diff --git a/.nais/ebms-async-dev.yaml b/.nais/ebms-async-dev.yaml index db6118be..f6d28c83 100644 --- a/.nais/ebms-async-dev.yaml +++ b/.nais/ebms-async-dev.yaml @@ -68,8 +68,10 @@ spec: rules: - application: smtp-transport env: - - name: KEYSTORE_FILE + - name: KEYSTORE_FILE_SIGN_2022 value: /var/run/secrets/ebms-keystore-signering/signering-key.p12 + - name: KEYSTORE_FILE_SIGN_2025 + value: /var/run/secrets/ebms-keystore-2025/nav_signing_test.p12 - name: EMOTTAK_LOGGING_LEVEL value: DEBUG - name: MAX_CONNECTION_POOL_SIZE_FOR_USER @@ -100,6 +102,9 @@ spec: value: http://emottak-event-manager envFrom: - secret: ebms-payload-secret + - secret: ebms-keystore-pwd-2025 filesFrom: - secret: ebms-keystore-signering mountPath: /var/run/secrets/ebms-keystore-signering + - secret: ebms-keystore-2025 + mountPath: /var/run/secrets/ebms-keystore-2025 diff --git a/.nais/ebms-payload-dev.yaml b/.nais/ebms-payload-dev.yaml index 9eab9757..f331c10d 100644 --- a/.nais/ebms-payload-dev.yaml +++ b/.nais/ebms-payload-dev.yaml @@ -63,16 +63,23 @@ spec: webproxy: true envFrom: - secret: ebms-payload-secret + - secret: ebms-keystore-pwd-2025 filesFrom: - secret: ebms-payload-sign-keystore mountPath: /var/run/secrets/ebms-signing-keystore - secret: ebms-payload-enc-keystore mountPath: /var/run/secrets/ebms-encryption-keystore + - secret: ebms-keystore-2025 + mountPath: /var/run/secrets/ebms-keystore-2025 env: - - name: KEYSTORE_FILE_DEKRYPT + - name: KEYSTORE_FILE_DEKRYPT_2022 value: /var/run/secrets/ebms-encryption-keystore/nav_encryption_test.p12 - - name: KEYSTORE_FILE_SIGN + - name: KEYSTORE_FILE_SIGN_2022 value: /var/run/secrets/ebms-signing-keystore/nav_signing_test.p12 + - name: KEYSTORE_FILE_DEKRYPT_2025 + value: /var/run/secrets/ebms-keystore-2025/nav_encryption_test.p12 + - name: KEYSTORE_FILE_SIGN_2025 + value: /var/run/secrets/ebms-keystore-2025/nav_signing_test.p12 - name: EMOTTAK_LOGGING_LEVEL value: DEBUG - name: TRUSTSTORE_PATH diff --git a/.nais/ebms-provider-dev.yaml b/.nais/ebms-provider-dev.yaml index 6ae66687..5d787371 100644 --- a/.nais/ebms-provider-dev.yaml +++ b/.nais/ebms-provider-dev.yaml @@ -63,8 +63,10 @@ spec: - application: ebms-payload - application: ebms-send-in env: - - name: KEYSTORE_FILE + - name: KEYSTORE_FILE_SIGN_2022 value: /var/run/secrets/ebms-keystore-signering/signering-key.p12 + - name: KEYSTORE_FILE_SIGN_2025 + value: /var/run/secrets/ebms-keystore-2025/nav_signing_test.p12 - name: EMOTTAK_LOGGING_LEVEL value: DEBUG - name: CPA_REPO_URL @@ -77,6 +79,9 @@ spec: value: http://smtp-transport envFrom: - secret: ebms-payload-secret + - secret: ebms-keystore-pwd-2025 filesFrom: - secret: ebms-keystore-signering mountPath: /var/run/secrets/ebms-keystore-signering + - secret: ebms-keystore-2025 + mountPath: /var/run/secrets/ebms-keystore-2025 diff --git a/ebms-payload/src/main/kotlin/no/nav/emottak/payload/crypto/Dekryptering.kt b/ebms-payload/src/main/kotlin/no/nav/emottak/payload/crypto/Dekryptering.kt index 387f096b..84ba6821 100644 --- a/ebms-payload/src/main/kotlin/no/nav/emottak/payload/crypto/Dekryptering.kt +++ b/ebms-payload/src/main/kotlin/no/nav/emottak/payload/crypto/Dekryptering.kt @@ -24,9 +24,14 @@ private fun dekrypteringConfig() = // Fixme burde egentlig hente fra dev vault context for å matche prod oppførsel listOf( FileKeyStoreConfig( - keyStoreFilePath = getEnvVar("KEYSTORE_FILE_DEKRYPT"), + keyStoreFilePath = getEnvVar("KEYSTORE_FILE_DEKRYPT_2022"), keyStorePass = getEnvVar("KEYSTORE_PWD").toCharArray(), keyStoreType = getEnvVar("KEYSTORE_TYPE", "PKCS12") + ), + FileKeyStoreConfig( + keyStoreFilePath = getEnvVar("KEYSTORE_FILE_DEKRYPT_2025"), + keyStorePass = getEnvVar("KEYSTORE_PWD_2025").toCharArray(), + keyStoreType = getEnvVar("KEYSTORE_TYPE", "PKCS12") ) ) "prod-fss" -> diff --git a/ebms-payload/src/main/kotlin/no/nav/emottak/payload/crypto/PayloadSignering.kt b/ebms-payload/src/main/kotlin/no/nav/emottak/payload/crypto/PayloadSignering.kt index 20857caa..6d21ebfc 100644 --- a/ebms-payload/src/main/kotlin/no/nav/emottak/payload/crypto/PayloadSignering.kt +++ b/ebms-payload/src/main/kotlin/no/nav/emottak/payload/crypto/PayloadSignering.kt @@ -26,9 +26,14 @@ fun payloadSigneringConfig() = // Fixme burde egentlig hente fra dev vault context for å matche prod oppførsel listOf( FileKeyStoreConfig( - keyStoreFilePath = getEnvVar("KEYSTORE_FILE_SIGN"), + keyStoreFilePath = getEnvVar("KEYSTORE_FILE_SIGN_2022"), keyStorePass = getEnvVar("KEYSTORE_PWD").toCharArray(), keyStoreType = getEnvVar("KEYSTORE_TYPE", "PKCS12") + ), + FileKeyStoreConfig( + keyStoreFilePath = getEnvVar("KEYSTORE_FILE_SIGN_2025"), + keyStorePass = getEnvVar("KEYSTORE_PWD_2025").toCharArray(), + keyStoreType = getEnvVar("KEYSTORE_TYPE", "PKCS12") ) ) "prod-fss" -> diff --git a/ebms-provider/src/main/kotlin/no/nav/emottak/ebms/xml/EbMSSigning.kt b/ebms-provider/src/main/kotlin/no/nav/emottak/ebms/xml/EbMSSigning.kt index 5157dd6b..f4f7c253 100644 --- a/ebms-provider/src/main/kotlin/no/nav/emottak/ebms/xml/EbMSSigning.kt +++ b/ebms-provider/src/main/kotlin/no/nav/emottak/ebms/xml/EbMSSigning.kt @@ -30,9 +30,14 @@ fun signeringConfig() = // Fixme burde egentlig hente fra dev vault context for å matche prod oppførsel listOf( FileKeyStoreConfig( - keyStoreFilePath = getEnvVar("KEYSTORE_FILE"), + keyStoreFilePath = getEnvVar("KEYSTORE_FILE_SIGN_2022"), keyStorePass = getEnvVar("KEYSTORE_PWD").toCharArray(), keyStoreType = getEnvVar("KEYSTORE_TYPE", "PKCS12") + ), + FileKeyStoreConfig( + keyStoreFilePath = getEnvVar("KEYSTORE_FILE_SIGN_2025"), + keyStorePass = getEnvVar("KEYSTORE_PWD_2025").toCharArray(), + keyStoreType = getEnvVar("KEYSTORE_TYPE", "PKCS12") ) ) "prod-fss" ->