Skip to content

Commit

Permalink
Rolled new JWT Cert and updated readme (#975)
Browse files Browse the repository at this point in the history
* rolled new certificate and updated readme

* tweaked comment to get fresh CI build

* added temp debugging step

* removing chromedriver license

* removed LS step

* added -f to safely remove
  • Loading branch information
brennen-stripe authored Jan 11, 2023
1 parent 4d745c0 commit 7669d92
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 40 deletions.
1 change: 1 addition & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,7 @@ jobs:
steps:
- browser-tools/install-chrome
- browser-tools/install-chromedriver
- run: rm -f LICENSE.chromedriver # ls -lR /home/circleci/project revealed this file after checkout step was failing due to a non-empty directory
- checkout
- sfdx/install: *sfdx_version
- jq/install
Expand Down
2 changes: 1 addition & 1 deletion sfdx/bin/extract-private-key
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,5 @@ fi
# the certificate associated with this key is uploaded to our SF application on the billing PBO org
# this is the closest thing we have to a platform key in salesforce

# set `SF_JWT_KEY` on CI to `cat sfdx/jwt-cert/private_key.pem | base64`
# set `SF_JWT_KEY` on CI to the output of `cat sfdx/jwt-cert/private_key.pem | base64`
echo $SF_JWT_KEY | base64 --decode --ignore-garbage > $SF_JWT_PRIVATE_KEY_PATH
30 changes: 15 additions & 15 deletions sfdx/jwt-cert/certificate.pem
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICwDCCAagCCQCg7k4RDpskODANBgkqhkiG9w0BAQsFADAiMQswCQYDVQQGEwJV
UzETMBEGA1UEAwwKSnd0VWlMb2dpbjAeFw0yMjAzMTAwMDEzNDhaFw0yMzAzMTAw
MDEzNDhaMCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQDDApKd3RVaUxvZ2luMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdtKKxnqvUuR9/24n0hMjqBseb2C
sL8++xUG93M3MjYnfE3XZ2vNS2KJU6jEmJlQvs7MlWQIbdhSwVjLKIhwPh7LbAS1
t4RKezGC9AgxiE138506vS1qrzf2QBjU0y+DHGFwRkUWBvhW1hfW00DnHlS5C9g0
uWZs4TTAnfmSMS6bjkiB8/LWUvxA7g+vF6R2/bmtDDaQZdQxXWUDJANG5YgYmH9K
29pxTbHBkCc0/n1wjroBCQ8L8VHHnsFQAYMqoD0yHQkOERsMGZzHfLQugG4kRNUX
J1XFL8KOebWxWfofdfvzUQqgtlRmkTLlEPcDhWlfUcZLrEA6O/y3U83OpQIDAQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQB/12B2kt2ZwXZBxsmp5RogzhBsROEqt1w2Xv0F
QRRTrKItDTcs1sGJGdSzjFTbJrkML3+iH7ZVtNYNvr3WlJi/h+dyQyO7WLnxUN4n
T+A8u+XoEMnHQqWax2KAf3Ypbh2x0RHSEVFO4Pgd5gNPv48/bvm3lTLabeGKZPPs
1Y9idT6uHax8XPDt8Zw28VM31CGJkddnglvAgOgt+Cy+tnb0+UIbno7McE2EXoN/
bXsHisogK1Ux27B1YgtnClIZX5fV6IyFENTpj0XhNOFhsqWKRj1Tt+axJjsGhY0O
K3oeUJRjweU0Uh4SJcKWmiYRKzYW3o/DzCXws2M8Cg6EyYQT
MIICwDCCAagCCQCFfL3a7VxiRTANBgkqhkiG9w0BAQsFADAiMQswCQYDVQQGEwJV
UzETMBEGA1UEAwwKSnd0Q0lMb2dpbjAeFw0yMzAxMTAyMTIzMTJaFw0yNDAxMTAy
MTIzMTJaMCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQDDApKd3RDSUxvZ2luMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHWNoKIfSuRtcRlV+WR8KXK5v65H
0nhrX0bwWgQQni7NUr7hUbBeBEYarR6m1zNc1HnyCVZnY7wLtsvxY6hTOAVXM/d8
asD5thh1TCMQjH0KrmZerpCq3dQq4GgfPr5L+31akIfVC7BDlgdHa9+eMo48QDRe
mIuyPSpLWggEULLgvEWcAzzeXxdzlt9yNrSPmYtCONADC4K535fMw4fR+T+xSehc
Eoqvi01eqJq5So1Rm433AYPloP3BdC9P8nTw+waIWMlphgIM+lCRXMs2bAXHV2Cb
J/MUgb/nyic1HToZeTIrJjwaklc9vENgMDvdL/ukkDhGjeqeQJHvspnDhQIDAQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAVmfs74kmeq3UyzrkBQrYd0Ol0hdSCKILyuguO
oyPxFqKebmnr77kg4YFqGNSB6lp4tDDFNxl+SMXNUTmL6DG8faelpdRGkuFxW/Hd
5+VqIx3bdBLg/aU8Yq8FX6AmqXMuFtSOJaYW1+2PFhZEQv1EcUb49C72rVkkf+Xd
lqyJ/ETCen1mpkWrAnlhLrp/0aXakwKyUqY8zrl0iyYUWn8FZ2AkI3yDMHP5omMU
6apEdefu5jpFEbvQbIqUWHKJofDGqoX2HVn2brTz6yTuJgU/EzxYBnJdbv7Yq4QI
L2fVu6U7Vk+m3C6X0c1iHyJBNoyRMuf4BblSDjcasqKKY2hN
-----END CERTIFICATE-----
Binary file modified sfdx/jwt-cert/public_key.cer
Binary file not shown.
44 changes: 22 additions & 22 deletions sfdx/jwt-cert/public_key.pem
Original file line number Diff line number Diff line change
@@ -1,26 +1,26 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdtKKxnqvUuR9/24n0hM
jqBseb2CsL8++xUG93M3MjYnfE3XZ2vNS2KJU6jEmJlQvs7MlWQIbdhSwVjLKIhw
Ph7LbAS1t4RKezGC9AgxiE138506vS1qrzf2QBjU0y+DHGFwRkUWBvhW1hfW00Dn
HlS5C9g0uWZs4TTAnfmSMS6bjkiB8/LWUvxA7g+vF6R2/bmtDDaQZdQxXWUDJANG
5YgYmH9K29pxTbHBkCc0/n1wjroBCQ8L8VHHnsFQAYMqoD0yHQkOERsMGZzHfLQu
gG4kRNUXJ1XFL8KOebWxWfofdfvzUQqgtlRmkTLlEPcDhWlfUcZLrEA6O/y3U83O
pQIDAQAB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHWNoKIfSuRtcRlV+WR8
KXK5v65H0nhrX0bwWgQQni7NUr7hUbBeBEYarR6m1zNc1HnyCVZnY7wLtsvxY6hT
OAVXM/d8asD5thh1TCMQjH0KrmZerpCq3dQq4GgfPr5L+31akIfVC7BDlgdHa9+e
Mo48QDRemIuyPSpLWggEULLgvEWcAzzeXxdzlt9yNrSPmYtCONADC4K535fMw4fR
+T+xSehcEoqvi01eqJq5So1Rm433AYPloP3BdC9P8nTw+waIWMlphgIM+lCRXMs2
bAXHV2CbJ/MUgb/nyic1HToZeTIrJjwaklc9vENgMDvdL/ukkDhGjeqeQJHvspnD
hQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIICwDCCAagCCQCg7k4RDpskODANBgkqhkiG9w0BAQsFADAiMQswCQYDVQQGEwJV
UzETMBEGA1UEAwwKSnd0VWlMb2dpbjAeFw0yMjAzMTAwMDEzNDhaFw0yMzAzMTAw
MDEzNDhaMCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQDDApKd3RVaUxvZ2luMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdtKKxnqvUuR9/24n0hMjqBseb2C
sL8++xUG93M3MjYnfE3XZ2vNS2KJU6jEmJlQvs7MlWQIbdhSwVjLKIhwPh7LbAS1
t4RKezGC9AgxiE138506vS1qrzf2QBjU0y+DHGFwRkUWBvhW1hfW00DnHlS5C9g0
uWZs4TTAnfmSMS6bjkiB8/LWUvxA7g+vF6R2/bmtDDaQZdQxXWUDJANG5YgYmH9K
29pxTbHBkCc0/n1wjroBCQ8L8VHHnsFQAYMqoD0yHQkOERsMGZzHfLQugG4kRNUX
J1XFL8KOebWxWfofdfvzUQqgtlRmkTLlEPcDhWlfUcZLrEA6O/y3U83OpQIDAQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQB/12B2kt2ZwXZBxsmp5RogzhBsROEqt1w2Xv0F
QRRTrKItDTcs1sGJGdSzjFTbJrkML3+iH7ZVtNYNvr3WlJi/h+dyQyO7WLnxUN4n
T+A8u+XoEMnHQqWax2KAf3Ypbh2x0RHSEVFO4Pgd5gNPv48/bvm3lTLabeGKZPPs
1Y9idT6uHax8XPDt8Zw28VM31CGJkddnglvAgOgt+Cy+tnb0+UIbno7McE2EXoN/
bXsHisogK1Ux27B1YgtnClIZX5fV6IyFENTpj0XhNOFhsqWKRj1Tt+axJjsGhY0O
K3oeUJRjweU0Uh4SJcKWmiYRKzYW3o/DzCXws2M8Cg6EyYQT
MIICwDCCAagCCQCFfL3a7VxiRTANBgkqhkiG9w0BAQsFADAiMQswCQYDVQQGEwJV
UzETMBEGA1UEAwwKSnd0Q0lMb2dpbjAeFw0yMzAxMTAyMTIzMTJaFw0yNDAxMTAy
MTIzMTJaMCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQDDApKd3RDSUxvZ2luMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHWNoKIfSuRtcRlV+WR8KXK5v65H
0nhrX0bwWgQQni7NUr7hUbBeBEYarR6m1zNc1HnyCVZnY7wLtsvxY6hTOAVXM/d8
asD5thh1TCMQjH0KrmZerpCq3dQq4GgfPr5L+31akIfVC7BDlgdHa9+eMo48QDRe
mIuyPSpLWggEULLgvEWcAzzeXxdzlt9yNrSPmYtCONADC4K535fMw4fR+T+xSehc
Eoqvi01eqJq5So1Rm433AYPloP3BdC9P8nTw+waIWMlphgIM+lCRXMs2bAXHV2Cb
J/MUgb/nyic1HToZeTIrJjwaklc9vENgMDvdL/ukkDhGjeqeQJHvspnDhQIDAQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAVmfs74kmeq3UyzrkBQrYd0Ol0hdSCKILyuguO
oyPxFqKebmnr77kg4YFqGNSB6lp4tDDFNxl+SMXNUTmL6DG8faelpdRGkuFxW/Hd
5+VqIx3bdBLg/aU8Yq8FX6AmqXMuFtSOJaYW1+2PFhZEQv1EcUb49C72rVkkf+Xd
lqyJ/ETCen1mpkWrAnlhLrp/0aXakwKyUqY8zrl0iyYUWn8FZ2AkI3yDMHP5omMU
6apEdefu5jpFEbvQbIqUWHKJofDGqoX2HVn2brTz6yTuJgU/EzxYBnJdbv7Yq4QI
L2fVu6U7Vk+m3C6X0c1iHyJBNoyRMuf4BblSDjcasqKKY2hN
-----END CERTIFICATE-----
4 changes: 2 additions & 2 deletions sfdx/jwt-cert/readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@

Generate a certificate and add it to the SF app:

1. `jwt-cert/generate`
1. `./jwt-cert/generate-jwt-cert`
2. Upload public_key.cer to the SF org managing the app. This is the Billing BPO.
- Salesforce > Setup > Manage Connected apps > View > Edit
- Log in to PBO Org -> Setup -> App Manager -> Stripe Connector for Salesforce (StripeConnector) -> Edit
- Use Digital Signature: true
- Upload jwt-cert/public_key.cer
- There are some unique permissions that need to be added to the app even if "full access" is requested.
Expand Down

0 comments on commit 7669d92

Please sign in to comment.