2nrZlpnncG
IYB5uVI7jiEHCTZRXG7JbI/MHiwkq5P+Mf+OlvJWgiWkKFteJS46GBVo6JFVAIbv
H/UEflHbeTbaSYsoH0Xv54S9IvIuv/IA7KooFRmuzRb10hBBV0EUdrGfdBHmSpQf
CiSMPOTqu3nzcms4O4DLHnW2kVRyrd/G0Lkg/FUGsN4ZHyYGSC36gUOFqubGy9GV
HJqM6758pE0Myk7LMFGd8MrlnYTeWgBnRlAmfzMVMWZaAaRGGZ5SwQrZmenVB1ne
Ix41vfiHmA==
-----END CERTIFICATE-----

47
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -44,14 +44,12 @@
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<Signer key="Signer_New_NEVIS_SecToken"/>
</TokenAssembler>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6 -->
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<KeyStore name="DefaultKeyStore">
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<KeyObject name="Signer_New_JWT_Token" certificate="/var/opt/keys/own/new-pem-key-store/cert.pem" privateKey="/var/opt/keys/own/new-pem-key-store/keystore.jks" passPhrase="pipe:///var/opt/keys/own/new-pem-key-store/keypass"/>
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<KeyObject name="Signer_New_NEVIS_SecToken" certificate="/var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/keypass"/>
</KeyStore>
@ -126,26 +124,24 @@
</Response>
</AuthState>
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="New_JWT_Token" next="cossa_realm_New_JWT_Token"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="New_NEVIS_SecToken" next="cossa_realm_New_NEVIS_SecToken"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
@ -156,37 +152,8 @@
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<property name="condition:New_JWT_Token" value="${request:requiredRoles:^token.New_JWT_Token$:true}"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<property name="condition:New_NEVIS_SecToken" value="${request:requiredRoles:^token.New_NEVIS_SecToken$:true}"/>
</AuthState>
<AuthState name="cossa_realm_New_JWT_Token" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<ResultCond name="ok" next="cossa_realm_Prepare_Done" authLevel="token.New_JWT_Token"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<property name="token.type" value="JWS"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<property name="token.algorithm" value="RS256"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<property name="keystoreref" value="DefaultKeyStore"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<property name="keyobjectref" value="Signer_New_JWT_Token"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<property name="token.identifier" value="token.New_JWT_Token"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<property name="out.issuer" value="test"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<property name="out.subject" value="test"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<property name="out.time_to_live" value="28800"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<property name="out.custom.exp" value="test"/>
</AuthState>
<AuthState name="cossa_realm_New_NEVIS_SecToken" class="ch.nevis.esauth.auth.states.sectoken.TokenAssemblerState" final="false">
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<ResultCond name="default" next="cossa_realm_Prepare_Done" authLevel="token.New_NEVIS_SecToken"/>