Skip to content

SberID api flow 2.0 #4560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
konstantin-kukharev wants to merge 4 commits into from
Closed

SberID api flow 2.0 #4560

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
df0602d
core of sberid oidc api flow
Apr 23, 2026
2b62a32
sberID mock tests & normalize data on registration
Apr 23, 2026
1215c1e
Merge branch 'master' into feat/sber-api-flow
konstantin-kukharev Apr 23, 2026
642f4a4
make linter happy
Apr 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 76 additions & 0 deletions certs/ca.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
-----BEGIN CERTIFICATE-----
MIIHMDCCBRigAwIBAgIQVnerP9ykL/7ZiwH5fkv9ujANBgkqhkiG9w0BAQsFADBJ
MQswCQYDVQQGEwJSVTEbMBkGA1UECgwSU2JlcmJhbmsgb2YgUnVzc2lhMR0wGwYD
VQQDDBRTYmVyQ0EgVGVzdCBSb290IEV4dDAeFw0yMzAxMTkxMDMzMDlaFw0zMzAx
MTYxMDMzMDlaMEcxCzAJBgNVBAYTAlJVMRswGQYDVQQKDBJTYmVyYmFuayBvZiBS
dXNzaWExGzAZBgNVBAMMElNiZXJDQSBUZXN0IEV4dCBHMjCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBALQGhBFRgp72U5X9ROfWnoz9uljxG45/ACylHRjV
WqQaTS+zfTlmywpqLx9/fmVWBMjHDyq07b+vkwO9BxDS4cCssmGN3tts4v+UpmXV
xLOCfUS/TvXPMU9NPvPnMG7JP4tMvY/T8Q2RW10jpkHb1KvPP1z2QWC6HR856ATg
B01spaqhFQSP+2vsjMqLq74EndkX+EfXU0N3ZHfL8RB+V2XwHgBRvtp8ateaa4qF
tFFCddFi/8dWGYp2oqi2UUJVBrmrck149z5+pbNfrOh//37JwG3asRcAha9QT/oY
rknfYAjgkxkIxRnE0u2PdioQbKA6abjU/iZ8efzGoNdXojIg5hGf7C9V3KwJiC73
bkhwSy2s5lD9ZEYREaAg6Wnat7tmOj2MVhi6VxdqRagmzLV9OkoNDVjkI+MeVZXA
d2LHV/ZaiUcKhzEC45AXErHlmANV017ABTcm1QSoYc3o6reIxuw2+aipiIiQwgIY
1fLtLaMttpYYVSPZODVpH/ELYppvkfodoqbB3m1S16qXagjbLVLV/tYyyLG1Gf/k
0I07Ex2jEocV7od6MSvuAQrZ6sqchon/6nijN+X8pj9KGDWQXG92XoQWoqWDoyKg
YH24y8FQ2WP7l7BfHpnqR2ZRgInS31ZYxli/lnD2Ca6TXTrc5Kz0OyD5tFkco7fX
aob9AgMBAAGjggIUMIICEDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQGvaYk
eWA9u0FEN6nKCP5j7EwtwDB5BgNVHSMEcjBwgBR0XuRdqVSurQLnReFSsppW9Xo/
UKFNpEswSTELMAkGA1UEBhMCUlUxGzAZBgNVBAoMElNiZXJiYW5rIG9mIFJ1c3Np
YTEdMBsGA1UEAwwUU2JlckNBIFRlc3QgUm9vdCBFeHSCCQDb8SSh53wn5zALBgNV
HQ8EBAMCAYYwgZ8GA1UdHwSBlzCBlDCBkaCBjqCBi4ZKaHR0cDovL3NiZXJjYS1w
cm94eS1kZnBkLnNpZ21hLnNicmYucnUvc2JlcmNhL2NkcC9zYmVyY2EtdGVzdC1y
b290LWV4dC5jcmyGPWh0dHA6Ly9zYmVyY2F0ZXN0LnNiZXIucnUvc2JlcmNhL2Nk
cC9zYmVyY2EtdGVzdC1yb290LWV4dC5jcmwwgbMGCCsGAQUFBwEBBIGmMIGjMFYG
CCsGAQUFBzAChkpodHRwOi8vc2JlcmNhLXByb3h5LWRmcGQuc2lnbWEuc2JyZi5y
dS9zYmVyY2EvYWlhL3NiZXJjYS10ZXN0LXJvb3QtZXh0LmNydDBJBggrBgEFBQcw
AoY9aHR0cDovL3NiZXJjYXRlc3Quc2Jlci5ydS9zYmVyY2EvYWlhL3NiZXJjYS10
ZXN0LXJvb3QtZXh0LmNydDANBgkqhkiG9w0BAQsFAAOCAgEAR+x/j5x8W+2y46i3
tR5SvkIL7ZOka/5dHJhXI79MKrDzcJlgDApAwNBw5ywBVp6vDy0xUxHiw91OX96w
0HU7Cn5ZD6rgGVZbm77euENC0QqQ8J7q3TNkXSoWcxjba22G6LiTDeEW1KdkFsLY
YJR6oDQgY4YFdbTkkr/5Ke942wQ8N6IqGkwtliKGN+l9dxXP/6tV+Qd63nf5wQ2A
y0OpHN3+vvOd5jysAdzFvDIVRJVaPvGAXo8DnEePvmET/unBI8P1ZL2gSeLXyAhj
s1w3PwvEDj246yrhA/wijnzMAgLOnLMjupMP2qx0s3adCSuj873i/NIctvm4oNvz
e49D09HX3eQDo9uUEyPWFQn7d50obnYV4BxW9G3LnXQldMaJFKpEqTD36oW4EDr0
P0geuxQkrLehjbFrRpUlxepx/9yEnilILCkoU1NGCTQFtbsCOefAN8sxPCM9Ml+i
jzei/aJOUBwLb9RGfFGXNwd/BVt1qKmm/aDh5BNwobxZnpdBaOlbplatueFbZbF5
6FBCDcnQfJifC49ve50MxDgVcydcx7QZVB6nHGzFUU+DU9X7lnWN8DAjBzJZ/j6h
A0YgQfAexkxcauGsJJbKMvKInEUj5aOoxu7KHM/FmLDbvB2VIB95A+K+bLu4x7Sl
BT62zSc8c/0qPN+TlLmzeVJVvJE=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIF0TCCA7mgAwIBAgIJANvxJKHnfCfnMA0GCSqGSIb3DQEBCwUAMEkxCzAJBgNV
BAYTAlJVMRswGQYDVQQKDBJTYmVyYmFuayBvZiBSdXNzaWExHTAbBgNVBAMMFFNi
ZXJDQSBUZXN0IFJvb3QgRXh0MB4XDTIxMDgxMzEzMTA0MVoXDTQxMDgwODEzMTA0
MVowSTELMAkGA1UEBhMCUlUxGzAZBgNVBAoMElNiZXJiYW5rIG9mIFJ1c3NpYTEd
MBsGA1UEAwwUU2JlckNBIFRlc3QgUm9vdCBFeHQwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQDBJdOQWK/QMgJKUSPxwRFs34Su4NkR+zXXVnD6F1Yypvi/
mjK5ALZvaYGfa0Kbe13+cxHxEQgTX4k+8FVqSmJv/Jf8LYHp76bZ5CPC0y0XX0xw
gvM+coQH6FpQHTG+s9x6xDuZgOyh5vNUY9sND/wnJcoVZHf/DH+JbKobKJL+Pv4f
xcln+PPlPXrAOwo1G8sgfXUmqUAmyYK6o7pZBFAk3KdaVHnWyNIUvKRK3rfGuN2J
LxN9p3Kywbqw/9Fbanpy8YFvdpkKPuq+RKPuGxx6LWZpi7N4EWxHTnwzDX6QBdP6
damHCGuEwPfzSdEKTu73pbmlnY3uAZ2Mf/llO4I/1RtebpDMwV1IbfZLaSKY4Vnw
/EZd/bSqpV7ZQ5HQUfNFkIohAU36UOSzKKxp+aWI3sB99uLpiHS4xntmION5b2XQ
8JVDnu28C5xx90TAKF40aiw36g8FT4+yFfw4ez8kQqEMqV9Me7TwLKdcjPa61uGK
HLPbOIhlrlNvf68JFB3hznIlW5xY70p4dKbHVFLa6m1zPwuw2PKnYFGjhtXquzw9
nBSCW3p7VvwqvWuakF6boZvuCqsK0kaLQu+pcVS89PTPH7iVg5vW21VFq0MM5ssH
uTfGAChFH3tnRe+0gqcWX1de0tZ15yvi5tRtE6E5PqAWkGjVil7cofnmsGez5wID
AQABo4G7MIG4MB0GA1UdDgQWBBR0XuRdqVSurQLnReFSsppW9Xo/UDB5BgNVHSME
cjBwgBR0XuRdqVSurQLnReFSsppW9Xo/UKFNpEswSTELMAkGA1UEBhMCUlUxGzAZ
BgNVBAoMElNiZXJiYW5rIG9mIFJ1c3NpYTEdMBsGA1UEAwwUU2JlckNBIFRlc3Qg
Um9vdCBFeHSCCQDb8SSh53wn5zAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB
hjANBgkqhkiG9w0BAQsFAAOCAgEAAVGRPde6acAVe5CenhGk87Iqle//iXMlReMV
lvQiPxnBazUbrvW01I273pmULzlnAL8ihJ7twUMoSruazhbxhxOQ+ExqwXqZPazh
iu/WQAHiUmbzTGJW5Usi8EnbX3Q8BH/w9x32HOWd7+vOJbjTgFjVSZNIne9UYgbd
uzW53q+Wk/2eU3FMMCIDiJYZsL5RqAcJWNy6HQZ1Ku/JwOROzotOccUZsh/D+e2L
kX2Jz5zgTS/FudIW5ycao3jexakvWQxctEHeo4zsh2eyzExqKBADP73csuBlQS69
ri2WO0IiYqA3FP4M2NTf8cKuuL/vqsRml+aI/RNBRvliHesAZa5sQH8ccdeI/jgM
EN+eGin7hCZRZHwvmQNJCSsKqSWvD7GIUP52CPk6Q1JGwZGdmTKkparljFMYWWD4
LI3orb0b0WaUBDROBXdv+CbBrAlZ0R/G2PUmBq4z4Zoc2L6IX+Ater72yrnSyGs6
jYqf6vabOxnYiJgY1w5wJNr9qXk+lH70pfNDWR0KO7zHXjxTjkImGbODvvFZj8pW
ND7QrwPqlGDuYZ9XJ5NHCIGGqqhEXt3rk9AQ1oWZm+gFWi7j0pXFU/M/WUOg8AxS
a7PGOWy1TIGcDqKXi9VKUDSD2kxnKOlTKNrX6hgQHa5PaVgsNbqIZ42y144vvyWB
cis2vV4=
-----END CERTIFICATE-----
80 changes: 80 additions & 0 deletions certs/cacerts.cer
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
Bag Attributes
friendlyName: SberCA Test1 Ext
subject=C=RU, O=Sberbank of Russia, CN=SberCA Test1 Ext
issuer=C=RU, O=Sberbank of Russia, CN=SberCA Test1 Root Ext
-----BEGIN CERTIFICATE-----
MIIGqjCCBJKgAwIBAgIRAMIMwGCgJtPpMU5YMhwleeMwDQYJKoZIhvcNAQELBQAw
SjELMAkGA1UEBhMCUlUxGzAZBgNVBAoMElNiZXJiYW5rIG9mIFJ1c3NpYTEeMBwG
A1UEAwwVU2JlckNBIFRlc3QxIFJvb3QgRXh0MB4XDTIxMDMxNzE2MTAzNFoXDTMx
MDMxNTE2MTAzNFowRTELMAkGA1UEBhMCUlUxGzAZBgNVBAoMElNiZXJiYW5rIG9m
IFJ1c3NpYTEZMBcGA1UEAwwQU2JlckNBIFRlc3QxIEV4dDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAN6HuZoD8FJNN3s0gxKJiZvGZF7W7+SwOpl1hOmw
W/iX+KIAZadHzEvofRuhnbxpNC+Eja8k4tODxfmcisZK/hQC3JcNpEjmwFV3nMo4
IFCWHci/Me7VJEoLyjd2au4LfzGlTHmQ3Kus9X4oUYk05WC6AvsiFEZGGhEjiSAQ
WJy0hV1SnaFLtw19CcznTqvhyG2a4/zyu2lGbQrNf5iuDZ2A1T5mqVhUv7pcqIxT
SWpGDQRo1mUtJxIsGQV4jOJSO/x3jPcL3vMdMo9RyUbRBpD+VsdXLzTLuKKKws0l
/gG1fhj5q9SwM030vFDQVZUtUJemoJB3Yo1smGTdRwojQAEWUIlSx/k3MeHGOQq+
1Wzv4SMV5BMr9TH8RmKD8k3QDuFbQR7db8PjvwIVoPHrNMsFsohhcABxfoRlctOy
GvTup6e0J4UvFKSQgLVcKPVXCETXeGpMhsPOqFmGfqqzIqC6UeYOMzeAPKnZ0ksG
r84MvZa0ZvFLinbl2LowFtfk21mkLAwqbgm33v+vgBKGJKpNKLzXi4Jn2roezuGW
/Dcvi3QhHSIsRjRpXxRFEpTU+ZhB/5usH/YTwZAuLjejACsYgX4ZXF3KVZXIwQK0
6QwwnAoQ5wDbr2mKbdUhEw+65Zg2SUlOHH0lZtcmKTN939q0pvg3cnJXvjvrR/za
PK8JAgMBAAGjggGOMIIBijBhBgNVHR8EWjBYMFagVKBShlBodHRwOi8vd3d3LnNi
ZXJiYW5rLXJ1Lm9zLXN0YWdlLnNiZXJiYW5rLnJ1L3NiZXJjYS9jZHAvc2JlcmNh
LXRlc3QxLXJvb3QtZXh0LmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKG
UGh0dHA6Ly93d3cuc2JlcmJhbmstcnUub3Mtc3RhZ2Uuc2JlcmJhbmsucnUvc2Jl
cmNhL2FpYS9zYmVyY2EtdGVzdDEtcm9vdC1leHQuY3J0MA8GA1UdEwEB/wQFMAMB
Af8wHQYDVR0OBBYEFODFaPa5RhVllTU9P2L1DxncUz6JMHoGA1UdIwRzMHGAFHOU
x0YzNGI2960h0UJJeRfN5WokoU6kTDBKMQswCQYDVQQGEwJSVTEbMBkGA1UECgwS
U2JlcmJhbmsgb2YgUnVzc2lhMR4wHAYDVQQDDBVTYmVyQ0EgVGVzdDEgUm9vdCBF
eHSCCQCkWJ+tHQZveDALBgNVHQ8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJid
pqdkuN+K1suB3J/ug6ko08pg5FlZTswNAn3E/VbCzm2zMeiJRwI2zLzWqzSBZv2j
sVn463TeUT0cgXiz/dEGLsyFg6NzRY9y09JfTcSeB/g2Fuqm0Agk+GN4Vo/XMBds
hnEG7ocUyAHy3FopZt1TY9vYHE0eanLkJD+s3yaA1tgpFN2Ivmjr0bgK9MUAd0AC
ewGxlGiEkv3qk2R9tkjY3g4TJwVNHfGBHWRl4tXiLKvohymJxRxXqF72HuCl++Xx
8ZtQ7gpQI1/L+XVZuzTdAF2in8v3HuZMsl4DSSrpvOgMqdlA6Tvp9NXfbjRLV1nz
ypjPFhhMcAZES6+32ubWurc0LgU6VQjARkCamDVuBS9bYsf512MNHlFcmIF8jG9O
wIrqGXtpEd0PnN/CpJgXZ8hLzBqvGhe2SiHis+ojjUZFuSKvicLjHiI9NI0qynke
mISFbNoUURjuYqlpk5qOGT0p/mtueoyam4lMFyYWq0ND3hzSrK/0nQbJEQr0u19X
OANA1RhWCkTVfdeBLTI+OcqVg3SnkArT/0EATnQ4H+/z6/Qdi4qfQgwL5hVJo8lj
s8aq/2+23xvniDmlfN1+jIJYpNh9/f+emw0xu9caDm4KflFc/2W6wZcp921HJE1u
Jl4BMf3idYZDjYmGoRvXN+fJNcOhNTn5r7H0tYQt
-----END CERTIFICATE-----
Bag Attributes
friendlyName: SberCA Test1 Root Ext
subject=C=RU, O=Sberbank of Russia, CN=SberCA Test1 Root Ext
issuer=C=RU, O=Sberbank of Russia, CN=SberCA Test1 Root Ext
-----BEGIN CERTIFICATE-----
MIIF1DCCA7ygAwIBAgIJAKRYn60dBm94MA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
BAYTAlJVMRswGQYDVQQKDBJTYmVyYmFuayBvZiBSdXNzaWExHjAcBgNVBAMMFVNi
ZXJDQSBUZXN0MSBSb290IEV4dDAeFw0yMDEwMjkxNDUyMDRaFw00MDEwMjQxNDUy
MDRaMEoxCzAJBgNVBAYTAlJVMRswGQYDVQQKDBJTYmVyYmFuayBvZiBSdXNzaWEx
HjAcBgNVBAMMFVNiZXJDQSBUZXN0MSBSb290IEV4dDCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBANFtpAGCCrMNAW5e8fhrWzHIIw+tCf72+iHvQoCk/T0F
PLgOxdC1fiPLtqqdda7cNQlgXWhbo0vmIH9FOgy208Diif32qbTl2WI0MQ0oQsIt
Sef6/ME7vXU/TGCY+UIUDFDKSh+05lJYPAjDPShqNCXOmuPhsqLFvX4poIoF6Gqo
VJjgvmXEqm8XEC2YeXlwZl5UkZqDqeRiOsfAbOYo5244OWFZKi/Um605c7FKPM9k
25K4hJBj53vxnx2kty+xQtXh+dbBIc8TrjYSoMm/4vcqJNrdFIkzr8Iv432M82H9
U2Y/PLXGTOvAVn839emr7gnn5hZxQqBRHiNjOVLNQ5hasXYpck63xzuaN0CM7kzs
IU+W9RJAV0Ur+Bye+IXRUh5yOAP3w0LXFrWEpgIbFTuFIAInEMvUanIzWCS2yv2f
YojmnZso7dZT8cLsajsPvAkXoHqoP/9L5SLvvhgSgp7FafGxrYXi7ihWSacYUGRr
EIKLse6Xyaakh4BNiTfvwYpC9aeUBz7BZaa6by2TUCne6yGqjwYW6bFalFTctb6d
ERSn/yycs3I0itYNWEf090T5jaLR/EFYadhzulac4btQlt/oWgPtluBQUoZ3NMzs
dVFu7pwEHg4dXVEpvKRUt4W9qOAsgc/lDextNo/qoXARkjL4z2uNrem92hlnkRPp
AgMBAAGjgbwwgbkwHQYDVR0OBBYEFHOUx0YzNGI2960h0UJJeRfN5WokMHoGA1Ud
IwRzMHGAFHOUx0YzNGI2960h0UJJeRfN5WokoU6kTDBKMQswCQYDVQQGEwJSVTEb
MBkGA1UECgwSU2JlcmJhbmsgb2YgUnVzc2lhMR4wHAYDVQQDDBVTYmVyQ0EgVGVz
dDEgUm9vdCBFeHSCCQCkWJ+tHQZveDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE
AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAYAaiBgn0SpnAqNotZCqQyrVYzg2U/v1o
WFIkK3Bjmns9f4/x8cyv2ICz1vUMig/IDZ3GlM9MJHn65Zm1SR0tBSu+AVvcX+ek
FJGyvxNsFaOQRxsPilNipQTAITZjl+UqtZVYxrCf4odf8y0AiryLhW5NhVXIGx+K
nzGdSzrlm1aF9cjL4NaX3Fims6GLWbob5cRmCm7nfi1XrwMOM+ykT8j8Jx/Q05mk
22ZwZnY4ziwz1lqGIwfiaeKGzeGJ6m5Nk9ye7RJGaJXdqRFfsdm4ZsHvjcDQcd7s
jWNhyIkPeRN+tfd2E6Gp/aAJeQf1W4ADX8csBxSdtGCge9jp4Sjw7Tav2tPG/waS
lUORwgm7objuMZtVkbJd/XllWA6KcMU2xScJ5YyPnoZozYNyONoGa54C+5KEgZhW
dTJmvOs0nIl2rPoVg0U9fWVUAXnp7QmOU7FG83O9GjjRvkXgCmSBdmBkoQVIvAGC
wTwngzLiR53E1FO01WtHhzABhysOtiIAOCyrL0ljj6S2qkLmYGzOtNVLxHeBL7GW
cQqLkZW5z2ag6XEuBCwdLEdYD7irIm5dHvWcQfmPP6Zx6Gbd9AFQhdwRKzQvVeOA
EjgY1RTnYVGNtWvE+X5l6geLK0olF9xO+PomZzZCzGU+8IN/bqrOPQWmpfPq9PXU
59QtblGlDOw=
-----END CERTIFICATE-----
50 changes: 50 additions & 0 deletions certs/client_cert.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
Bag Attributes
localKeyID: E2 25 74 6C 41 B7 A1 77 0E 1A FA A3 E9 1B 1F C5 0C D9 1F 83
friendlyName: ede958f8-ea14-4287-ad8b-db0dfb10194e
subject=C=RU, ST=G.MOSKVA, L=G.MOSKVA, O=SFUTSK BLAGODARYA, OU=7736372057, OU=CI02440297, OU=sberid-client-1y, OU=sberid, CN=ede958f8-ea14-4287-ad8b-db0dfb10194e
issuer=C=RU, O=Sberbank of Russia, CN=SberCA Test1 Ext
-----BEGIN CERTIFICATE-----
MIIH7jCCBdagAwIBAgIUaZQLP+xefNUT4sICYhqx7ylo+LAwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCUlUxGzAZBgNVBAoMElNiZXJiYW5rIG9mIFJ1c3NpYTEZ
MBcGA1UEAwwQU2JlckNBIFRlc3QxIEV4dDAeFw0yNjA0MDIwNjIyNDRaFw0yNzA0
MDIwNjI3NDRaMIHUMQswCQYDVQQGEwJSVTERMA8GA1UECBMIRy5NT1NLVkExETAP
BgNVBAcTCEcuTU9TS1ZBMRowGAYDVQQKExFTRlVUU0sgQkxBR09EQVJZQTETMBEG
A1UECxMKNzczNjM3MjA1NzETMBEGA1UECxMKQ0kwMjQ0MDI5NzEZMBcGA1UECxMQ
c2JlcmlkLWNsaWVudC0xeTEPMA0GA1UECxMGc2JlcmlkMS0wKwYDVQQDEyRlZGU5
NThmOC1lYTE0LTQyODctYWQ4Yi1kYjBkZmIxMDE5NGUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDEvgomMfzHpBhFfTKWdgxF/gclWEBqDgB/GyavNeay
CdaB4Wv9269HhQM9kaGWO2H7qUNjvwaX0qrA+IBAAOwsRwiAFkhdjPJLsCpmAOT7
uB8euSKyDAIGoUg69oexBrhTMzeAwhE4GT+y3FfB/idYk07bB2xOV/29ztuxIqJA
eONc0XhTI8PJoDJSOURSHlUXprQvGJpLVW5D90aXBRl+5VYWWtWQH4ptsi2yPHfJ
Vjx3m+1YtvaS6H1N6hft0nYRVUwt7cQmvDOBRtEPceswiSh9p9/5xUibz0dMF9gG
6kFx/aH6jE1cqeWT4rf7QHjwcb63C76kHA20PffWnXDxAgMBAAGjggNEMIIDQDAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBTiJXRsQbehdw4a+qPpGx/FDNkfgzCBggYDVR0j
BHsweYAU4MVo9rlGFWWVNT0/YvUPGdxTPomhTqRMMEoxCzAJBgNVBAYTAlJVMRsw
GQYDVQQKDBJTYmVyYmFuayBvZiBSdXNzaWExHjAcBgNVBAMMFVNiZXJDQSBUZXN0
MSBSb290IEV4dIIRAMIMwGCgJtPpMU5YMhwleeMwggGDBggrBgEFBQcBAQSCAXUw
ggFxMFEGCCsGAQUFBzAChkVodHRwOi8vc2JlcmNhLXByb3h5LWlmdC5kZWx0YS5z
YnJmLnJ1L3NiZXJjYS9haWEvc2JlcmNhLXRlc3QxLWV4dC5jcnQwSwYIKwYBBQUH
MAKGP2h0dHA6Ly9zYmVyY2EtcHJveHktaWZ0LnNiZXIucnUvc2JlcmNhL2FpYS9z
YmVyY2EtdGVzdDEtZXh0LmNydDBNBggrBgEFBQcwAoZBaHR0cDovL2hhcHJveHkt
ZWR6MS5zaWdtYS5zYnJmLnJ1L3NiZXJjYS9haWEvc2JlcmNhLXRlc3QxLWV4dC5j
cnQwQgYIKwYBBQUHMAGGNmh0dHA6Ly9zYmVyY2EtcHJveHktaWZ0LmRlbHRhLnNi
cmYucnUvc2JlcmNhLXRlc3QxLWV4dDA8BggrBgEFBQcwAYYwaHR0cDovL3NiZXJj
YS1wcm94eS1pZnQuc2Jlci5ydS9zYmVyY2EtdGVzdDEtZXh0MA4GA1UdDwEB/wQE
AwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjCB3wYDVR0fBIHXMIHUMIHRoIHO
oIHLhkVodHRwOi8vc2JlcmNhLXByb3h5LWlmdC5kZWx0YS5zYnJmLnJ1L3NiZXJj
YS9jZHAvc2JlcmNhLXRlc3QxLWV4dC5jcmyGP2h0dHA6Ly9zYmVyY2EtcHJveHkt
aWZ0LnNiZXIucnUvc2JlcmNhL2NkcC9zYmVyY2EtdGVzdDEtZXh0LmNybIZBaHR0
cDovL2hhcHJveHktZWR6MS5zaWdtYS5zYnJmLnJ1L3NiZXJjYS9jZHAvc2JlcmNh
LXRlc3QxLWV4dC5jcmwwDQYJKoZIhvcNAQELBQADggIBAErVeWOsvYZFObiRYYK/
IyZ0+tZsPS8ThFxHoCIgwU1aCffX0kvzDRjakbHOKdLhYElTCbzTmoVPCwQv3aEu
4PP6WD/ZtXnaepi5wAOvTyl5U5WW4W4p8kUof/G+lEBuJp+I+E0ZqZb/UhQj5R+g
hmKU88rTPV5xdEmTizrfeS2FeUewrrZWpekPJ7QktdljI755ZFC91nojtQW8W8Nm
ThgyVnazzKRkAeBgXXgceUleRHP//bAepX+7yiHVFdICkESPybEPP1LptW0oRDNI
oIrd7CGcewYSFupY79Q4hhRS5Ho/esxKuMHhzmzCloIFH6d1ywP9CzyiX4E4wu5w
1fjHk+iFYll/zgC33pOx+iT97n+uVa7750H4Ab6MQGoMAQ7tKRFGuKFT27s4tVt/
40ls3OAgbBUD9tmkgR6iU6a6Tk6VCZp8rTNqtkwUXYLs7WEZyAExsFQMnOzgS6fD
IvPQyonhJCzXjKw/X+4Pe5ULKLkj9fNWhQi4wmmF8/Bwb0V++z0ZXfTATuhut/XO
t/+MgMsUv8YWB3jWAZhaF45JpLn6u91gg5HcnhtOlFCaQ68bKC0ilFxzpkbFsFqW
cQsVKhHgHIdeHW9iWlPLiC2DmqmuhBleOKlMQUwgjzgfO0Kdb2NnfHGlWlBq1tA8
KRIi8ZNErdhx2xnyT9BVoK2Q
-----END CERTIFICATE-----
Comment on lines +1 to +50
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if a private key file is committed to the repository
fd -e key -e pem . certs/
rg -l 'PRIVATE KEY' certs/
cat certs/private.key 2>/dev/null | head -5 || echo "File not found or not readable"

Repository: ory/kratos

Length of output: 353

Critical: Client certificate AND private key committed to repository.

The repository contains both the client certificate and its corresponding private key in plain text:

  • certs/client_cert.crt (the certificate)
  • certs/private.key (the private key with identifying localKeyID)

This is a critical security vulnerability. These credentials must be removed from version control immediately:

  1. Force-push to remove these files from all commits using git filter-branch or similar tools
  2. Rotate/revoke the certificate and key pair with the issuing CA (SberCA Test1 Ext)
  3. Never commit certificates or private keys to source control

Load credentials from environment variables, secrets management systems, or mounted volumes instead.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@certs/client_cert.crt` around lines 1 - 50, The commit exposes a private key
and client certificate (files certs/client_cert.crt and certs/private.key—note
localKeyID E2:25:74:6C:41:B7:A1:77:0E:1A:FA:A3:E9:1B:1F:C5:0C:D9:1F:83 and
friendlyName ede958f8-ea14-4287-ad8b-db0dfb10194e) and must be removed and
rotated: remove the files from the repo history using a history-rewriting tool
(git filter-repo or git filter-branch) and force-push, add certs/private.key and
certs/client_cert.crt to .gitignore, notify the CA (SberCA Test1 Ext) to
revoke/rotate the certificate/key pair, and update code to load credentials from
a secure source (environment/secrets manager or mounted volume) instead of
committing them.

50 changes: 50 additions & 0 deletions certs/file.crt.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
Bag Attributes
localKeyID: E2 25 74 6C 41 B7 A1 77 0E 1A FA A3 E9 1B 1F C5 0C D9 1F 83
friendlyName: ede958f8-ea14-4287-ad8b-db0dfb10194e
subject=C=RU, ST=G.MOSKVA, L=G.MOSKVA, O=SFUTSK BLAGODARYA, OU=7736372057, OU=CI02440297, OU=sberid-client-1y, OU=sberid, CN=ede958f8-ea14-4287-ad8b-db0dfb10194e
issuer=C=RU, O=Sberbank of Russia, CN=SberCA Test1 Ext
-----BEGIN CERTIFICATE-----
MIIH7jCCBdagAwIBAgIUaZQLP+xefNUT4sICYhqx7ylo+LAwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCUlUxGzAZBgNVBAoMElNiZXJiYW5rIG9mIFJ1c3NpYTEZ
MBcGA1UEAwwQU2JlckNBIFRlc3QxIEV4dDAeFw0yNjA0MDIwNjIyNDRaFw0yNzA0
MDIwNjI3NDRaMIHUMQswCQYDVQQGEwJSVTERMA8GA1UECBMIRy5NT1NLVkExETAP
BgNVBAcTCEcuTU9TS1ZBMRowGAYDVQQKExFTRlVUU0sgQkxBR09EQVJZQTETMBEG
A1UECxMKNzczNjM3MjA1NzETMBEGA1UECxMKQ0kwMjQ0MDI5NzEZMBcGA1UECxMQ
c2JlcmlkLWNsaWVudC0xeTEPMA0GA1UECxMGc2JlcmlkMS0wKwYDVQQDEyRlZGU5
NThmOC1lYTE0LTQyODctYWQ4Yi1kYjBkZmIxMDE5NGUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDEvgomMfzHpBhFfTKWdgxF/gclWEBqDgB/GyavNeay
CdaB4Wv9269HhQM9kaGWO2H7qUNjvwaX0qrA+IBAAOwsRwiAFkhdjPJLsCpmAOT7
uB8euSKyDAIGoUg69oexBrhTMzeAwhE4GT+y3FfB/idYk07bB2xOV/29ztuxIqJA
eONc0XhTI8PJoDJSOURSHlUXprQvGJpLVW5D90aXBRl+5VYWWtWQH4ptsi2yPHfJ
Vjx3m+1YtvaS6H1N6hft0nYRVUwt7cQmvDOBRtEPceswiSh9p9/5xUibz0dMF9gG
6kFx/aH6jE1cqeWT4rf7QHjwcb63C76kHA20PffWnXDxAgMBAAGjggNEMIIDQDAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBTiJXRsQbehdw4a+qPpGx/FDNkfgzCBggYDVR0j
BHsweYAU4MVo9rlGFWWVNT0/YvUPGdxTPomhTqRMMEoxCzAJBgNVBAYTAlJVMRsw
GQYDVQQKDBJTYmVyYmFuayBvZiBSdXNzaWExHjAcBgNVBAMMFVNiZXJDQSBUZXN0
MSBSb290IEV4dIIRAMIMwGCgJtPpMU5YMhwleeMwggGDBggrBgEFBQcBAQSCAXUw
ggFxMFEGCCsGAQUFBzAChkVodHRwOi8vc2JlcmNhLXByb3h5LWlmdC5kZWx0YS5z
YnJmLnJ1L3NiZXJjYS9haWEvc2JlcmNhLXRlc3QxLWV4dC5jcnQwSwYIKwYBBQUH
MAKGP2h0dHA6Ly9zYmVyY2EtcHJveHktaWZ0LnNiZXIucnUvc2JlcmNhL2FpYS9z
YmVyY2EtdGVzdDEtZXh0LmNydDBNBggrBgEFBQcwAoZBaHR0cDovL2hhcHJveHkt
ZWR6MS5zaWdtYS5zYnJmLnJ1L3NiZXJjYS9haWEvc2JlcmNhLXRlc3QxLWV4dC5j
cnQwQgYIKwYBBQUHMAGGNmh0dHA6Ly9zYmVyY2EtcHJveHktaWZ0LmRlbHRhLnNi
cmYucnUvc2JlcmNhLXRlc3QxLWV4dDA8BggrBgEFBQcwAYYwaHR0cDovL3NiZXJj
YS1wcm94eS1pZnQuc2Jlci5ydS9zYmVyY2EtdGVzdDEtZXh0MA4GA1UdDwEB/wQE
AwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjCB3wYDVR0fBIHXMIHUMIHRoIHO
oIHLhkVodHRwOi8vc2JlcmNhLXByb3h5LWlmdC5kZWx0YS5zYnJmLnJ1L3NiZXJj
YS9jZHAvc2JlcmNhLXRlc3QxLWV4dC5jcmyGP2h0dHA6Ly9zYmVyY2EtcHJveHkt
aWZ0LnNiZXIucnUvc2JlcmNhL2NkcC9zYmVyY2EtdGVzdDEtZXh0LmNybIZBaHR0
cDovL2hhcHJveHktZWR6MS5zaWdtYS5zYnJmLnJ1L3NiZXJjYS9jZHAvc2JlcmNh
LXRlc3QxLWV4dC5jcmwwDQYJKoZIhvcNAQELBQADggIBAErVeWOsvYZFObiRYYK/
IyZ0+tZsPS8ThFxHoCIgwU1aCffX0kvzDRjakbHOKdLhYElTCbzTmoVPCwQv3aEu
4PP6WD/ZtXnaepi5wAOvTyl5U5WW4W4p8kUof/G+lEBuJp+I+E0ZqZb/UhQj5R+g
hmKU88rTPV5xdEmTizrfeS2FeUewrrZWpekPJ7QktdljI755ZFC91nojtQW8W8Nm
ThgyVnazzKRkAeBgXXgceUleRHP//bAepX+7yiHVFdICkESPybEPP1LptW0oRDNI
oIrd7CGcewYSFupY79Q4hhRS5Ho/esxKuMHhzmzCloIFH6d1ywP9CzyiX4E4wu5w
1fjHk+iFYll/zgC33pOx+iT97n+uVa7750H4Ab6MQGoMAQ7tKRFGuKFT27s4tVt/
40ls3OAgbBUD9tmkgR6iU6a6Tk6VCZp8rTNqtkwUXYLs7WEZyAExsFQMnOzgS6fD
IvPQyonhJCzXjKw/X+4Pe5ULKLkj9fNWhQi4wmmF8/Bwb0V++z0ZXfTATuhut/XO
t/+MgMsUv8YWB3jWAZhaF45JpLn6u91gg5HcnhtOlFCaQ68bKC0ilFxzpkbFsFqW
cQsVKhHgHIdeHW9iWlPLiC2DmqmuhBleOKlMQUwgjzgfO0Kdb2NnfHGlWlBq1tA8
KRIi8ZNErdhx2xnyT9BVoK2Q
-----END CERTIFICATE-----
32 changes: 32 additions & 0 deletions certs/file.key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
Bag Attributes
localKeyID: E2 25 74 6C 41 B7 A1 77 0E 1A FA A3 E9 1B 1F C5 0C D9 1F 83
friendlyName: ede958f8-ea14-4287-ad8b-db0dfb10194e
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDEvgomMfzHpBhF
fTKWdgxF/gclWEBqDgB/GyavNeayCdaB4Wv9269HhQM9kaGWO2H7qUNjvwaX0qrA
+IBAAOwsRwiAFkhdjPJLsCpmAOT7uB8euSKyDAIGoUg69oexBrhTMzeAwhE4GT+y
3FfB/idYk07bB2xOV/29ztuxIqJAeONc0XhTI8PJoDJSOURSHlUXprQvGJpLVW5D
90aXBRl+5VYWWtWQH4ptsi2yPHfJVjx3m+1YtvaS6H1N6hft0nYRVUwt7cQmvDOB
RtEPceswiSh9p9/5xUibz0dMF9gG6kFx/aH6jE1cqeWT4rf7QHjwcb63C76kHA20
PffWnXDxAgMBAAECggEBAIR7P9RWhtRcoGdylfURitQ66c7w7Xc89IKi4trLHgy3
aTXOeOzZ2N79J6B3B2tlk2ZmpVVuld74YjlNXPc8Z8ytDIFL//DW73WeK/7CDW+f
nX0Px9hDE74pLr1dsyO21bpY28AdboDrJ6SmkYW1QgN4NnpxNjJPODNvLyrJmp50
WpwBR5tbsjgaMRyKVyTmtp0DjFvfP8IZK9QmoP9cV8GEZ0oAbW0mxF3AYvcgFsFr
yobiyjwCb/8dVSpsQyQdN3J3M+sLCQK7vtITBrlV2m4LmpkiFY1KdmUDHOdeUC37
VtFNPV/OOjLp7q0E9Rjgmhite8rBr3gwxLyCUVPbzF0CgYEA6K9wlsYicSdzXjtP
eg8PqTMP4EMgb4SWFo71bSTooqaXWpnGzSr8HAkFt9/COVMuoYabgwPUjG+mXZ8E
/Ey5h6hJnqPOBWSJYK4wkvv/MHlJzNpRXBOIbT/mD2Vi9tDngzQeTXuemZtBuV6I
g4gv9aLgYzh2JD9qeHl9t6B7t6MCgYEA2HSic3UZDQwEIkOeRRVObSDvY167KTs2
dXywd7HVDG2UGtsJP9NBh3Y3kVa2+u+cayHWcHPkZ36/lBRy8tLQnqNXS9zFFRhK
kD4kwe23N13KnGOrQzePhBBtNniscqTXBFwAgeHCze2qx/gM6y3bB1X+P9cTE1Nd
b3JRTbWKzlsCgYEAp8IlOG8tUcuRn/S+/k9xiRmpbpS3A+/hje4QAFrF5s6Y/Nc1
v6IoFcZjewg2LcJNMmOsJy9RxNaSaZlGrOhcMvQf7+JFnRm4+h1cI/zPJZGspacZ
VXs3txyEr8D3Mt+2qp+e4VopJLINFqqTXdGIUl7VzHNeqg+Wobll7EgmKmUCgYEA
gmNP8GjbXEaevt0om8jH42jxi1RnPeETXxZrXs7a3Y+spbjIC5CAas9FjeFEfEiW
WtqZSEgnkEiDsvnWfHuNe+I9Fc+5UIm/cMBeeAtwUIPJJwfLBMSVSSJ0B1oN10mA
1HlvPM34AQBn3emILqsCw5qDe4VdUkjngdjFLSBsqv0CgYBz5wKEeikHMrdSfMUN
CRvR/ivt+VIp2nVEupmUo4WZFjzDrvQVVW/yobKkSCYxothETjDahoKo6wQ5xYe+
Fk/ScnfcTMdbl9FUHnw7SK3kZ9IbzFZD2PTh7g/ZIc1nnsuOye3s7r+52SLtmuJq
y2/etSfNii1ilJseT+mMcbiP3g==
-----END PRIVATE KEY-----
32 changes: 32 additions & 0 deletions certs/private.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
Bag Attributes
localKeyID: E2 25 74 6C 41 B7 A1 77 0E 1A FA A3 E9 1B 1F C5 0C D9 1F 83
friendlyName: ede958f8-ea14-4287-ad8b-db0dfb10194e
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDEvgomMfzHpBhF
fTKWdgxF/gclWEBqDgB/GyavNeayCdaB4Wv9269HhQM9kaGWO2H7qUNjvwaX0qrA
+IBAAOwsRwiAFkhdjPJLsCpmAOT7uB8euSKyDAIGoUg69oexBrhTMzeAwhE4GT+y
3FfB/idYk07bB2xOV/29ztuxIqJAeONc0XhTI8PJoDJSOURSHlUXprQvGJpLVW5D
90aXBRl+5VYWWtWQH4ptsi2yPHfJVjx3m+1YtvaS6H1N6hft0nYRVUwt7cQmvDOB
RtEPceswiSh9p9/5xUibz0dMF9gG6kFx/aH6jE1cqeWT4rf7QHjwcb63C76kHA20
PffWnXDxAgMBAAECggEBAIR7P9RWhtRcoGdylfURitQ66c7w7Xc89IKi4trLHgy3
aTXOeOzZ2N79J6B3B2tlk2ZmpVVuld74YjlNXPc8Z8ytDIFL//DW73WeK/7CDW+f
nX0Px9hDE74pLr1dsyO21bpY28AdboDrJ6SmkYW1QgN4NnpxNjJPODNvLyrJmp50
WpwBR5tbsjgaMRyKVyTmtp0DjFvfP8IZK9QmoP9cV8GEZ0oAbW0mxF3AYvcgFsFr
yobiyjwCb/8dVSpsQyQdN3J3M+sLCQK7vtITBrlV2m4LmpkiFY1KdmUDHOdeUC37
VtFNPV/OOjLp7q0E9Rjgmhite8rBr3gwxLyCUVPbzF0CgYEA6K9wlsYicSdzXjtP
eg8PqTMP4EMgb4SWFo71bSTooqaXWpnGzSr8HAkFt9/COVMuoYabgwPUjG+mXZ8E
/Ey5h6hJnqPOBWSJYK4wkvv/MHlJzNpRXBOIbT/mD2Vi9tDngzQeTXuemZtBuV6I
g4gv9aLgYzh2JD9qeHl9t6B7t6MCgYEA2HSic3UZDQwEIkOeRRVObSDvY167KTs2
dXywd7HVDG2UGtsJP9NBh3Y3kVa2+u+cayHWcHPkZ36/lBRy8tLQnqNXS9zFFRhK
kD4kwe23N13KnGOrQzePhBBtNniscqTXBFwAgeHCze2qx/gM6y3bB1X+P9cTE1Nd
b3JRTbWKzlsCgYEAp8IlOG8tUcuRn/S+/k9xiRmpbpS3A+/hje4QAFrF5s6Y/Nc1
v6IoFcZjewg2LcJNMmOsJy9RxNaSaZlGrOhcMvQf7+JFnRm4+h1cI/zPJZGspacZ
VXs3txyEr8D3Mt+2qp+e4VopJLINFqqTXdGIUl7VzHNeqg+Wobll7EgmKmUCgYEA
gmNP8GjbXEaevt0om8jH42jxi1RnPeETXxZrXs7a3Y+spbjIC5CAas9FjeFEfEiW
WtqZSEgnkEiDsvnWfHuNe+I9Fc+5UIm/cMBeeAtwUIPJJwfLBMSVSSJ0B1oN10mA
1HlvPM34AQBn3emILqsCw5qDe4VdUkjngdjFLSBsqv0CgYBz5wKEeikHMrdSfMUN
CRvR/ivt+VIp2nVEupmUo4WZFjzDrvQVVW/yobKkSCYxothETjDahoKo6wQ5xYe+
Fk/ScnfcTMdbl9FUHnw7SK3kZ9IbzFZD2PTh7g/ZIc1nnsuOye3s7r+52SLtmuJq
y2/etSfNii1ilJseT+mMcbiP3g==
-----END PRIVATE KEY-----
Comment on lines +1 to +32
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Remove this committed private key before merge.

This is real private key material, not a placeholder. Once merged, it becomes long-lived secret material in repository history and can be copied into downstream environments or tooling by accident. Please remove it from the tree, rotate/revoke anything derived from it, and generate test fixtures at runtime or keep clearly dummy fixtures under dedicated test data.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@certs/private.key` around lines 1 - 32, The repository contains a real
private key block (-----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----)
with identifiers like friendlyName "ede958f8-ea14-4287-ad8b-db0dfb10194e" and
localKeyID that must be removed; delete the committed key file from the tree,
remove it from history (git filter-repo or BFG) or replace the commit with a
history-rewriting purge, add the file pattern to .gitignore to prevent
re-commits, rotate/revoke any certificates/keys that used this private key, and
replace the file in tests with a generated runtime fixture or a clearly dummy
key (not the real material) so no sensitive key material remains in the repo or
its history.

Loading
Loading