Per aggiornare i certificati scaduti:
rm pki/CA_auth03/ca/*/ee_*
rm pki/CA_auth03/ca/newcerts/*
svuotare file pki/CA_auth03/ca/index.txt lasciandolo vuoto


Usare 123456 come password da indicare per i pkcs12

bash genera_certificato_server.sh auth03.govcloud.it govway.localdomain
openssl pkcs12 -export -in pki/CA_auth03/ca/certs/ee_govway.localdomain.cert.pem  -inkey pki/CA_auth03/ca/private/ee_govway.localdomain.key.pem -passin file:pki/CA_auth03/ca/private/ee_govway.localdomain.README.txt -out keys/keystore_govway.localdomain.pkcs12 -name govway.localdomain
Poi ricopiare in traefik:
- leggere password in pki/CA_auth03/ca/private/ee_govway.localdomain.README.txt
- openssl rsa -in pki/CA_auth03/ca/private/ee_govway.localdomain.key.pem > ../traefik/traefik-key.pem
- cp pki/CA_auth03/ca/certs/ee_govway.localdomain.cert.pem  ../traefik/traefik-cert.pem


# --- Soggetti (Client) ----

bash genera_certificato_client.sh auth03.govcloud.it ente.govway.org
openssl pkcs12 -export -in pki/CA_auth03/ca/certs/ee_ente.govway.org.cert.pem  -inkey pki/CA_auth03/ca/private/ee_ente.govway.org.key.pem -passin file:pki/CA_auth03/ca/private/ee_ente.govway.org.README.txt -out keys/keystore_ente.pkcs12 -name ente.govway.org
cp keys/keystore_ente.pkcs12 etc/keys/

bash genera_certificato_client.sh auth03.govcloud.it enteEsterno.govway.org
openssl pkcs12 -export -in pki/CA_auth03/ca/certs/ee_enteEsterno.govway.org.cert.pem  -inkey pki/CA_auth03/ca/private/ee_enteEsterno.govway.org.key.pem -passin file:pki/CA_auth03/ca/private/ee_enteEsterno.govway.org.README.txt -out keys/keystore_enteEsterno.pkcs12 -name enteEsterno.govway.org
cp keys/keystore_enteEsterno.pkcs12 etc/keys/


# --- Applicativi (Client) ----

bash genera_certificato_client.sh auth03.govcloud.it app1.ente.govway.org
openssl pkcs12 -export -in pki/CA_auth03/ca/certs/ee_app1.ente.govway.org.cert.pem  -inkey pki/CA_auth03/ca/private/ee_app1.ente.govway.org.key.pem -passin file:pki/CA_auth03/ca/private/ee_app1.ente.govway.org.README.txt -out keys/keystore_app1.ente.pkcs12 -name app1.ente.govway.org
cp keys/keystore_app1.ente.pkcs12 etc/keys/

bash genera_certificato_client.sh auth03.govcloud.it app1.enteEsterno.govway.org
openssl pkcs12 -export -in pki/CA_auth03/ca/certs/ee_app1.enteEsterno.govway.org.cert.pem  -inkey pki/CA_auth03/ca/private/ee_app1.enteEsterno.govway.org.key.pem -passin file:pki/CA_auth03/ca/private/ee_app1.enteEsterno.govway.org.README.txt -out keys/keystore_app1.enteEsterno.pkcs12 -name app1.enteEsterno.govway.org
cp keys/keystore_app1.enteEsterno.pkcs12 etc/keys/

bash genera_certificato_client.sh auth03.govcloud.it app2.enteEsterno.govway.org
openssl pkcs12 -export -in pki/CA_auth03/ca/certs/ee_app2.enteEsterno.govway.org.cert.pem  -inkey pki/CA_auth03/ca/private/ee_app2.enteEsterno.govway.org.key.pem -passin file:pki/CA_auth03/ca/private/ee_app2.enteEsterno.govway.org.README.txt -out keys/keystore_app2.enteEsterno.pkcs12 -name app2.enteEsterno.govway.org
cp keys/keystore_app2.enteEsterno.pkcs12 etc/keys/

bash genera_certificato_client.sh auth03.govcloud.it app3.enteEsterno.govway.org
openssl pkcs12 -export -in pki/CA_auth03/ca/certs/ee_app3.enteEsterno.govway.org.cert.pem  -inkey pki/CA_auth03/ca/private/ee_app3.enteEsterno.govway.org.key.pem -passin file:pki/CA_auth03/ca/private/ee_app3.enteEsterno.govway.org.README.txt -out keys/keystore_app3.enteEsterno.pkcs12 -name app3.enteEsterno.govway.org
cp keys/keystore_app3.enteEsterno.pkcs12 etc/keys/

# --- Applicativi (Client) usati per digest Audit ----

bash genera_certificato_client.sh auth03.govcloud.it app4.ente.govway.org
openssl pkcs12 -export -in pki/CA_auth03/ca/certs/ee_app4.ente.govway.org.cert.pem  -inkey pki/CA_auth03/ca/private/ee_app4.ente.govway.org.key.pem -passin file:pki/CA_auth03/ca/private/ee_app4.ente.govway.org.README.txt -out keys/keystore_app4.ente.pkcs12 -name app4.ente.govway.org
cp keys/keystore_app4.ente.pkcs12 etc/keys/

bash genera_certificato_client.sh auth03.govcloud.it app4.enteEsterno.govway.org
openssl pkcs12 -export -in pki/CA_auth03/ca/certs/ee_app4.enteEsterno.govway.org.cert.pem  -inkey pki/CA_auth03/ca/private/ee_app4.enteEsterno.govway.org.key.pem -passin file:pki/CA_auth03/ca/private/ee_app4.enteEsterno.govway.org.README.txt -out keys/keystore_app4.enteEsterno.pkcs12 -name app4.enteEsterno.govway.org
cp keys/keystore_app4.enteEsterno.pkcs12 etc/keys/


NOTA: si deve aggiornare anche il certificato su keycloack
endpoint: https://govway.localdomain/auth/
username: admin
password: admin
Per i client:
'App1-Esterno-PDND' -> pki/CA_auth03/ca/certs/ee_app1.enteEsterno.govway.org.cert.pem
'App2-Esterno-PDND' -> pki/CA_auth03/ca/certs/ee_app2.enteEsterno.govway.org.cert.pem
'App3-Esterno-PDND' -> pki/CA_auth03/ca/certs/ee_app3.enteEsterno.govway.org.cert.pem
'App1-PDND' -> pki/CA_auth03/ca/certs/ee_app1.ente.govway.org.cert.pem
Per i client usati per digest Audit:
'App4-PDND' -> pki/CA_auth03/ca/certs/ee_app4.ente.govway.org.cert.pem
'App4-Esterno-PDND' -> pki/CA_auth03/ca/certs/ee_app4.enteEsterno.govway.org.cert.pem
NOTA: i KID associati da Keyclock non si riescono ad ottenere dalla console. Effettuare un primo tentativo e nell'output del container verrà riprodotto un errore simile al seguente che riporta il KID nuovo da utilizzare in 'Available kids':
keycloak             | 18:47:57,327 WARN  [org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider] (default task-20) PublicKey wasn't found in the storage. Requested kid: 'HDEJNDHEDHEEDH-dDEHDEHE12-deDEDE' . Available kids: '[G5o4eBTTDvECzE84431nE13PeOd8_3s7-Op5ZhR89YA]'

NOTA: Il KID dell'applicativo App4-Esterno-PDND va inoltre aggiunto all'interno del template di trasformazione delle api-pdnd

Infine si deve produrre il jwk aggiornato

OP2_DIR=TODO

# JWK ritornati dalla api-pdnd/keys
java -classpath "${OP2_DIR}/tools/utils/dist/*":"${OP2_DIR}/lib/security/*":"${OP2_DIR}/lib/commons/*":"${OP2_DIR}/lib/cxf/*" org.openspcoop2.utils.certificate.JWKPublicKeyConverter pki/CA_auth03/ca/certs/ee_app1.enteEsterno.govway.org.cert.pem etc/pdnd/keystore_app1.enteEsterno.jwk app1 false false
java -classpath "${OP2_DIR}/tools/utils/dist/*":"${OP2_DIR}/lib/security/*":"${OP2_DIR}/lib/commons/*":"${OP2_DIR}/lib/cxf/*" org.openspcoop2.utils.certificate.JWKPublicKeyConverter pki/CA_auth03/ca/certs/ee_app4.enteEsterno.govway.org.cert.pem etc/pdnd/keystore_app4.enteEsterno.jwk app4 false false

# JWK-Set utilizzati dall'ente esterno per validare il token senza far scaturire inutili chiamate non utili per la demo
java -classpath "${OP2_DIR}/tools/utils/dist/*":"${OP2_DIR}/lib/security/*":"${OP2_DIR}/lib/commons/*":"${OP2_DIR}/lib/cxf/*" org.openspcoop2.utils.certificate.JWKPublicKeyConverter pki/CA_auth03/ca/certs/ee_app1.ente.govway.org.cert.pem etc/keys/keystore_app1.ente.jwks zgC6JlcdjzdZkw-z6aSWltpKbY5ggqMTozwhQc7FU5M true false
java -classpath "${OP2_DIR}/tools/utils/dist/*":"${OP2_DIR}/lib/security/*":"${OP2_DIR}/lib/commons/*":"${OP2_DIR}/lib/cxf/*" org.openspcoop2.utils.certificate.JWKPublicKeyConverter pki/CA_auth03/ca/certs/ee_app4.ente.govway.org.cert.pem etc/keys/keystore_app4.ente.jwks 44tmRX4CLmC9evFGRuh6xUgcTHkZuJx7U_bFMnz1g3E true false
